databases/percona57-{client, server}: update to 5.7.30-33 release

Bugs Fixed:

    PS-6979: Modify the processing to call clean up functions to remove CREATE USER statement from the processlist after the statement has completed (Upstream #99200)
    PS-6860: Merge innodb_buffer_pool_pages_LRU_flushed into buf_get_total_stat()
    PS-6811: Correct service failure of asserting ACL_PROXY_USER when skip-name-resolve=1 and there is a Proxy user (Upstream #98908)
    PS-6112: Correct Binlog_snapshot_gtid inconsistency when mysqldump was used with –single-transaction.
    PS-6945: Correct tokubackup plugin process exported API to allow large file backups.
    PS-6856: Correct binlogs corruptions in PS 5.7.28 and 5.7.29 (Upstream #97531)
    PS-6946: Correct tokubackup processing to free memory use from the address and thread sanitizers
    PS-5893: Add support for running multiple instances with systemD on Debian.
    PS-5620: Modify Docker image to support supplying custom TLS certificates
    PS-4573: Implement use of a single config file - mysqld.cnf file.
    PS-7041: Correct Compilation error when -DWITH_EDITLINE=bundled is used
    PS-7020: Modify MTR tests for Ubuntu 20.04 to include python2 (python 2.6 or higher) and python3
    PS-6974: Correct instability in the rocksdb.drop_cf_* tests
    PS-6969: Correct instability in the rocksdb.index_stats_large_table
    PS-6954: Correct tokudb-backup-plugin to avoid collision between -std=c++11 and -std=gnu++03.
    PS-6925: Correct mismatched default socket values for mysqld and mysqld_safe
    PS-6899: Correct main.events_bugs and main.events_1 to interpret date 01-01-2020 properly (Upstream #98860)
    PS-6796: Correct instability in percona_changed_page_bmp_shutdown_thread
    PS-6773: Initialize values in sha256_password_authenticate (Upstream #98223)
    PS-5844: Fix a memory leak after ‘innodb.alter_crash’ in ‘prepare_inplace_alter_table_dict()’ (Upstream #96472)
    PS-5735: Correct 5.7 package to install the charsets on CentOS 7
    PS-4757: Remove CHECK_IF_CURL_DEPENDS_ON_RTMP to build keyring_vault for unconditional test
    PS-4649: Document PerconaFT in TokuDB which is fractal tree indexing to enhance the B-tree data structure

MFH:		2020Q2
Relnotes:	https://www.percona.com/doc/percona-server/5.7/release-notes/Percona-Server-5.7.30-33.html
Security:	21d59ea3-8559-11ea-a5e2-d4c9ef517024 (MySQL - Server)
Security:	622b5c47-855b-11ea-a5e2-d4c9ef517024 (MySQL - Client)

databases/percona57-client/files/patch-client__mysql.cc

@@ -14,17 +14,27 @@
  	MYSQL_SERVER_VERSION, SYSTEM_TYPE, MACHINE_TYPE);
  #endif
  
-@@ -2865,9 +2865,11 @@ static void initialize_readline (char *name)
-   rl_add_defun("magic-space", (rl_command_func_t *)&fake_magic_space, -1);
+y@@ -2858,15 +2858,18 @@ static void initialize_readline (char *name)
+ 
+   /* Tell the completer that we want a crack first. */
+ #if defined(USE_NEW_XLINE_INTERFACE)
+-  rl_attempted_completion_function= &new_mysql_completion;
+-  rl_completion_entry_function= &no_completion;
+-
++  rl_attempted_completion_function= (rl_completion_func_t*)&new_mysql_completion;
++  rl_completion_entry_function= (rl_compentry_func_t*)&no_completion;
++/*
+   rl_add_defun("magic-space", &fake_magic_space, -1);
++*/
  #elif defined(USE_LIBEDIT_INTERFACE)
    setlocale(LC_ALL,""); /* so as libedit use isprint */
--  rl_attempted_completion_function= (CPPFunction*)&new_mysql_completion;
+-  rl_attempted_completion_function= &new_mysql_completion;
 -  rl_completion_entry_function= &no_completion;
 +  rl_attempted_completion_function= (rl_completion_func_t*)&new_mysql_completion;
 +  rl_completion_entry_function= (rl_compentry_func_t*)&no_completion;
-+  /*
-   rl_add_defun("magic-space", (Function*)&fake_magic_space, -1);
-+  */
++/*
+   rl_add_defun("magic-space", &fake_magic_space, -1);
++*/
  #else
    rl_attempted_completion_function= (CPPFunction*)&new_mysql_completion;
    rl_completion_entry_function= &no_completion;

databases/percona57-client/files/patch-cmake_ssl.cmake

@@ -1,16 +1,16 @@
 --- cmake/ssl.cmake.orig	2019-11-09 00:33:40.000000000 +1000
 +++ cmake/ssl.cmake	2019-12-13 23:08:53.686402000 +1000
-@@ -189,7 +189,8 @@ MACRO (MYSQL_CHECK_SSL)
-         OPENSSL_FIX_VERSION "${OPENSSL_VERSION_NUMBER}"
-         )
-     ENDIF()
--    IF("${OPENSSL_MAJOR_VERSION}.${OPENSSL_MINOR_VERSION}.${OPENSSL_FIX_VERSION}" VERSION_GREATER "1.1.0")
+@@ -193,7 +193,8 @@ MACRO (MYSQL_CHECK_SSL)
+       )
+     SET(OPENSSL_VERSION ${OPENSSL_VERSION} CACHE INTERNAL "")
+ 
+-    IF("${OPENSSL_VERSION}" VERSION_GREATER "1.1.0")
 +    CHECK_SYMBOL_EXISTS(TLS1_3_VERSION "openssl/tls1.h" HAVE_TLS1_3_VERSION)
 +    IF(HAVE_TLS1_3_VERSION)
         ADD_DEFINITIONS(-DHAVE_TLSv13)
         SET(HAVE_TLSv13 1)
         IF(SOLARIS)
-@@ -198,8 +199,7 @@ MACRO (MYSQL_CHECK_SSL)
+@@ -202,8 +203,7 @@ MACRO (MYSQL_CHECK_SSL)
      ENDIF()
      IF(OPENSSL_INCLUDE_DIR AND
         OPENSSL_LIBRARY   AND

databases/percona57-client/files/patch-include_my__openssl.h

@@ -0,0 +1,11 @@
+--- include/my_openssl.h.orig	2020-03-23 17:35:17 UTC
++++ include/my_openssl.h
+@@ -51,7 +51,7 @@ extern "C" {
+  */
+ static inline int mysql_OPENSSL_init()
+ {
+-#if defined(HAVE_STATIC_OPENSSL)
++#if defined(HAVE_STATIC_OPENSSL) && !defined(LIBRESSL_VERSION_NUMBER)
+   return OPENSSL_init_crypto(OPENSSL_INIT_NO_ATEXIT, NULL);
+ #else
+   return SSL_library_init();

databases/percona57-client/files/patch-mysys__ssl_my__crypt.cc

@@ -1,6 +1,6 @@
 --- mysys_ssl/my_crypt.cc.orig	2019-05-16 05:06:00 UTC
 +++ mysys_ssl/my_crypt.cc
-@@ -30,7 +30,7 @@
+@@ -26,7 +26,7 @@
  #include <boost/move/unique_ptr.hpp>
  #include <boost/core/noncopyable.hpp>
  
@@ -9,7 +9,16 @@
  #define EVP_CIPHER_CTX_buf_noconst(ctx) ((ctx)->buf)
  #define RAND_OpenSSL() RAND_SSLeay()
  #endif
-@@ -95,7 +95,8 @@ MyEncryptionCTX::MyEncryptionCTX()
+@@ -80,7 +80,7 @@ class MyEncryptionCTX : private boost::noncopyable (pr
+ 
+ MyEncryptionCTX::MyEncryptionCTX()
+ {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+   ctx= new EVP_CIPHER_CTX();
+   EVP_CIPHER_CTX_init(ctx);
+ #else
+@@ -91,7 +91,8 @@ MyEncryptionCTX::MyEncryptionCTX()
  MyEncryptionCTX::~MyEncryptionCTX()
  {
    
@@ -19,3 +28,12 @@
    EVP_CIPHER_CTX_cleanup(ctx);
    delete ctx;
    ERR_remove_thread_state(0);
+@@ -340,7 +341,7 @@ int my_aes_crypt(const my_aes_mode mode, int flags,
+   res2= my_aes_crypt_finish(ctx, dst + d1, &d2);
+   if (res1 || res2)
+   {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+     /* in case of failure clear error queue */
+     ERR_remove_thread_state(0);
+ #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */

databases/percona57-client/files/patch-vio_viossl.c

@@ -0,0 +1,20 @@
+--- vio/viossl.c.orig	2020-05-13 20:59:55 UTC
++++ vio/viossl.c
+@@ -396,7 +396,7 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio,
+ #if !defined(DBUG_OFF)
+   {
+     STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
+-    ssl_comp_methods = SSL_COMP_get_compression_methods();
++    ssl_comp_methods = (STACK_OF(SSL_COMP) *)SSL_COMP_get_compression_methods();
+     n= sk_SSL_COMP_num(ssl_comp_methods);
+     DBUG_PRINT("info", ("Available compression methods:\n"));
+     if (n == 0)
+@@ -405,7 +405,7 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio,
+       for (j = 0; j < n; j++)
+       {
+         SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+         DBUG_PRINT("info", ("  %d: %s\n", c->id, c->name));
+ #else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+         DBUG_PRINT("info", ("  %d: %s\n", SSL_COMP_get_id(c), SSL_COMP_get0_name(c)));

databases/percona57-client/files/patch-vio_viosslfactories.c

@@ -1,6 +1,6 @@
---- vio/viosslfactories.c.orig	2019-05-16 05:06:00 UTC
+--- vio/viosslfactories.c.orig	2020-05-13 20:59:55 UTC
 +++ vio/viosslfactories.c
-@@ -123,7 +123,7 @@ static DH *get_dh2048(void)
+@@ -126,7 +126,7 @@ static DH *get_dh2048(void)
    {
      BIGNUM* p= BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
      BIGNUM* g= BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
@@ -9,3 +9,37 @@
      dh->p= p;
      dh->g= g;
      if (! dh->p || ! dh->g)
+@@ -500,7 +500,7 @@ new_VioSSLFd(const char *key_file, const char *cert_fi
+   struct st_VioSSLFd *ssl_fd;
+   /* MySQL 5.7 supports TLS up to v1.2, explicitly disable TLSv1.3. */
+   long ssl_ctx_options= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3
+-#ifdef HAVE_TLSv13
++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER)
+                         | SSL_OP_NO_TLSv1_3
+ #endif /* HAVE_TLSv13 */
+                         ;
+@@ -536,7 +536,7 @@ new_VioSSLFd(const char *key_file, const char *cert_fi
+                     SSL_OP_NO_TLSv1 |
+                     SSL_OP_NO_TLSv1_1
+                     | SSL_OP_NO_TLSv1_2
+-#ifdef HAVE_TLSv13
++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER)
+                     | SSL_OP_NO_TLSv1_3
+ #endif /* HAVE_TLSv13 */
+                     | SSL_OP_NO_TICKET
+@@ -557,6 +557,7 @@ new_VioSSLFd(const char *key_file, const char *cert_fi
+     DBUG_RETURN(0);
+   }
+ 
++#ifndef LIBRESSL_VERSION_NUMBER
+   SSL_CTX_set_options(ssl_fd->ssl_context, ssl_ctx_options);
+ 
+ #ifdef HAVE_TLSv13
+@@ -573,6 +574,7 @@ new_VioSSLFd(const char *key_file, const char *cert_fi
+     DBUG_RETURN(0);
+   }
+ #endif /* HAVE_TLSv13 */
++#endif /* LIBRESSL_VERSION_NUMBER */
+ 
+   /*
+     We explicitly prohibit weak ciphers.

databases/percona57-server/Makefile

@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME?=	percona
-DISTVERSION=	5.7.29-32
+DISTVERSION=	5.7.30-33
 PORTREVISION?=	0
 CATEGORIES=	databases
 MASTER_SITES=	http://www.percona.com/downloads/Percona-Server-5.7/Percona-Server-${DISTVERSION}/source/tarball/:percona \
@@ -16,6 +16,9 @@ MAINTAINER=	fluffy@FreeBSD.org
 COMMENT?=	Multithreaded SQL database (server)
 
 LICENSE?=	GPLv2+
+LICENSE_FILE=	${WRKSRC}/LICENSE
+
+CPE_VENDOR=	percona
 
 LIB_DEPENDS=	libevent.so:devel/libevent \
 		liblz4.so:archivers/liblz4 \
@@ -172,7 +175,6 @@ MY_SSL=		system
 MY_SSL=		${OPENSSLBASE}
 .endif
 
-
 .if ${PORT_OPTIONS:MTOKUDB}
 NOT_FOR_ARCHS=	i386
 NOT_FOR_ARCHS_REASON=	TokuDB not supported on 32-bit platforms, see \

databases/percona57-server/distinfo

@@ -1,5 +1,5 @@
-TIMESTAMP = 1582802737
-SHA256 (percona-server-5.7.29-32.tar.gz) = e3a7e6a0d966e41f62645f88cfbc75e052756f6ab45bd8b981343a0d9f5c3aa4
-SIZE (percona-server-5.7.29-32.tar.gz) = 84750473
+TIMESTAMP = 1590380978
+SHA256 (percona-server-5.7.30-33.tar.gz) = 93c7d82a95549696aedc41a4d74d888eae86c042f27bdc72f9a1f92fc76ecae0
+SIZE (percona-server-5.7.30-33.tar.gz) = 85909418
 SHA256 (boost_1_59_0.tar.gz) = 47f11c8844e579d02691a607fbd32540104a9ac7a2534a8ddaef50daf502baac
 SIZE (boost_1_59_0.tar.gz) = 83709983

databases/percona57-server/files/patch-cmake_ssl.cmake

@@ -1,16 +1,16 @@
 --- cmake/ssl.cmake.orig	2019-11-09 00:33:40.000000000 +1000
 +++ cmake/ssl.cmake	2019-12-13 23:08:53.686402000 +1000
-@@ -189,7 +189,8 @@ MACRO (MYSQL_CHECK_SSL)
-         OPENSSL_FIX_VERSION "${OPENSSL_VERSION_NUMBER}"
-         )
-     ENDIF()
--    IF("${OPENSSL_MAJOR_VERSION}.${OPENSSL_MINOR_VERSION}.${OPENSSL_FIX_VERSION}" VERSION_GREATER "1.1.0")
+@@ -193,7 +193,8 @@ MACRO (MYSQL_CHECK_SSL)
+       )
+     SET(OPENSSL_VERSION ${OPENSSL_VERSION} CACHE INTERNAL "")
+ 
+-    IF("${OPENSSL_VERSION}" VERSION_GREATER "1.1.0")
 +    CHECK_SYMBOL_EXISTS(TLS1_3_VERSION "openssl/tls1.h" HAVE_TLS1_3_VERSION)
 +    IF(HAVE_TLS1_3_VERSION)
         ADD_DEFINITIONS(-DHAVE_TLSv13)
         SET(HAVE_TLSv13 1)
         IF(SOLARIS)
-@@ -198,8 +199,7 @@ MACRO (MYSQL_CHECK_SSL)
+@@ -202,8 +203,7 @@ MACRO (MYSQL_CHECK_SSL)
      ENDIF()
      IF(OPENSSL_INCLUDE_DIR AND
         OPENSSL_LIBRARY   AND

databases/percona57-server/files/patch-include_my__openssl.h

@@ -0,0 +1,11 @@
+--- include/my_openssl.h.orig	2020-03-23 17:35:17 UTC
++++ include/my_openssl.h
+@@ -51,7 +51,7 @@ extern "C" {
+  */
+ static inline int mysql_OPENSSL_init()
+ {
+-#if defined(HAVE_STATIC_OPENSSL)
++#if defined(HAVE_STATIC_OPENSSL) && !defined(LIBRESSL_VERSION_NUMBER)
+   return OPENSSL_init_crypto(OPENSSL_INIT_NO_ATEXIT, NULL);
+ #else
+   return SSL_library_init();

databases/percona57-server/files/patch-mysys__ssl_my__crypt.cc

@@ -1,6 +1,6 @@
 --- mysys_ssl/my_crypt.cc.orig	2019-05-16 05:06:00 UTC
 +++ mysys_ssl/my_crypt.cc
-@@ -30,7 +30,7 @@
+@@ -26,7 +26,7 @@
  #include <boost/move/unique_ptr.hpp>
  #include <boost/core/noncopyable.hpp>
  
@@ -9,7 +9,16 @@
  #define EVP_CIPHER_CTX_buf_noconst(ctx) ((ctx)->buf)
  #define RAND_OpenSSL() RAND_SSLeay()
  #endif
-@@ -95,7 +95,8 @@ MyEncryptionCTX::MyEncryptionCTX()
+@@ -80,7 +80,7 @@ class MyEncryptionCTX : private boost::noncopyable (pr
+ 
+ MyEncryptionCTX::MyEncryptionCTX()
+ {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+   ctx= new EVP_CIPHER_CTX();
+   EVP_CIPHER_CTX_init(ctx);
+ #else
+@@ -91,7 +91,8 @@ MyEncryptionCTX::MyEncryptionCTX()
  MyEncryptionCTX::~MyEncryptionCTX()
  {
    
@@ -19,3 +28,12 @@
    EVP_CIPHER_CTX_cleanup(ctx);
    delete ctx;
    ERR_remove_thread_state(0);
+@@ -340,7 +341,7 @@ int my_aes_crypt(const my_aes_mode mode, int flags,
+   res2= my_aes_crypt_finish(ctx, dst + d1, &d2);
+   if (res1 || res2)
+   {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+     /* in case of failure clear error queue */
+     ERR_remove_thread_state(0);
+ #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */

databases/percona57-server/files/patch-rapid_plugin_group_replication_libmysqlgcs_src_bindings_xcom_xcom_xcom_ssl_transport.c

@@ -0,0 +1,37 @@
+--- rapid/plugin/group_replication/libmysqlgcs/src/bindings/xcom/xcom/xcom_ssl_transport.c.orig	2020-03-23 17:35:17 UTC
++++ rapid/plugin/group_replication/libmysqlgcs/src/bindings/xcom/xcom/xcom_ssl_transport.c
+@@ -230,7 +230,7 @@ static int configure_ssl_algorithms(SSL_CTX* ssl_ctx, 
+                                     const char* tls_version)
+ {
+   DH *dh= NULL;
+-#ifdef HAVE_TLSv13
++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER)
+   /* We support TLS up to 1.2, so explicitly disable TLS 1.3. */
+   long ssl_ctx_options= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1_3;
+ #else
+@@ -255,14 +255,14 @@ static int configure_ssl_algorithms(SSL_CTX* ssl_ctx, 
+                     SSL_OP_NO_TLSv1 |
+                     SSL_OP_NO_TLSv1_1
+                     | SSL_OP_NO_TLSv1_2
+-#ifdef HAVE_TLSv13
++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER)
+                     | SSL_OP_NO_TLSv1_3
+ #endif /* HAVE_TLSv13 */
+                    );
+ 
+   SSL_CTX_set_options(ssl_ctx, ssl_ctx_options);
+ 
+-#ifdef HAVE_TLSv13
++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER)
+   /* We do not support TLS 1.3.
+      Setting empty TLS 1.3 ciphersuites disables them. */
+   if (SSL_CTX_set_ciphersuites(ssl_ctx, "") == 0)
+@@ -527,7 +527,7 @@ int xcom_init_ssl(const char *server_key_file, const c
+     break e.g. ODBC clients (if the client also uses SSL).
+   */
+ 
+-#if defined(HAVE_STATIC_OPENSSL)
++#if defined(HAVE_STATIC_OPENSSL) && !defined(LIBRESSL_VERSION_NUMBER)
+   OPENSSL_init_crypto(OPENSSL_INIT_NO_ATEXIT, NULL);
+ #else
+   SSL_library_init();

databases/percona57-server/files/patch-storage_rocksdb_CMakeLists.txt

@@ -1,6 +1,6 @@
 --- storage/rocksdb/CMakeLists.txt.orig	2019-05-16 05:06:00 UTC
 +++ storage/rocksdb/CMakeLists.txt
-@@ -23,8 +23,8 @@
+@@ -23,8 +23,8 @@ ELSE ()
  ENDIF ()
  
  # check platform support, no 32 bit
@@ -11,7 +11,7 @@
    RETURN ()
  ENDIF ()
  
-@@ -119,38 +119,11 @@ EXECUTE_PROCESS(
+@@ -111,50 +111,11 @@ EXECUTE_PROCESS(
  # split the list into lines
  STRING(REGEX MATCHALL "[^\n]+" ROCKSDB_LIB_SOURCES ${SCRIPT_OUTPUT})
  
@@ -28,12 +28,24 @@
 -  ${CMAKE_CURRENT_SOURCE_DIR}/third_party/zstd/lib/common/threading.c
 -  ${CMAKE_CURRENT_SOURCE_DIR}/third_party/zstd/lib/common/xxhash.c
 -  ${CMAKE_CURRENT_SOURCE_DIR}/third_party/zstd/lib/common/zstd_common.c
+-  ${CMAKE_CURRENT_SOURCE_DIR}/third_party/zstd/lib/compress/zstd_compress_literals.c
+-  ${CMAKE_CURRENT_SOURCE_DIR}/third_party/zstd/lib/compress/zstd_compress_sequences.c
+-  ${CMAKE_CURRENT_SOURCE_DIR}/third_party/zstd/lib/compress/zstd_double_fast.c
+-  ${CMAKE_CURRENT_SOURCE_DIR}/third_party/zstd/lib/compress/zstd_fast.c
+-  ${CMAKE_CURRENT_SOURCE_DIR}/third_party/zstd/lib/compress/zstd_lazy.c
+-  ${CMAKE_CURRENT_SOURCE_DIR}/third_party/zstd/lib/compress/zstd_ldm.c
+-  ${CMAKE_CURRENT_SOURCE_DIR}/third_party/zstd/lib/compress/zstd_opt.c
+-  ${CMAKE_CURRENT_SOURCE_DIR}/third_party/zstd/lib/compress/hist.c
 -  ${CMAKE_CURRENT_SOURCE_DIR}/third_party/zstd/lib/compress/fse_compress.c
 -  ${CMAKE_CURRENT_SOURCE_DIR}/third_party/zstd/lib/compress/huf_compress.c
 -  ${CMAKE_CURRENT_SOURCE_DIR}/third_party/zstd/lib/compress/zstd_compress.c
 -  ${CMAKE_CURRENT_SOURCE_DIR}/third_party/zstd/lib/compress/zstdmt_compress.c
 -  ${CMAKE_CURRENT_SOURCE_DIR}/third_party/zstd/lib/decompress/huf_decompress.c
 -  ${CMAKE_CURRENT_SOURCE_DIR}/third_party/zstd/lib/decompress/zstd_decompress.c
+-  ${CMAKE_CURRENT_SOURCE_DIR}/third_party/zstd/lib/decompress/zstd_decompress_block.c
+-  ${CMAKE_CURRENT_SOURCE_DIR}/third_party/zstd/lib/decompress/zstd_ddict.c
+-  ${CMAKE_CURRENT_SOURCE_DIR}/third_party/zstd/lib/dictBuilder/cover.c
+-  ${CMAKE_CURRENT_SOURCE_DIR}/third_party/zstd/lib/dictBuilder/fastcover.c
 -  ${CMAKE_CURRENT_SOURCE_DIR}/third_party/zstd/lib/dictBuilder/divsufsort.c
 -  ${CMAKE_CURRENT_SOURCE_DIR}/third_party/zstd/lib/dictBuilder/zdict.c
 -)
@@ -42,7 +54,7 @@
    ${CMAKE_CURRENT_SOURCE_DIR}/rocksdb
    ${CMAKE_CURRENT_SOURCE_DIR}/rocksdb/include
    ${CMAKE_CURRENT_SOURCE_DIR}/rocksdb/include/rocksdb
-   ${CMAKE_CURRENT_SOURCE_DIR}/rocksdb/third-party/gtest-1.7.0/fused-src
+   ${CMAKE_CURRENT_SOURCE_DIR}/rocksdb/third-party/gtest-1.8.1/fused-src
 -  ${CMAKE_CURRENT_SOURCE_DIR}/third_party/lz4/lib
 -  ${CMAKE_CURRENT_SOURCE_DIR}/third_party/zstd/lib
 -  ${CMAKE_CURRENT_SOURCE_DIR}/third_party/zstd/lib/common
@@ -50,12 +62,12 @@
  )
  
  ADD_DEFINITIONS(-DROCKSDB_PLATFORM_POSIX -DROCKSDB_LIB_IO_POSIX -DZLIB -DLZ4
-@@ -183,7 +156,7 @@ SET(ROCKSDB_SOURCES
+@@ -188,7 +149,7 @@ SET(ROCKSDB_SOURCES
    ${ROCKSDB_LIB_SOURCES}
  )
  
--SET(rocksdb_static_libs ${rocksdb_static_libs} ${ZLIB_LIBRARY} "-lrt")
-+SET(rocksdb_static_libs ${rocksdb_static_libs} ${ZLIB_LIBRARY} "-lrt -llz4 -lzstd")
+-SET(rocksdb_static_libs ${rocksdb_static_libs} ${ZLIB_LIBRARY} "-lrt" "-ldl")
++SET(rocksdb_static_libs ${rocksdb_static_libs} ${ZLIB_LIBRARY} "-lrt" "-ldl -llz4 -lzstd")
  
  MYSQL_ADD_PLUGIN(rocksdb ${ROCKSDB_SOURCES} STORAGE_ENGINE DEFAULT MODULE_ONLY
    LINK_LIBRARIES ${rocksdb_static_libs}

databases/percona57-server/files/patch-vio_viossl.c

@@ -0,0 +1,20 @@
+--- vio/viossl.c.orig	2020-05-13 20:59:55 UTC
++++ vio/viossl.c
+@@ -396,7 +396,7 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio,
+ #if !defined(DBUG_OFF)
+   {
+     STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
+-    ssl_comp_methods = SSL_COMP_get_compression_methods();
++    ssl_comp_methods = (STACK_OF(SSL_COMP) *)SSL_COMP_get_compression_methods();
+     n= sk_SSL_COMP_num(ssl_comp_methods);
+     DBUG_PRINT("info", ("Available compression methods:\n"));
+     if (n == 0)
+@@ -405,7 +405,7 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio,
+       for (j = 0; j < n; j++)
+       {
+         SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+         DBUG_PRINT("info", ("  %d: %s\n", c->id, c->name));
+ #else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+         DBUG_PRINT("info", ("  %d: %s\n", SSL_COMP_get_id(c), SSL_COMP_get0_name(c)));

databases/percona57-server/files/patch-vio_viosslfactories.c

@@ -1,6 +1,6 @@
---- vio/viosslfactories.c.orig	2019-05-16 05:06:00 UTC
+--- vio/viosslfactories.c.orig	2020-05-13 20:59:55 UTC
 +++ vio/viosslfactories.c
-@@ -123,7 +123,7 @@ static DH *get_dh2048(void)
+@@ -126,7 +126,7 @@ static DH *get_dh2048(void)
    {
      BIGNUM* p= BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
      BIGNUM* g= BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
@@ -9,3 +9,37 @@
      dh->p= p;
      dh->g= g;
      if (! dh->p || ! dh->g)
+@@ -500,7 +500,7 @@ new_VioSSLFd(const char *key_file, const char *cert_fi
+   struct st_VioSSLFd *ssl_fd;
+   /* MySQL 5.7 supports TLS up to v1.2, explicitly disable TLSv1.3. */
+   long ssl_ctx_options= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3
+-#ifdef HAVE_TLSv13
++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER)
+                         | SSL_OP_NO_TLSv1_3
+ #endif /* HAVE_TLSv13 */
+                         ;
+@@ -536,7 +536,7 @@ new_VioSSLFd(const char *key_file, const char *cert_fi
+                     SSL_OP_NO_TLSv1 |
+                     SSL_OP_NO_TLSv1_1
+                     | SSL_OP_NO_TLSv1_2
+-#ifdef HAVE_TLSv13
++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER)
+                     | SSL_OP_NO_TLSv1_3
+ #endif /* HAVE_TLSv13 */
+                     | SSL_OP_NO_TICKET
+@@ -557,6 +557,7 @@ new_VioSSLFd(const char *key_file, const char *cert_fi
+     DBUG_RETURN(0);
+   }
+ 
++#ifndef LIBRESSL_VERSION_NUMBER
+   SSL_CTX_set_options(ssl_fd->ssl_context, ssl_ctx_options);
+ 
+ #ifdef HAVE_TLSv13
+@@ -573,6 +574,7 @@ new_VioSSLFd(const char *key_file, const char *cert_fi
+     DBUG_RETURN(0);
+   }
+ #endif /* HAVE_TLSv13 */
++#endif /* LIBRESSL_VERSION_NUMBER */
+ 
+   /*
+     We explicitly prohibit weak ciphers.