rpms/sepostgresql/F-8 sepostgresql-8.2.6-1.patch, 1.3, 1.4 sepostgresql.init, 1.12, 1.13 sepostgresql.spec, 1.12, 1.13 sepostgresql.te, 1.12, 1.13
KaiGai Kohei (kaigai)
fedora-extras-commits at redhat.com
Sun Mar 2 15:49:52 UTC 2008
Author: kaigai
Update of /cvs/pkgs/rpms/sepostgresql/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27291
Modified Files:
sepostgresql-8.2.6-1.patch sepostgresql.init sepostgresql.spec
sepostgresql.te
Log Message:
- bugfix: SELECT count(*) was not filtered correctly.
- more restricted class/perms declaration.
sepostgresql-8.2.6-1.patch:
Index: sepostgresql-8.2.6-1.patch
===================================================================
RCS file: /cvs/pkgs/rpms/sepostgresql/F-8/sepostgresql-8.2.6-1.patch,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- sepostgresql-8.2.6-1.patch 7 Feb 2008 01:05:33 -0000 1.3
+++ sepostgresql-8.2.6-1.patch 2 Mar 2008 15:49:16 -0000 1.4
@@ -4913,8 +4913,8 @@
+}
diff -rpNU3 base/src/backend/security/sepgsqlProxy.c sepgsql/src/backend/security/sepgsqlProxy.c
--- base/src/backend/security/sepgsqlProxy.c 1970-01-01 09:00:00.000000000 +0900
-+++ sepgsql/src/backend/security/sepgsqlProxy.c 2008-01-30 17:08:18.000000000 +0900
-@@ -0,0 +1,1467 @@
++++ sepgsql/src/backend/security/sepgsqlProxy.c 2008-03-03 00:42:02.000000000 +0900
+@@ -0,0 +1,1501 @@
+/*
+ * src/backend/security/sepgsqlProxy.c
+ * SE-PostgreSQL Query Proxy function to walk on query node tree
@@ -5306,6 +5306,36 @@
+ return selist;
+}
+
++static List *walkAggrefHelper(List *selist, Query *query, Node *node)
++{
++ if (node == NULL)
++ return selist;
++
++ if (IsA(node, RangeTblRef)) {
++ RangeTblRef *rtr = (RangeTblRef *) node;
++ RangeTblEntry *rte = list_nth(query->rtable, rtr->rtindex - 1);
++
++ if (rte->rtekind == RTE_RELATION) {
++ selist = addEvalPgClass(selist, rte, DB_TABLE__SELECT);
++ selist = addEvalPgAttribute(selist, rte, 0, DB_COLUMN__SELECT);
++ }
++ } else if (IsA(node, JoinExpr)) {
++ JoinExpr *j = (JoinExpr *) node;
++
++ selist = walkAggrefHelper(selist, query, j->larg);
++ selist = walkAggrefHelper(selist, query, j->rarg);
++ } else if (IsA(node, FromExpr)) {
++ FromExpr *fm = (FromExpr *)node;
++ ListCell *l;
++
++ foreach (l, fm->fromlist)
++ selist = walkAggrefHelper(selist, query, lfirst(l));
++ } else {
++ elog(ERROR, "SELinux: unexpected node type (%d) at Query->fromlist", nodeTag(node));
++ }
++ return selist;
++}
++
+static List *sepgsqlWalkExpr(List *selist, queryChain *qc, Node *node, int flags)
+{
+ if (node == NULL)
@@ -5342,6 +5372,10 @@
+
+ selist = addEvalPgProc(selist, aggref->aggfnoid, DB_PROCEDURE__EXECUTE);
+ selist = sepgsqlWalkExpr(selist, qc, (Node *) aggref->args, flags);
++ if (aggref->aggstar) {
++ Query *query = getQueryFromChain(qc);
++ selist = walkAggrefHelper(selist, query, (Node *) query->jointree);
++ }
+ break;
+ }
+ case T_OpExpr:
Index: sepostgresql.init
===================================================================
RCS file: /cvs/pkgs/rpms/sepostgresql/F-8/sepostgresql.init,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- sepostgresql.init 7 Feb 2008 02:14:37 -0000 1.12
+++ sepostgresql.init 2 Mar 2008 15:49:17 -0000 1.13
@@ -9,7 +9,7 @@
PGVERSION="8.2.6"
PGMAJORVERSION=`echo "$PGVERSION" | sed 's/^\([0-9]*\.[0-9]*\).*$/\1/'`
-SEPGVERSION="1.208"
+SEPGVERSION="1.225"
# source function library
. /etc/rc.d/init.d/functions
Index: sepostgresql.spec
===================================================================
RCS file: /cvs/pkgs/rpms/sepostgresql/F-8/sepostgresql.spec,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- sepostgresql.spec 7 Feb 2008 02:14:37 -0000 1.12
+++ sepostgresql.spec 2 Mar 2008 15:49:17 -0000 1.13
@@ -13,7 +13,7 @@
Summary: Security Enhanced PostgreSQL
Name: sepostgresql
Version: 8.2.6
-Release: 1.208%{?sepgsql_extension}%{?dist}
+Release: 1.225%{?sepgsql_extension}%{?dist}
License: BSD
Group: Applications/Databases
Url: http://code.google.com/p/sepgsql/
@@ -34,7 +34,6 @@
Requires(postun): policycoreutils
Requires: postgresql-server = %{version}
Requires: policycoreutils >= 2.0.16 libselinux >= 2.0.13 selinux-policy >= 3.0.6
-Requires: tzdata
%description
Security Enhanced PostgreSQL is an extension of PostgreSQL
@@ -207,6 +206,9 @@
%attr(700,sepgsql,sepgsql) %dir %{_localstatedir}/lib/sepgsql/backups
%changelog
+* Sun Mar 2 2008 <kaigai at kaigai.gr.jp> - 8.2.6-1.225
+- bugfix: SELECT count(*) was not filtered correctly.
+
* Wed Feb 6 2008 <kaigai at kaigai.gr.jp> - 8.2.6-1.208
- bugfix: blob:{read} is not evaluated correctly
- policy update: allow db_database:{set_param}
Index: sepostgresql.te
===================================================================
RCS file: /cvs/pkgs/rpms/sepostgresql/F-8/sepostgresql.te,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- sepostgresql.te 7 Feb 2008 02:14:37 -0000 1.12
+++ sepostgresql.te 2 Mar 2008 15:49:17 -0000 1.13
@@ -1,7 +1,12 @@
-policy_module(sepostgresql, 1.208)
+policy_module(sepostgresql, 1.225)
gen_require(`
- all_userspace_class_perms
+ class db_database all_db_database_perms;
+ class db_table all_db_table_perms;
+ class db_procedure all_db_procedure_perms;
+ class db_column all_db_column_perms;
+ class db_tuple all_db_tuple_perms;
+ class db_blob all_db_blob_perms;
type postgresql_t;
type lib_t, shlib_t;
More information about the fedora-extras-commits
mailing list