rpms/sepostgresql/devel sepostgresql-core-8.3.patch, 1.2, 1.3 sepostgresql-test-8.3.patch, 1.1, 1.2 sepostgresql.init, 1.33, 1.34 sepostgresql.spec, 1.36, 1.37

Tue Jun 9 07:30:08 UTC 2009

Author: kaigai

Update of /cvs/pkgs/rpms/sepostgresql/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv22323

Modified Files:
	sepostgresql-core-8.3.patch sepostgresql-test-8.3.patch 
	sepostgresql.init sepostgresql.spec 
Log Message:
backport features and bugfixes from v8.4devel tree.


sepostgresql-core-8.3.patch:

View full diff with command:
/usr/bin/cvs -f diff  -kk -u -p -N -r 1.2 -r 1.3 sepostgresql-core-8.3.patch
Index: sepostgresql-core-8.3.patch
===================================================================
RCS file: /cvs/pkgs/rpms/sepostgresql/devel/sepostgresql-core-8.3.patch,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -p -r1.2 -r1.3

--- sepostgresql-core-8.3.patch	28 Mar 2009 02:23:48 -0000	1.2
+++ sepostgresql-core-8.3.patch	9 Jun 2009 07:29:38 -0000	1.3
@@ -1,6 +1,6 @@
 diff -rpNU3 base/configure sepgsql-new/configure
---- base/configure	2009-03-15 17:47:25.000000000 +0900
-+++ sepgsql-new/configure	2009-03-15 17:58:10.000000000 +0900
+--- base/configure	2009-05-20 17:08:02.000000000 +0900
++++ sepgsql-new/configure	2009-05-20 17:08:02.000000000 +0900
 @@ -314,7 +314,7 @@ ac_includes_default="\
  # include <unistd.h>
  #endif"
@@ -456,6 +456,73 @@ diff -rpNU3 base/src/backend/access/heap
  		heap_insert(toastrel, toasttup, mycid, use_wal, use_fsm);
  
  		/*
+diff -rpNU3 base/src/backend/access/transam/xact.c sepgsql-new/src/backend/access/transam/xact.c
+--- base/src/backend/access/transam/xact.c	2009-03-15 17:47:25.000000000 +0900
++++ sepgsql-new/src/backend/access/transam/xact.c	2009-05-20 17:35:01.000000000 +0900
+@@ -35,6 +35,7 @@
+ #include "miscadmin.h"
+ #include "pg_trace.h"
+ #include "pgstat.h"
++#include "security/rowlevel.h"
+ #include "storage/fd.h"
+ #include "storage/lmgr.h"
+ #include "storage/procarray.h"
+@@ -137,6 +138,7 @@ typedef struct TransactionStateData
+ 	Oid			prevUser;		/* previous CurrentUserId setting */
+ 	bool		prevSecDefCxt;	/* previous SecurityDefinerContext setting */
+ 	bool		prevXactReadOnly;		/* entry-time xact r/o state */
++	int			prevRowlv;		/* previous Row-level control behavior */
+ 	struct TransactionStateData *parent;		/* back link to parent */
+ } TransactionStateData;
+ 
+@@ -165,6 +167,7 @@ static TransactionStateData TopTransacti
+ 	InvalidOid,					/* previous CurrentUserId setting */
+ 	false,						/* previous SecurityDefinerContext setting */
+ 	false,						/* entry-time xact r/o state */
++	ROWLV_FILTER_MODE,			/* previous Row-level control behavior */
+ 	NULL						/* link to parent state block */
+ };
+ 
+@@ -1571,6 +1574,7 @@ StartTransaction(void)
+ 	s->nChildXids = 0;
+ 	s->maxChildXids = 0;
+ 	GetUserIdAndContext(&s->prevUser, &s->prevSecDefCxt);
++	s->prevRowlv = rowlvGetPerformingMode();
+ 	/* SecurityDefinerContext should never be set outside a transaction */
+ 	Assert(!s->prevSecDefCxt);
+ 
+@@ -2071,6 +2075,11 @@ AbortTransaction(void)
+ 	SetUserIdAndContext(s->prevUser, s->prevSecDefCxt);
+ 
+ 	/*
++	 * Reset behavior of row-level access controls
++	 */
++	rowlvSetPerformingMode(s->prevRowlv);
++
++	/*
+ 	 * do abort processing
+ 	 */
+ 	AfterTriggerEndXact(false);
+@@ -3911,6 +3920,11 @@ AbortSubTransaction(void)
+ 	SetUserIdAndContext(s->prevUser, s->prevSecDefCxt);
+ 
+ 	/*
++	 * Reset behavior of row-level access controls
++	 */
++	rowlvSetPerformingMode(s->prevRowlv);
++
++	/*
+ 	 * We can skip all this stuff if the subxact failed before creating a
+ 	 * ResourceOwner...
+ 	 */
+@@ -4052,6 +4066,7 @@ PushTransaction(void)
+ 	s->blockState = TBLOCK_SUBBEGIN;
+ 	GetUserIdAndContext(&s->prevUser, &s->prevSecDefCxt);
+ 	s->prevXactReadOnly = XactReadOnly;
++	s->prevRowlv = rowlvGetPerformingMode();
+ 
+ 	CurrentTransactionState = s;
+ 
 diff -rpNU3 base/src/backend/bootstrap/bootparse.y sepgsql-new/src/backend/bootstrap/bootparse.y
 --- base/src/backend/bootstrap/bootparse.y	2008-01-07 23:51:33.000000000 +0900
 +++ sepgsql-new/src/backend/bootstrap/bootparse.y	2009-03-13 18:14:33.000000000 +0900
@@ -553,7 +620,7 @@ diff -rpNU3 base/src/backend/catalog/Mak
      )
 diff -rpNU3 base/src/backend/catalog/aclchk.c sepgsql-new/src/backend/catalog/aclchk.c
 --- base/src/backend/catalog/aclchk.c	2008-06-12 22:34:19.000000000 +0900
-+++ sepgsql-new/src/backend/catalog/aclchk.c	2009-03-13 18:14:33.000000000 +0900
++++ sepgsql-new/src/backend/catalog/aclchk.c	2009-05-20 17:08:02.000000000 +0900
 @@ -39,6 +39,7 @@
  #include "commands/dbcommands.h"
  #include "miscadmin.h"
@@ -562,14 +629,13 @@ diff -rpNU3 base/src/backend/catalog/acl
  #include "utils/acl.h"
  #include "utils/fmgroids.h"
  #include "utils/lsyscache.h"
-@@ -1979,7 +1980,14 @@ AclResult
+@@ -1979,7 +1980,13 @@ AclResult
  pg_database_aclcheck(Oid db_oid, Oid roleid, AclMode mode)
  {
  	if (pg_database_aclmask(db_oid, roleid, mode, ACLMASK_ANY) != 0)
 +	{
 +		/* SELinux: db_database:{access} permission */
-+		if ((mode & ACL_CONNECT) != 0
-+			&& !sepgsqlCheckDatabaseAccess(db_oid))
++		if ((mode & ACL_CONNECT) != 0 && !sepgsqlCheckDatabaseAccess(db_oid))
 +			return ACLCHECK_NO_PRIV;
 +
  		return ACLCHECK_OK;
@@ -577,14 +643,27 @@ diff -rpNU3 base/src/backend/catalog/acl
  	else
  		return ACLCHECK_NO_PRIV;
  }
-@@ -1991,7 +1999,14 @@ AclResult
+@@ -1991,7 +1998,13 @@ AclResult
  pg_proc_aclcheck(Oid proc_oid, Oid roleid, AclMode mode)
  {
  	if (pg_proc_aclmask(proc_oid, roleid, mode, ACLMASK_ANY) != 0)
 +	{
 +		/* SELinux: db_procedure:{execute} permission */
-+		if ((mode & ACL_EXECUTE) != 0
-+			&& !sepgsqlCheckProcedureExecute(proc_oid))
++		if ((mode & ACL_EXECUTE) != 0 && !sepgsqlCheckProcedureExecute(proc_oid))
++			return ACLCHECK_NO_PRIV;
++
+ 		return ACLCHECK_OK;
++	}
+ 	else
+ 		return ACLCHECK_NO_PRIV;
+ }
+@@ -2015,7 +2028,13 @@ AclResult
+ pg_namespace_aclcheck(Oid nsp_oid, Oid roleid, AclMode mode)
+ {
+ 	if (pg_namespace_aclmask(nsp_oid, roleid, mode, ACLMASK_ANY) != 0)
++	{
++		/* SELinux: db_schema:{search} permission */
++		if ((mode & ACL_USAGE) && !sepgsqlCheckSchemaSearch(nsp_oid))
 +			return ACLCHECK_NO_PRIV;
 +
  		return ACLCHECK_OK;
@@ -890,6 +969,49 @@ diff -rpNU3 base/src/backend/catalog/ind
  
  	/* done with pg_class */
  	heap_close(pg_class, RowExclusiveLock);
+diff -rpNU3 base/src/backend/catalog/namespace.c sepgsql-new/src/backend/catalog/namespace.c
+--- base/src/backend/catalog/namespace.c	2008-01-07 23:51:33.000000000 +0900
++++ sepgsql-new/src/backend/catalog/namespace.c	2009-05-20 17:35:01.000000000 +0900
+@@ -37,6 +37,7 @@
+ #include "commands/dbcommands.h"
+ #include "miscadmin.h"
+ #include "nodes/makefuncs.h"
++#include "security/sepgsql.h"
+ #include "storage/backendid.h"
+ #include "storage/ipc.h"
+ #include "utils/acl.h"
+@@ -2797,6 +2798,7 @@ static void
+ RemoveTempRelations(Oid tempNamespaceId)
+ {
+ 	ObjectAddress object;
++	int		mode;
+ 
+ 	/*
+ 	 * We want to get rid of everything in the target namespace, but not the
+@@ -2808,7 +2810,22 @@ RemoveTempRelations(Oid tempNamespaceId)
+ 	object.objectId = tempNamespaceId;
+ 	object.objectSubId = 0;
+ 
+-	deleteWhatDependsOn(&object, false);
++	/*
++	 * SELinux does not check anything while cleaning up
++	 * temporary objects.
++	 */
++	mode = sepgsqlSetExceptionMode(1);
++	PG_TRY();
++	{
++		deleteWhatDependsOn(&object, false);
++	}
++	PG_CATCH();
++	{
++		sepgsqlSetExceptionMode(mode);
++		PG_RE_THROW();
++	}
++	PG_END_TRY();
++	sepgsqlSetExceptionMode(mode);
+ }
+ 
+ /*
 diff -rpNU3 base/src/backend/catalog/pg_aggregate.c sepgsql-new/src/backend/catalog/pg_aggregate.c
 --- base/src/backend/catalog/pg_aggregate.c	2008-01-14 22:59:48.000000000 +0900
 +++ sepgsql-new/src/backend/catalog/pg_aggregate.c	2009-03-13 18:14:33.000000000 +0900
@@ -905,7 +1027,7 @@ diff -rpNU3 base/src/backend/catalog/pg_
  	 * Okay to create the pg_aggregate entry.
[...4158 lines suppressed...]
-+sepgsqlExecScan(Relation rel, HeapTuple tuple, AclMode required, bool abort);
++sepgsqlExecScan(Relation rel, HeapTuple tuple, uint32 required, bool abort);
++
++extern uint32
++sepgsqlSetupTuplePerms(RangeTblEntry *rte);
 +
 +extern bool
 +sepgsqlHeapTupleInsert(Relation rel, HeapTuple newtup, bool internal);
@@ -9471,12 +10192,6 @@ diff -rpNU3 base/src/include/security/se
 +sepgsqlGetUnlabeledLabel(void);
 +
 +extern security_context_t
-+sepgsqlGetDatabaseLabel(void);
-+
-+extern sepgsql_sid_t
-+sepgsqlGetDatabaseSid(void);
-+
-+extern security_context_t
 +sepgsqlSwitchClient(security_context_t new_client);
 +
 +extern bool
@@ -9486,26 +10201,44 @@ diff -rpNU3 base/src/include/security/se
 +sepgsqlInitialize(void);
 +
 +/*
-+ * hooks.c : security hooks
++ * hooks.c : test certain permissions
 + */
 +extern bool
-+sepgsqlCheckDatabaseAccess(Oid db_oid);
++sepgsqlCheckDatabaseAccess(Oid database_oid);
 +
 +extern bool
 +sepgsqlCheckDatabaseSuperuser(void);
 +
++extern bool
++sepgsqlCheckSchemaSearch(Oid nsid);
++
++extern void
++sepgsqlCheckSchemaAddRemove(Relation rel, HeapTuple newtup, HeapTuple oldtup);
++
 +extern void
 +sepgsqlCheckDatabaseInstallModule(const char *filename);
 +
 +extern void
 +sepgsqlCheckDatabaseLoadModule(const char *filename);
 +
-+extern bool
++extern void
 +sepgsqlCheckTableLock(Oid table_oid);
 +
-+extern bool
++extern void
 +sepgsqlCheckTableTruncate(Relation rel);
 +
++extern void
++sepgsqlCheckTableReference(Relation rel, int16 *attnums, int natts);
++
++extern void
++sepgsqlCheckSequenceGetValue(Oid seqid);
++
++extern void
++sepgsqlCheckSequenceNextValue(Oid seqid);
++
++extern void
++sepgsqlCheckSequenceSetValue(Oid seqid);
++
 +extern bool
 +sepgsqlCheckProcedureExecute(Oid proc_oid);
 +
@@ -9516,7 +10249,10 @@ diff -rpNU3 base/src/include/security/se
 +sepgsqlCheckProcedureInstall(Relation rel, HeapTuple newtup, HeapTuple oldtup);
 +
 +extern void
-+sepgsqlCheckBlobDrop(HeapTuple lotup);
++sepgsqlCheckBlobCreate(Relation rel, HeapTuple lotup);
++
++extern void
++sepgsqlCheckBlobDrop(Relation rel, HeapTuple lotup);
 +
 +extern void
 +sepgsqlCheckBlobRead(LargeObjectDesc *lobj);
@@ -9531,11 +10267,11 @@ diff -rpNU3 base/src/include/security/se
 +sepgsqlCheckBlobSetattr(HeapTuple tuple);
 +
 +extern void
-+sepgsqlCheckBlobExport(LargeObjectDesc *lobj, int fdesc, const char *filename);
-+
++sepgsqlCheckBlobExport(LargeObjectDesc *lobj,
++					   int fdesc, const char *filename);
 +extern void
-+sepgsqlCheckBlobImport(LargeObjectDesc *lobj, int fdesc, const char *filename);
-+
++sepgsqlCheckBlobImport(LargeObjectDesc *lobj,
++					   int fdesc, const char *filename);
 +extern void
 +sepgsqlCheckBlobRelabel(HeapTuple oldtup, HeapTuple newtup);
 +
@@ -9545,6 +10281,7 @@ diff -rpNU3 base/src/include/security/se
 +extern void
 +sepgsqlCheckFileWrite(int fdesc, const char *filename);
 +
++// Hint for optimizer
 +extern bool
 +sepgsqlAllowFunctionInlined(HeapTuple protup);
 +
@@ -9557,10 +10294,10 @@ diff -rpNU3 base/src/include/security/se
 +extern void
 +sepgsqlSetDefaultSecLabel(Relation rel, HeapTuple tuple);
 +
-+extern char *
++extern security_context_t
 +sepgsqlMetaSecurityLabel(void);
 +
-+extern sepgsql_sid_t
++extern Oid
 +sepgsqlInputGivenSecLabel(DefElem *defel);
 +
 +extern List *
@@ -9572,11 +10309,8 @@ diff -rpNU3 base/src/include/security/se
 +extern security_context_t
 +sepgsqlSecurityLabelTransOut(security_context_t label);
 +
-+extern bool
-+sepgsqlCheckValidSecurityLabel(security_context_t label);
-+
 +/*
-+ * perms.c : SE-PostgreSQL permission checks
++ * perms.c : SELinux permission related stuff
 + */
 +extern const char *
 +sepgsqlAuditName(Oid relid, HeapTuple tuple);
@@ -9601,33 +10335,41 @@ diff -rpNU3 base/src/include/security/se
 +
 +extern bool
 +sepgsqlCheckObjectPerms(Relation rel, HeapTuple tuple,
-+                        access_vector_t required, bool abort);
++						access_vector_t required, bool abort);
 +
 +#else	/* HAVE_SELINUX */
 +
-+// avc.c
++/* avc.c */
 +#define sepgsqlShmemSize()						(0)
 +#define sepgsqlStartupWorkerProcess()			(0)
-+// checker.c
++#define sepgsqlGetExceptionMode()				(0)
++#define sepgsqlSetExceptionMode(a)				(0)
++/* checker.c */
 +#define sepgsqlCheckRTEPerms(a)					do {} while(0)
++#define sepgsqlCheckCopyTable(a,b,c)			do {} while(0)
 +#define sepgsqlCheckSelectInto(a)				do {} while(0)
++#define sepgsqlSetupTuplePerms(a)				(0)
 +#define sepgsqlExecScan(a,b,c,d)				(true)
 +#define sepgsqlHeapTupleInsert(a,b,c)			(true)
 +#define sepgsqlHeapTupleUpdate(a,b,c,d)			(true)
 +#define sepgsqlHeapTupleDelete(a,b,c)			(true)
-+// core.c
++/* core.c */
 +#define sepgsqlIsEnabled()						(false)
 +#define sepgsqlInitialize()						do {} while(0)
-+// hooks.c
++/* hooks.c */
 +#define sepgsqlCheckDatabaseAccess(a)			(true)
 +#define sepgsqlCheckDatabaseSuperuser()			(true)
-+#define sepgsqlCheckDatabaseInstallModule(a)	do {} while(0)
-+#define sepgsqlCheckDatabaseLoadModule(a)		do {} while(0)
-+#define sepgsqlCheckTableLock(a)				(true)
-+#define sepgsqlCheckTableTruncate(a)			(true)
++#define sepgsqlCheckSchemaSearch(a)				(true)
++#define sepgsqlCheckTableLock(a)				do {} while(0)
++#define sepgsqlCheckTableTruncate(a)			do {} while(0)
++#define sepgsqlCheckTableReference(a,b,c)		do {} while(0)
++#define sepgsqlCheckSequenceGetValue(a)			do {} while(0)
++#define sepgsqlCheckSequenceNextValue(a)		do {} while(0)
++#define sepgsqlCheckSequenceSetValue(a)			do {} while(0)
 +#define sepgsqlCheckProcedureExecute(a)			(true)
 +#define sepgsqlCheckProcedureEntrypoint(a,b)	do {} while(0)
-+#define sepgsqlCheckBlobDrop(a)					do {} while(0)
++#define sepgsqlCheckBlobCreate(a,b)				do {} while(0)
++#define sepgsqlCheckBlobDrop(a,b)				do {} while(0)
 +#define sepgsqlCheckBlobRead(a)					do {} while(0)
 +#define sepgsqlCheckBlobWrite(a)				do {} while(0)
 +#define sepgsqlCheckBlobGetattr(a)				do {} while(0)
@@ -9638,14 +10380,13 @@ diff -rpNU3 base/src/include/security/se
 +#define sepgsqlCheckFileRead(a,b)				do {} while(0)
 +#define sepgsqlCheckFileWrite(a,b)				do {} while(0)
 +#define sepgsqlAllowFunctionInlined(a)			(true)
-+// label.c
++/* label.c */
 +#define sepgsqlTupleDescHasSecLabel(a)			(false)
 +#define sepgsqlMetaSecurityLabel()				(NULL)
 +#define sepgsqlInputGivenSecLabel(a)			(InvalidOid)
 +#define sepgsqlInputGivenSecLabelRelation(a)	(NIL)
 +#define sepgsqlSecurityLabelTransIn(a)			(a)
 +#define sepgsqlSecurityLabelTransOut(a)			(a)
-+#define sepgsqlCheckValidSecurityLabel(a)		(false)
 +
 +#endif	/* HAVE_SELINUX */
 +

sepostgresql-test-8.3.patch:

Index: sepostgresql-test-8.3.patch
===================================================================
RCS file: /cvs/pkgs/rpms/sepostgresql/devel/sepostgresql-test-8.3.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- sepostgresql-test-8.3.patch	27 Mar 2009 03:54:13 -0000	1.1
+++ sepostgresql-test-8.3.patch	9 Jun 2009 07:29:38 -0000	1.2
@@ -20,7 +20,7 @@ diff -rpNU3 base/src/test/regress/expect
  -- another sanity check: every system catalog that has OIDs should have
 diff -rpNU3 base/src/test/sepgsql/Makefile sepgsql-new/src/test/sepgsql/Makefile
 --- base/src/test/sepgsql/Makefile	1970-01-01 09:00:00.000000000 +0900
-+++ sepgsql-new/src/test/sepgsql/Makefile	2009-03-15 17:38:39.000000000 +0900
++++ sepgsql-new/src/test/sepgsql/Makefile	2009-03-03 18:21:14.000000000 +0900
 @@ -0,0 +1,65 @@
 +# ----------------------------------------------------
 +# Makefile for SE-PostgreSQL testcases
@@ -201,7 +201,7 @@ diff -rpNU3 base/src/test/sepgsql/expect
 +
 diff -rpNU3 base/src/test/sepgsql/expected/copy_stmt.out sepgsql-new/src/test/sepgsql/expected/copy_stmt.out
 --- base/src/test/sepgsql/expected/copy_stmt.out	1970-01-01 09:00:00.000000000 +0900
-+++ sepgsql-new/src/test/sepgsql/expected/copy_stmt.out	2009-03-15 17:38:39.000000000 +0900
++++ sepgsql-new/src/test/sepgsql/expected/copy_stmt.out	2009-03-02 00:24:34.000000000 +0900
 @@ -0,0 +1,90 @@
 +-- at SECURITY_CONTEXT=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c15
 +SELECT sepgsql_getcon();
@@ -568,7 +568,7 @@ diff -rpNU3 base/src/test/sepgsql/expect
 +ERROR:  SELinux: denied { select } scontext=unconfined_u:unconfined_r:sepgsql_test_t:s0-s0:c0 tcontext=unconfined_u:object_r:sepgsql_secret_table_t:s0 tclass=db_column name=t1.c
 diff -rpNU3 base/src/test/sepgsql/expected/large_object.out sepgsql-new/src/test/sepgsql/expected/large_object.out
 --- base/src/test/sepgsql/expected/large_object.out	1970-01-01 09:00:00.000000000 +0900
-+++ sepgsql-new/src/test/sepgsql/expected/large_object.out	2009-03-15 17:38:39.000000000 +0900
++++ sepgsql-new/src/test/sepgsql/expected/large_object.out	2009-03-03 14:31:40.000000000 +0900
 @@ -0,0 +1,293 @@
 +-- at SECURITY_CONTEXT=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c15
 +SELECT sepgsql_getcon();
@@ -865,7 +865,7 @@ diff -rpNU3 base/src/test/sepgsql/expect
 +
 diff -rpNU3 base/src/test/sepgsql/expected/row_level.out sepgsql-new/src/test/sepgsql/expected/row_level.out
 --- base/src/test/sepgsql/expected/row_level.out	1970-01-01 09:00:00.000000000 +0900
-+++ sepgsql-new/src/test/sepgsql/expected/row_level.out	2009-03-15 17:38:39.000000000 +0900
++++ sepgsql-new/src/test/sepgsql/expected/row_level.out	2009-03-02 00:24:34.000000000 +0900
 @@ -0,0 +1,131 @@
 +-- at SECURITY_CONTEXT=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c15
 +SELECT sepgsql_getcon();
@@ -1000,7 +1000,7 @@ diff -rpNU3 base/src/test/sepgsql/expect
 +DELETE 1
 diff -rpNU3 base/src/test/sepgsql/expected/security_label.out sepgsql-new/src/test/sepgsql/expected/security_label.out
 --- base/src/test/sepgsql/expected/security_label.out	1970-01-01 09:00:00.000000000 +0900
-+++ sepgsql-new/src/test/sepgsql/expected/security_label.out	2009-03-15 17:38:39.000000000 +0900
++++ sepgsql-new/src/test/sepgsql/expected/security_label.out	2009-03-02 00:24:34.000000000 +0900
 @@ -0,0 +1,127 @@
 +-- at SECURITY_CONTEXT=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c15
 +SELECT sepgsql_getcon();
@@ -1131,7 +1131,7 @@ diff -rpNU3 base/src/test/sepgsql/expect
 +system_u:object_r:sepgsql_table_t:s0:c4	13	nnn
 diff -rpNU3 base/src/test/sepgsql/launch_psql.c sepgsql-new/src/test/sepgsql/launch_psql.c
 --- base/src/test/sepgsql/launch_psql.c	1970-01-01 09:00:00.000000000 +0900
-+++ sepgsql-new/src/test/sepgsql/launch_psql.c	2009-03-15 17:38:39.000000000 +0900
++++ sepgsql-new/src/test/sepgsql/launch_psql.c	2009-03-02 00:24:34.000000000 +0900
 @@ -0,0 +1,87 @@
 +/*
 + * launch_psql.c
@@ -1222,7 +1222,7 @@ diff -rpNU3 base/src/test/sepgsql/launch
 +}
 diff -rpNU3 base/src/test/sepgsql/sql/basic.sql sepgsql-new/src/test/sepgsql/sql/basic.sql
 --- base/src/test/sepgsql/sql/basic.sql	1970-01-01 09:00:00.000000000 +0900
-+++ sepgsql-new/src/test/sepgsql/sql/basic.sql	2009-03-15 17:38:39.000000000 +0900
++++ sepgsql-new/src/test/sepgsql/sql/basic.sql	2009-03-02 00:24:34.000000000 +0900
 @@ -0,0 +1,59 @@
 +-- at SECURITY_CONTEXT=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c15
 +
@@ -1285,7 +1285,7 @@ diff -rpNU3 base/src/test/sepgsql/sql/ba
 +SELECT t3 FROM t3;
 diff -rpNU3 base/src/test/sepgsql/sql/copy_stmt.sql sepgsql-new/src/test/sepgsql/sql/copy_stmt.sql
 --- base/src/test/sepgsql/sql/copy_stmt.sql	1970-01-01 09:00:00.000000000 +0900
-+++ sepgsql-new/src/test/sepgsql/sql/copy_stmt.sql	2009-03-15 17:38:39.000000000 +0900
++++ sepgsql-new/src/test/sepgsql/sql/copy_stmt.sql	2009-03-02 00:24:34.000000000 +0900
 @@ -0,0 +1,58 @@
 +-- at SECURITY_CONTEXT=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c15
 +
@@ -1347,7 +1347,7 @@ diff -rpNU3 base/src/test/sepgsql/sql/co
 +COPY t1 TO stdout;
 diff -rpNU3 base/src/test/sepgsql/sql/enhanced_ddl_stmt.sql sepgsql-new/src/test/sepgsql/sql/enhanced_ddl_stmt.sql
 --- base/src/test/sepgsql/sql/enhanced_ddl_stmt.sql	1970-01-01 09:00:00.000000000 +0900
-+++ sepgsql-new/src/test/sepgsql/sql/enhanced_ddl_stmt.sql	2009-03-15 17:38:39.000000000 +0900
++++ sepgsql-new/src/test/sepgsql/sql/enhanced_ddl_stmt.sql	2009-03-02 00:24:34.000000000 +0900
 @@ -0,0 +1,89 @@
 +-- at SECURITY_CONTEXT=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c15
 +
@@ -1440,7 +1440,7 @@ diff -rpNU3 base/src/test/sepgsql/sql/en
 +SELECT proname, security_context FROM pg_proc WHERE oid = 'f2'::regproc;
 diff -rpNU3 base/src/test/sepgsql/sql/join_query.sql sepgsql-new/src/test/sepgsql/sql/join_query.sql
 --- base/src/test/sepgsql/sql/join_query.sql	1970-01-01 09:00:00.000000000 +0900
-+++ sepgsql-new/src/test/sepgsql/sql/join_query.sql	2009-03-15 17:38:39.000000000 +0900
++++ sepgsql-new/src/test/sepgsql/sql/join_query.sql	2009-03-02 00:24:34.000000000 +0900
 @@ -0,0 +1,50 @@
 +-- at SECURITY_CONTEXT=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c15
 +
@@ -1494,7 +1494,7 @@ diff -rpNU3 base/src/test/sepgsql/sql/jo
 +SELECT j FROM (t1 JOIN t2 ON a = x) AS j;	-- to be denied
 diff -rpNU3 base/src/test/sepgsql/sql/large_object.sql sepgsql-new/src/test/sepgsql/sql/large_object.sql
 --- base/src/test/sepgsql/sql/large_object.sql	1970-01-01 09:00:00.000000000 +0900
-+++ sepgsql-new/src/test/sepgsql/sql/large_object.sql	2009-03-15 17:38:39.000000000 +0900
++++ sepgsql-new/src/test/sepgsql/sql/large_object.sql	2009-03-03 14:31:40.000000000 +0900
 @@ -0,0 +1,103 @@
 +-- at SECURITY_CONTEXT=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c15
 +
@@ -1601,7 +1601,7 @@ diff -rpNU3 base/src/test/sepgsql/sql/la
 +SELECT lo_unlink(loid) FROM lolabel;
 diff -rpNU3 base/src/test/sepgsql/sql/row_level.sql sepgsql-new/src/test/sepgsql/sql/row_level.sql
 --- base/src/test/sepgsql/sql/row_level.sql	1970-01-01 09:00:00.000000000 +0900
-+++ sepgsql-new/src/test/sepgsql/sql/row_level.sql	2009-03-15 17:38:39.000000000 +0900
++++ sepgsql-new/src/test/sepgsql/sql/row_level.sql	2009-03-02 00:24:34.000000000 +0900
 @@ -0,0 +1,61 @@
 +-- at SECURITY_CONTEXT=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c15
 +
@@ -1666,7 +1666,7 @@ diff -rpNU3 base/src/test/sepgsql/sql/ro
 +DELETE FROM t1 WHERE a = 7;
 diff -rpNU3 base/src/test/sepgsql/sql/security_label.sql sepgsql-new/src/test/sepgsql/sql/security_label.sql
 --- base/src/test/sepgsql/sql/security_label.sql	1970-01-01 09:00:00.000000000 +0900
-+++ sepgsql-new/src/test/sepgsql/sql/security_label.sql	2009-03-15 17:38:39.000000000 +0900
++++ sepgsql-new/src/test/sepgsql/sql/security_label.sql	2009-03-02 00:24:34.000000000 +0900
 @@ -0,0 +1,60 @@
 +-- at SECURITY_CONTEXT=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c15
 +


Index: sepostgresql.init
===================================================================
RCS file: /cvs/pkgs/rpms/sepostgresql/devel/sepostgresql.init,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -p -r1.33 -r1.34
--- sepostgresql.init	17 Apr 2009 00:32:23 -0000	1.33
+++ sepostgresql.init	9 Jun 2009 07:29:38 -0000	1.34
@@ -9,7 +9,7 @@
 
 PGVERSION="8.3.7"
 PGMAJORVERSION=`echo "$PGVERSION" | sed 's/^\([0-9]*\.[0-9a-z]*\).*$/\1/'`
-SEPGVERSION="1771"
+SEPGVERSION="1990"
 
 # source function library
 . /etc/rc.d/init.d/functions


Index: sepostgresql.spec
===================================================================
RCS file: /cvs/pkgs/rpms/sepostgresql/devel/sepostgresql.spec,v
retrieving revision 1.36
retrieving revision 1.37
diff -u -p -r1.36 -r1.37
--- sepostgresql.spec	17 Apr 2009 00:32:23 -0000	1.36
+++ sepostgresql.spec	9 Jun 2009 07:29:38 -0000	1.37
@@ -12,7 +12,7 @@
 Summary: Security Enhanced PostgreSQL
 Name: sepostgresql
 Version: 8.3.7
-Release: 1772%{?dist}
+Release: 1990%{?dist}
 License: BSD
 Group: Applications/Databases
 Url: http://code.google.com/p/sepgsql/
@@ -26,7 +26,7 @@ Patch1: sepostgresql-utils-8.3.patch
 Patch2: sepostgresql-test-8.3.patch
 Patch3: sepostgresql-fedora-prefix.patch
 BuildRequires: perl glibc-devel bison flex readline-devel zlib-devel >= 1.0.4
-BuildRequires: checkpolicy libselinux-devel >= 2.0.43
+BuildRequires: checkpolicy libselinux-devel >= 2.0.80
 BuildRequires: selinux-policy >= 3.4.2
 %if %{ssl}
 BuildRequires: openssl-devel
@@ -199,6 +199,9 @@ fi
 %attr(700,sepgsql,sepgsql) %dir %{_localstatedir}/lib/sepgsql/backups
 
 %changelog
+* Tue Jun  9 2009 KaiGai Kohei <kaigai at kaigai.gr.jp> - 8.3.7-1990
+- backport features from v8.4devel, it also needs libselinux-2.0.80
+
 * Fri Apr 17 2009 KaiGai Kohei <kaigai at kaigai.gr.jp> - 8.3.7-1772
 - bugfix: /etc/init.d/sepostgresql initdb didn't work correctly
 


