diff --git a/dev-db/postgresql/Manifest b/dev-db/postgresql/Manifest index cd8a42f..b68efd0 100644 --- a/dev-db/postgresql/Manifest +++ b/dev-db/postgresql/Manifest @@ -1 +1 @@ -DIST postgresql-16.1.tar.bz2 24605482 BLAKE2B f59859af644134cf0fc9289c0e0d93fe0f877794a1cc8881280d0439605a6e312866a0114d453af8e269e26173fa3742073fe5485901b7cb0af925a5c3506aad SHA512 69f4635e5841452599f13b47df41ce2425ab34b4e4582fd2c635bc78d561fa36c5b03eccb4ae6569872dc74775be1b5a62dee20c9a4f12a43339250128352918 +DIST postgresql-16.2.tar.bz2 24711703 BLAKE2B b863d7b7a1721df237c33a45aed788be9397a432a445f2267619496f1c0210196ff0904c44dbf07ea11f814921c643a6b9182b8a4c992f13578c4fe00868d491 SHA512 3194941cc3f1ec86b6cf4f08c6422d268d99890441f8fc9ab87b6a7fd16c990fa230b544308644cbef54e6960c4984e3703752e40930bdc0537b7bfda3ab7ccf diff --git a/dev-db/postgresql/files/postgresql-16-openssl3.2.patch b/dev-db/postgresql/files/postgresql-16-openssl3.2.patch deleted file mode 100644 index 2740187..0000000 --- a/dev-db/postgresql/files/postgresql-16-openssl3.2.patch +++ /dev/null @@ -1,216 +0,0 @@ -commit 9140a24b312176ebb4e6eb6458b33ce640c04440 -Author: Tom Lane -Date: Tue Nov 28 12:34:03 2023 -0500 - - Use BIO_{get,set}_app_data instead of BIO_{get,set}_data. - - We should have done it this way all along, but we accidentally got - away with using the wrong BIO field up until OpenSSL 3.2. There, - the library's BIO routines that we rely on use the "data" field - for their own purposes, and our conflicting use causes assorted - weird behaviors up to and including core dumps when SSL connections - are attempted. Switch to using the approved field for the purpose, - i.e. app_data. - - While at it, remove our configure probes for BIO_get_data as well - as the fallback implementation. BIO_{get,set}_app_data have been - there since long before any OpenSSL version that we still support, - even in the back branches. - - Also, update src/test/ssl/t/001_ssltests.pl to allow for a minor - change in an error message spelling that evidently came in with 3.2. - - Tristan Partin and Bo Andreson. Back-patch to all supported branches. - - Discussion: https://postgr.es/m/CAN55FZ1eDDYsYaL7mv+oSLUij2h_u6hvD4Qmv-7PK7jkji0uyQ@mail.gmail.com - -diff --git a/configure b/configure -index 82e45657b2..907c777b9c 100755 ---- a/configure -+++ b/configure -@@ -12982,7 +12982,7 @@ done - # defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it - # doesn't have these OpenSSL 1.1.0 functions. So check for individual - # functions. -- for ac_func in OPENSSL_init_ssl BIO_get_data BIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free -+ for ac_func in OPENSSL_init_ssl BIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free - do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` - ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -diff --git a/configure.ac b/configure.ac -index fcea0bcab4..ab32bfdd08 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -1385,7 +1385,7 @@ if test "$with_ssl" = openssl ; then - # defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it - # doesn't have these OpenSSL 1.1.0 functions. So check for individual - # functions. -- AC_CHECK_FUNCS([OPENSSL_init_ssl BIO_get_data BIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free]) -+ AC_CHECK_FUNCS([OPENSSL_init_ssl BIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free]) - # OpenSSL versions before 1.1.0 required setting callback functions, for - # thread-safety. In 1.1.0, it's no longer required, and CRYPTO_lock() - # function was removed. -diff --git a/meson.build b/meson.build -index 51b5285924..96fc2e139a 100644 ---- a/meson.build -+++ b/meson.build -@@ -1278,7 +1278,6 @@ if sslopt in ['auto', 'openssl'] - # doesn't have these OpenSSL 1.1.0 functions. So check for individual - # functions. - ['OPENSSL_init_ssl'], -- ['BIO_get_data'], - ['BIO_meth_new'], - ['ASN1_STRING_get0_data'], - ['HMAC_CTX_new'], -diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c -index e9c86d08df..49dca0cda9 100644 ---- a/src/backend/libpq/be-secure-openssl.c -+++ b/src/backend/libpq/be-secure-openssl.c -@@ -844,11 +844,6 @@ be_tls_write(Port *port, void *ptr, size_t len, int *waitfor) - * to retry; do we need to adopt their logic for that? - */ - --#ifndef HAVE_BIO_GET_DATA --#define BIO_get_data(bio) (bio->ptr) --#define BIO_set_data(bio, data) (bio->ptr = data) --#endif -- - static BIO_METHOD *my_bio_methods = NULL; - - static int -@@ -858,7 +853,7 @@ my_sock_read(BIO *h, char *buf, int size) - - if (buf != NULL) - { -- res = secure_raw_read(((Port *) BIO_get_data(h)), buf, size); -+ res = secure_raw_read(((Port *) BIO_get_app_data(h)), buf, size); - BIO_clear_retry_flags(h); - if (res <= 0) - { -@@ -878,7 +873,7 @@ my_sock_write(BIO *h, const char *buf, int size) - { - int res = 0; - -- res = secure_raw_write(((Port *) BIO_get_data(h)), buf, size); -+ res = secure_raw_write(((Port *) BIO_get_app_data(h)), buf, size); - BIO_clear_retry_flags(h); - if (res <= 0) - { -@@ -954,7 +949,7 @@ my_SSL_set_fd(Port *port, int fd) - SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB); - goto err; - } -- BIO_set_data(bio, port); -+ BIO_set_app_data(bio, port); - - BIO_set_fd(bio, fd, BIO_NOCLOSE); - SSL_set_bio(port->ssl, bio, bio); -diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in -index 6d572c3820..174544630e 100644 ---- a/src/include/pg_config.h.in -+++ b/src/include/pg_config.h.in -@@ -70,9 +70,6 @@ - /* Define to 1 if you have the `backtrace_symbols' function. */ - #undef HAVE_BACKTRACE_SYMBOLS - --/* Define to 1 if you have the `BIO_get_data' function. */ --#undef HAVE_BIO_GET_DATA -- - /* Define to 1 if you have the `BIO_meth_new' function. */ - #undef HAVE_BIO_METH_NEW - -diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c -index 390c888c96..fb6404ade0 100644 ---- a/src/interfaces/libpq/fe-secure-openssl.c -+++ b/src/interfaces/libpq/fe-secure-openssl.c -@@ -1830,11 +1830,7 @@ PQsslAttribute(PGconn *conn, const char *attribute_name) - * to retry; do we need to adopt their logic for that? - */ - --#ifndef HAVE_BIO_GET_DATA --#define BIO_get_data(bio) (bio->ptr) --#define BIO_set_data(bio, data) (bio->ptr = data) --#endif -- -+/* protected by ssl_config_mutex */ - static BIO_METHOD *my_bio_methods; - - static int -@@ -1842,7 +1838,7 @@ my_sock_read(BIO *h, char *buf, int size) - { - int res; - -- res = pqsecure_raw_read((PGconn *) BIO_get_data(h), buf, size); -+ res = pqsecure_raw_read((PGconn *) BIO_get_app_data(h), buf, size); - BIO_clear_retry_flags(h); - if (res < 0) - { -@@ -1872,7 +1868,7 @@ my_sock_write(BIO *h, const char *buf, int size) - { - int res; - -- res = pqsecure_raw_write((PGconn *) BIO_get_data(h), buf, size); -+ res = pqsecure_raw_write((PGconn *) BIO_get_app_data(h), buf, size); - BIO_clear_retry_flags(h); - if (res < 0) - { -@@ -1963,7 +1959,7 @@ my_SSL_set_fd(PGconn *conn, int fd) - SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB); - goto err; - } -- BIO_set_data(bio, conn); -+ BIO_set_app_data(bio, conn); - - SSL_set_bio(conn->ssl, bio, bio); - BIO_set_fd(bio, fd, BIO_NOCLOSE); -diff --git a/src/test/ssl/t/001_ssltests.pl b/src/test/ssl/t/001_ssltests.pl -index 76442de063..9bb28fbc83 100644 ---- a/src/test/ssl/t/001_ssltests.pl -+++ b/src/test/ssl/t/001_ssltests.pl -@@ -781,7 +781,7 @@ $node->connect_fails( - "$common_connstr user=ssltestuser sslcert=ssl/client-revoked.crt " - . sslkey('client-revoked.key'), - "certificate authorization fails with revoked client cert", -- expected_stderr => qr/SSL error: sslv3 alert certificate revoked/, -+ expected_stderr => qr|SSL error: ssl[a-z0-9/]* alert certificate revoked|, - # temporarily(?) skip this check due to timing issue - # log_like => [ - # qr{Client certificate verification failed at depth 0: certificate revoked}, -@@ -886,7 +886,7 @@ $node->connect_fails( - "$common_connstr user=ssltestuser sslcert=ssl/client-revoked.crt " - . sslkey('client-revoked.key'), - "certificate authorization fails with revoked client cert with server-side CRL directory", -- expected_stderr => qr/SSL error: sslv3 alert certificate revoked/, -+ expected_stderr => qr|SSL error: ssl[a-z0-9/]* alert certificate revoked|, - # temporarily(?) skip this check due to timing issue - # log_like => [ - # qr{Client certificate verification failed at depth 0: certificate revoked}, -@@ -899,7 +899,7 @@ $node->connect_fails( - "$common_connstr user=ssltestuser sslcert=ssl/client-revoked-utf8.crt " - . sslkey('client-revoked-utf8.key'), - "certificate authorization fails with revoked UTF-8 client cert with server-side CRL directory", -- expected_stderr => qr/SSL error: sslv3 alert certificate revoked/, -+ expected_stderr => qr|SSL error: ssl[a-z0-9/]* alert certificate revoked|, - # temporarily(?) skip this check due to timing issue - # log_like => [ - # qr{Client certificate verification failed at depth 0: certificate revoked}, -diff --git a/src/tools/msvc/Solution.pm b/src/tools/msvc/Solution.pm -index b6d31c3583..711fae853f 100644 ---- a/src/tools/msvc/Solution.pm -+++ b/src/tools/msvc/Solution.pm -@@ -225,7 +225,6 @@ sub GenerateFiles - HAVE_ATOMICS => 1, - HAVE_ATOMIC_H => undef, - HAVE_BACKTRACE_SYMBOLS => undef, -- HAVE_BIO_GET_DATA => undef, - HAVE_BIO_METH_NEW => undef, - HAVE_COMPUTED_GOTO => undef, - HAVE_COPYFILE => undef, -@@ -503,7 +502,6 @@ sub GenerateFiles - || ($digit1 >= '1' && $digit2 >= '1' && $digit3 >= '0')) - { - $define{HAVE_ASN1_STRING_GET0_DATA} = 1; -- $define{HAVE_BIO_GET_DATA} = 1; - $define{HAVE_BIO_METH_NEW} = 1; - $define{HAVE_HMAC_CTX_FREE} = 1; - $define{HAVE_HMAC_CTX_NEW} = 1; diff --git a/dev-db/postgresql/files/postgresql-16-xml-2.12.patch b/dev-db/postgresql/files/postgresql-16-xml-2.12.patch deleted file mode 100644 index aac072c..0000000 --- a/dev-db/postgresql/files/postgresql-16-xml-2.12.patch +++ /dev/null @@ -1,83 +0,0 @@ -From e02fea093ebb7ff5093c4cd9827710000bb31146 Mon Sep 17 00:00:00 2001 -From: Tom Lane -Date: Mon, 29 Jan 2024 12:06:07 -0500 -Subject: [PATCH] Fix incompatibilities with libxml2 >= 2.12.0. - -libxml2 changed the required signature of error handler callbacks -to make the passed xmlError struct "const". This is causing build -failures on buildfarm member caiman, and no doubt will start showing -up in the field quite soon. Add a version check to adjust the -declaration of xml_errorHandler() according to LIBXML_VERSION. - -2.12.x also produces deprecation warnings for contrib/xml2/xpath.c's -assignment to xmlLoadExtDtdDefaultValue. I see no good reason for -that to still be there, seeing that we disabled external DTDs (at a -lower level) years ago for security reasons. Let's just remove it. - -Back-patch to all supported branches, since they might all get built -with newer libxml2 once it gets a bit more popular. (The back -branches produce another deprecation warning about xpath.c's use of -xmlSubstituteEntitiesDefault(). We ought to consider whether to -back-patch all or part of commit 65c5864d7 to silence that. It's -less urgent though, since it won't break the buildfarm.) - -Discussion: https://postgr.es/m/1389505.1706382262@sss.pgh.pa.us ---- - contrib/xml2/xpath.c | 1 - - src/backend/utils/adt/xml.c | 14 ++++++++++++-- - 2 files changed, 12 insertions(+), 3 deletions(-) - -diff --git a/contrib/xml2/xpath.c b/contrib/xml2/xpath.c -index a692dc6be8..94641930f7 100644 ---- a/contrib/xml2/xpath.c -+++ b/contrib/xml2/xpath.c -@@ -75,7 +75,6 @@ pgxml_parser_init(PgXmlStrictness strictness) - xmlInitParser(); - - xmlSubstituteEntitiesDefault(1); -- xmlLoadExtDtdDefaultValue = 1; - - return xmlerrcxt; - } -diff --git a/src/backend/utils/adt/xml.c b/src/backend/utils/adt/xml.c -index 2300c7ebf3..9f4e775003 100644 ---- a/src/backend/utils/adt/xml.c -+++ b/src/backend/utils/adt/xml.c -@@ -66,6 +66,16 @@ - #if LIBXML_VERSION >= 20704 - #define HAVE_XMLSTRUCTUREDERRORCONTEXT 1 - #endif -+ -+/* -+ * libxml2 2.12 decided to insert "const" into the error handler API. -+ */ -+#if LIBXML_VERSION >= 21200 -+#define PgXmlErrorPtr const xmlError * -+#else -+#define PgXmlErrorPtr xmlErrorPtr -+#endif -+ - #endif /* USE_LIBXML */ - - #include "access/htup_details.h" -@@ -123,7 +133,7 @@ static xmlParserInputPtr xmlPgEntityLoader(const char *URL, const char *ID, - xmlParserCtxtPtr ctxt); - static void xml_errsave(Node *escontext, PgXmlErrorContext *errcxt, - int sqlcode, const char *msg); --static void xml_errorHandler(void *data, xmlErrorPtr error); -+static void xml_errorHandler(void *data, PgXmlErrorPtr error); - static int errdetail_for_xml_code(int code); - static void chopStringInfoNewlines(StringInfo str); - static void appendStringInfoLineSeparator(StringInfo str); -@@ -2002,7 +2012,7 @@ xml_errsave(Node *escontext, PgXmlErrorContext *errcxt, - * Error handler for libxml errors and warnings - */ - static void --xml_errorHandler(void *data, xmlErrorPtr error) -+xml_errorHandler(void *data, PgXmlErrorPtr error) - { - PgXmlErrorContext *xmlerrcxt = (PgXmlErrorContext *) data; - xmlParserCtxtPtr ctxt = (xmlParserCtxtPtr) error->ctxt; --- -2.30.2 - diff --git a/dev-db/postgresql/postgresql-16.1-r2.ebuild b/dev-db/postgresql/postgresql-16.2.ebuild similarity index 98% rename from dev-db/postgresql/postgresql-16.1-r2.ebuild rename to dev-db/postgresql/postgresql-16.2.ebuild index 79a1a04..127fc5f 100644 --- a/dev-db/postgresql/postgresql-16.1-r2.ebuild +++ b/dev-db/postgresql/postgresql-16.2.ebuild @@ -21,9 +21,9 @@ LICENSE="POSTGRESQL GPL-2" DESCRIPTION="PostgreSQL RDBMS" HOMEPAGE="https://www.postgresql.org/" -IUSE="debug doc +icu kerberos ldap llvm lz4 nls pam perl python +IUSE="debug doc +icu kerberos ldap llvm +lz4 nls pam perl python +readline selinux +server systemd ssl static-libs tcl uuid xml - zlib zstd" + zlib +zstd" REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" @@ -48,10 +48,7 @@ readline? ( sys-libs/readline:0= ) server? ( systemd? ( sys-apps/systemd ) ) ssl? ( >=dev-libs/openssl-0.9.6-r1:0= ) tcl? ( >=dev-lang/tcl-8:0= ) -xml? ( - >=dev-libs/libxml2-2.12.0 - dev-libs/libxslt -) +xml? ( dev-libs/libxml2 dev-libs/libxslt ) zlib? ( sys-libs/zlib ) zstd? ( app-arch/zstd ) " @@ -114,9 +111,6 @@ src_prepare() { die 'PGSQL_PAM_SERVICE rename failed.' fi - eapply "${FILESDIR}"/postgresql-16-openssl3.2.patch \ - "${FILESDIR}"/postgresql-${SLOT}-xml-2.12.patch - eapply_user }