rpms/sepostgresql/F-11 .cvsignore, 1.14, 1.15 sepostgresql-core-8.3.patch, 1.3, 1.4 sepostgresql-test-8.3.patch, 1.2, 1.3 sepostgresql-utils-8.3.patch, 1.1, 1.2 sepostgresql.init, 1.34, 1.35 sepostgresql.spec, 1.37, 1.38 sources, 1.11, 1.12
KaiGai Kohei
kaigai at fedoraproject.org
Thu Sep 10 12:27:20 UTC 2009
- Previous message (by thread): rpms/vmpsd/EL-5 import.log, NONE, 1.1 vmpsd.init, NONE, 1.1 vmpsd.spec, NONE, 1.1 vmpsd.sysconfig, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message (by thread): rpms/opencv/devel opencv.spec,1.36,1.37
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: kaigai
Update of /cvs/pkgs/rpms/sepostgresql/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv25040
Modified Files:
.cvsignore sepostgresql-core-8.3.patch
sepostgresql-test-8.3.patch sepostgresql-utils-8.3.patch
sepostgresql.init sepostgresql.spec sources
Log Message:
upgrade base PostgreSQL v8.3.7->8.3.8
Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/sepostgresql/F-11/.cvsignore,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -p -r1.14 -r1.15
--- .cvsignore 27 Mar 2009 03:54:13 -0000 1.14
+++ .cvsignore 10 Sep 2009 12:27:20 -0000 1.15
@@ -1 +1 @@
-postgresql-8.3.7.tar.bz2
+postgresql-8.3.8.tar.bz2
sepostgresql-core-8.3.patch:
configure | 113 +
configure.in | 13
src/Makefile.global.in | 1
src/backend/Makefile | 7
src/backend/access/common/heaptuple.c | 26
src/backend/access/common/tupdesc.c | 6
src/backend/access/heap/heapam.c | 7
src/backend/access/heap/tuptoaster.c | 9
src/backend/access/transam/xact.c | 15
src/backend/bootstrap/bootparse.y | 11
src/backend/bootstrap/bootstrap.c | 8
src/backend/catalog/Makefile | 4
src/backend/catalog/aclchk.c | 19
src/backend/catalog/catalog.c | 4
src/backend/catalog/heap.c | 104 +
src/backend/catalog/index.c | 10
src/backend/catalog/namespace.c | 27
src/backend/catalog/pg_aggregate.c | 3
src/backend/catalog/pg_largeobject.c | 7
src/backend/catalog/pg_namespace.c | 4
src/backend/catalog/pg_proc.c | 18
src/backend/catalog/pg_security.c | 299 +++
src/backend/catalog/toasting.c | 3
src/backend/commands/alter.c | 29
src/backend/commands/cluster.c | 7
src/backend/commands/copy.c | 258 ++
src/backend/commands/dbcommands.c | 73
src/backend/commands/functioncmds.c | 74
src/backend/commands/lockcmds.c | 4
src/backend/commands/proclang.c | 6
src/backend/commands/schemacmds.c | 62
src/backend/commands/sequence.c | 14
src/backend/commands/tablecmds.c | 150 +
src/backend/executor/execJunk.c | 4
src/backend/executor/execMain.c | 143 +
src/backend/executor/execScan.c | 23
src/backend/executor/execTuples.c | 13
src/backend/executor/execUtils.c | 7
src/backend/executor/functions.c | 2
src/backend/executor/nodeSubplan.c | 4
src/backend/executor/spi.c | 2
src/backend/libpq/be-fsstubs.c | 77
src/backend/nodes/copyfuncs.c | 23
src/backend/nodes/equalfuncs.c | 20
src/backend/nodes/outfuncs.c | 6
src/backend/nodes/readfuncs.c | 46
src/backend/optimizer/plan/createplan.c | 3
src/backend/optimizer/prep/prepunion.c | 71
src/backend/optimizer/util/clauses.c | 2
src/backend/optimizer/util/relnode.c | 2
src/backend/parser/analyze.c | 60
src/backend/parser/gram.y | 110 +
src/backend/parser/parse_clause.c | 18
src/backend/parser/parse_expr.c | 3
src/backend/parser/parse_relation.c | 146 +
src/backend/parser/parse_target.c | 79
src/backend/postmaster/postmaster.c | 43
src/backend/rewrite/rewriteHandler.c | 4
src/backend/security/Makefile | 34
src/backend/security/rowlevel.c | 177 +
src/backend/security/sepgsql/avc.c | 859 +++++++++
src/backend/security/sepgsql/checker.c | 577 ++++++
src/backend/security/sepgsql/core.c | 326 +++
src/backend/security/sepgsql/dummy.c | 79
src/backend/security/sepgsql/hooks.c | 905 ++++++++++
src/backend/security/sepgsql/label.c | 560 ++++++
src/backend/security/sepgsql/perms.c | 469 +++++
src/backend/security/sepgsql/policy/Makefile | 28
src/backend/security/sepgsql/policy/sepostgresql-devel.fc.template | 12
src/backend/security/sepgsql/policy/sepostgresql-devel.te | 128 +
src/backend/storage/file/fd.c | 7
src/backend/storage/ipc/ipci.c | 2
src/backend/storage/large_object/inv_api.c | 116 +
src/backend/tcop/pquery.c | 2
src/backend/tcop/utility.c | 36
src/backend/utils/adt/genfile.c | 4
src/backend/utils/adt/ri_triggers.c | 18
src/backend/utils/adt/varlena.c | 97 +
src/backend/utils/cache/catcache.c | 32
src/backend/utils/cache/plancache.c | 12
src/backend/utils/cache/relcache.c | 32
src/backend/utils/cache/syscache.c | 40
src/backend/utils/fmgr/dfmgr.c | 10
src/backend/utils/fmgr/fmgr.c | 8
src/backend/utils/init/postinit.c | 11
src/backend/utils/misc/guc.c | 27
src/backend/utils/misc/postgresql.conf.sample | 4
src/include/access/heapam.h | 2
src/include/access/htup.h | 43
src/include/access/tupdesc.h | 1
src/include/catalog/heap.h | 8
src/include/catalog/indexing.h | 5
src/include/catalog/pg_attribute.h | 4
src/include/catalog/pg_namespace.h | 2
src/include/catalog/pg_proc.h | 19
src/include/catalog/pg_security.h | 58
src/include/commands/alter.h | 1
src/include/commands/dbcommands.h | 1
src/include/commands/defrem.h | 1
src/include/commands/schemacmds.h | 1
src/include/commands/tablecmds.h | 3
src/include/executor/executor.h | 7
src/include/executor/tuptable.h | 1
src/include/fmgr.h | 10
src/include/libpq/be-fsstubs.h | 3
src/include/nodes/nodes.h | 1
src/include/nodes/parsenodes.h | 21
src/include/nodes/plannodes.h | 9
src/include/nodes/relation.h | 9
src/include/parser/parse_node.h | 1
src/include/parser/parse_relation.h | 2
src/include/pg_config.h.in | 3
src/include/security/rowlevel.h | 47
src/include/security/sepgsql.h | 466 +++++
src/include/storage/fd.h | 1
src/include/storage/large_object.h | 3
src/include/storage/lwlock.h | 1
src/include/utils/builtins.h | 8
src/include/utils/catcache.h | 1
src/include/utils/errcodes.h | 5
src/include/utils/syscache.h | 28
121 files changed, 7527 insertions(+), 167 deletions(-)
View full diff with command:
/usr/bin/cvs -n -f diff -kk -u -p -N -r 1.3 -r 1.4 sepostgresql-core-8.3.patchIndex: sepostgresql-core-8.3.patch
===================================================================
RCS file: /cvs/pkgs/rpms/sepostgresql/F-11/sepostgresql-core-8.3.patch,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -p -r1.3 -r1.4
--- sepostgresql-core-8.3.patch 9 Jun 2009 07:30:54 -0000 1.3
+++ sepostgresql-core-8.3.patch 10 Sep 2009 12:27:20 -0000 1.4
@@ -1,6 +1,6 @@
diff -rpNU3 base/configure sepgsql-new/configure
---- base/configure 2009-05-20 17:08:02.000000000 +0900
-+++ sepgsql-new/configure 2009-05-20 17:08:02.000000000 +0900
+--- base/configure 2009-09-10 20:11:35.000000000 +0900
++++ sepgsql-new/configure 2009-09-10 20:24:37.000000000 +0900
@@ -314,7 +314,7 @@ ac_includes_default="\
# include <unistd.h>
#endif"
@@ -143,8 +143,8 @@ diff -rpNU3 base/configure sepgsql-new/c
s, at ELF_SYS@,$ELF_SYS,;t t
s, at LDFLAGS_SL@,$LDFLAGS_SL,;t t
diff -rpNU3 base/configure.in sepgsql-new/configure.in
---- base/configure.in 2009-03-15 17:47:25.000000000 +0900
-+++ sepgsql-new/configure.in 2009-03-15 17:58:10.000000000 +0900
+--- base/configure.in 2009-09-10 20:11:35.000000000 +0900
++++ sepgsql-new/configure.in 2009-09-10 20:24:37.000000000 +0900
@@ -626,6 +626,19 @@ PGAC_ARG_BOOL(with, zlib, yes,
AC_SUBST(with_zlib)
@@ -201,8 +201,8 @@ diff -rpNU3 base/src/backend/Makefile se
all: submake-libpgport postgres $(POSTGRES_IMP)
diff -rpNU3 base/src/backend/access/common/heaptuple.c sepgsql-new/src/backend/access/common/heaptuple.c
---- base/src/backend/access/common/heaptuple.c 2008-01-07 23:51:33.000000000 +0900
-+++ sepgsql-new/src/backend/access/common/heaptuple.c 2009-03-13 18:14:33.000000000 +0900
+--- base/src/backend/access/common/heaptuple.c 2009-09-10 20:11:35.000000000 +0900
++++ sepgsql-new/src/backend/access/common/heaptuple.c 2009-09-10 20:24:37.000000000 +0900
@@ -66,6 +66,7 @@
#include "access/heapam.h"
@@ -372,8 +372,8 @@ diff -rpNU3 base/src/backend/access/comm
for (i = 0; i < tupdesc1->natts; i++)
{
diff -rpNU3 base/src/backend/access/heap/heapam.c sepgsql-new/src/backend/access/heap/heapam.c
---- base/src/backend/access/heap/heapam.c 2009-02-02 11:47:17.000000000 +0900
-+++ sepgsql-new/src/backend/access/heap/heapam.c 2009-03-13 18:14:33.000000000 +0900
+--- base/src/backend/access/heap/heapam.c 2009-09-10 20:11:35.000000000 +0900
++++ sepgsql-new/src/backend/access/heap/heapam.c 2009-09-10 20:24:37.000000000 +0900
@@ -50,6 +50,7 @@
#include "catalog/namespace.h"
#include "miscadmin.h"
@@ -382,7 +382,7 @@ diff -rpNU3 base/src/backend/access/heap
#include "storage/procarray.h"
#include "storage/smgr.h"
#include "utils/datum.h"
-@@ -1949,6 +1950,8 @@ heap_insert(Relation relation, HeapTuple
+@@ -1958,6 +1959,8 @@ heap_insert(Relation relation, HeapTuple
Oid
simple_heap_insert(Relation relation, HeapTuple tup)
{
@@ -391,7 +391,7 @@ diff -rpNU3 base/src/backend/access/heap
return heap_insert(relation, tup, GetCurrentCommandId(true), true, true);
}
-@@ -2230,6 +2233,8 @@ simple_heap_delete(Relation relation, It
+@@ -2239,6 +2242,8 @@ simple_heap_delete(Relation relation, It
ItemPointerData update_ctid;
TransactionId update_xmax;
@@ -400,7 +400,7 @@ diff -rpNU3 base/src/backend/access/heap
result = heap_delete(relation, tid,
&update_ctid, &update_xmax,
GetCurrentCommandId(true), InvalidSnapshot,
-@@ -2874,6 +2879,8 @@ simple_heap_update(Relation relation, It
+@@ -2883,6 +2888,8 @@ simple_heap_update(Relation relation, It
ItemPointerData update_ctid;
TransactionId update_xmax;
@@ -701,7 +701,7 @@ diff -rpNU3 base/src/backend/catalog/cat
relationId == SharedDependReferenceIndexId ||
diff -rpNU3 base/src/backend/catalog/heap.c sepgsql-new/src/backend/catalog/heap.c
--- base/src/backend/catalog/heap.c 2009-03-15 17:47:25.000000000 +0900
-+++ sepgsql-new/src/backend/catalog/heap.c 2009-03-15 17:58:10.000000000 +0900
++++ sepgsql-new/src/backend/catalog/heap.c 2009-06-19 15:02:12.000000000 +0900
@@ -42,6 +42,7 @@
#include "catalog/pg_constraint.h"
#include "catalog/pg_inherits.h"
@@ -710,15 +710,7 @@ diff -rpNU3 base/src/backend/catalog/hea
#include "catalog/pg_statistic.h"
#include "catalog/pg_tablespace.h"
#include "catalog/pg_type.h"
-@@ -53,6 +54,7 @@
- #include "parser/parse_coerce.h"
- #include "parser/parse_expr.h"
- #include "parser/parse_relation.h"
-+#include "security/sepgsql.h"
- #include "storage/smgr.h"
- #include "utils/builtins.h"
- #include "utils/fmgroids.h"
-@@ -67,7 +69,8 @@ static void AddNewRelationTuple(Relation
+@@ -67,7 +68,8 @@ static void AddNewRelationTuple(Relation
Oid new_rel_oid, Oid new_type_oid,
Oid relowner,
char relkind,
@@ -728,7 +720,7 @@ diff -rpNU3 base/src/backend/catalog/hea
static Oid AddNewRelationType(const char *typeName,
Oid typeNamespace,
Oid new_rel_oid,
-@@ -145,7 +148,16 @@ static FormData_pg_attribute a7 = {
+@@ -145,7 +147,16 @@ static FormData_pg_attribute a7 = {
true, 'p', 'i', true, false, false, true, 0
};
@@ -746,7 +738,7 @@ diff -rpNU3 base/src/backend/catalog/hea
/*
* This function returns a Form_pg_attribute pointer for a system attribute.
-@@ -185,6 +197,18 @@ SystemAttributeByName(const char *attnam
+@@ -185,6 +196,18 @@ SystemAttributeByName(const char *attnam
return NULL;
}
@@ -765,7 +757,7 @@ diff -rpNU3 base/src/backend/catalog/hea
/* ----------------------------------------------------------------
* XXX END OF UGLY HARD CODED BADNESS XXX
-@@ -468,7 +492,8 @@ AddNewAttributeTuples(Oid new_rel_oid,
+@@ -468,7 +491,8 @@ AddNewAttributeTuples(Oid new_rel_oid,
TupleDesc tupdesc,
char relkind,
bool oidislocal,
@@ -775,12 +767,12 @@ diff -rpNU3 base/src/backend/catalog/hea
{
const Form_pg_attribute *dpp;
int i;
-@@ -493,16 +518,40 @@ AddNewAttributeTuples(Oid new_rel_oid,
+@@ -493,16 +517,40 @@ AddNewAttributeTuples(Oid new_rel_oid,
dpp = tupdesc->attrs;
for (i = 0; i < natts; i++)
{
+ ListCell *l;
-+ Oid attselabel = InvalidOid;
++ Oid attselabel = InvalidOid;
+
/* Fill in the correct relation OID */
(*dpp)->attrelid = new_rel_oid;
@@ -796,7 +788,7 @@ diff -rpNU3 base/src/backend/catalog/hea
+ if (defel->defname &&
+ strcmp(defel->defname, NameStr((*dpp)->attname)) == 0)
+ {
-+ attselabel = sepgsqlInputGivenSecLabel(defel);
++ attselabel = intVal(defel->arg);
+ break;
+ }
+ }
@@ -816,7 +808,7 @@ diff -rpNU3 base/src/backend/catalog/hea
simple_heap_insert(rel, tup);
-@@ -538,6 +587,7 @@ AddNewAttributeTuples(Oid new_rel_oid,
+@@ -538,6 +586,7 @@ AddNewAttributeTuples(Oid new_rel_oid,
tup = heap_addheader(Natts_pg_attribute,
false,
@@ -824,7 +816,7 @@ diff -rpNU3 base/src/backend/catalog/hea
ATTRIBUTE_TUPLE_SIZE,
(void *) *dpp);
attStruct = (Form_pg_attribute) GETSTRUCT(tup);
-@@ -593,7 +643,8 @@ void
+@@ -593,7 +642,8 @@ void
InsertPgClassTuple(Relation pg_class_desc,
Relation new_rel_desc,
Oid new_rel_oid,
@@ -834,7 +826,7 @@ diff -rpNU3 base/src/backend/catalog/hea
{
Form_pg_class rd_rel = new_rel_desc->rd_rel;
Datum values[Natts_pg_class];
-@@ -644,11 +695,23 @@ InsertPgClassTuple(Relation pg_class_des
+@@ -644,11 +694,23 @@ InsertPgClassTuple(Relation pg_class_des
*/
HeapTupleSetOid(tup, new_rel_oid);
@@ -858,7 +850,7 @@ diff -rpNU3 base/src/backend/catalog/hea
heap_freetuple(tup);
}
-@@ -666,9 +729,12 @@ AddNewRelationTuple(Relation pg_class_de
+@@ -666,9 +728,12 @@ AddNewRelationTuple(Relation pg_class_de
Oid new_type_oid,
Oid relowner,
char relkind,
@@ -872,7 +864,7 @@ diff -rpNU3 base/src/backend/catalog/hea
/*
* first we update some of the information in our uncataloged relation's
-@@ -725,8 +791,21 @@ AddNewRelationTuple(Relation pg_class_de
+@@ -725,8 +790,21 @@ AddNewRelationTuple(Relation pg_class_de
new_rel_desc->rd_att->tdtypeid = new_type_oid;
@@ -883,7 +875,7 @@ diff -rpNU3 base/src/backend/catalog/hea
[...4529 lines suppressed...]
+ char *schemaname; /* the name of the schema to create */
+ char *authid; /* the owner of the created schema */
++ Node *secLabel; /* explicitly specified security label */
+ List *schemaElts; /* schema components (list of parsenodes) */
+ } CreateSchemaStmt;
- typedef struct AlterTableCmd /* one subcommand of an ALTER TABLE */
@@ -1108,6 +1113,7 @@ typedef struct CreateStmt
List *options; /* options from WITH clause */
OnCommitAction oncommit; /* what do we do at COMMIT? */
@@ -9802,6 +10263,35 @@ diff -rpNU3 base/src/include/nodes/parse
} CreateStmt;
/* ----------
+@@ -1320,6 +1326,7 @@ typedef struct CreateSeqStmt
+ NodeTag type;
+ RangeVar *sequence; /* the sequence to create */
+ List *options;
++ Node *secLabel;
+ } CreateSeqStmt;
+
+ typedef struct AlterSeqStmt
+@@ -1671,6 +1678,20 @@ typedef struct AlterOwnerStmt
+ char *newowner; /* the new owner */
+ } AlterOwnerStmt;
+
++/* ----------------------
++ * Alter Object Security Label Statement
++ * ----------------------
++ */
++typedef struct AlterSecLabelStmt
++{
++ NodeTag type;
++ ObjectType objectType; /* OBJECT_TABLE, OBJECT_COLUMN, etc */
++ RangeVar *relation; /* in case it's a table */
++ List *object; /* in case it's some other object */
++ List *objarg; /* argument types, if applicable */
++ char *subname; /* column name, if needed */
++ Node *secLabel; /* the new security label */
++} AlterSecLabelStmt;
+
+ /* ----------------------
+ * Create Rule Statement
diff -rpNU3 base/src/include/nodes/plannodes.h sepgsql-new/src/include/nodes/plannodes.h
--- base/src/include/nodes/plannodes.h 2008-01-07 23:51:33.000000000 +0900
+++ sepgsql-new/src/include/nodes/plannodes.h 2009-05-20 17:08:02.000000000 +0900
@@ -9836,8 +10326,8 @@ diff -rpNU3 base/src/include/nodes/plann
/* ----------------
diff -rpNU3 base/src/include/nodes/relation.h sepgsql-new/src/include/nodes/relation.h
---- base/src/include/nodes/relation.h 2009-02-02 11:47:17.000000000 +0900
-+++ sepgsql-new/src/include/nodes/relation.h 2009-05-20 17:08:02.000000000 +0900
+--- base/src/include/nodes/relation.h 2009-09-10 20:11:35.000000000 +0900
++++ sepgsql-new/src/include/nodes/relation.h 2009-09-10 20:24:37.000000000 +0900
@@ -366,6 +366,15 @@ typedef struct RelOptInfo
* list just to avoid recomputing the best inner indexscan repeatedly for
* similar outer relations. See comments for InnerIndexscanInfo.
@@ -9943,8 +10433,8 @@ diff -rpNU3 base/src/include/security/ro
+#endif /* PG_SELINUX_H */
diff -rpNU3 base/src/include/security/sepgsql.h sepgsql-new/src/include/security/sepgsql.h
--- base/src/include/security/sepgsql.h 1970-01-01 09:00:00.000000000 +0900
-+++ sepgsql-new/src/include/security/sepgsql.h 2009-05-29 11:12:01.000000000 +0900
-@@ -0,0 +1,457 @@
++++ sepgsql-new/src/include/security/sepgsql.h 2009-06-19 15:02:12.000000000 +0900
+@@ -0,0 +1,466 @@
+/*
+ * src/include/utils/sepgsql.h
+ * Headers of SE-PostgreSQL
@@ -10130,15 +10620,21 @@ diff -rpNU3 base/src/include/security/se
+extern void sepgsqlAvcSwitchClient(void);
+
+extern bool
-+sepgsqlClientHasPerms(Oid tsecid,
-+ security_class_t tclass,
-+ access_vector_t required,
-+ const char *audit_name, bool abort);
++sepgsqlClientHasPermsTup(Oid relid, HeapTuple tuple,
++ security_class_t tclass,
++ access_vector_t required, bool abort);
++extern bool
++sepgsqlClientHasPermsSid(Oid relid, Oid secid,
++ security_class_t tclass,
++ access_vector_t required,
++ const char *audit_name, bool abort);
+extern Oid
-+sepgsqlClientCreate(Oid tsecid, security_class_t tclass);
++sepgsqlClientCreateSecid(Oid trelid, Oid tsecid,
++ security_class_t tclass, Oid nrelid);
+
+extern security_context_t
-+sepgsqlClientCreateLabel(Oid tsecid, security_class_t tclass);
++sepgsqlClientCreateLabel(Oid trelid, Oid tsecid,
++ security_class_t tclass);
+
+extern bool
+sepgsqlComputePerms(security_context_t scontext,
@@ -10189,9 +10685,6 @@ diff -rpNU3 base/src/include/security/se
+sepgsqlGetClientLabel(void);
+
+extern security_context_t
-+sepgsqlGetUnlabeledLabel(void);
-+
-+extern security_context_t
+sepgsqlSwitchClient(security_context_t new_client);
+
+extern bool
@@ -10209,17 +10702,17 @@ diff -rpNU3 base/src/include/security/se
+extern bool
+sepgsqlCheckDatabaseSuperuser(void);
+
-+extern bool
-+sepgsqlCheckSchemaSearch(Oid nsid);
-+
+extern void
-+sepgsqlCheckSchemaAddRemove(Relation rel, HeapTuple newtup, HeapTuple oldtup);
++sepgsqlCheckDatabaseInstallModule(void);
+
+extern void
-+sepgsqlCheckDatabaseInstallModule(const char *filename);
++sepgsqlCheckDatabaseLoadModule(const char *filename);
++
++extern bool
++sepgsqlCheckSchemaSearch(Oid nsid);
+
+extern void
-+sepgsqlCheckDatabaseLoadModule(const char *filename);
++sepgsqlCheckSchemaAddRemove(Relation rel, HeapTuple newtup, HeapTuple oldtup);
+
+extern void
+sepgsqlCheckTableLock(Oid table_oid);
@@ -10295,19 +10788,25 @@ diff -rpNU3 base/src/include/security/se
+sepgsqlSetDefaultSecLabel(Relation rel, HeapTuple tuple);
+
+extern security_context_t
-+sepgsqlMetaSecurityLabel(void);
++sepgsqlMetaSecurityLabel(bool shared);
+
+extern Oid
-+sepgsqlInputGivenSecLabel(DefElem *defel);
++sepgsqlGivenSecLabelIn(Oid relid, DefElem *defel);
+
+extern List *
-+sepgsqlInputGivenSecLabelRelation(CreateStmt *stmt);
++sepgsqlParseCreateStmtSecLabelIn(CreateStmt *stmt);
++
++extern security_context_t
++sepgsqlTransSecLabelIn(security_context_t seclabel);
+
+extern security_context_t
-+sepgsqlSecurityLabelTransIn(security_context_t label);
++sepgsqlTransSecLabelOut(security_context_t seclabel);
+
+extern security_context_t
-+sepgsqlSecurityLabelTransOut(security_context_t label);
++sepgsqlRawSecLabelIn(security_context_t seclabel);
++
++extern security_context_t
++sepgsqlRawSecLabelOut(security_context_t seclabel);
+
+/*
+ * perms.c : SELinux permission related stuff
@@ -10333,10 +10832,6 @@ diff -rpNU3 base/src/include/security/se
+extern const char *
+sepgsqlGetPermissionString(security_class_t tclass, access_vector_t av);
+
-+extern bool
-+sepgsqlCheckObjectPerms(Relation rel, HeapTuple tuple,
-+ access_vector_t required, bool abort);
-+
+#else /* HAVE_SELINUX */
+
+/* avc.c */
@@ -10359,6 +10854,8 @@ diff -rpNU3 base/src/include/security/se
+/* hooks.c */
+#define sepgsqlCheckDatabaseAccess(a) (true)
+#define sepgsqlCheckDatabaseSuperuser() (true)
++#define sepgsqlCheckDatabaseInstallModule() do {} while(0)
++#define sepgsqlCheckDatabaseLoadModule(a) do {} while(0)
+#define sepgsqlCheckSchemaSearch(a) (true)
+#define sepgsqlCheckTableLock(a) do {} while(0)
+#define sepgsqlCheckTableTruncate(a) do {} while(0)
@@ -10382,11 +10879,13 @@ diff -rpNU3 base/src/include/security/se
+#define sepgsqlAllowFunctionInlined(a) (true)
+/* label.c */
+#define sepgsqlTupleDescHasSecLabel(a) (false)
-+#define sepgsqlMetaSecurityLabel() (NULL)
-+#define sepgsqlInputGivenSecLabel(a) (InvalidOid)
-+#define sepgsqlInputGivenSecLabelRelation(a) (NIL)
-+#define sepgsqlSecurityLabelTransIn(a) (a)
-+#define sepgsqlSecurityLabelTransOut(a) (a)
++#define sepgsqlMetaSecurityLabel(a) (NULL)
++#define sepgsqlGivenSecLabelIn(a,b) (InvalidOid)
++#define sepgsqlParseCreateStmtSecLabelIn(a) (NIL)
++#define sepgsqlTransSecLabelIn(a) (a)
++#define sepgsqlTransSecLabelOut(a) (a)
++#define sepgsqlRawSecLabelIn(a) (a)
++#define sepgsqlRawSecLabelOut(a) (a)
+
+#endif /* HAVE_SELINUX */
+
sepostgresql-test-8.3.patch:
regress/expected/sanity_check.out | 3
sepgsql/Makefile | 62 ++++++
sepgsql/expected/basic.out | 114 ++++++++++++
sepgsql/expected/copy_stmt.out | 94 ++++++++++
sepgsql/expected/enhanced_ddl_stmt.out | 182 ++++++++++++++++++++
sepgsql/expected/join_query.out | 89 +++++++++
sepgsql/expected/large_object.out | 299 +++++++++++++++++++++++++++++++++
sepgsql/expected/row_level.out | 136 +++++++++++++++
sepgsql/expected/security_label.out | 129 ++++++++++++++
sepgsql/launch_psql.c | 91 ++++++++++
sepgsql/sql/basic.sql | 59 ++++++
sepgsql/sql/copy_stmt.sql | 58 ++++++
sepgsql/sql/enhanced_ddl_stmt.sql | 89 +++++++++
sepgsql/sql/join_query.sql | 50 +++++
sepgsql/sql/large_object.sql | 103 +++++++++++
sepgsql/sql/row_level.sql | 61 ++++++
sepgsql/sql/security_label.sql | 60 ++++++
17 files changed, 1678 insertions(+), 1 deletion(-)
Index: sepostgresql-test-8.3.patch
===================================================================
RCS file: /cvs/pkgs/rpms/sepostgresql/F-11/sepostgresql-test-8.3.patch,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -p -r1.2 -r1.3
--- sepostgresql-test-8.3.patch 9 Jun 2009 07:30:54 -0000 1.2
+++ sepostgresql-test-8.3.patch 10 Sep 2009 12:27:20 -0000 1.3
@@ -20,8 +20,8 @@ diff -rpNU3 base/src/test/regress/expect
-- another sanity check: every system catalog that has OIDs should have
diff -rpNU3 base/src/test/sepgsql/Makefile sepgsql-new/src/test/sepgsql/Makefile
--- base/src/test/sepgsql/Makefile 1970-01-01 09:00:00.000000000 +0900
-+++ sepgsql-new/src/test/sepgsql/Makefile 2009-03-03 18:21:14.000000000 +0900
-@@ -0,0 +1,65 @@
++++ sepgsql-new/src/test/sepgsql/Makefile 2009-06-10 21:37:54.000000000 +0900
+@@ -0,0 +1,62 @@
+# ----------------------------------------------------
+# Makefile for SE-PostgreSQL testcases
+# ----------------------------------------------------
@@ -46,7 +46,7 @@ diff -rpNU3 base/src/test/sepgsql/Makefi
+
+results.diff: $(TESTCASES:sql/%.sql=results/%.diff)
+ @for x in $^; do cat $$x >> $@; done
-+ @test -s $@ && echo "HINT: See $@ to confirm errors" || :
++ @test -s $@ && echo "HINT: See $(shell pwd)/$@ to confirm errors" || :
+
+results/%.diff: sql/%.sql
+ @./launch_psql $(PSQL) -a $(DBNAME) < $< >& $(@:%.diff=%.out)
@@ -73,9 +73,9 @@ diff -rpNU3 base/src/test/sepgsql/Makefi
+ @$(PSQL) -qt -c 'SHOW sepostgresql' -d $(DBNAME) 2>/dev/null | grep -q on || \
+ (echo "HINT: database \"$(DBNAME)\" is not available"; \
+ echo "HINT: SE-PostgreSQL may not be available on server"; exit 1)
-+ @$(GETSEBOOL) allow_user_postgresql_connect | grep -q on || \
++ @$(GETSEBOOL) allow_user_postgresql_connect | grep -q 'on$$' || \
+ (echo "HINT: check allow_user_postgresql_connect boolean"; exit 1)
-+ @$(GETSEBOOL) sepgsql_regression_test_mode | grep -q on || \
++ @$(GETSEBOOL) sepgsql_regression_test_mode | grep -q 'on$$' || \
+ (echo "HINT: check sepgsql_regression_test_mode boolean"; \
+ echo "HINT: check sepostgresql-devel.pp installed"; exit 1)
+ @$(RUNCON) -t sepgsql_test_t -l s0-s0:c0.c15 \
@@ -83,15 +83,14 @@ diff -rpNU3 base/src/test/sepgsql/Makefi
+ (echo "HINT: /sbin/restorecon -R <prefix> and restart"; \
+ echo "HINT: user shell should have 's0-s0:c0.c15' range, at least"; \
+ echo " semanage enables to set up it"; exit 1)
-+ @test -x /etc/init.d/mcstrans && /etc/init.d/mcstrans status >& /dev/null && \
-+ (echo "HINT: stop mcstrans daemon"; exit 1) || \
-+ (test $$? -eq 3 && exit 0 || exit 1)
+ @echo "PASS: check runtime environment"
diff -rpNU3 base/src/test/sepgsql/expected/basic.out sepgsql-new/src/test/sepgsql/expected/basic.out
--- base/src/test/sepgsql/expected/basic.out 1970-01-01 09:00:00.000000000 +0900
-+++ sepgsql-new/src/test/sepgsql/expected/basic.out 2009-03-15 17:38:39.000000000 +0900
-@@ -0,0 +1,108 @@
++++ sepgsql-new/src/test/sepgsql/expected/basic.out 2009-06-10 21:37:54.000000000 +0900
+@@ -0,0 +1,114 @@
+-- at SECURITY_CONTEXT=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c15
++SET sepostgresql_mcstrans TO off;
++SET
+SELECT sepgsql_getcon();
+ sepgsql_getcon
+-----------------------------------------------------
@@ -141,6 +140,8 @@ diff -rpNU3 base/src/test/sepgsql/expect
+) inherits(t2);
+CREATE TABLE
+-- at SECURITY_CONTEXT=unconfined_u:unconfined_r:sepgsql_test_t:s0-s0:c0
++SET sepostgresql_mcstrans TO off;
++SET
+SELECT sepgsql_getcon();
+ sepgsql_getcon
+---------------------------------------------------
@@ -148,7 +149,7 @@ diff -rpNU3 base/src/test/sepgsql/expect
+(1 row)
+
+SELECT * FROM t1; -- to be denied
-+ERROR: SELinux: denied { select } scontext=unconfined_u:unconfined_r:sepgsql_test_t:s0-s0:c0 tcontext=unconfined_u:object_r:sepgsql_secret_table_t:s0 tclass=db_column name=t1.c
++ERROR: SELinux: security policy violation
+SELECT a, b FROM t1;
+ a | b
+---+-----
@@ -157,13 +158,13 @@ diff -rpNU3 base/src/test/sepgsql/expect
+(2 rows)
+
+SELECT COUNT(*) FROM t1 WHERE c; -- to be denied
-+ERROR: SELinux: denied { select } scontext=unconfined_u:unconfined_r:sepgsql_test_t:s0-s0:c0 tcontext=unconfined_u:object_r:sepgsql_secret_table_t:s0 tclass=db_column name=t1.c
++ERROR: SELinux: security policy violation
+UPDATE t1 SET b = 'ccc'; -- to be denied
-+ERROR: SELinux: denied { update } scontext=unconfined_u:unconfined_r:sepgsql_test_t:s0-s0:c0 tcontext=unconfined_u:object_r:sepgsql_ro_table_t:s0 tclass=db_column name=t1.b
++ERROR: SELinux: security policy violation
+UPDATE t1 SET a = a + 2;
+UPDATE 2
+INSERT INTO t1 VALUES (5, 'eee', true); -- to be denied
-+ERROR: SELinux: denied { insert } scontext=unconfined_u:unconfined_r:sepgsql_test_t:s0-s0:c0 tcontext=unconfined_u:object_r:sepgsql_ro_table_t:s0 tclass=db_column name=t1.b
++ERROR: SELinux: security policy violation
+INSERT INTO t1 VALUES (5);
+INSERT 0 1
+SELECT * FROM t2;
@@ -177,13 +178,15 @@ diff -rpNU3 base/src/test/sepgsql/expect
+(0 rows)
+
+SELECT t3 FROM t3; -- to be denied
-+ERROR: SELinux: denied { select } scontext=unconfined_u:unconfined_r:sepgsql_test_t:s0-s0:c0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0:c1 tclass=db_column name=t3.x
++ERROR: SELinux: security policy violation
+SELECT 1 FROM t3;
+ ?column?
+----------
+(0 rows)
+
+-- at SECURITY_CONTEXT=unconfined_u:unconfined_r:sepgsql_test_t:s0-s0:c1
++SET sepostgresql_mcstrans TO off;
++SET
+SELECT sepgsql_getcon();
+ sepgsql_getcon
+---------------------------------------------------
@@ -191,9 +194,9 @@ diff -rpNU3 base/src/test/sepgsql/expect
+(1 row)
+
+SELECT * FROM t2; -- to be denied
-+ERROR: SELinux: denied { select } scontext=unconfined_u:unconfined_r:sepgsql_test_t:s0-s0:c1 tcontext=unconfined_u:object_r:sepgsql_table_t:s0:c0 tclass=db_table name=t2
++ERROR: SELinux: security policy violation
+SELECT t2 FROM t2; -- to be denied
-+ERROR: SELinux: denied { select } scontext=unconfined_u:unconfined_r:sepgsql_test_t:s0-s0:c1 tcontext=unconfined_u:object_r:sepgsql_table_t:s0:c0 tclass=db_table name=t2
++ERROR: SELinux: security policy violation
+SELECT t3 FROM t3;
+ t3
+----
@@ -201,9 +204,11 @@ diff -rpNU3 base/src/test/sepgsql/expect
+
diff -rpNU3 base/src/test/sepgsql/expected/copy_stmt.out sepgsql-new/src/test/sepgsql/expected/copy_stmt.out
--- base/src/test/sepgsql/expected/copy_stmt.out 1970-01-01 09:00:00.000000000 +0900
-+++ sepgsql-new/src/test/sepgsql/expected/copy_stmt.out 2009-03-02 00:24:34.000000000 +0900
-@@ -0,0 +1,90 @@
++++ sepgsql-new/src/test/sepgsql/expected/copy_stmt.out 2009-06-10 21:37:54.000000000 +0900
+@@ -0,0 +1,94 @@
+-- at SECURITY_CONTEXT=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c15
++SET sepostgresql_mcstrans TO off;
++SET
+SELECT sepgsql_getcon();
+ sepgsql_getcon
+-----------------------------------------------------
@@ -256,6 +261,8 @@ diff -rpNU3 base/src/test/sepgsql/expect
+INSERT INTO t2 VALUES (1, 'sss'), (2, 'ttt');
+INSERT 0 2
+-- at SECURITY_CONTEXT=unconfined_u:unconfined_r:sepgsql_test_t:s0-s0:c0
++SET sepostgresql_mcstrans TO off;
++SET
+SELECT sepgsql_getcon();
+ sepgsql_getcon
+---------------------------------------------------
@@ -269,11 +276,11 @@ diff -rpNU3 base/src/test/sepgsql/expect
+COPY t1 TO '/tmp/sepgsql_test_copy_1';
+COPY 4
+COPY t1 TO '/tmp/sepgsql_test_copy_2'; -- to be denied
-+ERROR: SELinux: denied { write } scontext=unconfined_u:unconfined_r:sepgsql_test_t:s0-s0:c0 tcontext=unconfined_u:object_r:postgresql_db_t:s0 tclass=file name=/tmp/sepgsql_test_copy_2
++ERROR: SELinux: security policy violation
+COPY t2 TO stdout; -- to be denied
-+ERROR: SELinux: denied { select } scontext=unconfined_u:unconfined_r:sepgsql_test_t:s0-s0:c0 tcontext=unconfined_u:object_r:sepgsql_secret_table_t:s0 tclass=db_column name=t2.y
++ERROR: SELinux: security policy violation
+COPY t2 FROM stdin; -- to be denied
-+ERROR: SELinux: denied { insert } scontext=unconfined_u:unconfined_r:sepgsql_test_t:s0-s0:c0 tcontext=unconfined_u:object_r:sepgsql_secret_table_t:s0 tclass=db_column name=t2.y
++ERROR: SELinux: security policy violation
+COPY t2 (x) TO stdout;
+1
+2
@@ -281,7 +288,7 @@ diff -rpNU3 base/src/test/sepgsql/expect
+2
+COPY t3 TO stdout;
+COPY t3 FROM '/tmp/sepgsql_test_copy_1'; -- to be denied
-+ERROR: SELinux: denied { insert } scontext=unconfined_u:unconfined_r:sepgsql_test_t:s0-s0:c0 tcontext=unconfined_u:object_r:sepgsql_ro_table_t:s0 tclass=db_table name=t3
++ERROR: SELinux: security policy violation
+COPY t1 FROM '/tmp/sepgsql_test_copy_1';
+COPY 4
+COPY t1 TO stdout;
@@ -295,9 +302,11 @@ diff -rpNU3 base/src/test/sepgsql/expect
+4 ddd
diff -rpNU3 base/src/test/sepgsql/expected/enhanced_ddl_stmt.out sepgsql-new/src/test/sepgsql/expected/enhanced_ddl_stmt.out
--- base/src/test/sepgsql/expected/enhanced_ddl_stmt.out 1970-01-01 09:00:00.000000000 +0900
-+++ sepgsql-new/src/test/sepgsql/expected/enhanced_ddl_stmt.out 2009-03-15 17:38:39.000000000 +0900
-@@ -0,0 +1,180 @@
++++ sepgsql-new/src/test/sepgsql/expected/enhanced_ddl_stmt.out 2009-06-19 15:02:12.000000000 +0900
+@@ -0,0 +1,182 @@
+-- at SECURITY_CONTEXT=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c15
++SET sepostgresql_mcstrans TO off;
++SET
+SELECT sepgsql_getcon();
+ sepgsql_getcon
+-----------------------------------------------------
@@ -384,12 +393,12 @@ diff -rpNU3 base/src/test/sepgsql/expect
+ a int,
+ b text
+) SECURITY_CONTEXT = 'unconfined_u:object_r:invalid_label_t:s0'; -- to be failed
-+ERROR: invalid security label: unconfined_u:object_r:invalid_label_t:s0
++ERROR: Invalid security context: "unconfined_u:object_r:invalid_label_t:s0"
+CREATE TABLE t4 (
+ a int,
+ b text
+) SECURITY_CONTEXT = 'unconfined_u:object_r:sepgsql_proc_t:s0'; -- to be denied
-+ERROR: SELinux: denied { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c15 tcontext=unconfined_u:object_r:sepgsql_proc_t:s0 tclass=db_table name=t4
++ERROR: SELinux: security policy violation
+-- ALTER TABLE with SECURITY_CONTEXT clause
+ALTER TABLE t2 SECURITY_CONTEXT = 'unconfined_u:object_r:sepgsql_secret_table_t:s0';
+ALTER TABLE
@@ -442,20 +451,20 @@ diff -rpNU3 base/src/test/sepgsql/expect
+ LANGUAGE 'sql'
+ SECURITY_CONTEXT = 'unconfined_u:object_r:invalid_label_t:s0'
+ AS 'SELECT $1 + $1'; -- to be failed
-+ERROR: invalid security label: unconfined_u:object_r:invalid_label_t:s0
++ERROR: Invalid security context: "unconfined_u:object_r:invalid_label_t:s0"
+CREATE FUNCTION f2 (int) RETURNS int
+ LANGUAGE 'sql'
+ SECURITY_CONTEXT = 'unconfined_u:object_r:sepgsql_proc_t:s0:c16'
+ AS 'SELECT $1 + $1'; -- to be denied
-+ERROR: SELinux: denied { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c15 tcontext=unconfined_u:object_r:sepgsql_proc_t:s0:c16 tclass=db_procedure name=f2
++ERROR: SELinux: security policy violation
+CREATE FUNCTION f2 (int) RETURNS int
+ LANGUAGE 'sql'
+ AS 'SELECT $1 + $1';
+CREATE FUNCTION
+SELECT proname, security_context FROM pg_proc WHERE oid = 'f2'::regproc;
-+ proname | security_context
-+---------+-----------------------------------------
-+ f2 | unconfined_u:object_r:sepgsql_proc_t:s0
++ proname | security_context
++---------+----------------------------------------------
++ f2 | unconfined_u:object_r:sepgsql_proc_exec_t:s0
+(1 row)
+
+-- ALTER FUNCTION with SECURITY_CONTEXT clause
@@ -470,18 +479,20 @@ diff -rpNU3 base/src/test/sepgsql/expect
+
+ALTER FUNCTION f2(int)
+ SECURITY_CONTEXT = 'unconfined_u:object_r:sepgsql_proc_t:s0:c16'; -- to be denied
-+ERROR: SELinux: denied { relabelto } scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c15 tcontext=unconfined_u:object_r:sepgsql_proc_t:s0:c16 tclass=db_procedure name=f2
++ERROR: SELinux: security policy violation
+SELECT proname, security_context FROM pg_proc WHERE oid = 'f2'::regproc;
-+ proname | security_context
-+---------+-----------------------------------------
-+ f2 | unconfined_u:object_r:sepgsql_proc_t:s0
++ proname | security_context
++---------+----------------------------------------------
++ f2 | unconfined_u:object_r:sepgsql_proc_exec_t:s0
+(1 row)
+
diff -rpNU3 base/src/test/sepgsql/expected/join_query.out sepgsql-new/src/test/sepgsql/expected/join_query.out
--- base/src/test/sepgsql/expected/join_query.out 1970-01-01 09:00:00.000000000 +0900
-+++ sepgsql-new/src/test/sepgsql/expected/join_query.out 2009-03-15 17:38:39.000000000 +0900
-@@ -0,0 +1,85 @@
++++ sepgsql-new/src/test/sepgsql/expected/join_query.out 2009-06-10 21:37:54.000000000 +0900
+@@ -0,0 +1,89 @@
+-- at SECURITY_CONTEXT=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c15
++SET sepostgresql_mcstrans TO off;
++SET
+SELECT sepgsql_getcon();
+ sepgsql_getcon
+-----------------------------------------------------
@@ -538,6 +549,8 @@ diff -rpNU3 base/src/test/sepgsql/expect
+INSERT INTO t2 VALUES (1, 'sss'), (5, 'ttt');
+INSERT 0 2
+-- at SECURITY_CONTEXT=unconfined_u:unconfined_r:sepgsql_test_t:s0-s0:c0
++SET sepostgresql_mcstrans TO off;
++SET
+SELECT sepgsql_getcon();
+ sepgsql_getcon
+---------------------------------------------------
@@ -545,7 +558,7 @@ diff -rpNU3 base/src/test/sepgsql/expect
+(1 row)
+
+SELECT * FROM t1 JOIN t2 ON a = x; -- to be denied
-+ERROR: SELinux: denied { select } scontext=unconfined_u:unconfined_r:sepgsql_test_t:s0-s0:c0 tcontext=unconfined_u:object_r:sepgsql_secret_table_t:s0 tclass=db_column name=t1.c
++ERROR: SELinux: security policy violation
+SELECT a, b, y FROM t1 JOIN t2 ON a = x;
+ a | b | y
+---+-----+-----
@@ -557,7 +570,7 @@ diff -rpNU3 base/src/test/sepgsql/expect
+(5 rows)
+
+SELECT a, b, y FROM t1 JOIN t2 ON c = x; -- to be denied
-+ERROR: SELinux: denied { select } scontext=unconfined_u:unconfined_r:sepgsql_test_t:s0-s0:c0 tcontext=unconfined_u:object_r:sepgsql_secret_table_t:s0 tclass=db_column name=t1.c
++ERROR: SELinux: security policy violation
+SELECT COUNT(*) FROM t1 JOIN t2 ON a = x;
+ count
+-------
@@ -565,12 +578,14 @@ diff -rpNU3 base/src/test/sepgsql/expect
+(1 row)
+
+SELECT j FROM (t1 JOIN t2 ON a = x) AS j; -- to be denied
-+ERROR: SELinux: denied { select } scontext=unconfined_u:unconfined_r:sepgsql_test_t:s0-s0:c0 tcontext=unconfined_u:object_r:sepgsql_secret_table_t:s0 tclass=db_column name=t1.c
++ERROR: SELinux: security policy violation
diff -rpNU3 base/src/test/sepgsql/expected/large_object.out sepgsql-new/src/test/sepgsql/expected/large_object.out
--- base/src/test/sepgsql/expected/large_object.out 1970-01-01 09:00:00.000000000 +0900
-+++ sepgsql-new/src/test/sepgsql/expected/large_object.out 2009-03-03 14:31:40.000000000 +0900
-@@ -0,0 +1,293 @@
++++ sepgsql-new/src/test/sepgsql/expected/large_object.out 2009-06-10 21:37:54.000000000 +0900
+@@ -0,0 +1,299 @@
+-- at SECURITY_CONTEXT=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c15
++SET sepostgresql_mcstrans TO off;
++SET
+SELECT sepgsql_getcon();
+ sepgsql_getcon
+-----------------------------------------------------
@@ -623,6 +638,8 @@ diff -rpNU3 base/src/test/sepgsql/expect
+(1 row)
+
+-- at SECURITY_CONTEXT=unconfined_u:unconfined_r:sepgsql_test_t:s0:c0
++SET sepostgresql_mcstrans TO off;
++SET
+SELECT sepgsql_getcon();
+ sepgsql_getcon
+------------------------------------------------
@@ -805,6 +822,8 @@ diff -rpNU3 base/src/test/sepgsql/expect
+COMMIT;
+COMMIT
+-- at SECURITY_CONTEXT=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c15
++SET sepostgresql_mcstrans TO off;
++SET
+SELECT sepgsql_getcon();
+ sepgsql_getcon
+-----------------------------------------------------
@@ -832,23 +851,23 @@ diff -rpNU3 base/src/test/sepgsql/expect
+(2 rows)
+
+SELECT lo_get_security(loid) FROM lolabel;
-+ lo_get_security
-+---------------------------------------------------------
++ lo_get_security
++-------------------------------------------------
+ system_u:object_r:sepgsql_blob_t:s0:c4
+ system_u:object_r:sepgsql_blob_t:s0:c4
+ system_u:object_r:sepgsql_secret_blob_t:s0
-+ unconfined_u:object_r:sepgsql_test_sepgsql_blob_t:s0:c0
++ unconfined_u:object_r:user_sepgsql_blob_t:s0:c0
+(4 rows)
+
+SELECT security_context, lo_label(loid) AS label, count(*)
+ FROM pg_largeobject WHERE loid in (SELECT loid FROM lolabel)
+ GROUP BY security_context, loid ORDER BY label;
-+ security_context | label | count
-+---------------------------------------------------------+----------+-------
-+ unconfined_u:object_r:sepgsql_test_sepgsql_blob_t:s0:c0 | local | 1
-+ system_u:object_r:sepgsql_blob_t:s0:c4 | normal | 10
-+ system_u:object_r:sepgsql_blob_t:s0:c4 | readonly | 10
-+ system_u:object_r:sepgsql_secret_blob_t:s0 | secret | 10
++ security_context | label | count
++-------------------------------------------------+----------+-------
++ unconfined_u:object_r:user_sepgsql_blob_t:s0:c0 | local | 1
++ system_u:object_r:sepgsql_blob_t:s0:c4 | normal | 10
++ system_u:object_r:sepgsql_blob_t:s0:c4 | readonly | 10
++ system_u:object_r:sepgsql_secret_blob_t:s0 | secret | 10
+(4 rows)
+
+ROLLBACK;
@@ -865,9 +884,11 @@ diff -rpNU3 base/src/test/sepgsql/expect
+
diff -rpNU3 base/src/test/sepgsql/expected/row_level.out sepgsql-new/src/test/sepgsql/expected/row_level.out
--- base/src/test/sepgsql/expected/row_level.out 1970-01-01 09:00:00.000000000 +0900
-+++ sepgsql-new/src/test/sepgsql/expected/row_level.out 2009-03-02 00:24:34.000000000 +0900
-@@ -0,0 +1,131 @@
++++ sepgsql-new/src/test/sepgsql/expected/row_level.out 2009-06-10 21:37:54.000000000 +0900
+@@ -0,0 +1,136 @@
+-- at SECURITY_CONTEXT=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c15
++SET sepostgresql_mcstrans TO off;
++SET
+SELECT sepgsql_getcon();
+ sepgsql_getcon
+-----------------------------------------------------
@@ -936,6 +957,8 @@ diff -rpNU3 base/src/test/sepgsql/expect
+(3 rows)
+
+-- at SECURITY_CONTEXT=unconfined_u:unconfined_r:sepgsql_test_t:s0:c0
++SET sepostgresql_mcstrans TO off;
++SET
+SELECT sepgsql_getcon();
+ sepgsql_getcon
+------------------------------------------------
@@ -996,13 +1019,16 @@ diff -rpNU3 base/src/test/sepgsql/expect
+CONTEXT: SQL statement "SELECT 1 FROM ONLY "public"."t2" x WHERE $1 OPERATOR(pg_catalog.=) "x" FOR SHARE OF x"
+DELETE FROM t1 WHERE a not in (SELECT x FROM t2); -- to be failed
+ERROR: SELinux: security policy violation
++CONTEXT: SQL statement "SELECT 1 FROM ONLY "public"."t2" x WHERE $1 OPERATOR(pg_catalog.=) "x" FOR SHARE OF x"
+DELETE FROM t1 WHERE a = 7;
+DELETE 1
diff -rpNU3 base/src/test/sepgsql/expected/security_label.out sepgsql-new/src/test/sepgsql/expected/security_label.out
--- base/src/test/sepgsql/expected/security_label.out 1970-01-01 09:00:00.000000000 +0900
-+++ sepgsql-new/src/test/sepgsql/expected/security_label.out 2009-03-02 00:24:34.000000000 +0900
-@@ -0,0 +1,127 @@
++++ sepgsql-new/src/test/sepgsql/expected/security_label.out 2009-06-10 21:37:54.000000000 +0900
+@@ -0,0 +1,129 @@
+-- at SECURITY_CONTEXT=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c15
++SET sepostgresql_mcstrans TO off;
++SET
+SELECT sepgsql_getcon();
+ sepgsql_getcon
+-----------------------------------------------------
@@ -1051,7 +1077,7 @@ diff -rpNU3 base/src/test/sepgsql/expect
+INSERT INTO t1 VALUES (4, 'ddd'), (5, 'eee');
+INSERT 0 2
+INSERT INTO t1 (security_context, a, b) VALUES ('invalid security context', 6, 'fff'); -- to be failed
-+ERROR: invalid security label: invalid security context
++ERROR: Invalid security context: "invalid security context"
+INSERT INTO t1 (security_context, a, b) VALUES ('system_u:object_r:sepgsql_table_t:s0:c20', 6, 'fff'); -- to be denied
+INSERT 0 0
+SELECT security_context, * FROM t1;
@@ -1131,8 +1157,8 @@ diff -rpNU3 base/src/test/sepgsql/expect
+system_u:object_r:sepgsql_table_t:s0:c4 13 nnn
diff -rpNU3 base/src/test/sepgsql/launch_psql.c sepgsql-new/src/test/sepgsql/launch_psql.c
--- base/src/test/sepgsql/launch_psql.c 1970-01-01 09:00:00.000000000 +0900
-+++ sepgsql-new/src/test/sepgsql/launch_psql.c 2009-03-02 00:24:34.000000000 +0900
-@@ -0,0 +1,87 @@
++++ sepgsql-new/src/test/sepgsql/launch_psql.c 2009-06-10 21:37:54.000000000 +0900
+@@ -0,0 +1,91 @@
+/*
+ * launch_psql.c
+ *
@@ -1189,6 +1215,10 @@ diff -rpNU3 base/src/test/sepgsql/launch
+ pclose(filp);
+ filp = NULL;
+ }
++ /* Inject SET sepostgresql_mcstrans TO off */
++ ofs = strlen(buffer);
++ snprintf(buffer + ofs, sizeof(buffer) - ofs,
++ "\nSET sepostgresql_mcstrans TO off;\n");
+
+ /* Inject a pseudo sepgsql_getcon() to confirm new context */
+ ofs = strlen(buffer);
sepostgresql-utils-8.3.patch:
initdb/initdb.c | 13 +++++
pg_dump/pg_dump.c | 121 +++++++++++++++++++++++++++++++++++++++++++--------
pg_dump/pg_dump.h | 2
pg_dump/pg_dumpall.c | 60 ++++++++++++++++++++-----
4 files changed, 168 insertions(+), 28 deletions(-)
Index: sepostgresql-utils-8.3.patch
===================================================================
RCS file: /cvs/pkgs/rpms/sepostgresql/F-11/sepostgresql-utils-8.3.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- sepostgresql-utils-8.3.patch 27 Mar 2009 03:54:13 -0000 1.1
+++ sepostgresql-utils-8.3.patch 10 Sep 2009 12:27:20 -0000 1.2
@@ -1,6 +1,6 @@
diff -rpNU3 base/src/bin/initdb/initdb.c sepgsql-new/src/bin/initdb/initdb.c
---- base/src/bin/initdb/initdb.c 2008-11-05 09:57:00.000000000 +0900
-+++ sepgsql-new/src/bin/initdb/initdb.c 2009-03-13 18:14:33.000000000 +0900
+--- base/src/bin/initdb/initdb.c 2009-09-10 20:11:35.000000000 +0900
++++ sepgsql-new/src/bin/initdb/initdb.c 2009-09-10 20:24:37.000000000 +0900
@@ -94,6 +94,7 @@ static bool debug = false;
static bool noclean = false;
static bool show_setting = false;
@@ -9,7 +9,7 @@ diff -rpNU3 base/src/bin/initdb/initdb.c
/* internal vars */
-@@ -1212,6 +1213,13 @@ setup_config(void)
+@@ -1224,6 +1225,13 @@ setup_config(void)
"#default_text_search_config = 'pg_catalog.simple'",
repltok);
@@ -23,7 +23,7 @@ diff -rpNU3 base/src/bin/initdb/initdb.c
snprintf(path, sizeof(path), "%s/postgresql.conf", pg_data);
writefile(path, conflines);
-@@ -2383,6 +2391,7 @@ usage(const char *progname)
+@@ -2395,6 +2403,7 @@ usage(const char *progname)
printf(_(" -U, --username=NAME database superuser name\n"));
printf(_(" -W, --pwprompt prompt for a password for the new superuser\n"));
printf(_(" --pwfile=FILE read password for the new superuser from file\n"));
@@ -31,7 +31,7 @@ diff -rpNU3 base/src/bin/initdb/initdb.c
printf(_(" -?, --help show this help, then exit\n"));
printf(_(" -V, --version output version information, then exit\n"));
printf(_("\nLess commonly used options:\n"));
-@@ -2417,6 +2426,7 @@ main(int argc, char *argv[])
+@@ -2429,6 +2438,7 @@ main(int argc, char *argv[])
{"auth", required_argument, NULL, 'A'},
{"pwprompt", no_argument, NULL, 'W'},
{"pwfile", required_argument, NULL, 9},
@@ -39,7 +39,7 @@ diff -rpNU3 base/src/bin/initdb/initdb.c
{"username", required_argument, NULL, 'U'},
{"help", no_argument, NULL, '?'},
{"version", no_argument, NULL, 'V'},
-@@ -2531,6 +2541,9 @@ main(int argc, char *argv[])
+@@ -2543,6 +2553,9 @@ main(int argc, char *argv[])
case 9:
pwfilename = xstrdup(optarg);
break;
@@ -50,8 +50,8 @@ diff -rpNU3 base/src/bin/initdb/initdb.c
show_setting = true;
break;
diff -rpNU3 base/src/bin/pg_dump/pg_dump.c sepgsql-new/src/bin/pg_dump/pg_dump.c
---- base/src/bin/pg_dump/pg_dump.c 2009-02-02 11:47:17.000000000 +0900
-+++ sepgsql-new/src/bin/pg_dump/pg_dump.c 2009-03-13 18:14:33.000000000 +0900
+--- base/src/bin/pg_dump/pg_dump.c 2009-09-10 20:11:35.000000000 +0900
++++ sepgsql-new/src/bin/pg_dump/pg_dump.c 2009-09-10 20:24:37.000000000 +0900
@@ -118,6 +118,8 @@ static int g_numNamespaces;
/* flag to turn on/off dollar quoting */
static int disable_dollar_quoting = 0;
@@ -121,7 +121,7 @@ diff -rpNU3 base/src/bin/pg_dump/pg_dump
fmtQualifiedId(tbinfo->dobj.namespace->dobj.name,
classname));
}
-@@ -1785,11 +1810,29 @@ dumpBlobComments(Archive *AH, void *arg)
+@@ -1791,11 +1816,29 @@ dumpBlobComments(Archive *AH, void *arg)
Oid blobOid;
char *comment;
@@ -152,7 +152,7 @@ diff -rpNU3 base/src/bin/pg_dump/pg_dump
comment = PQgetvalue(res, i, 1);
printfPQExpBuffer(commentcmd, "COMMENT ON LARGE OBJECT %u IS ",
-@@ -2887,6 +2930,7 @@ getTables(int *numTables)
+@@ -2893,6 +2936,7 @@ getTables(int *numTables)
int i_owning_col;
int i_reltablespace;
int i_reloptions;
@@ -160,7 +160,7 @@ diff -rpNU3 base/src/bin/pg_dump/pg_dump
/* Make sure we are in proper schema */
selectSourceSchema("pg_catalog");
-@@ -2926,7 +2970,8 @@ getTables(int *numTables)
+@@ -2932,7 +2976,8 @@ getTables(int *numTables)
"d.refobjid as owning_tab, "
"d.refobjsubid as owning_col, "
"(SELECT spcname FROM pg_tablespace t WHERE t.oid = c.reltablespace) AS reltablespace, "
@@ -170,7 +170,7 @@ diff -rpNU3 base/src/bin/pg_dump/pg_dump
"from pg_class c "
"left join pg_depend d on "
"(c.relkind = '%c' and "
-@@ -2936,6 +2981,7 @@ getTables(int *numTables)
+@@ -2942,6 +2987,7 @@ getTables(int *numTables)
"where relkind in ('%c', '%c', '%c', '%c') "
"order by c.oid",
username_subquery,
@@ -178,7 +178,7 @@ diff -rpNU3 base/src/bin/pg_dump/pg_dump
RELKIND_SEQUENCE,
RELKIND_RELATION, RELKIND_SEQUENCE,
RELKIND_VIEW, RELKIND_COMPOSITE_TYPE);
-@@ -2955,7 +3001,8 @@ getTables(int *numTables)
+@@ -2961,7 +3007,8 @@ getTables(int *numTables)
"d.refobjid as owning_tab, "
"d.refobjsubid as owning_col, "
"(SELECT spcname FROM pg_tablespace t WHERE t.oid = c.reltablespace) AS reltablespace, "
@@ -188,7 +188,7 @@ diff -rpNU3 base/src/bin/pg_dump/pg_dump
"from pg_class c "
"left join pg_depend d on "
"(c.relkind = '%c' and "
-@@ -2984,7 +3031,8 @@ getTables(int *numTables)
+@@ -2990,7 +3037,8 @@ getTables(int *numTables)
"d.refobjid as owning_tab, "
"d.refobjsubid as owning_col, "
"NULL as reltablespace, "
@@ -198,7 +198,7 @@ diff -rpNU3 base/src/bin/pg_dump/pg_dump
"from pg_class c "
"left join pg_depend d on "
"(c.relkind = '%c' and "
-@@ -3009,7 +3057,8 @@ getTables(int *numTables)
+@@ -3015,7 +3063,8 @@ getTables(int *numTables)
"NULL::oid as owning_tab, "
"NULL::int4 as owning_col, "
"NULL as reltablespace, "
@@ -208,7 +208,7 @@ diff -rpNU3 base/src/bin/pg_dump/pg_dump
"from pg_class "
"where relkind in ('%c', '%c', '%c') "
"order by oid",
-@@ -3029,7 +3078,8 @@ getTables(int *numTables)
+@@ -3035,7 +3084,8 @@ getTables(int *numTables)
"NULL::oid as owning_tab, "
"NULL::int4 as owning_col, "
"NULL as reltablespace, "
@@ -218,7 +218,7 @@ diff -rpNU3 base/src/bin/pg_dump/pg_dump
"from pg_class "
"where relkind in ('%c', '%c', '%c') "
"order by oid",
-@@ -3059,7 +3109,8 @@ getTables(int *numTables)
+@@ -3065,7 +3115,8 @@ getTables(int *numTables)
"NULL::oid as owning_tab, "
"NULL::int4 as owning_col, "
"NULL as reltablespace, "
@@ -228,7 +228,7 @@ diff -rpNU3 base/src/bin/pg_dump/pg_dump
"from pg_class c "
"where relkind in ('%c', '%c') "
"order by oid",
-@@ -3102,6 +3153,7 @@ getTables(int *numTables)
+@@ -3108,6 +3159,7 @@ getTables(int *numTables)
i_owning_col = PQfnumber(res, "owning_col");
i_reltablespace = PQfnumber(res, "reltablespace");
i_reloptions = PQfnumber(res, "reloptions");
@@ -236,7 +236,7 @@ diff -rpNU3 base/src/bin/pg_dump/pg_dump
for (i = 0; i < ntups; i++)
{
-@@ -3132,6 +3184,7 @@ getTables(int *numTables)
+@@ -3138,6 +3190,7 @@ getTables(int *numTables)
}
tblinfo[i].reltablespace = strdup(PQgetvalue(res, i, i_reltablespace));
tblinfo[i].reloptions = strdup(PQgetvalue(res, i, i_reloptions));
@@ -244,7 +244,7 @@ diff -rpNU3 base/src/bin/pg_dump/pg_dump
/* other fields were zeroed above */
-@@ -4320,6 +4373,7 @@ getTableAttrs(TableInfo *tblinfo, int nu
+@@ -4326,6 +4379,7 @@ getTableAttrs(TableInfo *tblinfo, int nu
int i_atthasdef;
int i_attisdropped;
int i_attislocal;
@@ -252,7 +252,7 @@ diff -rpNU3 base/src/bin/pg_dump/pg_dump
PGresult *res;
int ntups;
bool hasdefaults;
-@@ -4362,12 +4416,14 @@ getTableAttrs(TableInfo *tblinfo, int nu
+@@ -4368,12 +4422,14 @@ getTableAttrs(TableInfo *tblinfo, int nu
/* need left join here to not fail on dropped columns ... */
appendPQExpBuffer(q, "SELECT a.attnum, a.attname, a.atttypmod, a.attstattarget, a.attstorage, t.typstorage, "
"a.attnotnull, a.atthasdef, a.attisdropped, a.attislocal, "
@@ -268,7 +268,7 @@ diff -rpNU3 base/src/bin/pg_dump/pg_dump
tbinfo->dobj.catId.oid);
}
else if (g_fout->remoteVersion >= 70100)
-@@ -4379,7 +4435,8 @@ getTableAttrs(TableInfo *tblinfo, int nu
+@@ -4385,7 +4441,8 @@ getTableAttrs(TableInfo *tblinfo, int nu
*/
appendPQExpBuffer(q, "SELECT a.attnum, a.attname, a.atttypmod, -1 as attstattarget, a.attstorage, t.typstorage, "
"a.attnotnull, a.atthasdef, false as attisdropped, false as attislocal, "
@@ -278,7 +278,7 @@ diff -rpNU3 base/src/bin/pg_dump/pg_dump
"from pg_attribute a left join pg_type t "
"on a.atttypid = t.oid "
"where a.attrelid = '%u'::oid "
-@@ -4392,7 +4449,8 @@ getTableAttrs(TableInfo *tblinfo, int nu
+@@ -4398,7 +4455,8 @@ getTableAttrs(TableInfo *tblinfo, int nu
/* format_type not available before 7.1 */
appendPQExpBuffer(q, "SELECT attnum, attname, atttypmod, -1 as attstattarget, attstorage, attstorage as typstorage, "
"attnotnull, atthasdef, false as attisdropped, false as attislocal, "
@@ -288,7 +288,7 @@ diff -rpNU3 base/src/bin/pg_dump/pg_dump
"from pg_attribute a "
"where attrelid = '%u'::oid "
"and attnum > 0::int2 "
-@@ -4416,6 +4474,7 @@ getTableAttrs(TableInfo *tblinfo, int nu
+@@ -4422,6 +4480,7 @@ getTableAttrs(TableInfo *tblinfo, int nu
i_atthasdef = PQfnumber(res, "atthasdef");
i_attisdropped = PQfnumber(res, "attisdropped");
i_attislocal = PQfnumber(res, "attislocal");
@@ -296,7 +296,7 @@ diff -rpNU3 base/src/bin/pg_dump/pg_dump
tbinfo->numatts = ntups;
tbinfo->attnames = (char **) malloc(ntups * sizeof(char *));
-@@ -4426,6 +4485,7 @@ getTableAttrs(TableInfo *tblinfo, int nu
+@@ -4432,6 +4491,7 @@ getTableAttrs(TableInfo *tblinfo, int nu
tbinfo->typstorage = (char *) malloc(ntups * sizeof(char));
tbinfo->attisdropped = (bool *) malloc(ntups * sizeof(bool));
tbinfo->attislocal = (bool *) malloc(ntups * sizeof(bool));
@@ -304,7 +304,7 @@ diff -rpNU3 base/src/bin/pg_dump/pg_dump
tbinfo->notnull = (bool *) malloc(ntups * sizeof(bool));
tbinfo->attrdefs = (AttrDefInfo **) malloc(ntups * sizeof(AttrDefInfo *));
tbinfo->inhAttrs = (bool *) malloc(ntups * sizeof(bool));
-@@ -4449,6 +4509,7 @@ getTableAttrs(TableInfo *tblinfo, int nu
+@@ -4455,6 +4515,7 @@ getTableAttrs(TableInfo *tblinfo, int nu
tbinfo->typstorage[j] = *(PQgetvalue(res, j, i_typstorage));
tbinfo->attisdropped[j] = (PQgetvalue(res, j, i_attisdropped)[0] == 't');
tbinfo->attislocal[j] = (PQgetvalue(res, j, i_attislocal)[0] == 't');
@@ -312,7 +312,7 @@ diff -rpNU3 base/src/bin/pg_dump/pg_dump
tbinfo->notnull[j] = (PQgetvalue(res, j, i_attnotnull)[0] == 't');
tbinfo->attrdefs[j] = NULL; /* fix below */
if (PQgetvalue(res, j, i_atthasdef)[0] == 't')
-@@ -6430,6 +6491,7 @@ dumpFunc(Archive *fout, FuncInfo *finfo)
+@@ -6436,6 +6497,7 @@ dumpFunc(Archive *fout, FuncInfo *finfo)
char *procost;
char *prorows;
char *lanname;
@@ -320,7 +320,7 @@ diff -rpNU3 base/src/bin/pg_dump/pg_dump
char *rettypename;
int nallargs;
char **allargtypes = NULL;
-@@ -6459,9 +6521,11 @@ dumpFunc(Archive *fout, FuncInfo *finfo)
+@@ -6465,9 +6527,11 @@ dumpFunc(Archive *fout, FuncInfo *finfo)
"proallargtypes, proargmodes, proargnames, "
"provolatile, proisstrict, prosecdef, "
"proconfig, procost, prorows, "
@@ -333,7 +333,7 @@ diff -rpNU3 base/src/bin/pg_dump/pg_dump
finfo->dobj.catId.oid);
}
else if (g_fout->remoteVersion >= 80100)
-@@ -6471,7 +6535,8 @@ dumpFunc(Archive *fout, FuncInfo *finfo)
+@@ -6477,7 +6541,8 @@ dumpFunc(Archive *fout, FuncInfo *finfo)
"proallargtypes, proargmodes, proargnames, "
"provolatile, proisstrict, prosecdef, "
"null as proconfig, 0 as procost, 0 as prorows, "
@@ -343,7 +343,7 @@ diff -rpNU3 base/src/bin/pg_dump/pg_dump
"FROM pg_catalog.pg_proc "
"WHERE oid = '%u'::pg_catalog.oid",
finfo->dobj.catId.oid);
-@@ -6485,7 +6550,8 @@ dumpFunc(Archive *fout, FuncInfo *finfo)
+@@ -6491,7 +6556,8 @@ dumpFunc(Archive *fout, FuncInfo *finfo)
"proargnames, "
"provolatile, proisstrict, prosecdef, "
"null as proconfig, 0 as procost, 0 as prorows, "
@@ -353,7 +353,7 @@ diff -rpNU3 base/src/bin/pg_dump/pg_dump
"FROM pg_catalog.pg_proc "
"WHERE oid = '%u'::pg_catalog.oid",
finfo->dobj.catId.oid);
-@@ -6499,7 +6565,8 @@ dumpFunc(Archive *fout, FuncInfo *finfo)
+@@ -6505,7 +6571,8 @@ dumpFunc(Archive *fout, FuncInfo *finfo)
"null as proargnames, "
"provolatile, proisstrict, prosecdef, "
"null as proconfig, 0 as procost, 0 as prorows, "
@@ -363,7 +363,7 @@ diff -rpNU3 base/src/bin/pg_dump/pg_dump
"FROM pg_catalog.pg_proc "
"WHERE oid = '%u'::pg_catalog.oid",
finfo->dobj.catId.oid);
-@@ -6515,7 +6582,8 @@ dumpFunc(Archive *fout, FuncInfo *finfo)
+@@ -6521,7 +6588,8 @@ dumpFunc(Archive *fout, FuncInfo *finfo)
"proisstrict, "
"'f'::boolean as prosecdef, "
"null as proconfig, 0 as procost, 0 as prorows, "
@@ -373,7 +373,7 @@ diff -rpNU3 base/src/bin/pg_dump/pg_dump
"FROM pg_proc "
"WHERE oid = '%u'::oid",
finfo->dobj.catId.oid);
-@@ -6531,7 +6599,8 @@ dumpFunc(Archive *fout, FuncInfo *finfo)
+@@ -6537,7 +6605,8 @@ dumpFunc(Archive *fout, FuncInfo *finfo)
"'f'::boolean as proisstrict, "
"'f'::boolean as prosecdef, "
"null as proconfig, 0 as procost, 0 as prorows, "
@@ -383,7 +383,7 @@ diff -rpNU3 base/src/bin/pg_dump/pg_dump
"FROM pg_proc "
"WHERE oid = '%u'::oid",
finfo->dobj.catId.oid);
-@@ -6562,6 +6631,7 @@ dumpFunc(Archive *fout, FuncInfo *finfo)
+@@ -6568,6 +6637,7 @@ dumpFunc(Archive *fout, FuncInfo *finfo)
procost = PQgetvalue(res, 0, PQfnumber(res, "procost"));
prorows = PQgetvalue(res, 0, PQfnumber(res, "prorows"));
lanname = PQgetvalue(res, 0, PQfnumber(res, "lanname"));
@@ -391,7 +391,7 @@ diff -rpNU3 base/src/bin/pg_dump/pg_dump
/*
* See backend/commands/define.c for details of how the 'AS' clause is
-@@ -6699,6 +6769,9 @@ dumpFunc(Archive *fout, FuncInfo *finfo)
+@@ -6705,6 +6775,9 @@ dumpFunc(Archive *fout, FuncInfo *finfo)
if (prosecdef[0] == 't')
appendPQExpBuffer(q, " SECURITY DEFINER");
@@ -401,7 +401,7 @@ diff -rpNU3 base/src/bin/pg_dump/pg_dump
/*
* COST and ROWS are emitted only if present and not default, so as not to
* break backwards-compatibility of the dump without need. Keep this code
-@@ -8780,6 +8853,10 @@ dumpTableSchema(Archive *fout, TableInfo
+@@ -8786,6 +8859,10 @@ dumpTableSchema(Archive *fout, TableInfo
if (tbinfo->notnull[j] && !tbinfo->inhNotNull[j])
appendPQExpBuffer(q, " NOT NULL");
@@ -412,7 +412,7 @@ diff -rpNU3 base/src/bin/pg_dump/pg_dump
actual_atts++;
}
}
-@@ -8827,6 +8904,9 @@ dumpTableSchema(Archive *fout, TableInfo
+@@ -8833,6 +8910,9 @@ dumpTableSchema(Archive *fout, TableInfo
if (tbinfo->reloptions && strlen(tbinfo->reloptions) > 0)
appendPQExpBuffer(q, "\nWITH (%s)", tbinfo->reloptions);
@@ -422,7 +422,7 @@ diff -rpNU3 base/src/bin/pg_dump/pg_dump
appendPQExpBuffer(q, ";\n");
/* Loop dumping statistics and storage statements */
-@@ -10244,6 +10324,13 @@ fmtCopyColumnList(const TableInfo *ti)
+@@ -10250,6 +10330,13 @@ fmtCopyColumnList(const TableInfo *ti)
appendPQExpBuffer(q, "(");
needComma = false;
Index: sepostgresql.init
===================================================================
RCS file: /cvs/pkgs/rpms/sepostgresql/F-11/sepostgresql.init,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -p -r1.34 -r1.35
--- sepostgresql.init 9 Jun 2009 07:30:55 -0000 1.34
+++ sepostgresql.init 10 Sep 2009 12:27:20 -0000 1.35
@@ -7,9 +7,9 @@
# pidfile: /var/run/postmaster.pid
#---------------------------------------------------------------------
-PGVERSION="8.3.7"
+PGVERSION="8.3.8"
PGMAJORVERSION=`echo "$PGVERSION" | sed 's/^\([0-9]*\.[0-9a-z]*\).*$/\1/'`
-SEPGVERSION="1990"
+SEPGVERSION="2300"
# source function library
. /etc/rc.d/init.d/functions
Index: sepostgresql.spec
===================================================================
RCS file: /cvs/pkgs/rpms/sepostgresql/F-11/sepostgresql.spec,v
retrieving revision 1.37
retrieving revision 1.38
diff -u -p -r1.37 -r1.38
--- sepostgresql.spec 9 Jun 2009 07:30:55 -0000 1.37
+++ sepostgresql.spec 10 Sep 2009 12:27:20 -0000 1.38
@@ -11,8 +11,8 @@
Summary: Security Enhanced PostgreSQL
Name: sepostgresql
-Version: 8.3.7
-Release: 1990%{?dist}
+Version: 8.3.8
+Release: 2300%{?dist}
License: BSD
Group: Applications/Databases
Url: http://code.google.com/p/sepgsql/
@@ -36,7 +36,7 @@ Requires(post): policycoreutils /sbin/ch
Requires(preun): /sbin/chkconfig /sbin/service
Requires(postun): policycoreutils
Requires: postgresql-server = %{version}
-Requires: policycoreutils >= 2.0.16 libselinux >= 2.0.43
+Requires: policycoreutils >= 2.0.16 libselinux >= 2.0.80
Requires: selinux-policy >= 3.4.2
Requires: tzdata logrotate
@@ -199,6 +199,9 @@ fi
%attr(700,sepgsql,sepgsql) %dir %{_localstatedir}/lib/sepgsql/backups
%changelog
+* Thu Sep 10 2009 KaiGai Kohei <kaigai at kaigai.gr.jp> - 8.3.8-2300
+- upgrade base PostgreSQL v8.3.7->8.3.8
+
* Tue Jun 9 2009 KaiGai Kohei <kaigai at kaigai.gr.jp> - 8.3.7-1990
- backport features from v8.4devel, it also needs libselinux-2.0.80
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/sepostgresql/F-11/sources,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -p -r1.11 -r1.12
--- sources 27 Mar 2009 03:54:13 -0000 1.11
+++ sources 10 Sep 2009 12:27:20 -0000 1.12
@@ -1 +1 @@
-7b7e91a2221e55fe1b167e663217a96d postgresql-8.3.7.tar.bz2
+aac683d03f765dc58a3a0e5eaa1927bf postgresql-8.3.8.tar.bz2
- Previous message (by thread): rpms/vmpsd/EL-5 import.log, NONE, 1.1 vmpsd.init, NONE, 1.1 vmpsd.spec, NONE, 1.1 vmpsd.sysconfig, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message (by thread): rpms/opencv/devel opencv.spec,1.36,1.37
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list