Critical SECURITY update to PostgreSQL, fixing CVE-2013-1899,

CVE-2013-1900 and CVE-2013-1901. ok jasper@

"A major security issue fixed in this release, CVE-2013-1899, makes
it possible for a connection request containing a database name that
begins with "-" to be crafted that can damage or destroy files within a
server's data directory. Anyone with access to the port the PostgreSQL
server listens on can initiate this request. This issue was discovered
by Mitsumasa Kondo and Kyotaro Horiguchi of NTT Open Source Software
Center."   http://www.postgresql.org/about/news/1456/

databases/postgresql/Makefile

@@ -1,11 +1,11 @@
-# $OpenBSD: Makefile,v 1.172 2013/03/11 02:52:07 espie Exp $
+# $OpenBSD: Makefile,v 1.173 2013/04/04 14:45:46 sthen Exp $
 
 COMMENT-main=	PostgreSQL RDBMS (client)
 COMMENT-server=	PostgreSQL RDBMS (server)
 COMMENT-docs=	PostgreSQL RDBMS documentation
 COMMENT-contrib=PostgreSQL RDBMS contributions
 
-VERSION=	9.2.3
+VERSION=	9.2.4
 DISTNAME=	postgresql-${VERSION}
 PKGNAME-main=	postgresql-client-${VERSION}
 PKGNAME-server=	postgresql-server-${VERSION}
@@ -26,9 +26,10 @@ MAINTAINER=	Pierre-Emmanuel Andre <pea@openbsd.org>
 PERMIT_PACKAGE_CDROM=	Yes
 WANTLIB=		c com_err crypto m readline ssl termcap z
 
-MASTER_SITES= 	ftp://ftp5.us.postgresql.org/pub/PostgreSQL/source/v${VERSION}/ \
+MASTER_SITES=	http://ftp.postgresql.org/pub/source/v${VERSION}/ \
-	ftp://ftp5.es.postgresql.org/mirror/postgresql/source/v${VERSION}/ \
+	http://ftp5.es.postgresql.org/mirror/postgresql/source/v${VERSION}/ \
-	ftp://ftp.postgresql.org/pub/source/v${VERSION}/
+	ftp://ftp.postgresql.org/pub/source/v${VERSION}/ \
+	ftp://ftp5.us.postgresql.org/pub/PostgreSQL/source/v${VERSION}/
 
 MULTI_PACKAGES=	-docs -main -server -contrib
 

databases/postgresql/distinfo

@@ -1,2 +1,2 @@
-SHA256 (postgresql-9.2.3.tar.gz) = rWZEzajyM2gZdiheh3aqH06OmVMON62MXkILqVJoh+A=
+SHA256 (postgresql-9.2.4.tar.gz) = 8IQO3Px3gMRAeXQJIc+bUbN64oNVgO30eOjwOEEWai8=
-SIZE (postgresql-9.2.3.tar.gz) = 21490350
+SIZE (postgresql-9.2.4.tar.gz) = 21539369

databases/postgresql/pkg/PLIST-docs

@@ -1,4 +1,4 @@
-@comment $OpenBSD: PLIST-docs,v 1.59 2013/02/07 17:29:05 jasper Exp $
+@comment $OpenBSD: PLIST-docs,v 1.60 2013/04/04 14:45:46 sthen Exp $
 share/doc/postgresql/
 share/doc/postgresql/COPYRIGHT
 share/doc/postgresql/HISTORY
@@ -767,6 +767,7 @@ share/doc/postgresql/html/release-8-4-13.html
 share/doc/postgresql/html/release-8-4-14.html
 share/doc/postgresql/html/release-8-4-15.html
 share/doc/postgresql/html/release-8-4-16.html
+share/doc/postgresql/html/release-8-4-17.html
 share/doc/postgresql/html/release-8-4-2.html
 share/doc/postgresql/html/release-8-4-3.html
 share/doc/postgresql/html/release-8-4-4.html
@@ -780,6 +781,7 @@ share/doc/postgresql/html/release-9-0-1.html
 share/doc/postgresql/html/release-9-0-10.html
 share/doc/postgresql/html/release-9-0-11.html
 share/doc/postgresql/html/release-9-0-12.html
+share/doc/postgresql/html/release-9-0-13.html
 share/doc/postgresql/html/release-9-0-2.html
 share/doc/postgresql/html/release-9-0-3.html
 share/doc/postgresql/html/release-9-0-4.html
@@ -797,10 +799,12 @@ share/doc/postgresql/html/release-9-1-5.html
 share/doc/postgresql/html/release-9-1-6.html
 share/doc/postgresql/html/release-9-1-7.html
 share/doc/postgresql/html/release-9-1-8.html
+share/doc/postgresql/html/release-9-1-9.html
 share/doc/postgresql/html/release-9-1.html
 share/doc/postgresql/html/release-9-2-1.html
 share/doc/postgresql/html/release-9-2-2.html
 share/doc/postgresql/html/release-9-2-3.html
+share/doc/postgresql/html/release-9-2-4.html
 share/doc/postgresql/html/release-9-2.html
 share/doc/postgresql/html/release.html
 share/doc/postgresql/html/resources.html