.fmf/version

@@ -0,0 +1 @@
+1

.gitignore

@@ -1 +1,2 @@
-SOURCES/postgresql-13.11.tar.bz2
+/postgresql-*.tar.bz2*
+/rpms

README.md

@@ -0,0 +1,3 @@
+# libpq
+
+The libpq package

SOURCES/libpq-10.3-var-run-socket.patch

@@ -1,53 +0,0 @@
-Change the built-in default socket directory to be /var/run/postgresql.
-For backwards compatibility with (probably non-libpq-based) clients that
-might still expect to find the socket in /tmp, also create a socket in
-/tmp.  This is to resolve communication problems with clients operating
-under systemd's PrivateTmp environment, which won't be using the same
-global /tmp directory as the server; see bug #825448.
-
-Note that we apply the socket directory change at the level of the
-hard-wired defaults in the C code, not by just twiddling the setting in
-postgresql.conf.sample; this is so that the change will take effect on
-server package update, without requiring any existing postgresql.conf
-to be updated.  (Of course, a user who dislikes this behavior can still
-override it via postgresql.conf.)
-
-diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c
-index 9481f2d..75532c7 100644
---- a/src/backend/utils/misc/guc.c
-+++ b/src/backend/utils/misc/guc.c
-@@ -3196,7 +3196,7 @@ static struct config_string ConfigureNamesString[] =
- 		},
- 		&Unix_socket_directories,
- #ifdef HAVE_UNIX_SOCKETS
--		DEFAULT_PGSOCKET_DIR,
-+		DEFAULT_PGSOCKET_DIR ", /tmp",
- #else
- 		"",
- #endif
-diff --git a/src/bin/initdb/initdb.c b/src/bin/initdb/initdb.c
-index feeff9e..3e3d784 100644
---- a/src/bin/initdb/initdb.c
-+++ b/src/bin/initdb/initdb.c
-@@ -1234,7 +1234,7 @@ setup_config(void)
- 
- #ifdef HAVE_UNIX_SOCKETS
- 	snprintf(repltok, sizeof(repltok), "#unix_socket_directories = '%s'",
--			 DEFAULT_PGSOCKET_DIR);
-+			 DEFAULT_PGSOCKET_DIR ", /tmp");
- #else
- 	snprintf(repltok, sizeof(repltok), "#unix_socket_directories = ''");
- #endif
-diff --git a/src/include/pg_config_manual.h b/src/include/pg_config_manual.h
-index e278fa0..9ee15d4 100644
---- a/src/include/pg_config_manual.h
-+++ b/src/include/pg_config_manual.h
-@@ -201,7 +201,7 @@
-  * support them yet.
-  */
- #ifndef WIN32
--#define DEFAULT_PGSOCKET_DIR  "/tmp"
-+#define DEFAULT_PGSOCKET_DIR  "/var/run/postgresql"
- #else
- #define DEFAULT_PGSOCKET_DIR ""
- #endif

SOURCES/libpq-13.1-symbol-versioning.patch

@@ -1,96 +0,0 @@
-- The libpq package is supposed to be used for all the PostgreSQL modules
-
-- available in RHEL 8, and ABI versioning will guarantee us that modular RPMs will
-- depend on appropriate libpq ABI version (picked at build-time).
-
-diff --git a/config/Makefile b/config/Makefile
-index 67e7998f55..86612a42c3 100644
---- a/config/Makefile
-+++ b/config/Makefile
-@@ -8,6 +8,7 @@ include $(top_builddir)/src/Makefile.global
- install: all installdirs
- 	$(INSTALL_SCRIPT) $(srcdir)/install-sh '$(DESTDIR)$(pgxsdir)/config/install-sh'
- 	$(INSTALL_SCRIPT) $(srcdir)/missing '$(DESTDIR)$(pgxsdir)/config/missing'
-+	$(INSTALL_SCRIPT) $(srcdir)/build-exports-gnu-ld '$(DESTDIR)$(pgxsdir)/config/build-exports-gnu-ld'
- 
- installdirs:
- 	$(MKDIR_P) '$(DESTDIR)$(pgxsdir)/config'
-diff --git a/config/build-exports-gnu-ld b/config/build-exports-gnu-ld
-new file mode 100755
-index 0000000000..84c48e3ade
---- /dev/null
-+++ b/config/build-exports-gnu-ld
-@@ -0,0 +1,41 @@
-+#! /bin/sh
-+
-+# by default use PG_ prefix
-+: "${SYMBOL_VERSION_PREFIX=PG_}"
-+
-+# we started symbol versioning since v10
-+: "${SYMBOL_VERSION_START=9.6}"
-+
-+version=$SYMBOL_VERSION_START
-+version_prev=
-+first=:
-+
-+open_block ()
-+{
-+	$first || echo
-+	first=false
-+	echo "${SYMBOL_VERSION_PREFIX}$version {"
-+	echo "global:"
-+}
-+
-+close_block ()
-+{
-+	echo "}${version_prev:+ $SYMBOL_VERSION_PREFIX$version_prev};"
-+	version_prev=$version
-+	version=$1
-+}
-+
-+open_block
-+while read -r symbol _ new_version
-+do
-+	case $symbol in '#'*) continue ;; esac
-+	if test -n "$new_version" && test "$new_version" != "$version"; then
-+		close_block "$new_version"
-+		open_block
-+	fi
-+	echo "	$symbol;"
-+done
-+
-+echo "local:"
-+echo "	*;"
-+close_block
-diff --git a/src/Makefile.shlib b/src/Makefile.shlib
-index 373d73caef..d5bd5468cd 100644
---- a/src/Makefile.shlib
-+++ b/src/Makefile.shlib
-@@ -231,7 +231,7 @@ ifeq ($(PORTNAME), linux)
-   ifdef soname
-     LINK.shared		+= -Wl,-soname,$(soname)
-   endif
--  BUILD.exports		= ( echo '{ global:'; $(AWK) '/^[^\#]/ {printf "%s;\n",$$1}' $<; echo ' local: *; };' ) >$@
-+  BUILD.exports		= $(SHELL) $(top_srcdir)/config/build-exports-gnu-ld < $< > $@
-   exports_file		= $(SHLIB_EXPORTS:%.txt=%.list)
-   ifneq (,$(exports_file))
-     LINK.shared		+= -Wl,--version-script=$(exports_file)
-diff --git a/src/interfaces/libpq/exports.txt b/src/interfaces/libpq/exports.txt
-index ccec59919b..4c2be8b7d5 100644
---- a/src/interfaces/libpq/exports.txt
-+++ b/src/interfaces/libpq/exports.txt
-@@ -171,11 +171,11 @@
- PQsslAttribute            169
- PQsetErrorContextVisibility 170
- PQresultVerboseErrorMessage 171
--PQencryptPasswordConn     172
--PQresultMemorySize        173
-+PQencryptPasswordConn     172      10
-+PQresultMemorySize        173      12
- PQhostaddr                174
- PQgssEncInUse             175
- PQgetgssctx               176
--PQsetSSLKeyPassHook_OpenSSL         177
-+PQsetSSLKeyPassHook_OpenSSL         177      13
- PQgetSSLKeyPassHook_OpenSSL         178
- PQdefaultSSLKeyPassHook_OpenSSL     179

SOURCES/postgresql-13.11.tar.bz2.sha256

@@ -1 +0,0 @@
-4992ff647203566b670d4e54dc5317499a26856c93576d0ea951bdf6bee50bfb  postgresql-13.11.tar.bz2

ci.fmf

@@ -0,0 +1,12 @@
+/test:
+    summary:
+        Basic set of quick tests for libpq. Since libpq is client library and
+        part of postgresql. Postgresql testsuite is used.
+    discover:
+      - name: fedora
+        how: fmf
+        url: "https://src.fedoraproject.org/tests/postgresql.git"
+        ref: main
+        filter: tag:libpq
+    execute:
+        how: tmt

generate-sources.sh

@@ -0,0 +1,12 @@
+#! /bin/sh
+
+rm sources
+set -e
+spectool -S *.spec | cut -d' ' -f2 \
+    | grep -E -e 'postgresql-.*\.tar\.*' -e 'postgresql.*\.pdf' | sort | \
+while read line
+do
+    base=`basename "$line"`
+    echo " * handling $base"
+    sha512sum --tag "$base" >> sources
+done

libpq-10.3-rpm-pgsql.patch

@@ -7,11 +7,11 @@ directory whose path happens to include "postgres" or "pgsql" already.
 However, datadir and sysconfdir are already set up in the specfile's
 configure call, so we do not have to append anything to them.
 
-
-diff -Naur postgresql-9.0.1.orig/src/Makefile.global.in postgresql-9.0.1/src/Makefile.global.in
---- postgresql-9.0.1.orig/src/Makefile.global.in	2010-10-01 10:25:44.000000000 -0400
-+++ postgresql-9.0.1/src/Makefile.global.in	2010-10-11 11:52:05.224975308 -0400
-@@ -55,8 +55,7 @@
+diff --git a/src/Makefile.global.in b/src/Makefile.global.in
+index 9a6265b3a0..c9371a07c4 100644
+--- a/src/Makefile.global.in
++++ b/src/Makefile.global.in
+@@ -82,8 +82,7 @@ vpathsearch = `for f in $(addsuffix /$(1),$(subst :, ,. $(VPATH))); do test -r $
  # Installation directories
  #
  # These are set by the equivalent --xxxdir configure options.  We
@@ -21,7 +21,7 @@ diff -Naur postgresql-9.0.1.orig/src/Makefile.global.in postgresql-9.0.1/src/Mak
  #
  # In a PGXS build, we cannot use the values inserted into Makefile.global
  # by configure, since the installation tree may have been relocated.
-@@ -74,45 +73,23 @@
+@@ -101,45 +100,23 @@ datarootdir := @datarootdir@
  bindir := @bindir@
  
  datadir := @datadir@

libpq-10.3-var-run-socket.patch

@@ -0,0 +1,51 @@
+
+Change the built-in default socket directory to be /var/run/postgresql.
+For backwards compatibility with (probably non-libpq-based) clients that
+might still expect to find the socket in /tmp, also create a socket in
+/tmp.  This is to resolve communication problems with clients operating
+under systemd's PrivateTmp environment, which won't be using the same
+global /tmp directory as the server; see bug #825448.
+
+Note that we apply the socket directory change at the level of the
+hard-wired defaults in the C code, not by just twiddling the setting in
+postgresql.conf.sample; this is so that the change will take effect on
+server package update, without requiring any existing postgresql.conf
+to be updated.  (Of course, a user who dislikes this behavior can still
+override it via postgresql.conf.)
+
+diff -ur postgresql-16.1/src/backend/utils/misc/guc_tables.c pg_patched/src/backend/utils/misc/guc_tables.c
+--- postgresql-16.1/src/backend/utils/misc/guc_tables.c	2023-11-06 23:04:27.000000000 +0100
++++ pg_patched/src/backend/utils/misc/guc_tables.c	2023-12-05 12:02:46.000000000 +0100
+@@ -4271,7 +4271,7 @@
+ 			GUC_LIST_INPUT | GUC_LIST_QUOTE | GUC_SUPERUSER_ONLY
+ 		},
+ 		&Unix_socket_directories,
+-		DEFAULT_PGSOCKET_DIR,
++		DEFAULT_PGSOCKET_DIR ", /tmp",
+ 		NULL, NULL, NULL
+ 	},
+
+diff -ur postgresql-16.1/src/bin/initdb/initdb.c pg_patched/src/bin/initdb/initdb.c
+--- postgresql-16.1/src/bin/initdb/initdb.c	2023-11-06 23:04:27.000000000 +0100
++++ pg_patched/src/bin/initdb/initdb.c	2023-12-05 12:04:19.000000000 +0100
+@@ -1287,7 +1287,7 @@
+ 	 * these are indeed defaults, keep the postgresql.conf lines commented.
+ 	 */
+ 	conflines = replace_guc_value(conflines, "unix_socket_directories",
+-								  DEFAULT_PGSOCKET_DIR, true);
++								  DEFAULT_PGSOCKET_DIR ", /tmp", true);
+
+ 	conflines = replace_guc_value(conflines, "port",
+ 								  DEF_PGPORT_STR, true);
+diff -ur postgresql-16.1/src/include/pg_config_manual.h pg_patched/src/include/pg_config_manual.h
+--- postgresql-16.1/src/include/pg_config_manual.h	2023-11-06 23:04:27.000000000 +0100
++++ pg_patched/src/include/pg_config_manual.h	2023-12-05 11:45:20.000000000 +0100
+@@ -206,7 +206,7 @@
+  * support them yet.
+  */
+ #ifndef WIN32
+-#define DEFAULT_PGSOCKET_DIR  "/tmp"
++#define DEFAULT_PGSOCKET_DIR  "/var/run/postgresql"
+ #else
+ #define DEFAULT_PGSOCKET_DIR ""
+ #endif

libpq-12.1-symbol-versioning.patch

@@ -0,0 +1,106 @@
+commit 75040c3388d9a7dd5ad2bee53cbcc8bf3d35cd17
+Author: Honza Horak <hhorak@redhat.com>
+Date:   Fri Oct 30 20:16:50 2020 +0100
+
+    The libpq package is supposed to be used for all the PostgreSQL modules
+    available in RHEL 8, and ABI versioning will guarantee us that modular RPMs will
+    depend on appropriate libpq ABI version (picked at build-time).
+
+diff -ur postgresql-16.1/config/Makefile postgresql_patched/config/Makefile
+--- postgresql-16.1/config/Makefile	2023-11-06 23:04:27.000000000 +0100
++++ postgresql_patched/config/Makefile	2023-12-05 10:43:19.733619095 +0100
+@@ -8,6 +8,7 @@
+ install: all installdirs
+ 	$(INSTALL_SCRIPT) $(srcdir)/install-sh '$(DESTDIR)$(pgxsdir)/config/install-sh'
+ 	$(INSTALL_SCRIPT) $(srcdir)/missing '$(DESTDIR)$(pgxsdir)/config/missing'
++	$(INSTALL_SCRIPT) $(srcdir)/build-exports-gnu-ld '$(DESTDIR)$(pgxsdir)/config/build-exports-gnu-ld'
+
+ installdirs:
+ 	$(MKDIR_P) '$(DESTDIR)$(pgxsdir)/config'
+diff -ur postgresql-16.1/src/interfaces/libpq/exports.txt postgresql_patched/src/interfaces/libpq/exports.txt
+--- postgresql-16.1/src/interfaces/libpq/exports.txt	2023-11-06 23:04:27.000000000 +0100
++++ postgresql_patched/src/interfaces/libpq/exports.txt	2023-12-05 10:48:24.627604638 +0100
+@@ -171,19 +171,19 @@
+ PQsslAttribute            169
+ PQsetErrorContextVisibility 170
+ PQresultVerboseErrorMessage 171
+-PQencryptPasswordConn     172
+-PQresultMemorySize        173
++PQencryptPasswordConn     172     10
++PQresultMemorySize        173     12
+ PQhostaddr                174
+ PQgssEncInUse             175
+ PQgetgssctx               176
+-PQsetSSLKeyPassHook_OpenSSL         177
++PQsetSSLKeyPassHook_OpenSSL         177     13
+ PQgetSSLKeyPassHook_OpenSSL         178
+ PQdefaultSSLKeyPassHook_OpenSSL     179
+-PQenterPipelineMode       180
++PQenterPipelineMode       180       14
+ PQexitPipelineMode        181
+ PQpipelineSync            182
+ PQpipelineStatus          183
+ PQsetTraceFlags           184
+ PQmblenBounded            185
+ PQsendFlushRequest        186
+-PQconnectionUsedGSSAPI    187
++PQconnectionUsedGSSAPI    187     16
+diff -ur postgresql-16.1/src/Makefile.shlib postgresql_patched/src/Makefile.shlib
+--- postgresql-16.1/src/Makefile.shlib	2023-11-06 23:04:27.000000000 +0100
++++ postgresql_patched/src/Makefile.shlib	2023-12-05 10:43:19.739634021 +0100
+@@ -185,7 +185,7 @@
+   ifdef soname
+     LINK.shared		+= -Wl,-soname,$(soname)
+   endif
+-  BUILD.exports		= ( echo '{ global:'; $(AWK) '/^[^\#]/ {printf "%s;\n",$$1}' $<; echo ' local: *; };' ) >$@
++  BUILD.exports		= $(SHELL) $(top_srcdir)/config/build-exports-gnu-ld < $< > $@
+   exports_file		= $(SHLIB_EXPORTS:%.txt=%.list)
+   ifneq (,$(exports_file))
+     LINK.shared		+= -Wl,--version-script=$(exports_file)
+diff --git a/config/build-exports-gnu-ld b/config/build-exports-gnu-ld
+new file mode 100755
+index 0000000000..84c48e3ade
+--- /dev/null
++++ b/config/build-exports-gnu-ld
+@@ -0,0 +1,41 @@
++#! /bin/sh
++
++# by default use PG_ prefix
++: "${SYMBOL_VERSION_PREFIX=PG_}"
++
++# we started symbol versioning since v10
++: "${SYMBOL_VERSION_START=9.6}"
++
++version=$SYMBOL_VERSION_START
++version_prev=
++first=:
++
++open_block ()
++{
++       $first || echo
++       first=false
++       echo "${SYMBOL_VERSION_PREFIX}$version {"
++       echo "global:"
++}
++
++close_block ()
++{
++       echo "}${version_prev:+ $SYMBOL_VERSION_PREFIX$version_prev};"
++       version_prev=$version
++       version=$1
++}
++
++open_block
++while read -r symbol _ new_version
++do
++       case $symbol in '#'*) continue ;; esac
++       if test -n "$new_version" && test "$new_version" != "$version"; then
++               close_block "$new_version"
++               open_block
++       fi
++       echo "  $symbol;"
++done
++
++echo "local:"
++echo " *;"
++close_block

libpq.spec

@@ -1,10 +1,10 @@
-%global majorversion 13
+%global majorversion 16
 %global obsoletes_version %( echo $(( %majorversion + 1 )) )
 
 Summary: PostgreSQL client library
 Name: libpq
-Version: %{majorversion}.11
-Release: 1%{?dist}.alma.1
+Version: %{majorversion}.1
+Release: 8%{?dist}
 
 License: PostgreSQL
 Url: http://www.postgresql.org/
@@ -16,7 +16,8 @@ Source1: https://ftp.postgresql.org/pub/source/v%{version}/postgresql-%{version}
 # Comments for these patches are in the patch files.
 Patch1: libpq-10.3-rpm-pgsql.patch
 Patch2: libpq-10.3-var-run-socket.patch
-Patch3: libpq-13.1-symbol-versioning.patch
+Patch3: libpq-12.1-symbol-versioning.patch
+Patch4: postgresql-openssl32.patch
 
 BuildRequires: gcc
 BuildRequires: glibc-devel bison flex gawk
@@ -26,6 +27,8 @@ BuildRequires: krb5-devel
 BuildRequires: openldap-devel
 BuildRequires: gettext
 BuildRequires: multilib-rpm-config
+BuildRequires: make
+BuildRequires: libicu-devel
 
 Obsoletes: postgresql-libs < %obsoletes_version
 Provides: postgresql-libs = %version-%release
@@ -65,6 +68,9 @@ find . -type f -name .gitignore | xargs rm
 %build
 # complements symbol-versioning patch
 export SYMBOL_VERSION_PREFIX=RHPG_
+# Disable ENGINE_API
+CFLAGS="$CFLAGS -DOPENSSL_NO_ENGINE"
+export CFLAGS
 
 # We don't build server nor client (e.g. /bin/psql) binaries in this package, so
 # we can disable some configure options.
@@ -96,7 +102,13 @@ done
 
 # remove files not to be packaged
 find $RPM_BUILD_ROOT -name '*.a' -delete
+# preserve just errcodes.h
+mv $RPM_BUILD_ROOT%{_includedir}/pgsql/server/utils/errcodes.h \
+   $RPM_BUILD_ROOT%{_includedir}/pgsql 
 rm -r $RPM_BUILD_ROOT%_includedir/pgsql/server
+mkdir -p $RPM_BUILD_ROOT%{_includedir}/pgsql/server/utils
+mv $RPM_BUILD_ROOT%{_includedir}/pgsql/errcodes.h \
+   $RPM_BUILD_ROOT%{_includedir}/pgsql/server/utils 
 
 %multilib_fix_c_header --file "%_includedir/pg_config.h"
 %multilib_fix_c_header --file "%_includedir/pg_config_ext.h"
@@ -117,7 +129,7 @@ find_lang_bins %name-devel.lst  pg_config
 
 %files -f %name.lst
 %license COPYRIGHT
-%_libdir/libpq.so.*
+%_libdir/libpq.so.5*
 %dir %_datadir/pgsql
 %doc %_datadir/pgsql/pg_service.conf.sample
 
@@ -128,28 +140,78 @@ find_lang_bins %name-devel.lst  pg_config
 %_libdir/libpq.so
 %_libdir/pkgconfig/libpq.pc
 
-
 %changelog
-* Mon May 29 2023 Dominik Rehák <drehak@redhat.com> - 13.11-1.alma.1
-- Revert to el8
+* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 16.1-8
+- Bump release for October 2024 mass rebuild:
+  Resolves: RHEL-64018
 
-* Mon May 29 2023 Dominik Rehák <drehak@redhat.com> - 13.11-1
-- Update to 13.11
-  Resolves: #2171370
+* Wed Jul 3 2024 Filip Janus <fjanus@redhat.com> - 16.1-7
+- Disable openssl ENGINE_API
 
-* Tue Nov 16 2021 Marek Kulik <mkulik@redhat.com> - 13.5-1
-- Update to 13.5
+* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 16.1-6
+- Bump release for June 2024 mass rebuild
 
-* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 13.2-4
-- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
-  Related: rhbz#1991688
+* Tue Jun 18 2024 Filip Janus <fjanus@redhat.com> - 16.1-5
+- Ship errcodes.h in -devel package (kea package requires errorcodes) 
 
-* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 13.2-3
-- Rebuilt for RHEL 9 BETA for openssl 3.0
-  Related: rhbz#1971065
+* Tue Feb 20 2024 Yaakov Selkowitz <yselkowi@redhat.com> - 16.1-4
+- Backport OpenSSL 3.2 fix from upstream master
 
-* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 13.2-2
-- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 16.1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 16.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Tue Dec 5 2023 Filip Janus <fjanus@redhat.com> - 16.1-1
+- Update to 16.1
+- Build with ICU by default - new upstream feature
+
+* Wed Aug 2 2023 Filip Janus <fjanus@redhat.com> - 15.3-1
+- Update to the latest upstream version
+
+* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 15.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 15.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Mon Dec 05 2022 Filip Janus <fjansu@redhat.com> - 15.0-2
+- Revert versioning patch
+- There are no new symbols in libpq 15
+
+* Tue Sep 27 2022 Ondrej Sloup <osloup@redhat.com> - 15.0-1
+- Update to v15
+- Update patches
+- Resolves: https://fedoraproject.org/wiki/Changes/PostgreSQL_15
+
+* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 14.3-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Tue Jun 14 2022 Filip Januš <fjanus@redhat.com> - 14.3-1
+- Update to 14.3
+
+* Tue Feb 22 2022 Filip Januš <fjanus@redhat.com> - 14.2-1
+- Update to 14.2
+
+* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 14.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Mon Jan 03 2022 Filip Januš <fjanus@redhat.com> - 14.1-1
+- Update to v14
+- Resolves: https://fedoraproject.org/wiki/Changes/PostgreSQL_14
+
+* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 13.4-2
+- Rebuilt with OpenSSL 3.0.0
+
+* Thu Aug 12 2021 Filip Januš <fjanus@rehdat.com> - 13.4-1
+- Update to 13.4
+
+* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 13.3-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Mon May 17 2021 Filip Januš <fjanus@redhat.com> - 13.3-1
+- Update to 13.3
 
 * Tue Feb 16 2021 Honza Horak <hhorak@redhat.com> - 13.2-1
 - Update to 13.2

postgresql-openssl32.patch

@@ -0,0 +1,142 @@
+Backport of commit b2b1f12882fb561c7d474b834044dd8ed570bfea to 16.1
+
+Use BIO_{get,set}_app_data instead of BIO_{get,set}_data.
+
+We should have done it this way all along, but we accidentally got
+away with using the wrong BIO field up until OpenSSL 3.2.  There,
+the library's BIO routines that we rely on use the "data" field
+for their own purposes, and our conflicting use causes assorted
+weird behaviors up to and including core dumps when SSL connections
+are attempted.  Switch to using the approved field for the purpose,
+i.e. app_data.
+
+While at it, remove our configure probes for BIO_get_data as well
+as the fallback implementation.  BIO_{get,set}_app_data have been
+there since long before any OpenSSL version that we still support,
+even in the back branches.
+
+Also, update src/test/ssl/t/001_ssltests.pl to allow for a minor
+change in an error message spelling that evidently came in with 3.2.
+
+Tristan Partin and Bo Andreson.  Back-patch to all supported branches.
+
+Discussion: https://postgr.es/m/CAN55FZ1eDDYsYaL7mv+oSLUij2h_u6hvD4Qmv-7PK7jkji0uyQ@mail.gmail.com
+---
+
+diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
+index 31b6a6eacdf0..1b8b32c5b39e 100644
+--- a/src/backend/libpq/be-secure-openssl.c
++++ b/src/backend/libpq/be-secure-openssl.c
+@@ -842,11 +842,6 @@ be_tls_write(Port *port, void *ptr, size_t len, int *waitfor)
+  * to retry; do we need to adopt their logic for that?
+  */
+ 
+-#ifndef HAVE_BIO_GET_DATA
+-#define BIO_get_data(bio) (bio->ptr)
+-#define BIO_set_data(bio, data) (bio->ptr = data)
+-#endif
+-
+ static BIO_METHOD *my_bio_methods = NULL;
+ 
+ static int
+@@ -856,7 +851,7 @@ my_sock_read(BIO *h, char *buf, int size)
+ 
+ 	if (buf != NULL)
+ 	{
+-		res = secure_raw_read(((Port *) BIO_get_data(h)), buf, size);
++		res = secure_raw_read(((Port *) BIO_get_app_data(h)), buf, size);
+ 		BIO_clear_retry_flags(h);
+ 		if (res <= 0)
+ 		{
+@@ -876,7 +871,7 @@ my_sock_write(BIO *h, const char *buf, int size)
+ {
+ 	int			res = 0;
+ 
+-	res = secure_raw_write(((Port *) BIO_get_data(h)), buf, size);
++	res = secure_raw_write(((Port *) BIO_get_app_data(h)), buf, size);
+ 	BIO_clear_retry_flags(h);
+ 	if (res <= 0)
+ 	{
+@@ -952,7 +947,7 @@ my_SSL_set_fd(Port *port, int fd)
+ 		SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
+ 		goto err;
+ 	}
+-	BIO_set_data(bio, port);
++	BIO_set_app_data(bio, port);
+ 
+ 	BIO_set_fd(bio, fd, BIO_NOCLOSE);
+ 	SSL_set_bio(port->ssl, bio, bio);
+diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c
+index 4aeaf08312ce..e669bdbf1d2d 100644
+--- a/src/interfaces/libpq/fe-secure-openssl.c
++++ b/src/interfaces/libpq/fe-secure-openssl.c
+@@ -1815,11 +1815,6 @@ PQsslAttribute(PGconn *conn, const char *attribute_name)
+  * to retry; do we need to adopt their logic for that?
+  */
+ 
+-#ifndef HAVE_BIO_GET_DATA
+-#define BIO_get_data(bio) (bio->ptr)
+-#define BIO_set_data(bio, data) (bio->ptr = data)
+-#endif
+-
+ static BIO_METHOD *my_bio_methods;
+ 
+ static int
+@@ -1828,7 +1823,7 @@ my_sock_read(BIO *h, char *buf, int size)
+ {
+ 	int			res;
+ 
+-	res = pqsecure_raw_read((PGconn *) BIO_get_data(h), buf, size);
++	res = pqsecure_raw_read((PGconn *) BIO_get_app_data(h), buf, size);
+ 	BIO_clear_retry_flags(h);
+ 	if (res < 0)
+ 	{
+@@ -1858,7 +1853,7 @@ my_sock_write(BIO *h, const char *buf, int size)
+ {
+ 	int			res;
+ 
+-	res = pqsecure_raw_write((PGconn *) BIO_get_data(h), buf, size);
++	res = pqsecure_raw_write((PGconn *) BIO_get_app_data(h), buf, size);
+ 	BIO_clear_retry_flags(h);
+ 	if (res < 0)
+ 	{
+@@ -1968,7 +1963,7 @@ my_SSL_set_fd(PGconn *conn, int fd)
+ 		SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
+ 		goto err;
+ 	}
+-	BIO_set_data(bio, conn);
++	BIO_set_app_data(bio, conn);
+ 
+ 	SSL_set_bio(conn->ssl, bio, bio);
+ 	BIO_set_fd(bio, fd, BIO_NOCLOSE);
+diff --git a/src/test/ssl/t/001_ssltests.pl b/src/test/ssl/t/001_ssltests.pl
+index a049fd2ff03a..d921f1dde9fa 100644
+--- a/src/test/ssl/t/001_ssltests.pl
++++ b/src/test/ssl/t/001_ssltests.pl
+@@ -776,7 +776,7 @@ sub switch_server_cert
+ 	"$common_connstr user=ssltestuser sslcert=ssl/client-revoked.crt "
+ 	  . sslkey('client-revoked.key'),
+ 	"certificate authorization fails with revoked client cert",
+-	expected_stderr => qr/SSL error: sslv3 alert certificate revoked/,
++	expected_stderr => qr|SSL error: ssl[a-z0-9/]* alert certificate revoked|,
+ 	# temporarily(?) skip this check due to timing issue
+ 	#	log_like => [
+ 	#		qr{Client certificate verification failed at depth 0: certificate revoked},
+@@ -881,7 +881,7 @@ sub switch_server_cert
+ 	"$common_connstr user=ssltestuser sslcert=ssl/client-revoked.crt "
+ 	  . sslkey('client-revoked.key'),
+ 	"certificate authorization fails with revoked client cert with server-side CRL directory",
+-	expected_stderr => qr/SSL error: sslv3 alert certificate revoked/,
++	expected_stderr => qr|SSL error: ssl[a-z0-9/]* alert certificate revoked|,
+ 	# temporarily(?) skip this check due to timing issue
+ 	#	log_like => [
+ 	#		qr{Client certificate verification failed at depth 0: certificate revoked},
+@@ -894,7 +894,7 @@ sub switch_server_cert
+ 	"$common_connstr user=ssltestuser sslcert=ssl/client-revoked-utf8.crt "
+ 	  . sslkey('client-revoked-utf8.key'),
+ 	"certificate authorization fails with revoked UTF-8 client cert with server-side CRL directory",
+-	expected_stderr => qr/SSL error: sslv3 alert certificate revoked/,
++	expected_stderr => qr|SSL error: ssl[a-z0-9/]* alert certificate revoked|,
+ 	# temporarily(?) skip this check due to timing issue
+ 	#	log_like => [
+ 	#		qr{Client certificate verification failed at depth 0: certificate revoked},

sources

@@ -0,0 +1,2 @@
+SHA512 (postgresql-16.1.tar.bz2) = 69f4635e5841452599f13b47df41ce2425ab34b4e4582fd2c635bc78d561fa36c5b03eccb4ae6569872dc74775be1b5a62dee20c9a4f12a43339250128352918
+SHA512 (postgresql-16.1.tar.bz2.sha256) = 3f573d81a7af02dea2a3eee180d4e465546fc4d283dde5b6627d25af0be4a546ffd3ae914dd3490e45264d1a43cf143e829e14e5cd9c6bd8f179b6eae4fd6ff1