13 files changed, 178 insertions, 23 deletions

diff --git a/databases/mysql80-client/Makefile b/databases/mysql80-client/Makefile
index b5c074bd88ca..d93737fc9ebc 100644
--- a/databases/mysql80-client/Makefile
+++ b/databases/mysql80-client/Makefile
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	mysql
-PORTREVISION=	2
+PORTREVISION=	0
 PKGNAMESUFFIX=	80-client
 
 COMMENT=	Multithreaded SQL database (client)
diff --git a/databases/mysql80-server/Makefile b/databases/mysql80-server/Makefile
index 1591470feb19..0ea058963eee 100644
--- a/databases/mysql80-server/Makefile
+++ b/databases/mysql80-server/Makefile
@@ -2,8 +2,8 @@
 # $FreeBSD$
 
 PORTNAME?=		mysql
-PORTVERSION=		8.0.22
-PORTREVISION?=		2
+PORTVERSION=		8.0.23
+PORTREVISION?=		0
 CATEGORIES=		databases
 MASTER_SITES=		MYSQL/MySQL-8.0
 PKGNAMESUFFIX?=		80-server
@@ -17,7 +17,7 @@ LICENSE=		GPLv2
 WRKSRC=		${WRKDIR}/${PORTNAME}-${PORTVERSION}${DISTVERSIONSUFFIX}
 
 SLAVEDIRS=	databases/mysql80-client
-USES=		bison:build cmake:noninja compiler:c++14-lang cpe \
+USES=		bison:build cmake:noninja compiler:c++17-lang cpe \
 		groff:run libedit localbase ncurses perl5 pkgconfig shebangfix ssl
 
 USE_CXXSTD=	c++14
@@ -185,12 +185,21 @@ SUB_LIST+=	LEGACY_LIMITS="" MODERN_LIMITS="@comment "
 
 .include <bsd.port.pre.mk>
 
-.if ${CHOSEN_COMPILER_TYPE} == clang && ${OPSYS} == FreeBSD && ${OSVERSION} >= 1300109
-BUILD_DEPENDS+=		clang${LLVM_DEFAULT}:devel/llvm${LLVM_DEFAULT}
-CC=			${LOCALBASE}/bin/clang${LLVM_DEFAULT}
+.if ${CHOSEN_COMPILER_TYPE} == clang && ${OPSYS} == FreeBSD && ${OSVERSION} >= 1300109 || ${ARCH} == "i386"
+BUILD_DEPENDS+=	clang${LLVM_DEFAULT}:devel/llvm${LLVM_DEFAULT}
+CC=		${LOCALBASE}/bin/clang${LLVM_DEFAULT}
+CPP=		${LOCALBASE}/bin/clang${LLVM_DEFAULT}
 CXX=		${LOCALBASE}/bin/clang++${LLVM_DEFAULT}
 .endif
 
+.if ${ARCH} == "i386" && ${OSVERSION} < 1200000
+# clang 7.x and 8.x do not build properly on 11i386
+CPP=		clang-cpp${LLVM_DEFAULT}
+CC=		clang${LLVM_DEFAULT}
+CXX=		clang++${LLVM_DEFAULT}
+BUILD_DEPENDS+=	clang${LLVM_DEFAULT}:devel/llvm${LLVM_DEFAULT}
+.endif
+
 post-extract:
 	@${RM} -rv ${WRKSRC}/sql/sql_hints.yy.cc ${WRKSRC}/sql/sql_hints.yy.h
 
diff --git a/databases/mysql80-server/distinfo b/databases/mysql80-server/distinfo
index 289d1cb82c16..5d0a5737ecff 100644
--- a/databases/mysql80-server/distinfo
+++ b/databases/mysql80-server/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1603183848
-SHA256 (mysql-boost-8.0.22.tar.gz) = ba765f74367c638d7cd1c546c05c14382fd997669bcd9680278e907f8d7eb484
-SIZE (mysql-boost-8.0.22.tar.gz) = 285934450
+TIMESTAMP = 1611995725
+SHA256 (mysql-boost-8.0.23.tar.gz) = 1c7a424303c134758e59607a0b3172e43a21a27ff08e8c88c2439ffd4fc724a5
+SIZE (mysql-boost-8.0.23.tar.gz) = 291039175
diff --git a/databases/mysql80-server/files/patch-cmake_ssl.cmake b/databases/mysql80-server/files/patch-cmake_ssl.cmake
index e35e3f0edff8..9173b842a952 100644
--- a/databases/mysql80-server/files/patch-cmake_ssl.cmake
+++ b/databases/mysql80-server/files/patch-cmake_ssl.cmake
@@ -9,14 +9,15 @@
          )
        STRING(REGEX REPLACE
          "^.*OPENSSL_VERSION_NUMBER[\t ]+0x([0-9]).*$" "\\1"
-@@ -214,13 +214,14 @@ MACRO (MYSQL_CHECK_SSL)
+@@ -222,13 +222,14 @@ MACRO (MYSQL_CHECK_SSL)
          OPENSSL_FIX_VERSION "${OPENSSL_VERSION_NUMBER}"
          )
      ENDIF()
 -    IF("${OPENSSL_MAJOR_VERSION}.${OPENSSL_MINOR_VERSION}.${OPENSSL_FIX_VERSION}" VERSION_GREATER "1.1.0")
+-       ADD_DEFINITIONS(-DHAVE_TLSv13)
 +    CHECK_SYMBOL_EXISTS(TLS1_3_VERSION "openssl/tls1.h" HAVE_TLS1_3_VERSION)
 +    IF(HAVE_TLS1_3_VERSION)
-        ADD_DEFINITIONS(-DHAVE_TLSv13)
++       #ADD_DEFINITIONS(-DHAVE_TLSv13)
      ENDIF()
      IF(OPENSSL_INCLUDE_DIR AND
         OPENSSL_LIBRARY   AND
diff --git a/databases/mysql80-server/files/patch-man_CMakeLists.txt b/databases/mysql80-server/files/patch-man_CMakeLists.txt
index d624bab8144b..a08c4ce564c0 100644
--- a/databases/mysql80-server/files/patch-man_CMakeLists.txt
+++ b/databases/mysql80-server/files/patch-man_CMakeLists.txt
@@ -1,6 +1,6 @@
 --- man/CMakeLists.txt.orig	2020-10-20 11:47:42.675974000 +0200
 +++ man/CMakeLists.txt	2020-10-20 13:53:03.993879000 +0200
-@@ -23,21 +23,10 @@
+@@ -23,26 +23,14 @@
  # Copy man pages
  SET(MAN1
    comp_err.1
@@ -22,6 +22,11 @@
    mysqladmin.1
    mysqlbinlog.1
    mysqlcheck.1
+   mysqldump.1
+-  mysqldumpslow.1
+   mysqlimport.1
+   mysqlman.1
+   mysqlpump.1
 @@ -52,13 +41,23 @@ SET(MAN1
    zlib_decompress.1
    )
diff --git a/databases/mysql80-server/files/patch-plugin_group__replication_libmysqlgcs_src_bindings_xcom_xcom_xcom__ssl__transport.c b/databases/mysql80-server/files/patch-plugin_group__replication_libmysqlgcs_src_bindings_xcom_xcom_xcom__ssl__transport.c
index 66630594fdf0..9dcdca8bd775 100644
--- a/databases/mysql80-server/files/patch-plugin_group__replication_libmysqlgcs_src_bindings_xcom_xcom_xcom__ssl__transport.c
+++ b/databases/mysql80-server/files/patch-plugin_group__replication_libmysqlgcs_src_bindings_xcom_xcom_xcom__ssl__transport.c
@@ -1,6 +1,51 @@
 --- plugin/group_replication/libmysqlgcs/src/bindings/xcom/xcom/xcom_ssl_transport.cc.orig	2019-09-20 08:30:51 UTC
 +++ plugin/group_replication/libmysqlgcs/src/bindings/xcom/xcom/xcom_ssl_transport.cc
-@@ -329,6 +329,7 @@ error:
+@@ -175,7 +175,7 @@ SSL_CTX *client_ctx = NULL;
+ static long process_tls_version(const char *tls_version) {
+   const char *separator = ", ";
+   char *token = NULL;
+-#ifdef HAVE_TLSv13
++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER)
+   const char *tls_version_name_list[] = {"TLSv1", "TLSv1.1", "TLSv1.2",
+                                          "TLSv1.3"};
+ #else
+@@ -184,7 +184,7 @@ static long process_tls_version(const char *tls_versio
+ #define TLS_VERSIONS_COUNTS \
+   (sizeof(tls_version_name_list) / sizeof(*tls_version_name_list))
+   unsigned int tls_versions_count = TLS_VERSIONS_COUNTS;
+-#ifdef HAVE_TLSv13
++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER)
+   const long tls_ctx_list[TLS_VERSIONS_COUNTS] = {
+       SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2, SSL_OP_NO_TLSv1_3};
+   const char *ctx_flag_default = "TLSv1,TLSv1.1,TLSv1.2,TLSv1.3";
+@@ -240,7 +240,7 @@ static int configure_ssl_algorithms(
+   long ssl_ctx_options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
+   char cipher_list[SSL_CIPHER_LIST_SIZE] = {0};
+   long ssl_ctx_flags = -1;
+-#ifdef HAVE_TLSv13
++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER)
+   int tlsv1_3_enabled = 0;
+ #endif /* HAVE_TLSv13 */
+ 
+@@ -253,7 +253,7 @@ static int configure_ssl_algorithms(
+     goto error;
+   }
+ 
+-#ifdef HAVE_TLSv13
++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER)
+   ssl_ctx_options = (ssl_ctx_options | ssl_ctx_flags) &
+                     (SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 |
+                      SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3);
+@@ -265,7 +265,7 @@ static int configure_ssl_algorithms(
+ 
+   SSL_CTX_set_options(ssl_ctx, ssl_ctx_options);
+ 
+-#ifdef HAVE_TLSv13
++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER)
+   tlsv1_3_enabled = ((ssl_ctx_options & SSL_OP_NO_TLSv1_3) == 0);
+   if (tlsv1_3_enabled) {
+     /* Set OpenSSL TLS v1.3 ciphersuites.
+@@ -325,6 +325,7 @@ error:
    return 1;
  }
  
@@ -8,7 +53,7 @@
  #define OPENSSL_ERROR_LENGTH 512
  static int configure_ssl_fips_mode(const uint fips_mode) {
    int rc = -1;
-@@ -352,6 +353,7 @@ static int configure_ssl_fips_mode(const uint fips_mod
+@@ -348,6 +349,7 @@ static int configure_ssl_fips_mode(const uint fips_mod
  EXIT:
    return rc;
  }
@@ -16,7 +61,7 @@
  
  static int configure_ssl_ca(SSL_CTX *ssl_ctx, const char *ca_file,
                              const char *ca_path) {
-@@ -555,10 +557,12 @@ int xcom_init_ssl(const char *server_key_file, const c
+@@ -544,10 +546,12 @@ int xcom_init_ssl(const char *server_key_file, const c
    int verify_server = SSL_VERIFY_NONE;
    int verify_client = SSL_VERIFY_NONE;
  
@@ -29,3 +74,21 @@
  
    SSL_library_init();
    SSL_load_error_strings();
+@@ -563,7 +567,7 @@ int xcom_init_ssl(const char *server_key_file, const c
+   }
+ 
+   G_DEBUG("Configuring SSL for the server")
+-#ifdef HAVE_TLSv13
++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER)
+   server_ctx = SSL_CTX_new(TLS_server_method());
+ #else
+   server_ctx = SSL_CTX_new(SSLv23_server_method());
+@@ -582,7 +586,7 @@ int xcom_init_ssl(const char *server_key_file, const c
+   SSL_CTX_set_verify(server_ctx, verify_server, NULL);
+ 
+   G_DEBUG("Configuring SSL for the client")
+-#ifdef HAVE_TLSv13
++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER)
+   client_ctx = SSL_CTX_new(TLS_client_method());
+ #else
+   client_ctx = SSL_CTX_new(SSLv23_client_method());
diff --git a/databases/mysql80-server/files/patch-router_src_http_src_tls__client__context.cc b/databases/mysql80-server/files/patch-router_src_harness_src_tls__client__context.cc
index 9ce59673f0b8..9ce59673f0b8 100644
--- a/databases/mysql80-server/files/patch-router_src_http_src_tls__client__context.cc
+++ b/databases/mysql80-server/files/patch-router_src_harness_src_tls__client__context.cc
diff --git a/databases/mysql80-server/files/patch-router_src_http_src_tls__context.cc b/databases/mysql80-server/files/patch-router_src_harness_src_tls__context.cc
index 57b1cc01903a..57b1cc01903a 100644
--- a/databases/mysql80-server/files/patch-router_src_http_src_tls__context.cc
+++ b/databases/mysql80-server/files/patch-router_src_harness_src_tls__context.cc
diff --git a/databases/mysql80-server/files/patch-router_src_http_src_tls__server__context.cc b/databases/mysql80-server/files/patch-router_src_harness_src_tls__server__context.cc
index 8fcf93f23609..8fcf93f23609 100644
--- a/databases/mysql80-server/files/patch-router_src_http_src_tls__server__context.cc
+++ b/databases/mysql80-server/files/patch-router_src_harness_src_tls__server__context.cc
diff --git a/databases/mysql80-server/files/patch-sql_item.h b/databases/mysql80-server/files/patch-sql_item.h
new file mode 100644
index 000000000000..ebeed4aaa6b7
--- /dev/null
+++ b/databases/mysql80-server/files/patch-sql_item.h
@@ -0,0 +1,18 @@
+--- sql/item.h.orig	2020-12-11 07:42:20 UTC
++++ sql/item.h
+@@ -3380,13 +3380,13 @@ class Item_sp_variable : public Item {
+   Name_string m_name;
+ 
+  public:
+-#ifndef DBUG_OFF
++//#ifndef DBUG_OFF
+   /*
+     Routine to which this Item_splocal belongs. Used for checking if correct
+     runtime context is used for variable handling.
+   */
+   sp_head *m_sp{nullptr};
+-#endif
++//#endif
+ 
+  public:
+   Item_sp_variable(const Name_string sp_var_name);
diff --git a/databases/mysql80-server/files/patch-ssl__init__callback.cc b/databases/mysql80-server/files/patch-ssl__init__callback.cc
new file mode 100644
index 000000000000..2d80cf5e6c78
--- /dev/null
+++ b/databases/mysql80-server/files/patch-ssl__init__callback.cc
@@ -0,0 +1,20 @@
+--- sql/ssl_init_callback.cc.orig	2020-12-11 07:42:20 UTC
++++ sql/ssl_init_callback.cc
+@@ -88,7 +88,7 @@ static Sys_var_charptr Sys_tls_version(
+     "TLS version, permitted values are TLSv1, TLSv1.1, TLSv1.2, TLSv1.3",
+     PERSIST_AS_READONLY GLOBAL_VAR(opt_tls_version),
+     CMD_LINE(REQUIRED_ARG, OPT_TLS_VERSION), IN_FS_CHARSET,
+-#ifdef HAVE_TLSv13
++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER)
+     "TLSv1,TLSv1.1,TLSv1.2,TLSv1.3",
+ #else
+     "TLSv1,TLSv1.1,TLSv1.2",
+@@ -154,7 +154,7 @@ static Sys_var_charptr Sys_admin_tls_version(
+     "TLSv1.2, TLSv1.3",
+     PERSIST_AS_READONLY GLOBAL_VAR(opt_admin_tls_version),
+     CMD_LINE(REQUIRED_ARG, OPT_TLS_VERSION), IN_FS_CHARSET,
+-#ifdef HAVE_TLSv13
++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER)
+     "TLSv1,TLSv1.1,TLSv1.2,TLSv1.3",
+ #else
+     "TLSv1,TLSv1.1,TLSv1.2",
diff --git a/databases/mysql80-server/files/patch-vio_viosslfactories.cc b/databases/mysql80-server/files/patch-vio_viosslfactories.cc
index 8ed6e657f03a..6c0f821e8911 100644
--- a/databases/mysql80-server/files/patch-vio_viosslfactories.cc
+++ b/databases/mysql80-server/files/patch-vio_viosslfactories.cc
@@ -1,14 +1,14 @@
 --- vio/viosslfactories.cc.orig	2019-09-20 08:30:51 UTC
 +++ vio/viosslfactories.cc
-@@ -38,6 +38,7 @@
+@@ -40,6 +40,7 @@
+ #include "vio/vio_priv.h"
  
- #ifdef HAVE_OPENSSL
  #include <openssl/dh.h>
 +#include <openssl/crypto.h>
  
- #define TLS_VERSION_OPTION_SIZE 256
- #define SSL_CIPHER_LIST_SIZE 4096
-@@ -420,6 +421,7 @@ void ssl_start() {
+ #if OPENSSL_VERSION_NUMBER < 0x10002000L
+ #include <openssl/ec.h>
+@@ -472,6 +473,7 @@ void ssl_start() {
    }
  }
  
@@ -16,7 +16,7 @@
  /**
    Set fips mode in openssl library,
    When we set fips mode ON/STRICT, it will perform following operations:
-@@ -473,6 +475,7 @@ EXIT:
+@@ -525,12 +527,13 @@ EXIT:
    @returns openssl current fips mode
  */
  uint get_fips_mode() { return FIPS_mode(); }
@@ -24,3 +24,37 @@
  
  long process_tls_version(const char *tls_version) {
    const char *separator = ",";
+   char *token, *lasts = nullptr;
+ 
+-#ifdef HAVE_TLSv13
++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER)
+   const char *tls_version_name_list[] = {"TLSv1", "TLSv1.1", "TLSv1.2",
+                                          "TLSv1.3"};
+   const char ctx_flag_default[] = "TLSv1,TLSv1.1,TLSv1.2,TLSv1.3";
+@@ -609,7 +612,7 @@ static struct st_VioSSLFd *new_VioSSLFd(
+   ssl_ctx_options = (ssl_ctx_options | ssl_ctx_flags) &
+                     (SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 |
+                      SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2
+-#ifdef HAVE_TLSv13
++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER)
+                      | SSL_OP_NO_TLSv1_3
+ #endif /* HAVE_TLSv13 */
+                      | SSL_OP_NO_TICKET);
+@@ -618,7 +621,7 @@ static struct st_VioSSLFd *new_VioSSLFd(
+     return nullptr;
+ 
+   if (!(ssl_fd->ssl_context = SSL_CTX_new(is_client ?
+-#ifdef HAVE_TLSv13
++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER)
+                                                     TLS_client_method()
+                                                     : TLS_server_method()
+ #else  /* HAVE_TLSv13 */
+@@ -633,7 +636,7 @@ static struct st_VioSSLFd *new_VioSSLFd(
+     return nullptr;
+   }
+ 
+-#ifdef HAVE_TLSv13
++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER)
+   /*
+     Set OpenSSL TLS v1.3 ciphersuites.
+     Note that an empty list is permissible.
diff --git a/databases/mysql80-server/pkg-plist b/databases/mysql80-server/pkg-plist
index fd08d6a0e446..fcd2a90b5c6d 100644
--- a/databases/mysql80-server/pkg-plist
+++ b/databases/mysql80-server/pkg-plist
@@ -26,6 +26,8 @@ lib/mysql/libmysqlharness.so
 lib/mysql/libmysqlharness.so.1
 lib/mysql/libmysqlharness_stdx.so
 lib/mysql/libmysqlharness_stdx.so.1
+lib/mysql/libmysqlharness_tls.so
+lib/mysql/libmysqlharness_tls.so.1
 lib/mysql/libmysqlrouter.so
 lib/mysql/libmysqlrouter.so.1
 lib/mysql/libmysqlrouter_http.so
@@ -42,12 +44,12 @@ lib/mysql/mysqlrouter/http_server.so
 lib/mysql/mysqlrouter/io.so
 lib/mysql/mysqlrouter/keepalive.so
 lib/mysql/mysqlrouter/metadata_cache.so
-lib/mysql/mysqlrouter/mysql_protocol.so
 lib/mysql/mysqlrouter/rest_api.so
 lib/mysql/mysqlrouter/rest_metadata_cache.so
 lib/mysql/mysqlrouter/rest_router.so
 lib/mysql/mysqlrouter/rest_routing.so
 lib/mysql/mysqlrouter/router_protobuf.so
+lib/mysql/mysqlrouter/router_openssl.so
 lib/mysql/mysqlrouter/routing.so
 lib/mysql/plugin/adt_null.so
 lib/mysql/plugin/auth.so
@@ -64,6 +66,8 @@ lib/mysql/plugin/component_mysqlbackup.so
 lib/mysql/plugin/component_mysqlx_global_reset.so
 lib/mysql/plugin/component_pfs_example.so
 lib/mysql/plugin/component_pfs_example_component_population.so
+lib/mysql/plugin/component_query_attributes.so
+lib/mysql/plugin/component_reference_cache.so
 lib/mysql/plugin/component_test_audit_api_message.so
 lib/mysql/plugin/component_test_backup_lock_service.so
 lib/mysql/plugin/component_test_component_deinit.so
@@ -124,6 +128,7 @@ lib/mysql/plugin/libtest_sql_processlist.so
 lib/mysql/plugin/libtest_sql_replication.so
 lib/mysql/plugin/libtest_sql_reset_connection.so
 lib/mysql/plugin/libtest_sql_shutdown.so
+lib/mysql/plugin/libtest_sql_sleep_is_connected.so
 lib/mysql/plugin/libtest_sql_sqlmode.so
 lib/mysql/plugin/libtest_sql_stmt.so
 lib/mysql/plugin/libtest_sql_stored_procedures_functions.so