postgresql: 12.18 -> 12.19, 13.14 -> 13.15, 14.11 -> 14.12, 15.6 -> 15.7, 16.2 -> 16.3, fix CVE-2024-4317 for 14+

[Ma27]

Description of changes

Announcement: https://www.postgresql.org/about/news/postgresql-163-157-1412-1315-and-1219-released-2858/

cc @wolfgangwalther @ajs124 @mweinelt

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
  • sandbox = relaxed
  • sandbox = true
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 24.05 Release Notes (or backporting 23.05 and 23.11 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
• Fits CONTRIBUTING.md.

---

Add a 👍 reaction to pull requests you find important.

[Ma27]

Note: nominatim is still building, would like to see if it just works with latest postgresql. Otherwise I'd mark it as broken.

SGTM. cc @mausch

[wolfgangwalther]

There is this piece in generic.nix:

    # TODO: Remove after the next set of minor releases on May 9th 2024
    preCheck =
      # On musl, comment skip the following tests, because they break due to
      #     ! ERROR:  could not load library "/build/postgresql-11.5/tmp_install/nix/store/...-postgresql-11.5-lib/lib/libpqwalreceiver.so": Error loading shared library libpq.so.5: No such file or directory (needed by /build/postgresql-11.5/tmp_install/nix/store/...-postgresql-11.5-lib/lib/libpqwalreceiver.so)
      # See also here:
      #     https://git.alpinelinux.org/aports/tree/main/postgresql/disable-broken-tests.patch?id=6d7d32c12e073a57a9e5946e55f4c1fbb68bd442
      if stdenv'.hostPlatform.isMusl then ''
        substituteInPlace src/test/regress/parallel_schedule \
          --replace "subscription" "" \
          --replace "object_address" ""
      '' else null;

This can be removed entirely. We better double check whether pkgsMusl.postgresql builds fine after, but it should.

[Ma27]

Updated, v12 is part of the PR now.

[wolfgangwalther]

The other comment above still applies: #310580 (comment)

I added that TODO do remove the test exceptions with the next minor release, so we should do that now.

[Ma27]

Pushed a fix, currently running a pkgsMusl build just to be sure.

EDIT: looks good.

[wolfgangwalther]

Pushed a fix

@Ma27 Did you actually push? I can't see the changes in the PR.

[Ma27]

Now I did, apologies!
Was in a hurry this afternoon.