postgresql17-17.2-150600.13.5.1

- Upgrade to 17.2:
  * Repair ABI break for extensions that work with struct
    ResultRelInfo.
  * Restore functionality of ALTER {ROLE|DATABASE} SET role.
  * Fix cases where a logical replication slot's restart_lsn could
    go backwards.
  * Avoid deleting still-needed WAL files during pg_rewind.
  * Fix race conditions associated with dropping shared statistics
    entries.
  * Count index scans in contrib/bloom indexes in the statistics
    views, such as the pg_stat_user_indexes.idx_scan counter.
  * Fix crash when checking to see if an index's opclass options
    have changed.
  * Avoid assertion failure caused by disconnected NFA sub-graphs
    in regular expression parsing.
  * https://www.postgresql.org/docs/release/17.2/

- Upgrade to 17.1:
  * CVE-2024-10976, bsc#1233323: Ensure cached plans are marked as
    dependent on the calling role when RLS applies to a
    non-top-level table reference.
  * CVE-2024-10977, bsc#1233325: Make libpq discard error messages
    received during SSL or GSS protocol negotiation.
  * CVE-2024-10978, bsc#1233326: Fix unintended interactions
    between SET SESSION AUTHORIZATION and SET ROLE
  * CVE-2024-10979, bsc#1233327: Prevent trusted PL/Perl code from
    changing environment variables.
  * obsoletes postgresql17-jsonb_jsonpath.patch
  * https://www.postgresql.org/about/news/p-2955/
  * https://www.postgresql.org/docs/release/17.1/

- Add postgresql17-jsonb_jsonpath.patch as a temporary build fix.

- Use cmake(LLVM) < instead of <= to also allow building against
  LLVM 18.1 and newer 18.x versions

- Upgrade to 17.0:
  * New memory management system for VACUUM, which reduces memory
    consumption and can improve overall vacuuming performance.
  * New SQL/JSON capabilities, including constructors, identity
    functions, and the JSON_TABLE() function, which converts JSON
    data into a table representation.
  * Various query performance improvements, including for
    sequential reads using streaming I/O, write throughput under
    high concurrency, and searches over multiple values in a btree
    index.
  * Logical replication enhancements, including:
    + Failover control
    + pg_createsubscriber, a utility that creates logical replicas
    from physical standbys
    + pg_upgrade now preserves replication slots on both publishers
    and subscribers
  * New client-side connection option, sslnegotiation=direct, that
    performs a direct TLS handshake to avoid a round-trip
    negotiation.
  * pg_basebackup now supports incremental backup.
  * COPY adds a new option, ON_ERROR ignore, that allows a copy
    operation to continue in the event of an error.
  * https://www.postgresql.org/about/news/p-2936/
  * https://www.postgresql.org/docs/17/release-17.html

- Upgrade to 17rc1
  https://www.postgresql.org/about/news/postgresql-17-rc1-released-2926/

- Upgrade to 17beta3 (bsc#1229013):
  * bsc#1229013, CVE-2024-7348 PostgreSQL relation replacement
    during pg_dump executes arbitrary SQL
  * https://www.postgresql.org/about/news/p-2910/

- Upgrade to 17beta2.

- Upgrade to 17beta1.
- Allow LLVM <= 18

- Prepare for PostgreSQL 17.
- Make sure all compilation and doc generation happens in %build.

- Require LLVM <= 17 for now, because LLVM 18 doesn't seem to work.

- Remove constraints file because improved memory usage for s390x

- Use %patch -P N instead of deprecated %patchN.

- Upgrade to 16.2:
  * bsc#1219679, CVE-2024-0985: Tighten security restrictions
    within REFRESH MATERIALIZED VIEW CONCURRENTLY.
    One step of a concurrent refresh command was run under weak
    security restrictions. If a materialized view's owner could
    persuade a superuser or other high-privileged user to perform a
    concurrent refresh on that view, the view's owner could control
    code executed with the privileges of the user running REFRESH.
    Fix things so that all user-determined code is run as the
    view's owner, as expected
  * If you use GIN indexes, you may need to reindex after updating
    to this release.
  * LLVM 18 is now supported.
  * https://www.postgresql.org/docs/release/16.2/

- Upgrade to 16.1:
  * bsc#1216962, CVE-2023-5868: Fix handling of unknown-type
    arguments in DISTINCT "any" aggregate functions. This error led
    to a text-type value being interpreted as an unknown-type value
    (that is, a zero-terminated string) at runtime. This could
    result in disclosure of server memory following the text value.
  * bsc#1216961, CVE-2023-5869: Detect integer overflow while
    computing new array dimensions. When assigning new elements to
    array subscripts that are outside the current array bounds, an
    undetected integer overflow could occur in edge cases. Memory
    stomps that are potentially exploitable for arbitrary code
    execution are possible, and so is disclosure of server memory.
  * bsc#1216960, CVE-2023-5870: Prevent the pg_signal_backend role
    from signalling background workers and autovacuum processes.
    The documentation says that pg_signal_backend cannot issue
    signals to superuser-owned processes. It was able to signal
    these background  processes, though, because they advertise a
    role OID of zero. Treat that as indicating superuser ownership.
    The security implications of cancelling one of these process
    types are fairly small so far as the core code goes (we'll just
    start another one), but extensions might add background workers
    that are more vulnerable.
    Also ensure that the is_superuser parameter is set correctly in
    such processes. No specific security consequences are known for
    that oversight, but it might be significant for some extensions.
  * Add support for LLVM 16 and 17
  * https://www.postgresql.org/docs/16/release-16-1.html

- boo#1216734: Revert the last change and make the devel package
  independend of all other subpackages except for the libs.

- boo#1216022: Call install-alternatives from the devel subpackage
  as well, otherwise the symlink for ecpg might be missing.

- Also buildignore the postgresql*-implementation symbols: this is
  needed in order to bootstrap when no postgresql version currently
  has valid symbols provided. Once the packages are built, OBS
  could translate this to the pgname-* packages and accept the
  ignores; during bootstrap though, there is nothing providing the
  symbol and the existing buildignores do not suffice.

- Upgrade to 16.0:
  * https://www.postgresql.org/about/news/2715
  * https://www.postgresql.org/docs/16/release-16.html

- Upgrade to 16rc1:
  * https://www.postgresql.org/about/news/2702/