9 files changed, 153 insertions, 12 deletions

diff --git a/databases/mysql80-server/files/patch-cmake_ssl.cmake b/databases/mysql80-server/files/patch-cmake_ssl.cmake
index e35e3f0edff8..9173b842a952 100644
--- a/databases/mysql80-server/files/patch-cmake_ssl.cmake
+++ b/databases/mysql80-server/files/patch-cmake_ssl.cmake
@@ -9,14 +9,15 @@
          )
        STRING(REGEX REPLACE
          "^.*OPENSSL_VERSION_NUMBER[\t ]+0x([0-9]).*$" "\\1"
-@@ -214,13 +214,14 @@ MACRO (MYSQL_CHECK_SSL)
+@@ -222,13 +222,14 @@ MACRO (MYSQL_CHECK_SSL)
          OPENSSL_FIX_VERSION "${OPENSSL_VERSION_NUMBER}"
          )
      ENDIF()
 -    IF("${OPENSSL_MAJOR_VERSION}.${OPENSSL_MINOR_VERSION}.${OPENSSL_FIX_VERSION}" VERSION_GREATER "1.1.0")
+-       ADD_DEFINITIONS(-DHAVE_TLSv13)
 +    CHECK_SYMBOL_EXISTS(TLS1_3_VERSION "openssl/tls1.h" HAVE_TLS1_3_VERSION)
 +    IF(HAVE_TLS1_3_VERSION)
-        ADD_DEFINITIONS(-DHAVE_TLSv13)
++       #ADD_DEFINITIONS(-DHAVE_TLSv13)
      ENDIF()
      IF(OPENSSL_INCLUDE_DIR AND
         OPENSSL_LIBRARY   AND
diff --git a/databases/mysql80-server/files/patch-man_CMakeLists.txt b/databases/mysql80-server/files/patch-man_CMakeLists.txt
index d624bab8144b..a08c4ce564c0 100644
--- a/databases/mysql80-server/files/patch-man_CMakeLists.txt
+++ b/databases/mysql80-server/files/patch-man_CMakeLists.txt
@@ -1,6 +1,6 @@
 --- man/CMakeLists.txt.orig	2020-10-20 11:47:42.675974000 +0200
 +++ man/CMakeLists.txt	2020-10-20 13:53:03.993879000 +0200
-@@ -23,21 +23,10 @@
+@@ -23,26 +23,14 @@
  # Copy man pages
  SET(MAN1
    comp_err.1
@@ -22,6 +22,11 @@
    mysqladmin.1
    mysqlbinlog.1
    mysqlcheck.1
+   mysqldump.1
+-  mysqldumpslow.1
+   mysqlimport.1
+   mysqlman.1
+   mysqlpump.1
 @@ -52,13 +41,23 @@ SET(MAN1
    zlib_decompress.1
    )
diff --git a/databases/mysql80-server/files/patch-plugin_group__replication_libmysqlgcs_src_bindings_xcom_xcom_xcom__ssl__transport.c b/databases/mysql80-server/files/patch-plugin_group__replication_libmysqlgcs_src_bindings_xcom_xcom_xcom__ssl__transport.c
index 66630594fdf0..9dcdca8bd775 100644
--- a/databases/mysql80-server/files/patch-plugin_group__replication_libmysqlgcs_src_bindings_xcom_xcom_xcom__ssl__transport.c
+++ b/databases/mysql80-server/files/patch-plugin_group__replication_libmysqlgcs_src_bindings_xcom_xcom_xcom__ssl__transport.c
@@ -1,6 +1,51 @@
 --- plugin/group_replication/libmysqlgcs/src/bindings/xcom/xcom/xcom_ssl_transport.cc.orig	2019-09-20 08:30:51 UTC
 +++ plugin/group_replication/libmysqlgcs/src/bindings/xcom/xcom/xcom_ssl_transport.cc
-@@ -329,6 +329,7 @@ error:
+@@ -175,7 +175,7 @@ SSL_CTX *client_ctx = NULL;
+ static long process_tls_version(const char *tls_version) {
+   const char *separator = ", ";
+   char *token = NULL;
+-#ifdef HAVE_TLSv13
++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER)
+   const char *tls_version_name_list[] = {"TLSv1", "TLSv1.1", "TLSv1.2",
+                                          "TLSv1.3"};
+ #else
+@@ -184,7 +184,7 @@ static long process_tls_version(const char *tls_versio
+ #define TLS_VERSIONS_COUNTS \
+   (sizeof(tls_version_name_list) / sizeof(*tls_version_name_list))
+   unsigned int tls_versions_count = TLS_VERSIONS_COUNTS;
+-#ifdef HAVE_TLSv13
++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER)
+   const long tls_ctx_list[TLS_VERSIONS_COUNTS] = {
+       SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2, SSL_OP_NO_TLSv1_3};
+   const char *ctx_flag_default = "TLSv1,TLSv1.1,TLSv1.2,TLSv1.3";
+@@ -240,7 +240,7 @@ static int configure_ssl_algorithms(
+   long ssl_ctx_options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
+   char cipher_list[SSL_CIPHER_LIST_SIZE] = {0};
+   long ssl_ctx_flags = -1;
+-#ifdef HAVE_TLSv13
++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER)
+   int tlsv1_3_enabled = 0;
+ #endif /* HAVE_TLSv13 */
+ 
+@@ -253,7 +253,7 @@ static int configure_ssl_algorithms(
+     goto error;
+   }
+ 
+-#ifdef HAVE_TLSv13
++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER)
+   ssl_ctx_options = (ssl_ctx_options | ssl_ctx_flags) &
+                     (SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 |
+                      SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3);
+@@ -265,7 +265,7 @@ static int configure_ssl_algorithms(
+ 
+   SSL_CTX_set_options(ssl_ctx, ssl_ctx_options);
+ 
+-#ifdef HAVE_TLSv13
++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER)
+   tlsv1_3_enabled = ((ssl_ctx_options & SSL_OP_NO_TLSv1_3) == 0);
+   if (tlsv1_3_enabled) {
+     /* Set OpenSSL TLS v1.3 ciphersuites.
+@@ -325,6 +325,7 @@ error:
    return 1;
  }
  
@@ -8,7 +53,7 @@
  #define OPENSSL_ERROR_LENGTH 512
  static int configure_ssl_fips_mode(const uint fips_mode) {
    int rc = -1;
-@@ -352,6 +353,7 @@ static int configure_ssl_fips_mode(const uint fips_mod
+@@ -348,6 +349,7 @@ static int configure_ssl_fips_mode(const uint fips_mod
  EXIT:
    return rc;
  }
@@ -16,7 +61,7 @@
  
  static int configure_ssl_ca(SSL_CTX *ssl_ctx, const char *ca_file,
                              const char *ca_path) {
-@@ -555,10 +557,12 @@ int xcom_init_ssl(const char *server_key_file, const c
+@@ -544,10 +546,12 @@ int xcom_init_ssl(const char *server_key_file, const c
    int verify_server = SSL_VERIFY_NONE;
    int verify_client = SSL_VERIFY_NONE;
  
@@ -29,3 +74,21 @@
  
    SSL_library_init();
    SSL_load_error_strings();
+@@ -563,7 +567,7 @@ int xcom_init_ssl(const char *server_key_file, const c
+   }
+ 
+   G_DEBUG("Configuring SSL for the server")
+-#ifdef HAVE_TLSv13
++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER)
+   server_ctx = SSL_CTX_new(TLS_server_method());
+ #else
+   server_ctx = SSL_CTX_new(SSLv23_server_method());
+@@ -582,7 +586,7 @@ int xcom_init_ssl(const char *server_key_file, const c
+   SSL_CTX_set_verify(server_ctx, verify_server, NULL);
+ 
+   G_DEBUG("Configuring SSL for the client")
+-#ifdef HAVE_TLSv13
++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER)
+   client_ctx = SSL_CTX_new(TLS_client_method());
+ #else
+   client_ctx = SSL_CTX_new(SSLv23_client_method());
diff --git a/databases/mysql80-server/files/patch-router_src_http_src_tls__client__context.cc b/databases/mysql80-server/files/patch-router_src_harness_src_tls__client__context.cc
index 9ce59673f0b8..9ce59673f0b8 100644
--- a/databases/mysql80-server/files/patch-router_src_http_src_tls__client__context.cc
+++ b/databases/mysql80-server/files/patch-router_src_harness_src_tls__client__context.cc
diff --git a/databases/mysql80-server/files/patch-router_src_http_src_tls__context.cc b/databases/mysql80-server/files/patch-router_src_harness_src_tls__context.cc
index 57b1cc01903a..57b1cc01903a 100644
--- a/databases/mysql80-server/files/patch-router_src_http_src_tls__context.cc
+++ b/databases/mysql80-server/files/patch-router_src_harness_src_tls__context.cc
diff --git a/databases/mysql80-server/files/patch-router_src_http_src_tls__server__context.cc b/databases/mysql80-server/files/patch-router_src_harness_src_tls__server__context.cc
index 8fcf93f23609..8fcf93f23609 100644
--- a/databases/mysql80-server/files/patch-router_src_http_src_tls__server__context.cc
+++ b/databases/mysql80-server/files/patch-router_src_harness_src_tls__server__context.cc
diff --git a/databases/mysql80-server/files/patch-sql_item.h b/databases/mysql80-server/files/patch-sql_item.h
new file mode 100644
index 000000000000..ebeed4aaa6b7
--- /dev/null
+++ b/databases/mysql80-server/files/patch-sql_item.h
@@ -0,0 +1,18 @@
+--- sql/item.h.orig	2020-12-11 07:42:20 UTC
++++ sql/item.h
+@@ -3380,13 +3380,13 @@ class Item_sp_variable : public Item {
+   Name_string m_name;
+ 
+  public:
+-#ifndef DBUG_OFF
++//#ifndef DBUG_OFF
+   /*
+     Routine to which this Item_splocal belongs. Used for checking if correct
+     runtime context is used for variable handling.
+   */
+   sp_head *m_sp{nullptr};
+-#endif
++//#endif
+ 
+  public:
+   Item_sp_variable(const Name_string sp_var_name);
diff --git a/databases/mysql80-server/files/patch-ssl__init__callback.cc b/databases/mysql80-server/files/patch-ssl__init__callback.cc
new file mode 100644
index 000000000000..2d80cf5e6c78
--- /dev/null
+++ b/databases/mysql80-server/files/patch-ssl__init__callback.cc
@@ -0,0 +1,20 @@
+--- sql/ssl_init_callback.cc.orig	2020-12-11 07:42:20 UTC
++++ sql/ssl_init_callback.cc
+@@ -88,7 +88,7 @@ static Sys_var_charptr Sys_tls_version(
+     "TLS version, permitted values are TLSv1, TLSv1.1, TLSv1.2, TLSv1.3",
+     PERSIST_AS_READONLY GLOBAL_VAR(opt_tls_version),
+     CMD_LINE(REQUIRED_ARG, OPT_TLS_VERSION), IN_FS_CHARSET,
+-#ifdef HAVE_TLSv13
++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER)
+     "TLSv1,TLSv1.1,TLSv1.2,TLSv1.3",
+ #else
+     "TLSv1,TLSv1.1,TLSv1.2",
+@@ -154,7 +154,7 @@ static Sys_var_charptr Sys_admin_tls_version(
+     "TLSv1.2, TLSv1.3",
+     PERSIST_AS_READONLY GLOBAL_VAR(opt_admin_tls_version),
+     CMD_LINE(REQUIRED_ARG, OPT_TLS_VERSION), IN_FS_CHARSET,
+-#ifdef HAVE_TLSv13
++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER)
+     "TLSv1,TLSv1.1,TLSv1.2,TLSv1.3",
+ #else
+     "TLSv1,TLSv1.1,TLSv1.2",
diff --git a/databases/mysql80-server/files/patch-vio_viosslfactories.cc b/databases/mysql80-server/files/patch-vio_viosslfactories.cc
index 8ed6e657f03a..6c0f821e8911 100644
--- a/databases/mysql80-server/files/patch-vio_viosslfactories.cc
+++ b/databases/mysql80-server/files/patch-vio_viosslfactories.cc
@@ -1,14 +1,14 @@
 --- vio/viosslfactories.cc.orig	2019-09-20 08:30:51 UTC
 +++ vio/viosslfactories.cc
-@@ -38,6 +38,7 @@
+@@ -40,6 +40,7 @@
+ #include "vio/vio_priv.h"
  
- #ifdef HAVE_OPENSSL
  #include <openssl/dh.h>
 +#include <openssl/crypto.h>
  
- #define TLS_VERSION_OPTION_SIZE 256
- #define SSL_CIPHER_LIST_SIZE 4096
-@@ -420,6 +421,7 @@ void ssl_start() {
+ #if OPENSSL_VERSION_NUMBER < 0x10002000L
+ #include <openssl/ec.h>
+@@ -472,6 +473,7 @@ void ssl_start() {
    }
  }
  
@@ -16,7 +16,7 @@
  /**
    Set fips mode in openssl library,
    When we set fips mode ON/STRICT, it will perform following operations:
-@@ -473,6 +475,7 @@ EXIT:
+@@ -525,12 +527,13 @@ EXIT:
    @returns openssl current fips mode
  */
  uint get_fips_mode() { return FIPS_mode(); }
@@ -24,3 +24,37 @@
  
  long process_tls_version(const char *tls_version) {
    const char *separator = ",";
+   char *token, *lasts = nullptr;
+ 
+-#ifdef HAVE_TLSv13
++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER)
+   const char *tls_version_name_list[] = {"TLSv1", "TLSv1.1", "TLSv1.2",
+                                          "TLSv1.3"};
+   const char ctx_flag_default[] = "TLSv1,TLSv1.1,TLSv1.2,TLSv1.3";
+@@ -609,7 +612,7 @@ static struct st_VioSSLFd *new_VioSSLFd(
+   ssl_ctx_options = (ssl_ctx_options | ssl_ctx_flags) &
+                     (SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 |
+                      SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2
+-#ifdef HAVE_TLSv13
++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER)
+                      | SSL_OP_NO_TLSv1_3
+ #endif /* HAVE_TLSv13 */
+                      | SSL_OP_NO_TICKET);
+@@ -618,7 +621,7 @@ static struct st_VioSSLFd *new_VioSSLFd(
+     return nullptr;
+ 
+   if (!(ssl_fd->ssl_context = SSL_CTX_new(is_client ?
+-#ifdef HAVE_TLSv13
++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER)
+                                                     TLS_client_method()
+                                                     : TLS_server_method()
+ #else  /* HAVE_TLSv13 */
+@@ -633,7 +636,7 @@ static struct st_VioSSLFd *new_VioSSLFd(
+     return nullptr;
+   }
+ 
+-#ifdef HAVE_TLSv13
++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER)
+   /*
+     Set OpenSSL TLS v1.3 ciphersuites.
+     Note that an empty list is permissible.