gentoo auto-resync : 02:02:2024 - 17:45:32

16 files changed, 3298 insertions, 10 deletions

diff --git a/dev-db/postgresql/Manifest b/dev-db/postgresql/Manifest
index 7cfce38e7277..56462e111867 100644
--- a/dev-db/postgresql/Manifest
+++ b/dev-db/postgresql/Manifest
@@ -1,8 +1,13 @@
+AUX postgresql-12-openssl3.2.patch 6585 BLAKE2B 791f1432cf74232bfa030ae26450fb8ee04ab4c4677d7888de36526d5a90ad520b36dd048abda8d4a4797f2826027aa86966c159942ce111c931da84276a0b30 SHA512 effb4ec6d4a6dec5ffb344c03df99e3d938c52221ddbc4d6586492f77763b5ec268836e43007dd2beb0b0df95173c9e37449707a1a8bd9b293ed7addaefb320b
 AUX postgresql-12.1-no-server.patch 2965 BLAKE2B 168f39c02f0614c57a60c0ce3bb540e0d29dc407c569661d0cd29ddb57657bfada44aa90ca915c8474ca5541ac1f4cc152fbd70c105efcbe83f9e5b9f918eeb5 SHA512 5e025da1cb5f696821b19093ab893667426a08b1bbc8e3f748d34207730026625b61a8cfd2596af124080a4a292363546dce5b703ce6164efceceabc6b170aa2
+AUX postgresql-13-openssl3.2.patch 6389 BLAKE2B 6b7a8cf82a9c0424fc0fa1f297623c530531a2db0ee2480e3e3cb94cd7a2f66fd3c07b5db4a164ac8cdea3557ca8f0627533ac19a07be1466413b409f6812dea SHA512 524eb2a4076f45bd978f034da03731e79a59ae5e0cae8f0d525e17bdacf0c23f24cb6ce38171447101ba229ece952244ae58199b821a1f3ec6bb9d5657543995
 AUX postgresql-13.3-riscv-spinlocks.patch 966 BLAKE2B 4834d47b01e1f8e122fa940a84e1e790686d96b538d27f253724f7be454c455c6853cdadf41da5cafeb8767012b45a6eef742685117afaaa78e0e9a930c728c8 SHA512 1c217ec177a1669fcaeffe2cce241b5ba2cba6425d9eee8bf50dce6626e70e2d063776e1ced4590cbf9ffc046ede02dbe4f06bdfb7bc4c3dcb0f028c128c15ea
 AUX postgresql-13.8-no-server.patch 2985 BLAKE2B 81a4a7c1d3c9e104ea7a575a14eecada57b62ed652b4401b459886250518179b1f68efd73246773cf7b745c298ac59f0e5f693f2ac0e6e0fd4a29c4c431e3715 SHA512 7a3fd3f8411c59b812da6deaf743247c0e728aca653fb66860a7a6e55704bc732327dcf917ce17fe089003740131d4d92879e171b4b9ff262fef0743f6f50122
+AUX postgresql-14-openssl3.2.patch 7707 BLAKE2B 50035cdbfea58798d8ece7edb13c552ada5167999b070b2582ae2f020fa136a17dcc75c0ceae5255074284f587a7b032eca6ffa53cc1f75de3637746157f7ef7 SHA512 93ad6d528d0ebafd947327212eec33d91a1f9e2d7fdaf1c67040c5da96e9ba9d97b3bf7db399a260b97e116f1f2cd817443fadd1aeea5b196024ce14cb80a357
 AUX postgresql-14.5-no-server.patch 3018 BLAKE2B cbb900bcb7bcc8e788369829811da0d57a45682a77ac54f430cab7ebf6df9ff10489d50d129fa5b24bfff80929497b3107a8e650962b8e772d6b0bee610f05a9 SHA512 90e88567af5f30969e946295c4c058cd245bdd7dce01d48b70aa3dd000cf9e54570ed1b6bcc423a10ed0b7102047927da19bd26f5714e003ccffde967c77db26
+AUX postgresql-15-openssl3.2.patch 7609 BLAKE2B 63e806aab619b79c174c299990cf45c031d0150c8c80afe9fcf217f75673c0b28c64879b305bd700afa9873ff8a7c3da4587d3fe6789b2f12bbe4c4d9c738120 SHA512 871c75ff34b60248ffd4a3de8c03abb546430a5e7aba9f361b53f4b6fb27a6b58e927d84a5ba4c50ce8c667157dafefe63b41e69e4b7b8e86f93e276a2468f0b
 AUX postgresql-15_beta3-no-server.patch 3061 BLAKE2B aeba13501762f4e21653ad65ab10f708d604c393797766c1acad207a7889e02eb2806c0f6823fcbf9f2891be85d17ff7d3ba6066afe5f5fde3b9b39e56bfa5f7 SHA512 a41d01f994c4301ec059615446a3cc03cd16af67e3a3c1c0fa73b145c1b910de38d5a4a4757ad861c9cd11124f1d2d13f6503be2e5a2bb28f803fb03b055edb5
+AUX postgresql-16-openssl3.2.patch 8637 BLAKE2B eacc36e7c85ff1f36b2c4c087d8bb332e03fe084391563ea6c3440c1d29c9b0479f3095ec2479f38120a05a25cd048aa043e7f5f0652b795e29c104b14ff2514 SHA512 fa9a310aa3bbb7c4b05480f4f62e61a11f2993174f09580350875083721c11f73dca3e06d062a466f38b3ad2df83a1548838c8431b272c438152ea859eb94a5f
 AUX postgresql-check-db-dir 1013 BLAKE2B 2be45942d0442822113879708c11dfde267938b6e7118bd225f567ca9fdacb11082792eabcb40b8a39cd6017fdedb18100576fea0895dae2dcda83c2d51de34d SHA512 2f34ee0cb6a889500ccfca7621ada6ee1bb06dc146f3c556938152dd3d7c0312266bb4db5f4099838d93ade26e2b8866dfddb3576cb5a737431ea2befd0cec6f
 AUX postgresql.confd-9.3 2477 BLAKE2B 0d42eedb99c951c8c60ed02abb5d4526bc288e8dd50b048cb3ab374239f1929aa80d10306037e45188a81593163121c029b91f9149365bff02ff7bfd0fe52ac4 SHA512 6c9e7c2de31eace2b3ce771a29eb354b143ea81f85d9d7ef601f302b7ae71c1c3badde8765fb7757dadcf0c49dcfa1116977e8b7f1e238350d3732962267147f
 AUX postgresql.init-9.3-r1 4999 BLAKE2B f2bc23a51b6d9643bbc14320aaa9c41b7eb1df86f8b760b9146739b14060178a415fe49b77a47b6bc5522759759fa0aefa9f0050b340534a64c2f22f89c7825d SHA512 a0f003c7d00b9749b8b25fce8ac728869e0c8f5a3c87e699b62806207413d5abba8db1e9d35e801316fbfb0ee070eb3b6a099b7991065c21cdb27ca7dc164bed
@@ -13,10 +18,15 @@ DIST postgresql-13.13.tar.bz2 21563452 BLAKE2B ee4b2d022c1b3003dc9c4da96e5900878
 DIST postgresql-14.10.tar.bz2 22298652 BLAKE2B 0c87c02b0b279d29e4a05711312bf89a655359a687c24d1cbb76cd4f6ed7666d31113a18a9976773c36853f00c1ca332af396372524467bb19c2a3bfcddea995 SHA512 f546e62eb158efdeecf091271ee60945604ca7f3683f0b259ee18eb682431158e282bf4f81d8df304c956919788f8077e72aa47c467d32d6aef1ccfe470862a5
 DIST postgresql-15.5.tar.bz2 23091780 BLAKE2B e3731b973242d4de8b4b78e00842df52e006f08510efc0ff02bf7b8b479e17aa9e1c8116644d9a82f23d4334f527f1a82a1c2eec7f7c199a2fdf500b46740264 SHA512 9ed9d160b3cef99954ccd47a970c107b7e3b0196a7d848f740bf3c52a1c626f6f457814c97f37b9f0467bb07734e19806a15bd9cf3c39445e1d89e75b37064cc
 DIST postgresql-16.1.tar.bz2 24605482 BLAKE2B f59859af644134cf0fc9289c0e0d93fe0f877794a1cc8881280d0439605a6e312866a0114d453af8e269e26173fa3742073fe5485901b7cb0af925a5c3506aad SHA512 69f4635e5841452599f13b47df41ce2425ab34b4e4582fd2c635bc78d561fa36c5b03eccb4ae6569872dc74775be1b5a62dee20c9a4f12a43339250128352918
-EBUILD postgresql-12.17.ebuild 13318 BLAKE2B 7b8fb07a6262a3e288fa53b82e10f1c6eaafa915a3e49850c6fafc33db945bd9bb6bb41a6bd04d2a5bee085ce5150de57853175afbf176f71adfcbdc0fe7fd00 SHA512 c666ec01ecd7df6a8e516a1b920f4257a94c07ccaf585dd9176aff86cd4de8434ad1ad3774d5a0dda3f1c572498c719607aea11cf60b5ecb0150f7dc6d171b94
-EBUILD postgresql-13.13.ebuild 13752 BLAKE2B 11e62fb7273b8b16e0ad2e984ccb2a2c0c8d823dfa431d79267a57cc534a45cb45ae0a7369c1e5d18782d4741204fff601d29117ea5f3663931fe097d7b84d15 SHA512 8525928ee03fc8d2427f8688ad001d7687389427a3d74c2b9252b78ee10a4e784b61666a29e8424236315d2dc888a09cfc1f8dbe8a4600b18f71ef70714d1cec
-EBUILD postgresql-14.10.ebuild 13744 BLAKE2B 9d8279964ba5b5dc3a727fbe144e6e5d6e360a4cfae6215c9d15fa55db08b00579c42a76aba6f39f0b427052302489a4a0fe4daf4b19161ff8d9158c97091a2e SHA512 72a188285856e30e1c27ef1a325fb788b69d95292fba41b5081df9108eab5e880862f8abb16d9a21a6ccecd752aa5963a3c3fc2fc670f8390d4531dd8ba5cd71
-EBUILD postgresql-15.5.ebuild 13803 BLAKE2B 5dd4648a2d57f3ec0c8dfe0cede251eaf82b348767f16f8889596cd24e180325dc4724aaa8b9e181caeb0c67c2abd86cccb63c961b8b0cad9c24285e2a1a2b44 SHA512 9e2572ac216fd81a2b0dd4b8a39df434f21afbb72d696564978354eb3af3bd8c3732988fea3ff9b0834a6a0175b9b836929d6bdbbe54ecdb1ba2817d32294593
-EBUILD postgresql-16.1.ebuild 13813 BLAKE2B 50bc1ad368c83fac7cfd22747a5b35045e84b5b002f9ae26dd49a89b39b6b6a81d48f22894d22510c5b0b6e160ed2d43f4224b0d6a020dc5bb8c3a2c0e05c3c5 SHA512 9ddc9e829f9438b8788b13bdff0b4513a6eb177518445e061b9240e0b7e70df1af323aa9da16333d75e40f4cfb847e3e3a34b28d46ccd95552aee292381f7378
+EBUILD postgresql-12.17-r1.ebuild 13379 BLAKE2B b429dba9ea3c1c36ae8ac7feef969af59fddb68b568596203b170c9f55463e51276c4dbf5174984a2023ecbb8fa79fbaf32034af153a924a4874eadb23e97d66 SHA512 db106bc6ad6eb6937ae6fe7c7b20d86ff43f72f1ff604cb9fcbe8884ccdeed3ef96546508e12c03cd9a9d3398c304506da55cd861e7ec76592fe5cf515dec8f3
+EBUILD postgresql-12.17.ebuild 13341 BLAKE2B f8339227e1c5f24ee9172d09588a2a8c2578dfeeb80bde2fb2fcbc4cfb072eb4259b4579451378443801060deba85cd7021aac6cfe20a6b794fb4d8fbb6c4c11 SHA512 b4854b55b0965a51401c258df7de95919a341eed04f16a0e6573e2d8e77596c0cb4cbffbb85e8a54cf9237e21a652ff5ae40e581b9980b9d0bd8c1841d25f854
+EBUILD postgresql-13.13-r1.ebuild 13813 BLAKE2B 1039282c9f8f0cbc38be1843ae5ab5fa219dccd29d6e5624188728713e65c46aea27766e15f7eace89fefea67e01757e05cdf9abf2ffc2e49a3b517235acffd6 SHA512 16fc0dcb443918cd78ed401c05da736b82f632fd1fb07f904ae537a46c0d9207b98f94821d1a2ceedc8e8a59f85387fda9cfd52fd53dc604aeb566bacaba33f4
+EBUILD postgresql-13.13.ebuild 13775 BLAKE2B edf73142c90579158b69e50c6f277a2113abb59e9c481161cffdc07e764a566f30b361f79e0ab0c2aead965da11c188035609a97c305a647b2696501eed8ee2a SHA512 9e6053905ea0326cdd954c71a8f9606323212d717bbae51e6277979a39d65a46a9c1ed8c17b586bfb8de0826db3e6fe15f66c2c3301bdb5211bd60381e98f358
+EBUILD postgresql-14.10-r1.ebuild 13805 BLAKE2B 712c6075417c0e36cf6fa8fef8ddd27f616da569848b85914b50102d9321b38b4982e6022d3b1a31df21c613284d56dc4a39d2d49f4f1c880c480ef76b698e22 SHA512 2851a231a2ee88b37df869221952e4415923fc9f1912fbc0899b681cfcf79a9c79eb5805d0edf208d308a5186d94fa56089184283d6bf30a551e623b2ebf4a57
+EBUILD postgresql-14.10.ebuild 13767 BLAKE2B db65b542ae1962773255ab0bc2ac671c513b0b73eb89954546605de6317c9d5868f25cb8c1e9a75e140f3b3d4ee7f475ce9e8e727ff0cefe207ea77006640805 SHA512 bbb696c51c04c05a17af9e6cd1c7a73b8b26191a273e59f51c8b189b03b37fdd0380cd936fd166b22e3c7aba3d9ff7482698362059b8f55ad1425a0d06b7d77b
+EBUILD postgresql-15.5-r1.ebuild 13864 BLAKE2B 3be127ad2a378ca367bcd3f3b038c140d493acc2644e2538c5d98eaae626d4427a211b03154da90826b860093bdd050222706108ef625ba1320933d077bc5704 SHA512 8dbf9445a681362ba47845f3382475da0f46b9595af424b1a3a3848902d060044417d0e56a9842fddb922311efc05a7667e02a2d0eb1f72b5a2d3cd28240e353
+EBUILD postgresql-15.5.ebuild 13826 BLAKE2B 9f6c3356369fae30f0dd4e2d5faf4151d96d55d4cd247616741ee8b23db2adcb95471509a96fe798dd477d81997e11352ccb8b085137891b98451a0cd9cb5992 SHA512 2415d2983367f2415723355755b942787a0f250ad6eb59f2174bf001dcbe483cfbed17b96bd5850d032700554b85d2331a44e8ba6db1267806d7e9b4907029f1
+EBUILD postgresql-16.1-r1.ebuild 13874 BLAKE2B 68fc7b0351e8b5ad4c4ea9cc1b3d5dbc367113bfd105d32fbfebd1a170508b1a7ee19021c557cdc0860dd53b21f69bfc9799d3db8ebb0d539c9d4e2dba9bfcf9 SHA512 1659874aa9c891b09503cda569add5aa9ac5096b7e5e12cb6695e04c0043583ebcc2da93f4730929b64a5ca6ad4956054a845ea9d9cf7a2c28ed8a7d2793055d
+EBUILD postgresql-16.1.ebuild 13836 BLAKE2B cca22b68e00a73dfaa17b2ea3f04d24d1ecd459b40f9d713b627cdee35f07857002deed4776c62c401bbb789fb2fb9ad511ede67ddffeb8329a418a3f0135d0d SHA512 988bcd24a5691857d2a2f6f7062814aa3a333e43d193be5a42f0ae7c984ce499cebb318810b7f8e783d25e29d6659d429904fe1f647191c646779f6e209c55de
 EBUILD postgresql-9999.ebuild 12932 BLAKE2B e3ee40dd98963f8842ba47400b6c71f107c0dd926c14a94f301e4bb69b0570338bf20224cef262bd11a66f7212dd2977d99194a8c17bf4bdd78c21e4c461f9fb SHA512 64d73783080d3cef4163d97e116aa5d7088cdc5a3a453dd6a325e0653b0ce55638a5cc16ea41da0e7808879cd7dccf2d909064ac32ab8c1a392a92e1549a9e5f
 MISC metadata.xml 653 BLAKE2B b5b85d83ee78ac502e2707d156e2fadf6fea857160e2f48da51c755e221c52a14b9eb04354202287f4aba15c274c07ba7b0911c76fd034bfa774ce3500ccb165 SHA512 fd543af224f6f8677e138cb1db7154d2444295c45df8696e3584911943176023d8d1b179f6b16d88ffc6d290265ec1b2f4c902cf95cc79eb37599ae3635b0942
diff --git a/dev-db/postgresql/files/postgresql-12-openssl3.2.patch b/dev-db/postgresql/files/postgresql-12-openssl3.2.patch
new file mode 100644
index 000000000000..62b254d220c6
--- /dev/null
+++ b/dev-db/postgresql/files/postgresql-12-openssl3.2.patch
@@ -0,0 +1,178 @@
+commit 6bb4ce36b302296fd09abb097b5e28b66117be92
+Author: Tom Lane <tgl@sss.pgh.pa.us>
+Date:   Tue Nov 28 12:34:03 2023 -0500
+
+    Use BIO_{get,set}_app_data instead of BIO_{get,set}_data.
+    
+    We should have done it this way all along, but we accidentally got
+    away with using the wrong BIO field up until OpenSSL 3.2.  There,
+    the library's BIO routines that we rely on use the "data" field
+    for their own purposes, and our conflicting use causes assorted
+    weird behaviors up to and including core dumps when SSL connections
+    are attempted.  Switch to using the approved field for the purpose,
+    i.e. app_data.
+    
+    While at it, remove our configure probes for BIO_get_data as well
+    as the fallback implementation.  BIO_{get,set}_app_data have been
+    there since long before any OpenSSL version that we still support,
+    even in the back branches.
+    
+    Also, update src/test/ssl/t/001_ssltests.pl to allow for a minor
+    change in an error message spelling that evidently came in with 3.2.
+    
+    Tristan Partin and Bo Andreson.  Back-patch to all supported branches.
+    
+    Discussion: https://postgr.es/m/CAN55FZ1eDDYsYaL7mv+oSLUij2h_u6hvD4Qmv-7PK7jkji0uyQ@mail.gmail.com
+
+diff --git a/configure b/configure
+index cce104aebb..346ea8e2c1 100755
+--- a/configure
++++ b/configure
+@@ -12641,7 +12641,7 @@ done
+   # defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it
+   # doesn't have these OpenSSL 1.1.0 functions. So check for individual
+   # functions.
+-  for ac_func in OPENSSL_init_ssl BIO_get_data BIO_meth_new ASN1_STRING_get0_data
++  for ac_func in OPENSSL_init_ssl BIO_meth_new ASN1_STRING_get0_data
+ do :
+   as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+diff --git a/configure.in b/configure.in
+index 3c93e7a944..2c15b20049 100644
+--- a/configure.in
++++ b/configure.in
+@@ -1290,7 +1290,7 @@ if test "$with_openssl" = yes ; then
+   # defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it
+   # doesn't have these OpenSSL 1.1.0 functions. So check for individual
+   # functions.
+-  AC_CHECK_FUNCS([OPENSSL_init_ssl BIO_get_data BIO_meth_new ASN1_STRING_get0_data])
++  AC_CHECK_FUNCS([OPENSSL_init_ssl BIO_meth_new ASN1_STRING_get0_data])
+   # OpenSSL versions before 1.1.0 required setting callback functions, for
+   # thread-safety. In 1.1.0, it's no longer required, and CRYPTO_lock()
+   # function was removed.
+diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
+index b0a1f7258a..34f8f9e71e 100644
+--- a/src/backend/libpq/be-secure-openssl.c
++++ b/src/backend/libpq/be-secure-openssl.c
+@@ -699,11 +699,6 @@ be_tls_write(Port *port, void *ptr, size_t len, int *waitfor)
+  * to retry; do we need to adopt their logic for that?
+  */
+ 
+-#ifndef HAVE_BIO_GET_DATA
+-#define BIO_get_data(bio) (bio->ptr)
+-#define BIO_set_data(bio, data) (bio->ptr = data)
+-#endif
+-
+ static BIO_METHOD *my_bio_methods = NULL;
+ 
+ static int
+@@ -713,7 +708,7 @@ my_sock_read(BIO *h, char *buf, int size)
+ 
+ 	if (buf != NULL)
+ 	{
+-		res = secure_raw_read(((Port *) BIO_get_data(h)), buf, size);
++		res = secure_raw_read(((Port *) BIO_get_app_data(h)), buf, size);
+ 		BIO_clear_retry_flags(h);
+ 		if (res <= 0)
+ 		{
+@@ -733,7 +728,7 @@ my_sock_write(BIO *h, const char *buf, int size)
+ {
+ 	int			res = 0;
+ 
+-	res = secure_raw_write(((Port *) BIO_get_data(h)), buf, size);
++	res = secure_raw_write(((Port *) BIO_get_app_data(h)), buf, size);
+ 	BIO_clear_retry_flags(h);
+ 	if (res <= 0)
+ 	{
+@@ -809,7 +804,7 @@ my_SSL_set_fd(Port *port, int fd)
+ 		SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
+ 		goto err;
+ 	}
+-	BIO_set_data(bio, port);
++	BIO_set_app_data(bio, port);
+ 
+ 	BIO_set_fd(bio, fd, BIO_NOCLOSE);
+ 	SSL_set_bio(port->ssl, bio, bio);
+diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in
+index 457a8713cc..1e9d21c3e4 100644
+--- a/src/include/pg_config.h.in
++++ b/src/include/pg_config.h.in
+@@ -96,9 +96,6 @@
+ /* Define to 1 if you have the <atomic.h> header file. */
+ #undef HAVE_ATOMIC_H
+ 
+-/* Define to 1 if you have the `BIO_get_data' function. */
+-#undef HAVE_BIO_GET_DATA
+-
+ /* Define to 1 if you have the `BIO_meth_new' function. */
+ #undef HAVE_BIO_METH_NEW
+ 
+diff --git a/src/include/pg_config.h.win32 b/src/include/pg_config.h.win32
+index 42fd7067f1..37accc560b 100644
+--- a/src/include/pg_config.h.win32
++++ b/src/include/pg_config.h.win32
+@@ -75,9 +75,6 @@
+ /* Define to 1 if you have the `ASN1_STRING_get0_data' function. */
+ /* #undef HAVE_ASN1_STRING_GET0_DATA */
+ 
+-/* Define to 1 if you have the `BIO_get_data' function. */
+-/* #undef HAVE_BIO_GET_DATA */
+-
+ /* Define to 1 if you have the `BIO_meth_new' function. */
+ /* #undef HAVE_BIO_METH_NEW */
+ 
+diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c
+index 5948a37983..5729dd9acf 100644
+--- a/src/interfaces/libpq/fe-secure-openssl.c
++++ b/src/interfaces/libpq/fe-secure-openssl.c
+@@ -1491,10 +1491,7 @@ PQsslAttribute(PGconn *conn, const char *attribute_name)
+  * to retry; do we need to adopt their logic for that?
+  */
+ 
+-#ifndef HAVE_BIO_GET_DATA
+-#define BIO_get_data(bio) (bio->ptr)
+-#define BIO_set_data(bio, data) (bio->ptr = data)
+-#endif
++/* protected by ssl_config_mutex */
+ 
+ static BIO_METHOD *my_bio_methods;
+ 
+@@ -1503,7 +1500,7 @@ my_sock_read(BIO *h, char *buf, int size)
+ {
+ 	int			res;
+ 
+-	res = pqsecure_raw_read((PGconn *) BIO_get_data(h), buf, size);
++	res = pqsecure_raw_read((PGconn *) BIO_get_app_data(h), buf, size);
+ 	BIO_clear_retry_flags(h);
+ 	if (res < 0)
+ 	{
+@@ -1533,7 +1530,7 @@ my_sock_write(BIO *h, const char *buf, int size)
+ {
+ 	int			res;
+ 
+-	res = pqsecure_raw_write((PGconn *) BIO_get_data(h), buf, size);
++	res = pqsecure_raw_write((PGconn *) BIO_get_app_data(h), buf, size);
+ 	BIO_clear_retry_flags(h);
+ 	if (res < 0)
+ 	{
+@@ -1624,7 +1621,7 @@ my_SSL_set_fd(PGconn *conn, int fd)
+ 		SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
+ 		goto err;
+ 	}
+-	BIO_set_data(bio, conn);
++	BIO_set_app_data(bio, conn);
+ 
+ 	SSL_set_bio(conn->ssl, bio, bio);
+ 	BIO_set_fd(bio, fd, BIO_NOCLOSE);
+diff --git a/src/tools/msvc/Solution.pm b/src/tools/msvc/Solution.pm
+index 20ce233af4..a7e5fdbda9 100644
+--- a/src/tools/msvc/Solution.pm
++++ b/src/tools/msvc/Solution.pm
+@@ -273,7 +273,6 @@ sub GenerateFiles
+ 				|| ($digit1 >= '1' && $digit2 >= '1' && $digit3 >= '0'))
+ 			{
+ 				print $o "#define HAVE_ASN1_STRING_GET0_DATA 1\n";
+-				print $o "#define HAVE_BIO_GET_DATA 1\n";
+ 				print $o "#define HAVE_BIO_METH_NEW 1\n";
+ 				print $o "#define HAVE_OPENSSL_INIT_SSL 1\n";
+ 			}
diff --git a/dev-db/postgresql/files/postgresql-13-openssl3.2.patch b/dev-db/postgresql/files/postgresql-13-openssl3.2.patch
new file mode 100644
index 000000000000..fbb80a3ecb20
--- /dev/null
+++ b/dev-db/postgresql/files/postgresql-13-openssl3.2.patch
@@ -0,0 +1,172 @@
+commit dc8936b9dba79c80aaba8e7232434fb200e95725
+Author: Tom Lane <tgl@sss.pgh.pa.us>
+Date:   Tue Nov 28 12:34:03 2023 -0500
+
+    Use BIO_{get,set}_app_data instead of BIO_{get,set}_data.
+    
+    We should have done it this way all along, but we accidentally got
+    away with using the wrong BIO field up until OpenSSL 3.2.  There,
+    the library's BIO routines that we rely on use the "data" field
+    for their own purposes, and our conflicting use causes assorted
+    weird behaviors up to and including core dumps when SSL connections
+    are attempted.  Switch to using the approved field for the purpose,
+    i.e. app_data.
+    
+    While at it, remove our configure probes for BIO_get_data as well
+    as the fallback implementation.  BIO_{get,set}_app_data have been
+    there since long before any OpenSSL version that we still support,
+    even in the back branches.
+    
+    Also, update src/test/ssl/t/001_ssltests.pl to allow for a minor
+    change in an error message spelling that evidently came in with 3.2.
+    
+    Tristan Partin and Bo Andreson.  Back-patch to all supported branches.
+    
+    Discussion: https://postgr.es/m/CAN55FZ1eDDYsYaL7mv+oSLUij2h_u6hvD4Qmv-7PK7jkji0uyQ@mail.gmail.com
+
+diff --git a/configure b/configure
+index 2fc7dca504..b7caf88229 100755
+--- a/configure
++++ b/configure
+@@ -12713,7 +12713,7 @@ done
+   # defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it
+   # doesn't have these OpenSSL 1.1.0 functions. So check for individual
+   # functions.
+-  for ac_func in OPENSSL_init_ssl BIO_get_data BIO_meth_new ASN1_STRING_get0_data
++  for ac_func in OPENSSL_init_ssl BIO_meth_new ASN1_STRING_get0_data
+ do :
+   as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+diff --git a/configure.in b/configure.in
+index eaca132607..9aec28c8d1 100644
+--- a/configure.in
++++ b/configure.in
+@@ -1275,7 +1275,7 @@ if test "$with_openssl" = yes ; then
+   # defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it
+   # doesn't have these OpenSSL 1.1.0 functions. So check for individual
+   # functions.
+-  AC_CHECK_FUNCS([OPENSSL_init_ssl BIO_get_data BIO_meth_new ASN1_STRING_get0_data])
++  AC_CHECK_FUNCS([OPENSSL_init_ssl BIO_meth_new ASN1_STRING_get0_data])
+   # OpenSSL versions before 1.1.0 required setting callback functions, for
+   # thread-safety. In 1.1.0, it's no longer required, and CRYPTO_lock()
+   # function was removed.
+diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
+index 55fe59276a..9e22911379 100644
+--- a/src/backend/libpq/be-secure-openssl.c
++++ b/src/backend/libpq/be-secure-openssl.c
+@@ -748,11 +748,6 @@ be_tls_write(Port *port, void *ptr, size_t len, int *waitfor)
+  * to retry; do we need to adopt their logic for that?
+  */
+ 
+-#ifndef HAVE_BIO_GET_DATA
+-#define BIO_get_data(bio) (bio->ptr)
+-#define BIO_set_data(bio, data) (bio->ptr = data)
+-#endif
+-
+ static BIO_METHOD *my_bio_methods = NULL;
+ 
+ static int
+@@ -762,7 +757,7 @@ my_sock_read(BIO *h, char *buf, int size)
+ 
+ 	if (buf != NULL)
+ 	{
+-		res = secure_raw_read(((Port *) BIO_get_data(h)), buf, size);
++		res = secure_raw_read(((Port *) BIO_get_app_data(h)), buf, size);
+ 		BIO_clear_retry_flags(h);
+ 		if (res <= 0)
+ 		{
+@@ -782,7 +777,7 @@ my_sock_write(BIO *h, const char *buf, int size)
+ {
+ 	int			res = 0;
+ 
+-	res = secure_raw_write(((Port *) BIO_get_data(h)), buf, size);
++	res = secure_raw_write(((Port *) BIO_get_app_data(h)), buf, size);
+ 	BIO_clear_retry_flags(h);
+ 	if (res <= 0)
+ 	{
+@@ -858,7 +853,7 @@ my_SSL_set_fd(Port *port, int fd)
+ 		SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
+ 		goto err;
+ 	}
+-	BIO_set_data(bio, port);
++	BIO_set_app_data(bio, port);
+ 
+ 	BIO_set_fd(bio, fd, BIO_NOCLOSE);
+ 	SSL_set_bio(port->ssl, bio, bio);
+diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in
+index 13fc4e0db6..978e685c70 100644
+--- a/src/include/pg_config.h.in
++++ b/src/include/pg_config.h.in
+@@ -86,9 +86,6 @@
+ /* Define to 1 if you have the `backtrace_symbols' function. */
+ #undef HAVE_BACKTRACE_SYMBOLS
+ 
+-/* Define to 1 if you have the `BIO_get_data' function. */
+-#undef HAVE_BIO_GET_DATA
+-
+ /* Define to 1 if you have the `BIO_meth_new' function. */
+ #undef HAVE_BIO_METH_NEW
+ 
+diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c
+index 07d5daf4d9..73b1720c4c 100644
+--- a/src/interfaces/libpq/fe-secure-openssl.c
++++ b/src/interfaces/libpq/fe-secure-openssl.c
+@@ -1602,10 +1602,7 @@ PQsslAttribute(PGconn *conn, const char *attribute_name)
+  * to retry; do we need to adopt their logic for that?
+  */
+ 
+-#ifndef HAVE_BIO_GET_DATA
+-#define BIO_get_data(bio) (bio->ptr)
+-#define BIO_set_data(bio, data) (bio->ptr = data)
+-#endif
++/* protected by ssl_config_mutex */
+ 
+ static BIO_METHOD *my_bio_methods;
+ 
+@@ -1614,7 +1611,7 @@ my_sock_read(BIO *h, char *buf, int size)
+ {
+ 	int			res;
+ 
+-	res = pqsecure_raw_read((PGconn *) BIO_get_data(h), buf, size);
++	res = pqsecure_raw_read((PGconn *) BIO_get_app_data(h), buf, size);
+ 	BIO_clear_retry_flags(h);
+ 	if (res < 0)
+ 	{
+@@ -1644,7 +1641,7 @@ my_sock_write(BIO *h, const char *buf, int size)
+ {
+ 	int			res;
+ 
+-	res = pqsecure_raw_write((PGconn *) BIO_get_data(h), buf, size);
++	res = pqsecure_raw_write((PGconn *) BIO_get_app_data(h), buf, size);
+ 	BIO_clear_retry_flags(h);
+ 	if (res < 0)
+ 	{
+@@ -1735,7 +1732,7 @@ my_SSL_set_fd(PGconn *conn, int fd)
+ 		SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
+ 		goto err;
+ 	}
+-	BIO_set_data(bio, conn);
++	BIO_set_app_data(bio, conn);
+ 
+ 	SSL_set_bio(conn->ssl, bio, bio);
+ 	BIO_set_fd(bio, fd, BIO_NOCLOSE);
+diff --git a/src/tools/msvc/Solution.pm b/src/tools/msvc/Solution.pm
+index 78328e1fac..e88e3967cd 100644
+--- a/src/tools/msvc/Solution.pm
++++ b/src/tools/msvc/Solution.pm
+@@ -226,7 +226,6 @@ sub GenerateFiles
+ 		HAVE_ATOMICS               => 1,
+ 		HAVE_ATOMIC_H              => undef,
+ 		HAVE_BACKTRACE_SYMBOLS     => undef,
+-		HAVE_BIO_GET_DATA          => undef,
+ 		HAVE_BIO_METH_NEW          => undef,
+ 		HAVE_CLOCK_GETTIME         => undef,
+ 		HAVE_COMPUTED_GOTO         => undef,
+@@ -543,7 +542,6 @@ sub GenerateFiles
+ 			|| ($digit1 >= '1' && $digit2 >= '1' && $digit3 >= '0'))
+ 		{
+ 			$define{HAVE_ASN1_STRING_GET0_DATA} = 1;
+-			$define{HAVE_BIO_GET_DATA}          = 1;
+ 			$define{HAVE_BIO_METH_NEW}          = 1;
+ 			$define{HAVE_OPENSSL_INIT_SSL}      = 1;
+ 		}
diff --git a/dev-db/postgresql/files/postgresql-14-openssl3.2.patch b/dev-db/postgresql/files/postgresql-14-openssl3.2.patch
new file mode 100644
index 000000000000..c8064adc23a6
--- /dev/null
+++ b/dev-db/postgresql/files/postgresql-14-openssl3.2.patch
@@ -0,0 +1,195 @@
+commit 50e866f5f3be671620490e3cb3eea533f1677f6c
+Author: Tom Lane <tgl@sss.pgh.pa.us>
+Date:   Tue Nov 28 12:34:03 2023 -0500
+
+    Use BIO_{get,set}_app_data instead of BIO_{get,set}_data.
+    
+    We should have done it this way all along, but we accidentally got
+    away with using the wrong BIO field up until OpenSSL 3.2.  There,
+    the library's BIO routines that we rely on use the "data" field
+    for their own purposes, and our conflicting use causes assorted
+    weird behaviors up to and including core dumps when SSL connections
+    are attempted.  Switch to using the approved field for the purpose,
+    i.e. app_data.
+    
+    While at it, remove our configure probes for BIO_get_data as well
+    as the fallback implementation.  BIO_{get,set}_app_data have been
+    there since long before any OpenSSL version that we still support,
+    even in the back branches.
+    
+    Also, update src/test/ssl/t/001_ssltests.pl to allow for a minor
+    change in an error message spelling that evidently came in with 3.2.
+    
+    Tristan Partin and Bo Andreson.  Back-patch to all supported branches.
+    
+    Discussion: https://postgr.es/m/CAN55FZ1eDDYsYaL7mv+oSLUij2h_u6hvD4Qmv-7PK7jkji0uyQ@mail.gmail.com
+
+diff --git a/configure b/configure
+index 62a921b5e7..f74b9862a0 100755
+--- a/configure
++++ b/configure
+@@ -13071,7 +13071,7 @@ done
+   # defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it
+   # doesn't have these OpenSSL 1.1.0 functions. So check for individual
+   # functions.
+-  for ac_func in OPENSSL_init_ssl BIO_get_data BIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free
++  for ac_func in OPENSSL_init_ssl BIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free
+ do :
+   as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+diff --git a/configure.ac b/configure.ac
+index a3243cc7e8..46624d2a11 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1311,7 +1311,7 @@ if test "$with_ssl" = openssl ; then
+   # defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it
+   # doesn't have these OpenSSL 1.1.0 functions. So check for individual
+   # functions.
+-  AC_CHECK_FUNCS([OPENSSL_init_ssl BIO_get_data BIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free])
++  AC_CHECK_FUNCS([OPENSSL_init_ssl BIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free])
+   # OpenSSL versions before 1.1.0 required setting callback functions, for
+   # thread-safety. In 1.1.0, it's no longer required, and CRYPTO_lock()
+   # function was removed.
+diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
+index 13ac961442..e39952494e 100644
+--- a/src/backend/libpq/be-secure-openssl.c
++++ b/src/backend/libpq/be-secure-openssl.c
+@@ -823,11 +823,6 @@ be_tls_write(Port *port, void *ptr, size_t len, int *waitfor)
+  * to retry; do we need to adopt their logic for that?
+  */
+ 
+-#ifndef HAVE_BIO_GET_DATA
+-#define BIO_get_data(bio) (bio->ptr)
+-#define BIO_set_data(bio, data) (bio->ptr = data)
+-#endif
+-
+ static BIO_METHOD *my_bio_methods = NULL;
+ 
+ static int
+@@ -837,7 +832,7 @@ my_sock_read(BIO *h, char *buf, int size)
+ 
+ 	if (buf != NULL)
+ 	{
+-		res = secure_raw_read(((Port *) BIO_get_data(h)), buf, size);
++		res = secure_raw_read(((Port *) BIO_get_app_data(h)), buf, size);
+ 		BIO_clear_retry_flags(h);
+ 		if (res <= 0)
+ 		{
+@@ -857,7 +852,7 @@ my_sock_write(BIO *h, const char *buf, int size)
+ {
+ 	int			res = 0;
+ 
+-	res = secure_raw_write(((Port *) BIO_get_data(h)), buf, size);
++	res = secure_raw_write(((Port *) BIO_get_app_data(h)), buf, size);
+ 	BIO_clear_retry_flags(h);
+ 	if (res <= 0)
+ 	{
+@@ -933,7 +928,7 @@ my_SSL_set_fd(Port *port, int fd)
+ 		SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
+ 		goto err;
+ 	}
+-	BIO_set_data(bio, port);
++	BIO_set_app_data(bio, port);
+ 
+ 	BIO_set_fd(bio, fd, BIO_NOCLOSE);
+ 	SSL_set_bio(port->ssl, bio, bio);
+diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in
+index 40d513c128..51fa911fb6 100644
+--- a/src/include/pg_config.h.in
++++ b/src/include/pg_config.h.in
+@@ -86,9 +86,6 @@
+ /* Define to 1 if you have the `backtrace_symbols' function. */
+ #undef HAVE_BACKTRACE_SYMBOLS
+ 
+-/* Define to 1 if you have the `BIO_get_data' function. */
+-#undef HAVE_BIO_GET_DATA
+-
+ /* Define to 1 if you have the `BIO_meth_new' function. */
+ #undef HAVE_BIO_METH_NEW
+ 
+diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c
+index 7f27767da6..383fdbe80e 100644
+--- a/src/interfaces/libpq/fe-secure-openssl.c
++++ b/src/interfaces/libpq/fe-secure-openssl.c
+@@ -1661,11 +1661,7 @@ PQsslAttribute(PGconn *conn, const char *attribute_name)
+  * to retry; do we need to adopt their logic for that?
+  */
+ 
+-#ifndef HAVE_BIO_GET_DATA
+-#define BIO_get_data(bio) (bio->ptr)
+-#define BIO_set_data(bio, data) (bio->ptr = data)
+-#endif
+-
++/* protected by ssl_config_mutex */
+ static BIO_METHOD *my_bio_methods;
+ 
+ static int
+@@ -1673,7 +1669,7 @@ my_sock_read(BIO *h, char *buf, int size)
+ {
+ 	int			res;
+ 
+-	res = pqsecure_raw_read((PGconn *) BIO_get_data(h), buf, size);
++	res = pqsecure_raw_read((PGconn *) BIO_get_app_data(h), buf, size);
+ 	BIO_clear_retry_flags(h);
+ 	if (res < 0)
+ 	{
+@@ -1703,7 +1699,7 @@ my_sock_write(BIO *h, const char *buf, int size)
+ {
+ 	int			res;
+ 
+-	res = pqsecure_raw_write((PGconn *) BIO_get_data(h), buf, size);
++	res = pqsecure_raw_write((PGconn *) BIO_get_app_data(h), buf, size);
+ 	BIO_clear_retry_flags(h);
+ 	if (res < 0)
+ 	{
+@@ -1794,7 +1790,7 @@ my_SSL_set_fd(PGconn *conn, int fd)
+ 		SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
+ 		goto err;
+ 	}
+-	BIO_set_data(bio, conn);
++	BIO_set_app_data(bio, conn);
+ 
+ 	SSL_set_bio(conn->ssl, bio, bio);
+ 	BIO_set_fd(bio, fd, BIO_NOCLOSE);
+diff --git a/src/test/ssl/t/001_ssltests.pl b/src/test/ssl/t/001_ssltests.pl
+index 8cdd0d2e68..cc7bd98c83 100644
+--- a/src/test/ssl/t/001_ssltests.pl
++++ b/src/test/ssl/t/001_ssltests.pl
+@@ -538,7 +538,7 @@ $node->connect_fails(
+ $node->connect_fails(
+ 	"$common_connstr user=ssltestuser sslcert=ssl/client-revoked.crt sslkey=ssl/client-revoked_tmp.key",
+ 	"certificate authorization fails with revoked client cert",
+-	expected_stderr => qr/SSL error: sslv3 alert certificate revoked/,
++	expected_stderr => qr|SSL error: ssl[a-z0-9/]* alert certificate revoked|,
+ 	# revoked certificates should not authenticate the user
+ 	log_unlike => [qr/connection authenticated:/],);
+ 
+@@ -591,7 +591,7 @@ switch_server_cert($node, 'server-cn-only', undef, undef,
+ $node->connect_fails(
+ 	"$common_connstr user=ssltestuser sslcert=ssl/client-revoked.crt sslkey=ssl/client-revoked_tmp.key",
+ 	"certificate authorization fails with revoked client cert with server-side CRL directory",
+-	expected_stderr => qr/SSL error: sslv3 alert certificate revoked/);
++	expected_stderr => qr|SSL error: ssl[a-z0-9/]* alert certificate revoked|);
+ 
+ # clean up
+ foreach my $key (@keys)
+diff --git a/src/tools/msvc/Solution.pm b/src/tools/msvc/Solution.pm
+index 577b5afea7..53d60dbd25 100644
+--- a/src/tools/msvc/Solution.pm
++++ b/src/tools/msvc/Solution.pm
+@@ -229,7 +229,6 @@ sub GenerateFiles
+ 		HAVE_ATOMICS               => 1,
+ 		HAVE_ATOMIC_H              => undef,
+ 		HAVE_BACKTRACE_SYMBOLS     => undef,
+-		HAVE_BIO_GET_DATA          => undef,
+ 		HAVE_BIO_METH_NEW          => undef,
+ 		HAVE_CLOCK_GETTIME         => undef,
+ 		HAVE_COMPUTED_GOTO         => undef,
+@@ -562,7 +561,6 @@ sub GenerateFiles
+ 			|| ($digit1 >= '1' && $digit2 >= '1' && $digit3 >= '0'))
+ 		{
+ 			$define{HAVE_ASN1_STRING_GET0_DATA} = 1;
+-			$define{HAVE_BIO_GET_DATA}          = 1;
+ 			$define{HAVE_BIO_METH_NEW}          = 1;
+ 			$define{HAVE_HMAC_CTX_FREE}         = 1;
+ 			$define{HAVE_HMAC_CTX_NEW}          = 1;
diff --git a/dev-db/postgresql/files/postgresql-15-openssl3.2.patch b/dev-db/postgresql/files/postgresql-15-openssl3.2.patch
new file mode 100644
index 000000000000..6e0b954a9f0b
--- /dev/null
+++ b/dev-db/postgresql/files/postgresql-15-openssl3.2.patch
@@ -0,0 +1,194 @@
+commit a4927ebffae000198f6054eea26191ac2e50697f
+Author: Tom Lane <tgl@sss.pgh.pa.us>
+Date:   Tue Nov 28 12:34:03 2023 -0500
+
+    Use BIO_{get,set}_app_data instead of BIO_{get,set}_data.
+    
+    We should have done it this way all along, but we accidentally got
+    away with using the wrong BIO field up until OpenSSL 3.2.  There,
+    the library's BIO routines that we rely on use the "data" field
+    for their own purposes, and our conflicting use causes assorted
+    weird behaviors up to and including core dumps when SSL connections
+    are attempted.  Switch to using the approved field for the purpose,
+    i.e. app_data.
+    
+    While at it, remove our configure probes for BIO_get_data as well
+    as the fallback implementation.  BIO_{get,set}_app_data have been
+    there since long before any OpenSSL version that we still support,
+    even in the back branches.
+    
+    Also, update src/test/ssl/t/001_ssltests.pl to allow for a minor
+    change in an error message spelling that evidently came in with 3.2.
+    
+    Tristan Partin and Bo Andreson.  Back-patch to all supported branches.
+    
+    Discussion: https://postgr.es/m/CAN55FZ1eDDYsYaL7mv+oSLUij2h_u6hvD4Qmv-7PK7jkji0uyQ@mail.gmail.com
+
+diff --git a/configure b/configure
+index d83a402ea1..d55440cd6a 100755
+--- a/configure
++++ b/configure
+@@ -13239,7 +13239,7 @@ done
+   # defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it
+   # doesn't have these OpenSSL 1.1.0 functions. So check for individual
+   # functions.
+-  for ac_func in OPENSSL_init_ssl BIO_get_data BIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free
++  for ac_func in OPENSSL_init_ssl BIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free
+ do :
+   as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+diff --git a/configure.ac b/configure.ac
+index 570daced81..2bc752ca1a 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1347,7 +1347,7 @@ if test "$with_ssl" = openssl ; then
+   # defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it
+   # doesn't have these OpenSSL 1.1.0 functions. So check for individual
+   # functions.
+-  AC_CHECK_FUNCS([OPENSSL_init_ssl BIO_get_data BIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free])
++  AC_CHECK_FUNCS([OPENSSL_init_ssl BIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free])
+   # OpenSSL versions before 1.1.0 required setting callback functions, for
+   # thread-safety. In 1.1.0, it's no longer required, and CRYPTO_lock()
+   # function was removed.
+diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
+index f5c5ed210e..aed8a75345 100644
+--- a/src/backend/libpq/be-secure-openssl.c
++++ b/src/backend/libpq/be-secure-openssl.c
+@@ -839,11 +839,6 @@ be_tls_write(Port *port, void *ptr, size_t len, int *waitfor)
+  * to retry; do we need to adopt their logic for that?
+  */
+ 
+-#ifndef HAVE_BIO_GET_DATA
+-#define BIO_get_data(bio) (bio->ptr)
+-#define BIO_set_data(bio, data) (bio->ptr = data)
+-#endif
+-
+ static BIO_METHOD *my_bio_methods = NULL;
+ 
+ static int
+@@ -853,7 +848,7 @@ my_sock_read(BIO *h, char *buf, int size)
+ 
+ 	if (buf != NULL)
+ 	{
+-		res = secure_raw_read(((Port *) BIO_get_data(h)), buf, size);
++		res = secure_raw_read(((Port *) BIO_get_app_data(h)), buf, size);
+ 		BIO_clear_retry_flags(h);
+ 		if (res <= 0)
+ 		{
+@@ -873,7 +868,7 @@ my_sock_write(BIO *h, const char *buf, int size)
+ {
+ 	int			res = 0;
+ 
+-	res = secure_raw_write(((Port *) BIO_get_data(h)), buf, size);
++	res = secure_raw_write(((Port *) BIO_get_app_data(h)), buf, size);
+ 	BIO_clear_retry_flags(h);
+ 	if (res <= 0)
+ 	{
+@@ -949,7 +944,7 @@ my_SSL_set_fd(Port *port, int fd)
+ 		SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
+ 		goto err;
+ 	}
+-	BIO_set_data(bio, port);
++	BIO_set_app_data(bio, port);
+ 
+ 	BIO_set_fd(bio, fd, BIO_NOCLOSE);
+ 	SSL_set_bio(port->ssl, bio, bio);
+diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in
+index d09e9f9a1c..768e3d719c 100644
+--- a/src/include/pg_config.h.in
++++ b/src/include/pg_config.h.in
+@@ -77,9 +77,6 @@
+ /* Define to 1 if you have the `backtrace_symbols' function. */
+ #undef HAVE_BACKTRACE_SYMBOLS
+ 
+-/* Define to 1 if you have the `BIO_get_data' function. */
+-#undef HAVE_BIO_GET_DATA
+-
+ /* Define to 1 if you have the `BIO_meth_new' function. */
+ #undef HAVE_BIO_METH_NEW
+ 
+diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c
+index af59ff49f7..c19b0dc078 100644
+--- a/src/interfaces/libpq/fe-secure-openssl.c
++++ b/src/interfaces/libpq/fe-secure-openssl.c
+@@ -1800,11 +1800,7 @@ PQsslAttribute(PGconn *conn, const char *attribute_name)
+  * to retry; do we need to adopt their logic for that?
+  */
+ 
+-#ifndef HAVE_BIO_GET_DATA
+-#define BIO_get_data(bio) (bio->ptr)
+-#define BIO_set_data(bio, data) (bio->ptr = data)
+-#endif
+-
++/* protected by ssl_config_mutex */
+ static BIO_METHOD *my_bio_methods;
+ 
+ static int
+@@ -1812,7 +1808,7 @@ my_sock_read(BIO *h, char *buf, int size)
+ {
+ 	int			res;
+ 
+-	res = pqsecure_raw_read((PGconn *) BIO_get_data(h), buf, size);
++	res = pqsecure_raw_read((PGconn *) BIO_get_app_data(h), buf, size);
+ 	BIO_clear_retry_flags(h);
+ 	if (res < 0)
+ 	{
+@@ -1842,7 +1838,7 @@ my_sock_write(BIO *h, const char *buf, int size)
+ {
+ 	int			res;
+ 
+-	res = pqsecure_raw_write((PGconn *) BIO_get_data(h), buf, size);
++	res = pqsecure_raw_write((PGconn *) BIO_get_app_data(h), buf, size);
+ 	BIO_clear_retry_flags(h);
+ 	if (res < 0)
+ 	{
+@@ -1933,7 +1929,7 @@ my_SSL_set_fd(PGconn *conn, int fd)
+ 		SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
+ 		goto err;
+ 	}
+-	BIO_set_data(bio, conn);
++	BIO_set_app_data(bio, conn);
+ 
+ 	SSL_set_bio(conn->ssl, bio, bio);
+ 	BIO_set_fd(bio, fd, BIO_NOCLOSE);
+diff --git a/src/test/ssl/t/001_ssltests.pl b/src/test/ssl/t/001_ssltests.pl
+index 707f4005af..c570b48a1b 100644
+--- a/src/test/ssl/t/001_ssltests.pl
++++ b/src/test/ssl/t/001_ssltests.pl
+@@ -682,7 +682,7 @@ $node->connect_fails(
+ 	"$common_connstr user=ssltestuser sslcert=ssl/client-revoked.crt "
+ 	  . sslkey('client-revoked.key'),
+ 	"certificate authorization fails with revoked client cert",
+-	expected_stderr => qr/SSL error: sslv3 alert certificate revoked/,
++	expected_stderr => qr|SSL error: ssl[a-z0-9/]* alert certificate revoked|,
+ 	# revoked certificates should not authenticate the user
+ 	log_unlike => [qr/connection authenticated:/],);
+ 
+@@ -743,6 +743,6 @@ $node->connect_fails(
+ 	"$common_connstr user=ssltestuser sslcert=ssl/client-revoked.crt "
+ 	  . sslkey('client-revoked.key'),
+ 	"certificate authorization fails with revoked client cert with server-side CRL directory",
+-	expected_stderr => qr/SSL error: sslv3 alert certificate revoked/);
++	expected_stderr => qr|SSL error: ssl[a-z0-9/]* alert certificate revoked|);
+ 
+ done_testing();
+diff --git a/src/tools/msvc/Solution.pm b/src/tools/msvc/Solution.pm
+index 790f03b05e..a53239fa28 100644
+--- a/src/tools/msvc/Solution.pm
++++ b/src/tools/msvc/Solution.pm
+@@ -226,7 +226,6 @@ sub GenerateFiles
+ 		HAVE_ATOMICS               => 1,
+ 		HAVE_ATOMIC_H              => undef,
+ 		HAVE_BACKTRACE_SYMBOLS     => undef,
+-		HAVE_BIO_GET_DATA          => undef,
+ 		HAVE_BIO_METH_NEW          => undef,
+ 		HAVE_CLOCK_GETTIME         => undef,
+ 		HAVE_COMPUTED_GOTO         => undef,
+@@ -566,7 +565,6 @@ sub GenerateFiles
+ 			|| ($digit1 >= '1' && $digit2 >= '1' && $digit3 >= '0'))
+ 		{
+ 			$define{HAVE_ASN1_STRING_GET0_DATA} = 1;
+-			$define{HAVE_BIO_GET_DATA}          = 1;
+ 			$define{HAVE_BIO_METH_NEW}          = 1;
+ 			$define{HAVE_HMAC_CTX_FREE}         = 1;
+ 			$define{HAVE_HMAC_CTX_NEW}          = 1;
diff --git a/dev-db/postgresql/files/postgresql-16-openssl3.2.patch b/dev-db/postgresql/files/postgresql-16-openssl3.2.patch
new file mode 100644
index 000000000000..2740187d9f4e
--- /dev/null
+++ b/dev-db/postgresql/files/postgresql-16-openssl3.2.patch
@@ -0,0 +1,216 @@
+commit 9140a24b312176ebb4e6eb6458b33ce640c04440
+Author: Tom Lane <tgl@sss.pgh.pa.us>
+Date:   Tue Nov 28 12:34:03 2023 -0500
+
+    Use BIO_{get,set}_app_data instead of BIO_{get,set}_data.
+    
+    We should have done it this way all along, but we accidentally got
+    away with using the wrong BIO field up until OpenSSL 3.2.  There,
+    the library's BIO routines that we rely on use the "data" field
+    for their own purposes, and our conflicting use causes assorted
+    weird behaviors up to and including core dumps when SSL connections
+    are attempted.  Switch to using the approved field for the purpose,
+    i.e. app_data.
+    
+    While at it, remove our configure probes for BIO_get_data as well
+    as the fallback implementation.  BIO_{get,set}_app_data have been
+    there since long before any OpenSSL version that we still support,
+    even in the back branches.
+    
+    Also, update src/test/ssl/t/001_ssltests.pl to allow for a minor
+    change in an error message spelling that evidently came in with 3.2.
+    
+    Tristan Partin and Bo Andreson.  Back-patch to all supported branches.
+    
+    Discussion: https://postgr.es/m/CAN55FZ1eDDYsYaL7mv+oSLUij2h_u6hvD4Qmv-7PK7jkji0uyQ@mail.gmail.com
+
+diff --git a/configure b/configure
+index 82e45657b2..907c777b9c 100755
+--- a/configure
++++ b/configure
+@@ -12982,7 +12982,7 @@ done
+   # defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it
+   # doesn't have these OpenSSL 1.1.0 functions. So check for individual
+   # functions.
+-  for ac_func in OPENSSL_init_ssl BIO_get_data BIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free
++  for ac_func in OPENSSL_init_ssl BIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free
+ do :
+   as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+diff --git a/configure.ac b/configure.ac
+index fcea0bcab4..ab32bfdd08 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1385,7 +1385,7 @@ if test "$with_ssl" = openssl ; then
+   # defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it
+   # doesn't have these OpenSSL 1.1.0 functions. So check for individual
+   # functions.
+-  AC_CHECK_FUNCS([OPENSSL_init_ssl BIO_get_data BIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free])
++  AC_CHECK_FUNCS([OPENSSL_init_ssl BIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free])
+   # OpenSSL versions before 1.1.0 required setting callback functions, for
+   # thread-safety. In 1.1.0, it's no longer required, and CRYPTO_lock()
+   # function was removed.
+diff --git a/meson.build b/meson.build
+index 51b5285924..96fc2e139a 100644
+--- a/meson.build
++++ b/meson.build
+@@ -1278,7 +1278,6 @@ if sslopt in ['auto', 'openssl']
+       # doesn't have these OpenSSL 1.1.0 functions. So check for individual
+       # functions.
+       ['OPENSSL_init_ssl'],
+-      ['BIO_get_data'],
+       ['BIO_meth_new'],
+       ['ASN1_STRING_get0_data'],
+       ['HMAC_CTX_new'],
+diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
+index e9c86d08df..49dca0cda9 100644
+--- a/src/backend/libpq/be-secure-openssl.c
++++ b/src/backend/libpq/be-secure-openssl.c
+@@ -844,11 +844,6 @@ be_tls_write(Port *port, void *ptr, size_t len, int *waitfor)
+  * to retry; do we need to adopt their logic for that?
+  */
+ 
+-#ifndef HAVE_BIO_GET_DATA
+-#define BIO_get_data(bio) (bio->ptr)
+-#define BIO_set_data(bio, data) (bio->ptr = data)
+-#endif
+-
+ static BIO_METHOD *my_bio_methods = NULL;
+ 
+ static int
+@@ -858,7 +853,7 @@ my_sock_read(BIO *h, char *buf, int size)
+ 
+ 	if (buf != NULL)
+ 	{
+-		res = secure_raw_read(((Port *) BIO_get_data(h)), buf, size);
++		res = secure_raw_read(((Port *) BIO_get_app_data(h)), buf, size);
+ 		BIO_clear_retry_flags(h);
+ 		if (res <= 0)
+ 		{
+@@ -878,7 +873,7 @@ my_sock_write(BIO *h, const char *buf, int size)
+ {
+ 	int			res = 0;
+ 
+-	res = secure_raw_write(((Port *) BIO_get_data(h)), buf, size);
++	res = secure_raw_write(((Port *) BIO_get_app_data(h)), buf, size);
+ 	BIO_clear_retry_flags(h);
+ 	if (res <= 0)
+ 	{
+@@ -954,7 +949,7 @@ my_SSL_set_fd(Port *port, int fd)
+ 		SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
+ 		goto err;
+ 	}
+-	BIO_set_data(bio, port);
++	BIO_set_app_data(bio, port);
+ 
+ 	BIO_set_fd(bio, fd, BIO_NOCLOSE);
+ 	SSL_set_bio(port->ssl, bio, bio);
+diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in
+index 6d572c3820..174544630e 100644
+--- a/src/include/pg_config.h.in
++++ b/src/include/pg_config.h.in
+@@ -70,9 +70,6 @@
+ /* Define to 1 if you have the `backtrace_symbols' function. */
+ #undef HAVE_BACKTRACE_SYMBOLS
+ 
+-/* Define to 1 if you have the `BIO_get_data' function. */
+-#undef HAVE_BIO_GET_DATA
+-
+ /* Define to 1 if you have the `BIO_meth_new' function. */
+ #undef HAVE_BIO_METH_NEW
+ 
+diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c
+index 390c888c96..fb6404ade0 100644
+--- a/src/interfaces/libpq/fe-secure-openssl.c
++++ b/src/interfaces/libpq/fe-secure-openssl.c
+@@ -1830,11 +1830,7 @@ PQsslAttribute(PGconn *conn, const char *attribute_name)
+  * to retry; do we need to adopt their logic for that?
+  */
+ 
+-#ifndef HAVE_BIO_GET_DATA
+-#define BIO_get_data(bio) (bio->ptr)
+-#define BIO_set_data(bio, data) (bio->ptr = data)
+-#endif
+-
++/* protected by ssl_config_mutex */
+ static BIO_METHOD *my_bio_methods;
+ 
+ static int
+@@ -1842,7 +1838,7 @@ my_sock_read(BIO *h, char *buf, int size)
+ {
+ 	int			res;
+ 
+-	res = pqsecure_raw_read((PGconn *) BIO_get_data(h), buf, size);
++	res = pqsecure_raw_read((PGconn *) BIO_get_app_data(h), buf, size);
+ 	BIO_clear_retry_flags(h);
+ 	if (res < 0)
+ 	{
+@@ -1872,7 +1868,7 @@ my_sock_write(BIO *h, const char *buf, int size)
+ {
+ 	int			res;
+ 
+-	res = pqsecure_raw_write((PGconn *) BIO_get_data(h), buf, size);
++	res = pqsecure_raw_write((PGconn *) BIO_get_app_data(h), buf, size);
+ 	BIO_clear_retry_flags(h);
+ 	if (res < 0)
+ 	{
+@@ -1963,7 +1959,7 @@ my_SSL_set_fd(PGconn *conn, int fd)
+ 		SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
+ 		goto err;
+ 	}
+-	BIO_set_data(bio, conn);
++	BIO_set_app_data(bio, conn);
+ 
+ 	SSL_set_bio(conn->ssl, bio, bio);
+ 	BIO_set_fd(bio, fd, BIO_NOCLOSE);
+diff --git a/src/test/ssl/t/001_ssltests.pl b/src/test/ssl/t/001_ssltests.pl
+index 76442de063..9bb28fbc83 100644
+--- a/src/test/ssl/t/001_ssltests.pl
++++ b/src/test/ssl/t/001_ssltests.pl
+@@ -781,7 +781,7 @@ $node->connect_fails(
+ 	"$common_connstr user=ssltestuser sslcert=ssl/client-revoked.crt "
+ 	  . sslkey('client-revoked.key'),
+ 	"certificate authorization fails with revoked client cert",
+-	expected_stderr => qr/SSL error: sslv3 alert certificate revoked/,
++	expected_stderr => qr|SSL error: ssl[a-z0-9/]* alert certificate revoked|,
+ 	# temporarily(?) skip this check due to timing issue
+ 	#	log_like => [
+ 	#		qr{Client certificate verification failed at depth 0: certificate revoked},
+@@ -886,7 +886,7 @@ $node->connect_fails(
+ 	"$common_connstr user=ssltestuser sslcert=ssl/client-revoked.crt "
+ 	  . sslkey('client-revoked.key'),
+ 	"certificate authorization fails with revoked client cert with server-side CRL directory",
+-	expected_stderr => qr/SSL error: sslv3 alert certificate revoked/,
++	expected_stderr => qr|SSL error: ssl[a-z0-9/]* alert certificate revoked|,
+ 	# temporarily(?) skip this check due to timing issue
+ 	#	log_like => [
+ 	#		qr{Client certificate verification failed at depth 0: certificate revoked},
+@@ -899,7 +899,7 @@ $node->connect_fails(
+ 	"$common_connstr user=ssltestuser sslcert=ssl/client-revoked-utf8.crt "
+ 	  . sslkey('client-revoked-utf8.key'),
+ 	"certificate authorization fails with revoked UTF-8 client cert with server-side CRL directory",
+-	expected_stderr => qr/SSL error: sslv3 alert certificate revoked/,
++	expected_stderr => qr|SSL error: ssl[a-z0-9/]* alert certificate revoked|,
+ 	# temporarily(?) skip this check due to timing issue
+ 	#	log_like => [
+ 	#		qr{Client certificate verification failed at depth 0: certificate revoked},
+diff --git a/src/tools/msvc/Solution.pm b/src/tools/msvc/Solution.pm
+index b6d31c3583..711fae853f 100644
+--- a/src/tools/msvc/Solution.pm
++++ b/src/tools/msvc/Solution.pm
+@@ -225,7 +225,6 @@ sub GenerateFiles
+ 		HAVE_ATOMICS => 1,
+ 		HAVE_ATOMIC_H => undef,
+ 		HAVE_BACKTRACE_SYMBOLS => undef,
+-		HAVE_BIO_GET_DATA => undef,
+ 		HAVE_BIO_METH_NEW => undef,
+ 		HAVE_COMPUTED_GOTO => undef,
+ 		HAVE_COPYFILE => undef,
+@@ -503,7 +502,6 @@ sub GenerateFiles
+ 			|| ($digit1 >= '1' && $digit2 >= '1' && $digit3 >= '0'))
+ 		{
+ 			$define{HAVE_ASN1_STRING_GET0_DATA} = 1;
+-			$define{HAVE_BIO_GET_DATA} = 1;
+ 			$define{HAVE_BIO_METH_NEW} = 1;
+ 			$define{HAVE_HMAC_CTX_FREE} = 1;
+ 			$define{HAVE_HMAC_CTX_NEW} = 1;
diff --git a/dev-db/postgresql/postgresql-12.17-r1.ebuild b/dev-db/postgresql/postgresql-12.17-r1.ebuild
new file mode 100644
index 000000000000..98c061b70e09
--- /dev/null
+++ b/dev-db/postgresql/postgresql-12.17-r1.ebuild
@@ -0,0 +1,453 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10,11,12} )
+LLVM_MAX_SLOT=17
+
+inherit flag-o-matic linux-info llvm pam python-single-r1 systemd tmpfiles
+
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris"
+
+SLOT=$(ver_cut 1)
+
+MY_PV=${PV/_/}
+S="${WORKDIR}/${PN}-${MY_PV}"
+
+SRC_URI="https://ftp.postgresql.org/pub/source/v${MY_PV}/postgresql-${MY_PV}.tar.bz2"
+
+LICENSE="POSTGRESQL GPL-2"
+DESCRIPTION="PostgreSQL RDBMS"
+HOMEPAGE="https://www.postgresql.org/"
+
+IUSE="debug doc icu kerberos ldap llvm nls pam perl python +readline
+	  selinux +server systemd ssl static-libs tcl uuid xml zlib"
+
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+CDEPEND="
+>=app-eselect/eselect-postgresql-2.0
+acct-group/postgres
+acct-user/postgres
+sys-apps/less
+virtual/libintl
+icu? ( dev-libs/icu:= )
+kerberos? ( virtual/krb5 )
+ldap? ( net-nds/openldap:= )
+llvm? (
+	<sys-devel/llvm-18:=
+	<sys-devel/clang-18:=
+)
+pam? ( sys-libs/pam )
+perl? ( >=dev-lang/perl-5.8:= )
+python? ( ${PYTHON_DEPS} )
+readline? ( sys-libs/readline:0= )
+server? ( systemd? ( sys-apps/systemd ) )
+ssl? ( >=dev-libs/openssl-0.9.6-r1:0= )
+tcl? ( >=dev-lang/tcl-8:0= )
+xml? ( dev-libs/libxml2 dev-libs/libxslt )
+zlib? ( sys-libs/zlib )
+"
+
+# uuid flags -- depend on sys-apps/util-linux for Linux libcs, or if no
+# supported libc in use depend on dev-libs/ossp-uuid. For BSD systems,
+# the libc includes UUID functions.
+UTIL_LINUX_LIBC=( elibc_{glibc,musl} )
+
+nest_usedep() {
+	local front back
+	while [[ ${#} -gt 1 ]]; do
+		front+="${1}? ( "
+		back+=" )"
+		shift
+	done
+	echo "${front}${1}${back}"
+}
+
+CDEPEND+="
+uuid? (
+	${UTIL_LINUX_LIBC[@]/%/? ( sys-apps/util-linux )}
+	$(nest_usedep ${UTIL_LINUX_LIBC[@]/#/!} dev-libs/ossp-uuid)
+)"
+
+DEPEND="${CDEPEND}
+sys-devel/bison
+app-alternatives/lex
+nls? ( sys-devel/gettext )
+xml? ( virtual/pkgconfig )
+"
+
+RDEPEND="${CDEPEND}
+selinux? ( sec-policy/selinux-postgresql )
+"
+
+pkg_setup() {
+	use llvm && llvm_pkg_setup
+
+	use server && CONFIG_CHECK="~SYSVIPC" linux-info_pkg_setup
+
+	use python && python-single-r1_pkg_setup
+}
+
+src_prepare() {
+	# Set proper run directory
+	sed "s|\(PGSOCKET_DIR\s\+\)\"/tmp\"|\1\"${EPREFIX}/run/postgresql\"|" \
+		-i src/include/pg_config_manual.h || die
+
+	# Rely on $PATH being in the proper order so that the correct
+	# install program is used for modules utilizing PGXS in both
+	# hardened and non-hardened environments. (Bug #528786)
+	sed 's/@install_bin@/install -c/' -i src/Makefile.global.in || die
+
+	use server || eapply "${FILESDIR}/${PN}-12.1-no-server.patch"
+
+	if use pam ; then
+		sed "s/\(#define PGSQL_PAM_SERVICE \"postgresql\)/\1-${SLOT}/" \
+			-i src/backend/libpq/auth.c || \
+			die 'PGSQL_PAM_SERVICE rename failed.'
+	fi
+
+	eapply "${FILESDIR}"/postgresql-12-openssl3.2.patch
+
+	eapply_user
+}
+
+src_configure() {
+	case ${CHOST} in
+		*-darwin*|*-solaris*)
+			use nls && append-libs intl
+			;;
+	esac
+
+	export LDFLAGS_SL="${LDFLAGS}"
+	export LDFLAGS_EX="${LDFLAGS}"
+
+	local PO="${EPREFIX}"
+
+	local i uuid_config=""
+	if use uuid; then
+		for i in ${UTIL_LINUX_LIBC[@]}; do
+			use ${i} && uuid_config="--with-uuid=e2fs"
+		done
+		[[ -z $uuid_config ]] && uuid_config="--with-uuid=ossp"
+	fi
+
+	econf \
+		--prefix="${PO}/usr/$(get_libdir)/postgresql-${SLOT}" \
+		--datadir="${PO}/usr/share/postgresql-${SLOT}" \
+		--includedir="${PO}/usr/include/postgresql-${SLOT}" \
+		--mandir="${PO}/usr/share/postgresql-${SLOT}/man" \
+		--sysconfdir="${PO}/etc/postgresql-${SLOT}" \
+		--with-system-tzdata="${PO}/usr/share/zoneinfo" \
+		$(use_enable !alpha spinlocks) \
+		$(use_enable debug) \
+		$(use_with icu) \
+		$(use_with kerberos gssapi) \
+		$(use_with ldap) \
+		$(use_with llvm) \
+		$(use_with pam) \
+		$(use_with perl) \
+		$(use_with python) \
+		$(use_with readline) \
+		$(use_with ssl openssl) \
+		$(usex server "$(use_with systemd)" '--without-systemd') \
+		$(use_with tcl) \
+		${uuid_config} \
+		$(use_with xml libxml) \
+		$(use_with xml libxslt) \
+		$(use_with zlib) \
+		$(use_enable nls)
+}
+
+src_compile() {
+	emake
+	emake -C contrib
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+	emake DESTDIR="${D}" install -C contrib
+
+	dodoc README HISTORY
+
+	# man pages are already built, but if we have the target make them,
+	# they'll be generated from source before being installed so we
+	# manually install man pages.
+	# We use ${SLOT} instead of doman for postgresql.eselect
+	insinto /usr/share/postgresql-${SLOT}/man/
+	doins -r doc/src/sgml/man{1,3,7}
+	if ! use server; then
+		# Remove man pages for non-existent binaries
+		serverman=(
+			initdb
+			pg_{archivecleanup,controldata,ctl,resetwal,rewind,standby}
+			pg_{test_{fsync,timing},upgrade,waldump}
+			post{gres,master}
+		)
+		for m in ${serverman[@]} ; do
+			rm "${ED}/usr/share/postgresql-${SLOT}/man/man1/${m}.1"
+		done
+	fi
+	docompress /usr/share/postgresql-${SLOT}/man/man{1,3,7}
+
+	# Create slot specific man pages
+	local bn f mansec slotted_name
+	for mansec in 1 3 7 ; do
+		local rel_manpath="../../postgresql-${SLOT}/man/man${mansec}"
+
+		mkdir -p "${ED}"/usr/share/man/man${mansec} || die "making man dir"
+		pushd "${ED}"/usr/share/man/man${mansec} > /dev/null || die "pushd failed"
+
+		for f in "${ED}/usr/share/postgresql-${SLOT}/man/man${mansec}"/* ; do
+			bn=$(basename "${f}")
+			slotted_name=${bn%.${mansec}}${SLOT}.${mansec}
+			case ${bn} in
+				TABLE.7|WITH.7)
+					echo ".so ${rel_manpath}/SELECT.7" > ${slotted_name}
+					;;
+				*)
+					echo ".so ${rel_manpath}/${bn}" > ${slotted_name}
+					;;
+			esac
+		done
+
+		popd > /dev/null
+	done
+
+	insinto /etc/postgresql-${SLOT}
+	newins src/bin/psql/psqlrc.sample psqlrc
+
+	# Don't delete libpg{port,common}.a (Bug #571046). They're always
+	# needed by extensions utilizing PGXS.
+	use static-libs || \
+		find "${ED}" -name '*.a' ! -name libpgport.a ! -name libpgcommon.a \
+			 -delete
+
+	# Make slot specific links to programs
+	local f bn
+	for f in $(find "${ED}/usr/$(get_libdir)/postgresql-${SLOT}/bin" \
+					-mindepth 1 -maxdepth 1)
+	do
+		bn=$(basename "${f}")
+		dosym "../$(get_libdir)/postgresql-${SLOT}/bin/${bn}" \
+			  "/usr/bin/${bn}${SLOT/.}"
+	done
+
+	if use doc ; then
+		docinto html
+		dodoc doc/src/sgml/html/*
+	fi
+
+	if use server; then
+		sed -e "s|@SLOT@|${SLOT}|g" -e "s|@LIBDIR@|$(get_libdir)|g" \
+			"${FILESDIR}/${PN}.confd-9.3" | newconfd - ${PN}-${SLOT}
+
+		sed -e "s|@SLOT@|${SLOT}|g" -e "s|@LIBDIR@|$(get_libdir)|g" \
+			"${FILESDIR}/${PN}.init-9.3-r1" | newinitd - ${PN}-${SLOT}
+
+		if use systemd; then
+			sed -e "s|@SLOT@|${SLOT}|g" -e "s|@LIBDIR@|$(get_libdir)|g" \
+				"${FILESDIR}/${PN}.service-9.6-r1" | \
+				systemd_newunit - ${PN}-${SLOT}.service
+			newbin "${FILESDIR}"/${PN}-check-db-dir ${PN}-${SLOT}-check-db-dir
+			newtmpfiles "${FILESDIR}"/${PN}.tmpfiles ${PN}-${SLOT}.conf
+		fi
+
+		use pam && pamd_mimic system-auth ${PN}-${SLOT} auth account session
+
+		if use prefix ; then
+			keepdir /run/postgresql
+			fperms 1775 /run/postgresql
+		fi
+	fi
+}
+
+pkg_postinst() {
+	use server && use systemd && tmpfiles_process ${PN}-${SLOT}.conf
+	postgresql-config update
+
+	elog "If you need a global psqlrc-file, you can place it in:"
+	elog "    ${EROOT}/etc/postgresql-${SLOT}/"
+
+	if use server ; then
+		elog
+		elog "Gentoo specific documentation:"
+		elog "https://wiki.gentoo.org/wiki/PostgreSQL"
+		elog
+		elog "Official documentation:"
+		elog "https://www.postgresql.org/docs/${SLOT}/static/index.html"
+		elog
+		elog "The default location of the Unix-domain socket is:"
+		elog "    ${EROOT}/run/postgresql/"
+		elog
+		elog "Before initializing the database, you may want to edit PG_INITDB_OPTS"
+		elog "so that it contains your preferred locale in:"
+		elog "    ${EROOT}/etc/conf.d/postgresql-${SLOT}"
+		elog
+		elog "Then, execute the following command to setup the initial database"
+		elog "environment:"
+		elog "    emerge --config =${CATEGORY}/${PF}"
+
+		if [[ -n ${REPLACING_VERSIONS} ]] ; then
+			ewarn "If your system is using 'pg_stat_statements' and you are running a"
+			ewarn "version of PostgreSQL ${SLOT}, we advise that you execute"
+			ewarn "the following command after upgrading:"
+			ewarn
+			ewarn "ALTER EXTENSION pg_stat_statements UPDATE;"
+		fi
+	fi
+}
+
+pkg_prerm() {
+	if use server && [[ -z ${REPLACED_BY_VERSION} ]] ; then
+		ewarn "Have you dumped and/or migrated the ${SLOT} database cluster?"
+		ewarn "\thttps://wiki.gentoo.org/wiki/PostgreSQL/QuickStart#Migrating_PostgreSQL"
+
+		ebegin "Resuming removal in 10 seconds (Control-C to cancel)"
+		sleep 10
+		eend 0
+	fi
+}
+
+pkg_postrm() {
+	postgresql-config update
+}
+
+pkg_config() {
+	use server || die "USE flag 'server' not enabled. Nothing to configure."
+
+	[[ -f "${EROOT}/etc/conf.d/postgresql-${SLOT}" ]] \
+		&& source "${EROOT}/etc/conf.d/postgresql-${SLOT}"
+	[[ -z "${PGDATA}" ]] && PGDATA="${EROOT}/etc/postgresql-${SLOT}/"
+	[[ -z "${DATA_DIR}" ]] \
+		&& DATA_DIR="${EROOT}/var/lib/postgresql/${SLOT}/data"
+
+	# environment.bz2 may not contain the same locale as the current system
+	# locale. Unset and source from the current system locale.
+	if [ -f "${EROOT}/etc/env.d/02locale" ]; then
+		unset LANG
+		unset LC_CTYPE
+		unset LC_NUMERIC
+		unset LC_TIME
+		unset LC_COLLATE
+		unset LC_MONETARY
+		unset LC_MESSAGES
+		unset LC_ALL
+		source "${EROOT}/etc/env.d/02locale"
+		[ -n "${LANG}" ] && export LANG
+		[ -n "${LC_CTYPE}" ] && export LC_CTYPE
+		[ -n "${LC_NUMERIC}" ] && export LC_NUMERIC
+		[ -n "${LC_TIME}" ] && export LC_TIME
+		[ -n "${LC_COLLATE}" ] && export LC_COLLATE
+		[ -n "${LC_MONETARY}" ] && export LC_MONETARY
+		[ -n "${LC_MESSAGES}" ] && export LC_MESSAGES
+		[ -n "${LC_ALL}" ] && export LC_ALL
+	fi
+
+	einfo "You can modify the paths and options passed to initdb by editing:"
+	einfo "    ${EROOT}/etc/conf.d/postgresql-${SLOT}"
+	einfo
+	einfo "Information on options that can be passed to initdb are found at:"
+	einfo "    https://www.postgresql.org/docs/${SLOT}/static/creating-cluster.html"
+	einfo "    https://www.postgresql.org/docs/${SLOT}/static/app-initdb.html"
+	einfo
+	einfo "PG_INITDB_OPTS is currently set to:"
+	if [[ -z "${PG_INITDB_OPTS}" ]] ; then
+		einfo "    (none)"
+	else
+		einfo "    ${PG_INITDB_OPTS}"
+	fi
+	einfo
+	einfo "Configuration files will be installed to:"
+	einfo "    ${PGDATA}"
+	einfo
+	einfo "The database cluster will be created in:"
+	einfo "    ${DATA_DIR}"
+	einfo
+
+	ebegin "Continuing initialization in 5 seconds (Control-C to cancel)"
+	sleep 5
+	eend 0
+
+	if [ -n "$(ls -A ${DATA_DIR} 2> /dev/null)" ] ; then
+		eerror "The given directory, '${DATA_DIR}', is not empty."
+		eerror "Modify DATA_DIR to point to an empty directory."
+		die "${DATA_DIR} is not empty."
+	fi
+
+	einfo "Creating the data directory ..."
+	if [[ ${EUID} == 0 ]] ; then
+		mkdir -p "$(dirname ${DATA_DIR%/})" || die "Couldn't parent dirs"
+		mkdir -m 0700 "${DATA_DIR%/}" || die "Couldn't make DATA_DIR"
+		chown -h postgres:postgres "${DATA_DIR%/}" || die "Couldn't chown"
+	fi
+
+	einfo "Initializing the database ..."
+
+	if [[ ${EUID} == 0 ]] ; then
+		su - postgres -c "${EROOT}/usr/$(get_libdir)/postgresql-${SLOT}/bin/initdb -D \"${DATA_DIR}\" ${PG_INITDB_OPTS}"
+	else
+		"${EROOT}"/usr/$(get_libdir)/postgresql-${SLOT}/bin/initdb -U postgres -D "${DATA_DIR}" ${PG_INITDB_OPTS}
+	fi
+
+	if [[ "${DATA_DIR%/}" != "${PGDATA%/}" ]] ; then
+		mv "${DATA_DIR%/}"/{pg_{hba,ident},postgresql}.conf "${PGDATA}"
+		ln -s "${PGDATA%/}"/{pg_{hba,ident},postgresql}.conf "${DATA_DIR%/}"
+	fi
+
+	# unix_socket_directory has no effect in postgresql.conf as it's
+	# overridden in the initscript
+	sed '/^#unix_socket_directories/,+1d' -i "${PGDATA%/}"/postgresql.conf
+
+	cat <<- EOF >> "${PGDATA%/}"/postgresql.conf
+		# This is here because of https://bugs.gentoo.org/show_bug.cgi?id=518522
+		# On the off-chance that you might need to work with UTF-8 encoded
+		# characters in PL/Perl
+		plperl.on_init = 'use utf8; use re; package utf8; require "utf8_heavy.pl";'
+	EOF
+
+	einfo "The autovacuum function, which was in contrib, has been moved to the main"
+	einfo "PostgreSQL functions starting with 8.1, and starting with 8.4 is now enabled"
+	einfo "by default. You can disable it in the cluster's:"
+	einfo "    ${PGDATA%/}/postgresql.conf"
+	einfo
+	if ! use systemd; then
+		einfo "The PostgreSQL server, by default, will log events to:"
+		einfo "    ${DATA_DIR%/}/postmaster.log"
+		einfo
+	fi
+	if use prefix ; then
+		einfo "The location of the configuration files have moved to:"
+		einfo "    ${PGDATA}"
+		einfo "To start the server:"
+		einfo "    pg_ctl start -D ${DATA_DIR} -o '-D ${PGDATA} --data-directory=${DATA_DIR}'"
+		einfo "To stop:"
+		einfo "    pg_ctl stop -D ${DATA_DIR}"
+		einfo
+		einfo "Or move the configuration files back:"
+		einfo "mv ${PGDATA}*.conf ${DATA_DIR}"
+	elif use systemd; then
+		einfo "You should use the 'postgresql-${SLOT}.service' unit to run PostgreSQL"
+		einfo "instead of 'pg_ctl'."
+	else
+		einfo "You should use the '${EROOT}/etc/init.d/postgresql-${SLOT}' script to run PostgreSQL"
+		einfo "instead of 'pg_ctl'."
+	fi
+}
+
+src_test() {
+	if use server && [[ ${UID} -ne 0 ]] ; then
+		emake check
+
+		einfo "If you think other tests besides the regression tests are necessary, please"
+		einfo "submit a bug including a patch for this ebuild to enable them."
+	else
+		use server || \
+			ewarn 'Tests cannot be run without the "server" use flag enabled.'
+		[[ ${UID} -eq 0 ]] || \
+			ewarn 'Tests cannot be run as root. Enable "userpriv" in FEATURES.'
+
+		ewarn 'Skipping.'
+	fi
+}
diff --git a/dev-db/postgresql/postgresql-12.17.ebuild b/dev-db/postgresql/postgresql-12.17.ebuild
index 8365c8725242..51c7e054b6b5 100644
--- a/dev-db/postgresql/postgresql-12.17.ebuild
+++ b/dev-db/postgresql/postgresql-12.17.ebuild
@@ -44,7 +44,8 @@ perl? ( >=dev-lang/perl-5.8:= )
 python? ( ${PYTHON_DEPS} )
 readline? ( sys-libs/readline:0= )
 server? ( systemd? ( sys-apps/systemd ) )
-ssl? ( >=dev-libs/openssl-0.9.6-r1:0= )
+ssl? ( >=dev-libs/openssl-0.9.6-r1:0=
+	<dev-libs/openssl-3.2 )
 tcl? ( >=dev-lang/tcl-8:0= )
 xml? ( dev-libs/libxml2 dev-libs/libxslt )
 zlib? ( sys-libs/zlib )
diff --git a/dev-db/postgresql/postgresql-13.13-r1.ebuild b/dev-db/postgresql/postgresql-13.13-r1.ebuild
new file mode 100644
index 000000000000..603471f9df11
--- /dev/null
+++ b/dev-db/postgresql/postgresql-13.13-r1.ebuild
@@ -0,0 +1,465 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10,11,12} )
+LLVM_MAX_SLOT=17
+
+inherit flag-o-matic linux-info llvm pam python-single-r1 systemd tmpfiles
+
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris"
+
+SLOT=$(ver_cut 1)
+
+MY_PV=${PV/_/}
+S="${WORKDIR}/${PN}-${MY_PV}"
+
+SRC_URI="https://ftp.postgresql.org/pub/source/v${MY_PV}/postgresql-${MY_PV}.tar.bz2"
+
+LICENSE="POSTGRESQL GPL-2"
+DESCRIPTION="PostgreSQL RDBMS"
+HOMEPAGE="https://www.postgresql.org/"
+
+IUSE="debug doc icu kerberos ldap llvm nls pam perl python +readline
+	  selinux +server systemd ssl static-libs tcl uuid xml zlib"
+
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+CDEPEND="
+>=app-eselect/eselect-postgresql-2.0
+acct-group/postgres
+acct-user/postgres
+sys-apps/less
+virtual/libintl
+icu? ( dev-libs/icu:= )
+kerberos? ( virtual/krb5 )
+ldap? ( net-nds/openldap:= )
+llvm? (
+	<sys-devel/llvm-18:=
+	<sys-devel/clang-18:=
+)
+pam? ( sys-libs/pam )
+perl? ( >=dev-lang/perl-5.8:= )
+python? ( ${PYTHON_DEPS} )
+readline? ( sys-libs/readline:0= )
+server? ( systemd? ( sys-apps/systemd ) )
+ssl? ( >=dev-libs/openssl-0.9.6-r1:0= )
+tcl? ( >=dev-lang/tcl-8:0= )
+xml? ( dev-libs/libxml2 dev-libs/libxslt )
+zlib? ( sys-libs/zlib )
+"
+
+# uuid flags -- depend on sys-apps/util-linux for Linux libcs, or if no
+# supported libc in use depend on dev-libs/ossp-uuid. For BSD systems,
+# the libc includes UUID functions.
+UTIL_LINUX_LIBC=( elibc_{glibc,musl} )
+
+nest_usedep() {
+	local front back
+	while [[ ${#} -gt 1 ]]; do
+		front+="${1}? ( "
+		back+=" )"
+		shift
+	done
+	echo "${front}${1}${back}"
+}
+
+CDEPEND+="
+uuid? (
+	${UTIL_LINUX_LIBC[@]/%/? ( sys-apps/util-linux )}
+	$(nest_usedep ${UTIL_LINUX_LIBC[@]/#/!} dev-libs/ossp-uuid)
+)"
+
+DEPEND="${CDEPEND}
+sys-devel/bison
+app-alternatives/lex
+nls? ( sys-devel/gettext )
+xml? ( virtual/pkgconfig )
+"
+
+RDEPEND="${CDEPEND}
+selinux? ( sec-policy/selinux-postgresql )
+"
+
+pkg_setup() {
+	use llvm && llvm_pkg_setup
+
+	use server && CONFIG_CHECK="~SYSVIPC" linux-info_pkg_setup
+
+	use python && python-single-r1_pkg_setup
+}
+
+src_prepare() {
+	eapply "${FILESDIR}"/${PN}-13.3-riscv-spinlocks.patch
+
+	# Set proper run directory
+	sed "s|\(PGSOCKET_DIR\s\+\)\"/tmp\"|\1\"${EPREFIX}/run/postgresql\"|" \
+		-i src/include/pg_config_manual.h || die
+
+	# Rely on $PATH being in the proper order so that the correct
+	# install program is used for modules utilizing PGXS in both
+	# hardened and non-hardened environments. (Bug #528786)
+	sed 's/@install_bin@/install -c/' -i src/Makefile.global.in || die
+
+	use server || eapply "${FILESDIR}/${PN}-13.8-no-server.patch"
+
+	if use pam ; then
+		sed "s/\(#define PGSQL_PAM_SERVICE \"postgresql\)/\1-${SLOT}/" \
+			-i src/backend/libpq/auth.c || \
+			die 'PGSQL_PAM_SERVICE rename failed.'
+	fi
+
+	eapply "${FILESDIR}"/postgresql-13-openssl3.2.patch
+
+	eapply_user
+}
+
+src_configure() {
+	case ${CHOST} in
+		*-darwin*|*-solaris*)
+			use nls && append-libs intl
+			;;
+	esac
+
+	export LDFLAGS_SL="${LDFLAGS}"
+	export LDFLAGS_EX="${LDFLAGS}"
+
+	local PO="${EPREFIX}"
+
+	local i uuid_config=""
+	if use uuid; then
+		for i in ${UTIL_LINUX_LIBC[@]}; do
+			use ${i} && uuid_config="--with-uuid=e2fs"
+		done
+		[[ -z $uuid_config ]] && uuid_config="--with-uuid=ossp"
+	fi
+
+	local myconf="\
+		--prefix="${PO}/usr/$(get_libdir)/postgresql-${SLOT}" \
+		--datadir="${PO}/usr/share/postgresql-${SLOT}" \
+		--includedir="${PO}/usr/include/postgresql-${SLOT}" \
+		--mandir="${PO}/usr/share/postgresql-${SLOT}/man" \
+		--sysconfdir="${PO}/etc/postgresql-${SLOT}" \
+		--with-system-tzdata="${PO}/usr/share/zoneinfo" \
+		$(use_enable debug) \
+		$(use_with icu) \
+		$(use_with kerberos gssapi) \
+		$(use_with ldap) \
+		$(use_with llvm) \
+		$(use_with pam) \
+		$(use_with perl) \
+		$(use_with python) \
+		$(use_with readline) \
+		$(use_with ssl openssl) \
+		$(usex server "$(use_with systemd)" '--without-systemd') \
+		$(use_with tcl) \
+		${uuid_config} \
+		$(use_with xml libxml) \
+		$(use_with xml libxslt) \
+		$(use_with zlib) \
+		$(use_enable nls)"
+	if use alpha; then
+		myconf+=" --disable-spinlocks"
+	else
+		# Should be the default but just in case
+		myconf+=" --enable-spinlocks"
+	fi
+	econf ${myconf}
+}
+
+src_compile() {
+	emake
+	emake -C contrib
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+	emake DESTDIR="${D}" install -C contrib
+
+	dodoc README HISTORY
+
+	# man pages are already built, but if we have the target make them,
+	# they'll be generated from source before being installed so we
+	# manually install man pages.
+	# We use ${SLOT} instead of doman for postgresql.eselect
+	insinto /usr/share/postgresql-${SLOT}/man/
+	doins -r doc/src/sgml/man{1,3,7}
+	if ! use server; then
+		# Remove man pages for non-existent binaries
+		serverman=(
+			initdb
+			pg_{archivecleanup,controldata,ctl,resetwal,rewind,standby}
+			pg_{test_{fsync,timing},upgrade,waldump}
+			post{gres,master}
+		)
+		for m in ${serverman[@]} ; do
+			rm "${ED}/usr/share/postgresql-${SLOT}/man/man1/${m}.1"
+		done
+	fi
+	docompress /usr/share/postgresql-${SLOT}/man/man{1,3,7}
+
+	# Create slot specific man pages
+	local bn f mansec slotted_name
+	for mansec in 1 3 7 ; do
+		local rel_manpath="../../postgresql-${SLOT}/man/man${mansec}"
+
+		mkdir -p "${ED}"/usr/share/man/man${mansec} || die "making man dir"
+		pushd "${ED}"/usr/share/man/man${mansec} > /dev/null || die "pushd failed"
+
+		for f in "${ED}/usr/share/postgresql-${SLOT}/man/man${mansec}"/* ; do
+			bn=$(basename "${f}")
+			slotted_name=${bn%.${mansec}}${SLOT}.${mansec}
+			case ${bn} in
+				TABLE.7|WITH.7)
+					echo ".so ${rel_manpath}/SELECT.7" > ${slotted_name}
+					;;
+				*)
+					echo ".so ${rel_manpath}/${bn}" > ${slotted_name}
+					;;
+			esac
+		done
+
+		popd > /dev/null
+	done
+
+	insinto /etc/postgresql-${SLOT}
+	newins src/bin/psql/psqlrc.sample psqlrc
+
+	# Don't delete libpg{port,common}.a (Bug #571046). They're always
+	# needed by extensions utilizing PGXS.
+	use static-libs || \
+		find "${ED}" -name '*.a' ! -name libpgport.a ! -name libpgcommon.a \
+			 -delete
+
+	# Make slot specific links to programs
+	local f bn
+	for f in $(find "${ED}/usr/$(get_libdir)/postgresql-${SLOT}/bin" \
+					-mindepth 1 -maxdepth 1)
+	do
+		bn=$(basename "${f}")
+		dosym "../$(get_libdir)/postgresql-${SLOT}/bin/${bn}" \
+			  "/usr/bin/${bn}${SLOT/.}"
+	done
+
+	if use doc ; then
+		docinto html
+		dodoc doc/src/sgml/html/*
+	fi
+
+	if use server; then
+		sed -e "s|@SLOT@|${SLOT}|g" -e "s|@LIBDIR@|$(get_libdir)|g" \
+			"${FILESDIR}/${PN}.confd-9.3" | newconfd - ${PN}-${SLOT}
+
+		sed -e "s|@SLOT@|${SLOT}|g" -e "s|@LIBDIR@|$(get_libdir)|g" \
+			"${FILESDIR}/${PN}.init-9.3-r1" | newinitd - ${PN}-${SLOT}
+
+		if use systemd; then
+			sed -e "s|@SLOT@|${SLOT}|g" -e "s|@LIBDIR@|$(get_libdir)|g" \
+				"${FILESDIR}/${PN}.service-9.6-r1" | \
+				systemd_newunit - ${PN}-${SLOT}.service
+			newbin "${FILESDIR}"/${PN}-check-db-dir ${PN}-${SLOT}-check-db-dir
+			newtmpfiles "${FILESDIR}"/${PN}.tmpfiles ${PN}-${SLOT}.conf
+		fi
+
+		use pam && pamd_mimic system-auth ${PN}-${SLOT} auth account session
+
+		if use prefix ; then
+			keepdir /run/postgresql
+			fperms 1775 /run/postgresql
+		fi
+	fi
+}
+
+pkg_postinst() {
+	use server && use systemd && tmpfiles_process ${PN}-${SLOT}.conf
+	postgresql-config update
+
+	elog "If you need a global psqlrc-file, you can place it in:"
+	elog "    ${EROOT}/etc/postgresql-${SLOT}/"
+
+	if use server ; then
+		elog
+		elog "Gentoo specific documentation:"
+		elog "https://wiki.gentoo.org/wiki/PostgreSQL"
+		elog
+		elog "Official documentation:"
+		elog "https://www.postgresql.org/docs/${SLOT}/static/index.html"
+		elog
+		elog "The default location of the Unix-domain socket is:"
+		elog "    ${EROOT}/run/postgresql/"
+		elog
+		elog "Before initializing the database, you may want to edit PG_INITDB_OPTS"
+		elog "so that it contains your preferred locale in:"
+		elog "    ${EROOT}/etc/conf.d/postgresql-${SLOT}"
+		elog
+		elog "Then, execute the following command to setup the initial database"
+		elog "environment:"
+		elog "    emerge --config =${CATEGORY}/${PF}"
+
+		if [[ -n ${REPLACING_VERSIONS} ]] ; then
+			ewarn "If your system is using 'pg_stat_statements' and you are running a"
+			ewarn "version of PostgreSQL ${SLOT}, we advise that you execute"
+			ewarn "the following command after upgrading:"
+			ewarn
+			ewarn "ALTER EXTENSION pg_stat_statements UPDATE;"
+		fi
+	fi
+}
+
+pkg_prerm() {
+	if use server && [[ -z ${REPLACED_BY_VERSION} ]] ; then
+		ewarn "Have you dumped and/or migrated the ${SLOT} database cluster?"
+		ewarn "\thttps://wiki.gentoo.org/wiki/PostgreSQL/QuickStart#Migrating_PostgreSQL"
+
+		ebegin "Resuming removal in 10 seconds (Control-C to cancel)"
+		sleep 10
+		eend 0
+	fi
+}
+
+pkg_postrm() {
+	postgresql-config update
+}
+
+pkg_config() {
+	use server || die "USE flag 'server' not enabled. Nothing to configure."
+
+	[[ -f "${EROOT}/etc/conf.d/postgresql-${SLOT}" ]] \
+		&& source "${EROOT}/etc/conf.d/postgresql-${SLOT}"
+	[[ -z "${PGDATA}" ]] && PGDATA="${EROOT}/etc/postgresql-${SLOT}/"
+	[[ -z "${DATA_DIR}" ]] \
+		&& DATA_DIR="${EROOT}/var/lib/postgresql/${SLOT}/data"
+
+	# environment.bz2 may not contain the same locale as the current system
+	# locale. Unset and source from the current system locale.
+	if [ -f "${EROOT}/etc/env.d/02locale" ]; then
+		unset LANG
+		unset LC_CTYPE
+		unset LC_NUMERIC
+		unset LC_TIME
+		unset LC_COLLATE
+		unset LC_MONETARY
+		unset LC_MESSAGES
+		unset LC_ALL
+		source "${EROOT}/etc/env.d/02locale"
+		[ -n "${LANG}" ] && export LANG
+		[ -n "${LC_CTYPE}" ] && export LC_CTYPE
+		[ -n "${LC_NUMERIC}" ] && export LC_NUMERIC
+		[ -n "${LC_TIME}" ] && export LC_TIME
+		[ -n "${LC_COLLATE}" ] && export LC_COLLATE
+		[ -n "${LC_MONETARY}" ] && export LC_MONETARY
+		[ -n "${LC_MESSAGES}" ] && export LC_MESSAGES
+		[ -n "${LC_ALL}" ] && export LC_ALL
+	fi
+
+	einfo "You can modify the paths and options passed to initdb by editing:"
+	einfo "    ${EROOT}/etc/conf.d/postgresql-${SLOT}"
+	einfo
+	einfo "Information on options that can be passed to initdb are found at:"
+	einfo "    https://www.postgresql.org/docs/${SLOT}/static/creating-cluster.html"
+	einfo "    https://www.postgresql.org/docs/${SLOT}/static/app-initdb.html"
+	einfo
+	einfo "PG_INITDB_OPTS is currently set to:"
+	if [[ -z "${PG_INITDB_OPTS}" ]] ; then
+		einfo "    (none)"
+	else
+		einfo "    ${PG_INITDB_OPTS}"
+	fi
+	einfo
+	einfo "Configuration files will be installed to:"
+	einfo "    ${PGDATA}"
+	einfo
+	einfo "The database cluster will be created in:"
+	einfo "    ${DATA_DIR}"
+	einfo
+
+	ebegin "Continuing initialization in 5 seconds (Control-C to cancel)"
+	sleep 5
+	eend 0
+
+	if [ -n "$(ls -A ${DATA_DIR} 2> /dev/null)" ] ; then
+		eerror "The given directory, '${DATA_DIR}', is not empty."
+		eerror "Modify DATA_DIR to point to an empty directory."
+		die "${DATA_DIR} is not empty."
+	fi
+
+	einfo "Creating the data directory ..."
+	if [[ ${EUID} == 0 ]] ; then
+		mkdir -p "$(dirname ${DATA_DIR%/})" || die "Couldn't parent dirs"
+		mkdir -m 0700 "${DATA_DIR%/}" || die "Couldn't make DATA_DIR"
+		chown -h postgres:postgres "${DATA_DIR%/}" || die "Couldn't chown"
+	fi
+
+	einfo "Initializing the database ..."
+
+	if [[ ${EUID} == 0 ]] ; then
+		su - postgres -c "${EROOT}/usr/$(get_libdir)/postgresql-${SLOT}/bin/initdb -D \"${DATA_DIR}\" ${PG_INITDB_OPTS}"
+	else
+		"${EROOT}"/usr/$(get_libdir)/postgresql-${SLOT}/bin/initdb -U postgres -D "${DATA_DIR}" ${PG_INITDB_OPTS}
+	fi
+
+	if [[ "${DATA_DIR%/}" != "${PGDATA%/}" ]] ; then
+		mv "${DATA_DIR%/}"/{pg_{hba,ident},postgresql}.conf "${PGDATA}"
+		ln -s "${PGDATA%/}"/{pg_{hba,ident},postgresql}.conf "${DATA_DIR%/}"
+	fi
+
+	# unix_socket_directory has no effect in postgresql.conf as it's
+	# overridden in the initscript
+	sed '/^#unix_socket_directories/,+1d' -i "${PGDATA%/}"/postgresql.conf
+
+	cat <<- EOF >> "${PGDATA%/}"/postgresql.conf
+		# This is here because of https://bugs.gentoo.org/show_bug.cgi?id=518522
+		# On the off-chance that you might need to work with UTF-8 encoded
+		# characters in PL/Perl
+		plperl.on_init = 'use utf8; use re; package utf8; require "utf8_heavy.pl";'
+	EOF
+
+	einfo "The autovacuum function, which was in contrib, has been moved to the main"
+	einfo "PostgreSQL functions starting with 8.1, and starting with 8.4 is now enabled"
+	einfo "by default. You can disable it in the cluster's:"
+	einfo "    ${PGDATA%/}/postgresql.conf"
+	einfo
+	if ! use systemd; then
+		einfo "The PostgreSQL server, by default, will log events to:"
+		einfo "    ${DATA_DIR%/}/postmaster.log"
+		einfo
+	fi
+	if use prefix ; then
+		einfo "The location of the configuration files have moved to:"
+		einfo "    ${PGDATA}"
+		einfo "To start the server:"
+		einfo "    pg_ctl start -D ${DATA_DIR} -o '-D ${PGDATA} --data-directory=${DATA_DIR}'"
+		einfo "To stop:"
+		einfo "    pg_ctl stop -D ${DATA_DIR}"
+		einfo
+		einfo "Or move the configuration files back:"
+		einfo "mv ${PGDATA}*.conf ${DATA_DIR}"
+	elif use systemd; then
+		einfo "You should use the 'postgresql-${SLOT}.service' unit to run PostgreSQL"
+		einfo "instead of 'pg_ctl'."
+	else
+		einfo "You should use the '${EROOT}/etc/init.d/postgresql-${SLOT}' script to run PostgreSQL"
+		einfo "instead of 'pg_ctl'."
+	fi
+}
+
+src_test() {
+	if use server && [[ ${UID} -ne 0 ]] ; then
+		# Some ICU tests fail if LC_CTYPE and LC_COLLATE aren't the same. We set
+		# LC_CTYPE to be equal to LC_COLLATE since LC_COLLATE is set by Portage.
+		local old_ctype=${LC_CTYPE}
+		export LC_CTYPE=${LC_COLLATE}
+		emake check
+		export LC_CTYPE=${old_ctype}
+		einfo "If you think other tests besides the regression tests are necessary, please"
+		einfo "submit a bug including a patch for this ebuild to enable them."
+	else
+		use server || \
+			ewarn 'Tests cannot be run without the "server" use flag enabled.'
+		[[ ${UID} -eq 0 ]] || \
+			ewarn 'Tests cannot be run as root. Enable "userpriv" in FEATURES.'
+
+		ewarn 'Skipping.'
+	fi
+}
diff --git a/dev-db/postgresql/postgresql-13.13.ebuild b/dev-db/postgresql/postgresql-13.13.ebuild
index 60d28d2d7d08..5e8c350bca7f 100644
--- a/dev-db/postgresql/postgresql-13.13.ebuild
+++ b/dev-db/postgresql/postgresql-13.13.ebuild
@@ -44,7 +44,8 @@ perl? ( >=dev-lang/perl-5.8:= )
 python? ( ${PYTHON_DEPS} )
 readline? ( sys-libs/readline:0= )
 server? ( systemd? ( sys-apps/systemd ) )
-ssl? ( >=dev-libs/openssl-0.9.6-r1:0= )
+ssl? ( >=dev-libs/openssl-0.9.6-r1:0=
+	<dev-libs/openssl-3.2 )
 tcl? ( >=dev-lang/tcl-8:0= )
 xml? ( dev-libs/libxml2 dev-libs/libxslt )
 zlib? ( sys-libs/zlib )
diff --git a/dev-db/postgresql/postgresql-14.10-r1.ebuild b/dev-db/postgresql/postgresql-14.10-r1.ebuild
new file mode 100644
index 000000000000..6ac2f9b4d22c
--- /dev/null
+++ b/dev-db/postgresql/postgresql-14.10-r1.ebuild
@@ -0,0 +1,465 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10,11,12} )
+LLVM_MAX_SLOT=17
+
+inherit flag-o-matic linux-info llvm pam python-single-r1 systemd tmpfiles
+
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris"
+
+SLOT=$(ver_cut 1)
+
+MY_PV=${PV/_/}
+S="${WORKDIR}/${PN}-${MY_PV}"
+
+SRC_URI="https://ftp.postgresql.org/pub/source/v${MY_PV}/postgresql-${MY_PV}.tar.bz2"
+
+LICENSE="POSTGRESQL GPL-2"
+DESCRIPTION="PostgreSQL RDBMS"
+HOMEPAGE="https://www.postgresql.org/"
+
+IUSE="debug doc icu kerberos ldap llvm lz4 nls pam perl python +readline
+	  selinux +server systemd ssl static-libs tcl uuid xml zlib"
+
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+CDEPEND="
+>=app-eselect/eselect-postgresql-2.0
+acct-group/postgres
+acct-user/postgres
+sys-apps/less
+virtual/libintl
+icu? ( dev-libs/icu:= )
+kerberos? ( virtual/krb5 )
+ldap? ( net-nds/openldap:= )
+llvm? (
+	 <sys-devel/llvm-18:=
+	 <sys-devel/clang-18:=
+)
+lz4? ( app-arch/lz4 )
+pam? ( sys-libs/pam )
+perl? ( >=dev-lang/perl-5.8:= )
+python? ( ${PYTHON_DEPS} )
+readline? ( sys-libs/readline:0= )
+server? ( systemd? ( sys-apps/systemd ) )
+ssl? ( >=dev-libs/openssl-0.9.6-r1:0= )
+tcl? ( >=dev-lang/tcl-8:0= )
+xml? ( dev-libs/libxml2 dev-libs/libxslt )
+zlib? ( sys-libs/zlib )
+"
+
+# uuid flags -- depend on sys-apps/util-linux for Linux libcs, or if no
+# supported libc in use depend on dev-libs/ossp-uuid. For BSD systems,
+# the libc includes UUID functions.
+UTIL_LINUX_LIBC=( elibc_{glibc,musl} )
+
+nest_usedep() {
+	local front back
+	while [[ ${#} -gt 1 ]]; do
+		front+="${1}? ( "
+		back+=" )"
+		shift
+	done
+	echo "${front}${1}${back}"
+}
+
+CDEPEND+="
+uuid? (
+	${UTIL_LINUX_LIBC[@]/%/? ( sys-apps/util-linux )}
+	$(nest_usedep ${UTIL_LINUX_LIBC[@]/#/!} dev-libs/ossp-uuid)
+)"
+
+DEPEND="${CDEPEND}
+sys-devel/bison
+app-alternatives/lex
+nls? ( sys-devel/gettext )
+xml? ( virtual/pkgconfig )
+"
+
+RDEPEND="${CDEPEND}
+selinux? ( sec-policy/selinux-postgresql )
+"
+
+pkg_setup() {
+	use llvm && llvm_pkg_setup
+
+	use server && CONFIG_CHECK="~SYSVIPC" linux-info_pkg_setup
+
+	use python && python-single-r1_pkg_setup
+}
+
+src_prepare() {
+	# Set proper run directory
+	sed "s|\(PGSOCKET_DIR\s\+\)\"/tmp\"|\1\"${EPREFIX}/run/postgresql\"|" \
+		-i src/include/pg_config_manual.h || die
+
+	# Rely on $PATH being in the proper order so that the correct
+	# install program is used for modules utilizing PGXS in both
+	# hardened and non-hardened environments. (Bug #528786)
+	sed 's/@install_bin@/install -c/' -i src/Makefile.global.in || die
+
+	use server || eapply "${FILESDIR}/${PN}-14.5-no-server.patch"
+
+	if use pam ; then
+		sed "s/\(#define PGSQL_PAM_SERVICE \"postgresql\)/\1-${SLOT}/" \
+			-i src/backend/libpq/auth.c || \
+			die 'PGSQL_PAM_SERVICE rename failed.'
+	fi
+
+	eapply "${FILESDIR}"/postgresql-14-openssl3.2.patch
+
+	eapply_user
+}
+
+src_configure() {
+	case ${CHOST} in
+		*-darwin*|*-solaris*)
+			use nls && append-libs intl
+			;;
+	esac
+
+	export LDFLAGS_SL="${LDFLAGS}"
+	export LDFLAGS_EX="${LDFLAGS}"
+
+	local PO="${EPREFIX}"
+
+	local i uuid_config=""
+	if use uuid; then
+		for i in ${UTIL_LINUX_LIBC[@]}; do
+			use ${i} && uuid_config="--with-uuid=e2fs"
+		done
+		[[ -z $uuid_config ]] && uuid_config="--with-uuid=ossp"
+	fi
+
+	local myconf="\
+		--prefix="${PO}/usr/$(get_libdir)/postgresql-${SLOT}" \
+		--datadir="${PO}/usr/share/postgresql-${SLOT}" \
+		--includedir="${PO}/usr/include/postgresql-${SLOT}" \
+		--mandir="${PO}/usr/share/postgresql-${SLOT}/man" \
+		--sysconfdir="${PO}/etc/postgresql-${SLOT}" \
+		--with-system-tzdata="${PO}/usr/share/zoneinfo" \
+		$(use_enable debug) \
+		$(use_with icu) \
+		$(use_with kerberos gssapi) \
+		$(use_with ldap) \
+		$(use_with llvm) \
+		$(use_with lz4) \
+		$(use_with pam) \
+		$(use_with perl) \
+		$(use_with python) \
+		$(use_with readline) \
+		$(use_with ssl openssl) \
+		$(usex server "$(use_with systemd)" '--without-systemd') \
+		$(use_with tcl) \
+		${uuid_config} \
+		$(use_with xml libxml) \
+		$(use_with xml libxslt) \
+		$(use_with zlib) \
+		$(use_enable nls)"
+	if use alpha; then
+		myconf+=" --disable-spinlocks"
+	else
+		# Should be the default but just in case
+		myconf+=" --enable-spinlocks"
+	fi
+	econf ${myconf}
+}
+
+src_compile() {
+	emake
+	emake -C contrib
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+	emake DESTDIR="${D}" install -C contrib
+
+	dodoc README HISTORY
+
+	# man pages are already built, but if we have the target make them,
+	# they'll be generated from source before being installed so we
+	# manually install man pages.
+	# We use ${SLOT} instead of doman for postgresql.eselect
+	insinto /usr/share/postgresql-${SLOT}/man/
+	doins -r doc/src/sgml/man{1,3,7}
+	if ! use server; then
+		# Remove man pages for non-existent binaries
+		serverman=(
+			initdb
+			pg_{archivecleanup,controldata,ctl,resetwal,rewind,standby}
+			pg_{test_{fsync,timing},upgrade,waldump}
+			post{gres,master}
+		)
+		for m in ${serverman[@]} ; do
+			rm "${ED}/usr/share/postgresql-${SLOT}/man/man1/${m}.1"
+		done
+	fi
+	docompress /usr/share/postgresql-${SLOT}/man/man{1,3,7}
+
+	# Create slot specific man pages
+	local bn f mansec slotted_name
+	for mansec in 1 3 7 ; do
+		local rel_manpath="../../postgresql-${SLOT}/man/man${mansec}"
+
+		mkdir -p "${ED}"/usr/share/man/man${mansec} || die "making man dir"
+		pushd "${ED}"/usr/share/man/man${mansec} > /dev/null || die "pushd failed"
+
+		for f in "${ED}/usr/share/postgresql-${SLOT}/man/man${mansec}"/* ; do
+			bn=$(basename "${f}")
+			slotted_name=${bn%.${mansec}}${SLOT}.${mansec}
+			case ${bn} in
+				TABLE.7|WITH.7)
+					echo ".so ${rel_manpath}/SELECT.7" > ${slotted_name}
+					;;
+				*)
+					echo ".so ${rel_manpath}/${bn}" > ${slotted_name}
+					;;
+			esac
+		done
+
+		popd > /dev/null
+	done
+
+	insinto /etc/postgresql-${SLOT}
+	newins src/bin/psql/psqlrc.sample psqlrc
+
+	# Don't delete libpg{port,common}.a (Bug #571046). They're always
+	# needed by extensions utilizing PGXS.
+	use static-libs || \
+		find "${ED}" -name '*.a' ! -name libpgport.a ! -name libpgcommon.a \
+			 -delete
+
+	# Make slot specific links to programs
+	local f bn
+	for f in $(find "${ED}/usr/$(get_libdir)/postgresql-${SLOT}/bin" \
+					-mindepth 1 -maxdepth 1)
+	do
+		bn=$(basename "${f}")
+		dosym "../$(get_libdir)/postgresql-${SLOT}/bin/${bn}" \
+			  "/usr/bin/${bn}${SLOT/.}"
+	done
+
+	if use doc ; then
+		docinto html
+		dodoc doc/src/sgml/html/*
+	fi
+
+	if use server; then
+		sed -e "s|@SLOT@|${SLOT}|g" -e "s|@LIBDIR@|$(get_libdir)|g" \
+			"${FILESDIR}/${PN}.confd-9.3" | newconfd - ${PN}-${SLOT}
+
+		sed -e "s|@SLOT@|${SLOT}|g" -e "s|@LIBDIR@|$(get_libdir)|g" \
+			"${FILESDIR}/${PN}.init-9.3-r1" | newinitd - ${PN}-${SLOT}
+
+		if use systemd; then
+			sed -e "s|@SLOT@|${SLOT}|g" -e "s|@LIBDIR@|$(get_libdir)|g" \
+				"${FILESDIR}/${PN}.service-9.6-r1" | \
+				systemd_newunit - ${PN}-${SLOT}.service
+			newbin "${FILESDIR}"/${PN}-check-db-dir ${PN}-${SLOT}-check-db-dir
+			newtmpfiles "${FILESDIR}"/${PN}.tmpfiles ${PN}-${SLOT}.conf
+		fi
+
+		use pam && pamd_mimic system-auth ${PN}-${SLOT} auth account session
+
+		if use prefix ; then
+			keepdir /run/postgresql
+			fperms 1775 /run/postgresql
+		fi
+	fi
+}
+
+pkg_postinst() {
+	use server && use systemd && tmpfiles_process ${PN}-${SLOT}.conf
+	postgresql-config update
+
+	elog "If you need a global psqlrc-file, you can place it in:"
+	elog "    ${EROOT}/etc/postgresql-${SLOT}/"
+
+	if use server ; then
+		elog
+		elog "Gentoo specific documentation:"
+		elog "https://wiki.gentoo.org/wiki/PostgreSQL"
+		elog
+		elog "Official documentation:"
+		elog "https://www.postgresql.org/docs/${SLOT}/static/index.html"
+		elog
+		elog "The default location of the Unix-domain socket is:"
+		elog "    ${EROOT}/run/postgresql/"
+		elog
+		elog "Before initializing the database, you may want to edit PG_INITDB_OPTS"
+		elog "so that it contains your preferred locale in:"
+		elog "    ${EROOT}/etc/conf.d/postgresql-${SLOT}"
+		elog
+		elog "Then, execute the following command to setup the initial database"
+		elog "environment:"
+		elog "    emerge --config =${CATEGORY}/${PF}"
+
+		if [[ -n ${REPLACING_VERSIONS} ]] ; then
+			ewarn "If your system is using 'pg_stat_statements' and you are running a"
+			ewarn "version of PostgreSQL ${SLOT}, we advise that you execute"
+			ewarn "the following command after upgrading:"
+			ewarn
+			ewarn "ALTER EXTENSION pg_stat_statements UPDATE;"
+		fi
+	fi
+}
+
+pkg_prerm() {
+	if use server && [[ -z ${REPLACED_BY_VERSION} ]] ; then
+		ewarn "Have you dumped and/or migrated the ${SLOT} database cluster?"
+		ewarn "\thttps://wiki.gentoo.org/wiki/PostgreSQL/QuickStart#Migrating_PostgreSQL"
+
+		ebegin "Resuming removal in 10 seconds (Control-C to cancel)"
+		sleep 10
+		eend 0
+	fi
+}
+
+pkg_postrm() {
+	postgresql-config update
+}
+
+pkg_config() {
+	use server || die "USE flag 'server' not enabled. Nothing to configure."
+
+	[[ -f "${EROOT}/etc/conf.d/postgresql-${SLOT}" ]] \
+		&& source "${EROOT}/etc/conf.d/postgresql-${SLOT}"
+	[[ -z "${PGDATA}" ]] && PGDATA="${EROOT}/etc/postgresql-${SLOT}/"
+	[[ -z "${DATA_DIR}" ]] \
+		&& DATA_DIR="${EROOT}/var/lib/postgresql/${SLOT}/data"
+
+	# environment.bz2 may not contain the same locale as the current system
+	# locale. Unset and source from the current system locale.
+	if [ -f "${EROOT}/etc/env.d/02locale" ]; then
+		unset LANG
+		unset LC_CTYPE
+		unset LC_NUMERIC
+		unset LC_TIME
+		unset LC_COLLATE
+		unset LC_MONETARY
+		unset LC_MESSAGES
+		unset LC_ALL
+		source "${EROOT}/etc/env.d/02locale"
+		[ -n "${LANG}" ] && export LANG
+		[ -n "${LC_CTYPE}" ] && export LC_CTYPE
+		[ -n "${LC_NUMERIC}" ] && export LC_NUMERIC
+		[ -n "${LC_TIME}" ] && export LC_TIME
+		[ -n "${LC_COLLATE}" ] && export LC_COLLATE
+		[ -n "${LC_MONETARY}" ] && export LC_MONETARY
+		[ -n "${LC_MESSAGES}" ] && export LC_MESSAGES
+		[ -n "${LC_ALL}" ] && export LC_ALL
+	fi
+
+	einfo "You can modify the paths and options passed to initdb by editing:"
+	einfo "    ${EROOT}/etc/conf.d/postgresql-${SLOT}"
+	einfo
+	einfo "Information on options that can be passed to initdb are found at:"
+	einfo "    https://www.postgresql.org/docs/${SLOT}/static/creating-cluster.html"
+	einfo "    https://www.postgresql.org/docs/${SLOT}/static/app-initdb.html"
+	einfo
+	einfo "PG_INITDB_OPTS is currently set to:"
+	if [[ -z "${PG_INITDB_OPTS}" ]] ; then
+		einfo "    (none)"
+	else
+		einfo "    ${PG_INITDB_OPTS}"
+	fi
+	einfo
+	einfo "Configuration files will be installed to:"
+	einfo "    ${PGDATA}"
+	einfo
+	einfo "The database cluster will be created in:"
+	einfo "    ${DATA_DIR}"
+	einfo
+
+	ebegin "Continuing initialization in 5 seconds (Control-C to cancel)"
+	sleep 5
+	eend 0
+
+	if [ -n "$(ls -A ${DATA_DIR} 2> /dev/null)" ] ; then
+		eerror "The given directory, '${DATA_DIR}', is not empty."
+		eerror "Modify DATA_DIR to point to an empty directory."
+		die "${DATA_DIR} is not empty."
+	fi
+
+	einfo "Creating the data directory ..."
+	if [[ ${EUID} == 0 ]] ; then
+		mkdir -p "$(dirname ${DATA_DIR%/})" || die "Couldn't parent dirs"
+		mkdir -m 0700 "${DATA_DIR%/}" || die "Couldn't make DATA_DIR"
+		chown -h postgres:postgres "${DATA_DIR%/}" || die "Couldn't chown"
+	fi
+
+	einfo "Initializing the database ..."
+
+	if [[ ${EUID} == 0 ]] ; then
+		su - postgres -c "${EROOT}/usr/$(get_libdir)/postgresql-${SLOT}/bin/initdb -D \"${DATA_DIR}\" ${PG_INITDB_OPTS}"
+	else
+		"${EROOT}"/usr/$(get_libdir)/postgresql-${SLOT}/bin/initdb -U postgres -D "${DATA_DIR}" ${PG_INITDB_OPTS}
+	fi
+
+	if [[ "${DATA_DIR%/}" != "${PGDATA%/}" ]] ; then
+		mv "${DATA_DIR%/}"/{pg_{hba,ident},postgresql}.conf "${PGDATA}"
+		ln -s "${PGDATA%/}"/{pg_{hba,ident},postgresql}.conf "${DATA_DIR%/}"
+	fi
+
+	# unix_socket_directory has no effect in postgresql.conf as it's
+	# overridden in the initscript
+	sed '/^#unix_socket_directories/,+1d' -i "${PGDATA%/}"/postgresql.conf
+
+	cat <<- EOF >> "${PGDATA%/}"/postgresql.conf
+		# This is here because of https://bugs.gentoo.org/show_bug.cgi?id=518522
+		# On the off-chance that you might need to work with UTF-8 encoded
+		# characters in PL/Perl
+		plperl.on_init = 'use utf8; use re; package utf8; require "utf8_heavy.pl";'
+	EOF
+
+	einfo "The autovacuum function, which was in contrib, has been moved to the main"
+	einfo "PostgreSQL functions starting with 8.1, and starting with 8.4 is now enabled"
+	einfo "by default. You can disable it in the cluster's:"
+	einfo "    ${PGDATA%/}/postgresql.conf"
+	einfo
+	if ! use systemd; then
+		einfo "The PostgreSQL server, by default, will log events to:"
+		einfo "    ${DATA_DIR%/}/postmaster.log"
+		einfo
+	fi
+	if use prefix ; then
+		einfo "The location of the configuration files have moved to:"
+		einfo "    ${PGDATA}"
+		einfo "To start the server:"
+		einfo "    pg_ctl start -D ${DATA_DIR} -o '-D ${PGDATA} --data-directory=${DATA_DIR}'"
+		einfo "To stop:"
+		einfo "    pg_ctl stop -D ${DATA_DIR}"
+		einfo
+		einfo "Or move the configuration files back:"
+		einfo "mv ${PGDATA}*.conf ${DATA_DIR}"
+	elif use systemd; then
+		einfo "You should use the 'postgresql-${SLOT}.service' unit to run PostgreSQL"
+		einfo "instead of 'pg_ctl'."
+	else
+		einfo "You should use the '${EROOT}/etc/init.d/postgresql-${SLOT}' script to run PostgreSQL"
+		einfo "instead of 'pg_ctl'."
+	fi
+}
+
+src_test() {
+	if use server && [[ ${UID} -ne 0 ]] ; then
+		# Some ICU tests fail if LC_CTYPE and LC_COLLATE aren't the same. We set
+		# LC_CTYPE to be equal to LC_COLLATE since LC_COLLATE is set by Portage.
+		local old_ctype=${LC_CTYPE}
+		export LC_CTYPE=${LC_COLLATE}
+		emake check
+		export LC_CTYPE=${old_ctype}
+		einfo "If you think other tests besides the regression tests are necessary, please"
+		einfo "submit a bug including a patch for this ebuild to enable them."
+	else
+		use server || \
+			ewarn 'Tests cannot be run without the "server" use flag enabled.'
+		[[ ${UID} -eq 0 ]] || \
+			ewarn 'Tests cannot be run as root. Enable "userpriv" in FEATURES.'
+
+		ewarn 'Skipping.'
+	fi
+}
diff --git a/dev-db/postgresql/postgresql-14.10.ebuild b/dev-db/postgresql/postgresql-14.10.ebuild
index c5bcd5377176..341c1e37a966 100644
--- a/dev-db/postgresql/postgresql-14.10.ebuild
+++ b/dev-db/postgresql/postgresql-14.10.ebuild
@@ -45,7 +45,8 @@ perl? ( >=dev-lang/perl-5.8:= )
 python? ( ${PYTHON_DEPS} )
 readline? ( sys-libs/readline:0= )
 server? ( systemd? ( sys-apps/systemd ) )
-ssl? ( >=dev-libs/openssl-0.9.6-r1:0= )
+ssl? ( >=dev-libs/openssl-0.9.6-r1:0=
+	<dev-libs/openssl-3.2 )
 tcl? ( >=dev-lang/tcl-8:0= )
 xml? ( dev-libs/libxml2 dev-libs/libxslt )
 zlib? ( sys-libs/zlib )
diff --git a/dev-db/postgresql/postgresql-15.5-r1.ebuild b/dev-db/postgresql/postgresql-15.5-r1.ebuild
new file mode 100644
index 000000000000..6d928ddac1b1
--- /dev/null
+++ b/dev-db/postgresql/postgresql-15.5-r1.ebuild
@@ -0,0 +1,467 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10,11,12} )
+LLVM_MAX_SLOT=17
+
+inherit flag-o-matic linux-info llvm pam python-single-r1 systemd tmpfiles
+
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris"
+
+SLOT=$(ver_cut 1)
+
+MY_PV=${PV/_/}
+S="${WORKDIR}/${PN}-${MY_PV}"
+
+SRC_URI="https://ftp.postgresql.org/pub/source/v${MY_PV}/postgresql-${MY_PV}.tar.bz2"
+
+LICENSE="POSTGRESQL GPL-2"
+DESCRIPTION="PostgreSQL RDBMS"
+HOMEPAGE="https://www.postgresql.org/"
+
+IUSE="debug doc icu kerberos ldap llvm lz4 nls pam perl python +readline
+	  selinux +server systemd ssl static-libs tcl uuid xml zlib zstd"
+
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+CDEPEND="
+>=app-eselect/eselect-postgresql-2.0
+acct-group/postgres
+acct-user/postgres
+sys-apps/less
+virtual/libintl
+icu? ( dev-libs/icu:= )
+kerberos? ( virtual/krb5 )
+ldap? ( net-nds/openldap:= )
+llvm? (
+	<sys-devel/llvm-18:=
+	<sys-devel/clang-18:=
+)
+lz4? ( app-arch/lz4 )
+pam? ( sys-libs/pam )
+perl? ( >=dev-lang/perl-5.8:= )
+python? ( ${PYTHON_DEPS} )
+readline? ( sys-libs/readline:0= )
+server? ( systemd? ( sys-apps/systemd ) )
+ssl? ( >=dev-libs/openssl-0.9.6-r1:0= )
+tcl? ( >=dev-lang/tcl-8:0= )
+xml? ( dev-libs/libxml2 dev-libs/libxslt )
+zlib? ( sys-libs/zlib )
+zstd? ( app-arch/zstd )
+"
+
+# uuid flags -- depend on sys-apps/util-linux for Linux libcs, or if no
+# supported libc in use depend on dev-libs/ossp-uuid. For BSD systems,
+# the libc includes UUID functions.
+UTIL_LINUX_LIBC=( elibc_{glibc,musl} )
+
+nest_usedep() {
+	local front back
+	while [[ ${#} -gt 1 ]]; do
+		front+="${1}? ( "
+		back+=" )"
+		shift
+	done
+	echo "${front}${1}${back}"
+}
+
+CDEPEND+="
+uuid? (
+	${UTIL_LINUX_LIBC[@]/%/? ( sys-apps/util-linux )}
+	$(nest_usedep ${UTIL_LINUX_LIBC[@]/#/!} dev-libs/ossp-uuid)
+)"
+
+DEPEND="${CDEPEND}
+sys-devel/bison
+app-alternatives/lex
+nls? ( sys-devel/gettext )
+xml? ( virtual/pkgconfig )
+"
+
+RDEPEND="${CDEPEND}
+selinux? ( sec-policy/selinux-postgresql )
+"
+
+pkg_setup() {
+	use llvm && llvm_pkg_setup
+
+	use server && CONFIG_CHECK="~SYSVIPC" linux-info_pkg_setup
+
+	use python && python-single-r1_pkg_setup
+}
+
+src_prepare() {
+	# Set proper run directory
+	sed "s|\(PGSOCKET_DIR\s\+\)\"/tmp\"|\1\"${EPREFIX}/run/postgresql\"|" \
+		-i src/include/pg_config_manual.h || die
+
+	# Rely on $PATH being in the proper order so that the correct
+	# install program is used for modules utilizing PGXS in both
+	# hardened and non-hardened environments. (Bug #528786)
+	sed 's/@install_bin@/install -c/' -i src/Makefile.global.in || die
+
+	use server || eapply "${FILESDIR}/${PN}-15_beta3-no-server.patch"
+
+	if use pam ; then
+		sed "s/\(#define PGSQL_PAM_SERVICE \"postgresql\)/\1-${SLOT}/" \
+			-i src/backend/libpq/auth.c || \
+			die 'PGSQL_PAM_SERVICE rename failed.'
+	fi
+
+	eapply "${FILESDIR}"/postgresql-15-openssl3.2.patch
+
+	eapply_user
+}
+
+src_configure() {
+	case ${CHOST} in
+		*-darwin*|*-solaris*)
+			use nls && append-libs intl
+			;;
+	esac
+
+	export LDFLAGS_SL="${LDFLAGS}"
+	export LDFLAGS_EX="${LDFLAGS}"
+
+	local PO="${EPREFIX}"
+
+	local i uuid_config=""
+	if use uuid; then
+		for i in ${UTIL_LINUX_LIBC[@]}; do
+			use ${i} && uuid_config="--with-uuid=e2fs"
+		done
+		[[ -z $uuid_config ]] && uuid_config="--with-uuid=ossp"
+	fi
+
+	local myconf="\
+		--prefix="${PO}/usr/$(get_libdir)/postgresql-${SLOT}" \
+		--datadir="${PO}/usr/share/postgresql-${SLOT}" \
+		--includedir="${PO}/usr/include/postgresql-${SLOT}" \
+		--mandir="${PO}/usr/share/postgresql-${SLOT}/man" \
+		--sysconfdir="${PO}/etc/postgresql-${SLOT}" \
+		--with-system-tzdata="${PO}/usr/share/zoneinfo" \
+		$(use_enable debug) \
+		$(use_with icu) \
+		$(use_with kerberos gssapi) \
+		$(use_with ldap) \
+		$(use_with llvm) \
+		$(use_with lz4) \
+		$(use_with pam) \
+		$(use_with perl) \
+		$(use_with python) \
+		$(use_with readline) \
+		$(use_with ssl openssl) \
+		$(usex server "$(use_with systemd)" '--without-systemd') \
+		$(use_with tcl) \
+		${uuid_config} \
+		$(use_with xml libxml) \
+		$(use_with xml libxslt) \
+		$(use_with zlib) \
+		$(use_with zstd) \
+		$(use_enable nls)"
+	if use alpha; then
+		myconf+=" --disable-spinlocks"
+	else
+		# Should be the default but just in case
+		myconf+=" --enable-spinlocks"
+	fi
+	econf ${myconf}
+}
+
+src_compile() {
+	emake
+	emake -C contrib
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+	emake DESTDIR="${D}" install -C contrib
+
+	dodoc README HISTORY
+
+	# man pages are already built, but if we have the target make them,
+	# they'll be generated from source before being installed so we
+	# manually install man pages.
+	# We use ${SLOT} instead of doman for postgresql.eselect
+	insinto /usr/share/postgresql-${SLOT}/man/
+	doins -r doc/src/sgml/man{1,3,7}
+	if ! use server; then
+		# Remove man pages for non-existent binaries
+		serverman=(
+			initdb
+			pg_{archivecleanup,controldata,ctl,resetwal,rewind,standby}
+			pg_{test_{fsync,timing},upgrade,waldump}
+			post{gres,master}
+		)
+		for m in ${serverman[@]} ; do
+			rm "${ED}/usr/share/postgresql-${SLOT}/man/man1/${m}.1"
+		done
+	fi
+	docompress /usr/share/postgresql-${SLOT}/man/man{1,3,7}
+
+	# Create slot specific man pages
+	local bn f mansec slotted_name
+	for mansec in 1 3 7 ; do
+		local rel_manpath="../../postgresql-${SLOT}/man/man${mansec}"
+
+		mkdir -p "${ED}"/usr/share/man/man${mansec} || die "making man dir"
+		pushd "${ED}"/usr/share/man/man${mansec} > /dev/null || die "pushd failed"
+
+		for f in "${ED}/usr/share/postgresql-${SLOT}/man/man${mansec}"/* ; do
+			bn=$(basename "${f}")
+			slotted_name=${bn%.${mansec}}${SLOT}.${mansec}
+			case ${bn} in
+				TABLE.7|WITH.7)
+					echo ".so ${rel_manpath}/SELECT.7" > ${slotted_name}
+					;;
+				*)
+					echo ".so ${rel_manpath}/${bn}" > ${slotted_name}
+					;;
+			esac
+		done
+
+		popd > /dev/null
+	done
+
+	insinto /etc/postgresql-${SLOT}
+	newins src/bin/psql/psqlrc.sample psqlrc
+
+	# Don't delete libpg{port,common}.a (Bug #571046). They're always
+	# needed by extensions utilizing PGXS.
+	use static-libs || \
+		find "${ED}" -name '*.a' ! -name libpgport.a ! -name libpgcommon.a \
+			 -delete
+
+	# Make slot specific links to programs
+	local f bn
+	for f in $(find "${ED}/usr/$(get_libdir)/postgresql-${SLOT}/bin" \
+					-mindepth 1 -maxdepth 1)
+	do
+		bn=$(basename "${f}")
+		dosym "../$(get_libdir)/postgresql-${SLOT}/bin/${bn}" \
+			  "/usr/bin/${bn}${SLOT/.}"
+	done
+
+	if use doc ; then
+		docinto html
+		dodoc doc/src/sgml/html/*
+	fi
+
+	if use server; then
+		sed -e "s|@SLOT@|${SLOT}|g" -e "s|@LIBDIR@|$(get_libdir)|g" \
+			"${FILESDIR}/${PN}.confd-9.3" | newconfd - ${PN}-${SLOT}
+
+		sed -e "s|@SLOT@|${SLOT}|g" -e "s|@LIBDIR@|$(get_libdir)|g" \
+			"${FILESDIR}/${PN}.init-9.3-r1" | newinitd - ${PN}-${SLOT}
+
+		if use systemd; then
+			sed -e "s|@SLOT@|${SLOT}|g" -e "s|@LIBDIR@|$(get_libdir)|g" \
+				"${FILESDIR}/${PN}.service-9.6-r1" | \
+				systemd_newunit - ${PN}-${SLOT}.service
+			newbin "${FILESDIR}"/${PN}-check-db-dir ${PN}-${SLOT}-check-db-dir
+			newtmpfiles "${FILESDIR}"/${PN}.tmpfiles ${PN}-${SLOT}.conf
+		fi
+
+		use pam && pamd_mimic system-auth ${PN}-${SLOT} auth account session
+
+		if use prefix ; then
+			keepdir /run/postgresql
+			fperms 1775 /run/postgresql
+		fi
+	fi
+}
+
+pkg_postinst() {
+	use server && use systemd && tmpfiles_process ${PN}-${SLOT}.conf
+	postgresql-config update
+
+	elog "If you need a global psqlrc-file, you can place it in:"
+	elog "    ${EROOT}/etc/postgresql-${SLOT}/"
+
+	if use server ; then
+		elog
+		elog "Gentoo specific documentation:"
+		elog "https://wiki.gentoo.org/wiki/PostgreSQL"
+		elog
+		elog "Official documentation:"
+		elog "https://www.postgresql.org/docs/${SLOT}/static/index.html"
+		elog
+		elog "The default location of the Unix-domain socket is:"
+		elog "    ${EROOT}/run/postgresql/"
+		elog
+		elog "Before initializing the database, you may want to edit PG_INITDB_OPTS"
+		elog "so that it contains your preferred locale in:"
+		elog "    ${EROOT}/etc/conf.d/postgresql-${SLOT}"
+		elog
+		elog "Then, execute the following command to setup the initial database"
+		elog "environment:"
+		elog "    emerge --config =${CATEGORY}/${PF}"
+
+		if [[ -n ${REPLACING_VERSIONS} ]] ; then
+			ewarn "If your system is using 'pg_stat_statements' and you are running a"
+			ewarn "version of PostgreSQL ${SLOT}, we advise that you execute"
+			ewarn "the following command after upgrading:"
+			ewarn
+			ewarn "ALTER EXTENSION pg_stat_statements UPDATE;"
+		fi
+	fi
+}
+
+pkg_prerm() {
+	if use server && [[ -z ${REPLACED_BY_VERSION} ]] ; then
+		ewarn "Have you dumped and/or migrated the ${SLOT} database cluster?"
+		ewarn "\thttps://wiki.gentoo.org/wiki/PostgreSQL/QuickStart#Migrating_PostgreSQL"
+
+		ebegin "Resuming removal in 10 seconds (Control-C to cancel)"
+		sleep 10
+		eend 0
+	fi
+}
+
+pkg_postrm() {
+	postgresql-config update
+}
+
+pkg_config() {
+	use server || die "USE flag 'server' not enabled. Nothing to configure."
+
+	[[ -f "${EROOT}/etc/conf.d/postgresql-${SLOT}" ]] \
+		&& source "${EROOT}/etc/conf.d/postgresql-${SLOT}"
+	[[ -z "${PGDATA}" ]] && PGDATA="${EROOT}/etc/postgresql-${SLOT}/"
+	[[ -z "${DATA_DIR}" ]] \
+		&& DATA_DIR="${EROOT}/var/lib/postgresql/${SLOT}/data"
+
+	# environment.bz2 may not contain the same locale as the current system
+	# locale. Unset and source from the current system locale.
+	if [ -f "${EROOT}/etc/env.d/02locale" ]; then
+		unset LANG
+		unset LC_CTYPE
+		unset LC_NUMERIC
+		unset LC_TIME
+		unset LC_COLLATE
+		unset LC_MONETARY
+		unset LC_MESSAGES
+		unset LC_ALL
+		source "${EROOT}/etc/env.d/02locale"
+		[ -n "${LANG}" ] && export LANG
+		[ -n "${LC_CTYPE}" ] && export LC_CTYPE
+		[ -n "${LC_NUMERIC}" ] && export LC_NUMERIC
+		[ -n "${LC_TIME}" ] && export LC_TIME
+		[ -n "${LC_COLLATE}" ] && export LC_COLLATE
+		[ -n "${LC_MONETARY}" ] && export LC_MONETARY
+		[ -n "${LC_MESSAGES}" ] && export LC_MESSAGES
+		[ -n "${LC_ALL}" ] && export LC_ALL
+	fi
+
+	einfo "You can modify the paths and options passed to initdb by editing:"
+	einfo "    ${EROOT}/etc/conf.d/postgresql-${SLOT}"
+	einfo
+	einfo "Information on options that can be passed to initdb are found at:"
+	einfo "    https://www.postgresql.org/docs/${SLOT}/static/creating-cluster.html"
+	einfo "    https://www.postgresql.org/docs/${SLOT}/static/app-initdb.html"
+	einfo
+	einfo "PG_INITDB_OPTS is currently set to:"
+	if [[ -z "${PG_INITDB_OPTS}" ]] ; then
+		einfo "    (none)"
+	else
+		einfo "    ${PG_INITDB_OPTS}"
+	fi
+	einfo
+	einfo "Configuration files will be installed to:"
+	einfo "    ${PGDATA}"
+	einfo
+	einfo "The database cluster will be created in:"
+	einfo "    ${DATA_DIR}"
+	einfo
+
+	ebegin "Continuing initialization in 5 seconds (Control-C to cancel)"
+	sleep 5
+	eend 0
+
+	if [ -n "$(ls -A ${DATA_DIR} 2> /dev/null)" ] ; then
+		eerror "The given directory, '${DATA_DIR}', is not empty."
+		eerror "Modify DATA_DIR to point to an empty directory."
+		die "${DATA_DIR} is not empty."
+	fi
+
+	einfo "Creating the data directory ..."
+	if [[ ${EUID} == 0 ]] ; then
+		mkdir -p "$(dirname ${DATA_DIR%/})" || die "Couldn't parent dirs"
+		mkdir -m 0700 "${DATA_DIR%/}" || die "Couldn't make DATA_DIR"
+		chown -h postgres:postgres "${DATA_DIR%/}" || die "Couldn't chown"
+	fi
+
+	einfo "Initializing the database ..."
+
+	if [[ ${EUID} == 0 ]] ; then
+		su - postgres -c "${EROOT}/usr/$(get_libdir)/postgresql-${SLOT}/bin/initdb -D \"${DATA_DIR}\" ${PG_INITDB_OPTS}"
+	else
+		"${EROOT}"/usr/$(get_libdir)/postgresql-${SLOT}/bin/initdb -U postgres -D "${DATA_DIR}" ${PG_INITDB_OPTS}
+	fi
+
+	if [[ "${DATA_DIR%/}" != "${PGDATA%/}" ]] ; then
+		mv "${DATA_DIR%/}"/{pg_{hba,ident},postgresql}.conf "${PGDATA}"
+		ln -s "${PGDATA%/}"/{pg_{hba,ident},postgresql}.conf "${DATA_DIR%/}"
+	fi
+
+	# unix_socket_directory has no effect in postgresql.conf as it's
+	# overridden in the initscript
+	sed '/^#unix_socket_directories/,+1d' -i "${PGDATA%/}"/postgresql.conf
+
+	cat <<- EOF >> "${PGDATA%/}"/postgresql.conf
+		# This is here because of https://bugs.gentoo.org/show_bug.cgi?id=518522
+		# On the off-chance that you might need to work with UTF-8 encoded
+		# characters in PL/Perl
+		plperl.on_init = 'use utf8; use re; package utf8; require "utf8_heavy.pl";'
+	EOF
+
+	einfo "The autovacuum function, which was in contrib, has been moved to the main"
+	einfo "PostgreSQL functions starting with 8.1, and starting with 8.4 is now enabled"
+	einfo "by default. You can disable it in the cluster's:"
+	einfo "    ${PGDATA%/}/postgresql.conf"
+	einfo
+	if ! use systemd; then
+		einfo "The PostgreSQL server, by default, will log events to:"
+		einfo "    ${DATA_DIR%/}/postmaster.log"
+		einfo
+	fi
+	if use prefix ; then
+		einfo "The location of the configuration files have moved to:"
+		einfo "    ${PGDATA}"
+		einfo "To start the server:"
+		einfo "    pg_ctl start -D ${DATA_DIR} -o '-D ${PGDATA} --data-directory=${DATA_DIR}'"
+		einfo "To stop:"
+		einfo "    pg_ctl stop -D ${DATA_DIR}"
+		einfo
+		einfo "Or move the configuration files back:"
+		einfo "mv ${PGDATA}*.conf ${DATA_DIR}"
+	elif use systemd; then
+		einfo "You should use the 'postgresql-${SLOT}.service' unit to run PostgreSQL"
+		einfo "instead of 'pg_ctl'."
+	else
+		einfo "You should use the '${EROOT}/etc/init.d/postgresql-${SLOT}' script to run PostgreSQL"
+		einfo "instead of 'pg_ctl'."
+	fi
+}
+
+src_test() {
+	if use server && [[ ${UID} -ne 0 ]] ; then
+		# Some ICU tests fail if LC_CTYPE and LC_COLLATE aren't the same. We set
+		# LC_CTYPE to be equal to LC_COLLATE since LC_COLLATE is set by Portage.
+		local old_ctype=${LC_CTYPE}
+		export LC_CTYPE=${LC_COLLATE}
+		emake check
+		export LC_CTYPE=${old_ctype}
+		einfo "If you think other tests besides the regression tests are necessary, please"
+		einfo "submit a bug including a patch for this ebuild to enable them."
+	else
+		use server || \
+			ewarn 'Tests cannot be run without the "server" use flag enabled.'
+		[[ ${UID} -eq 0 ]] || \
+			ewarn 'Tests cannot be run as root. Enable "userpriv" in FEATURES.'
+
+		ewarn 'Skipping.'
+	fi
+}
diff --git a/dev-db/postgresql/postgresql-15.5.ebuild b/dev-db/postgresql/postgresql-15.5.ebuild
index f2d026f6dca0..aebc9d9ad3be 100644
--- a/dev-db/postgresql/postgresql-15.5.ebuild
+++ b/dev-db/postgresql/postgresql-15.5.ebuild
@@ -45,7 +45,8 @@ perl? ( >=dev-lang/perl-5.8:= )
 python? ( ${PYTHON_DEPS} )
 readline? ( sys-libs/readline:0= )
 server? ( systemd? ( sys-apps/systemd ) )
-ssl? ( >=dev-libs/openssl-0.9.6-r1:0= )
+ssl? ( >=dev-libs/openssl-0.9.6-r1:0=
+	<dev-libs/openssl-3.2 )
 tcl? ( >=dev-lang/tcl-8:0= )
 xml? ( dev-libs/libxml2 dev-libs/libxslt )
 zlib? ( sys-libs/zlib )
diff --git a/dev-db/postgresql/postgresql-16.1-r1.ebuild b/dev-db/postgresql/postgresql-16.1-r1.ebuild
new file mode 100644
index 000000000000..c563a2a73f9d
--- /dev/null
+++ b/dev-db/postgresql/postgresql-16.1-r1.ebuild
@@ -0,0 +1,468 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10,11,12} )
+LLVM_MAX_SLOT=17
+
+inherit flag-o-matic linux-info llvm pam python-single-r1 systemd tmpfiles
+
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris"
+
+SLOT=$(ver_cut 1)
+
+MY_PV=${PV/_/}
+S="${WORKDIR}/${PN}-${MY_PV}"
+
+SRC_URI="https://ftp.postgresql.org/pub/source/v${MY_PV}/postgresql-${MY_PV}.tar.bz2"
+
+LICENSE="POSTGRESQL GPL-2"
+DESCRIPTION="PostgreSQL RDBMS"
+HOMEPAGE="https://www.postgresql.org/"
+
+IUSE="debug doc +icu kerberos ldap llvm lz4 nls pam perl python
+	  +readline selinux +server systemd ssl static-libs tcl uuid xml
+	  zlib zstd"
+
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+CDEPEND="
+>=app-eselect/eselect-postgresql-2.0
+acct-group/postgres
+acct-user/postgres
+sys-apps/less
+virtual/libintl
+icu? ( dev-libs/icu:= )
+kerberos? ( app-crypt/mit-krb5 )
+ldap? ( net-nds/openldap:= )
+llvm? (
+	<sys-devel/llvm-18:=
+	<sys-devel/clang-18:=
+)
+lz4? ( app-arch/lz4 )
+pam? ( sys-libs/pam )
+perl? ( >=dev-lang/perl-5.8:= )
+python? ( ${PYTHON_DEPS} )
+readline? ( sys-libs/readline:0= )
+server? ( systemd? ( sys-apps/systemd ) )
+ssl? ( >=dev-libs/openssl-0.9.6-r1:0= )
+tcl? ( >=dev-lang/tcl-8:0= )
+xml? ( dev-libs/libxml2 dev-libs/libxslt )
+zlib? ( sys-libs/zlib )
+zstd? ( app-arch/zstd )
+"
+
+# uuid flags -- depend on sys-apps/util-linux for Linux libcs, or if no
+# supported libc in use depend on dev-libs/ossp-uuid. For BSD systems,
+# the libc includes UUID functions.
+UTIL_LINUX_LIBC=( elibc_{glibc,musl} )
+
+nest_usedep() {
+	local front back
+	while [[ ${#} -gt 1 ]]; do
+		front+="${1}? ( "
+		back+=" )"
+		shift
+	done
+	echo "${front}${1}${back}"
+}
+
+CDEPEND+="
+uuid? (
+	${UTIL_LINUX_LIBC[@]/%/? ( sys-apps/util-linux )}
+	$(nest_usedep ${UTIL_LINUX_LIBC[@]/#/!} dev-libs/ossp-uuid)
+)"
+
+DEPEND="${CDEPEND}
+sys-devel/bison
+app-alternatives/lex
+nls? ( sys-devel/gettext )
+xml? ( virtual/pkgconfig )
+"
+
+RDEPEND="${CDEPEND}
+selinux? ( sec-policy/selinux-postgresql )
+"
+
+pkg_setup() {
+	use llvm && llvm_pkg_setup
+
+	use server && CONFIG_CHECK="~SYSVIPC" linux-info_pkg_setup
+
+	use python && python-single-r1_pkg_setup
+}
+
+src_prepare() {
+	# Set proper run directory
+	sed "s|\(PGSOCKET_DIR\s\+\)\"/tmp\"|\1\"${EPREFIX}/run/postgresql\"|" \
+		-i src/include/pg_config_manual.h || die
+
+	# Rely on $PATH being in the proper order so that the correct
+	# install program is used for modules utilizing PGXS in both
+	# hardened and non-hardened environments. (Bug #528786)
+	sed 's/@install_bin@/install -c/' -i src/Makefile.global.in || die
+
+	use server || eapply "${FILESDIR}/${PN}-15_beta3-no-server.patch"
+
+	if use pam ; then
+		sed "s/\(#define PGSQL_PAM_SERVICE \"postgresql\)/\1-${SLOT}/" \
+			-i src/backend/libpq/auth.c || \
+			die 'PGSQL_PAM_SERVICE rename failed.'
+	fi
+
+	eapply "${FILESDIR}"/postgresql-16-openssl3.2.patch
+
+	eapply_user
+}
+
+src_configure() {
+	case ${CHOST} in
+		*-darwin*|*-solaris*)
+			use nls && append-libs intl
+			;;
+	esac
+
+	export LDFLAGS_SL="${LDFLAGS}"
+	export LDFLAGS_EX="${LDFLAGS}"
+
+	local PO="${EPREFIX}"
+
+	local i uuid_config=""
+	if use uuid; then
+		for i in ${UTIL_LINUX_LIBC[@]}; do
+			use ${i} && uuid_config="--with-uuid=e2fs"
+		done
+		[[ -z $uuid_config ]] && uuid_config="--with-uuid=ossp"
+	fi
+
+	local myconf="\
+		--prefix="${PO}/usr/$(get_libdir)/postgresql-${SLOT}" \
+		--datadir="${PO}/usr/share/postgresql-${SLOT}" \
+		--includedir="${PO}/usr/include/postgresql-${SLOT}" \
+		--mandir="${PO}/usr/share/postgresql-${SLOT}/man" \
+		--sysconfdir="${PO}/etc/postgresql-${SLOT}" \
+		--with-system-tzdata="${PO}/usr/share/zoneinfo" \
+		$(use_enable debug) \
+		$(use_with icu) \
+		$(use_with kerberos gssapi) \
+		$(use_with ldap) \
+		$(use_with llvm) \
+		$(use_with lz4) \
+		$(use_with pam) \
+		$(use_with perl) \
+		$(use_with python) \
+		$(use_with readline) \
+		$(use_with ssl openssl) \
+		$(usex server "$(use_with systemd)" '--without-systemd') \
+		$(use_with tcl) \
+		${uuid_config} \
+		$(use_with xml libxml) \
+		$(use_with xml libxslt) \
+		$(use_with zlib) \
+		$(use_with zstd) \
+		$(use_enable nls)"
+	if use alpha; then
+		myconf+=" --disable-spinlocks"
+	else
+		# Should be the default but just in case
+		myconf+=" --enable-spinlocks"
+	fi
+	econf ${myconf}
+}
+
+src_compile() {
+	emake
+	emake -C contrib
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+	emake DESTDIR="${D}" install -C contrib
+
+	dodoc README HISTORY
+
+	# man pages are already built, but if we have the target make them,
+	# they'll be generated from source before being installed so we
+	# manually install man pages.
+	# We use ${SLOT} instead of doman for postgresql.eselect
+	insinto /usr/share/postgresql-${SLOT}/man/
+	doins -r doc/src/sgml/man{1,3,7}
+	if ! use server; then
+		# Remove man pages for non-existent binaries
+		serverman=(
+			initdb
+			pg_{archivecleanup,controldata,ctl,resetwal,rewind,standby}
+			pg_{test_{fsync,timing},upgrade,waldump}
+			post{gres,master}
+		)
+		for m in ${serverman[@]} ; do
+			rm "${ED}/usr/share/postgresql-${SLOT}/man/man1/${m}.1"
+		done
+	fi
+	docompress /usr/share/postgresql-${SLOT}/man/man{1,3,7}
+
+	# Create slot specific man pages
+	local bn f mansec slotted_name
+	for mansec in 1 3 7 ; do
+		local rel_manpath="../../postgresql-${SLOT}/man/man${mansec}"
+
+		mkdir -p "${ED}"/usr/share/man/man${mansec} || die "making man dir"
+		pushd "${ED}"/usr/share/man/man${mansec} > /dev/null || die "pushd failed"
+
+		for f in "${ED}/usr/share/postgresql-${SLOT}/man/man${mansec}"/* ; do
+			bn=$(basename "${f}")
+			slotted_name=${bn%.${mansec}}${SLOT}.${mansec}
+			case ${bn} in
+				TABLE.7|WITH.7)
+					echo ".so ${rel_manpath}/SELECT.7" > ${slotted_name}
+					;;
+				*)
+					echo ".so ${rel_manpath}/${bn}" > ${slotted_name}
+					;;
+			esac
+		done
+
+		popd > /dev/null
+	done
+
+	insinto /etc/postgresql-${SLOT}
+	newins src/bin/psql/psqlrc.sample psqlrc
+
+	# Don't delete libpg{port,common}.a (Bug #571046). They're always
+	# needed by extensions utilizing PGXS.
+	use static-libs || \
+		find "${ED}" -name '*.a' ! -name libpgport.a ! -name libpgcommon.a \
+			 -delete
+
+	# Make slot specific links to programs
+	local f bn
+	for f in $(find "${ED}/usr/$(get_libdir)/postgresql-${SLOT}/bin" \
+					-mindepth 1 -maxdepth 1)
+	do
+		bn=$(basename "${f}")
+		dosym "../$(get_libdir)/postgresql-${SLOT}/bin/${bn}" \
+			  "/usr/bin/${bn}${SLOT/.}"
+	done
+
+	if use doc ; then
+		docinto html
+		dodoc doc/src/sgml/html/*
+	fi
+
+	if use server; then
+		sed -e "s|@SLOT@|${SLOT}|g" -e "s|@LIBDIR@|$(get_libdir)|g" \
+			"${FILESDIR}/${PN}.confd-9.3" | newconfd - ${PN}-${SLOT}
+
+		sed -e "s|@SLOT@|${SLOT}|g" -e "s|@LIBDIR@|$(get_libdir)|g" \
+			"${FILESDIR}/${PN}.init-9.3-r1" | newinitd - ${PN}-${SLOT}
+
+		if use systemd; then
+			sed -e "s|@SLOT@|${SLOT}|g" -e "s|@LIBDIR@|$(get_libdir)|g" \
+				"${FILESDIR}/${PN}.service-9.6-r1" | \
+				systemd_newunit - ${PN}-${SLOT}.service
+			newbin "${FILESDIR}"/${PN}-check-db-dir ${PN}-${SLOT}-check-db-dir
+			newtmpfiles "${FILESDIR}"/${PN}.tmpfiles ${PN}-${SLOT}.conf
+		fi
+
+		use pam && pamd_mimic system-auth ${PN}-${SLOT} auth account session
+
+		if use prefix ; then
+			keepdir /run/postgresql
+			fperms 1775 /run/postgresql
+		fi
+	fi
+}
+
+pkg_postinst() {
+	use server && use systemd && tmpfiles_process ${PN}-${SLOT}.conf
+	postgresql-config update
+
+	elog "If you need a global psqlrc-file, you can place it in:"
+	elog "    ${EROOT}/etc/postgresql-${SLOT}/"
+
+	if use server ; then
+		elog
+		elog "Gentoo specific documentation:"
+		elog "https://wiki.gentoo.org/wiki/PostgreSQL"
+		elog
+		elog "Official documentation:"
+		elog "https://www.postgresql.org/docs/${SLOT}/static/index.html"
+		elog
+		elog "The default location of the Unix-domain socket is:"
+		elog "    ${EROOT}/run/postgresql/"
+		elog
+		elog "Before initializing the database, you may want to edit PG_INITDB_OPTS"
+		elog "so that it contains your preferred locale in:"
+		elog "    ${EROOT}/etc/conf.d/postgresql-${SLOT}"
+		elog
+		elog "Then, execute the following command to setup the initial database"
+		elog "environment:"
+		elog "    emerge --config =${CATEGORY}/${PF}"
+
+		if [[ -n ${REPLACING_VERSIONS} ]] ; then
+			ewarn "If your system is using 'pg_stat_statements' and you are running a"
+			ewarn "version of PostgreSQL ${SLOT}, we advise that you execute"
+			ewarn "the following command after upgrading:"
+			ewarn
+			ewarn "ALTER EXTENSION pg_stat_statements UPDATE;"
+		fi
+	fi
+}
+
+pkg_prerm() {
+	if use server && [[ -z ${REPLACED_BY_VERSION} ]] ; then
+		ewarn "Have you dumped and/or migrated the ${SLOT} database cluster?"
+		ewarn "\thttps://wiki.gentoo.org/wiki/PostgreSQL/QuickStart#Migrating_PostgreSQL"
+
+		ebegin "Resuming removal in 10 seconds (Control-C to cancel)"
+		sleep 10
+		eend 0
+	fi
+}
+
+pkg_postrm() {
+	postgresql-config update
+}
+
+pkg_config() {
+	use server || die "USE flag 'server' not enabled. Nothing to configure."
+
+	[[ -f "${EROOT}/etc/conf.d/postgresql-${SLOT}" ]] \
+		&& source "${EROOT}/etc/conf.d/postgresql-${SLOT}"
+	[[ -z "${PGDATA}" ]] && PGDATA="${EROOT}/etc/postgresql-${SLOT}/"
+	[[ -z "${DATA_DIR}" ]] \
+		&& DATA_DIR="${EROOT}/var/lib/postgresql/${SLOT}/data"
+
+	# environment.bz2 may not contain the same locale as the current system
+	# locale. Unset and source from the current system locale.
+	if [ -f "${EROOT}/etc/env.d/02locale" ]; then
+		unset LANG
+		unset LC_CTYPE
+		unset LC_NUMERIC
+		unset LC_TIME
+		unset LC_COLLATE
+		unset LC_MONETARY
+		unset LC_MESSAGES
+		unset LC_ALL
+		source "${EROOT}/etc/env.d/02locale"
+		[ -n "${LANG}" ] && export LANG
+		[ -n "${LC_CTYPE}" ] && export LC_CTYPE
+		[ -n "${LC_NUMERIC}" ] && export LC_NUMERIC
+		[ -n "${LC_TIME}" ] && export LC_TIME
+		[ -n "${LC_COLLATE}" ] && export LC_COLLATE
+		[ -n "${LC_MONETARY}" ] && export LC_MONETARY
+		[ -n "${LC_MESSAGES}" ] && export LC_MESSAGES
+		[ -n "${LC_ALL}" ] && export LC_ALL
+	fi
+
+	einfo "You can modify the paths and options passed to initdb by editing:"
+	einfo "    ${EROOT}/etc/conf.d/postgresql-${SLOT}"
+	einfo
+	einfo "Information on options that can be passed to initdb are found at:"
+	einfo "    https://www.postgresql.org/docs/${SLOT}/static/creating-cluster.html"
+	einfo "    https://www.postgresql.org/docs/${SLOT}/static/app-initdb.html"
+	einfo
+	einfo "PG_INITDB_OPTS is currently set to:"
+	if [[ -z "${PG_INITDB_OPTS}" ]] ; then
+		einfo "    (none)"
+	else
+		einfo "    ${PG_INITDB_OPTS}"
+	fi
+	einfo
+	einfo "Configuration files will be installed to:"
+	einfo "    ${PGDATA}"
+	einfo
+	einfo "The database cluster will be created in:"
+	einfo "    ${DATA_DIR}"
+	einfo
+
+	ebegin "Continuing initialization in 5 seconds (Control-C to cancel)"
+	sleep 5
+	eend 0
+
+	if [ -n "$(ls -A ${DATA_DIR} 2> /dev/null)" ] ; then
+		eerror "The given directory, '${DATA_DIR}', is not empty."
+		eerror "Modify DATA_DIR to point to an empty directory."
+		die "${DATA_DIR} is not empty."
+	fi
+
+	einfo "Creating the data directory ..."
+	if [[ ${EUID} == 0 ]] ; then
+		mkdir -p "$(dirname ${DATA_DIR%/})" || die "Couldn't parent dirs"
+		mkdir -m 0700 "${DATA_DIR%/}" || die "Couldn't make DATA_DIR"
+		chown -h postgres:postgres "${DATA_DIR%/}" || die "Couldn't chown"
+	fi
+
+	einfo "Initializing the database ..."
+
+	if [[ ${EUID} == 0 ]] ; then
+		su - postgres -c "${EROOT}/usr/$(get_libdir)/postgresql-${SLOT}/bin/initdb -D \"${DATA_DIR}\" ${PG_INITDB_OPTS}"
+	else
+		"${EROOT}"/usr/$(get_libdir)/postgresql-${SLOT}/bin/initdb -U postgres -D "${DATA_DIR}" ${PG_INITDB_OPTS}
+	fi
+
+	if [[ "${DATA_DIR%/}" != "${PGDATA%/}" ]] ; then
+		mv "${DATA_DIR%/}"/{pg_{hba,ident},postgresql}.conf "${PGDATA}"
+		ln -s "${PGDATA%/}"/{pg_{hba,ident},postgresql}.conf "${DATA_DIR%/}"
+	fi
+
+	# unix_socket_directory has no effect in postgresql.conf as it's
+	# overridden in the initscript
+	sed '/^#unix_socket_directories/,+1d' -i "${PGDATA%/}"/postgresql.conf
+
+	cat <<- EOF >> "${PGDATA%/}"/postgresql.conf
+		# This is here because of https://bugs.gentoo.org/show_bug.cgi?id=518522
+		# On the off-chance that you might need to work with UTF-8 encoded
+		# characters in PL/Perl
+		plperl.on_init = 'use utf8; use re; package utf8; require "utf8_heavy.pl";'
+	EOF
+
+	einfo "The autovacuum function, which was in contrib, has been moved to the main"
+	einfo "PostgreSQL functions starting with 8.1, and starting with 8.4 is now enabled"
+	einfo "by default. You can disable it in the cluster's:"
+	einfo "    ${PGDATA%/}/postgresql.conf"
+	einfo
+	if ! use systemd; then
+		einfo "The PostgreSQL server, by default, will log events to:"
+		einfo "    ${DATA_DIR%/}/postmaster.log"
+		einfo
+	fi
+	if use prefix ; then
+		einfo "The location of the configuration files have moved to:"
+		einfo "    ${PGDATA}"
+		einfo "To start the server:"
+		einfo "    pg_ctl start -D ${DATA_DIR} -o '-D ${PGDATA} --data-directory=${DATA_DIR}'"
+		einfo "To stop:"
+		einfo "    pg_ctl stop -D ${DATA_DIR}"
+		einfo
+		einfo "Or move the configuration files back:"
+		einfo "mv ${PGDATA}*.conf ${DATA_DIR}"
+	elif use systemd; then
+		einfo "You should use the 'postgresql-${SLOT}.service' unit to run PostgreSQL"
+		einfo "instead of 'pg_ctl'."
+	else
+		einfo "You should use the '${EROOT}/etc/init.d/postgresql-${SLOT}' script to run PostgreSQL"
+		einfo "instead of 'pg_ctl'."
+	fi
+}
+
+src_test() {
+	if use server && [[ ${UID} -ne 0 ]] ; then
+		# Some ICU tests fail if LC_CTYPE and LC_COLLATE aren't the same. We set
+		# LC_CTYPE to be equal to LC_COLLATE since LC_COLLATE is set by Portage.
+		local old_ctype=${LC_CTYPE}
+		export LC_CTYPE=${LC_COLLATE}
+		emake check
+		export LC_CTYPE=${old_ctype}
+		einfo "If you think other tests besides the regression tests are necessary, please"
+		einfo "submit a bug including a patch for this ebuild to enable them."
+	else
+		use server || \
+			ewarn 'Tests cannot be run without the "server" use flag enabled.'
+		[[ ${UID} -eq 0 ]] || \
+			ewarn 'Tests cannot be run as root. Enable "userpriv" in FEATURES.'
+
+		ewarn 'Skipping.'
+	fi
+}
diff --git a/dev-db/postgresql/postgresql-16.1.ebuild b/dev-db/postgresql/postgresql-16.1.ebuild
index feea2c2a5888..f86079824aee 100644
--- a/dev-db/postgresql/postgresql-16.1.ebuild
+++ b/dev-db/postgresql/postgresql-16.1.ebuild
@@ -46,7 +46,8 @@ perl? ( >=dev-lang/perl-5.8:= )
 python? ( ${PYTHON_DEPS} )
 readline? ( sys-libs/readline:0= )
 server? ( systemd? ( sys-apps/systemd ) )
-ssl? ( >=dev-libs/openssl-0.9.6-r1:0= )
+ssl? ( >=dev-libs/openssl-0.9.6-r1:0=
+	<dev-libs/openssl-3.2 )
 tcl? ( >=dev-lang/tcl-8:0= )
 xml? ( dev-libs/libxml2 dev-libs/libxslt )
 zlib? ( sys-libs/zlib )