[gentoo-commits] repo/gentoo:master commit in: dev-db/postgresql/, dev-db/postgresql/files/

["Patrick Lauer" <patrick@gentoo.org>]

commit:     7f9c4cc23884adb65595e0f125c41eaa09212c42
Author:     Patrick Lauer <patrick <AT> gentoo <DOT> org>
AuthorDate: Fri Feb  2 13:34:14 2024 +0000
Commit:     Patrick Lauer <patrick <AT> gentoo <DOT> org>
CommitDate: Fri Feb  2 14:05:15 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7f9c4cc2

dev-db/postgresql: backport openssl fixes

Bug: https://bugs.gentoo.org/923620
Signed-off-by: Patrick Lauer <patrick <AT> gentoo.org>

 .../files/postgresql-12-openssl3.2.patch           | 178 ++++++++
 .../files/postgresql-13-openssl3.2.patch           | 172 ++++++++
 .../files/postgresql-14-openssl3.2.patch           | 195 +++++++++
 .../files/postgresql-15-openssl3.2.patch           | 194 +++++++++
 .../files/postgresql-16-openssl3.2.patch           | 216 ++++++++++
 dev-db/postgresql/postgresql-12.17-r1.ebuild       | 453 ++++++++++++++++++++
 dev-db/postgresql/postgresql-13.13-r1.ebuild       | 465 ++++++++++++++++++++
 dev-db/postgresql/postgresql-14.10-r1.ebuild       | 465 ++++++++++++++++++++
 dev-db/postgresql/postgresql-15.5-r1.ebuild        | 467 ++++++++++++++++++++
 dev-db/postgresql/postgresql-16.1-r1.ebuild        | 468 +++++++++++++++++++++
 10 files changed, 3273 insertions(+)

diff --git a/dev-db/postgresql/files/postgresql-12-openssl3.2.patch b/dev-db/postgresql/files/postgresql-12-openssl3.2.patch
new file mode 100644
index 000000000000..62b254d220c6
--- /dev/null
+++ b/dev-db/postgresql/files/postgresql-12-openssl3.2.patch
@@ -0,0 +1,178 @@
+commit 6bb4ce36b302296fd09abb097b5e28b66117be92
+Author: Tom Lane <tgl@sss.pgh.pa.us>
+Date:   Tue Nov 28 12:34:03 2023 -0500
+
+    Use BIO_{get,set}_app_data instead of BIO_{get,set}_data.
+    
+    We should have done it this way all along, but we accidentally got
+    away with using the wrong BIO field up until OpenSSL 3.2.  There,
+    the library's BIO routines that we rely on use the "data" field
+    for their own purposes, and our conflicting use causes assorted
+    weird behaviors up to and including core dumps when SSL connections
+    are attempted.  Switch to using the approved field for the purpose,
+    i.e. app_data.
+    
+    While at it, remove our configure probes for BIO_get_data as well
+    as the fallback implementation.  BIO_{get,set}_app_data have been
+    there since long before any OpenSSL version that we still support,
+    even in the back branches.
+    
+    Also, update src/test/ssl/t/001_ssltests.pl to allow for a minor
+    change in an error message spelling that evidently came in with 3.2.
+    
+    Tristan Partin and Bo Andreson.  Back-patch to all supported branches.
+    
+    Discussion: https://postgr.es/m/CAN55FZ1eDDYsYaL7mv+oSLUij2h_u6hvD4Qmv-7PK7jkji0uyQ@mail.gmail.com
+
+diff --git a/configure b/configure
+index cce104aebb..346ea8e2c1 100755
+--- a/configure
++++ b/configure
+@@ -12641,7 +12641,7 @@ done
+   # defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it
+   # doesn't have these OpenSSL 1.1.0 functions. So check for individual
+   # functions.
+-  for ac_func in OPENSSL_init_ssl BIO_get_data BIO_meth_new ASN1_STRING_get0_data
++  for ac_func in OPENSSL_init_ssl BIO_meth_new ASN1_STRING_get0_data
+ do :
+   as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+diff --git a/configure.in b/configure.in
+index 3c93e7a944..2c15b20049 100644
+--- a/configure.in
++++ b/configure.in
+@@ -1290,7 +1290,7 @@ if test "$with_openssl" = yes ; then
+   # defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it
+   # doesn't have these OpenSSL 1.1.0 functions. So check for individual
+   # functions.
+-  AC_CHECK_FUNCS([OPENSSL_init_ssl BIO_get_data BIO_meth_new ASN1_STRING_get0_data])
++  AC_CHECK_FUNCS([OPENSSL_init_ssl BIO_meth_new ASN1_STRING_get0_data])
+   # OpenSSL versions before 1.1.0 required setting callback functions, for
+   # thread-safety. In 1.1.0, it's no longer required, and CRYPTO_lock()
+   # function was removed.
+diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
+index b0a1f7258a..34f8f9e71e 100644
+--- a/src/backend/libpq/be-secure-openssl.c
++++ b/src/backend/libpq/be-secure-openssl.c
+@@ -699,11 +699,6 @@ be_tls_write(Port *port, void *ptr, size_t len, int *waitfor)
+  * to retry; do we need to adopt their logic for that?
+  */
+ 
+-#ifndef HAVE_BIO_GET_DATA
+-#define BIO_get_data(bio) (bio->ptr)
+-#define BIO_set_data(bio, data) (bio->ptr = data)
+-#endif
+-
+ static BIO_METHOD *my_bio_methods = NULL;
+ 
+ static int
+@@ -713,7 +708,7 @@ my_sock_read(BIO *h, char *buf, int size)
+ 
+ 	if (buf != NULL)
+ 	{
+-		res = secure_raw_read(((Port *) BIO_get_data(h)), buf, size);
++		res = secure_raw_read(((Port *) BIO_get_app_data(h)), buf, size);
+ 		BIO_clear_retry_flags(h);
+ 		if (res <= 0)
+ 		{
+@@ -733,7 +728,7 @@ my_sock_write(BIO *h, const char *buf, int size)
+ {
+ 	int			res = 0;
+ 
+-	res = secure_raw_write(((Port *) BIO_get_data(h)), buf, size);
++	res = secure_raw_write(((Port *) BIO_get_app_data(h)), buf, size);
+ 	BIO_clear_retry_flags(h);
+ 	if (res <= 0)
+ 	{
+@@ -809,7 +804,7 @@ my_SSL_set_fd(Port *port, int fd)
+ 		SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
+ 		goto err;
+ 	}
+-	BIO_set_data(bio, port);
++	BIO_set_app_data(bio, port);
+ 
+ 	BIO_set_fd(bio, fd, BIO_NOCLOSE);
+ 	SSL_set_bio(port->ssl, bio, bio);
+diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in
+index 457a8713cc..1e9d21c3e4 100644
+--- a/src/include/pg_config.h.in
++++ b/src/include/pg_config.h.in
+@@ -96,9 +96,6 @@
+ /* Define to 1 if you have the <atomic.h> header file. */
+ #undef HAVE_ATOMIC_H
+ 
+-/* Define to 1 if you have the `BIO_get_data' function. */
+-#undef HAVE_BIO_GET_DATA
+-
+ /* Define to 1 if you have the `BIO_meth_new' function. */
+ #undef HAVE_BIO_METH_NEW
+ 
+diff --git a/src/include/pg_config.h.win32 b/src/include/pg_config.h.win32
+index 42fd7067f1..37accc560b 100644
+--- a/src/include/pg_config.h.win32
++++ b/src/include/pg_config.h.win32
+@@ -75,9 +75,6 @@
+ /* Define to 1 if you have the `ASN1_STRING_get0_data' function. */
+ /* #undef HAVE_ASN1_STRING_GET0_DATA */
+ 
+-/* Define to 1 if you have the `BIO_get_data' function. */
+-/* #undef HAVE_BIO_GET_DATA */
+-
+ /* Define to 1 if you have the `BIO_meth_new' function. */
+ /* #undef HAVE_BIO_METH_NEW */
+ 
+diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c
+index 5948a37983..5729dd9acf 100644
+--- a/src/interfaces/libpq/fe-secure-openssl.c
++++ b/src/interfaces/libpq/fe-secure-openssl.c
+@@ -1491,10 +1491,7 @@ PQsslAttribute(PGconn *conn, const char *attribute_name)
+  * to retry; do we need to adopt their logic for that?
+  */
+ 
+-#ifndef HAVE_BIO_GET_DATA
+-#define BIO_get_data(bio) (bio->ptr)
+-#define BIO_set_data(bio, data) (bio->ptr = data)
+-#endif
++/* protected by ssl_config_mutex */
+ 
+ static BIO_METHOD *my_bio_methods;
+ 
+@@ -1503,7 +1500,7 @@ my_sock_read(BIO *h, char *buf, int size)
+ {
+ 	int			res;
+ 
+-	res = pqsecure_raw_read((PGconn *) BIO_get_data(h), buf, size);
++	res = pqsecure_raw_read((PGconn *) BIO_get_app_data(h), buf, size);
+ 	BIO_clear_retry_flags(h);
+ 	if (res < 0)
+ 	{
+@@ -1533,7 +1530,7 @@ my_sock_write(BIO *h, const char *buf, int size)
+ {
+ 	int			res;
+ 
+-	res = pqsecure_raw_write((PGconn *) BIO_get_data(h), buf, size);
++	res = pqsecure_raw_write((PGconn *) BIO_get_app_data(h), buf, size);
+ 	BIO_clear_retry_flags(h);
+ 	if (res < 0)
+ 	{
+@@ -1624,7 +1621,7 @@ my_SSL_set_fd(PGconn *conn, int fd)
+ 		SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
+ 		goto err;
+ 	}
+-	BIO_set_data(bio, conn);
++	BIO_set_app_data(bio, conn);
+ 
+ 	SSL_set_bio(conn->ssl, bio, bio);
+ 	BIO_set_fd(bio, fd, BIO_NOCLOSE);
+diff --git a/src/tools/msvc/Solution.pm b/src/tools/msvc/Solution.pm
+index 20ce233af4..a7e5fdbda9 100644
+--- a/src/tools/msvc/Solution.pm
++++ b/src/tools/msvc/Solution.pm
+@@ -273,7 +273,6 @@ sub GenerateFiles
+ 				|| ($digit1 >= '1' && $digit2 >= '1' && $digit3 >= '0'))
+ 			{
+ 				print $o "#define HAVE_ASN1_STRING_GET0_DATA 1\n";
+-				print $o "#define HAVE_BIO_GET_DATA 1\n";
+ 				print $o "#define HAVE_BIO_METH_NEW 1\n";
+ 				print $o "#define HAVE_OPENSSL_INIT_SSL 1\n";
+ 			}

diff --git a/dev-db/postgresql/files/postgresql-13-openssl3.2.patch b/dev-db/postgresql/files/postgresql-13-openssl3.2.patch
new file mode 100644
index 000000000000..fbb80a3ecb20
--- /dev/null
+++ b/dev-db/postgresql/files/postgresql-13-openssl3.2.patch
@@ -0,0 +1,172 @@
+commit dc8936b9dba79c80aaba8e7232434fb200e95725
+Author: Tom Lane <tgl@sss.pgh.pa.us>
+Date:   Tue Nov 28 12:34:03 2023 -0500
+
+    Use BIO_{get,set}_app_data instead of BIO_{get,set}_data.
+    
+    We should have done it this way all along, but we accidentally got
+    away with using the wrong BIO field up until OpenSSL 3.2.  There,
+    the library's BIO routines that we rely on use the "data" field
+    for their own purposes, and our conflicting use causes assorted
+    weird behaviors up to and including core dumps when SSL connections
+    are attempted.  Switch to using the approved field for the purpose,
+    i.e. app_data.
+    
+    While at it, remove our configure probes for BIO_get_data as well
+    as the fallback implementation.  BIO_{get,set}_app_data have been
+    there since long before any OpenSSL version that we still support,
+    even in the back branches.
+    
+    Also, update src/test/ssl/t/001_ssltests.pl to allow for a minor
+    change in an error message spelling that evidently came in with 3.2.
+    
+    Tristan Partin and Bo Andreson.  Back-patch to all supported branches.
+    
+    Discussion: https://postgr.es/m/CAN55FZ1eDDYsYaL7mv+oSLUij2h_u6hvD4Qmv-7PK7jkji0uyQ@mail.gmail.com
+
+diff --git a/configure b/configure
+index 2fc7dca504..b7caf88229 100755
+--- a/configure
++++ b/configure
+@@ -12713,7 +12713,7 @@ done
+   # defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it
+   # doesn't have these OpenSSL 1.1.0 functions. So check for individual
+   # functions.
+-  for ac_func in OPENSSL_init_ssl BIO_get_data BIO_meth_new ASN1_STRING_get0_data
++  for ac_func in OPENSSL_init_ssl BIO_meth_new ASN1_STRING_get0_data
+ do :
+   as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+diff --git a/configure.in b/configure.in
+index eaca132607..9aec28c8d1 100644
+--- a/configure.in
++++ b/configure.in
+@@ -1275,7 +1275,7 @@ if test "$with_openssl" = yes ; then
+   # defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it
+   # doesn't have these OpenSSL 1.1.0 functions. So check for individual
+   # functions.
+-  AC_CHECK_FUNCS([OPENSSL_init_ssl BIO_get_data BIO_meth_new ASN1_STRING_get0_data])
++  AC_CHECK_FUNCS([OPENSSL_init_ssl BIO_meth_new ASN1_STRING_get0_data])
+   # OpenSSL versions before 1.1.0 required setting callback functions, for
+   # thread-safety. In 1.1.0, it's no longer required, and CRYPTO_lock()
+   # function was removed.
+diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
+index 55fe59276a..9e22911379 100644
+--- a/src/backend/libpq/be-secure-openssl.c
++++ b/src/backend/libpq/be-secure-openssl.c
+@@ -748,11 +748,6 @@ be_tls_write(Port *port, void *ptr, size_t len, int *waitfor)
+  * to retry; do we need to adopt their logic for that?
+  */
+ 
+-#ifndef HAVE_BIO_GET_DATA
+-#define BIO_get_data(bio) (bio->ptr)
+-#define BIO_set_data(bio, data) (bio->ptr = data)
+-#endif
+-
+ static BIO_METHOD *my_bio_methods = NULL;
+ 
+ static int
+@@ -762,7 +757,7 @@ my_sock_read(BIO *h, char *buf, int size)
+ 
+ 	if (buf != NULL)
+ 	{
+-		res = secure_raw_read(((Port *) BIO_get_data(h)), buf, size);
++		res = secure_raw_read(((Port *) BIO_get_app_data(h)), buf, size);
+ 		BIO_clear_retry_flags(h);
+ 		if (res <= 0)
+ 		{
+@@ -782,7 +777,7 @@ my_sock_write(BIO *h, const char *buf, int size)
+ {
+ 	int			res = 0;
+ 
+-	res = secure_raw_write(((Port *) BIO_get_data(h)), buf, size);
++	res = secure_raw_write(((Port *) BIO_get_app_data(h)), buf, size);
+ 	BIO_clear_retry_flags(h);
+ 	if (res <= 0)
+ 	{
+@@ -858,7 +853,7 @@ my_SSL_set_fd(Port *port, int fd)
+ 		SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
+ 		goto err;
+ 	}
+-	BIO_set_data(bio, port);
++	BIO_set_app_data(bio, port);
+ 
+ 	BIO_set_fd(bio, fd, BIO_NOCLOSE);
+ 	SSL_set_bio(port->ssl, bio, bio);
+diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in
+index 13fc4e0db6..978e685c70 100644
+--- a/src/include/pg_config.h.in
++++ b/src/include/pg_config.h.in
+@@ -86,9 +86,6 @@
+ /* Define to 1 if you have the `backtrace_symbols' function. */
+ #undef HAVE_BACKTRACE_SYMBOLS
+ 
+-/* Define to 1 if you have the `BIO_get_data' function. */
+-#undef HAVE_BIO_GET_DATA
+-
+ /* Define to 1 if you have the `BIO_meth_new' function. */
+ #undef HAVE_BIO_METH_NEW
+ 
+diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c
+index 07d5daf4d9..73b1720c4c 100644
+--- a/src/interfaces/libpq/fe-secure-openssl.c
++++ b/src/interfaces/libpq/fe-secure-openssl.c
+@@ -1602,10 +1602,7 @@ PQsslAttribute(PGconn *conn, const char *attribute_name)
+  * to retry; do we need to adopt their logic for that?
+  */
+ 
+-#ifndef HAVE_BIO_GET_DATA
+-#define BIO_get_data(bio) (bio->ptr)
+-#define BIO_set_data(bio, data) (bio->ptr = data)
+-#endif
++/* protected by ssl_config_mutex */
+ 
+ static BIO_METHOD *my_bio_methods;
+ 
+@@ -1614,7 +1611,7 @@ my_sock_read(BIO *h, char *buf, int size)
+ {
+ 	int			res;
+ 
+-	res = pqsecure_raw_read((PGconn *) BIO_get_data(h), buf, size);
++	res = pqsecure_raw_read((PGconn *) BIO_get_app_data(h), buf, size);
+ 	BIO_clear_retry_flags(h);
+ 	if (res < 0)
+ 	{
+@@ -1644,7 +1641,7 @@ my_sock_write(BIO *h, const char *buf, int size)
+ {
+ 	int			res;
+ 
+-	res = pqsecure_raw_write((PGconn *) BIO_get_data(h), buf, size);
++	res = pqsecure_raw_write((PGconn *) BIO_get_app_data(h), buf, size);
+ 	BIO_clear_retry_flags(h);
+ 	if (res < 0)
+ 	{
+@@ -1735,7 +1732,7 @@ my_SSL_set_fd(PGconn *conn, int fd)
+ 		SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
+ 		goto err;
+ 	}
+-	BIO_set_data(bio, conn);
++	BIO_set_app_data(bio, conn);
+ 
+ 	SSL_set_bio(conn->ssl, bio, bio);
+ 	BIO_set_fd(bio, fd, BIO_NOCLOSE);
+diff --git a/src/tools/msvc/Solution.pm b/src/tools/msvc/Solution.pm
+index 78328e1fac..e88e3967cd 100644
+--- a/src/tools/msvc/Solution.pm
++++ b/src/tools/msvc/Solution.pm
+@@ -226,7 +226,6 @@ sub GenerateFiles
+ 		HAVE_ATOMICS               => 1,
+ 		HAVE_ATOMIC_H              => undef,
+ 		HAVE_BACKTRACE_SYMBOLS     => undef,
+-		HAVE_BIO_GET_DATA          => undef,
+ 		HAVE_BIO_METH_NEW          => undef,
+ 		HAVE_CLOCK_GETTIME         => undef,
+ 		HAVE_COMPUTED_GOTO         => undef,
+@@ -543,7 +542,6 @@ sub GenerateFiles
+ 			|| ($digit1 >= '1' && $digit2 >= '1' && $digit3 >= '0'))
+ 		{
+ 			$define{HAVE_ASN1_STRING_GET0_DATA} = 1;
+-			$define{HAVE_BIO_GET_DATA}          = 1;
+ 			$define{HAVE_BIO_METH_NEW}          = 1;
+ 			$define{HAVE_OPENSSL_INIT_SSL}      = 1;
+ 		}

diff --git a/dev-db/postgresql/files/postgresql-14-openssl3.2.patch b/dev-db/postgresql/files/postgresql-14-openssl3.2.patch
new file mode 100644
index 000000000000..c8064adc23a6
--- /dev/null
+++ b/dev-db/postgresql/files/postgresql-14-openssl3.2.patch
@@ -0,0 +1,195 @@
+commit 50e866f5f3be671620490e3cb3eea533f1677f6c
+Author: Tom Lane <tgl@sss.pgh.pa.us>
+Date:   Tue Nov 28 12:34:03 2023 -0500
+
+    Use BIO_{get,set}_app_data instead of BIO_{get,set}_data.
+    
+    We should have done it this way all along, but we accidentally got
+    away with using the wrong BIO field up until OpenSSL 3.2.  There,
+    the library's BIO routines that we rely on use the "data" field
+    for their own purposes, and our conflicting use causes assorted
+    weird behaviors up to and including core dumps when SSL connections
+    are attempted.  Switch to using the approved field for the purpose,
+    i.e. app_data.
+    
+    While at it, remove our configure probes for BIO_get_data as well
+    as the fallback implementation.  BIO_{get,set}_app_data have been
+    there since long before any OpenSSL version that we still support,
+    even in the back branches.
+    
+    Also, update src/test/ssl/t/001_ssltests.pl to allow for a minor
+    change in an error message spelling that evidently came in with 3.2.
+    
+    Tristan Partin and Bo Andreson.  Back-patch to all supported branches.
+    
+    Discussion: https://postgr.es/m/CAN55FZ1eDDYsYaL7mv+oSLUij2h_u6hvD4Qmv-7PK7jkji0uyQ@mail.gmail.com
+
+diff --git a/configure b/configure
+index 62a921b5e7..f74b9862a0 100755
+--- a/configure
++++ b/configure
+@@ -13071,7 +13071,7 @@ done
+   # defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it
+   # doesn't have these OpenSSL 1.1.0 functions. So check for individual
+   # functions.
+-  for ac_func in OPENSSL_init_ssl BIO_get_data BIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free
++  for ac_func in OPENSSL_init_ssl BIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free
+ do :
+   as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+diff --git a/configure.ac b/configure.ac
+index a3243cc7e8..46624d2a11 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1311,7 +1311,7 @@ if test "$with_ssl" = openssl ; then
+   # defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it
+   # doesn't have these OpenSSL 1.1.0 functions. So check for individual
+   # functions.
+-  AC_CHECK_FUNCS([OPENSSL_init_ssl BIO_get_data BIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free])
++  AC_CHECK_FUNCS([OPENSSL_init_ssl BIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free])
+   # OpenSSL versions before 1.1.0 required setting callback functions, for
+   # thread-safety. In 1.1.0, it's no longer required, and CRYPTO_lock()
+   # function was removed.
+diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
+index 13ac961442..e39952494e 100644
+--- a/src/backend/libpq/be-secure-openssl.c
++++ b/src/backend/libpq/be-secure-openssl.c
+@@ -823,11 +823,6 @@ be_tls_write(Port *port, void *ptr, size_t len, int *waitfor)
+  * to retry; do we need to adopt their logic for that?
+  */
+ 
+-#ifndef HAVE_BIO_GET_DATA
+-#define BIO_get_data(bio) (bio->ptr)
+-#define BIO_set_data(bio, data) (bio->ptr = data)
+-#endif
+-
+ static BIO_METHOD *my_bio_methods = NULL;
+ 
+ static int
+@@ -837,7 +832,7 @@ my_sock_read(BIO *h, char *buf, int size)
+ 
+ 	if (buf != NULL)
+ 	{
+-		res = secure_raw_read(((Port *) BIO_get_data(h)), buf, size);
++		res = secure_raw_read(((Port *) BIO_get_app_data(h)), buf, size);
+ 		BIO_clear_retry_flags(h);
+ 		if (res <= 0)
+ 		{
+@@ -857,7 +852,7 @@ my_sock_write(BIO *h, const char *buf, int size)
+ {
+ 	int			res = 0;
+ 
+-	res = secure_raw_write(((Port *) BIO_get_data(h)), buf, size);
++	res = secure_raw_write(((Port *) BIO_get_app_data(h)), buf, size);
+ 	BIO_clear_retry_flags(h);
+ 	if (res <= 0)
+ 	{
+@@ -933,7 +928,7 @@ my_SSL_set_fd(Port *port, int fd)
+ 		SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
+ 		goto err;
+ 	}
+-	BIO_set_data(bio, port);
++	BIO_set_app_data(bio, port);
+ 
+ 	BIO_set_fd(bio, fd, BIO_NOCLOSE);
+ 	SSL_set_bio(port->ssl, bio, bio);
+diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in
+index 40d513c128..51fa911fb6 100644
+--- a/src/include/pg_config.h.in
++++ b/src/include/pg_config.h.in
+@@ -86,9 +86,6 @@
+ /* Define to 1 if you have the `backtrace_symbols' function. */
+ #undef HAVE_BACKTRACE_SYMBOLS
+ 
+-/* Define to 1 if you have the `BIO_get_data' function. */
+-#undef HAVE_BIO_GET_DATA
+-
+ /* Define to 1 if you have the `BIO_meth_new' function. */
+ #undef HAVE_BIO_METH_NEW
+ 
+diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c
+index 7f27767da6..383fdbe80e 100644
+--- a/src/interfaces/libpq/fe-secure-openssl.c
++++ b/src/interfaces/libpq/fe-secure-openssl.c
+@@ -1661,11 +1661,7 @@ PQsslAttribute(PGconn *conn, const char *attribute_name)
+  * to retry; do we need to adopt their logic for that?
+  */
+ 
+-#ifndef HAVE_BIO_GET_DATA
+-#define BIO_get_data(bio) (bio->ptr)
+-#define BIO_set_data(bio, data) (bio->ptr = data)
+-#endif
+-
++/* protected by ssl_config_mutex */
+ static BIO_METHOD *my_bio_methods;
+ 
+ static int
+@@ -1673,7 +1669,7 @@ my_sock_read(BIO *h, char *buf, int size)
+ {
+ 	int			res;
+ 
+-	res = pqsecure_raw_read((PGconn *) BIO_get_data(h), buf, size);
++	res = pqsecure_raw_read((PGconn *) BIO_get_app_data(h), buf, size);
+ 	BIO_clear_retry_flags(h);
+ 	if (res < 0)
+ 	{
+@@ -1703,7 +1699,7 @@ my_sock_write(BIO *h, const char *buf, int size)
+ {
+ 	int			res;
+ 
+-	res = pqsecure_raw_write((PGconn *) BIO_get_data(h), buf, size);
++	res = pqsecure_raw_write((PGconn *) BIO_get_app_data(h), buf, size);
+ 	BIO_clear_retry_flags(h);
+ 	if (res < 0)
+ 	{
+@@ -1794,7 +1790,7 @@ my_SSL_set_fd(PGconn *conn, int fd)
+ 		SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
+ 		goto err;
+ 	}
+-	BIO_set_data(bio, conn);
++	BIO_set_app_data(bio, conn);
+ 
+ 	SSL_set_bio(conn->ssl, bio, bio);
+ 	BIO_set_fd(bio, fd, BIO_NOCLOSE);
+diff --git a/src/test/ssl/t/001_ssltests.pl b/src/test/ssl/t/001_ssltests.pl
+index 8cdd0d2e68..cc7bd98c83 100644
+--- a/src/test/ssl/t/001_ssltests.pl
++++ b/src/test/ssl/t/001_ssltests.pl
+@@ -538,7 +538,7 @@ $node->connect_fails(
+ $node->connect_fails(
+ 	"$common_connstr user=ssltestuser sslcert=ssl/client-revoked.crt sslkey=ssl/client-revoked_tmp.key",
+ 	"certificate authorization fails with revoked client cert",
+-	expected_stderr => qr/SSL error: sslv3 alert certificate revoked/,
++	expected_stderr => qr|SSL error: ssl[a-z0-9/]* alert certificate revoked|,
+ 	# revoked certificates should not authenticate the user
+ 	log_unlike => [qr/connection authenticated:/],);
+ 
+@@ -591,7 +591,7 @@ switch_server_cert($node, 'server-cn-only', undef, undef,
+ $node->connect_fails(
+ 	"$common_connstr user=ssltestuser sslcert=ssl/client-revoked.crt sslkey=ssl/client-revoked_tmp.key",
+ 	"certificate authorization fails with revoked client cert with server-side CRL directory",
+-	expected_stderr => qr/SSL error: sslv3 alert certificate revoked/);
++	expected_stderr => qr|SSL error: ssl[a-z0-9/]* alert certificate revoked|);
+ 
+ # clean up
+ foreach my $key (@keys)
+diff --git a/src/tools/msvc/Solution.pm b/src/tools/msvc/Solution.pm
+index 577b5afea7..53d60dbd25 100644
+--- a/src/tools/msvc/Solution.pm
++++ b/src/tools/msvc/Solution.pm
+@@ -229,7 +229,6 @@ sub GenerateFiles
+ 		HAVE_ATOMICS               => 1,
+ 		HAVE_ATOMIC_H              => undef,
+ 		HAVE_BACKTRACE_SYMBOLS     => undef,
+-		HAVE_BIO_GET_DATA          => undef,
+ 		HAVE_BIO_METH_NEW          => undef,
+ 		HAVE_CLOCK_GETTIME         => undef,
+ 		HAVE_COMPUTED_GOTO         => undef,
+@@ -562,7 +561,6 @@ sub GenerateFiles
+ 			|| ($digit1 >= '1' && $digit2 >= '1' && $digit3 >= '0'))
+ 		{
+ 			$define{HAVE_ASN1_STRING_GET0_DATA} = 1;
+-			$define{HAVE_BIO_GET_DATA}          = 1;
+ 			$define{HAVE_BIO_METH_NEW}          = 1;
+ 			$define{HAVE_HMAC_CTX_FREE}         = 1;
+ 			$define{HAVE_HMAC_CTX_NEW}          = 1;

diff --git a/dev-db/postgresql/files/postgresql-15-openssl3.2.patch b/dev-db/postgresql/files/postgresql-15-openssl3.2.patch
new file mode 100644
index 000000000000..6e0b954a9f0b
--- /dev/null
+++ b/dev-db/postgresql/files/postgresql-15-openssl3.2.patch
@@ -0,0 +1,194 @@
+commit a4927ebffae000198f6054eea26191ac2e50697f
+Author: Tom Lane <tgl@sss.pgh.pa.us>
+Date:   Tue Nov 28 12:34:03 2023 -0500
+
+    Use BIO_{get,set}_app_data instead of BIO_{get,set}_data.
+    
+    We should have done it this way all along, but we accidentally got
+    away with using the wrong BIO field up until OpenSSL 3.2.  There,
+    the library's BIO routines that we rely on use the "data" field
+    for their own purposes, and our conflicting use causes assorted
+    weird behaviors up to and including core dumps when SSL connections
+    are attempted.  Switch to using the approved field for the purpose,
+    i.e. app_data.
+    
+    While at it, remove our configure probes for BIO_get_data as well
+    as the fallback implementation.  BIO_{get,set}_app_data have been
+    there since long before any OpenSSL version that we still support,
+    even in the back branches.
+    
+    Also, update src/test/ssl/t/001_ssltests.pl to allow for a minor
+    change in an error message spelling that evidently came in with 3.2.
+    
+    Tristan Partin and Bo Andreson.  Back-patch to all supported branches.
+    
+    Discussion: https://postgr.es/m/CAN55FZ1eDDYsYaL7mv+oSLUij2h_u6hvD4Qmv-7PK7jkji0uyQ@mail.gmail.com
+
+diff --git a/configure b/configure
+index d83a402ea1..d55440cd6a 100755
+--- a/configure
++++ b/configure
+@@ -13239,7 +13239,7 @@ done
+   # defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it
+   # doesn't have these OpenSSL 1.1.0 functions. So check for individual
+   # functions.
+-  for ac_func in OPENSSL_init_ssl BIO_get_data BIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free
++  for ac_func in OPENSSL_init_ssl BIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free
+ do :
+   as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+diff --git a/configure.ac b/configure.ac
+index 570daced81..2bc752ca1a 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1347,7 +1347,7 @@ if test "$with_ssl" = openssl ; then
+   # defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it
+   # doesn't have these OpenSSL 1.1.0 functions. So check for individual
+   # functions.
+-  AC_CHECK_FUNCS([OPENSSL_init_ssl BIO_get_data BIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free])
++  AC_CHECK_FUNCS([OPENSSL_init_ssl BIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free])
+   # OpenSSL versions before 1.1.0 required setting callback functions, for
+   # thread-safety. In 1.1.0, it's no longer required, and CRYPTO_lock()
+   # function was removed.
+diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
+index f5c5ed210e..aed8a75345 100644
+--- a/src/backend/libpq/be-secure-openssl.c
++++ b/src/backend/libpq/be-secure-openssl.c
+@@ -839,11 +839,6 @@ be_tls_write(Port *port, void *ptr, size_t len, int *waitfor)
+  * to retry; do we need to adopt their logic for that?
+  */
+ 
+-#ifndef HAVE_BIO_GET_DATA
+-#define BIO_get_data(bio) (bio->ptr)
+-#define BIO_set_data(bio, data) (bio->ptr = data)
+-#endif
+-
+ static BIO_METHOD *my_bio_methods = NULL;
+ 
+ static int
+@@ -853,7 +848,7 @@ my_sock_read(BIO *h, char *buf, int size)
+ 
+ 	if (buf != NULL)
+ 	{
+-		res = secure_raw_read(((Port *) BIO_get_data(h)), buf, size);
++		res = secure_raw_read(((Port *) BIO_get_app_data(h)), buf, size);
+ 		BIO_clear_retry_flags(h);
+ 		if (res <= 0)
+ 		{
+@@ -873,7 +868,7 @@ my_sock_write(BIO *h, const char *buf, int size)
+ {
+ 	int			res = 0;
+ 
+-	res = secure_raw_write(((Port *) BIO_get_data(h)), buf, size);
++	res = secure_raw_write(((Port *) BIO_get_app_data(h)), buf, size);
+ 	BIO_clear_retry_flags(h);
+ 	if (res <= 0)
+ 	{
+@@ -949,7 +944,7 @@ my_SSL_set_fd(Port *port, int fd)
+ 		SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
+ 		goto err;
+ 	}
+-	BIO_set_data(bio, port);
++	BIO_set_app_data(bio, port);
+ 
+ 	BIO_set_fd(bio, fd, BIO_NOCLOSE);
+ 	SSL_set_bio(port->ssl, bio, bio);
+diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in
+index d09e9f9a1c..768e3d719c 100644
+--- a/src/include/pg_config.h.in
++++ b/src/include/pg_config.h.in
+@@ -77,9 +77,6 @@
+ /* Define to 1 if you have the `backtrace_symbols' function. */
+ #undef HAVE_BACKTRACE_SYMBOLS
+ 
+-/* Define to 1 if you have the `BIO_get_data' function. */
+-#undef HAVE_BIO_GET_DATA
+-
+ /* Define to 1 if you have the `BIO_meth_new' function. */
+ #undef HAVE_BIO_METH_NEW
+ 
+diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c
+index af59ff49f7..c19b0dc078 100644
+--- a/src/interfaces/libpq/fe-secure-openssl.c
++++ b/src/interfaces/libpq/fe-secure-openssl.c
+@@ -1800,11 +1800,7 @@ PQsslAttribute(PGconn *conn, const char *attribute_name)
+  * to retry; do we need to adopt their logic for that?
+  */
+ 
+-#ifndef HAVE_BIO_GET_DATA
+-#define BIO_get_data(bio) (bio->ptr)
+-#define BIO_set_data(bio, data) (bio->ptr = data)
+-#endif
+-
++/* protected by ssl_config_mutex */
+ static BIO_METHOD *my_bio_methods;
+ 
+ static int
+@@ -1812,7 +1808,7 @@ my_sock_read(BIO *h, char *buf, int size)
+ {
+ 	int			res;
+ 
+-	res = pqsecure_raw_read((PGconn *) BIO_get_data(h), buf, size);
++	res = pqsecure_raw_read((PGconn *) BIO_get_app_data(h), buf, size);
+ 	BIO_clear_retry_flags(h);
+ 	if (res < 0)
+ 	{
+@@ -1842,7 +1838,7 @@ my_sock_write(BIO *h, const char *buf, int size)
+ {
+ 	int			res;
+ 
+-	res = pqsecure_raw_write((PGconn *) BIO_get_data(h), buf, size);
++	res = pqsecure_raw_write((PGconn *) BIO_get_app_data(h), buf, size);
+ 	BIO_clear_retry_flags(h);
+ 	if (res < 0)
+ 	{
+@@ -1933,7 +1929,7 @@ my_SSL_set_fd(PGconn *conn, int fd)
+ 		SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
+ 		goto err;
+ 	}
+-	BIO_set_data(bio, conn);
++	BIO_set_app_data(bio, conn);
+ 
+ 	SSL_set_bio(conn->ssl, bio, bio);
+ 	BIO_set_fd(bio, fd, BIO_NOCLOSE);
+diff --git a/src/test/ssl/t/001_ssltests.pl b/src/test/ssl/t/001_ssltests.pl
+index 707f4005af..c570b48a1b 100644
+--- a/src/test/ssl/t/001_ssltests.pl
++++ b/src/test/ssl/t/001_ssltests.pl
+@@ -682,7 +682,7 @@ $node->connect_fails(
+ 	"$common_connstr user=ssltestuser sslcert=ssl/client-revoked.crt "
+ 	  . sslkey('client-revoked.key'),
+ 	"certificate authorization fails with revoked client cert",
+-	expected_stderr => qr/SSL error: sslv3 alert certificate revoked/,
++	expected_stderr => qr|SSL error: ssl[a-z0-9/]* alert certificate revoked|,
+ 	# revoked certificates should not authenticate the user
+ 	log_unlike => [qr/connection authenticated:/],);
+ 
+@@ -743,6 +743,6 @@ $node->connect_fails(
+ 	"$common_connstr user=ssltestuser sslcert=ssl/client-revoked.crt "
+ 	  . sslkey('client-revoked.key'),
+ 	"certificate authorization fails with revoked client cert with server-side CRL directory",
+-	expected_stderr => qr/SSL error: sslv3 alert certificate revoked/);
++	expected_stderr => qr|SSL error: ssl[a-z0-9/]* alert certificate revoked|);
+ 
+ done_testing();
+diff --git a/src/tools/msvc/Solution.pm b/src/tools/msvc/Solution.pm
+index 790f03b05e..a53239fa28 100644
+--- a/src/tools/msvc/Solution.pm
++++ b/src/tools/msvc/Solution.pm
+@@ -226,7 +226,6 @@ sub GenerateFiles
+ 		HAVE_ATOMICS               => 1,
+ 		HAVE_ATOMIC_H              => undef,
+ 		HAVE_BACKTRACE_SYMBOLS     => undef,
+-		HAVE_BIO_GET_DATA          => undef,
+ 		HAVE_BIO_METH_NEW          => undef,
+ 		HAVE_CLOCK_GETTIME         => undef,
+ 		HAVE_COMPUTED_GOTO         => undef,
+@@ -566,7 +565,6 @@ sub GenerateFiles
+ 			|| ($digit1 >= '1' && $digit2 >= '1' && $digit3 >= '0'))
+ 		{
+ 			$define{HAVE_ASN1_STRING_GET0_DATA} = 1;
+-			$define{HAVE_BIO_GET_DATA}          = 1;
+ 			$define{HAVE_BIO_METH_NEW}          = 1;
+ 			$define{HAVE_HMAC_CTX_FREE}         = 1;
+ 			$define{HAVE_HMAC_CTX_NEW}          = 1;

diff --git a/dev-db/postgresql/files/postgresql-16-openssl3.2.patch b/dev-db/postgresql/files/postgresql-16-openssl3.2.patch
new file mode 100644
index 000000000000..2740187d9f4e
--- /dev/null
+++ b/dev-db/postgresql/files/postgresql-16-openssl3.2.patch
@@ -0,0 +1,216 @@
+commit 9140a24b312176ebb4e6eb6458b33ce640c04440
+Author: Tom Lane <tgl@sss.pgh.pa.us>
+Date:   Tue Nov 28 12:34:03 2023 -0500
+
+    Use BIO_{get,set}_app_data instead of BIO_{get,set}_data.
+    
+    We should have done it this way all along, but we accidentally got
+    away with using the wrong BIO field up until OpenSSL 3.2.  There,
+    the library's BIO routines that we rely on use the "data" field
+    for their own purposes, and our conflicting use causes assorted
+    weird behaviors up to and including core dumps when SSL connections
+    are attempted.  Switch to using the approved field for the purpose,
+    i.e. app_data.
+    
+    While at it, remove our configure probes for BIO_get_data as well
+    as the fallback implementation.  BIO_{get,set}_app_data have been
+    there since long before any OpenSSL version that we still support,
+    even in the back branches.
+    
+    Also, update src/test/ssl/t/001_ssltests.pl to allow for a minor
+    change in an error message spelling that evidently came in with 3.2.
+    
+    Tristan Partin and Bo Andreson.  Back-patch to all supported branches.
+    
+    Discussion: https://postgr.es/m/CAN55FZ1eDDYsYaL7mv+oSLUij2h_u6hvD4Qmv-7PK7jkji0uyQ@mail.gmail.com
+
+diff --git a/configure b/configure
+index 82e45657b2..907c777b9c 100755
+--- a/configure
++++ b/configure
+@@ -12982,7 +12982,7 @@ done
+   # defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it
+   # doesn't have these OpenSSL 1.1.0 functions. So check for individual
+   # functions.
+-  for ac_func in OPENSSL_init_ssl BIO_get_data BIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free
++  for ac_func in OPENSSL_init_ssl BIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free
+ do :
+   as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+diff --git a/configure.ac b/configure.ac
+index fcea0bcab4..ab32bfdd08 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1385,7 +1385,7 @@ if test "$with_ssl" = openssl ; then
+   # defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it
+   # doesn't have these OpenSSL 1.1.0 functions. So check for individual
+   # functions.
+-  AC_CHECK_FUNCS([OPENSSL_init_ssl BIO_get_data BIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free])
++  AC_CHECK_FUNCS([OPENSSL_init_ssl BIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free])
+   # OpenSSL versions before 1.1.0 required setting callback functions, for
+   # thread-safety. In 1.1.0, it's no longer required, and CRYPTO_lock()
+   # function was removed.
+diff --git a/meson.build b/meson.build
+index 51b5285924..96fc2e139a 100644
+--- a/meson.build
++++ b/meson.build
+@@ -1278,7 +1278,6 @@ if sslopt in ['auto', 'openssl']
+       # doesn't have these OpenSSL 1.1.0 functions. So check for individual
+       # functions.
+       ['OPENSSL_init_ssl'],
+-      ['BIO_get_data'],
+       ['BIO_meth_new'],
+       ['ASN1_STRING_get0_data'],
+       ['HMAC_CTX_new'],
+diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
+index e9c86d08df..49dca0cda9 100644
+--- a/src/backend/libpq/be-secure-openssl.c
++++ b/src/backend/libpq/be-secure-openssl.c
+@@ -844,11 +844,6 @@ be_tls_write(Port *port, void *ptr, size_t len, int *waitfor)
+  * to retry; do we need to adopt their logic for that?
+  */
+ 
+-#ifndef HAVE_BIO_GET_DATA
+-#define BIO_get_data(bio) (bio->ptr)
+-#define BIO_set_data(bio, data) (bio->ptr = data)
+-#endif
+-
+ static BIO_METHOD *my_bio_methods = NULL;
+ 
+ static int
+@@ -858,7 +853,7 @@ my_sock_read(BIO *h, char *buf, int size)
+ 
+ 	if (buf != NULL)
+ 	{
+-		res = secure_raw_read(((Port *) BIO_get_data(h)), buf, size);
++		res = secure_raw_read(((Port *) BIO_get_app_data(h)), buf, size);
+ 		BIO_clear_retry_flags(h);
+ 		if (res <= 0)
+ 		{
+@@ -878,7 +873,7 @@ my_sock_write(BIO *h, const char *buf, int size)
+ {
+ 	int			res = 0;
+ 
+-	res = secure_raw_write(((Port *) BIO_get_data(h)), buf, size);
++	res = secure_raw_write(((Port *) BIO_get_app_data(h)), buf, size);
+ 	BIO_clear_retry_flags(h);
+ 	if (res <= 0)
+ 	{
+@@ -954,7 +949,7 @@ my_SSL_set_fd(Port *port, int fd)
+ 		SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
+ 		goto err;
+ 	}
+-	BIO_set_data(bio, port);
++	BIO_set_app_data(bio, port);
+ 
+ 	BIO_set_fd(bio, fd, BIO_NOCLOSE);
+ 	SSL_set_bio(port->ssl, bio, bio);
+diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in
+index 6d572c3820..174544630e 100644
+--- a/src/include/pg_config.h.in
++++ b/src/include/pg_config.h.in
+@@ -70,9 +70,6 @@
+ /* Define to 1 if you have the `backtrace_symbols' function. */
+ #undef HAVE_BACKTRACE_SYMBOLS
+ 
+-/* Define to 1 if you have the `BIO_get_data' function. */
+-#undef HAVE_BIO_GET_DATA
+-
+ /* Define to 1 if you have the `BIO_meth_new' function. */
+ #undef HAVE_BIO_METH_NEW
+ 
+diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c
+index 390c888c96..fb6404ade0 100644
+--- a/src/interfaces/libpq/fe-secure-openssl.c
++++ b/src/interfaces/libpq/fe-secure-openssl.c
+@@ -1830,11 +1830,7 @@ PQsslAttribute(PGconn *conn, const char *attribute_name)
+  * to retry; do we need to adopt their logic for that?
+  */
+ 
+-#ifndef HAVE_BIO_GET_DATA
+-#define BIO_get_data(bio) (bio->ptr)
+-#define BIO_set_data(bio, data) (bio->ptr = data)
+-#endif
+-
++/* protected by ssl_config_mutex */
+ static BIO_METHOD *my_bio_methods;
+ 
+ static int
+@@ -1842,7 +1838,7 @@ my_sock_read(BIO *h, char *buf, int size)
+ {
+ 	int			res;
+ 
+-	res = pqsecure_raw_read((PGconn *) BIO_get_data(h), buf, size);
++	res = pqsecure_raw_read((PGconn *) BIO_get_app_data(h), buf, size);
+ 	BIO_clear_retry_flags(h);
+ 	if (res < 0)
+ 	{
+@@ -1872,7 +1868,7 @@ my_sock_write(BIO *h, const char *buf, int size)
+ {
+ 	int			res;
+ 
+-	res = pqsecure_raw_write((PGconn *) BIO_get_data(h), buf, size);
++	res = pqsecure_raw_write((PGconn *) BIO_get_app_data(h), buf, size);
+ 	BIO_clear_retry_flags(h);
+ 	if (res < 0)
+ 	{
+@@ -1963,7 +1959,7 @@ my_SSL_set_fd(PGconn *conn, int fd)
+ 		SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
+ 		goto err;
+ 	}
+-	BIO_set_data(bio, conn);
++	BIO_set_app_data(bio, conn);
+ 
+ 	SSL_set_bio(conn->ssl, bio, bio);
+ 	BIO_set_fd(bio, fd, BIO_NOCLOSE);
+diff --git a/src/test/ssl/t/001_ssltests.pl b/src/test/ssl/t/001_ssltests.pl
+index 76442de063..9bb28fbc83 100644
+--- a/src/test/ssl/t/001_ssltests.pl
++++ b/src/test/ssl/t/001_ssltests.pl
+@@ -781,7 +781,7 @@ $node->connect_fails(
+ 	"$common_connstr user=ssltestuser sslcert=ssl/client-revoked.crt "
+ 	  . sslkey('client-revoked.key'),
+ 	"certificate authorization fails with revoked client cert",
+-	expected_stderr => qr/SSL error: sslv3 alert certificate revoked/,
++	expected_stderr => qr|SSL error: ssl[a-z0-9/]* alert certificate revoked|,
+ 	# temporarily(?) skip this check due to timing issue
+ 	#	log_like => [
+ 	#		qr{Client certificate verification failed at depth 0: certificate revoked},
+@@ -886,7 +886,7 @@ $node->connect_fails(
+ 	"$common_connstr user=ssltestuser sslcert=ssl/client-revoked.crt "
+ 	  . sslkey('client-revoked.key'),
+ 	"certificate authorization fails with revoked client cert with server-side CRL directory",
+-	expected_stderr => qr/SSL error: sslv3 alert certificate revoked/,
++	expected_stderr => qr|SSL error: ssl[a-z0-9/]* alert certificate revoked|,
+ 	# temporarily(?) skip this check due to timing issue
+ 	#	log_like => [
+ 	#		qr{Client certificate verification failed at depth 0: certificate revoked},
+@@ -899,7 +899,7 @@ $node->connect_fails(
+ 	"$common_connstr user=ssltestuser sslcert=ssl/client-revoked-utf8.crt "
+ 	  . sslkey('client-revoked-utf8.key'),
+ 	"certificate authorization fails with revoked UTF-8 client cert with server-side CRL directory",
+-	expected_stderr => qr/SSL error: sslv3 alert certificate revoked/,
++	expected_stderr => qr|SSL error: ssl[a-z0-9/]* alert certificate revoked|,
+ 	# temporarily(?) skip this check due to timing issue
+ 	#	log_like => [
+ 	#		qr{Client certificate verification failed at depth 0: certificate revoked},
+diff --git a/src/tools/msvc/Solution.pm b/src/tools/msvc/Solution.pm
+index b6d31c3583..711fae853f 100644
+--- a/src/tools/msvc/Solution.pm
++++ b/src/tools/msvc/Solution.pm
+@@ -225,7 +225,6 @@ sub GenerateFiles
+ 		HAVE_ATOMICS => 1,
+ 		HAVE_ATOMIC_H => undef,
+ 		HAVE_BACKTRACE_SYMBOLS => undef,
+-		HAVE_BIO_GET_DATA => undef,
+ 		HAVE_BIO_METH_NEW => undef,
+ 		HAVE_COMPUTED_GOTO => undef,
+ 		HAVE_COPYFILE => undef,
+@@ -503,7 +502,6 @@ sub GenerateFiles
+ 			|| ($digit1 >= '1' && $digit2 >= '1' && $digit3 >= '0'))
+ 		{
+ 			$define{HAVE_ASN1_STRING_GET0_DATA} = 1;
+-			$define{HAVE_BIO_GET_DATA} = 1;
+ 			$define{HAVE_BIO_METH_NEW} = 1;
+ 			$define{HAVE_HMAC_CTX_FREE} = 1;
+ 			$define{HAVE_HMAC_CTX_NEW} = 1;

diff --git a/dev-db/postgresql/postgresql-12.17-r1.ebuild b/dev-db/postgresql/postgresql-12.17-r1.ebuild
new file mode 100644
index 000000000000..98c061b70e09
--- /dev/null
+++ b/dev-db/postgresql/postgresql-12.17-r1.ebuild
@@ -0,0 +1,453 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10,11,12} )
+LLVM_MAX_SLOT=17
+
+inherit flag-o-matic linux-info llvm pam python-single-r1 systemd tmpfiles
+
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris"
+
+SLOT=$(ver_cut 1)
+
+MY_PV=${PV/_/}
+S="${WORKDIR}/${PN}-${MY_PV}"
+
+SRC_URI="https://ftp.postgresql.org/pub/source/v${MY_PV}/postgresql-${MY_PV}.tar.bz2"
+
+LICENSE="POSTGRESQL GPL-2"
+DESCRIPTION="PostgreSQL RDBMS"
+HOMEPAGE="https://www.postgresql.org/"
+
+IUSE="debug doc icu kerberos ldap llvm nls pam perl python +readline
+	  selinux +server systemd ssl static-libs tcl uuid xml zlib"
+
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+CDEPEND="
+>=app-eselect/eselect-postgresql-2.0
+acct-group/postgres
+acct-user/postgres
+sys-apps/less
+virtual/libintl
+icu? ( dev-libs/icu:= )
+kerberos? ( virtual/krb5 )
+ldap? ( net-nds/openldap:= )
+llvm? (
+	<sys-devel/llvm-18:=
+	<sys-devel/clang-18:=
+)
+pam? ( sys-libs/pam )
+perl? ( >=dev-lang/perl-5.8:= )
+python? ( ${PYTHON_DEPS} )
+readline? ( sys-libs/readline:0= )
+server? ( systemd? ( sys-apps/systemd ) )
+ssl? ( >=dev-libs/openssl-0.9.6-r1:0= )
+tcl? ( >=dev-lang/tcl-8:0= )
+xml? ( dev-libs/libxml2 dev-libs/libxslt )
+zlib? ( sys-libs/zlib )
+"
+
+# uuid flags -- depend on sys-apps/util-linux for Linux libcs, or if no
+# supported libc in use depend on dev-libs/ossp-uuid. For BSD systems,
+# the libc includes UUID functions.
+UTIL_LINUX_LIBC=( elibc_{glibc,musl} )
+
+nest_usedep() {
+	local front back
+	while [[ ${#} -gt 1 ]]; do
+		front+="${1}? ( "
+		back+=" )"
+		shift
+	done
+	echo "${front}${1}${back}"
+}
+
+CDEPEND+="
+uuid? (
+	${UTIL_LINUX_LIBC[@]/%/? ( sys-apps/util-linux )}
+	$(nest_usedep ${UTIL_LINUX_LIBC[@]/#/!} dev-libs/ossp-uuid)
+)"
+
+DEPEND="${CDEPEND}
+sys-devel/bison
+app-alternatives/lex
+nls? ( sys-devel/gettext )
+xml? ( virtual/pkgconfig )
+"
+
+RDEPEND="${CDEPEND}
+selinux? ( sec-policy/selinux-postgresql )
+"
+
+pkg_setup() {
+	use llvm && llvm_pkg_setup
+
+	use server && CONFIG_CHECK="~SYSVIPC" linux-info_pkg_setup
+
+	use python && python-single-r1_pkg_setup
+}
+
+src_prepare() {
+	# Set proper run directory
+	sed "s|\(PGSOCKET_DIR\s\+\)\"/tmp\"|\1\"${EPREFIX}/run/postgresql\"|" \
+		-i src/include/pg_config_manual.h || die
+
+	# Rely on $PATH being in the proper order so that the correct
+	# install program is used for modules utilizing PGXS in both
+	# hardened and non-hardened environments. (Bug #528786)
+	sed 's/@install_bin@/install -c/' -i src/Makefile.global.in || die
+
+	use server || eapply "${FILESDIR}/${PN}-12.1-no-server.patch"
+
+	if use pam ; then
+		sed "s/\(#define PGSQL_PAM_SERVICE \"postgresql\)/\1-${SLOT}/" \
+			-i src/backend/libpq/auth.c || \
+			die 'PGSQL_PAM_SERVICE rename failed.'
+	fi
+
+	eapply "${FILESDIR}"/postgresql-12-openssl3.2.patch
+
+	eapply_user
+}
+
+src_configure() {
+	case ${CHOST} in
+		*-darwin*|*-solaris*)
+			use nls && append-libs intl
+			;;
+	esac
+
+	export LDFLAGS_SL="${LDFLAGS}"
+	export LDFLAGS_EX="${LDFLAGS}"
+
+	local PO="${EPREFIX}"
+
+	local i uuid_config=""
+	if use uuid; then
+		for i in ${UTIL_LINUX_LIBC[@]}; do
+			use ${i} && uuid_config="--with-uuid=e2fs"
+		done
+		[[ -z $uuid_config ]] && uuid_config="--with-uuid=ossp"
+	fi
+
+	econf \
+		--prefix="${PO}/usr/$(get_libdir)/postgresql-${SLOT}" \
+		--datadir="${PO}/usr/share/postgresql-${SLOT}" \
+		--includedir="${PO}/usr/include/postgresql-${SLOT}" \
+		--mandir="${PO}/usr/share/postgresql-${SLOT}/man" \
+		--sysconfdir="${PO}/etc/postgresql-${SLOT}" \
+		--with-system-tzdata="${PO}/usr/share/zoneinfo" \
+		$(use_enable !alpha spinlocks) \
+		$(use_enable debug) \
+		$(use_with icu) \
+		$(use_with kerberos gssapi) \
+		$(use_with ldap) \
+		$(use_with llvm) \
+		$(use_with pam) \
+		$(use_with perl) \
+		$(use_with python) \
+		$(use_with readline) \
+		$(use_with ssl openssl) \
+		$(usex server "$(use_with systemd)" '--without-systemd') \
+		$(use_with tcl) \
+		${uuid_config} \
+		$(use_with xml libxml) \
+		$(use_with xml libxslt) \
+		$(use_with zlib) \
+		$(use_enable nls)
+}
+
+src_compile() {
+	emake
+	emake -C contrib
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+	emake DESTDIR="${D}" install -C contrib
+
+	dodoc README HISTORY
+
+	# man pages are already built, but if we have the target make them,
+	# they'll be generated from source before being installed so we
+	# manually install man pages.
+	# We use ${SLOT} instead of doman for postgresql.eselect
+	insinto /usr/share/postgresql-${SLOT}/man/
+	doins -r doc/src/sgml/man{1,3,7}
+	if ! use server; then
+		# Remove man pages for non-existent binaries
+		serverman=(
+			initdb
+			pg_{archivecleanup,controldata,ctl,resetwal,rewind,standby}
+			pg_{test_{fsync,timing},upgrade,waldump}
+			post{gres,master}
+		)
+		for m in ${serverman[@]} ; do
+			rm "${ED}/usr/share/postgresql-${SLOT}/man/man1/${m}.1"
+		done
+	fi
+	docompress /usr/share/postgresql-${SLOT}/man/man{1,3,7}
+
+	# Create slot specific man pages
+	local bn f mansec slotted_name
+	for mansec in 1 3 7 ; do
+		local rel_manpath="../../postgresql-${SLOT}/man/man${mansec}"
+
+		mkdir -p "${ED}"/usr/share/man/man${mansec} || die "making man dir"
+		pushd "${ED}"/usr/share/man/man${mansec} > /dev/null || die "pushd failed"
+
+		for f in "${ED}/usr/share/postgresql-${SLOT}/man/man${mansec}"/* ; do
+			bn=$(basename "${f}")
+			slotted_name=${bn%.${mansec}}${SLOT}.${mansec}
+			case ${bn} in
+				TABLE.7|WITH.7)
+					echo ".so ${rel_manpath}/SELECT.7" > ${slotted_name}
+					;;
+				*)
+					echo ".so ${rel_manpath}/${bn}" > ${slotted_name}
+					;;
+			esac
+		done
+
+		popd > /dev/null
+	done
+
+	insinto /etc/postgresql-${SLOT}
+	newins src/bin/psql/psqlrc.sample psqlrc
+
+	# Don't delete libpg{port,common}.a (Bug #571046). They're always
+	# needed by extensions utilizing PGXS.
+	use static-libs || \
+		find "${ED}" -name '*.a' ! -name libpgport.a ! -name libpgcommon.a \
+			 -delete
+
+	# Make slot specific links to programs
+	local f bn
+	for f in $(find "${ED}/usr/$(get_libdir)/postgresql-${SLOT}/bin" \
+					-mindepth 1 -maxdepth 1)
+	do
+		bn=$(basename "${f}")
+		dosym "../$(get_libdir)/postgresql-${SLOT}/bin/${bn}" \
+			  "/usr/bin/${bn}${SLOT/.}"
+	done
+
+	if use doc ; then
+		docinto html
+		dodoc doc/src/sgml/html/*
+	fi
+
+	if use server; then
+		sed -e "s|@SLOT@|${SLOT}|g" -e "s|@LIBDIR@|$(get_libdir)|g" \
+			"${FILESDIR}/${PN}.confd-9.3" | newconfd - ${PN}-${SLOT}
+
+		sed -e "s|@SLOT@|${SLOT}|g" -e "s|@LIBDIR@|$(get_libdir)|g" \
+			"${FILESDIR}/${PN}.init-9.3-r1" | newinitd - ${PN}-${SLOT}
+
+		if use systemd; then
+			sed -e "s|@SLOT@|${SLOT}|g" -e "s|@LIBDIR@|$(get_libdir)|g" \
+				"${FILESDIR}/${PN}.service-9.6-r1" | \
+				systemd_newunit - ${PN}-${SLOT}.service
+			newbin "${FILESDIR}"/${PN}-check-db-dir ${PN}-${SLOT}-check-db-dir
+			newtmpfiles "${FILESDIR}"/${PN}.tmpfiles ${PN}-${SLOT}.conf
+		fi
+
+		use pam && pamd_mimic system-auth ${PN}-${SLOT} auth account session
+
+		if use prefix ; then
+			keepdir /run/postgresql
+			fperms 1775 /run/postgresql
+		fi
+	fi
+}
+
+pkg_postinst() {
+	use server && use systemd && tmpfiles_process ${PN}-${SLOT}.conf
+	postgresql-config update
+
+	elog "If you need a global psqlrc-file, you can place it in:"
+	elog "    ${EROOT}/etc/postgresql-${SLOT}/"
+
+	if use server ; then
+		elog
+		elog "Gentoo specific documentation:"
+		elog "https://wiki.gentoo.org/wiki/PostgreSQL"
+		elog
+		elog "Official documentation:"
+		elog "https://www.postgresql.org/docs/${SLOT}/static/index.html"
+		elog
+		elog "The default location of the Unix-domain socket is:"
+		elog "    ${EROOT}/run/postgresql/"
+		elog
+		elog "Before initializing the database, you may want to edit PG_INITDB_OPTS"
+		elog "so that it contains your preferred locale in:"
+		elog "    ${EROOT}/etc/conf.d/postgresql-${SLOT}"
+		elog
+		elog "Then, execute the following command to setup the initial database"
+		elog "environment:"
+		elog "    emerge --config =${CATEGORY}/${PF}"
+
+		if [[ -n ${REPLACING_VERSIONS} ]] ; then
+			ewarn "If your system is using 'pg_stat_statements' and you are running a"
+			ewarn "version of PostgreSQL ${SLOT}, we advise that you execute"
+			ewarn "the following command after upgrading:"
+			ewarn
+			ewarn "ALTER EXTENSION pg_stat_statements UPDATE;"
+		fi
+	fi
+}
+
+pkg_prerm() {
+	if use server && [[ -z ${REPLACED_BY_VERSION} ]] ; then
+		ewarn "Have you dumped and/or migrated the ${SLOT} database cluster?"
+		ewarn "\thttps://wiki.gentoo.org/wiki/PostgreSQL/QuickStart#Migrating_PostgreSQL"
+
+		ebegin "Resuming removal in 10 seconds (Control-C to cancel)"
+		sleep 10
+		eend 0
+	fi
+}
+
+pkg_postrm() {
+	postgresql-config update
+}
+
+pkg_config() {
+	use server || die "USE flag 'server' not enabled. Nothing to configure."
+
+	[[ -f "${EROOT}/etc/conf.d/postgresql-${SLOT}" ]] \
+		&& source "${EROOT}/etc/conf.d/postgresql-${SLOT}"
+	[[ -z "${PGDATA}" ]] && PGDATA="${EROOT}/etc/postgresql-${SLOT}/"
+	[[ -z "${DATA_DIR}" ]] \
+		&& DATA_DIR="${EROOT}/var/lib/postgresql/${SLOT}/data"
+
+	# environment.bz2 may not contain the same locale as the current system
+	# locale. Unset and source from the current system locale.
+	if [ -f "${EROOT}/etc/env.d/02locale" ]; then
+		unset LANG
+		unset LC_CTYPE
+		unset LC_NUMERIC
+		unset LC_TIME
+		unset LC_COLLATE
+		unset LC_MONETARY
+		unset LC_MESSAGES
+		unset LC_ALL
+		source "${EROOT}/etc/env.d/02locale"
+		[ -n "${LANG}" ] && export LANG
+		[ -n "${LC_CTYPE}" ] && export LC_CTYPE
+		[ -n "${LC_NUMERIC}" ] && export LC_NUMERIC
+		[ -n "${LC_TIME}" ] && export LC_TIME
+		[ -n "${LC_COLLATE}" ] && export LC_COLLATE
+		[ -n "${LC_MONETARY}" ] && export LC_MONETARY
+		[ -n "${LC_MESSAGES}" ] && export LC_MESSAGES
+		[ -n "${LC_ALL}" ] && export LC_ALL
+	fi
+
+	einfo "You can modify the paths and options passed to initdb by editing:"
+	einfo "    ${EROOT}/etc/conf.d/postgresql-${SLOT}"
+	einfo
+	einfo "Information on options that can be passed to initdb are found at:"
+	einfo "    https://www.postgresql.org/docs/${SLOT}/static/creating-cluster.html"
+	einfo "    https://www.postgresql.org/docs/${SLOT}/static/app-initdb.html"
+	einfo
+	einfo "PG_INITDB_OPTS is currently set to:"
+	if [[ -z "${PG_INITDB_OPTS}" ]] ; then
+		einfo "    (none)"
+	else
+		einfo "    ${PG_INITDB_OPTS}"
+	fi
+	einfo
+	einfo "Configuration files will be installed to:"
+	einfo "    ${PGDATA}"
+	einfo
+	einfo "The database cluster will be created in:"
+	einfo "    ${DATA_DIR}"
+	einfo
+
+	ebegin "Continuing initialization in 5 seconds (Control-C to cancel)"
+	sleep 5
+	eend 0
+
+	if [ -n "$(ls -A ${DATA_DIR} 2> /dev/null)" ] ; then
+		eerror "The given directory, '${DATA_DIR}', is not empty."
+		eerror "Modify DATA_DIR to point to an empty directory."
+		die "${DATA_DIR} is not empty."
+	fi
+
+	einfo "Creating the data directory ..."
+	if [[ ${EUID} == 0 ]] ; then
+		mkdir -p "$(dirname ${DATA_DIR%/})" || die "Couldn't parent dirs"
+		mkdir -m 0700 "${DATA_DIR%/}" || die "Couldn't make DATA_DIR"
+		chown -h postgres:postgres "${DATA_DIR%/}" || die "Couldn't chown"
+	fi
+
+	einfo "Initializing the database ..."
+
+	if [[ ${EUID} == 0 ]] ; then
+		su - postgres -c "${EROOT}/usr/$(get_libdir)/postgresql-${SLOT}/bin/initdb -D \"${DATA_DIR}\" ${PG_INITDB_OPTS}"
+	else
+		"${EROOT}"/usr/$(get_libdir)/postgresql-${SLOT}/bin/initdb -U postgres -D "${DATA_DIR}" ${PG_INITDB_OPTS}
+	fi
+
+	if [[ "${DATA_DIR%/}" != "${PGDATA%/}" ]] ; then
+		mv "${DATA_DIR%/}"/{pg_{hba,ident},postgresql}.conf "${PGDATA}"
+		ln -s "${PGDATA%/}"/{pg_{hba,ident},postgresql}.conf "${DATA_DIR%/}"
+	fi
+
+	# unix_socket_directory has no effect in postgresql.conf as it's
+	# overridden in the initscript
+	sed '/^#unix_socket_directories/,+1d' -i "${PGDATA%/}"/postgresql.conf
+
+	cat <<- EOF >> "${PGDATA%/}"/postgresql.conf
+		# This is here because of https://bugs.gentoo.org/show_bug.cgi?id=518522
+		# On the off-chance that you might need to work with UTF-8 encoded
+		# characters in PL/Perl
+		plperl.on_init = 'use utf8; use re; package utf8; require "utf8_heavy.pl";'
+	EOF
+
+	einfo "The autovacuum function, which was in contrib, has been moved to the main"
+	einfo "PostgreSQL functions starting with 8.1, and starting with 8.4 is now enabled"
+	einfo "by default. You can disable it in the cluster's:"
+	einfo "    ${PGDATA%/}/postgresql.conf"
+	einfo
+	if ! use systemd; then
+		einfo "The PostgreSQL server, by default, will log events to:"
+		einfo "    ${DATA_DIR%/}/postmaster.log"
+		einfo
+	fi
+	if use prefix ; then
+		einfo "The location of the configuration files have moved to:"
+		einfo "    ${PGDATA}"
+		einfo "To start the server:"
+		einfo "    pg_ctl start -D ${DATA_DIR} -o '-D ${PGDATA} --data-directory=${DATA_DIR}'"
+		einfo "To stop:"
+		einfo "    pg_ctl stop -D ${DATA_DIR}"
+		einfo
+		einfo "Or move the configuration files back:"
+		einfo "mv ${PGDATA}*.conf ${DATA_DIR}"
+	elif use systemd; then
+		einfo "You should use the 'postgresql-${SLOT}.service' unit to run PostgreSQL"
+		einfo "instead of 'pg_ctl'."
+	else
+		einfo "You should use the '${EROOT}/etc/init.d/postgresql-${SLOT}' script to run PostgreSQL"
+		einfo "instead of 'pg_ctl'."
+	fi
+}
+
+src_test() {
+	if use server && [[ ${UID} -ne 0 ]] ; then
+		emake check
+
+		einfo "If you think other tests besides the regression tests are necessary, please"
+		einfo "submit a bug including a patch for this ebuild to enable them."
+	else
+		use server || \
+			ewarn 'Tests cannot be run without the "server" use flag enabled.'
+		[[ ${UID} -eq 0 ]] || \
+			ewarn 'Tests cannot be run as root. Enable "userpriv" in FEATURES.'
+
+		ewarn 'Skipping.'
+	fi
+}

diff --git a/dev-db/postgresql/postgresql-13.13-r1.ebuild b/dev-db/postgresql/postgresql-13.13-r1.ebuild
new file mode 100644
index 000000000000..603471f9df11
--- /dev/null
+++ b/dev-db/postgresql/postgresql-13.13-r1.ebuild
@@ -0,0 +1,465 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10,11,12} )
+LLVM_MAX_SLOT=17
+
+inherit flag-o-matic linux-info llvm pam python-single-r1 systemd tmpfiles
+
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris"
+
+SLOT=$(ver_cut 1)
+
+MY_PV=${PV/_/}
+S="${WORKDIR}/${PN}-${MY_PV}"
+
+SRC_URI="https://ftp.postgresql.org/pub/source/v${MY_PV}/postgresql-${MY_PV}.tar.bz2"
+
+LICENSE="POSTGRESQL GPL-2"
+DESCRIPTION="PostgreSQL RDBMS"
+HOMEPAGE="https://www.postgresql.org/"
+
+IUSE="debug doc icu kerberos ldap llvm nls pam perl python +readline
+	  selinux +server systemd ssl static-libs tcl uuid xml zlib"
+
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+CDEPEND="
+>=app-eselect/eselect-postgresql-2.0
+acct-group/postgres
+acct-user/postgres
+sys-apps/less
+virtual/libintl
+icu? ( dev-libs/icu:= )
+kerberos? ( virtual/krb5 )
+ldap? ( net-nds/openldap:= )
+llvm? (
+	<sys-devel/llvm-18:=
+	<sys-devel/clang-18:=
+)
+pam? ( sys-libs/pam )
+perl? ( >=dev-lang/perl-5.8:= )
+python? ( ${PYTHON_DEPS} )
+readline? ( sys-libs/readline:0= )
+server? ( systemd? ( sys-apps/systemd ) )
+ssl? ( >=dev-libs/openssl-0.9.6-r1:0= )
+tcl? ( >=dev-lang/tcl-8:0= )
+xml? ( dev-libs/libxml2 dev-libs/libxslt )
+zlib? ( sys-libs/zlib )
+"
+
+# uuid flags -- depend on sys-apps/util-linux for Linux libcs, or if no
+# supported libc in use depend on dev-libs/ossp-uuid. For BSD systems,
+# the libc includes UUID functions.
+UTIL_LINUX_LIBC=( elibc_{glibc,musl} )
+
+nest_usedep() {
+	local front back
+	while [[ ${#} -gt 1 ]]; do
+		front+="${1}? ( "
+		back+=" )"
+		shift
+	done
+	echo "${front}${1}${back}"
+}
+
+CDEPEND+="
+uuid? (
+	${UTIL_LINUX_LIBC[@]/%/? ( sys-apps/util-linux )}
+	$(nest_usedep ${UTIL_LINUX_LIBC[@]/#/!} dev-libs/ossp-uuid)
+)"
+
+DEPEND="${CDEPEND}
+sys-devel/bison
+app-alternatives/lex
+nls? ( sys-devel/gettext )
+xml? ( virtual/pkgconfig )
+"
+
+RDEPEND="${CDEPEND}
+selinux? ( sec-policy/selinux-postgresql )
+"
+
+pkg_setup() {
+	use llvm && llvm_pkg_setup
+
+	use server && CONFIG_CHECK="~SYSVIPC" linux-info_pkg_setup
+
+	use python && python-single-r1_pkg_setup
+}
+
+src_prepare() {
+	eapply "${FILESDIR}"/${PN}-13.3-riscv-spinlocks.patch
+
+	# Set proper run directory
+	sed "s|\(PGSOCKET_DIR\s\+\)\"/tmp\"|\1\"${EPREFIX}/run/postgresql\"|" \
+		-i src/include/pg_config_manual.h || die
+
+	# Rely on $PATH being in the proper order so that the correct
+	# install program is used for modules utilizing PGXS in both
+	# hardened and non-hardened environments. (Bug #528786)
+	sed 's/@install_bin@/install -c/' -i src/Makefile.global.in || die
+
+	use server || eapply "${FILESDIR}/${PN}-13.8-no-server.patch"
+
+	if use pam ; then
+		sed "s/\(#define PGSQL_PAM_SERVICE \"postgresql\)/\1-${SLOT}/" \
+			-i src/backend/libpq/auth.c || \
+			die 'PGSQL_PAM_SERVICE rename failed.'
+	fi
+
+	eapply "${FILESDIR}"/postgresql-13-openssl3.2.patch
+
+	eapply_user
+}
+
+src_configure() {
+	case ${CHOST} in
+		*-darwin*|*-solaris*)
+			use nls && append-libs intl
+			;;
+	esac
+
+	export LDFLAGS_SL="${LDFLAGS}"
+	export LDFLAGS_EX="${LDFLAGS}"
+
+	local PO="${EPREFIX}"
+
+	local i uuid_config=""
+	if use uuid; then
+		for i in ${UTIL_LINUX_LIBC[@]}; do
+			use ${i} && uuid_config="--with-uuid=e2fs"
+		done
+		[[ -z $uuid_config ]] && uuid_config="--with-uuid=ossp"
+	fi
+
+	local myconf="\
+		--prefix="${PO}/usr/$(get_libdir)/postgresql-${SLOT}" \
+		--datadir="${PO}/usr/share/postgresql-${SLOT}" \
+		--includedir="${PO}/usr/include/postgresql-${SLOT}" \
+		--mandir="${PO}/usr/share/postgresql-${SLOT}/man" \
+		--sysconfdir="${PO}/etc/postgresql-${SLOT}" \
+		--with-system-tzdata="${PO}/usr/share/zoneinfo" \
+		$(use_enable debug) \
+		$(use_with icu) \
+		$(use_with kerberos gssapi) \
+		$(use_with ldap) \
+		$(use_with llvm) \
+		$(use_with pam) \
+		$(use_with perl) \
+		$(use_with python) \
+		$(use_with readline) \
+		$(use_with ssl openssl) \
+		$(usex server "$(use_with systemd)" '--without-systemd') \
+		$(use_with tcl) \
+		${uuid_config} \
+		$(use_with xml libxml) \
+		$(use_with xml libxslt) \
+		$(use_with zlib) \
+		$(use_enable nls)"
+	if use alpha; then
+		myconf+=" --disable-spinlocks"
+	else
+		# Should be the default but just in case
+		myconf+=" --enable-spinlocks"
+	fi
+	econf ${myconf}
+}
+
+src_compile() {
+	emake
+	emake -C contrib
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+	emake DESTDIR="${D}" install -C contrib
+
+	dodoc README HISTORY
+
+	# man pages are already built, but if we have the target make them,
+	# they'll be generated from source before being installed so we
+	# manually install man pages.
+	# We use ${SLOT} instead of doman for postgresql.eselect
+	insinto /usr/share/postgresql-${SLOT}/man/
+	doins -r doc/src/sgml/man{1,3,7}
+	if ! use server; then
+		# Remove man pages for non-existent binaries
+		serverman=(
+			initdb
+			pg_{archivecleanup,controldata,ctl,resetwal,rewind,standby}
+			pg_{test_{fsync,timing},upgrade,waldump}
+			post{gres,master}
+		)
+		for m in ${serverman[@]} ; do
+			rm "${ED}/usr/share/postgresql-${SLOT}/man/man1/${m}.1"
+		done
+	fi
+	docompress /usr/share/postgresql-${SLOT}/man/man{1,3,7}
+
+	# Create slot specific man pages
+	local bn f mansec slotted_name
+	for mansec in 1 3 7 ; do
+		local rel_manpath="../../postgresql-${SLOT}/man/man${mansec}"
+
+		mkdir -p "${ED}"/usr/share/man/man${mansec} || die "making man dir"
+		pushd "${ED}"/usr/share/man/man${mansec} > /dev/null || die "pushd failed"
+
+		for f in "${ED}/usr/share/postgresql-${SLOT}/man/man${mansec}"/* ; do
+			bn=$(basename "${f}")
+			slotted_name=${bn%.${mansec}}${SLOT}.${mansec}
+			case ${bn} in
+				TABLE.7|WITH.7)
+					echo ".so ${rel_manpath}/SELECT.7" > ${slotted_name}
+					;;
+				*)
+					echo ".so ${rel_manpath}/${bn}" > ${slotted_name}
+					;;
+			esac
+		done
+
+		popd > /dev/null
+	done
+
+	insinto /etc/postgresql-${SLOT}
+	newins src/bin/psql/psqlrc.sample psqlrc
+
+	# Don't delete libpg{port,common}.a (Bug #571046). They're always
+	# needed by extensions utilizing PGXS.
+	use static-libs || \
+		find "${ED}" -name '*.a' ! -name libpgport.a ! -name libpgcommon.a \
+			 -delete
+
+	# Make slot specific links to programs
+	local f bn
+	for f in $(find "${ED}/usr/$(get_libdir)/postgresql-${SLOT}/bin" \
+					-mindepth 1 -maxdepth 1)
+	do
+		bn=$(basename "${f}")
+		dosym "../$(get_libdir)/postgresql-${SLOT}/bin/${bn}" \
+			  "/usr/bin/${bn}${SLOT/.}"
+	done
+
+	if use doc ; then
+		docinto html
+		dodoc doc/src/sgml/html/*
+	fi
+
+	if use server; then
+		sed -e "s|@SLOT@|${SLOT}|g" -e "s|@LIBDIR@|$(get_libdir)|g" \
+			"${FILESDIR}/${PN}.confd-9.3" | newconfd - ${PN}-${SLOT}
+
+		sed -e "s|@SLOT@|${SLOT}|g" -e "s|@LIBDIR@|$(get_libdir)|g" \
+			"${FILESDIR}/${PN}.init-9.3-r1" | newinitd - ${PN}-${SLOT}
+
+		if use systemd; then
+			sed -e "s|@SLOT@|${SLOT}|g" -e "s|@LIBDIR@|$(get_libdir)|g" \
+				"${FILESDIR}/${PN}.service-9.6-r1" | \
+				systemd_newunit - ${PN}-${SLOT}.service
+			newbin "${FILESDIR}"/${PN}-check-db-dir ${PN}-${SLOT}-check-db-dir
+			newtmpfiles "${FILESDIR}"/${PN}.tmpfiles ${PN}-${SLOT}.conf
+		fi
+
+		use pam && pamd_mimic system-auth ${PN}-${SLOT} auth account session
+
+		if use prefix ; then
+			keepdir /run/postgresql
+			fperms 1775 /run/postgresql
+		fi
+	fi
+}
+
+pkg_postinst() {
+	use server && use systemd && tmpfiles_process ${PN}-${SLOT}.conf
+	postgresql-config update
+
+	elog "If you need a global psqlrc-file, you can place it in:"
+	elog "    ${EROOT}/etc/postgresql-${SLOT}/"
+
+	if use server ; then
+		elog
+		elog "Gentoo specific documentation:"
+		elog "https://wiki.gentoo.org/wiki/PostgreSQL"
+		elog
+		elog "Official documentation:"
+		elog "https://www.postgresql.org/docs/${SLOT}/static/index.html"
+		elog
+		elog "The default location of the Unix-domain socket is:"
+		elog "    ${EROOT}/run/postgresql/"
+		elog
+		elog "Before initializing the database, you may want to edit PG_INITDB_OPTS"
+		elog "so that it contains your preferred locale in:"
+		elog "    ${EROOT}/etc/conf.d/postgresql-${SLOT}"
+		elog
+		elog "Then, execute the following command to setup the initial database"
+		elog "environment:"
+		elog "    emerge --config =${CATEGORY}/${PF}"
+
+		if [[ -n ${REPLACING_VERSIONS} ]] ; then
+			ewarn "If your system is using 'pg_stat_statements' and you are running a"
+			ewarn "version of PostgreSQL ${SLOT}, we advise that you execute"
+			ewarn "the following command after upgrading:"
+			ewarn
+			ewarn "ALTER EXTENSION pg_stat_statements UPDATE;"
+		fi
+	fi
+}
+
+pkg_prerm() {
+	if use server && [[ -z ${REPLACED_BY_VERSION} ]] ; then
+		ewarn "Have you dumped and/or migrated the ${SLOT} database cluster?"
+		ewarn "\thttps://wiki.gentoo.org/wiki/PostgreSQL/QuickStart#Migrating_PostgreSQL"
+
+		ebegin "Resuming removal in 10 seconds (Control-C to cancel)"
+		sleep 10
+		eend 0
+	fi
+}
+
+pkg_postrm() {
+	postgresql-config update
+}
+
+pkg_config() {
+	use server || die "USE flag 'server' not enabled. Nothing to configure."
+
+	[[ -f "${EROOT}/etc/conf.d/postgresql-${SLOT}" ]] \
+		&& source "${EROOT}/etc/conf.d/postgresql-${SLOT}"
+	[[ -z "${PGDATA}" ]] && PGDATA="${EROOT}/etc/postgresql-${SLOT}/"
+	[[ -z "${DATA_DIR}" ]] \
+		&& DATA_DIR="${EROOT}/var/lib/postgresql/${SLOT}/data"
+
+	# environment.bz2 may not contain the same locale as the current system
+	# locale. Unset and source from the current system locale.
+	if [ -f "${EROOT}/etc/env.d/02locale" ]; then
+		unset LANG
+		unset LC_CTYPE
+		unset LC_NUMERIC
+		unset LC_TIME
+		unset LC_COLLATE
+		unset LC_MONETARY
+		unset LC_MESSAGES
+		unset LC_ALL
+		source "${EROOT}/etc/env.d/02locale"
+		[ -n "${LANG}" ] && export LANG
+		[ -n "${LC_CTYPE}" ] && export LC_CTYPE
+		[ -n "${LC_NUMERIC}" ] && export LC_NUMERIC
+		[ -n "${LC_TIME}" ] && export LC_TIME
+		[ -n "${LC_COLLATE}" ] && export LC_COLLATE
+		[ -n "${LC_MONETARY}" ] && export LC_MONETARY
+		[ -n "${LC_MESSAGES}" ] && export LC_MESSAGES
+		[ -n "${LC_ALL}" ] && export LC_ALL
+	fi
+
+	einfo "You can modify the paths and options passed to initdb by editing:"
+	einfo "    ${EROOT}/etc/conf.d/postgresql-${SLOT}"
+	einfo
+	einfo "Information on options that can be passed to initdb are found at:"
+	einfo "    https://www.postgresql.org/docs/${SLOT}/static/creating-cluster.html"
+	einfo "    https://www.postgresql.org/docs/${SLOT}/static/app-initdb.html"
+	einfo
+	einfo "PG_INITDB_OPTS is currently set to:"
+	if [[ -z "${PG_INITDB_OPTS}" ]] ; then
+		einfo "    (none)"
+	else
+		einfo "    ${PG_INITDB_OPTS}"
+	fi
+	einfo
+	einfo "Configuration files will be installed to:"
+	einfo "    ${PGDATA}"
+	einfo
+	einfo "The database cluster will be created in:"
+	einfo "    ${DATA_DIR}"
+	einfo
+
+	ebegin "Continuing initialization in 5 seconds (Control-C to cancel)"
+	sleep 5
+	eend 0
+
+	if [ -n "$(ls -A ${DATA_DIR} 2> /dev/null)" ] ; then
+		eerror "The given directory, '${DATA_DIR}', is not empty."
+		eerror "Modify DATA_DIR to point to an empty directory."
+		die "${DATA_DIR} is not empty."
+	fi
+
+	einfo "Creating the data directory ..."
+	if [[ ${EUID} == 0 ]] ; then
+		mkdir -p "$(dirname ${DATA_DIR%/})" || die "Couldn't parent dirs"
+		mkdir -m 0700 "${DATA_DIR%/}" || die "Couldn't make DATA_DIR"
+		chown -h postgres:postgres "${DATA_DIR%/}" || die "Couldn't chown"
+	fi
+
+	einfo "Initializing the database ..."
+
+	if [[ ${EUID} == 0 ]] ; then
+		su - postgres -c "${EROOT}/usr/$(get_libdir)/postgresql-${SLOT}/bin/initdb -D \"${DATA_DIR}\" ${PG_INITDB_OPTS}"
+	else
+		"${EROOT}"/usr/$(get_libdir)/postgresql-${SLOT}/bin/initdb -U postgres -D "${DATA_DIR}" ${PG_INITDB_OPTS}
+	fi
+
+	if [[ "${DATA_DIR%/}" != "${PGDATA%/}" ]] ; then
+		mv "${DATA_DIR%/}"/{pg_{hba,ident},postgresql}.conf "${PGDATA}"
+		ln -s "${PGDATA%/}"/{pg_{hba,ident},postgresql}.conf "${DATA_DIR%/}"
+	fi
+
+	# unix_socket_directory has no effect in postgresql.conf as it's
+	# overridden in the initscript
+	sed '/^#unix_socket_directories/,+1d' -i "${PGDATA%/}"/postgresql.conf
+
+	cat <<- EOF >> "${PGDATA%/}"/postgresql.conf
+		# This is here because of https://bugs.gentoo.org/show_bug.cgi?id=518522
+		# On the off-chance that you might need to work with UTF-8 encoded
+		# characters in PL/Perl
+		plperl.on_init = 'use utf8; use re; package utf8; require "utf8_heavy.pl";'
+	EOF
+
+	einfo "The autovacuum function, which was in contrib, has been moved to the main"
+	einfo "PostgreSQL functions starting with 8.1, and starting with 8.4 is now enabled"
+	einfo "by default. You can disable it in the cluster's:"
+	einfo "    ${PGDATA%/}/postgresql.conf"
+	einfo
+	if ! use systemd; then
+		einfo "The PostgreSQL server, by default, will log events to:"
+		einfo "    ${DATA_DIR%/}/postmaster.log"
+		einfo
+	fi
+	if use prefix ; then
+		einfo "The location of the configuration files have moved to:"
+		einfo "    ${PGDATA}"
+		einfo "To start the server:"
+		einfo "    pg_ctl start -D ${DATA_DIR} -o '-D ${PGDATA} --data-directory=${DATA_DIR}'"
+		einfo "To stop:"
+		einfo "    pg_ctl stop -D ${DATA_DIR}"
+		einfo
+		einfo "Or move the configuration files back:"
+		einfo "mv ${PGDATA}*.conf ${DATA_DIR}"
+	elif use systemd; then
+		einfo "You should use the 'postgresql-${SLOT}.service' unit to run PostgreSQL"
+		einfo "instead of 'pg_ctl'."
+	else
+		einfo "You should use the '${EROOT}/etc/init.d/postgresql-${SLOT}' script to run PostgreSQL"
+		einfo "instead of 'pg_ctl'."
+	fi
+}
+
+src_test() {
+	if use server && [[ ${UID} -ne 0 ]] ; then
+		# Some ICU tests fail if LC_CTYPE and LC_COLLATE aren't the same. We set
+		# LC_CTYPE to be equal to LC_COLLATE since LC_COLLATE is set by Portage.
+		local old_ctype=${LC_CTYPE}
+		export LC_CTYPE=${LC_COLLATE}
+		emake check
+		export LC_CTYPE=${old_ctype}
+		einfo "If you think other tests besides the regression tests are necessary, please"
+		einfo "submit a bug including a patch for this ebuild to enable them."
+	else
+		use server || \
+			ewarn 'Tests cannot be run without the "server" use flag enabled.'
+		[[ ${UID} -eq 0 ]] || \
+			ewarn 'Tests cannot be run as root. Enable "userpriv" in FEATURES.'
+
+		ewarn 'Skipping.'
+	fi
+}

diff --git a/dev-db/postgresql/postgresql-14.10-r1.ebuild b/dev-db/postgresql/postgresql-14.10-r1.ebuild
new file mode 100644
index 000000000000..6ac2f9b4d22c
--- /dev/null
+++ b/dev-db/postgresql/postgresql-14.10-r1.ebuild
@@ -0,0 +1,465 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10,11,12} )
+LLVM_MAX_SLOT=17
+
+inherit flag-o-matic linux-info llvm pam python-single-r1 systemd tmpfiles
+
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris"
+
+SLOT=$(ver_cut 1)
+
+MY_PV=${PV/_/}
+S="${WORKDIR}/${PN}-${MY_PV}"
+
+SRC_URI="https://ftp.postgresql.org/pub/source/v${MY_PV}/postgresql-${MY_PV}.tar.bz2"
+
+LICENSE="POSTGRESQL GPL-2"
+DESCRIPTION="PostgreSQL RDBMS"
+HOMEPAGE="https://www.postgresql.org/"
+
+IUSE="debug doc icu kerberos ldap llvm lz4 nls pam perl python +readline
+	  selinux +server systemd ssl static-libs tcl uuid xml zlib"
+
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+CDEPEND="
+>=app-eselect/eselect-postgresql-2.0
+acct-group/postgres
+acct-user/postgres
+sys-apps/less
+virtual/libintl
+icu? ( dev-libs/icu:= )
+kerberos? ( virtual/krb5 )
+ldap? ( net-nds/openldap:= )
+llvm? (
+	 <sys-devel/llvm-18:=
+	 <sys-devel/clang-18:=
+)
+lz4? ( app-arch/lz4 )
+pam? ( sys-libs/pam )
+perl? ( >=dev-lang/perl-5.8:= )
+python? ( ${PYTHON_DEPS} )
+readline? ( sys-libs/readline:0= )
+server? ( systemd? ( sys-apps/systemd ) )
+ssl? ( >=dev-libs/openssl-0.9.6-r1:0= )
+tcl? ( >=dev-lang/tcl-8:0= )
+xml? ( dev-libs/libxml2 dev-libs/libxslt )
+zlib? ( sys-libs/zlib )
+"
+
+# uuid flags -- depend on sys-apps/util-linux for Linux libcs, or if no
+# supported libc in use depend on dev-libs/ossp-uuid. For BSD systems,
+# the libc includes UUID functions.
+UTIL_LINUX_LIBC=( elibc_{glibc,musl} )
+
+nest_usedep() {
+	local front back
+	while [[ ${#} -gt 1 ]]; do
+		front+="${1}? ( "
+		back+=" )"
+		shift
+	done
+	echo "${front}${1}${back}"
+}
+
+CDEPEND+="
+uuid? (
+	${UTIL_LINUX_LIBC[@]/%/? ( sys-apps/util-linux )}
+	$(nest_usedep ${UTIL_LINUX_LIBC[@]/#/!} dev-libs/ossp-uuid)
+)"
+
+DEPEND="${CDEPEND}
+sys-devel/bison
+app-alternatives/lex
+nls? ( sys-devel/gettext )
+xml? ( virtual/pkgconfig )
+"
+
+RDEPEND="${CDEPEND}
+selinux? ( sec-policy/selinux-postgresql )
+"
+
+pkg_setup() {
+	use llvm && llvm_pkg_setup
+
+	use server && CONFIG_CHECK="~SYSVIPC" linux-info_pkg_setup
+
+	use python && python-single-r1_pkg_setup
+}
+
+src_prepare() {
+	# Set proper run directory
+	sed "s|\(PGSOCKET_DIR\s\+\)\"/tmp\"|\1\"${EPREFIX}/run/postgresql\"|" \
+		-i src/include/pg_config_manual.h || die
+
+	# Rely on $PATH being in the proper order so that the correct
+	# install program is used for modules utilizing PGXS in both
+	# hardened and non-hardened environments. (Bug #528786)
+	sed 's/@install_bin@/install -c/' -i src/Makefile.global.in || die
+
+	use server || eapply "${FILESDIR}/${PN}-14.5-no-server.patch"
+
+	if use pam ; then
+		sed "s/\(#define PGSQL_PAM_SERVICE \"postgresql\)/\1-${SLOT}/" \
+			-i src/backend/libpq/auth.c || \
+			die 'PGSQL_PAM_SERVICE rename failed.'
+	fi
+
+	eapply "${FILESDIR}"/postgresql-14-openssl3.2.patch
+
+	eapply_user
+}
+
+src_configure() {
+	case ${CHOST} in
+		*-darwin*|*-solaris*)
+			use nls && append-libs intl
+			;;
+	esac
+
+	export LDFLAGS_SL="${LDFLAGS}"
+	export LDFLAGS_EX="${LDFLAGS}"
+
+	local PO="${EPREFIX}"
+
+	local i uuid_config=""
+	if use uuid; then
+		for i in ${UTIL_LINUX_LIBC[@]}; do
+			use ${i} && uuid_config="--with-uuid=e2fs"
+		done
+		[[ -z $uuid_config ]] && uuid_config="--with-uuid=ossp"
+	fi
+
+	local myconf="\
+		--prefix="${PO}/usr/$(get_libdir)/postgresql-${SLOT}" \
+		--datadir="${PO}/usr/share/postgresql-${SLOT}" \
+		--includedir="${PO}/usr/include/postgresql-${SLOT}" \
+		--mandir="${PO}/usr/share/postgresql-${SLOT}/man" \
+		--sysconfdir="${PO}/etc/postgresql-${SLOT}" \
+		--with-system-tzdata="${PO}/usr/share/zoneinfo" \
+		$(use_enable debug) \
+		$(use_with icu) \
+		$(use_with kerberos gssapi) \
+		$(use_with ldap) \
+		$(use_with llvm) \
+		$(use_with lz4) \
+		$(use_with pam) \
+		$(use_with perl) \
+		$(use_with python) \
+		$(use_with readline) \
+		$(use_with ssl openssl) \
+		$(usex server "$(use_with systemd)" '--without-systemd') \
+		$(use_with tcl) \
+		${uuid_config} \
+		$(use_with xml libxml) \
+		$(use_with xml libxslt) \
+		$(use_with zlib) \
+		$(use_enable nls)"
+	if use alpha; then
+		myconf+=" --disable-spinlocks"
+	else
+		# Should be the default but just in case
+		myconf+=" --enable-spinlocks"
+	fi
+	econf ${myconf}
+}
+
+src_compile() {
+	emake
+	emake -C contrib
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+	emake DESTDIR="${D}" install -C contrib
+
+	dodoc README HISTORY
+
+	# man pages are already built, but if we have the target make them,
+	# they'll be generated from source before being installed so we
+	# manually install man pages.
+	# We use ${SLOT} instead of doman for postgresql.eselect
+	insinto /usr/share/postgresql-${SLOT}/man/
+	doins -r doc/src/sgml/man{1,3,7}
+	if ! use server; then
+		# Remove man pages for non-existent binaries
+		serverman=(
+			initdb
+			pg_{archivecleanup,controldata,ctl,resetwal,rewind,standby}
+			pg_{test_{fsync,timing},upgrade,waldump}
+			post{gres,master}
+		)
+		for m in ${serverman[@]} ; do
+			rm "${ED}/usr/share/postgresql-${SLOT}/man/man1/${m}.1"
+		done
+	fi
+	docompress /usr/share/postgresql-${SLOT}/man/man{1,3,7}
+
+	# Create slot specific man pages
+	local bn f mansec slotted_name
+	for mansec in 1 3 7 ; do
+		local rel_manpath="../../postgresql-${SLOT}/man/man${mansec}"
+
+		mkdir -p "${ED}"/usr/share/man/man${mansec} || die "making man dir"
+		pushd "${ED}"/usr/share/man/man${mansec} > /dev/null || die "pushd failed"
+
+		for f in "${ED}/usr/share/postgresql-${SLOT}/man/man${mansec}"/* ; do
+			bn=$(basename "${f}")
+			slotted_name=${bn%.${mansec}}${SLOT}.${mansec}
+			case ${bn} in
+				TABLE.7|WITH.7)
+					echo ".so ${rel_manpath}/SELECT.7" > ${slotted_name}
+					;;
+				*)
+					echo ".so ${rel_manpath}/${bn}" > ${slotted_name}
+					;;
+			esac
+		done
+
+		popd > /dev/null
+	done
+
+	insinto /etc/postgresql-${SLOT}
+	newins src/bin/psql/psqlrc.sample psqlrc
+
+	# Don't delete libpg{port,common}.a (Bug #571046). They're always
+	# needed by extensions utilizing PGXS.
+	use static-libs || \
+		find "${ED}" -name '*.a' ! -name libpgport.a ! -name libpgcommon.a \
+			 -delete
+
+	# Make slot specific links to programs
+	local f bn
+	for f in $(find "${ED}/usr/$(get_libdir)/postgresql-${SLOT}/bin" \
+					-mindepth 1 -maxdepth 1)
+	do
+		bn=$(basename "${f}")
+		dosym "../$(get_libdir)/postgresql-${SLOT}/bin/${bn}" \
+			  "/usr/bin/${bn}${SLOT/.}"
+	done
+
+	if use doc ; then
+		docinto html
+		dodoc doc/src/sgml/html/*
+	fi
+
+	if use server; then
+		sed -e "s|@SLOT@|${SLOT}|g" -e "s|@LIBDIR@|$(get_libdir)|g" \
+			"${FILESDIR}/${PN}.confd-9.3" | newconfd - ${PN}-${SLOT}
+
+		sed -e "s|@SLOT@|${SLOT}|g" -e "s|@LIBDIR@|$(get_libdir)|g" \
+			"${FILESDIR}/${PN}.init-9.3-r1" | newinitd - ${PN}-${SLOT}
+
+		if use systemd; then
+			sed -e "s|@SLOT@|${SLOT}|g" -e "s|@LIBDIR@|$(get_libdir)|g" \
+				"${FILESDIR}/${PN}.service-9.6-r1" | \
+				systemd_newunit - ${PN}-${SLOT}.service
+			newbin "${FILESDIR}"/${PN}-check-db-dir ${PN}-${SLOT}-check-db-dir
+			newtmpfiles "${FILESDIR}"/${PN}.tmpfiles ${PN}-${SLOT}.conf
+		fi
+
+		use pam && pamd_mimic system-auth ${PN}-${SLOT} auth account session
+
+		if use prefix ; then
+			keepdir /run/postgresql
+			fperms 1775 /run/postgresql
+		fi
+	fi
+}
+
+pkg_postinst() {
+	use server && use systemd && tmpfiles_process ${PN}-${SLOT}.conf
+	postgresql-config update
+
+	elog "If you need a global psqlrc-file, you can place it in:"
+	elog "    ${EROOT}/etc/postgresql-${SLOT}/"
+
+	if use server ; then
+		elog
+		elog "Gentoo specific documentation:"
+		elog "https://wiki.gentoo.org/wiki/PostgreSQL"
+		elog
+		elog "Official documentation:"
+		elog "https://www.postgresql.org/docs/${SLOT}/static/index.html"
+		elog
+		elog "The default location of the Unix-domain socket is:"
+		elog "    ${EROOT}/run/postgresql/"
+		elog
+		elog "Before initializing the database, you may want to edit PG_INITDB_OPTS"
+		elog "so that it contains your preferred locale in:"
+		elog "    ${EROOT}/etc/conf.d/postgresql-${SLOT}"
+		elog
+		elog "Then, execute the following command to setup the initial database"
+		elog "environment:"
+		elog "    emerge --config =${CATEGORY}/${PF}"
+
+		if [[ -n ${REPLACING_VERSIONS} ]] ; then
+			ewarn "If your system is using 'pg_stat_statements' and you are running a"
+			ewarn "version of PostgreSQL ${SLOT}, we advise that you execute"
+			ewarn "the following command after upgrading:"
+			ewarn
+			ewarn "ALTER EXTENSION pg_stat_statements UPDATE;"
+		fi
+	fi
+}
+
+pkg_prerm() {
+	if use server && [[ -z ${REPLACED_BY_VERSION} ]] ; then
+		ewarn "Have you dumped and/or migrated the ${SLOT} database cluster?"
+		ewarn "\thttps://wiki.gentoo.org/wiki/PostgreSQL/QuickStart#Migrating_PostgreSQL"
+
+		ebegin "Resuming removal in 10 seconds (Control-C to cancel)"
+		sleep 10
+		eend 0
+	fi
+}
+
+pkg_postrm() {
+	postgresql-config update
+}
+
+pkg_config() {
+	use server || die "USE flag 'server' not enabled. Nothing to configure."
+
+	[[ -f "${EROOT}/etc/conf.d/postgresql-${SLOT}" ]] \
+		&& source "${EROOT}/etc/conf.d/postgresql-${SLOT}"
+	[[ -z "${PGDATA}" ]] && PGDATA="${EROOT}/etc/postgresql-${SLOT}/"
+	[[ -z "${DATA_DIR}" ]] \
+		&& DATA_DIR="${EROOT}/var/lib/postgresql/${SLOT}/data"
+
+	# environment.bz2 may not contain the same locale as the current system
+	# locale. Unset and source from the current system locale.
+	if [ -f "${EROOT}/etc/env.d/02locale" ]; then
+		unset LANG
+		unset LC_CTYPE
+		unset LC_NUMERIC
+		unset LC_TIME
+		unset LC_COLLATE
+		unset LC_MONETARY
+		unset LC_MESSAGES
+		unset LC_ALL
+		source "${EROOT}/etc/env.d/02locale"
+		[ -n "${LANG}" ] && export LANG
+		[ -n "${LC_CTYPE}" ] && export LC_CTYPE
+		[ -n "${LC_NUMERIC}" ] && export LC_NUMERIC
+		[ -n "${LC_TIME}" ] && export LC_TIME
+		[ -n "${LC_COLLATE}" ] && export LC_COLLATE
+		[ -n "${LC_MONETARY}" ] && export LC_MONETARY
+		[ -n "${LC_MESSAGES}" ] && export LC_MESSAGES
+		[ -n "${LC_ALL}" ] && export LC_ALL
+	fi
+
+	einfo "You can modify the paths and options passed to initdb by editing:"
+	einfo "    ${EROOT}/etc/conf.d/postgresql-${SLOT}"
+	einfo
+	einfo "Information on options that can be passed to initdb are found at:"
+	einfo "    https://www.postgresql.org/docs/${SLOT}/static/creating-cluster.html"
+	einfo "    https://www.postgresql.org/docs/${SLOT}/static/app-initdb.html"
+	einfo
+	einfo "PG_INITDB_OPTS is currently set to:"
+	if [[ -z "${PG_INITDB_OPTS}" ]] ; then
+		einfo "    (none)"
+	else
+		einfo "    ${PG_INITDB_OPTS}"
+	fi
+	einfo
+	einfo "Configuration files will be installed to:"
+	einfo "    ${PGDATA}"
+	einfo
+	einfo "The database cluster will be created in:"
+	einfo "    ${DATA_DIR}"
+	einfo
+
+	ebegin "Continuing initialization in 5 seconds (Control-C to cancel)"
+	sleep 5
+	eend 0
+
+	if [ -n "$(ls -A ${DATA_DIR} 2> /dev/null)" ] ; then
+		eerror "The given directory, '${DATA_DIR}', is not empty."
+		eerror "Modify DATA_DIR to point to an empty directory."
+		die "${DATA_DIR} is not empty."
+	fi
+
+	einfo "Creating the data directory ..."
+	if [[ ${EUID} == 0 ]] ; then
+		mkdir -p "$(dirname ${DATA_DIR%/})" || die "Couldn't parent dirs"
+		mkdir -m 0700 "${DATA_DIR%/}" || die "Couldn't make DATA_DIR"
+		chown -h postgres:postgres "${DATA_DIR%/}" || die "Couldn't chown"
+	fi
+
+	einfo "Initializing the database ..."
+
+	if [[ ${EUID} == 0 ]] ; then
+		su - postgres -c "${EROOT}/usr/$(get_libdir)/postgresql-${SLOT}/bin/initdb -D \"${DATA_DIR}\" ${PG_INITDB_OPTS}"
+	else
+		"${EROOT}"/usr/$(get_libdir)/postgresql-${SLOT}/bin/initdb -U postgres -D "${DATA_DIR}" ${PG_INITDB_OPTS}
+	fi
+
+	if [[ "${DATA_DIR%/}" != "${PGDATA%/}" ]] ; then
+		mv "${DATA_DIR%/}"/{pg_{hba,ident},postgresql}.conf "${PGDATA}"
+		ln -s "${PGDATA%/}"/{pg_{hba,ident},postgresql}.conf "${DATA_DIR%/}"
+	fi
+
+	# unix_socket_directory has no effect in postgresql.conf as it's
+	# overridden in the initscript
+	sed '/^#unix_socket_directories/,+1d' -i "${PGDATA%/}"/postgresql.conf
+
+	cat <<- EOF >> "${PGDATA%/}"/postgresql.conf
+		# This is here because of https://bugs.gentoo.org/show_bug.cgi?id=518522
+		# On the off-chance that you might need to work with UTF-8 encoded
+		# characters in PL/Perl
+		plperl.on_init = 'use utf8; use re; package utf8; require "utf8_heavy.pl";'
+	EOF
+
+	einfo "The autovacuum function, which was in contrib, has been moved to the main"
+	einfo "PostgreSQL functions starting with 8.1, and starting with 8.4 is now enabled"
+	einfo "by default. You can disable it in the cluster's:"
+	einfo "    ${PGDATA%/}/postgresql.conf"
+	einfo
+	if ! use systemd; then
+		einfo "The PostgreSQL server, by default, will log events to:"
+		einfo "    ${DATA_DIR%/}/postmaster.log"
+		einfo
+	fi
+	if use prefix ; then
+		einfo "The location of the configuration files have moved to:"
+		einfo "    ${PGDATA}"
+		einfo "To start the server:"
+		einfo "    pg_ctl start -D ${DATA_DIR} -o '-D ${PGDATA} --data-directory=${DATA_DIR}'"
+		einfo "To stop:"
+		einfo "    pg_ctl stop -D ${DATA_DIR}"
+		einfo
+		einfo "Or move the configuration files back:"
+		einfo "mv ${PGDATA}*.conf ${DATA_DIR}"
+	elif use systemd; then
+		einfo "You should use the 'postgresql-${SLOT}.service' unit to run PostgreSQL"
+		einfo "instead of 'pg_ctl'."
+	else
+		einfo "You should use the '${EROOT}/etc/init.d/postgresql-${SLOT}' script to run PostgreSQL"
+		einfo "instead of 'pg_ctl'."
+	fi
+}
+
+src_test() {
+	if use server && [[ ${UID} -ne 0 ]] ; then
+		# Some ICU tests fail if LC_CTYPE and LC_COLLATE aren't the same. We set
+		# LC_CTYPE to be equal to LC_COLLATE since LC_COLLATE is set by Portage.
+		local old_ctype=${LC_CTYPE}
+		export LC_CTYPE=${LC_COLLATE}
+		emake check
+		export LC_CTYPE=${old_ctype}
+		einfo "If you think other tests besides the regression tests are necessary, please"
+		einfo "submit a bug including a patch for this ebuild to enable them."
+	else
+		use server || \
+			ewarn 'Tests cannot be run without the "server" use flag enabled.'
+		[[ ${UID} -eq 0 ]] || \
+			ewarn 'Tests cannot be run as root. Enable "userpriv" in FEATURES.'
+
+		ewarn 'Skipping.'
+	fi
+}

diff --git a/dev-db/postgresql/postgresql-15.5-r1.ebuild b/dev-db/postgresql/postgresql-15.5-r1.ebuild
new file mode 100644
index 000000000000..6d928ddac1b1
--- /dev/null
+++ b/dev-db/postgresql/postgresql-15.5-r1.ebuild
@@ -0,0 +1,467 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10,11,12} )
+LLVM_MAX_SLOT=17
+
+inherit flag-o-matic linux-info llvm pam python-single-r1 systemd tmpfiles
+
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris"
+
+SLOT=$(ver_cut 1)
+
+MY_PV=${PV/_/}
+S="${WORKDIR}/${PN}-${MY_PV}"
+
+SRC_URI="https://ftp.postgresql.org/pub/source/v${MY_PV}/postgresql-${MY_PV}.tar.bz2"
+
+LICENSE="POSTGRESQL GPL-2"
+DESCRIPTION="PostgreSQL RDBMS"
+HOMEPAGE="https://www.postgresql.org/"
+
+IUSE="debug doc icu kerberos ldap llvm lz4 nls pam perl python +readline
+	  selinux +server systemd ssl static-libs tcl uuid xml zlib zstd"
+
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+CDEPEND="
+>=app-eselect/eselect-postgresql-2.0
+acct-group/postgres
+acct-user/postgres
+sys-apps/less
+virtual/libintl
+icu? ( dev-libs/icu:= )
+kerberos? ( virtual/krb5 )
+ldap? ( net-nds/openldap:= )
+llvm? (
+	<sys-devel/llvm-18:=
+	<sys-devel/clang-18:=
+)
+lz4? ( app-arch/lz4 )
+pam? ( sys-libs/pam )
+perl? ( >=dev-lang/perl-5.8:= )
+python? ( ${PYTHON_DEPS} )
+readline? ( sys-libs/readline:0= )
+server? ( systemd? ( sys-apps/systemd ) )
+ssl? ( >=dev-libs/openssl-0.9.6-r1:0= )
+tcl? ( >=dev-lang/tcl-8:0= )
+xml? ( dev-libs/libxml2 dev-libs/libxslt )
+zlib? ( sys-libs/zlib )
+zstd? ( app-arch/zstd )
+"
+
+# uuid flags -- depend on sys-apps/util-linux for Linux libcs, or if no
+# supported libc in use depend on dev-libs/ossp-uuid. For BSD systems,
+# the libc includes UUID functions.
+UTIL_LINUX_LIBC=( elibc_{glibc,musl} )
+
+nest_usedep() {
+	local front back
+	while [[ ${#} -gt 1 ]]; do
+		front+="${1}? ( "
+		back+=" )"
+		shift
+	done
+	echo "${front}${1}${back}"
+}
+
+CDEPEND+="
+uuid? (
+	${UTIL_LINUX_LIBC[@]/%/? ( sys-apps/util-linux )}
+	$(nest_usedep ${UTIL_LINUX_LIBC[@]/#/!} dev-libs/ossp-uuid)
+)"
+
+DEPEND="${CDEPEND}
+sys-devel/bison
+app-alternatives/lex
+nls? ( sys-devel/gettext )
+xml? ( virtual/pkgconfig )
+"
+
+RDEPEND="${CDEPEND}
+selinux? ( sec-policy/selinux-postgresql )
+"
+
+pkg_setup() {
+	use llvm && llvm_pkg_setup
+
+	use server && CONFIG_CHECK="~SYSVIPC" linux-info_pkg_setup
+
+	use python && python-single-r1_pkg_setup
+}
+
+src_prepare() {
+	# Set proper run directory
+	sed "s|\(PGSOCKET_DIR\s\+\)\"/tmp\"|\1\"${EPREFIX}/run/postgresql\"|" \
+		-i src/include/pg_config_manual.h || die
+
+	# Rely on $PATH being in the proper order so that the correct
+	# install program is used for modules utilizing PGXS in both
+	# hardened and non-hardened environments. (Bug #528786)
+	sed 's/@install_bin@/install -c/' -i src/Makefile.global.in || die
+
+	use server || eapply "${FILESDIR}/${PN}-15_beta3-no-server.patch"
+
+	if use pam ; then
+		sed "s/\(#define PGSQL_PAM_SERVICE \"postgresql\)/\1-${SLOT}/" \
+			-i src/backend/libpq/auth.c || \
+			die 'PGSQL_PAM_SERVICE rename failed.'
+	fi
+
+	eapply "${FILESDIR}"/postgresql-15-openssl3.2.patch
+
+	eapply_user
+}
+
+src_configure() {
+	case ${CHOST} in
+		*-darwin*|*-solaris*)
+			use nls && append-libs intl
+			;;
+	esac
+
+	export LDFLAGS_SL="${LDFLAGS}"
+	export LDFLAGS_EX="${LDFLAGS}"
+
+	local PO="${EPREFIX}"
+
+	local i uuid_config=""
+	if use uuid; then
+		for i in ${UTIL_LINUX_LIBC[@]}; do
+			use ${i} && uuid_config="--with-uuid=e2fs"
+		done
+		[[ -z $uuid_config ]] && uuid_config="--with-uuid=ossp"
+	fi
+
+	local myconf="\
+		--prefix="${PO}/usr/$(get_libdir)/postgresql-${SLOT}" \
+		--datadir="${PO}/usr/share/postgresql-${SLOT}" \
+		--includedir="${PO}/usr/include/postgresql-${SLOT}" \
+		--mandir="${PO}/usr/share/postgresql-${SLOT}/man" \
+		--sysconfdir="${PO}/etc/postgresql-${SLOT}" \
+		--with-system-tzdata="${PO}/usr/share/zoneinfo" \
+		$(use_enable debug) \
+		$(use_with icu) \
+		$(use_with kerberos gssapi) \
+		$(use_with ldap) \
+		$(use_with llvm) \
+		$(use_with lz4) \
+		$(use_with pam) \
+		$(use_with perl) \
+		$(use_with python) \
+		$(use_with readline) \
+		$(use_with ssl openssl) \
+		$(usex server "$(use_with systemd)" '--without-systemd') \
+		$(use_with tcl) \
+		${uuid_config} \
+		$(use_with xml libxml) \
+		$(use_with xml libxslt) \
+		$(use_with zlib) \
+		$(use_with zstd) \
+		$(use_enable nls)"
+	if use alpha; then
+		myconf+=" --disable-spinlocks"
+	else
+		# Should be the default but just in case
+		myconf+=" --enable-spinlocks"
+	fi
+	econf ${myconf}
+}
+
+src_compile() {
+	emake
+	emake -C contrib
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+	emake DESTDIR="${D}" install -C contrib
+
+	dodoc README HISTORY
+
+	# man pages are already built, but if we have the target make them,
+	# they'll be generated from source before being installed so we
+	# manually install man pages.
+	# We use ${SLOT} instead of doman for postgresql.eselect
+	insinto /usr/share/postgresql-${SLOT}/man/
+	doins -r doc/src/sgml/man{1,3,7}
+	if ! use server; then
+		# Remove man pages for non-existent binaries
+		serverman=(
+			initdb
+			pg_{archivecleanup,controldata,ctl,resetwal,rewind,standby}
+			pg_{test_{fsync,timing},upgrade,waldump}
+			post{gres,master}
+		)
+		for m in ${serverman[@]} ; do
+			rm "${ED}/usr/share/postgresql-${SLOT}/man/man1/${m}.1"
+		done
+	fi
+	docompress /usr/share/postgresql-${SLOT}/man/man{1,3,7}
+
+	# Create slot specific man pages
+	local bn f mansec slotted_name
+	for mansec in 1 3 7 ; do
+		local rel_manpath="../../postgresql-${SLOT}/man/man${mansec}"
+
+		mkdir -p "${ED}"/usr/share/man/man${mansec} || die "making man dir"
+		pushd "${ED}"/usr/share/man/man${mansec} > /dev/null || die "pushd failed"
+
+		for f in "${ED}/usr/share/postgresql-${SLOT}/man/man${mansec}"/* ; do
+			bn=$(basename "${f}")
+			slotted_name=${bn%.${mansec}}${SLOT}.${mansec}
+			case ${bn} in
+				TABLE.7|WITH.7)
+					echo ".so ${rel_manpath}/SELECT.7" > ${slotted_name}
+					;;
+				*)
+					echo ".so ${rel_manpath}/${bn}" > ${slotted_name}
+					;;
+			esac
+		done
+
+		popd > /dev/null
+	done
+
+	insinto /etc/postgresql-${SLOT}
+	newins src/bin/psql/psqlrc.sample psqlrc
+
+	# Don't delete libpg{port,common}.a (Bug #571046). They're always
+	# needed by extensions utilizing PGXS.
+	use static-libs || \
+		find "${ED}" -name '*.a' ! -name libpgport.a ! -name libpgcommon.a \
+			 -delete
+
+	# Make slot specific links to programs
+	local f bn
+	for f in $(find "${ED}/usr/$(get_libdir)/postgresql-${SLOT}/bin" \
+					-mindepth 1 -maxdepth 1)
+	do
+		bn=$(basename "${f}")
+		dosym "../$(get_libdir)/postgresql-${SLOT}/bin/${bn}" \
+			  "/usr/bin/${bn}${SLOT/.}"
+	done
+
+	if use doc ; then
+		docinto html
+		dodoc doc/src/sgml/html/*
+	fi
+
+	if use server; then
+		sed -e "s|@SLOT@|${SLOT}|g" -e "s|@LIBDIR@|$(get_libdir)|g" \
+			"${FILESDIR}/${PN}.confd-9.3" | newconfd - ${PN}-${SLOT}
+
+		sed -e "s|@SLOT@|${SLOT}|g" -e "s|@LIBDIR@|$(get_libdir)|g" \
+			"${FILESDIR}/${PN}.init-9.3-r1" | newinitd - ${PN}-${SLOT}
+
+		if use systemd; then
+			sed -e "s|@SLOT@|${SLOT}|g" -e "s|@LIBDIR@|$(get_libdir)|g" \
+				"${FILESDIR}/${PN}.service-9.6-r1" | \
+				systemd_newunit - ${PN}-${SLOT}.service
+			newbin "${FILESDIR}"/${PN}-check-db-dir ${PN}-${SLOT}-check-db-dir
+			newtmpfiles "${FILESDIR}"/${PN}.tmpfiles ${PN}-${SLOT}.conf
+		fi
+
+		use pam && pamd_mimic system-auth ${PN}-${SLOT} auth account session
+
+		if use prefix ; then
+			keepdir /run/postgresql
+			fperms 1775 /run/postgresql
+		fi
+	fi
+}
+
+pkg_postinst() {
+	use server && use systemd && tmpfiles_process ${PN}-${SLOT}.conf
+	postgresql-config update
+
+	elog "If you need a global psqlrc-file, you can place it in:"
+	elog "    ${EROOT}/etc/postgresql-${SLOT}/"
+
+	if use server ; then
+		elog
+		elog "Gentoo specific documentation:"
+		elog "https://wiki.gentoo.org/wiki/PostgreSQL"
+		elog
+		elog "Official documentation:"
+		elog "https://www.postgresql.org/docs/${SLOT}/static/index.html"
+		elog
+		elog "The default location of the Unix-domain socket is:"
+		elog "    ${EROOT}/run/postgresql/"
+		elog
+		elog "Before initializing the database, you may want to edit PG_INITDB_OPTS"
+		elog "so that it contains your preferred locale in:"
+		elog "    ${EROOT}/etc/conf.d/postgresql-${SLOT}"
+		elog
+		elog "Then, execute the following command to setup the initial database"
+		elog "environment:"
+		elog "    emerge --config =${CATEGORY}/${PF}"
+
+		if [[ -n ${REPLACING_VERSIONS} ]] ; then
+			ewarn "If your system is using 'pg_stat_statements' and you are running a"
+			ewarn "version of PostgreSQL ${SLOT}, we advise that you execute"
+			ewarn "the following command after upgrading:"
+			ewarn
+			ewarn "ALTER EXTENSION pg_stat_statements UPDATE;"
+		fi
+	fi
+}
+
+pkg_prerm() {
+	if use server && [[ -z ${REPLACED_BY_VERSION} ]] ; then
+		ewarn "Have you dumped and/or migrated the ${SLOT} database cluster?"
+		ewarn "\thttps://wiki.gentoo.org/wiki/PostgreSQL/QuickStart#Migrating_PostgreSQL"
+
+		ebegin "Resuming removal in 10 seconds (Control-C to cancel)"
+		sleep 10
+		eend 0
+	fi
+}
+
+pkg_postrm() {
+	postgresql-config update
+}
+
+pkg_config() {
+	use server || die "USE flag 'server' not enabled. Nothing to configure."
+
+	[[ -f "${EROOT}/etc/conf.d/postgresql-${SLOT}" ]] \
+		&& source "${EROOT}/etc/conf.d/postgresql-${SLOT}"
+	[[ -z "${PGDATA}" ]] && PGDATA="${EROOT}/etc/postgresql-${SLOT}/"
+	[[ -z "${DATA_DIR}" ]] \
+		&& DATA_DIR="${EROOT}/var/lib/postgresql/${SLOT}/data"
+
+	# environment.bz2 may not contain the same locale as the current system
+	# locale. Unset and source from the current system locale.
+	if [ -f "${EROOT}/etc/env.d/02locale" ]; then
+		unset LANG
+		unset LC_CTYPE
+		unset LC_NUMERIC
+		unset LC_TIME
+		unset LC_COLLATE
+		unset LC_MONETARY
+		unset LC_MESSAGES
+		unset LC_ALL
+		source "${EROOT}/etc/env.d/02locale"
+		[ -n "${LANG}" ] && export LANG
+		[ -n "${LC_CTYPE}" ] && export LC_CTYPE
+		[ -n "${LC_NUMERIC}" ] && export LC_NUMERIC
+		[ -n "${LC_TIME}" ] && export LC_TIME
+		[ -n "${LC_COLLATE}" ] && export LC_COLLATE
+		[ -n "${LC_MONETARY}" ] && export LC_MONETARY
+		[ -n "${LC_MESSAGES}" ] && export LC_MESSAGES
+		[ -n "${LC_ALL}" ] && export LC_ALL
+	fi
+
+	einfo "You can modify the paths and options passed to initdb by editing:"
+	einfo "    ${EROOT}/etc/conf.d/postgresql-${SLOT}"
+	einfo
+	einfo "Information on options that can be passed to initdb are found at:"
+	einfo "    https://www.postgresql.org/docs/${SLOT}/static/creating-cluster.html"
+	einfo "    https://www.postgresql.org/docs/${SLOT}/static/app-initdb.html"
+	einfo
+	einfo "PG_INITDB_OPTS is currently set to:"
+	if [[ -z "${PG_INITDB_OPTS}" ]] ; then
+		einfo "    (none)"
+	else
+		einfo "    ${PG_INITDB_OPTS}"
+	fi
+	einfo
+	einfo "Configuration files will be installed to:"
+	einfo "    ${PGDATA}"
+	einfo
+	einfo "The database cluster will be created in:"
+	einfo "    ${DATA_DIR}"
+	einfo
+
+	ebegin "Continuing initialization in 5 seconds (Control-C to cancel)"
+	sleep 5
+	eend 0
+
+	if [ -n "$(ls -A ${DATA_DIR} 2> /dev/null)" ] ; then
+		eerror "The given directory, '${DATA_DIR}', is not empty."
+		eerror "Modify DATA_DIR to point to an empty directory."
+		die "${DATA_DIR} is not empty."
+	fi
+
+	einfo "Creating the data directory ..."
+	if [[ ${EUID} == 0 ]] ; then
+		mkdir -p "$(dirname ${DATA_DIR%/})" || die "Couldn't parent dirs"
+		mkdir -m 0700 "${DATA_DIR%/}" || die "Couldn't make DATA_DIR"
+		chown -h postgres:postgres "${DATA_DIR%/}" || die "Couldn't chown"
+	fi
+
+	einfo "Initializing the database ..."
+
+	if [[ ${EUID} == 0 ]] ; then
+		su - postgres -c "${EROOT}/usr/$(get_libdir)/postgresql-${SLOT}/bin/initdb -D \"${DATA_DIR}\" ${PG_INITDB_OPTS}"
+	else
+		"${EROOT}"/usr/$(get_libdir)/postgresql-${SLOT}/bin/initdb -U postgres -D "${DATA_DIR}" ${PG_INITDB_OPTS}
+	fi
+
+	if [[ "${DATA_DIR%/}" != "${PGDATA%/}" ]] ; then
+		mv "${DATA_DIR%/}"/{pg_{hba,ident},postgresql}.conf "${PGDATA}"
+		ln -s "${PGDATA%/}"/{pg_{hba,ident},postgresql}.conf "${DATA_DIR%/}"
+	fi
+
+	# unix_socket_directory has no effect in postgresql.conf as it's
+	# overridden in the initscript
+	sed '/^#unix_socket_directories/,+1d' -i "${PGDATA%/}"/postgresql.conf
+
+	cat <<- EOF >> "${PGDATA%/}"/postgresql.conf
+		# This is here because of https://bugs.gentoo.org/show_bug.cgi?id=518522
+		# On the off-chance that you might need to work with UTF-8 encoded
+		# characters in PL/Perl
+		plperl.on_init = 'use utf8; use re; package utf8; require "utf8_heavy.pl";'
+	EOF
+
+	einfo "The autovacuum function, which was in contrib, has been moved to the main"
+	einfo "PostgreSQL functions starting with 8.1, and starting with 8.4 is now enabled"
+	einfo "by default. You can disable it in the cluster's:"
+	einfo "    ${PGDATA%/}/postgresql.conf"
+	einfo
+	if ! use systemd; then
+		einfo "The PostgreSQL server, by default, will log events to:"
+		einfo "    ${DATA_DIR%/}/postmaster.log"
+		einfo
+	fi
+	if use prefix ; then
+		einfo "The location of the configuration files have moved to:"
+		einfo "    ${PGDATA}"
+		einfo "To start the server:"
+		einfo "    pg_ctl start -D ${DATA_DIR} -o '-D ${PGDATA} --data-directory=${DATA_DIR}'"
+		einfo "To stop:"
+		einfo "    pg_ctl stop -D ${DATA_DIR}"
+		einfo
+		einfo "Or move the configuration files back:"
+		einfo "mv ${PGDATA}*.conf ${DATA_DIR}"
+	elif use systemd; then
+		einfo "You should use the 'postgresql-${SLOT}.service' unit to run PostgreSQL"
+		einfo "instead of 'pg_ctl'."
+	else
+		einfo "You should use the '${EROOT}/etc/init.d/postgresql-${SLOT}' script to run PostgreSQL"
+		einfo "instead of 'pg_ctl'."
+	fi
+}
+
+src_test() {
+	if use server && [[ ${UID} -ne 0 ]] ; then
+		# Some ICU tests fail if LC_CTYPE and LC_COLLATE aren't the same. We set
+		# LC_CTYPE to be equal to LC_COLLATE since LC_COLLATE is set by Portage.
+		local old_ctype=${LC_CTYPE}
+		export LC_CTYPE=${LC_COLLATE}
+		emake check
+		export LC_CTYPE=${old_ctype}
+		einfo "If you think other tests besides the regression tests are necessary, please"
+		einfo "submit a bug including a patch for this ebuild to enable them."
+	else
+		use server || \
+			ewarn 'Tests cannot be run without the "server" use flag enabled.'
+		[[ ${UID} -eq 0 ]] || \
+			ewarn 'Tests cannot be run as root. Enable "userpriv" in FEATURES.'
+
+		ewarn 'Skipping.'
+	fi
+}

diff --git a/dev-db/postgresql/postgresql-16.1-r1.ebuild b/dev-db/postgresql/postgresql-16.1-r1.ebuild
new file mode 100644
index 000000000000..c563a2a73f9d
--- /dev/null
+++ b/dev-db/postgresql/postgresql-16.1-r1.ebuild
@@ -0,0 +1,468 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10,11,12} )
+LLVM_MAX_SLOT=17
+
+inherit flag-o-matic linux-info llvm pam python-single-r1 systemd tmpfiles
+
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris"
+
+SLOT=$(ver_cut 1)
+
+MY_PV=${PV/_/}
+S="${WORKDIR}/${PN}-${MY_PV}"
+
+SRC_URI="https://ftp.postgresql.org/pub/source/v${MY_PV}/postgresql-${MY_PV}.tar.bz2"
+
+LICENSE="POSTGRESQL GPL-2"
+DESCRIPTION="PostgreSQL RDBMS"
+HOMEPAGE="https://www.postgresql.org/"
+
+IUSE="debug doc +icu kerberos ldap llvm lz4 nls pam perl python
+	  +readline selinux +server systemd ssl static-libs tcl uuid xml
+	  zlib zstd"
+
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+CDEPEND="
+>=app-eselect/eselect-postgresql-2.0
+acct-group/postgres
+acct-user/postgres
+sys-apps/less
+virtual/libintl
+icu? ( dev-libs/icu:= )
+kerberos? ( app-crypt/mit-krb5 )
+ldap? ( net-nds/openldap:= )
+llvm? (
+	<sys-devel/llvm-18:=
+	<sys-devel/clang-18:=
+)
+lz4? ( app-arch/lz4 )
+pam? ( sys-libs/pam )
+perl? ( >=dev-lang/perl-5.8:= )
+python? ( ${PYTHON_DEPS} )
+readline? ( sys-libs/readline:0= )
+server? ( systemd? ( sys-apps/systemd ) )
+ssl? ( >=dev-libs/openssl-0.9.6-r1:0= )
+tcl? ( >=dev-lang/tcl-8:0= )
+xml? ( dev-libs/libxml2 dev-libs/libxslt )
+zlib? ( sys-libs/zlib )
+zstd? ( app-arch/zstd )
+"
+
+# uuid flags -- depend on sys-apps/util-linux for Linux libcs, or if no
+# supported libc in use depend on dev-libs/ossp-uuid. For BSD systems,
+# the libc includes UUID functions.
+UTIL_LINUX_LIBC=( elibc_{glibc,musl} )
+
+nest_usedep() {
+	local front back
+	while [[ ${#} -gt 1 ]]; do
+		front+="${1}? ( "
+		back+=" )"
+		shift
+	done
+	echo "${front}${1}${back}"
+}
+
+CDEPEND+="
+uuid? (
+	${UTIL_LINUX_LIBC[@]/%/? ( sys-apps/util-linux )}
+	$(nest_usedep ${UTIL_LINUX_LIBC[@]/#/!} dev-libs/ossp-uuid)
+)"
+
+DEPEND="${CDEPEND}
+sys-devel/bison
+app-alternatives/lex
+nls? ( sys-devel/gettext )
+xml? ( virtual/pkgconfig )
+"
+
+RDEPEND="${CDEPEND}
+selinux? ( sec-policy/selinux-postgresql )
+"
+
+pkg_setup() {
+	use llvm && llvm_pkg_setup
+
+	use server && CONFIG_CHECK="~SYSVIPC" linux-info_pkg_setup
+
+	use python && python-single-r1_pkg_setup
+}
+
+src_prepare() {
+	# Set proper run directory
+	sed "s|\(PGSOCKET_DIR\s\+\)\"/tmp\"|\1\"${EPREFIX}/run/postgresql\"|" \
+		-i src/include/pg_config_manual.h || die
+
+	# Rely on $PATH being in the proper order so that the correct
+	# install program is used for modules utilizing PGXS in both
+	# hardened and non-hardened environments. (Bug #528786)
+	sed 's/@install_bin@/install -c/' -i src/Makefile.global.in || die
+
+	use server || eapply "${FILESDIR}/${PN}-15_beta3-no-server.patch"
+
+	if use pam ; then
+		sed "s/\(#define PGSQL_PAM_SERVICE \"postgresql\)/\1-${SLOT}/" \
+			-i src/backend/libpq/auth.c || \
+			die 'PGSQL_PAM_SERVICE rename failed.'
+	fi
+
+	eapply "${FILESDIR}"/postgresql-16-openssl3.2.patch
+
+	eapply_user
+}
+
+src_configure() {
+	case ${CHOST} in
+		*-darwin*|*-solaris*)
+			use nls && append-libs intl
+			;;
+	esac
+
+	export LDFLAGS_SL="${LDFLAGS}"
+	export LDFLAGS_EX="${LDFLAGS}"
+
+	local PO="${EPREFIX}"
+
+	local i uuid_config=""
+	if use uuid; then
+		for i in ${UTIL_LINUX_LIBC[@]}; do
+			use ${i} && uuid_config="--with-uuid=e2fs"
+		done
+		[[ -z $uuid_config ]] && uuid_config="--with-uuid=ossp"
+	fi
+
+	local myconf="\
+		--prefix="${PO}/usr/$(get_libdir)/postgresql-${SLOT}" \
+		--datadir="${PO}/usr/share/postgresql-${SLOT}" \
+		--includedir="${PO}/usr/include/postgresql-${SLOT}" \
+		--mandir="${PO}/usr/share/postgresql-${SLOT}/man" \
+		--sysconfdir="${PO}/etc/postgresql-${SLOT}" \
+		--with-system-tzdata="${PO}/usr/share/zoneinfo" \
+		$(use_enable debug) \
+		$(use_with icu) \
+		$(use_with kerberos gssapi) \
+		$(use_with ldap) \
+		$(use_with llvm) \
+		$(use_with lz4) \
+		$(use_with pam) \
+		$(use_with perl) \
+		$(use_with python) \
+		$(use_with readline) \
+		$(use_with ssl openssl) \
+		$(usex server "$(use_with systemd)" '--without-systemd') \
+		$(use_with tcl) \
+		${uuid_config} \
+		$(use_with xml libxml) \
+		$(use_with xml libxslt) \
+		$(use_with zlib) \
+		$(use_with zstd) \
+		$(use_enable nls)"
+	if use alpha; then
+		myconf+=" --disable-spinlocks"
+	else
+		# Should be the default but just in case
+		myconf+=" --enable-spinlocks"
+	fi
+	econf ${myconf}
+}
+
+src_compile() {
+	emake
+	emake -C contrib
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+	emake DESTDIR="${D}" install -C contrib
+
+	dodoc README HISTORY
+
+	# man pages are already built, but if we have the target make them,
+	# they'll be generated from source before being installed so we
+	# manually install man pages.
+	# We use ${SLOT} instead of doman for postgresql.eselect
+	insinto /usr/share/postgresql-${SLOT}/man/
+	doins -r doc/src/sgml/man{1,3,7}
+	if ! use server; then
+		# Remove man pages for non-existent binaries
+		serverman=(
+			initdb
+			pg_{archivecleanup,controldata,ctl,resetwal,rewind,standby}
+			pg_{test_{fsync,timing},upgrade,waldump}
+			post{gres,master}
+		)
+		for m in ${serverman[@]} ; do
+			rm "${ED}/usr/share/postgresql-${SLOT}/man/man1/${m}.1"
+		done
+	fi
+	docompress /usr/share/postgresql-${SLOT}/man/man{1,3,7}
+
+	# Create slot specific man pages
+	local bn f mansec slotted_name
+	for mansec in 1 3 7 ; do
+		local rel_manpath="../../postgresql-${SLOT}/man/man${mansec}"
+
+		mkdir -p "${ED}"/usr/share/man/man${mansec} || die "making man dir"
+		pushd "${ED}"/usr/share/man/man${mansec} > /dev/null || die "pushd failed"
+
+		for f in "${ED}/usr/share/postgresql-${SLOT}/man/man${mansec}"/* ; do
+			bn=$(basename "${f}")
+			slotted_name=${bn%.${mansec}}${SLOT}.${mansec}
+			case ${bn} in
+				TABLE.7|WITH.7)
+					echo ".so ${rel_manpath}/SELECT.7" > ${slotted_name}
+					;;
+				*)
+					echo ".so ${rel_manpath}/${bn}" > ${slotted_name}
+					;;
+			esac
+		done
+
+		popd > /dev/null
+	done
+
+	insinto /etc/postgresql-${SLOT}
+	newins src/bin/psql/psqlrc.sample psqlrc
+
+	# Don't delete libpg{port,common}.a (Bug #571046). They're always
+	# needed by extensions utilizing PGXS.
+	use static-libs || \
+		find "${ED}" -name '*.a' ! -name libpgport.a ! -name libpgcommon.a \
+			 -delete
+
+	# Make slot specific links to programs
+	local f bn
+	for f in $(find "${ED}/usr/$(get_libdir)/postgresql-${SLOT}/bin" \
+					-mindepth 1 -maxdepth 1)
+	do
+		bn=$(basename "${f}")
+		dosym "../$(get_libdir)/postgresql-${SLOT}/bin/${bn}" \
+			  "/usr/bin/${bn}${SLOT/.}"
+	done
+
+	if use doc ; then
+		docinto html
+		dodoc doc/src/sgml/html/*
+	fi
+
+	if use server; then
+		sed -e "s|@SLOT@|${SLOT}|g" -e "s|@LIBDIR@|$(get_libdir)|g" \
+			"${FILESDIR}/${PN}.confd-9.3" | newconfd - ${PN}-${SLOT}
+
+		sed -e "s|@SLOT@|${SLOT}|g" -e "s|@LIBDIR@|$(get_libdir)|g" \
+			"${FILESDIR}/${PN}.init-9.3-r1" | newinitd - ${PN}-${SLOT}
+
+		if use systemd; then
+			sed -e "s|@SLOT@|${SLOT}|g" -e "s|@LIBDIR@|$(get_libdir)|g" \
+				"${FILESDIR}/${PN}.service-9.6-r1" | \
+				systemd_newunit - ${PN}-${SLOT}.service
+			newbin "${FILESDIR}"/${PN}-check-db-dir ${PN}-${SLOT}-check-db-dir
+			newtmpfiles "${FILESDIR}"/${PN}.tmpfiles ${PN}-${SLOT}.conf
+		fi
+
+		use pam && pamd_mimic system-auth ${PN}-${SLOT} auth account session
+
+		if use prefix ; then
+			keepdir /run/postgresql
+			fperms 1775 /run/postgresql
+		fi
+	fi
+}
+
+pkg_postinst() {
+	use server && use systemd && tmpfiles_process ${PN}-${SLOT}.conf
+	postgresql-config update
+
+	elog "If you need a global psqlrc-file, you can place it in:"
+	elog "    ${EROOT}/etc/postgresql-${SLOT}/"
+
+	if use server ; then
+		elog
+		elog "Gentoo specific documentation:"
+		elog "https://wiki.gentoo.org/wiki/PostgreSQL"
+		elog
+		elog "Official documentation:"
+		elog "https://www.postgresql.org/docs/${SLOT}/static/index.html"
+		elog
+		elog "The default location of the Unix-domain socket is:"
+		elog "    ${EROOT}/run/postgresql/"
+		elog
+		elog "Before initializing the database, you may want to edit PG_INITDB_OPTS"
+		elog "so that it contains your preferred locale in:"
+		elog "    ${EROOT}/etc/conf.d/postgresql-${SLOT}"
+		elog
+		elog "Then, execute the following command to setup the initial database"
+		elog "environment:"
+		elog "    emerge --config =${CATEGORY}/${PF}"
+
+		if [[ -n ${REPLACING_VERSIONS} ]] ; then
+			ewarn "If your system is using 'pg_stat_statements' and you are running a"
+			ewarn "version of PostgreSQL ${SLOT}, we advise that you execute"
+			ewarn "the following command after upgrading:"
+			ewarn
+			ewarn "ALTER EXTENSION pg_stat_statements UPDATE;"
+		fi
+	fi
+}
+
+pkg_prerm() {
+	if use server && [[ -z ${REPLACED_BY_VERSION} ]] ; then
+		ewarn "Have you dumped and/or migrated the ${SLOT} database cluster?"
+		ewarn "\thttps://wiki.gentoo.org/wiki/PostgreSQL/QuickStart#Migrating_PostgreSQL"
+
+		ebegin "Resuming removal in 10 seconds (Control-C to cancel)"
+		sleep 10
+		eend 0
+	fi
+}
+
+pkg_postrm() {
+	postgresql-config update
+}
+
+pkg_config() {
+	use server || die "USE flag 'server' not enabled. Nothing to configure."
+
+	[[ -f "${EROOT}/etc/conf.d/postgresql-${SLOT}" ]] \
+		&& source "${EROOT}/etc/conf.d/postgresql-${SLOT}"
+	[[ -z "${PGDATA}" ]] && PGDATA="${EROOT}/etc/postgresql-${SLOT}/"
+	[[ -z "${DATA_DIR}" ]] \
+		&& DATA_DIR="${EROOT}/var/lib/postgresql/${SLOT}/data"
+
+	# environment.bz2 may not contain the same locale as the current system
+	# locale. Unset and source from the current system locale.
+	if [ -f "${EROOT}/etc/env.d/02locale" ]; then
+		unset LANG
+		unset LC_CTYPE
+		unset LC_NUMERIC
+		unset LC_TIME
+		unset LC_COLLATE
+		unset LC_MONETARY
+		unset LC_MESSAGES
+		unset LC_ALL
+		source "${EROOT}/etc/env.d/02locale"
+		[ -n "${LANG}" ] && export LANG
+		[ -n "${LC_CTYPE}" ] && export LC_CTYPE
+		[ -n "${LC_NUMERIC}" ] && export LC_NUMERIC
+		[ -n "${LC_TIME}" ] && export LC_TIME
+		[ -n "${LC_COLLATE}" ] && export LC_COLLATE
+		[ -n "${LC_MONETARY}" ] && export LC_MONETARY
+		[ -n "${LC_MESSAGES}" ] && export LC_MESSAGES
+		[ -n "${LC_ALL}" ] && export LC_ALL
+	fi
+
+	einfo "You can modify the paths and options passed to initdb by editing:"
+	einfo "    ${EROOT}/etc/conf.d/postgresql-${SLOT}"
+	einfo
+	einfo "Information on options that can be passed to initdb are found at:"
+	einfo "    https://www.postgresql.org/docs/${SLOT}/static/creating-cluster.html"
+	einfo "    https://www.postgresql.org/docs/${SLOT}/static/app-initdb.html"
+	einfo
+	einfo "PG_INITDB_OPTS is currently set to:"
+	if [[ -z "${PG_INITDB_OPTS}" ]] ; then
+		einfo "    (none)"
+	else
+		einfo "    ${PG_INITDB_OPTS}"
+	fi
+	einfo
+	einfo "Configuration files will be installed to:"
+	einfo "    ${PGDATA}"
+	einfo
+	einfo "The database cluster will be created in:"
+	einfo "    ${DATA_DIR}"
+	einfo
+
+	ebegin "Continuing initialization in 5 seconds (Control-C to cancel)"
+	sleep 5
+	eend 0
+
+	if [ -n "$(ls -A ${DATA_DIR} 2> /dev/null)" ] ; then
+		eerror "The given directory, '${DATA_DIR}', is not empty."
+		eerror "Modify DATA_DIR to point to an empty directory."
+		die "${DATA_DIR} is not empty."
+	fi
+
+	einfo "Creating the data directory ..."
+	if [[ ${EUID} == 0 ]] ; then
+		mkdir -p "$(dirname ${DATA_DIR%/})" || die "Couldn't parent dirs"
+		mkdir -m 0700 "${DATA_DIR%/}" || die "Couldn't make DATA_DIR"
+		chown -h postgres:postgres "${DATA_DIR%/}" || die "Couldn't chown"
+	fi
+
+	einfo "Initializing the database ..."
+
+	if [[ ${EUID} == 0 ]] ; then
+		su - postgres -c "${EROOT}/usr/$(get_libdir)/postgresql-${SLOT}/bin/initdb -D \"${DATA_DIR}\" ${PG_INITDB_OPTS}"
+	else
+		"${EROOT}"/usr/$(get_libdir)/postgresql-${SLOT}/bin/initdb -U postgres -D "${DATA_DIR}" ${PG_INITDB_OPTS}
+	fi
+
+	if [[ "${DATA_DIR%/}" != "${PGDATA%/}" ]] ; then
+		mv "${DATA_DIR%/}"/{pg_{hba,ident},postgresql}.conf "${PGDATA}"
+		ln -s "${PGDATA%/}"/{pg_{hba,ident},postgresql}.conf "${DATA_DIR%/}"
+	fi
+
+	# unix_socket_directory has no effect in postgresql.conf as it's
+	# overridden in the initscript
+	sed '/^#unix_socket_directories/,+1d' -i "${PGDATA%/}"/postgresql.conf
+
+	cat <<- EOF >> "${PGDATA%/}"/postgresql.conf
+		# This is here because of https://bugs.gentoo.org/show_bug.cgi?id=518522
+		# On the off-chance that you might need to work with UTF-8 encoded
+		# characters in PL/Perl
+		plperl.on_init = 'use utf8; use re; package utf8; require "utf8_heavy.pl";'
+	EOF
+
+	einfo "The autovacuum function, which was in contrib, has been moved to the main"
+	einfo "PostgreSQL functions starting with 8.1, and starting with 8.4 is now enabled"
+	einfo "by default. You can disable it in the cluster's:"
+	einfo "    ${PGDATA%/}/postgresql.conf"
+	einfo
+	if ! use systemd; then
+		einfo "The PostgreSQL server, by default, will log events to:"
+		einfo "    ${DATA_DIR%/}/postmaster.log"
+		einfo
+	fi
+	if use prefix ; then
+		einfo "The location of the configuration files have moved to:"
+		einfo "    ${PGDATA}"
+		einfo "To start the server:"
+		einfo "    pg_ctl start -D ${DATA_DIR} -o '-D ${PGDATA} --data-directory=${DATA_DIR}'"
+		einfo "To stop:"
+		einfo "    pg_ctl stop -D ${DATA_DIR}"
+		einfo
+		einfo "Or move the configuration files back:"
+		einfo "mv ${PGDATA}*.conf ${DATA_DIR}"
+	elif use systemd; then
+		einfo "You should use the 'postgresql-${SLOT}.service' unit to run PostgreSQL"
+		einfo "instead of 'pg_ctl'."
+	else
+		einfo "You should use the '${EROOT}/etc/init.d/postgresql-${SLOT}' script to run PostgreSQL"
+		einfo "instead of 'pg_ctl'."
+	fi
+}
+
+src_test() {
+	if use server && [[ ${UID} -ne 0 ]] ; then
+		# Some ICU tests fail if LC_CTYPE and LC_COLLATE aren't the same. We set
+		# LC_CTYPE to be equal to LC_COLLATE since LC_COLLATE is set by Portage.
+		local old_ctype=${LC_CTYPE}
+		export LC_CTYPE=${LC_COLLATE}
+		emake check
+		export LC_CTYPE=${old_ctype}
+		einfo "If you think other tests besides the regression tests are necessary, please"
+		einfo "submit a bug including a patch for this ebuild to enable them."
+	else
+		use server || \
+			ewarn 'Tests cannot be run without the "server" use flag enabled.'
+		[[ ${UID} -eq 0 ]] || \
+			ewarn 'Tests cannot be run as root. Enable "userpriv" in FEATURES.'
+
+		ewarn 'Skipping.'
+	fi
+}