Fixing problems with the recent security patch: When bison was not

installed, the patched gram.y file would not be used and the security
patch would be a no-op. Also, I've had reports of compilation errors
related to bison.

Since checking for the correct version of bison is hard and error
prone, I'm doing what the postgresql distribution does - patching the
yacc:ed .c file to get rid of the building dependency.

Bumping portrevision of -server.

Pointy hat to:	me
Noticed by:	Mike Harding and others
Security:	http://www.vuxml.org/freebsd/6b4b0b3f-8127-11d9-a9e7-0001020eed82.html
Approved by:	seanc (implicit)

2 files changed, 89 insertions, 1 deletions

diff --git a/databases/postgresql74-server/Makefile b/databases/postgresql74-server/Makefile
index bd24cd934c1f..39d4f44bebc4 100644
--- a/databases/postgresql74-server/Makefile
+++ b/databases/postgresql74-server/Makefile
@@ -8,7 +8,7 @@
 PORTNAME?=	postgresql
 PKGNAMESUFFIX?=	-server
 PORTVERSION?=	7.4.7
-PORTREVISION?=	1
+PORTREVISION?=	2
 CATEGORIES?=	databases
 MASTER_SITES=	${MASTER_SITE_PGSQL}
 MASTER_SITE_SUBDIR=	source/v${PORTVERSION}
diff --git a/databases/postgresql74-server/files/patch-src-pl-plpgsql-src-pl-gram-c b/databases/postgresql74-server/files/patch-src-pl-plpgsql-src-pl-gram-c
new file mode 100644
index 000000000000..6e2062f5af36
--- /dev/null
+++ b/databases/postgresql74-server/files/patch-src-pl-plpgsql-src-pl-gram-c
@@ -0,0 +1,88 @@
+--- /opt/portbuild/tmp/opt/ports/databases/postgresql74-server/work/postgresql-7.4.7/src/pl/plpgsql/src/pl_gram.c	Mon Jan 31 11:20:24 2005
++++ src/pl/plpgsql/src/pl_gram.c	Sun Feb 20 02:42:46 2005
+@@ -191,7 +191,7 @@
+  *						  procedural language
+  *
+  * IDENTIFICATION
+- *	  $Header: /cvsroot/pgsql/src/pl/plpgsql/src/gram.y,v 1.48.2.1 2005/01/21 00:31:21 neilc Exp $
++ *	  $Header: /cvsroot/pgsql/src/pl/plpgsql/src/gram.y,v 1.48.2.3 2005/02/08 18:22:11 tgl Exp $
+  *
+  *	  This software is copyrighted by Jan Wieck - Hamburg.
+  *
+@@ -3337,6 +3323,16 @@
+ 		}
+ 		if (plpgsql_SpaceScanned)
+ 			plpgsql_dstring_append(&ds, " ");
++
++		/* Check for array overflow */
++		if (nparams >= 1024)
++		{
++			plpgsql_error_lineno = lno;
++			ereport(ERROR,
++					(errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
++					 errmsg("too many variables specified in SQL statement")));
++		}
++
+ 		switch (tok)
+ 		{
+ 			case T_VARIABLE:
+@@ -3494,6 +3490,15 @@
+ 
+ 					while ((tok = plpgsql_yylex()) == ',')
+ 					{
++						/* Check for array overflow */
++						if (nfields >= 1024)
++						{
++							plpgsql_error_lineno = plpgsql_scanner_lineno();
++							ereport(ERROR,
++									(errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
++									 errmsg("too many INTO variables specified")));
++						}
++
+ 						tok = plpgsql_yylex();
+ 						switch(tok)
+ 						{
+@@ -3544,6 +3549,16 @@
+ 
+ 		if (plpgsql_SpaceScanned)
+ 			plpgsql_dstring_append(&ds, " ");
++
++		/* Check for array overflow */
++		if (nparams >= 1024)
++		{
++			plpgsql_error_lineno = plpgsql_scanner_lineno();
++			ereport(ERROR,
++					(errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
++					 errmsg("too many variables specified in SQL statement")));
++		}
++
+ 		switch (tok)
+ 		{
+ 			case T_VARIABLE:
+@@ -3627,6 +3642,15 @@
+ 
+ 				while ((tok = plpgsql_yylex()) == ',')
+ 				{
++					/* Check for array overflow */
++					if (nfields >= 1024)
++					{
++						plpgsql_error_lineno = plpgsql_scanner_lineno();
++						ereport(ERROR,
++								(errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
++								 errmsg("too many INTO variables specified")));
++					}
++
+ 					tok = plpgsql_yylex();
+ 					switch(tok)
+ 					{
+--- /opt/portbuild/tmp/opt/ports/databases/postgresql74-server/work/postgresql-7.4.7/src/pl/plpgsql/src/pl.tab.h	Mon Jan 31 11:20:24 2005
++++ src/pl/plpgsql/src/pl.tab.h	Sun Feb 20 06:20:02 2005
+@@ -203,7 +203,7 @@
+ 		PLpgSQL_stmt_block		*program;
+ 		PLpgSQL_nsitem			*nsitem;
+ } PLPGSQL_YYSTYPE;
+-/* Line 1248 of yacc.c.  */
++/* Line 1238 of yacc.c.  */
+ #line 207 "y.tab.h"
+ # define plpgsql_yystype PLPGSQL_YYSTYPE /* obsolescent; will be withdrawn */
+ # define PLPGSQL_YYSTYPE_IS_DECLARED 1