summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPatrick Lauer <patrick@gentoo.org>2024-02-09 15:05:36 +0000
committerPatrick Lauer <patrick@gentoo.org>2024-02-09 15:06:25 +0000
commit5937f46a8d7416e0dbcc8d0360159b956fbd5b92 (patch)
tree18d91d4e8791b8a8aaf4bb7f39a21c60d0385c2c
parentnet-nds/openldap: Fix type mismatches in lloadd (diff)
downloadgentoo-5937f46a8d7416e0dbcc8d0360159b956fbd5b92.tar.gz
gentoo-5937f46a8d7416e0dbcc8d0360159b956fbd5b92.tar.bz2
gentoo-5937f46a8d7416e0dbcc8d0360159b956fbd5b92.zip
dev-db/postgresql/files: Remove unused patches
Signed-off-by: Patrick Lauer <patrick@gentoo.org>
-rw-r--r--dev-db/postgresql/files/postgresql-12-openssl3.2.patch178
-rw-r--r--dev-db/postgresql/files/postgresql-12-xml-2.12.patch83
-rw-r--r--dev-db/postgresql/files/postgresql-13-openssl3.2.patch172
-rw-r--r--dev-db/postgresql/files/postgresql-13-xml-2.12.patch83
-rw-r--r--dev-db/postgresql/files/postgresql-14-openssl3.2.patch195
-rw-r--r--dev-db/postgresql/files/postgresql-14-xml-2.12.patch83
-rw-r--r--dev-db/postgresql/files/postgresql-15-openssl3.2.patch194
-rw-r--r--dev-db/postgresql/files/postgresql-15-xml-2.12.patch83
-rw-r--r--dev-db/postgresql/files/postgresql-16-openssl3.2.patch216
-rw-r--r--dev-db/postgresql/files/postgresql-16-xml-2.12.patch83
10 files changed, 0 insertions, 1370 deletions
diff --git a/dev-db/postgresql/files/postgresql-12-openssl3.2.patch b/dev-db/postgresql/files/postgresql-12-openssl3.2.patch
deleted file mode 100644
index 62b254d220c6..000000000000
--- a/dev-db/postgresql/files/postgresql-12-openssl3.2.patch
+++ /dev/null
@@ -1,178 +0,0 @@
-commit 6bb4ce36b302296fd09abb097b5e28b66117be92
-Author: Tom Lane <tgl@sss.pgh.pa.us>
-Date: Tue Nov 28 12:34:03 2023 -0500
-
- Use BIO_{get,set}_app_data instead of BIO_{get,set}_data.
-
- We should have done it this way all along, but we accidentally got
- away with using the wrong BIO field up until OpenSSL 3.2. There,
- the library's BIO routines that we rely on use the "data" field
- for their own purposes, and our conflicting use causes assorted
- weird behaviors up to and including core dumps when SSL connections
- are attempted. Switch to using the approved field for the purpose,
- i.e. app_data.
-
- While at it, remove our configure probes for BIO_get_data as well
- as the fallback implementation. BIO_{get,set}_app_data have been
- there since long before any OpenSSL version that we still support,
- even in the back branches.
-
- Also, update src/test/ssl/t/001_ssltests.pl to allow for a minor
- change in an error message spelling that evidently came in with 3.2.
-
- Tristan Partin and Bo Andreson. Back-patch to all supported branches.
-
- Discussion: https://postgr.es/m/CAN55FZ1eDDYsYaL7mv+oSLUij2h_u6hvD4Qmv-7PK7jkji0uyQ@mail.gmail.com
-
-diff --git a/configure b/configure
-index cce104aebb..346ea8e2c1 100755
---- a/configure
-+++ b/configure
-@@ -12641,7 +12641,7 @@ done
- # defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it
- # doesn't have these OpenSSL 1.1.0 functions. So check for individual
- # functions.
-- for ac_func in OPENSSL_init_ssl BIO_get_data BIO_meth_new ASN1_STRING_get0_data
-+ for ac_func in OPENSSL_init_ssl BIO_meth_new ASN1_STRING_get0_data
- do :
- as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
- ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
-diff --git a/configure.in b/configure.in
-index 3c93e7a944..2c15b20049 100644
---- a/configure.in
-+++ b/configure.in
-@@ -1290,7 +1290,7 @@ if test "$with_openssl" = yes ; then
- # defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it
- # doesn't have these OpenSSL 1.1.0 functions. So check for individual
- # functions.
-- AC_CHECK_FUNCS([OPENSSL_init_ssl BIO_get_data BIO_meth_new ASN1_STRING_get0_data])
-+ AC_CHECK_FUNCS([OPENSSL_init_ssl BIO_meth_new ASN1_STRING_get0_data])
- # OpenSSL versions before 1.1.0 required setting callback functions, for
- # thread-safety. In 1.1.0, it's no longer required, and CRYPTO_lock()
- # function was removed.
-diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
-index b0a1f7258a..34f8f9e71e 100644
---- a/src/backend/libpq/be-secure-openssl.c
-+++ b/src/backend/libpq/be-secure-openssl.c
-@@ -699,11 +699,6 @@ be_tls_write(Port *port, void *ptr, size_t len, int *waitfor)
- * to retry; do we need to adopt their logic for that?
- */
-
--#ifndef HAVE_BIO_GET_DATA
--#define BIO_get_data(bio) (bio->ptr)
--#define BIO_set_data(bio, data) (bio->ptr = data)
--#endif
--
- static BIO_METHOD *my_bio_methods = NULL;
-
- static int
-@@ -713,7 +708,7 @@ my_sock_read(BIO *h, char *buf, int size)
-
- if (buf != NULL)
- {
-- res = secure_raw_read(((Port *) BIO_get_data(h)), buf, size);
-+ res = secure_raw_read(((Port *) BIO_get_app_data(h)), buf, size);
- BIO_clear_retry_flags(h);
- if (res <= 0)
- {
-@@ -733,7 +728,7 @@ my_sock_write(BIO *h, const char *buf, int size)
- {
- int res = 0;
-
-- res = secure_raw_write(((Port *) BIO_get_data(h)), buf, size);
-+ res = secure_raw_write(((Port *) BIO_get_app_data(h)), buf, size);
- BIO_clear_retry_flags(h);
- if (res <= 0)
- {
-@@ -809,7 +804,7 @@ my_SSL_set_fd(Port *port, int fd)
- SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
- goto err;
- }
-- BIO_set_data(bio, port);
-+ BIO_set_app_data(bio, port);
-
- BIO_set_fd(bio, fd, BIO_NOCLOSE);
- SSL_set_bio(port->ssl, bio, bio);
-diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in
-index 457a8713cc..1e9d21c3e4 100644
---- a/src/include/pg_config.h.in
-+++ b/src/include/pg_config.h.in
-@@ -96,9 +96,6 @@
- /* Define to 1 if you have the <atomic.h> header file. */
- #undef HAVE_ATOMIC_H
-
--/* Define to 1 if you have the `BIO_get_data' function. */
--#undef HAVE_BIO_GET_DATA
--
- /* Define to 1 if you have the `BIO_meth_new' function. */
- #undef HAVE_BIO_METH_NEW
-
-diff --git a/src/include/pg_config.h.win32 b/src/include/pg_config.h.win32
-index 42fd7067f1..37accc560b 100644
---- a/src/include/pg_config.h.win32
-+++ b/src/include/pg_config.h.win32
-@@ -75,9 +75,6 @@
- /* Define to 1 if you have the `ASN1_STRING_get0_data' function. */
- /* #undef HAVE_ASN1_STRING_GET0_DATA */
-
--/* Define to 1 if you have the `BIO_get_data' function. */
--/* #undef HAVE_BIO_GET_DATA */
--
- /* Define to 1 if you have the `BIO_meth_new' function. */
- /* #undef HAVE_BIO_METH_NEW */
-
-diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c
-index 5948a37983..5729dd9acf 100644
---- a/src/interfaces/libpq/fe-secure-openssl.c
-+++ b/src/interfaces/libpq/fe-secure-openssl.c
-@@ -1491,10 +1491,7 @@ PQsslAttribute(PGconn *conn, const char *attribute_name)
- * to retry; do we need to adopt their logic for that?
- */
-
--#ifndef HAVE_BIO_GET_DATA
--#define BIO_get_data(bio) (bio->ptr)
--#define BIO_set_data(bio, data) (bio->ptr = data)
--#endif
-+/* protected by ssl_config_mutex */
-
- static BIO_METHOD *my_bio_methods;
-
-@@ -1503,7 +1500,7 @@ my_sock_read(BIO *h, char *buf, int size)
- {
- int res;
-
-- res = pqsecure_raw_read((PGconn *) BIO_get_data(h), buf, size);
-+ res = pqsecure_raw_read((PGconn *) BIO_get_app_data(h), buf, size);
- BIO_clear_retry_flags(h);
- if (res < 0)
- {
-@@ -1533,7 +1530,7 @@ my_sock_write(BIO *h, const char *buf, int size)
- {
- int res;
-
-- res = pqsecure_raw_write((PGconn *) BIO_get_data(h), buf, size);
-+ res = pqsecure_raw_write((PGconn *) BIO_get_app_data(h), buf, size);
- BIO_clear_retry_flags(h);
- if (res < 0)
- {
-@@ -1624,7 +1621,7 @@ my_SSL_set_fd(PGconn *conn, int fd)
- SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
- goto err;
- }
-- BIO_set_data(bio, conn);
-+ BIO_set_app_data(bio, conn);
-
- SSL_set_bio(conn->ssl, bio, bio);
- BIO_set_fd(bio, fd, BIO_NOCLOSE);
-diff --git a/src/tools/msvc/Solution.pm b/src/tools/msvc/Solution.pm
-index 20ce233af4..a7e5fdbda9 100644
---- a/src/tools/msvc/Solution.pm
-+++ b/src/tools/msvc/Solution.pm
-@@ -273,7 +273,6 @@ sub GenerateFiles
- || ($digit1 >= '1' && $digit2 >= '1' && $digit3 >= '0'))
- {
- print $o "#define HAVE_ASN1_STRING_GET0_DATA 1\n";
-- print $o "#define HAVE_BIO_GET_DATA 1\n";
- print $o "#define HAVE_BIO_METH_NEW 1\n";
- print $o "#define HAVE_OPENSSL_INIT_SSL 1\n";
- }
diff --git a/dev-db/postgresql/files/postgresql-12-xml-2.12.patch b/dev-db/postgresql/files/postgresql-12-xml-2.12.patch
deleted file mode 100644
index 2929eb7302e2..000000000000
--- a/dev-db/postgresql/files/postgresql-12-xml-2.12.patch
+++ /dev/null
@@ -1,83 +0,0 @@
-From b2fd1dab90240ebb9017cd2fddd731c3641ba434 Mon Sep 17 00:00:00 2001
-From: Tom Lane <tgl@sss.pgh.pa.us>
-Date: Mon, 29 Jan 2024 12:06:08 -0500
-Subject: [PATCH] Fix incompatibilities with libxml2 >= 2.12.0.
-
-libxml2 changed the required signature of error handler callbacks
-to make the passed xmlError struct "const". This is causing build
-failures on buildfarm member caiman, and no doubt will start showing
-up in the field quite soon. Add a version check to adjust the
-declaration of xml_errorHandler() according to LIBXML_VERSION.
-
-2.12.x also produces deprecation warnings for contrib/xml2/xpath.c's
-assignment to xmlLoadExtDtdDefaultValue. I see no good reason for
-that to still be there, seeing that we disabled external DTDs (at a
-lower level) years ago for security reasons. Let's just remove it.
-
-Back-patch to all supported branches, since they might all get built
-with newer libxml2 once it gets a bit more popular. (The back
-branches produce another deprecation warning about xpath.c's use of
-xmlSubstituteEntitiesDefault(). We ought to consider whether to
-back-patch all or part of commit 65c5864d7 to silence that. It's
-less urgent though, since it won't break the buildfarm.)
-
-Discussion: https://postgr.es/m/1389505.1706382262@sss.pgh.pa.us
----
- contrib/xml2/xpath.c | 1 -
- src/backend/utils/adt/xml.c | 14 ++++++++++++--
- 2 files changed, 12 insertions(+), 3 deletions(-)
-
-diff --git a/contrib/xml2/xpath.c b/contrib/xml2/xpath.c
-index 1e5b71d9a0..f44caf0020 100644
---- a/contrib/xml2/xpath.c
-+++ b/contrib/xml2/xpath.c
-@@ -75,7 +75,6 @@ pgxml_parser_init(PgXmlStrictness strictness)
- xmlInitParser();
-
- xmlSubstituteEntitiesDefault(1);
-- xmlLoadExtDtdDefaultValue = 1;
-
- return xmlerrcxt;
- }
-diff --git a/src/backend/utils/adt/xml.c b/src/backend/utils/adt/xml.c
-index 9f319077cb..51b16f2b73 100644
---- a/src/backend/utils/adt/xml.c
-+++ b/src/backend/utils/adt/xml.c
-@@ -65,6 +65,16 @@
- #if LIBXML_VERSION >= 20704
- #define HAVE_XMLSTRUCTUREDERRORCONTEXT 1
- #endif
-+
-+/*
-+ * libxml2 2.12 decided to insert "const" into the error handler API.
-+ */
-+#if LIBXML_VERSION >= 21200
-+#define PgXmlErrorPtr const xmlError *
-+#else
-+#define PgXmlErrorPtr xmlErrorPtr
-+#endif
-+
- #endif /* USE_LIBXML */
-
- #include "access/htup_details.h"
-@@ -119,7 +129,7 @@ struct PgXmlErrorContext
-
- static xmlParserInputPtr xmlPgEntityLoader(const char *URL, const char *ID,
- xmlParserCtxtPtr ctxt);
--static void xml_errorHandler(void *data, xmlErrorPtr error);
-+static void xml_errorHandler(void *data, PgXmlErrorPtr error);
- static void xml_ereport_by_code(int level, int sqlcode,
- const char *msg, int errcode);
- static void chopStringInfoNewlines(StringInfo str);
-@@ -1752,7 +1762,7 @@ xml_ereport(PgXmlErrorContext *errcxt, int level, int sqlcode, const char *msg)
- * Error handler for libxml errors and warnings
- */
- static void
--xml_errorHandler(void *data, xmlErrorPtr error)
-+xml_errorHandler(void *data, PgXmlErrorPtr error)
- {
- PgXmlErrorContext *xmlerrcxt = (PgXmlErrorContext *) data;
- xmlParserCtxtPtr ctxt = (xmlParserCtxtPtr) error->ctxt;
---
-2.30.2
-
diff --git a/dev-db/postgresql/files/postgresql-13-openssl3.2.patch b/dev-db/postgresql/files/postgresql-13-openssl3.2.patch
deleted file mode 100644
index fbb80a3ecb20..000000000000
--- a/dev-db/postgresql/files/postgresql-13-openssl3.2.patch
+++ /dev/null
@@ -1,172 +0,0 @@
-commit dc8936b9dba79c80aaba8e7232434fb200e95725
-Author: Tom Lane <tgl@sss.pgh.pa.us>
-Date: Tue Nov 28 12:34:03 2023 -0500
-
- Use BIO_{get,set}_app_data instead of BIO_{get,set}_data.
-
- We should have done it this way all along, but we accidentally got
- away with using the wrong BIO field up until OpenSSL 3.2. There,
- the library's BIO routines that we rely on use the "data" field
- for their own purposes, and our conflicting use causes assorted
- weird behaviors up to and including core dumps when SSL connections
- are attempted. Switch to using the approved field for the purpose,
- i.e. app_data.
-
- While at it, remove our configure probes for BIO_get_data as well
- as the fallback implementation. BIO_{get,set}_app_data have been
- there since long before any OpenSSL version that we still support,
- even in the back branches.
-
- Also, update src/test/ssl/t/001_ssltests.pl to allow for a minor
- change in an error message spelling that evidently came in with 3.2.
-
- Tristan Partin and Bo Andreson. Back-patch to all supported branches.
-
- Discussion: https://postgr.es/m/CAN55FZ1eDDYsYaL7mv+oSLUij2h_u6hvD4Qmv-7PK7jkji0uyQ@mail.gmail.com
-
-diff --git a/configure b/configure
-index 2fc7dca504..b7caf88229 100755
---- a/configure
-+++ b/configure
-@@ -12713,7 +12713,7 @@ done
- # defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it
- # doesn't have these OpenSSL 1.1.0 functions. So check for individual
- # functions.
-- for ac_func in OPENSSL_init_ssl BIO_get_data BIO_meth_new ASN1_STRING_get0_data
-+ for ac_func in OPENSSL_init_ssl BIO_meth_new ASN1_STRING_get0_data
- do :
- as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
- ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
-diff --git a/configure.in b/configure.in
-index eaca132607..9aec28c8d1 100644
---- a/configure.in
-+++ b/configure.in
-@@ -1275,7 +1275,7 @@ if test "$with_openssl" = yes ; then
- # defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it
- # doesn't have these OpenSSL 1.1.0 functions. So check for individual
- # functions.
-- AC_CHECK_FUNCS([OPENSSL_init_ssl BIO_get_data BIO_meth_new ASN1_STRING_get0_data])
-+ AC_CHECK_FUNCS([OPENSSL_init_ssl BIO_meth_new ASN1_STRING_get0_data])
- # OpenSSL versions before 1.1.0 required setting callback functions, for
- # thread-safety. In 1.1.0, it's no longer required, and CRYPTO_lock()
- # function was removed.
-diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
-index 55fe59276a..9e22911379 100644
---- a/src/backend/libpq/be-secure-openssl.c
-+++ b/src/backend/libpq/be-secure-openssl.c
-@@ -748,11 +748,6 @@ be_tls_write(Port *port, void *ptr, size_t len, int *waitfor)
- * to retry; do we need to adopt their logic for that?
- */
-
--#ifndef HAVE_BIO_GET_DATA
--#define BIO_get_data(bio) (bio->ptr)
--#define BIO_set_data(bio, data) (bio->ptr = data)
--#endif
--
- static BIO_METHOD *my_bio_methods = NULL;
-
- static int
-@@ -762,7 +757,7 @@ my_sock_read(BIO *h, char *buf, int size)
-
- if (buf != NULL)
- {
-- res = secure_raw_read(((Port *) BIO_get_data(h)), buf, size);
-+ res = secure_raw_read(((Port *) BIO_get_app_data(h)), buf, size);
- BIO_clear_retry_flags(h);
- if (res <= 0)
- {
-@@ -782,7 +777,7 @@ my_sock_write(BIO *h, const char *buf, int size)
- {
- int res = 0;
-
-- res = secure_raw_write(((Port *) BIO_get_data(h)), buf, size);
-+ res = secure_raw_write(((Port *) BIO_get_app_data(h)), buf, size);
- BIO_clear_retry_flags(h);
- if (res <= 0)
- {
-@@ -858,7 +853,7 @@ my_SSL_set_fd(Port *port, int fd)
- SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
- goto err;
- }
-- BIO_set_data(bio, port);
-+ BIO_set_app_data(bio, port);
-
- BIO_set_fd(bio, fd, BIO_NOCLOSE);
- SSL_set_bio(port->ssl, bio, bio);
-diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in
-index 13fc4e0db6..978e685c70 100644
---- a/src/include/pg_config.h.in
-+++ b/src/include/pg_config.h.in
-@@ -86,9 +86,6 @@
- /* Define to 1 if you have the `backtrace_symbols' function. */
- #undef HAVE_BACKTRACE_SYMBOLS
-
--/* Define to 1 if you have the `BIO_get_data' function. */
--#undef HAVE_BIO_GET_DATA
--
- /* Define to 1 if you have the `BIO_meth_new' function. */
- #undef HAVE_BIO_METH_NEW
-
-diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c
-index 07d5daf4d9..73b1720c4c 100644
---- a/src/interfaces/libpq/fe-secure-openssl.c
-+++ b/src/interfaces/libpq/fe-secure-openssl.c
-@@ -1602,10 +1602,7 @@ PQsslAttribute(PGconn *conn, const char *attribute_name)
- * to retry; do we need to adopt their logic for that?
- */
-
--#ifndef HAVE_BIO_GET_DATA
--#define BIO_get_data(bio) (bio->ptr)
--#define BIO_set_data(bio, data) (bio->ptr = data)
--#endif
-+/* protected by ssl_config_mutex */
-
- static BIO_METHOD *my_bio_methods;
-
-@@ -1614,7 +1611,7 @@ my_sock_read(BIO *h, char *buf, int size)
- {
- int res;
-
-- res = pqsecure_raw_read((PGconn *) BIO_get_data(h), buf, size);
-+ res = pqsecure_raw_read((PGconn *) BIO_get_app_data(h), buf, size);
- BIO_clear_retry_flags(h);
- if (res < 0)
- {
-@@ -1644,7 +1641,7 @@ my_sock_write(BIO *h, const char *buf, int size)
- {
- int res;
-
-- res = pqsecure_raw_write((PGconn *) BIO_get_data(h), buf, size);
-+ res = pqsecure_raw_write((PGconn *) BIO_get_app_data(h), buf, size);
- BIO_clear_retry_flags(h);
- if (res < 0)
- {
-@@ -1735,7 +1732,7 @@ my_SSL_set_fd(PGconn *conn, int fd)
- SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
- goto err;
- }
-- BIO_set_data(bio, conn);
-+ BIO_set_app_data(bio, conn);
-
- SSL_set_bio(conn->ssl, bio, bio);
- BIO_set_fd(bio, fd, BIO_NOCLOSE);
-diff --git a/src/tools/msvc/Solution.pm b/src/tools/msvc/Solution.pm
-index 78328e1fac..e88e3967cd 100644
---- a/src/tools/msvc/Solution.pm
-+++ b/src/tools/msvc/Solution.pm
-@@ -226,7 +226,6 @@ sub GenerateFiles
- HAVE_ATOMICS => 1,
- HAVE_ATOMIC_H => undef,
- HAVE_BACKTRACE_SYMBOLS => undef,
-- HAVE_BIO_GET_DATA => undef,
- HAVE_BIO_METH_NEW => undef,
- HAVE_CLOCK_GETTIME => undef,
- HAVE_COMPUTED_GOTO => undef,
-@@ -543,7 +542,6 @@ sub GenerateFiles
- || ($digit1 >= '1' && $digit2 >= '1' && $digit3 >= '0'))
- {
- $define{HAVE_ASN1_STRING_GET0_DATA} = 1;
-- $define{HAVE_BIO_GET_DATA} = 1;
- $define{HAVE_BIO_METH_NEW} = 1;
- $define{HAVE_OPENSSL_INIT_SSL} = 1;
- }
diff --git a/dev-db/postgresql/files/postgresql-13-xml-2.12.patch b/dev-db/postgresql/files/postgresql-13-xml-2.12.patch
deleted file mode 100644
index a8daa6e7ce2f..000000000000
--- a/dev-db/postgresql/files/postgresql-13-xml-2.12.patch
+++ /dev/null
@@ -1,83 +0,0 @@
-From 7c53b1977ba6bed81deca3164c17e61f10725226 Mon Sep 17 00:00:00 2001
-From: Tom Lane <tgl@sss.pgh.pa.us>
-Date: Mon, 29 Jan 2024 12:06:08 -0500
-Subject: [PATCH] Fix incompatibilities with libxml2 >= 2.12.0.
-
-libxml2 changed the required signature of error handler callbacks
-to make the passed xmlError struct "const". This is causing build
-failures on buildfarm member caiman, and no doubt will start showing
-up in the field quite soon. Add a version check to adjust the
-declaration of xml_errorHandler() according to LIBXML_VERSION.
-
-2.12.x also produces deprecation warnings for contrib/xml2/xpath.c's
-assignment to xmlLoadExtDtdDefaultValue. I see no good reason for
-that to still be there, seeing that we disabled external DTDs (at a
-lower level) years ago for security reasons. Let's just remove it.
-
-Back-patch to all supported branches, since they might all get built
-with newer libxml2 once it gets a bit more popular. (The back
-branches produce another deprecation warning about xpath.c's use of
-xmlSubstituteEntitiesDefault(). We ought to consider whether to
-back-patch all or part of commit 65c5864d7 to silence that. It's
-less urgent though, since it won't break the buildfarm.)
-
-Discussion: https://postgr.es/m/1389505.1706382262@sss.pgh.pa.us
----
- contrib/xml2/xpath.c | 1 -
- src/backend/utils/adt/xml.c | 14 ++++++++++++--
- 2 files changed, 12 insertions(+), 3 deletions(-)
-
-diff --git a/contrib/xml2/xpath.c b/contrib/xml2/xpath.c
-index 1e5b71d9a0..f44caf0020 100644
---- a/contrib/xml2/xpath.c
-+++ b/contrib/xml2/xpath.c
-@@ -75,7 +75,6 @@ pgxml_parser_init(PgXmlStrictness strictness)
- xmlInitParser();
-
- xmlSubstituteEntitiesDefault(1);
-- xmlLoadExtDtdDefaultValue = 1;
-
- return xmlerrcxt;
- }
-diff --git a/src/backend/utils/adt/xml.c b/src/backend/utils/adt/xml.c
-index 7fc9669fb0..febe0a6220 100644
---- a/src/backend/utils/adt/xml.c
-+++ b/src/backend/utils/adt/xml.c
-@@ -65,6 +65,16 @@
- #if LIBXML_VERSION >= 20704
- #define HAVE_XMLSTRUCTUREDERRORCONTEXT 1
- #endif
-+
-+/*
-+ * libxml2 2.12 decided to insert "const" into the error handler API.
-+ */
-+#if LIBXML_VERSION >= 21200
-+#define PgXmlErrorPtr const xmlError *
-+#else
-+#define PgXmlErrorPtr xmlErrorPtr
-+#endif
-+
- #endif /* USE_LIBXML */
-
- #include "access/htup_details.h"
-@@ -119,7 +129,7 @@ struct PgXmlErrorContext
-
- static xmlParserInputPtr xmlPgEntityLoader(const char *URL, const char *ID,
- xmlParserCtxtPtr ctxt);
--static void xml_errorHandler(void *data, xmlErrorPtr error);
-+static void xml_errorHandler(void *data, PgXmlErrorPtr error);
- static void xml_ereport_by_code(int level, int sqlcode,
- const char *msg, int errcode);
- static void chopStringInfoNewlines(StringInfo str);
-@@ -1750,7 +1760,7 @@ xml_ereport(PgXmlErrorContext *errcxt, int level, int sqlcode, const char *msg)
- * Error handler for libxml errors and warnings
- */
- static void
--xml_errorHandler(void *data, xmlErrorPtr error)
-+xml_errorHandler(void *data, PgXmlErrorPtr error)
- {
- PgXmlErrorContext *xmlerrcxt = (PgXmlErrorContext *) data;
- xmlParserCtxtPtr ctxt = (xmlParserCtxtPtr) error->ctxt;
---
-2.30.2
-
diff --git a/dev-db/postgresql/files/postgresql-14-openssl3.2.patch b/dev-db/postgresql/files/postgresql-14-openssl3.2.patch
deleted file mode 100644
index c8064adc23a6..000000000000
--- a/dev-db/postgresql/files/postgresql-14-openssl3.2.patch
+++ /dev/null
@@ -1,195 +0,0 @@
-commit 50e866f5f3be671620490e3cb3eea533f1677f6c
-Author: Tom Lane <tgl@sss.pgh.pa.us>
-Date: Tue Nov 28 12:34:03 2023 -0500
-
- Use BIO_{get,set}_app_data instead of BIO_{get,set}_data.
-
- We should have done it this way all along, but we accidentally got
- away with using the wrong BIO field up until OpenSSL 3.2. There,
- the library's BIO routines that we rely on use the "data" field
- for their own purposes, and our conflicting use causes assorted
- weird behaviors up to and including core dumps when SSL connections
- are attempted. Switch to using the approved field for the purpose,
- i.e. app_data.
-
- While at it, remove our configure probes for BIO_get_data as well
- as the fallback implementation. BIO_{get,set}_app_data have been
- there since long before any OpenSSL version that we still support,
- even in the back branches.
-
- Also, update src/test/ssl/t/001_ssltests.pl to allow for a minor
- change in an error message spelling that evidently came in with 3.2.
-
- Tristan Partin and Bo Andreson. Back-patch to all supported branches.
-
- Discussion: https://postgr.es/m/CAN55FZ1eDDYsYaL7mv+oSLUij2h_u6hvD4Qmv-7PK7jkji0uyQ@mail.gmail.com
-
-diff --git a/configure b/configure
-index 62a921b5e7..f74b9862a0 100755
---- a/configure
-+++ b/configure
-@@ -13071,7 +13071,7 @@ done
- # defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it
- # doesn't have these OpenSSL 1.1.0 functions. So check for individual
- # functions.
-- for ac_func in OPENSSL_init_ssl BIO_get_data BIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free
-+ for ac_func in OPENSSL_init_ssl BIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free
- do :
- as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
- ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
-diff --git a/configure.ac b/configure.ac
-index a3243cc7e8..46624d2a11 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -1311,7 +1311,7 @@ if test "$with_ssl" = openssl ; then
- # defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it
- # doesn't have these OpenSSL 1.1.0 functions. So check for individual
- # functions.
-- AC_CHECK_FUNCS([OPENSSL_init_ssl BIO_get_data BIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free])
-+ AC_CHECK_FUNCS([OPENSSL_init_ssl BIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free])
- # OpenSSL versions before 1.1.0 required setting callback functions, for
- # thread-safety. In 1.1.0, it's no longer required, and CRYPTO_lock()
- # function was removed.
-diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
-index 13ac961442..e39952494e 100644
---- a/src/backend/libpq/be-secure-openssl.c
-+++ b/src/backend/libpq/be-secure-openssl.c
-@@ -823,11 +823,6 @@ be_tls_write(Port *port, void *ptr, size_t len, int *waitfor)
- * to retry; do we need to adopt their logic for that?
- */
-
--#ifndef HAVE_BIO_GET_DATA
--#define BIO_get_data(bio) (bio->ptr)
--#define BIO_set_data(bio, data) (bio->ptr = data)
--#endif
--
- static BIO_METHOD *my_bio_methods = NULL;
-
- static int
-@@ -837,7 +832,7 @@ my_sock_read(BIO *h, char *buf, int size)
-
- if (buf != NULL)
- {
-- res = secure_raw_read(((Port *) BIO_get_data(h)), buf, size);
-+ res = secure_raw_read(((Port *) BIO_get_app_data(h)), buf, size);
- BIO_clear_retry_flags(h);
- if (res <= 0)
- {
-@@ -857,7 +852,7 @@ my_sock_write(BIO *h, const char *buf, int size)
- {
- int res = 0;
-
-- res = secure_raw_write(((Port *) BIO_get_data(h)), buf, size);
-+ res = secure_raw_write(((Port *) BIO_get_app_data(h)), buf, size);
- BIO_clear_retry_flags(h);
- if (res <= 0)
- {
-@@ -933,7 +928,7 @@ my_SSL_set_fd(Port *port, int fd)
- SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
- goto err;
- }
-- BIO_set_data(bio, port);
-+ BIO_set_app_data(bio, port);
-
- BIO_set_fd(bio, fd, BIO_NOCLOSE);
- SSL_set_bio(port->ssl, bio, bio);
-diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in
-index 40d513c128..51fa911fb6 100644
---- a/src/include/pg_config.h.in
-+++ b/src/include/pg_config.h.in
-@@ -86,9 +86,6 @@
- /* Define to 1 if you have the `backtrace_symbols' function. */
- #undef HAVE_BACKTRACE_SYMBOLS
-
--/* Define to 1 if you have the `BIO_get_data' function. */
--#undef HAVE_BIO_GET_DATA
--
- /* Define to 1 if you have the `BIO_meth_new' function. */
- #undef HAVE_BIO_METH_NEW
-
-diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c
-index 7f27767da6..383fdbe80e 100644
---- a/src/interfaces/libpq/fe-secure-openssl.c
-+++ b/src/interfaces/libpq/fe-secure-openssl.c
-@@ -1661,11 +1661,7 @@ PQsslAttribute(PGconn *conn, const char *attribute_name)
- * to retry; do we need to adopt their logic for that?
- */
-
--#ifndef HAVE_BIO_GET_DATA
--#define BIO_get_data(bio) (bio->ptr)
--#define BIO_set_data(bio, data) (bio->ptr = data)
--#endif
--
-+/* protected by ssl_config_mutex */
- static BIO_METHOD *my_bio_methods;
-
- static int
-@@ -1673,7 +1669,7 @@ my_sock_read(BIO *h, char *buf, int size)
- {
- int res;
-
-- res = pqsecure_raw_read((PGconn *) BIO_get_data(h), buf, size);
-+ res = pqsecure_raw_read((PGconn *) BIO_get_app_data(h), buf, size);
- BIO_clear_retry_flags(h);
- if (res < 0)
- {
-@@ -1703,7 +1699,7 @@ my_sock_write(BIO *h, const char *buf, int size)
- {
- int res;
-
-- res = pqsecure_raw_write((PGconn *) BIO_get_data(h), buf, size);
-+ res = pqsecure_raw_write((PGconn *) BIO_get_app_data(h), buf, size);
- BIO_clear_retry_flags(h);
- if (res < 0)
- {
-@@ -1794,7 +1790,7 @@ my_SSL_set_fd(PGconn *conn, int fd)
- SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
- goto err;
- }
-- BIO_set_data(bio, conn);
-+ BIO_set_app_data(bio, conn);
-
- SSL_set_bio(conn->ssl, bio, bio);
- BIO_set_fd(bio, fd, BIO_NOCLOSE);
-diff --git a/src/test/ssl/t/001_ssltests.pl b/src/test/ssl/t/001_ssltests.pl
-index 8cdd0d2e68..cc7bd98c83 100644
---- a/src/test/ssl/t/001_ssltests.pl
-+++ b/src/test/ssl/t/001_ssltests.pl
-@@ -538,7 +538,7 @@ $node->connect_fails(
- $node->connect_fails(
- "$common_connstr user=ssltestuser sslcert=ssl/client-revoked.crt sslkey=ssl/client-revoked_tmp.key",
- "certificate authorization fails with revoked client cert",
-- expected_stderr => qr/SSL error: sslv3 alert certificate revoked/,
-+ expected_stderr => qr|SSL error: ssl[a-z0-9/]* alert certificate revoked|,
- # revoked certificates should not authenticate the user
- log_unlike => [qr/connection authenticated:/],);
-
-@@ -591,7 +591,7 @@ switch_server_cert($node, 'server-cn-only', undef, undef,
- $node->connect_fails(
- "$common_connstr user=ssltestuser sslcert=ssl/client-revoked.crt sslkey=ssl/client-revoked_tmp.key",
- "certificate authorization fails with revoked client cert with server-side CRL directory",
-- expected_stderr => qr/SSL error: sslv3 alert certificate revoked/);
-+ expected_stderr => qr|SSL error: ssl[a-z0-9/]* alert certificate revoked|);
-
- # clean up
- foreach my $key (@keys)
-diff --git a/src/tools/msvc/Solution.pm b/src/tools/msvc/Solution.pm
-index 577b5afea7..53d60dbd25 100644
---- a/src/tools/msvc/Solution.pm
-+++ b/src/tools/msvc/Solution.pm
-@@ -229,7 +229,6 @@ sub GenerateFiles
- HAVE_ATOMICS => 1,
- HAVE_ATOMIC_H => undef,
- HAVE_BACKTRACE_SYMBOLS => undef,
-- HAVE_BIO_GET_DATA => undef,
- HAVE_BIO_METH_NEW => undef,
- HAVE_CLOCK_GETTIME => undef,
- HAVE_COMPUTED_GOTO => undef,
-@@ -562,7 +561,6 @@ sub GenerateFiles
- || ($digit1 >= '1' && $digit2 >= '1' && $digit3 >= '0'))
- {
- $define{HAVE_ASN1_STRING_GET0_DATA} = 1;
-- $define{HAVE_BIO_GET_DATA} = 1;
- $define{HAVE_BIO_METH_NEW} = 1;
- $define{HAVE_HMAC_CTX_FREE} = 1;
- $define{HAVE_HMAC_CTX_NEW} = 1;
diff --git a/dev-db/postgresql/files/postgresql-14-xml-2.12.patch b/dev-db/postgresql/files/postgresql-14-xml-2.12.patch
deleted file mode 100644
index 2b1d6b1b3448..000000000000
--- a/dev-db/postgresql/files/postgresql-14-xml-2.12.patch
+++ /dev/null
@@ -1,83 +0,0 @@
-From 29e25a6b1eb1b77ecfdbcb5b8dc07c8a6cdcf089 Mon Sep 17 00:00:00 2001
-From: Tom Lane <tgl@sss.pgh.pa.us>
-Date: Mon, 29 Jan 2024 12:06:08 -0500
-Subject: [PATCH] Fix incompatibilities with libxml2 >= 2.12.0.
-
-libxml2 changed the required signature of error handler callbacks
-to make the passed xmlError struct "const". This is causing build
-failures on buildfarm member caiman, and no doubt will start showing
-up in the field quite soon. Add a version check to adjust the
-declaration of xml_errorHandler() according to LIBXML_VERSION.
-
-2.12.x also produces deprecation warnings for contrib/xml2/xpath.c's
-assignment to xmlLoadExtDtdDefaultValue. I see no good reason for
-that to still be there, seeing that we disabled external DTDs (at a
-lower level) years ago for security reasons. Let's just remove it.
-
-Back-patch to all supported branches, since they might all get built
-with newer libxml2 once it gets a bit more popular. (The back
-branches produce another deprecation warning about xpath.c's use of
-xmlSubstituteEntitiesDefault(). We ought to consider whether to
-back-patch all or part of commit 65c5864d7 to silence that. It's
-less urgent though, since it won't break the buildfarm.)
-
-Discussion: https://postgr.es/m/1389505.1706382262@sss.pgh.pa.us
----
- contrib/xml2/xpath.c | 1 -
- src/backend/utils/adt/xml.c | 14 ++++++++++++--
- 2 files changed, 12 insertions(+), 3 deletions(-)
-
-diff --git a/contrib/xml2/xpath.c b/contrib/xml2/xpath.c
-index 1e5b71d9a0..f44caf0020 100644
---- a/contrib/xml2/xpath.c
-+++ b/contrib/xml2/xpath.c
-@@ -75,7 +75,6 @@ pgxml_parser_init(PgXmlStrictness strictness)
- xmlInitParser();
-
- xmlSubstituteEntitiesDefault(1);
-- xmlLoadExtDtdDefaultValue = 1;
-
- return xmlerrcxt;
- }
-diff --git a/src/backend/utils/adt/xml.c b/src/backend/utils/adt/xml.c
-index df7a1b6c40..d7caaaaca0 100644
---- a/src/backend/utils/adt/xml.c
-+++ b/src/backend/utils/adt/xml.c
-@@ -65,6 +65,16 @@
- #if LIBXML_VERSION >= 20704
- #define HAVE_XMLSTRUCTUREDERRORCONTEXT 1
- #endif
-+
-+/*
-+ * libxml2 2.12 decided to insert "const" into the error handler API.
-+ */
-+#if LIBXML_VERSION >= 21200
-+#define PgXmlErrorPtr const xmlError *
-+#else
-+#define PgXmlErrorPtr xmlErrorPtr
-+#endif
-+
- #endif /* USE_LIBXML */
-
- #include "access/htup_details.h"
-@@ -119,7 +129,7 @@ struct PgXmlErrorContext
-
- static xmlParserInputPtr xmlPgEntityLoader(const char *URL, const char *ID,
- xmlParserCtxtPtr ctxt);
--static void xml_errorHandler(void *data, xmlErrorPtr error);
-+static void xml_errorHandler(void *data, PgXmlErrorPtr error);
- static void xml_ereport_by_code(int level, int sqlcode,
- const char *msg, int errcode);
- static void chopStringInfoNewlines(StringInfo str);
-@@ -1750,7 +1760,7 @@ xml_ereport(PgXmlErrorContext *errcxt, int level, int sqlcode, const char *msg)
- * Error handler for libxml errors and warnings
- */
- static void
--xml_errorHandler(void *data, xmlErrorPtr error)
-+xml_errorHandler(void *data, PgXmlErrorPtr error)
- {
- PgXmlErrorContext *xmlerrcxt = (PgXmlErrorContext *) data;
- xmlParserCtxtPtr ctxt = (xmlParserCtxtPtr) error->ctxt;
---
-2.30.2
-
diff --git a/dev-db/postgresql/files/postgresql-15-openssl3.2.patch b/dev-db/postgresql/files/postgresql-15-openssl3.2.patch
deleted file mode 100644
index 6e0b954a9f0b..000000000000
--- a/dev-db/postgresql/files/postgresql-15-openssl3.2.patch
+++ /dev/null
@@ -1,194 +0,0 @@
-commit a4927ebffae000198f6054eea26191ac2e50697f
-Author: Tom Lane <tgl@sss.pgh.pa.us>
-Date: Tue Nov 28 12:34:03 2023 -0500
-
- Use BIO_{get,set}_app_data instead of BIO_{get,set}_data.
-
- We should have done it this way all along, but we accidentally got
- away with using the wrong BIO field up until OpenSSL 3.2. There,
- the library's BIO routines that we rely on use the "data" field
- for their own purposes, and our conflicting use causes assorted
- weird behaviors up to and including core dumps when SSL connections
- are attempted. Switch to using the approved field for the purpose,
- i.e. app_data.
-
- While at it, remove our configure probes for BIO_get_data as well
- as the fallback implementation. BIO_{get,set}_app_data have been
- there since long before any OpenSSL version that we still support,
- even in the back branches.
-
- Also, update src/test/ssl/t/001_ssltests.pl to allow for a minor
- change in an error message spelling that evidently came in with 3.2.
-
- Tristan Partin and Bo Andreson. Back-patch to all supported branches.
-
- Discussion: https://postgr.es/m/CAN55FZ1eDDYsYaL7mv+oSLUij2h_u6hvD4Qmv-7PK7jkji0uyQ@mail.gmail.com
-
-diff --git a/configure b/configure
-index d83a402ea1..d55440cd6a 100755
---- a/configure
-+++ b/configure
-@@ -13239,7 +13239,7 @@ done
- # defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it
- # doesn't have these OpenSSL 1.1.0 functions. So check for individual
- # functions.
-- for ac_func in OPENSSL_init_ssl BIO_get_data BIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free
-+ for ac_func in OPENSSL_init_ssl BIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free
- do :
- as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
- ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
-diff --git a/configure.ac b/configure.ac
-index 570daced81..2bc752ca1a 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -1347,7 +1347,7 @@ if test "$with_ssl" = openssl ; then
- # defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it
- # doesn't have these OpenSSL 1.1.0 functions. So check for individual
- # functions.
-- AC_CHECK_FUNCS([OPENSSL_init_ssl BIO_get_data BIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free])
-+ AC_CHECK_FUNCS([OPENSSL_init_ssl BIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free])
- # OpenSSL versions before 1.1.0 required setting callback functions, for
- # thread-safety. In 1.1.0, it's no longer required, and CRYPTO_lock()
- # function was removed.
-diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
-index f5c5ed210e..aed8a75345 100644
---- a/src/backend/libpq/be-secure-openssl.c
-+++ b/src/backend/libpq/be-secure-openssl.c
-@@ -839,11 +839,6 @@ be_tls_write(Port *port, void *ptr, size_t len, int *waitfor)
- * to retry; do we need to adopt their logic for that?
- */
-
--#ifndef HAVE_BIO_GET_DATA
--#define BIO_get_data(bio) (bio->ptr)
--#define BIO_set_data(bio, data) (bio->ptr = data)
--#endif
--
- static BIO_METHOD *my_bio_methods = NULL;
-
- static int
-@@ -853,7 +848,7 @@ my_sock_read(BIO *h, char *buf, int size)
-
- if (buf != NULL)
- {
-- res = secure_raw_read(((Port *) BIO_get_data(h)), buf, size);
-+ res = secure_raw_read(((Port *) BIO_get_app_data(h)), buf, size);
- BIO_clear_retry_flags(h);
- if (res <= 0)
- {
-@@ -873,7 +868,7 @@ my_sock_write(BIO *h, const char *buf, int size)
- {
- int res = 0;
-
-- res = secure_raw_write(((Port *) BIO_get_data(h)), buf, size);
-+ res = secure_raw_write(((Port *) BIO_get_app_data(h)), buf, size);
- BIO_clear_retry_flags(h);
- if (res <= 0)
- {
-@@ -949,7 +944,7 @@ my_SSL_set_fd(Port *port, int fd)
- SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
- goto err;
- }
-- BIO_set_data(bio, port);
-+ BIO_set_app_data(bio, port);
-
- BIO_set_fd(bio, fd, BIO_NOCLOSE);
- SSL_set_bio(port->ssl, bio, bio);
-diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in
-index d09e9f9a1c..768e3d719c 100644
---- a/src/include/pg_config.h.in
-+++ b/src/include/pg_config.h.in
-@@ -77,9 +77,6 @@
- /* Define to 1 if you have the `backtrace_symbols' function. */
- #undef HAVE_BACKTRACE_SYMBOLS
-
--/* Define to 1 if you have the `BIO_get_data' function. */
--#undef HAVE_BIO_GET_DATA
--
- /* Define to 1 if you have the `BIO_meth_new' function. */
- #undef HAVE_BIO_METH_NEW
-
-diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c
-index af59ff49f7..c19b0dc078 100644
---- a/src/interfaces/libpq/fe-secure-openssl.c
-+++ b/src/interfaces/libpq/fe-secure-openssl.c
-@@ -1800,11 +1800,7 @@ PQsslAttribute(PGconn *conn, const char *attribute_name)
- * to retry; do we need to adopt their logic for that?
- */
-
--#ifndef HAVE_BIO_GET_DATA
--#define BIO_get_data(bio) (bio->ptr)
--#define BIO_set_data(bio, data) (bio->ptr = data)
--#endif
--
-+/* protected by ssl_config_mutex */
- static BIO_METHOD *my_bio_methods;
-
- static int
-@@ -1812,7 +1808,7 @@ my_sock_read(BIO *h, char *buf, int size)
- {
- int res;
-
-- res = pqsecure_raw_read((PGconn *) BIO_get_data(h), buf, size);
-+ res = pqsecure_raw_read((PGconn *) BIO_get_app_data(h), buf, size);
- BIO_clear_retry_flags(h);
- if (res < 0)
- {
-@@ -1842,7 +1838,7 @@ my_sock_write(BIO *h, const char *buf, int size)
- {
- int res;
-
-- res = pqsecure_raw_write((PGconn *) BIO_get_data(h), buf, size);
-+ res = pqsecure_raw_write((PGconn *) BIO_get_app_data(h), buf, size);
- BIO_clear_retry_flags(h);
- if (res < 0)
- {
-@@ -1933,7 +1929,7 @@ my_SSL_set_fd(PGconn *conn, int fd)
- SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
- goto err;
- }
-- BIO_set_data(bio, conn);
-+ BIO_set_app_data(bio, conn);
-
- SSL_set_bio(conn->ssl, bio, bio);
- BIO_set_fd(bio, fd, BIO_NOCLOSE);
-diff --git a/src/test/ssl/t/001_ssltests.pl b/src/test/ssl/t/001_ssltests.pl
-index 707f4005af..c570b48a1b 100644
---- a/src/test/ssl/t/001_ssltests.pl
-+++ b/src/test/ssl/t/001_ssltests.pl
-@@ -682,7 +682,7 @@ $node->connect_fails(
- "$common_connstr user=ssltestuser sslcert=ssl/client-revoked.crt "
- . sslkey('client-revoked.key'),
- "certificate authorization fails with revoked client cert",
-- expected_stderr => qr/SSL error: sslv3 alert certificate revoked/,
-+ expected_stderr => qr|SSL error: ssl[a-z0-9/]* alert certificate revoked|,
- # revoked certificates should not authenticate the user
- log_unlike => [qr/connection authenticated:/],);
-
-@@ -743,6 +743,6 @@ $node->connect_fails(
- "$common_connstr user=ssltestuser sslcert=ssl/client-revoked.crt "
- . sslkey('client-revoked.key'),
- "certificate authorization fails with revoked client cert with server-side CRL directory",
-- expected_stderr => qr/SSL error: sslv3 alert certificate revoked/);
-+ expected_stderr => qr|SSL error: ssl[a-z0-9/]* alert certificate revoked|);
-
- done_testing();
-diff --git a/src/tools/msvc/Solution.pm b/src/tools/msvc/Solution.pm
-index 790f03b05e..a53239fa28 100644
---- a/src/tools/msvc/Solution.pm
-+++ b/src/tools/msvc/Solution.pm
-@@ -226,7 +226,6 @@ sub GenerateFiles
- HAVE_ATOMICS => 1,
- HAVE_ATOMIC_H => undef,
- HAVE_BACKTRACE_SYMBOLS => undef,
-- HAVE_BIO_GET_DATA => undef,
- HAVE_BIO_METH_NEW => undef,
- HAVE_CLOCK_GETTIME => undef,
- HAVE_COMPUTED_GOTO => undef,
-@@ -566,7 +565,6 @@ sub GenerateFiles
- || ($digit1 >= '1' && $digit2 >= '1' && $digit3 >= '0'))
- {
- $define{HAVE_ASN1_STRING_GET0_DATA} = 1;
-- $define{HAVE_BIO_GET_DATA} = 1;
- $define{HAVE_BIO_METH_NEW} = 1;
- $define{HAVE_HMAC_CTX_FREE} = 1;
- $define{HAVE_HMAC_CTX_NEW} = 1;
diff --git a/dev-db/postgresql/files/postgresql-15-xml-2.12.patch b/dev-db/postgresql/files/postgresql-15-xml-2.12.patch
deleted file mode 100644
index fd8b963f9381..000000000000
--- a/dev-db/postgresql/files/postgresql-15-xml-2.12.patch
+++ /dev/null
@@ -1,83 +0,0 @@
-From 3f8ac13b19764e3a485772d3cbb3ae6c4047eef2 Mon Sep 17 00:00:00 2001
-From: Tom Lane <tgl@sss.pgh.pa.us>
-Date: Mon, 29 Jan 2024 12:06:07 -0500
-Subject: [PATCH] Fix incompatibilities with libxml2 >= 2.12.0.
-
-libxml2 changed the required signature of error handler callbacks
-to make the passed xmlError struct "const". This is causing build
-failures on buildfarm member caiman, and no doubt will start showing
-up in the field quite soon. Add a version check to adjust the
-declaration of xml_errorHandler() according to LIBXML_VERSION.
-
-2.12.x also produces deprecation warnings for contrib/xml2/xpath.c's
-assignment to xmlLoadExtDtdDefaultValue. I see no good reason for
-that to still be there, seeing that we disabled external DTDs (at a
-lower level) years ago for security reasons. Let's just remove it.
-
-Back-patch to all supported branches, since they might all get built
-with newer libxml2 once it gets a bit more popular. (The back
-branches produce another deprecation warning about xpath.c's use of
-xmlSubstituteEntitiesDefault(). We ought to consider whether to
-back-patch all or part of commit 65c5864d7 to silence that. It's
-less urgent though, since it won't break the buildfarm.)
-
-Discussion: https://postgr.es/m/1389505.1706382262@sss.pgh.pa.us
----
- contrib/xml2/xpath.c | 1 -
- src/backend/utils/adt/xml.c | 14 ++++++++++++--
- 2 files changed, 12 insertions(+), 3 deletions(-)
-
-diff --git a/contrib/xml2/xpath.c b/contrib/xml2/xpath.c
-index a692dc6be8..94641930f7 100644
---- a/contrib/xml2/xpath.c
-+++ b/contrib/xml2/xpath.c
-@@ -75,7 +75,6 @@ pgxml_parser_init(PgXmlStrictness strictness)
- xmlInitParser();
-
- xmlSubstituteEntitiesDefault(1);
-- xmlLoadExtDtdDefaultValue = 1;
-
- return xmlerrcxt;
- }
-diff --git a/src/backend/utils/adt/xml.c b/src/backend/utils/adt/xml.c
-index 6411f56b99..aae0692586 100644
---- a/src/backend/utils/adt/xml.c
-+++ b/src/backend/utils/adt/xml.c
-@@ -65,6 +65,16 @@
- #if LIBXML_VERSION >= 20704
- #define HAVE_XMLSTRUCTUREDERRORCONTEXT 1
- #endif
-+
-+/*
-+ * libxml2 2.12 decided to insert "const" into the error handler API.
-+ */
-+#if LIBXML_VERSION >= 21200
-+#define PgXmlErrorPtr const xmlError *
-+#else
-+#define PgXmlErrorPtr xmlErrorPtr
-+#endif
-+
- #endif /* USE_LIBXML */
-
- #include "access/htup_details.h"
-@@ -119,7 +129,7 @@ struct PgXmlErrorContext
-
- static xmlParserInputPtr xmlPgEntityLoader(const char *URL, const char *ID,
- xmlParserCtxtPtr ctxt);
--static void xml_errorHandler(void *data, xmlErrorPtr error);
-+static void xml_errorHandler(void *data, PgXmlErrorPtr error);
- static void xml_ereport_by_code(int level, int sqlcode,
- const char *msg, int errcode);
- static void chopStringInfoNewlines(StringInfo str);
-@@ -1749,7 +1759,7 @@ xml_ereport(PgXmlErrorContext *errcxt, int level, int sqlcode, const char *msg)
- * Error handler for libxml errors and warnings
- */
- static void
--xml_errorHandler(void *data, xmlErrorPtr error)
-+xml_errorHandler(void *data, PgXmlErrorPtr error)
- {
- PgXmlErrorContext *xmlerrcxt = (PgXmlErrorContext *) data;
- xmlParserCtxtPtr ctxt = (xmlParserCtxtPtr) error->ctxt;
---
-2.30.2
-
diff --git a/dev-db/postgresql/files/postgresql-16-openssl3.2.patch b/dev-db/postgresql/files/postgresql-16-openssl3.2.patch
deleted file mode 100644
index 2740187d9f4e..000000000000
--- a/dev-db/postgresql/files/postgresql-16-openssl3.2.patch
+++ /dev/null
@@ -1,216 +0,0 @@
-commit 9140a24b312176ebb4e6eb6458b33ce640c04440
-Author: Tom Lane <tgl@sss.pgh.pa.us>
-Date: Tue Nov 28 12:34:03 2023 -0500
-
- Use BIO_{get,set}_app_data instead of BIO_{get,set}_data.
-
- We should have done it this way all along, but we accidentally got
- away with using the wrong BIO field up until OpenSSL 3.2. There,
- the library's BIO routines that we rely on use the "data" field
- for their own purposes, and our conflicting use causes assorted
- weird behaviors up to and including core dumps when SSL connections
- are attempted. Switch to using the approved field for the purpose,
- i.e. app_data.
-
- While at it, remove our configure probes for BIO_get_data as well
- as the fallback implementation. BIO_{get,set}_app_data have been
- there since long before any OpenSSL version that we still support,
- even in the back branches.
-
- Also, update src/test/ssl/t/001_ssltests.pl to allow for a minor
- change in an error message spelling that evidently came in with 3.2.
-
- Tristan Partin and Bo Andreson. Back-patch to all supported branches.
-
- Discussion: https://postgr.es/m/CAN55FZ1eDDYsYaL7mv+oSLUij2h_u6hvD4Qmv-7PK7jkji0uyQ@mail.gmail.com
-
-diff --git a/configure b/configure
-index 82e45657b2..907c777b9c 100755
---- a/configure
-+++ b/configure
-@@ -12982,7 +12982,7 @@ done
- # defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it
- # doesn't have these OpenSSL 1.1.0 functions. So check for individual
- # functions.
-- for ac_func in OPENSSL_init_ssl BIO_get_data BIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free
-+ for ac_func in OPENSSL_init_ssl BIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free
- do :
- as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
- ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
-diff --git a/configure.ac b/configure.ac
-index fcea0bcab4..ab32bfdd08 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -1385,7 +1385,7 @@ if test "$with_ssl" = openssl ; then
- # defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it
- # doesn't have these OpenSSL 1.1.0 functions. So check for individual
- # functions.
-- AC_CHECK_FUNCS([OPENSSL_init_ssl BIO_get_data BIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free])
-+ AC_CHECK_FUNCS([OPENSSL_init_ssl BIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free])
- # OpenSSL versions before 1.1.0 required setting callback functions, for
- # thread-safety. In 1.1.0, it's no longer required, and CRYPTO_lock()
- # function was removed.
-diff --git a/meson.build b/meson.build
-index 51b5285924..96fc2e139a 100644
---- a/meson.build
-+++ b/meson.build
-@@ -1278,7 +1278,6 @@ if sslopt in ['auto', 'openssl']
- # doesn't have these OpenSSL 1.1.0 functions. So check for individual
- # functions.
- ['OPENSSL_init_ssl'],
-- ['BIO_get_data'],
- ['BIO_meth_new'],
- ['ASN1_STRING_get0_data'],
- ['HMAC_CTX_new'],
-diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
-index e9c86d08df..49dca0cda9 100644
---- a/src/backend/libpq/be-secure-openssl.c
-+++ b/src/backend/libpq/be-secure-openssl.c
-@@ -844,11 +844,6 @@ be_tls_write(Port *port, void *ptr, size_t len, int *waitfor)
- * to retry; do we need to adopt their logic for that?
- */
-
--#ifndef HAVE_BIO_GET_DATA
--#define BIO_get_data(bio) (bio->ptr)
--#define BIO_set_data(bio, data) (bio->ptr = data)
--#endif
--
- static BIO_METHOD *my_bio_methods = NULL;
-
- static int
-@@ -858,7 +853,7 @@ my_sock_read(BIO *h, char *buf, int size)
-
- if (buf != NULL)
- {
-- res = secure_raw_read(((Port *) BIO_get_data(h)), buf, size);
-+ res = secure_raw_read(((Port *) BIO_get_app_data(h)), buf, size);
- BIO_clear_retry_flags(h);
- if (res <= 0)
- {
-@@ -878,7 +873,7 @@ my_sock_write(BIO *h, const char *buf, int size)
- {
- int res = 0;
-
-- res = secure_raw_write(((Port *) BIO_get_data(h)), buf, size);
-+ res = secure_raw_write(((Port *) BIO_get_app_data(h)), buf, size);
- BIO_clear_retry_flags(h);
- if (res <= 0)
- {
-@@ -954,7 +949,7 @@ my_SSL_set_fd(Port *port, int fd)
- SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
- goto err;
- }
-- BIO_set_data(bio, port);
-+ BIO_set_app_data(bio, port);
-
- BIO_set_fd(bio, fd, BIO_NOCLOSE);
- SSL_set_bio(port->ssl, bio, bio);
-diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in
-index 6d572c3820..174544630e 100644
---- a/src/include/pg_config.h.in
-+++ b/src/include/pg_config.h.in
-@@ -70,9 +70,6 @@
- /* Define to 1 if you have the `backtrace_symbols' function. */
- #undef HAVE_BACKTRACE_SYMBOLS
-
--/* Define to 1 if you have the `BIO_get_data' function. */
--#undef HAVE_BIO_GET_DATA
--
- /* Define to 1 if you have the `BIO_meth_new' function. */
- #undef HAVE_BIO_METH_NEW
-
-diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c
-index 390c888c96..fb6404ade0 100644
---- a/src/interfaces/libpq/fe-secure-openssl.c
-+++ b/src/interfaces/libpq/fe-secure-openssl.c
-@@ -1830,11 +1830,7 @@ PQsslAttribute(PGconn *conn, const char *attribute_name)
- * to retry; do we need to adopt their logic for that?
- */
-
--#ifndef HAVE_BIO_GET_DATA
--#define BIO_get_data(bio) (bio->ptr)
--#define BIO_set_data(bio, data) (bio->ptr = data)
--#endif
--
-+/* protected by ssl_config_mutex */
- static BIO_METHOD *my_bio_methods;
-
- static int
-@@ -1842,7 +1838,7 @@ my_sock_read(BIO *h, char *buf, int size)
- {
- int res;
-
-- res = pqsecure_raw_read((PGconn *) BIO_get_data(h), buf, size);
-+ res = pqsecure_raw_read((PGconn *) BIO_get_app_data(h), buf, size);
- BIO_clear_retry_flags(h);
- if (res < 0)
- {
-@@ -1872,7 +1868,7 @@ my_sock_write(BIO *h, const char *buf, int size)
- {
- int res;
-
-- res = pqsecure_raw_write((PGconn *) BIO_get_data(h), buf, size);
-+ res = pqsecure_raw_write((PGconn *) BIO_get_app_data(h), buf, size);
- BIO_clear_retry_flags(h);
- if (res < 0)
- {
-@@ -1963,7 +1959,7 @@ my_SSL_set_fd(PGconn *conn, int fd)
- SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
- goto err;
- }
-- BIO_set_data(bio, conn);
-+ BIO_set_app_data(bio, conn);
-
- SSL_set_bio(conn->ssl, bio, bio);
- BIO_set_fd(bio, fd, BIO_NOCLOSE);
-diff --git a/src/test/ssl/t/001_ssltests.pl b/src/test/ssl/t/001_ssltests.pl
-index 76442de063..9bb28fbc83 100644
---- a/src/test/ssl/t/001_ssltests.pl
-+++ b/src/test/ssl/t/001_ssltests.pl
-@@ -781,7 +781,7 @@ $node->connect_fails(
- "$common_connstr user=ssltestuser sslcert=ssl/client-revoked.crt "
- . sslkey('client-revoked.key'),
- "certificate authorization fails with revoked client cert",
-- expected_stderr => qr/SSL error: sslv3 alert certificate revoked/,
-+ expected_stderr => qr|SSL error: ssl[a-z0-9/]* alert certificate revoked|,
- # temporarily(?) skip this check due to timing issue
- # log_like => [
- # qr{Client certificate verification failed at depth 0: certificate revoked},
-@@ -886,7 +886,7 @@ $node->connect_fails(
- "$common_connstr user=ssltestuser sslcert=ssl/client-revoked.crt "
- . sslkey('client-revoked.key'),
- "certificate authorization fails with revoked client cert with server-side CRL directory",
-- expected_stderr => qr/SSL error: sslv3 alert certificate revoked/,
-+ expected_stderr => qr|SSL error: ssl[a-z0-9/]* alert certificate revoked|,
- # temporarily(?) skip this check due to timing issue
- # log_like => [
- # qr{Client certificate verification failed at depth 0: certificate revoked},
-@@ -899,7 +899,7 @@ $node->connect_fails(
- "$common_connstr user=ssltestuser sslcert=ssl/client-revoked-utf8.crt "
- . sslkey('client-revoked-utf8.key'),
- "certificate authorization fails with revoked UTF-8 client cert with server-side CRL directory",
-- expected_stderr => qr/SSL error: sslv3 alert certificate revoked/,
-+ expected_stderr => qr|SSL error: ssl[a-z0-9/]* alert certificate revoked|,
- # temporarily(?) skip this check due to timing issue
- # log_like => [
- # qr{Client certificate verification failed at depth 0: certificate revoked},
-diff --git a/src/tools/msvc/Solution.pm b/src/tools/msvc/Solution.pm
-index b6d31c3583..711fae853f 100644
---- a/src/tools/msvc/Solution.pm
-+++ b/src/tools/msvc/Solution.pm
-@@ -225,7 +225,6 @@ sub GenerateFiles
- HAVE_ATOMICS => 1,
- HAVE_ATOMIC_H => undef,
- HAVE_BACKTRACE_SYMBOLS => undef,
-- HAVE_BIO_GET_DATA => undef,
- HAVE_BIO_METH_NEW => undef,
- HAVE_COMPUTED_GOTO => undef,
- HAVE_COPYFILE => undef,
-@@ -503,7 +502,6 @@ sub GenerateFiles
- || ($digit1 >= '1' && $digit2 >= '1' && $digit3 >= '0'))
- {
- $define{HAVE_ASN1_STRING_GET0_DATA} = 1;
-- $define{HAVE_BIO_GET_DATA} = 1;
- $define{HAVE_BIO_METH_NEW} = 1;
- $define{HAVE_HMAC_CTX_FREE} = 1;
- $define{HAVE_HMAC_CTX_NEW} = 1;
diff --git a/dev-db/postgresql/files/postgresql-16-xml-2.12.patch b/dev-db/postgresql/files/postgresql-16-xml-2.12.patch
deleted file mode 100644
index aac072c67393..000000000000
--- a/dev-db/postgresql/files/postgresql-16-xml-2.12.patch
+++ /dev/null
@@ -1,83 +0,0 @@
-From e02fea093ebb7ff5093c4cd9827710000bb31146 Mon Sep 17 00:00:00 2001
-From: Tom Lane <tgl@sss.pgh.pa.us>
-Date: Mon, 29 Jan 2024 12:06:07 -0500
-Subject: [PATCH] Fix incompatibilities with libxml2 >= 2.12.0.
-
-libxml2 changed the required signature of error handler callbacks
-to make the passed xmlError struct "const". This is causing build
-failures on buildfarm member caiman, and no doubt will start showing
-up in the field quite soon. Add a version check to adjust the
-declaration of xml_errorHandler() according to LIBXML_VERSION.
-
-2.12.x also produces deprecation warnings for contrib/xml2/xpath.c's
-assignment to xmlLoadExtDtdDefaultValue. I see no good reason for
-that to still be there, seeing that we disabled external DTDs (at a
-lower level) years ago for security reasons. Let's just remove it.
-
-Back-patch to all supported branches, since they might all get built
-with newer libxml2 once it gets a bit more popular. (The back
-branches produce another deprecation warning about xpath.c's use of
-xmlSubstituteEntitiesDefault(). We ought to consider whether to
-back-patch all or part of commit 65c5864d7 to silence that. It's
-less urgent though, since it won't break the buildfarm.)
-
-Discussion: https://postgr.es/m/1389505.1706382262@sss.pgh.pa.us
----
- contrib/xml2/xpath.c | 1 -
- src/backend/utils/adt/xml.c | 14 ++++++++++++--
- 2 files changed, 12 insertions(+), 3 deletions(-)
-
-diff --git a/contrib/xml2/xpath.c b/contrib/xml2/xpath.c
-index a692dc6be8..94641930f7 100644
---- a/contrib/xml2/xpath.c
-+++ b/contrib/xml2/xpath.c
-@@ -75,7 +75,6 @@ pgxml_parser_init(PgXmlStrictness strictness)
- xmlInitParser();
-
- xmlSubstituteEntitiesDefault(1);
-- xmlLoadExtDtdDefaultValue = 1;
-
- return xmlerrcxt;
- }
-diff --git a/src/backend/utils/adt/xml.c b/src/backend/utils/adt/xml.c
-index 2300c7ebf3..9f4e775003 100644
---- a/src/backend/utils/adt/xml.c
-+++ b/src/backend/utils/adt/xml.c
-@@ -66,6 +66,16 @@
- #if LIBXML_VERSION >= 20704
- #define HAVE_XMLSTRUCTUREDERRORCONTEXT 1
- #endif
-+
-+/*
-+ * libxml2 2.12 decided to insert "const" into the error handler API.
-+ */
-+#if LIBXML_VERSION >= 21200
-+#define PgXmlErrorPtr const xmlError *
-+#else
-+#define PgXmlErrorPtr xmlErrorPtr
-+#endif
-+
- #endif /* USE_LIBXML */
-
- #include "access/htup_details.h"
-@@ -123,7 +133,7 @@ static xmlParserInputPtr xmlPgEntityLoader(const char *URL, const char *ID,
- xmlParserCtxtPtr ctxt);
- static void xml_errsave(Node *escontext, PgXmlErrorContext *errcxt,
- int sqlcode, const char *msg);
--static void xml_errorHandler(void *data, xmlErrorPtr error);
-+static void xml_errorHandler(void *data, PgXmlErrorPtr error);
- static int errdetail_for_xml_code(int code);
- static void chopStringInfoNewlines(StringInfo str);
- static void appendStringInfoLineSeparator(StringInfo str);
-@@ -2002,7 +2012,7 @@ xml_errsave(Node *escontext, PgXmlErrorContext *errcxt,
- * Error handler for libxml errors and warnings
- */
- static void
--xml_errorHandler(void *data, xmlErrorPtr error)
-+xml_errorHandler(void *data, PgXmlErrorPtr error)
- {
- PgXmlErrorContext *xmlerrcxt = (PgXmlErrorContext *) data;
- xmlParserCtxtPtr ctxt = (xmlParserCtxtPtr) error->ctxt;
---
-2.30.2
-