Update postgresql74* packages to 7.4.8.

                                Release Notes

                                Release 7.4.8

     Release date: 2005-05-09

   This release contains a variety of fixes from 7.4.7, including several
   security-related issues.
     __________________________________________________________________

Migration to version 7.4.8

   A dump/restore is not required for those running 7.4.X. However, it is
   one possible way of handling two significant security problems that
   have been found in the initial contents of 7.4.X system catalogs. A
   dump/initdb/reload sequence using 7.4.8's initdb will automatically
   correct these problems.

   The larger security problem is that the built-in character set encoding
   conversion functions can be invoked from SQL commands by unprivileged
   users, but the functions were not designed for such use and are not
   secure against malicious choices of arguments. The fix involves
   changing the declared parameter list of these functions so that they
   can no longer be invoked from SQL commands. (This does not affect their
   normal use by the encoding conversion machinery.)

   The lesser problem is that the "contrib/tsearch2" module creates
   several functions that are misdeclared to return internal when they do
   not accept internal arguments. This breaks type safety for all
   functions using internal arguments.

   It is strongly recommended that all installations repair these errors,
   either by initdb or by following the manual repair procedures given
   below. The errors at least allow unprivileged database users to crash
   their server process, and may allow unprivileged users to gain the
   privileges of a database superuser.

While here, fix postgresql74-client package installation on 2.0
(broken -X), and avoid the need for gtar in tcl-postgresql74.

3 files changed, 6 insertions, 92 deletions

diff --git a/databases/postgresql74/Makefile.common b/databases/postgresql74/Makefile.common
index 849bce12d7d..e41cdf46cbc 100644
--- a/databases/postgresql74/Makefile.common
+++ b/databases/postgresql74/Makefile.common
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.23 2005/05/22 20:07:46 jlam Exp $
+# $NetBSD: Makefile.common,v 1.24 2005/06/30 01:50:10 wiz Exp $
 #
 # This Makefile fragment is included by all PostgreSQL packages built from
 # the main sources of the PostgreSQL distribution except jdbc-postgresql.
@@ -36,7 +36,7 @@ PATCHDIR?=		${.CURDIR}/../postgresql74/patches
 # BASE_VERS		pkgsrc-mangled version number (convert pl -> .)
 #
 # Note: Do not forget jdbc-postgresql when updating version
-DIST_VERS?=		7.4.7
+DIST_VERS?=		7.4.8
 BASE_VERS?=		${DIST_VERS}
 
 BUILDLINK_DEPENDS.postgresql74-lib?=	postgresql74-lib>=${BASE_VERS}
diff --git a/databases/postgresql74/distinfo b/databases/postgresql74/distinfo
index 9b1d183be58..22537e787c4 100644
--- a/databases/postgresql74/distinfo
+++ b/databases/postgresql74/distinfo
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.17 2005/03/17 22:35:48 jschauma Exp $
+$NetBSD: distinfo,v 1.18 2005/06/30 01:50:10 wiz Exp $
 
-SHA1 (postgresql-7.4.7.tar.bz2) = 48fe9187ae1776265756b807254552b4f6bcfcb8
-RMD160 (postgresql-7.4.7.tar.bz2) = 1bbb64c8a9b95cafe0254a0994752b8bbb624346
-Size (postgresql-7.4.7.tar.bz2) = 10235394 bytes
+SHA1 (postgresql-7.4.8.tar.bz2) = a565ff14e1a3b58a151b219bcffcf53dfc62ec41
+RMD160 (postgresql-7.4.8.tar.bz2) = 3ee8c70e0506e2a49bae20bc2282391513ee9d65
+Size (postgresql-7.4.8.tar.bz2) = 10235413 bytes
 SHA1 (patch-aa) = 626b4b4bf0d47913072399535c55d413b90675a4
 SHA1 (patch-ab) = f44a544c56452bad197a88cb827e88624c54656c
 SHA1 (patch-ac) = 81ef677cc5d196762b6cc3c3e38dee4a37e75ac2
@@ -10,4 +10,3 @@ SHA1 (patch-ad) = fae5e82e0943ea982c9d3aace290b56c6a7629f9
 SHA1 (patch-ae) = f0e0ad98ebdc972e7c40afd805fbb0d909d5ef3b
 SHA1 (patch-af) = 7373db75fda125b980f2ead990719798c0d22a48
 SHA1 (patch-ag) = a983f23b5e47a4c2f31ba284ff3db51b53cf8414
-SHA1 (patch-ah) = 4cc4e45679284815c32a5ff3b461b12df55d07c2
diff --git a/databases/postgresql74/patches/patch-ah b/databases/postgresql74/patches/patch-ah
deleted file mode 100644
index 410688199b1..00000000000
--- a/databases/postgresql74/patches/patch-ah
+++ /dev/null
@@ -1,85 +0,0 @@
-$NetBSD: patch-ah,v 1.1 2005/03/17 22:35:48 jschauma Exp $
-
---- src/pl/plpgsql/src/gram.y.orig	2005-01-20 19:31:21.000000000 -0500
-+++ src/pl/plpgsql/src/gram.y	2005-03-17 17:29:03.000000000 -0500
-@@ -1713,6 +1713,15 @@
- 		}
- 	}
- 
-+	/* Check for array overflow */
-+	if (nparams >= 1024)
-+	{
-+		plpgsql_error_lineno = lno;
-+		ereport(ERROR,
-+				(errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
-+				errmsg("too many variables specified in SQL statement")));
-+	}
-+
- 	expr = malloc(sizeof(PLpgSQL_expr) + sizeof(int) * nparams - sizeof(int));
- 	expr->dtype			= PLPGSQL_DTYPE_EXPR;
- 	expr->query			= strdup(plpgsql_dstring_get(&ds));
-@@ -1856,6 +1865,15 @@
- 
- 					while ((tok = yylex()) == ',')
- 					{
-+						/* Check for array overflow */
-+						if (nfields >= 1024)
-+						{
-+							plpgsql_error_lineno = plpgsql_scanner_lineno();
-+							ereport(ERROR,
-+									(errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
-+									errmsg("too many variables specified in SQL statement")));
-+						}
-+
- 						tok = yylex();
- 						switch(tok)
- 						{
-@@ -1918,6 +1936,15 @@
- 				plpgsql_dstring_append(&ds, yytext);
- 				break;
- 		}
-+
-+		/* Check for array overflow */
-+		if (nparams >= 1024)
-+		{
-+			plpgsql_error_lineno = plpgsql_scanner_lineno();
-+			ereport(ERROR,
-+					(errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
-+						errmsg("too many variables specified in SQL statement")));
-+			}
- 	}
- 
- 	expr = malloc(sizeof(PLpgSQL_expr) + sizeof(int) * nparams - sizeof(int));
-@@ -1952,12 +1979,12 @@
- 
- 		return (PLpgSQL_stmt *)execsql;
- 	}
--}
-+	}
- 
- 
--static PLpgSQL_stmt *
--make_fetch_stmt(void)
--{
-+	static PLpgSQL_stmt *
-+	make_fetch_stmt(void)
-+	{
- 	int					tok;
- 	PLpgSQL_row		   *row = NULL;
- 	PLpgSQL_rec		   *rec = NULL;
-@@ -1989,6 +2016,15 @@
- 
- 				while ((tok = yylex()) == ',')
- 				{
-+						/* Check for array overflow */
-+						if (nfields >= 1024)
-+						{
-+							plpgsql_error_lineno = plpgsql_scanner_lineno();
-+							ereport(ERROR,
-+									(errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
-+									errmsg("too many variables specified in SQL statement")));
-+					}
-+
- 					tok = yylex();
- 					switch(tok)
- 					{