rpms/sepostgresql/F-8 sepostgresql-8.2.6-1.patch, 1.4, 1.5 sepostgresql.init, 1.13, 1.14 sepostgresql.spec, 1.13, 1.14 sepostgresql.te, 1.13, 1.14
KaiGai Kohei (kaigai)
fedora-extras-commits at redhat.com
Sun Mar 9 12:29:04 UTC 2008
Author: kaigai
Update of /cvs/pkgs/rpms/sepostgresql/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv18005
Modified Files:
sepostgresql-8.2.6-1.patch sepostgresql.init sepostgresql.spec
sepostgresql.te
Log Message:
BUGFIX: SELECT count(*) was not filtered correctly.
sepostgresql-8.2.6-1.patch:
Index: sepostgresql-8.2.6-1.patch
===================================================================
RCS file: /cvs/pkgs/rpms/sepostgresql/F-8/sepostgresql-8.2.6-1.patch,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- sepostgresql-8.2.6-1.patch 2 Mar 2008 15:49:16 -0000 1.4
+++ sepostgresql-8.2.6-1.patch 9 Mar 2008 12:28:59 -0000 1.5
@@ -4913,8 +4913,8 @@
+}
diff -rpNU3 base/src/backend/security/sepgsqlProxy.c sepgsql/src/backend/security/sepgsqlProxy.c
--- base/src/backend/security/sepgsqlProxy.c 1970-01-01 09:00:00.000000000 +0900
-+++ sepgsql/src/backend/security/sepgsqlProxy.c 2008-03-03 00:42:02.000000000 +0900
-@@ -0,0 +1,1501 @@
++++ sepgsql/src/backend/security/sepgsqlProxy.c 2008-03-06 20:38:36.000000000 +0900
+@@ -0,0 +1,1497 @@
+/*
+ * src/backend/security/sepgsqlProxy.c
+ * SE-PostgreSQL Query Proxy function to walk on query node tree
@@ -5306,36 +5306,6 @@
+ return selist;
+}
+
-+static List *walkAggrefHelper(List *selist, Query *query, Node *node)
-+{
-+ if (node == NULL)
-+ return selist;
-+
-+ if (IsA(node, RangeTblRef)) {
-+ RangeTblRef *rtr = (RangeTblRef *) node;
-+ RangeTblEntry *rte = list_nth(query->rtable, rtr->rtindex - 1);
-+
-+ if (rte->rtekind == RTE_RELATION) {
-+ selist = addEvalPgClass(selist, rte, DB_TABLE__SELECT);
-+ selist = addEvalPgAttribute(selist, rte, 0, DB_COLUMN__SELECT);
-+ }
-+ } else if (IsA(node, JoinExpr)) {
-+ JoinExpr *j = (JoinExpr *) node;
-+
-+ selist = walkAggrefHelper(selist, query, j->larg);
-+ selist = walkAggrefHelper(selist, query, j->rarg);
-+ } else if (IsA(node, FromExpr)) {
-+ FromExpr *fm = (FromExpr *)node;
-+ ListCell *l;
-+
-+ foreach (l, fm->fromlist)
-+ selist = walkAggrefHelper(selist, query, lfirst(l));
-+ } else {
-+ elog(ERROR, "SELinux: unexpected node type (%d) at Query->fromlist", nodeTag(node));
-+ }
-+ return selist;
-+}
-+
+static List *sepgsqlWalkExpr(List *selist, queryChain *qc, Node *node, int flags)
+{
+ if (node == NULL)
@@ -5372,10 +5342,6 @@
+
+ selist = addEvalPgProc(selist, aggref->aggfnoid, DB_PROCEDURE__EXECUTE);
+ selist = sepgsqlWalkExpr(selist, qc, (Node *) aggref->args, flags);
-+ if (aggref->aggstar) {
-+ Query *query = getQueryFromChain(qc);
-+ selist = walkAggrefHelper(selist, query, (Node *) query->jointree);
-+ }
+ break;
+ }
+ case T_OpExpr:
@@ -5707,6 +5673,34 @@
+ return selist;
+}
+
++static List *__checkSelectTargets(List *selist, Query *query, Node *node)
++{
++ if (node == NULL)
++ return selist;
++
++ if (IsA(node, RangeTblRef)) {
++ RangeTblRef *rtr = (RangeTblRef *) node;
++ RangeTblEntry *rte = list_nth(query->rtable, rtr->rtindex - 1);
++
++ if (rte->rtekind == RTE_RELATION)
++ selist = addEvalPgClass(selist, rte, DB_TABLE__SELECT);
++ } else if (IsA(node, JoinExpr)) {
++ JoinExpr *j = (JoinExpr *) node;
++
++ selist = __checkSelectTargets(selist, query, j->larg);
++ selist = __checkSelectTargets(selist, query, j->rarg);
++ } else if (IsA(node, FromExpr)) {
++ FromExpr *fm = (FromExpr *)node;
++ ListCell *l;
++
++ foreach (l, fm->fromlist)
++ selist = __checkSelectTargets(selist, query, lfirst(l));
++ } else {
++ elog(ERROR, "SELinux: unexpected node type (%d) at Query->fromlist", nodeTag(node));
++ }
++ return selist;
++}
++
+static List *proxyRteSubQuery(List *selist, queryChain *qc, Query *query)
+{
+ CmdType cmdType = query->commandType;
@@ -5722,7 +5716,9 @@
+ /* rewrite outer join */
+ rewriteOuterJoinTree((Node *) query->jointree, query, false);
+
-+ if (cmdType != CMD_SELECT) {
++ if (cmdType == CMD_SELECT) {
++ selist = __checkSelectTargets(selist, query, (Node *)query->jointree);
++ } else {
+ rte = list_nth(query->rtable, query->resultRelation - 1);
+ Assert(IsA(rte, RangeTblEntry) && rte->rtekind==RTE_RELATION);
+ switch (cmdType) {
Index: sepostgresql.init
===================================================================
RCS file: /cvs/pkgs/rpms/sepostgresql/F-8/sepostgresql.init,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- sepostgresql.init 2 Mar 2008 15:49:17 -0000 1.13
+++ sepostgresql.init 9 Mar 2008 12:28:59 -0000 1.14
@@ -9,7 +9,7 @@
PGVERSION="8.2.6"
PGMAJORVERSION=`echo "$PGVERSION" | sed 's/^\([0-9]*\.[0-9]*\).*$/\1/'`
-SEPGVERSION="1.225"
+SEPGVERSION="1.231"
# source function library
. /etc/rc.d/init.d/functions
Index: sepostgresql.spec
===================================================================
RCS file: /cvs/pkgs/rpms/sepostgresql/F-8/sepostgresql.spec,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- sepostgresql.spec 2 Mar 2008 15:49:17 -0000 1.13
+++ sepostgresql.spec 9 Mar 2008 12:28:59 -0000 1.14
@@ -13,7 +13,7 @@
Summary: Security Enhanced PostgreSQL
Name: sepostgresql
Version: 8.2.6
-Release: 1.225%{?sepgsql_extension}%{?dist}
+Release: 1.231%{?sepgsql_extension}%{?dist}
License: BSD
Group: Applications/Databases
Url: http://code.google.com/p/sepgsql/
@@ -206,7 +206,7 @@
%attr(700,sepgsql,sepgsql) %dir %{_localstatedir}/lib/sepgsql/backups
%changelog
-* Sun Mar 2 2008 <kaigai at kaigai.gr.jp> - 8.2.6-1.225
+* Sun Mar 2 2008 <kaigai at kaigai.gr.jp> - 8.2.6-1.231
- bugfix: SELECT count(*) was not filtered correctly.
* Wed Feb 6 2008 <kaigai at kaigai.gr.jp> - 8.2.6-1.208
Index: sepostgresql.te
===================================================================
RCS file: /cvs/pkgs/rpms/sepostgresql/F-8/sepostgresql.te,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- sepostgresql.te 2 Mar 2008 15:49:17 -0000 1.13
+++ sepostgresql.te 9 Mar 2008 12:28:59 -0000 1.14
@@ -1,4 +1,4 @@
-policy_module(sepostgresql, 1.225)
+policy_module(sepostgresql, 1.231)
gen_require(`
class db_database all_db_database_perms;
More information about the fedora-extras-commits
mailing list