rpms/sepostgresql/devel sepostgresql-sepgsql-8.3.0-2.patch, 1.2, 1.3 sepostgresql.init, 1.16, 1.17 sepostgresql.spec, 1.17, 1.18 sepostgresql.te, 1.16, 1.17
KaiGai Kohei (kaigai)
fedora-extras-commits at redhat.com
Sun Mar 9 11:48:27 UTC 2008
- Previous message (by thread): rpms/gnomeradio/devel gnomeradio.spec,1.6,1.7
- Next message (by thread): rpms/matchbox-window-manager/devel matchbox-window-manager-1.2-keysyms.patch, NONE, 1.1 matchbox-window-manager.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: kaigai
Update of /cvs/pkgs/rpms/sepostgresql/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9765
Modified Files:
sepostgresql-sepgsql-8.3.0-2.patch sepostgresql.init
sepostgresql.spec sepostgresql.te
Log Message:
BUGFIX: more conprehensive fixes in "SELECT COUNT(*) ..."
sepostgresql-sepgsql-8.3.0-2.patch:
Index: sepostgresql-sepgsql-8.3.0-2.patch
===================================================================
RCS file: /cvs/pkgs/rpms/sepostgresql/devel/sepostgresql-sepgsql-8.3.0-2.patch,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- sepostgresql-sepgsql-8.3.0-2.patch 2 Mar 2008 08:10:12 -0000 1.2
+++ sepostgresql-sepgsql-8.3.0-2.patch 9 Mar 2008 11:48:19 -0000 1.3
@@ -2829,8 +2829,8 @@
+}
diff -rpNU3 pgace/src/backend/security/sepgsql/proxy.c sepgsql/src/backend/security/sepgsql/proxy.c
--- pgace/src/backend/security/sepgsql/proxy.c 1970-01-01 09:00:00.000000000 +0900
-+++ sepgsql/src/backend/security/sepgsql/proxy.c 2008-03-02 17:00:56.000000000 +0900
-@@ -0,0 +1,1606 @@
++++ sepgsql/src/backend/security/sepgsql/proxy.c 2008-03-06 20:29:42.000000000 +0900
+@@ -0,0 +1,1604 @@
+/*
+ * src/backend/security/sepgsqlProxy.c
+ * SE-PostgreSQL Query Proxy function to walk on query node tree
@@ -3231,34 +3231,6 @@
+ return selist;
+}
+
-+static List *walkAggrefHelper(List *selist, Query *query, Node *node)
-+{
-+ if (node == NULL)
-+ return selist;
-+
-+ if (IsA(node, RangeTblRef)) {
-+ RangeTblRef *rtr = (RangeTblRef *) node;
-+ RangeTblEntry *rte = rt_fetch(rtr->rtindex, query->rtable);
-+
-+ if (rte->rtekind == RTE_RELATION)
-+ selist = addEvalPgAttribute(selist, rte, 0, DB_COLUMN__SELECT);
-+ } else if (IsA(node, JoinExpr)) {
-+ JoinExpr *j = (JoinExpr *) node;
-+
-+ selist = walkAggrefHelper(selist, query, j->larg);
-+ selist = walkAggrefHelper(selist, query, j->rarg);
-+ } else if (IsA(node, FromExpr)) {
-+ FromExpr *fm = (FromExpr *)node;
-+ ListCell *l;
-+
-+ foreach (l, fm->fromlist)
-+ selist = walkAggrefHelper(selist, query, lfirst(l));
-+ } else {
-+ elog(ERROR, "SELinux: unexpected node type (%d) at Query->fromlist", nodeTag(node));
-+ }
-+ return selist;
-+}
-+
+static List *sepgsqlWalkExpr(List *selist, queryChain *qc, Node *node, int flags)
+{
+ if (node == NULL)
@@ -3296,10 +3268,6 @@
+
+ selist = addEvalPgProc(selist, aggref->aggfnoid, DB_PROCEDURE__EXECUTE);
+ selist = sepgsqlWalkExpr(selist, qc, (Node *) aggref->args, flags);
-+ if (aggref->aggstar) {
-+ Query *query = getQueryFromChain(qc);
-+ selist = walkAggrefHelper(selist, query, (Node *) query->jointree);
-+ }
+ break;
+ }
+ case T_OpExpr:
@@ -3655,6 +3623,34 @@
+ return selist;
+}
+
++static List *__checkSelectTargets(List *selist, Query *query, Node *node)
++{
++ if (node == NULL)
++ return selist;
++
++ if (IsA(node, RangeTblRef)) {
++ RangeTblRef *rtr = (RangeTblRef *) node;
++ RangeTblEntry *rte = rt_fetch(rtr->rtindex, query->rtable);
++
++ if (rte->rtekind == RTE_RELATION)
++ selist = addEvalPgClass(selist, rte, DB_TABLE__SELECT);
++ } else if (IsA(node, JoinExpr)) {
++ JoinExpr *j = (JoinExpr *) node;
++
++ selist = __checkSelectTargets(selist, query, j->larg);
++ selist = __checkSelectTargets(selist, query, j->rarg);
++ } else if (IsA(node, FromExpr)) {
++ FromExpr *fm = (FromExpr *)node;
++ ListCell *l;
++
++ foreach (l, fm->fromlist)
++ selist = __checkSelectTargets(selist, query, lfirst(l));
++ } else {
++ elog(ERROR, "SELinux: unexpected node type (%d) at Query->fromlist", nodeTag(node));
++ }
++ return selist;
++}
++
+static List *proxyRteSubQuery(List *selist, queryChain *qc, Query *query)
+{
+ CmdType cmdType = query->commandType;
@@ -3672,6 +3668,8 @@
+
+ switch (cmdType) {
+ case CMD_SELECT:
++ selist = __checkSelectTargets(selist, query, (Node *)query->jointree);
++
+ case CMD_UPDATE:
+ case CMD_INSERT:
+ foreach (l, query->targetList) {
Index: sepostgresql.init
===================================================================
RCS file: /cvs/pkgs/rpms/sepostgresql/devel/sepostgresql.init,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- sepostgresql.init 2 Mar 2008 08:10:12 -0000 1.16
+++ sepostgresql.init 9 Mar 2008 11:48:19 -0000 1.17
@@ -9,7 +9,7 @@
PGVERSION="8.3.0"
PGMAJORVERSION=`echo "$PGVERSION" | sed 's/^\([0-9]*\.[0-9a-z]*\).*$/\1/'`
-SEPGVERSION="2.121"
+SEPGVERSION="2.129"
# source function library
. /etc/rc.d/init.d/functions
Index: sepostgresql.spec
===================================================================
RCS file: /cvs/pkgs/rpms/sepostgresql/devel/sepostgresql.spec,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- sepostgresql.spec 2 Mar 2008 08:10:12 -0000 1.17
+++ sepostgresql.spec 9 Mar 2008 11:48:19 -0000 1.18
@@ -13,7 +13,7 @@
Summary: Security Enhanced PostgreSQL
Name: sepostgresql
Version: 8.3.0
-Release: 2.121%{?sepgsql_extension}%{?dist}
+Release: 2.129%{?sepgsql_extension}%{?dist}
License: BSD
Group: Applications/Databases
Url: http://code.google.com/p/sepgsql/
@@ -211,6 +211,9 @@
%attr(700,sepgsql,sepgsql) %dir %{_localstatedir}/lib/sepgsql/backups
%changelog
+* Sun Mar 9 2008 <kaigai at kaigai.gr.jp> - sepostgresql-8.3.0-2.129
+- BUGFIX: more conprehensive fixes in "SELECT COUNT(*) ..."
+
* Sun Mar 2 2008 <kaigai at kaigai.gr.jp> - sepostgresql-8.3.0-2.120
- BUGFIX: CREATE TABLE statement with explicit labeled columns
- BUGFIX: SELECT count(*) does not filter unallowed tuples
Index: sepostgresql.te
===================================================================
RCS file: /cvs/pkgs/rpms/sepostgresql/devel/sepostgresql.te,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- sepostgresql.te 2 Mar 2008 08:10:12 -0000 1.16
+++ sepostgresql.te 9 Mar 2008 11:48:19 -0000 1.17
@@ -1,7 +1,12 @@
-policy_module(sepostgresql, 2.121)
+policy_module(sepostgresql, 2.129)
gen_require(`
- all_userspace_class_perms
+ class db_database all_db_database_perms;
+ class db_table all_db_table_perms;
+ class db_procedure all_db_procedure_perms;
+ class db_column all_db_column_perms;
+ class db_tuple all_db_tuple_perms;
+ class db_blob all_db_blob_perms;
type postgresql_t, unlabeled_t;
attribute domain, file_type;
- Previous message (by thread): rpms/gnomeradio/devel gnomeradio.spec,1.6,1.7
- Next message (by thread): rpms/matchbox-window-manager/devel matchbox-window-manager-1.2-keysyms.patch, NONE, 1.1 matchbox-window-manager.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list