From 3cf7c3ef441822c889356fd1812ebf2944a59851 Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@redcorelinux.org>
Date: Tue, 25 Aug 2020 10:45:55 +0100
Subject: gentoo resync : 25.08.2020

---
 dev-db/mysql-connector-c/Manifest                  |  16 +-
 .../files/20028_all_mysql-5.6-gcc7.patch           |  13 -
 .../files/6.1.11-openssl-1.1.patch                 | 300 -----------------
 ...include-path-for-udf_registration_types-h.patch |  24 --
 .../files/mysql-connector-c-8.0.19-libressl.patch  | 297 -----------------
 .../files/mysql-connector-c-8.0.20-libressl.patch  | 332 -------------------
 .../files/mysql-connector-c-8.0.21-libressl.patch  | 356 +++++++++++++++++++++
 ...-c-8.0.21-survive-malformed-charset-files.patch |  18 ++
 dev-db/mysql-connector-c/files/mysql_com.patch     |  31 --
 .../mysql-connector-c-6.1.11-r2.ebuild             |  83 -----
 .../mysql-connector-c-8.0.19.ebuild                | 111 -------
 .../mysql-connector-c-8.0.20.ebuild                | 111 -------
 .../mysql-connector-c-8.0.21-r2.ebuild             | 114 +++++++
 13 files changed, 492 insertions(+), 1314 deletions(-)
 delete mode 100644 dev-db/mysql-connector-c/files/20028_all_mysql-5.6-gcc7.patch
 delete mode 100644 dev-db/mysql-connector-c/files/6.1.11-openssl-1.1.patch
 delete mode 100644 dev-db/mysql-connector-c/files/mysql-connector-c-8.0.17-use-relative-include-path-for-udf_registration_types-h.patch
 delete mode 100644 dev-db/mysql-connector-c/files/mysql-connector-c-8.0.19-libressl.patch
 delete mode 100644 dev-db/mysql-connector-c/files/mysql-connector-c-8.0.20-libressl.patch
 create mode 100644 dev-db/mysql-connector-c/files/mysql-connector-c-8.0.21-libressl.patch
 create mode 100644 dev-db/mysql-connector-c/files/mysql-connector-c-8.0.21-survive-malformed-charset-files.patch
 delete mode 100644 dev-db/mysql-connector-c/files/mysql_com.patch
 delete mode 100644 dev-db/mysql-connector-c/mysql-connector-c-6.1.11-r2.ebuild
 delete mode 100644 dev-db/mysql-connector-c/mysql-connector-c-8.0.19.ebuild
 delete mode 100644 dev-db/mysql-connector-c/mysql-connector-c-8.0.20.ebuild
 create mode 100644 dev-db/mysql-connector-c/mysql-connector-c-8.0.21-r2.ebuild

(limited to 'dev-db/mysql-connector-c')

diff --git a/dev-db/mysql-connector-c/Manifest b/dev-db/mysql-connector-c/Manifest
index 45c8544954b0..1c0d7f64fa63 100644
--- a/dev-db/mysql-connector-c/Manifest
+++ b/dev-db/mysql-connector-c/Manifest
@@ -1,15 +1,7 @@
-AUX 20028_all_mysql-5.6-gcc7.patch 603 BLAKE2B f03dc2e39dca4496cc084b427daa60014464876df456bf290a5de3431b481691a35ac9ac00d71cc86931efe3bca70dae012bedefc6d29ad7fec2feeb07cce014 SHA512 f9dab813418f38f3a877b8672cdec153d6f0f289144c35277e8275cc7a58195f974b7bf76b74f8dd2403643b1199f5e6d6bcde661ce5f79f614ff10347b52278
-AUX 6.1.11-openssl-1.1.patch 8987 BLAKE2B 8bd00bb778e086cbdcd04b6ac904f36bd64bbbb332f913129eb3acbaf6da4d044fdc65523626a9fed47d6bf5859826af489bd9ae7ae51664c613c966a88708ba SHA512 46af56504ed2a69ce74a5e2040ee8b3355f5ac48fb80e4668b635f01a2650d07f50dd098ad43239e8b35a80e975a5a9549bd1b1a9c1a0612ed9e4750b537bb76
-AUX mysql-connector-c-8.0.17-use-relative-include-path-for-udf_registration_types-h.patch 684 BLAKE2B 10007011b38462ffa8b539f9ac531c715fcead4e6bb1d1c04ea8055decc0aa6eda8b22e3967d91773316d04062ca231cf8561ce72ab2b5aaeaf37a0bb425c7f5 SHA512 d0e60dff5faa7b6c71878803d598b46266021029c874c8f6834d496de10ddf42d3b806fae3c6d532c1890cb5f491bbd69235bd1ac919848011a9ca57c465ce1c
 AUX mysql-connector-c-8.0.18-always-build-decompress-utilities.patch 874 BLAKE2B 1622ba22ebb68d8b72499efec3075bbbe157b1ceaab5651dbc6dea996c831159161878a859972119dd4d5c20bb631681efb00b8d9715b3097890def8016898f4 SHA512 02ae005e8ac710dcc75f07011006df63a6d22f030b4eff0c6d28f78b083b1d7385190c9080812b5c9c2a84ad66972594b7d79a1485285c9ad76245577d42e528
 AUX mysql-connector-c-8.0.19-do-not-install-comp_err.patch 307 BLAKE2B 864c07e9d4fb9a38ac418476f4b7738caa1f2a5dc633ad5921859793983c7b42acd87263ce2703df5a8c7d3bc3d7a60efb28a3ff17c311d89cc7b12edd22574f SHA512 cbb9be24a67a649b68230fe3482063d2d16fb629233e070289eb1ab0011bd8c43b0c056e4b6ca430a62ce0e8f47bb9490cb6746b7dc3fe06a05670b078cd084f
-AUX mysql-connector-c-8.0.19-libressl.patch 10501 BLAKE2B 73a31afdbbb591cadd45f158ca16c39344f540459b20683e5998f0e0f0d593dfd06e7198d3d8a5e06f8e65ff6b7a5f79435a1face9997f3316e487ef1e081459 SHA512 1d8e75e8ba6866ff4d0dced7211607e41033bbdfabd0f8a670ac221e7366e272cfc2b9c4d0f259e5d33ed486e9697bcefbdb0e6a0cd65ed2811b63e9cf1610f3
-AUX mysql-connector-c-8.0.20-libressl.patch 11923 BLAKE2B a545f2570e744cce7e4e59109daebfd2f29d2065bfeadbb48f9d910c3d2d24e5fe24064e6453e6f423a241b59a69f26492a0cd82801e81f2eec13674291a4abe SHA512 cee40efd1ce9806fb36d0d36374b2d231a45553a2ff595d5e752f1b0ae80a9bb61cfeaa7a280f51f290580de777517524eac563028c747dbc2ac7b269cc1dcb4
-AUX mysql_com.patch 1787 BLAKE2B 4fbd40325f400586926072927b3f07231d577f18c1e30951c34c36ded9b9e42b7c3dc47ca51df974265c28b40116e30274d8a73d6a843e5d9d0074430bc17b08 SHA512 340365b05d72045af0ef12fd5c260a796be547d9abb97a6ef3d6aaf30aecf29368c1dfa28f1284da544a81656f0436f11ada2f8c5cb481540d1f1c90dd354b49
-DIST mysql-boost-8.0.19.tar.gz 264147972 BLAKE2B 61a5ccbef1a7a675c85e4e6bda8e5285bdb931e6ee14d4710bf13dfd9157d1095200db2886dc93ea7251d3d59245f35c0bef5ba88ba6aac209b1e080f3b07dc4 SHA512 5ffc03f005ab2585694902e926b6cb2b10059b2b030549eccd3949f9c3b2f02626d02529f940dec003f2d69683856fd1c720ff12f89dfbdc48befaf24a9c4d01
-DIST mysql-boost-8.0.20.tar.gz 266282970 BLAKE2B 2aeb9d6c575ed9dc2d00d3e51e6391c59ffa39156491d9ed2c07e19bb2efb88a14d5a9d4b537c137d71854e39fa3a7fc2b93618118d4fd062e92ba2d83783c6f SHA512 7a962e9ddec7069008c5ab6ac2801515e2661ca2875afc6141541c03e2f941f4255b3c0d806a4df2fd2f2f1d12323aeb1e456c1d364777a18ccebefad7b22a99
-DIST mysql-connector-c-6.1.11-src.tar.gz 3489345 BLAKE2B 813512520ef660521221565a4466e81d902629d0ee731f746b68eed2b9129ea8361fcabe184537ec8ba91aed5a4b02dfb3450b36524c2e98f81fba148eee0cf1 SHA512 271395c888a93b833e0bbe1840b9987ecdb37d0f1cf89904207cc9aa99ed32e538aee8c9529ff39b6533947159776a8f5aa079da86ed51b1d26b086f4ffdd7c6
-EBUILD mysql-connector-c-6.1.11-r2.ebuild 2287 BLAKE2B 831b0960af0f087357840434bf61ef773df2a98357fec736c9279fff8f44e9d68384aca45381aa9b332137f5ba6b3ab9478fb3c21169893a520f9017508ee827 SHA512 f06aef9d2d5e2bc0a607d66d10b7cd755e34cf5167f0fb2b2ed5595f50b8f8d6f41e839879c343ec272121f4c1c1d71ff6ada70e40f7cd9ea69b8fd385b85abd
-EBUILD mysql-connector-c-8.0.19.ebuild 2927 BLAKE2B 37b57beb51549b94d75bf1695b93914042303f933e5294e9b73804ab7a6bae986ac89db6e648f78e9b1fcf106cfab143f4942da76ed930cf71b5f14fde9c7709 SHA512 d6404f3558f254a08702dea0036d346155e83dc6695b1237e0da9d17cb5aa85e32a3c60195d461cf33d976be2ec9af2519abb16aab16a1b73c27c34e38bd88b2
-EBUILD mysql-connector-c-8.0.20.ebuild 2936 BLAKE2B cc7571d0d64f102259368c247f8c992997965f985b3582c72d36457798e6341844f349b4de635dd0a94bb2092505e071eff4de64b8e96f90f145123a8f6b462a SHA512 5b7b0134429713e44c6c4f98ce8b04cdd0bedc9520c72772a274cb522a3590e856455553cbb83d868b3fee606e9a00fff233a6358bb0d635811d4c2a0b1f5450
+AUX mysql-connector-c-8.0.21-libressl.patch 13288 BLAKE2B 5aad519f99103e579356d89ae92dda1e2496268cebdfe8dd3797138a5efe03370365225581399bb2373b847f61e2b4be726d940cde624d3cdda94b5c69904a3a SHA512 f4d057ce159153133e100c71c65f75bd558ba1ea914cd878023dc4e4a628d63b60d0ac671a97d26863b3f48c3dc8984317bb09362378c3b96b8ed47f08c1f6ea
+AUX mysql-connector-c-8.0.21-survive-malformed-charset-files.patch 580 BLAKE2B 76ea04058e14dce1cdd057b51e17d358ff582c82f27a537fb47aa66d58c88327231ca10755a6e02d0c1dab5c67d6eb92d9e9d5d74038595a203b65d3372d4577 SHA512 d8075a712bf12697499b1da2df7f43662bcce073113193e4b29261f965f10af43b1d529f1fe14ffed6c7c9bda3d3b0a61a2b3462e865724496d3d80f10c5264e
+DIST mysql-boost-8.0.21.tar.gz 278292192 BLAKE2B 9e5a14d1401f58f6f620c8691d2d4d3ada122a79a4e081380050961f0add93bf32b682c60ea2a6e58f50a4fcedbd323d8efe2d5f3e1f2bba5010e201a2df5d44 SHA512 18128edd7d9604ea69bd308f372d6663ef3629503969148e3a2117175c4ef625358b31b96e0e1b8d10a87037719e3cb61d5c71eee1e26ab0e0a1731977a2d7c1
+EBUILD mysql-connector-c-8.0.21-r2.ebuild 3002 BLAKE2B bd309386636ee9e1e6cb5f2019e06718036ada58e0dfd6b6b9f94228ea129d348dd8f08306af2ae85b3d68bcb7f936e06dfe2a889483dd62f148fa299bf57efd SHA512 ee1811c9c6c4e1dd27ece9a70d6e6ca174f2d0419704a4612a97e7421505884adee9e2db97282e9ecc341c09bd6381a3d7572d32dc4ce9031793977583720921
 MISC metadata.xml 239 BLAKE2B c4d6706d083b72927d239f41a644a4009c054c1c1a388af7733d3a2daf47d354009eb472573304a6be272601f05535297bcd9ceaea811a741cd905577ffe53d1 SHA512 e6e2fafe2f503db1d12e3d2368a99631ee8d014b7ea802d9879e7e3e2c0f9378675fffccd78ed09b914ae781ac3902567b1a53a721906e3ea63ceb51d0a1654b
diff --git a/dev-db/mysql-connector-c/files/20028_all_mysql-5.6-gcc7.patch b/dev-db/mysql-connector-c/files/20028_all_mysql-5.6-gcc7.patch
deleted file mode 100644
index cf8caedb7f1b..000000000000
--- a/dev-db/mysql-connector-c/files/20028_all_mysql-5.6-gcc7.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/sql-common/client_authentication.cc b/sql-common/client_authentication.cc
-index eaeb2d4..035ecd2 100644
---- a/sql-common/client_authentication.cc
-+++ b/sql-common/client_authentication.cc
-@@ -84,7 +84,7 @@ RSA *rsa_init(MYSQL *mysql)
- 
-   if (mysql->options.extension != NULL &&
-       mysql->options.extension->server_public_key_path != NULL &&
--      mysql->options.extension->server_public_key_path != '\0')
-+      mysql->options.extension->server_public_key_path[0] != '\0')
-   {
-     pub_key_file= fopen(mysql->options.extension->server_public_key_path,
-                         "r");
diff --git a/dev-db/mysql-connector-c/files/6.1.11-openssl-1.1.patch b/dev-db/mysql-connector-c/files/6.1.11-openssl-1.1.patch
deleted file mode 100644
index 3459206e4f76..000000000000
--- a/dev-db/mysql-connector-c/files/6.1.11-openssl-1.1.patch
+++ /dev/null
@@ -1,300 +0,0 @@
-From 7961393dd45e4ad1cdc7544b4bba2e98a5d2760c Mon Sep 17 00:00:00 2001
-From: eroen <eroen@occam.eroen.eu>
-Date: Fri, 20 Jan 2017 14:43:53 +0100
-Subject: [PATCH] Don't use deprecated API with openssl 1.1
-
-If openssl 1.1.0 is built with `--api=1.1 disable-deprecated`, using
-deprecated APIs causes build errors.
-
-X-Gentoo-Bug: 606600
-X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=606600
----
- mysys_ssl/my_aes_openssl.cc | 54 ++++++++++++++++++++++++++++++++-------------
- sql-common/client.c         | 16 ++++++++++++--
- vio/viossl.c                |  8 +++++++
- vio/viosslfactories.c       | 23 +++++++++++++++++++
- 4 files changed, 84 insertions(+), 17 deletions(-)
-
-diff --git a/mysys_ssl/my_aes_openssl.cc b/mysys_ssl/my_aes_openssl.cc
-index 261ba8a..59a95e3 100644
---- a/mysys_ssl/my_aes_openssl.cc
-+++ b/mysys_ssl/my_aes_openssl.cc
-@@ -22,6 +22,12 @@ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA */
- #include <openssl/evp.h>
- #include <openssl/err.h>
- #include <openssl/bio.h>
-+#include <openssl/opensslv.h>
-+
-+#if (defined LIBRESSL_VERSION_NUMBER && OPENSSL_VERSION_NUMBER == 0x20000000L)
-+#undef OPENSSL_VERSION_NUMBER
-+#define OPENSSL_VERSION_NUMBER 0x1000107fL
-+#endif
- 
- /*
-   xplugin needs BIO_new_bio_pair, but the server does not.
-@@ -122,7 +128,7 @@ int my_aes_encrypt(const unsigned char *source, uint32 source_length,
-                    enum my_aes_opmode mode, const unsigned char *iv,
-                    bool padding)
- {
--  EVP_CIPHER_CTX ctx;
-+  EVP_CIPHER_CTX *ctx;
-   const EVP_CIPHER *cipher= aes_evp_type(mode);
-   int u_len, f_len;
-   /* The real key to be used for encryption */
-@@ -132,23 +138,31 @@ int my_aes_encrypt(const unsigned char *source, uint32 source_length,
-   if (!cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
-     return MY_AES_BAD_DATA;
- 
--  if (!EVP_EncryptInit(&ctx, cipher, rkey, iv))
-+  if (!EVP_EncryptInit(ctx, cipher, rkey, iv))
-     goto aes_error;                             /* Error */
--  if (!EVP_CIPHER_CTX_set_padding(&ctx, padding))
-+  if (!EVP_CIPHER_CTX_set_padding(ctx, padding))
-     goto aes_error;                             /* Error */
--  if (!EVP_EncryptUpdate(&ctx, dest, &u_len, source, source_length))
-+  if (!EVP_EncryptUpdate(ctx, dest, &u_len, source, source_length))
-     goto aes_error;                             /* Error */
- 
--  if (!EVP_EncryptFinal(&ctx, dest + u_len, &f_len))
-+  if (!EVP_EncryptFinal(ctx, dest + u_len, &f_len))
-     goto aes_error;                             /* Error */
- 
--  EVP_CIPHER_CTX_cleanup(&ctx);
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+  EVP_CIPHER_CTX_cleanup(ctx);
-+#else
-+  EVP_CIPHER_CTX_free(ctx);
-+#endif
-   return u_len + f_len;
- 
- aes_error:
-   /* need to explicitly clean up the error if we want to ignore it */
-   ERR_clear_error();
--  EVP_CIPHER_CTX_cleanup(&ctx);
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+  EVP_CIPHER_CTX_cleanup(ctx);
-+#else
-+  EVP_CIPHER_CTX_free(ctx);
-+#endif
-   return MY_AES_BAD_DATA;
- }
- 
-@@ -159,7 +173,7 @@ int my_aes_decrypt(const unsigned char *source, uint32 source_length,
-                    bool padding)
- {
- 
--  EVP_CIPHER_CTX ctx;
-+  EVP_CIPHER_CTX *ctx;
-   const EVP_CIPHER *cipher= aes_evp_type(mode);
-   int u_len, f_len;
- 
-@@ -170,24 +184,34 @@ int my_aes_decrypt(const unsigned char *source, uint32 source_length,
-   if (!cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
-     return MY_AES_BAD_DATA;
- 
--  EVP_CIPHER_CTX_init(&ctx);
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+  EVP_CIPHER_CTX_init(ctx);
-+#endif
- 
--  if (!EVP_DecryptInit(&ctx, aes_evp_type(mode), rkey, iv))
-+  if (!EVP_DecryptInit(ctx, aes_evp_type(mode), rkey, iv))
-     goto aes_error;                             /* Error */
--  if (!EVP_CIPHER_CTX_set_padding(&ctx, padding))
-+  if (!EVP_CIPHER_CTX_set_padding(ctx, padding))
-     goto aes_error;                             /* Error */
--  if (!EVP_DecryptUpdate(&ctx, dest, &u_len, source, source_length))
-+  if (!EVP_DecryptUpdate(ctx, dest, &u_len, source, source_length))
-     goto aes_error;                             /* Error */
--  if (!EVP_DecryptFinal_ex(&ctx, dest + u_len, &f_len))
-+  if (!EVP_DecryptFinal_ex(ctx, dest + u_len, &f_len))
-     goto aes_error;                             /* Error */
- 
--  EVP_CIPHER_CTX_cleanup(&ctx);
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+  EVP_CIPHER_CTX_cleanup(ctx);
-+#else
-+  EVP_CIPHER_CTX_free(ctx);
-+#endif
-   return u_len + f_len;
- 
- aes_error:
-   /* need to explicitly clean up the error if we want to ignore it */
-   ERR_clear_error();
--  EVP_CIPHER_CTX_cleanup(&ctx);
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+  EVP_CIPHER_CTX_cleanup(ctx);
-+#else
-+  EVP_CIPHER_CTX_free(ctx);
-+#endif
-   return MY_AES_BAD_DATA;
- }
- 
-diff --git a/sql-common/client.c b/sql-common/client.c
-index 9e88e9f..fe7daf7 100644
---- a/sql-common/client.c
-+++ b/sql-common/client.c
-@@ -86,6 +86,14 @@ my_bool	net_flush(NET *net);
- #  include <sys/un.h>
- #endif
- 
-+#ifdef HAVE_OPENSSL
-+#include <openssl/opensslv.h>
-+#if (defined LIBRESSL_VERSION_NUMBER && OPENSSL_VERSION_NUMBER == 0x20000000L)
-+#undef OPENSSL_VERSION_NUMBER
-+#define OPENSSL_VERSION_NUMBER 0x1000107fL
-+#endif
-+#endif
-+
- #ifndef _WIN32
- #include <errno.h>
- #define SOCKET_ERROR -1
-@@ -2685,7 +2693,7 @@ static int ssl_verify_server_cert(Vio *vio, const char* server_hostname, const c
- {
-   SSL *ssl;
-   X509 *server_cert= NULL;
--  char *cn= NULL;
-+  const char *cn= NULL;
-   int cn_loc= -1;
-   ASN1_STRING *cn_asn1= NULL;
-   X509_NAME_ENTRY *cn_entry= NULL;
-@@ -2757,7 +2765,11 @@ static int ssl_verify_server_cert(Vio *vio, const char* server_hostname, const c
-     goto error;
-   }
- 
--  cn= (char *) ASN1_STRING_data(cn_asn1);
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+  cn= (const char *) ASN1_STRING_data(cn_asn1);
-+#else
-+  cn= (const char *) ASN1_STRING_get0_data(cn_asn1);
-+#endif
- 
-   // There should not be any NULL embedded in the CN
-   if ((size_t)ASN1_STRING_length(cn_asn1) != strlen(cn))
-diff --git a/vio/viossl.c b/vio/viossl.c
-index 5622cb7..94b0f09 100644
---- a/vio/viossl.c
-+++ b/vio/viossl.c
-@@ -24,6 +24,12 @@
- 
- #ifdef HAVE_OPENSSL
- 
-+#include <openssl/opensslv.h>
-+#if (defined LIBRESSL_VERSION_NUMBER && OPENSSL_VERSION_NUMBER == 0x20000000L)
-+#undef OPENSSL_VERSION_NUMBER
-+#define OPENSSL_VERSION_NUMBER 0x1000107fL
-+#endif
-+
- #ifndef DBUG_OFF
- 
- static void
-@@ -310,8 +316,10 @@ void vio_ssl_delete(Vio *vio)
-   }
- 
- #ifndef HAVE_YASSL
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-   ERR_remove_thread_state(0);
- #endif
-+#endif
- 
-   vio_delete(vio);
- }
-@@ -427,7 +427,12 @@
-       for (j = 0; j < n; j++)
-       {
-         SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j);
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-         DBUG_PRINT("info", ("  %d: %s\n", c->id, c->name));
-+#else  /* OPENSSL_VERSION_NUMBER < 0x10100000L */
-+        DBUG_PRINT("info",
-+                   ("  %d: %s\n", SSL_COMP_get_id(c), SSL_COMP_get0_name(c)));
-+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
-       }
-   }
- #endif
-diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c
-index da5449a..87b30c3 100644
---- a/vio/viosslfactories.c
-+++ b/vio/viosslfactories.c
-@@ -16,6 +16,14 @@
- #include "vio_priv.h"
- 
- #ifdef HAVE_OPENSSL
-+#include <openssl/bn.h>
-+#include <openssl/dh.h>
-+#include <openssl/opensslv.h>
-+
-+#if (defined LIBRESSL_VERSION_NUMBER && OPENSSL_VERSION_NUMBER == 0x20000000L)
-+#undef OPENSSL_VERSION_NUMBER
-+#define OPENSSL_VERSION_NUMBER 0x1000107fL
-+#endif
- 
- #define TLS_VERSION_OPTION_SIZE 256
- #define SSL_CIPHER_LIST_SIZE 4096
-@@ -121,10 +129,18 @@ static DH *get_dh2048(void)
-   DH *dh;
-   if ((dh=DH_new()))
-   {
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-     dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
-     dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
-     if (! dh->p || ! dh->g)
-     {
-+#else
-+    if (! DH_set0_pqg(dh,
-+              BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL),
-+              NULL,
-+              BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL)))
-+    {
-+#endif
-       DH_free(dh);
-       dh=0;
-     }
-@@ -247,6 +263,8 @@ typedef struct CRYPTO_dynlock_value
- } openssl_lock_t;
- 
- 
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+
- /* Array of locks used by openssl internally for thread synchronization.
-    The number of locks is equal to CRYPTO_num_locks.
- */
-@@ -389,9 +407,11 @@ static void deinit_lock_callback_functions()
- {
-   set_lock_callback_functions(FALSE);
- }
-+#endif
- 
- void vio_ssl_end()
- {
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-   int i= 0;
- 
-   if (ssl_initialized) {
-@@ -409,6 +429,7 @@ void vio_ssl_end()
- 
-     ssl_initialized= FALSE;
-   }
-+#endif
- }
- 
- #endif //OpenSSL specific
-@@ -419,6 +440,7 @@ void ssl_start()
-   {
-     ssl_initialized= TRUE;
- 
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-     SSL_library_init();
-     OpenSSL_add_all_algorithms();
-     SSL_load_error_strings();
-@@ -427,6 +449,7 @@ void ssl_start()
-     init_ssl_locks();
-     init_lock_callback_functions();
- #endif
-+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
-   }
- }
- 
--- 
-2.11.0
-
diff --git a/dev-db/mysql-connector-c/files/mysql-connector-c-8.0.17-use-relative-include-path-for-udf_registration_types-h.patch b/dev-db/mysql-connector-c/files/mysql-connector-c-8.0.17-use-relative-include-path-for-udf_registration_types-h.patch
deleted file mode 100644
index 8fabd9952cc4..000000000000
--- a/dev-db/mysql-connector-c/files/mysql-connector-c-8.0.17-use-relative-include-path-for-udf_registration_types-h.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-https://bugs.gentoo.org/692644
-
---- a/include/mysql.h.pp
-+++ b/include/mysql.h.pp
-@@ -175,7 +175,7 @@ struct rand_struct {
-   unsigned long seed1, seed2, max_value;
-   double max_value_dbl;
- };
--#include <mysql/udf_registration_types.h>
-+#include "mysql/udf_registration_types.h"
- enum Item_result {
-   INVALID_RESULT = -1,
-   STRING_RESULT = 0,
---- a/include/mysql_com.h
-+++ b/include/mysql_com.h
-@@ -1002,7 +1002,7 @@ struct rand_struct {
- };
- 
- /* Include the types here so existing UDFs can keep compiling */
--#include <mysql/udf_registration_types.h>
-+#include "mysql/udf_registration_types.h"
- 
- /**
-   @addtogroup group_cs_compresson_constants Constants when using compression
diff --git a/dev-db/mysql-connector-c/files/mysql-connector-c-8.0.19-libressl.patch b/dev-db/mysql-connector-c/files/mysql-connector-c-8.0.19-libressl.patch
deleted file mode 100644
index 1fc949ae8564..000000000000
--- a/dev-db/mysql-connector-c/files/mysql-connector-c-8.0.19-libressl.patch
+++ /dev/null
@@ -1,297 +0,0 @@
---- a/cmake/ssl.cmake
-+++ b/cmake/ssl.cmake
-@@ -229,13 +229,14 @@ MACRO (MYSQL_CHECK_SSL)
-         OPENSSL_FIX_VERSION "${OPENSSL_VERSION_NUMBER}"
-         )
-     ENDIF()
--    IF("${OPENSSL_MAJOR_VERSION}.${OPENSSL_MINOR_VERSION}.${OPENSSL_FIX_VERSION}" VERSION_GREATER "1.1.0")
-+    CHECK_SYMBOL_EXISTS(TLS1_3_VERSION "openssl/tls1.h" HAVE_TLS1_3_VERSION)
-+    IF(HAVE_TLS1_3_VERSION)
-        ADD_DEFINITIONS(-DHAVE_TLSv13)
-     ENDIF()
-     IF(OPENSSL_INCLUDE_DIR AND
-        OPENSSL_LIBRARY   AND
-        CRYPTO_LIBRARY      AND
--       OPENSSL_MAJOR_VERSION STREQUAL "1"
-+       OPENSSL_MAJOR_VERSION VERSION_GREATER_EQUAL "1"
-       )
-       SET(OPENSSL_FOUND TRUE)
-       FIND_PROGRAM(OPENSSL_EXECUTABLE openssl
---- a/mysys/my_md5.cc
-+++ b/mysys/my_md5.cc
-@@ -56,7 +56,9 @@ static void my_md5_hash(unsigned char *digest, unsigned const char *buf,
- int compute_md5_hash(char *digest, const char *buf, int len) {
-   int retval = 0;
-   int fips_mode = 0;
-+#ifndef LIBRESSL_VERSION_NUMBER
-   fips_mode = FIPS_mode();
-+#endif
-   /* If fips mode is ON/STRICT restricted method calls will result into abort,
-    * skipping call. */
-   if (fips_mode == 0) {
---- a/plugin/group_replication/libmysqlgcs/src/bindings/xcom/xcom/xcom_ssl_transport.c
-+++ b/plugin/group_replication/libmysqlgcs/src/bindings/xcom/xcom/xcom_ssl_transport.c
-@@ -329,6 +329,7 @@ error:
-   return 1;
- }
- 
-+#ifndef LIBRESSL_VERSION_NUMBER
- #define OPENSSL_ERROR_LENGTH 512
- static int configure_ssl_fips_mode(const uint fips_mode) {
-   int rc = -1;
-@@ -352,6 +353,7 @@ static int configure_ssl_fips_mode(const uint fips_mode) {
- EXIT:
-   return rc;
- }
-+#endif
- 
- static int configure_ssl_ca(SSL_CTX *ssl_ctx, const char *ca_file,
-                             const char *ca_path) {
-@@ -555,10 +557,12 @@ int xcom_init_ssl(const char *server_key_file, const char *server_cert_file,
-   int verify_server = SSL_VERIFY_NONE;
-   int verify_client = SSL_VERIFY_NONE;
- 
-+#ifndef LIBRESSL_VERSION_NUMBER
-   if (configure_ssl_fips_mode(ssl_fips_mode) != 1) {
-     G_ERROR("Error setting the ssl fips mode");
-     goto error;
-   }
-+#endif
- 
-   SSL_library_init();
-   SSL_load_error_strings();
-@@ -622,7 +626,7 @@ error:
- void xcom_cleanup_ssl() {
-   if (!xcom_use_ssl()) return;
- 
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-   ERR_remove_thread_state(0);
- #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
- }
---- a/plugin/x/client/xconnection_impl.cc
-+++ b/plugin/x/client/xconnection_impl.cc
-@@ -520,6 +520,7 @@ XError Connection_impl::get_ssl_error(const int error_id) {
-   return XError(CR_SSL_CONNECTION_ERROR, buffer);
- }
- 
-+#ifndef LIBRESSL_VERSION_NUMBER
- /**
-   Set fips mode in openssl library,
-   When we set fips mode ON/STRICT, it will perform following operations:
-@@ -559,6 +560,7 @@ int set_fips_mode(const uint32_t fips_mode,
- EXIT:
-   return rc;
- }
-+#endif
- 
- XError Connection_impl::activate_tls() {
-   if (nullptr == m_vio) return get_socket_error(SOCKET_ECONNRESET);
-@@ -569,12 +571,14 @@ XError Connection_impl::activate_tls() {
-   if (!m_context->m_ssl_config.is_configured())
-     return XError{CR_SSL_CONNECTION_ERROR, ER_TEXT_TLS_NOT_CONFIGURATED, true};
- 
-+#ifndef LIBRESSL_VERSION_NUMBER
-   char err_string[OPENSSL_ERROR_LENGTH] = {'\0'};
-   if (set_fips_mode(
-           static_cast<uint32_t>(m_context->m_ssl_config.m_ssl_fips_mode),
-           err_string) != 1) {
-     return XError{CR_SSL_CONNECTION_ERROR, err_string, true};
-   }
-+#endif
-   auto ssl_ctx_flags = process_tls_version(
-       details::null_when_empty(m_context->m_ssl_config.m_tls_version));
- 
---- a/router/src/http/src/tls_client_context.cc
-+++ b/router/src/http/src/tls_client_context.cc
-@@ -54,7 +54,7 @@ void TlsClientContext::verify(TlsVerify verify) {
- 
- void TlsClientContext::cipher_suites(const std::string &ciphers) {
- // TLSv1.3 ciphers are controlled via SSL_CTX_set_ciphersuites()
--#if OPENSSL_VERSION_NUMBER >= ROUTER_OPENSSL_VERSION(1, 1, 1)
-+#ifdef TLS1_3_VERSION
-   if (1 != SSL_CTX_set_ciphersuites(ssl_ctx_.get(), ciphers.c_str())) {
-     throw TlsError("set-cipher-suites");
-   }
---- a/router/src/http/src/tls_context.cc
-+++ b/router/src/http/src/tls_context.cc
-@@ -91,7 +91,7 @@ static int o11x_version(TlsVersion version) {
-       return TLS1_1_VERSION;
-     case TlsVersion::TLS_1_2:
-       return TLS1_2_VERSION;
--#if OPENSSL_VERSION_NUMBER >= ROUTER_OPENSSL_VERSION(1, 1, 1)
-+#ifdef TLS1_3_VERSION
-     case TlsVersion::TLS_1_3:
-       return TLS1_3_VERSION;
- #endif
-@@ -120,9 +120,11 @@ void TlsContext::version_range(TlsVersion min_version, TlsVersion max_version) {
-   switch (min_version) {
-     default:
-       // unknown, leave all disabled
-+#ifdef TLS1_3_VERSION
-       // fallthrough
-     case TlsVersion::TLS_1_3:
-       opts |= SSL_OP_NO_TLSv1_2;
-+#endif
-       // fallthrough
-     case TlsVersion::TLS_1_2:
-       opts |= SSL_OP_NO_TLSv1_1;
-@@ -170,8 +172,10 @@ TlsVersion TlsContext::min_version() const {
-       return TlsVersion::TLS_1_1;
-     case TLS1_2_VERSION:
-       return TlsVersion::TLS_1_2;
-+#ifdef TLS1_3_VERSION
-     case TLS1_3_VERSION:
-       return TlsVersion::TLS_1_3;
-+#endif
-     case 0:
-       return TlsVersion::AUTO;
-     default:
-@@ -230,7 +234,8 @@ TlsContext::InfoCallback TlsContext::info_callback() const {
- }
- 
- int TlsContext::security_level() const {
--#if OPENSSL_VERSION_NUMBER >= ROUTER_OPENSSL_VERSION(1, 1, 0)
-+#if OPENSSL_VERSION_NUMBER >= ROUTER_OPENSSL_VERSION(1, 1, 0) && \
-+    !defined(LIBRESSL_VERSION_NUMBER)
-   return SSL_CTX_get_security_level(ssl_ctx_.get());
- #else
-   return 0;
---- a/router/src/http/src/tls_server_context.cc
-+++ b/router/src/http/src/tls_server_context.cc
-@@ -166,7 +166,8 @@ void TlsServerContext::init_tmp_dh(const std::string &dh_params) {
-     }
- 
-   } else {
--#if OPENSSL_VERSION_NUMBER >= ROUTER_OPENSSL_VERSION(1, 1, 0)
-+#if OPENSSL_VERSION_NUMBER >= ROUTER_OPENSSL_VERSION(1, 1, 0) && \
-+    !defined(LIBRESSL_VERSION_NUMBER)
-     dh2048.reset(DH_get_2048_256());
- #else
-     /*
---- a/sql-common/client.cc
-+++ b/sql-common/client.cc
-@@ -7730,7 +7730,7 @@ int STDCALL mysql_options(MYSQL *mysql, enum mysql_option option,
- #endif
-       break;
-     case MYSQL_OPT_SSL_FIPS_MODE: {
--#if defined(HAVE_OPENSSL)
-+#if defined(HAVE_OPENSSL) && !defined(LIBRESSL_VERSION_NUMBER)
-       char ssl_err_string[OPENSSL_ERROR_LENGTH] = {'\0'};
-       ENSURE_EXTENSIONS_PRESENT(&mysql->options);
-       mysql->options.extension->ssl_fips_mode = *static_cast<const uint *>(arg);
---- a/sql/mysqld.cc
-+++ b/sql/mysqld.cc
-@@ -4818,7 +4818,7 @@ static int init_thread_environment() {
- 
- static PSI_memory_key key_memory_openssl = PSI_NOT_INSTRUMENTED;
- 
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- #define FILE_LINE_ARGS
- #else
- #define FILE_LINE_ARGS , const char *, int
-@@ -4854,12 +4854,14 @@ static void init_ssl() {
- }
- 
- static int init_ssl_communication() {
-+#ifndef LIBRESSL_VERSION_NUMBER
-   char ssl_err_string[OPENSSL_ERROR_LENGTH] = {'\0'};
-   int ret_fips_mode = set_fips_mode(opt_ssl_fips_mode, ssl_err_string);
-   if (ret_fips_mode != 1) {
-     LogErr(ERROR_LEVEL, ER_SSL_FIPS_MODE_ERROR, ssl_err_string);
-     return 1;
-   }
-+#endif
-   if (SslAcceptorContext::singleton_init(opt_use_ssl)) return 1;
- 
- #if OPENSSL_VERSION_NUMBER < 0x10100000L
---- a/sql/sys_vars.cc
-+++ b/sql/sys_vars.cc
-@@ -4417,6 +4417,7 @@ static Sys_var_ulong Sys_max_execution_time(
-     HINT_UPDATEABLE SESSION_VAR(max_execution_time), CMD_LINE(REQUIRED_ARG),
-     VALID_RANGE(0, ULONG_MAX), DEFAULT(0), BLOCK_SIZE(1));
- 
-+#ifndef LIBRESSL_VERSION_NUMBER
- static bool update_fips_mode(sys_var *, THD *, enum_var_type) {
-   char ssl_err_string[OPENSSL_ERROR_LENGTH] = {'\0'};
-   if (set_fips_mode(opt_ssl_fips_mode, ssl_err_string) != 1) {
-@@ -4427,15 +4428,30 @@ static bool update_fips_mode(sys_var *, THD *, enum_var_type) {
-     return false;
-   }
- }
-+#endif
- 
-+#if defined(LIBRESSL_VERSION_NUMBER)
-+static const char *ssl_fips_mode_names[] = {"OFF", 0};
-+#else
- static const char *ssl_fips_mode_names[] = {"OFF", "ON", "STRICT", 0};
-+#endif
- static Sys_var_enum Sys_ssl_fips_mode(
-     "ssl_fips_mode",
-     "SSL FIPS mode (applies only for OpenSSL); "
-+#ifndef LIBRESSL_VERSION_NUMBER
-     "permitted values are: OFF, ON, STRICT",
-+#else
-+    "permitted values are: OFF",
-+#endif
-     GLOBAL_VAR(opt_ssl_fips_mode), CMD_LINE(REQUIRED_ARG, OPT_SSL_FIPS_MODE),
-     ssl_fips_mode_names, DEFAULT(0), NO_MUTEX_GUARD, NOT_IN_BINLOG,
--    ON_CHECK(NULL), ON_UPDATE(update_fips_mode), NULL);
-+    ON_CHECK(NULL),
-+#ifndef LIBRESSL_VERSION_NUMBER
-+    ON_UPDATE(update_fips_mode),
-+#else
-+    ON_UPDATE(NULL),
-+#endif
-+    NULL);
- 
- #if defined(HAVE_OPENSSL)
- static Sys_var_bool Sys_auto_generate_certs(
---- a/vio/viossl.cc
-+++ b/vio/viossl.cc
-@@ -45,7 +45,7 @@
-   BIO_set_callback_ex was added in openSSL 1.1.1
-   For older openSSL, use the deprecated BIO_set_callback.
- */
--#if OPENSSL_VERSION_NUMBER >= 0x10101000L
-+#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
- #define HAVE_BIO_SET_CALLBACK_EX
- #endif
- 
-@@ -637,7 +637,7 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, long timeout,
- #if !defined(DBUG_OFF)
-     {
-       STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
--      ssl_comp_methods = SSL_COMP_get_compression_methods();
-+      ssl_comp_methods = (STACK_OF(SSL_COMP) *)SSL_COMP_get_compression_methods();
-       n = sk_SSL_COMP_num(ssl_comp_methods);
-       DBUG_PRINT("info", ("Available compression methods:\n"));
-       if (n == 0)
-@@ -645,7 +645,7 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, long timeout,
-       else
-         for (j = 0; j < n; j++) {
-           SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j);
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-           DBUG_PRINT("info", ("  %d: %s\n", c->id, c->name));
- #else  /* OPENSSL_VERSION_NUMBER < 0x10100000L */
-           DBUG_PRINT("info",
---- a/vio/viosslfactories.cc
-+++ b/vio/viosslfactories.cc
-@@ -420,6 +420,7 @@ void ssl_start() {
-   }
- }
- 
-+#ifndef LIBRESSL_VERSION_NUMBER
- /**
-   Set fips mode in openssl library,
-   When we set fips mode ON/STRICT, it will perform following operations:
-@@ -473,6 +474,7 @@ EXIT:
-   @returns openssl current fips mode
- */
- uint get_fips_mode() { return FIPS_mode(); }
-+#endif
- 
- long process_tls_version(const char *tls_version) {
-   const char *separator = ",";
diff --git a/dev-db/mysql-connector-c/files/mysql-connector-c-8.0.20-libressl.patch b/dev-db/mysql-connector-c/files/mysql-connector-c-8.0.20-libressl.patch
deleted file mode 100644
index 88f32419239a..000000000000
--- a/dev-db/mysql-connector-c/files/mysql-connector-c-8.0.20-libressl.patch
+++ /dev/null
@@ -1,332 +0,0 @@
-From 2108922a8292d74874ede834158c208d81c3cf76 Mon Sep 17 00:00:00 2001
-From: Thomas Deutschmann <whissi@gentoo.org>
-Date: Thu, 30 Apr 2020 20:01:48 +0200
-Subject: [PATCH 5/5] Add LibreSSL support
-
-Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
----
- cmake/ssl.cmake                               |  5 +++--
- mysys/my_md5.cc                               |  2 ++
- .../bindings/xcom/xcom/xcom_ssl_transport.c   |  6 +++++-
- plugin/x/client/xconnection_impl.cc           |  4 ++++
- router/src/http/src/tls_client_context.cc     |  2 +-
- router/src/http/src/tls_context.cc            |  9 ++++++--
- router/src/http/src/tls_server_context.cc     |  3 ++-
- sql-common/client.cc                          |  2 ++
- sql/mysqld.cc                                 |  4 +++-
- sql/sys_vars.cc                               | 21 +++++++++++++++++--
- vio/viossl.cc                                 |  8 +++----
- vio/viosslfactories.cc                        |  2 ++
- 12 files changed, 54 insertions(+), 14 deletions(-)
-
---- a/cmake/ssl.cmake
-+++ b/cmake/ssl.cmake
-@@ -222,13 +222,14 @@ MACRO (MYSQL_CHECK_SSL)
-         OPENSSL_FIX_VERSION "${OPENSSL_VERSION_NUMBER}"
-         )
-     ENDIF()
--    IF("${OPENSSL_MAJOR_VERSION}.${OPENSSL_MINOR_VERSION}.${OPENSSL_FIX_VERSION}" VERSION_GREATER "1.1.0")
-+    CHECK_SYMBOL_EXISTS(TLS1_3_VERSION "openssl/tls1.h" HAVE_TLS1_3_VERSION)
-+    IF(HAVE_TLS1_3_VERSION)
-        ADD_DEFINITIONS(-DHAVE_TLSv13)
-     ENDIF()
-     IF(OPENSSL_INCLUDE_DIR AND
-        OPENSSL_LIBRARY   AND
-        CRYPTO_LIBRARY      AND
--       OPENSSL_MAJOR_VERSION STREQUAL "1"
-+       OPENSSL_MAJOR_VERSION VERSION_GREATER_EQUAL "1"
-       )
-       SET(OPENSSL_FOUND TRUE)
-       FIND_PROGRAM(OPENSSL_EXECUTABLE openssl
---- a/mysys/my_md5.cc
-+++ b/mysys/my_md5.cc
-@@ -56,7 +56,9 @@ static void my_md5_hash(unsigned char *digest, unsigned const char *buf,
- int compute_md5_hash(char *digest, const char *buf, int len) {
-   int retval = 0;
-   int fips_mode = 0;
-+#ifndef LIBRESSL_VERSION_NUMBER
-   fips_mode = FIPS_mode();
-+#endif
-   /* If fips mode is ON/STRICT restricted method calls will result into abort,
-    * skipping call. */
-   if (fips_mode == 0) {
---- a/plugin/group_replication/libmysqlgcs/src/bindings/xcom/xcom/xcom_ssl_transport.c
-+++ b/plugin/group_replication/libmysqlgcs/src/bindings/xcom/xcom/xcom_ssl_transport.c
-@@ -329,6 +329,7 @@ error:
-   return 1;
- }
- 
-+#ifndef LIBRESSL_VERSION_NUMBER
- #define OPENSSL_ERROR_LENGTH 512
- static int configure_ssl_fips_mode(const uint fips_mode) {
-   int rc = -1;
-@@ -352,6 +353,7 @@ static int configure_ssl_fips_mode(const uint fips_mode) {
- EXIT:
-   return rc;
- }
-+#endif
- 
- static int configure_ssl_ca(SSL_CTX *ssl_ctx, const char *ca_file,
-                             const char *ca_path) {
-@@ -555,10 +557,12 @@ int xcom_init_ssl(const char *server_key_file, const char *server_cert_file,
-   int verify_server = SSL_VERIFY_NONE;
-   int verify_client = SSL_VERIFY_NONE;
- 
-+#ifndef LIBRESSL_VERSION_NUMBER
-   if (configure_ssl_fips_mode(ssl_fips_mode) != 1) {
-     G_ERROR("Error setting the ssl fips mode");
-     goto error;
-   }
-+#endif
- 
-   SSL_library_init();
-   SSL_load_error_strings();
-@@ -622,7 +626,7 @@ error:
- void xcom_cleanup_ssl() {
-   if (!xcom_use_ssl()) return;
- 
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-   ERR_remove_thread_state(0);
- #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
- }
---- a/plugin/x/client/xconnection_impl.cc
-+++ b/plugin/x/client/xconnection_impl.cc
-@@ -511,6 +511,7 @@ XError Connection_impl::get_ssl_error(const int error_id) {
-   return XError(CR_SSL_CONNECTION_ERROR, buffer);
- }
- 
-+#ifndef LIBRESSL_VERSION_NUMBER
- /**
-   Set fips mode in openssl library,
-   When we set fips mode ON/STRICT, it will perform following operations:
-@@ -550,6 +551,7 @@ int set_fips_mode(const uint32_t fips_mode,
- EXIT:
-   return rc;
- }
-+#endif
- 
- XError Connection_impl::activate_tls() {
-   if (nullptr == m_vio) return get_socket_error(SOCKET_ECONNRESET);
-@@ -560,12 +562,14 @@ XError Connection_impl::activate_tls() {
-   if (!m_context->m_ssl_config.is_configured())
-     return XError{CR_SSL_CONNECTION_ERROR, ER_TEXT_TLS_NOT_CONFIGURATED, true};
- 
-+#ifndef LIBRESSL_VERSION_NUMBER
-   char err_string[OPENSSL_ERROR_LENGTH] = {'\0'};
-   if (set_fips_mode(
-           static_cast<uint32_t>(m_context->m_ssl_config.m_ssl_fips_mode),
-           err_string) != 1) {
-     return XError{CR_SSL_CONNECTION_ERROR, err_string, true};
-   }
-+#endif
-   auto ssl_ctx_flags = process_tls_version(
-       details::null_when_empty(m_context->m_ssl_config.m_tls_version));
- 
---- a/router/src/http/src/tls_client_context.cc
-+++ b/router/src/http/src/tls_client_context.cc
-@@ -54,7 +54,7 @@ void TlsClientContext::verify(TlsVerify verify) {
- 
- void TlsClientContext::cipher_suites(const std::string &ciphers) {
- // TLSv1.3 ciphers are controlled via SSL_CTX_set_ciphersuites()
--#if OPENSSL_VERSION_NUMBER >= ROUTER_OPENSSL_VERSION(1, 1, 1)
-+#ifdef TLS1_3_VERSION
-   if (1 != SSL_CTX_set_ciphersuites(ssl_ctx_.get(), ciphers.c_str())) {
-     throw TlsError("set-cipher-suites");
-   }
---- a/router/src/http/src/tls_context.cc
-+++ b/router/src/http/src/tls_context.cc
-@@ -91,7 +91,7 @@ static int o11x_version(TlsVersion version) {
-       return TLS1_1_VERSION;
-     case TlsVersion::TLS_1_2:
-       return TLS1_2_VERSION;
--#if OPENSSL_VERSION_NUMBER >= ROUTER_OPENSSL_VERSION(1, 1, 1)
-+#ifdef TLS1_3_VERSION
-     case TlsVersion::TLS_1_3:
-       return TLS1_3_VERSION;
- #endif
-@@ -120,9 +120,11 @@ void TlsContext::version_range(TlsVersion min_version, TlsVersion max_version) {
-   switch (min_version) {
-     default:
-       // unknown, leave all disabled
-+#ifdef TLS1_3_VERSION
-       // fallthrough
-     case TlsVersion::TLS_1_3:
-       opts |= SSL_OP_NO_TLSv1_2;
-+#endif
-       // fallthrough
-     case TlsVersion::TLS_1_2:
-       opts |= SSL_OP_NO_TLSv1_1;
-@@ -170,8 +172,10 @@ TlsVersion TlsContext::min_version() const {
-       return TlsVersion::TLS_1_1;
-     case TLS1_2_VERSION:
-       return TlsVersion::TLS_1_2;
-+#ifdef TLS1_3_VERSION
-     case TLS1_3_VERSION:
-       return TlsVersion::TLS_1_3;
-+#endif
-     case 0:
-       return TlsVersion::AUTO;
-     default:
-@@ -230,7 +234,8 @@ TlsContext::InfoCallback TlsContext::info_callback() const {
- }
- 
- int TlsContext::security_level() const {
--#if OPENSSL_VERSION_NUMBER >= ROUTER_OPENSSL_VERSION(1, 1, 0)
-+#if OPENSSL_VERSION_NUMBER >= ROUTER_OPENSSL_VERSION(1, 1, 0) && \
-+    !defined(LIBRESSL_VERSION_NUMBER)
-   return SSL_CTX_get_security_level(ssl_ctx_.get());
- #else
-   return 0;
---- a/router/src/http/src/tls_server_context.cc
-+++ b/router/src/http/src/tls_server_context.cc
-@@ -167,7 +167,8 @@ void TlsServerContext::init_tmp_dh(const std::string &dh_params) {
-     }
- 
-   } else {
--#if OPENSSL_VERSION_NUMBER >= ROUTER_OPENSSL_VERSION(1, 1, 0)
-+#if OPENSSL_VERSION_NUMBER >= ROUTER_OPENSSL_VERSION(1, 1, 0) && \
-+    !defined(LIBRESSL_VERSION_NUMBER)
-     dh2048.reset(DH_get_2048_256());
- #else
-     /*
---- a/sql-common/client.cc
-+++ b/sql-common/client.cc
-@@ -7752,6 +7752,7 @@ int STDCALL mysql_options(MYSQL *mysql, enum mysql_option option,
-         return 1;
-       break;
-     case MYSQL_OPT_SSL_FIPS_MODE: {
-+#if !defined(LIBRESSL_VERSION_NUMBER)
-       char ssl_err_string[OPENSSL_ERROR_LENGTH] = {'\0'};
-       ENSURE_EXTENSIONS_PRESENT(&mysql->options);
-       mysql->options.extension->ssl_fips_mode = *static_cast<const uint *>(arg);
-@@ -7763,6 +7764,7 @@ int STDCALL mysql_options(MYSQL *mysql, enum mysql_option option,
-             "Set Fips mode ON/STRICT failed, detail: '%s'.", ssl_err_string);
-         return 1;
-       }
-+#endif
-     } break;
-     case MYSQL_OPT_SSL_MODE:
-       ENSURE_EXTENSIONS_PRESENT(&mysql->options);
---- a/sql/mysqld.cc
-+++ b/sql/mysqld.cc
-@@ -4857,7 +4857,7 @@ static int init_thread_environment() {
- 
- static PSI_memory_key key_memory_openssl = PSI_NOT_INSTRUMENTED;
- 
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- #define FILE_LINE_ARGS
- #else
- #define FILE_LINE_ARGS , const char *, int
-@@ -4891,12 +4891,14 @@ static void init_ssl() {
- }
- 
- static int init_ssl_communication() {
-+#ifndef LIBRESSL_VERSION_NUMBER
-   char ssl_err_string[OPENSSL_ERROR_LENGTH] = {'\0'};
-   int ret_fips_mode = set_fips_mode(opt_ssl_fips_mode, ssl_err_string);
-   if (ret_fips_mode != 1) {
-     LogErr(ERROR_LEVEL, ER_SSL_FIPS_MODE_ERROR, ssl_err_string);
-     return 1;
-   }
-+#endif
-   if (SslAcceptorContext::singleton_init(opt_use_ssl)) return 1;
- 
- #if OPENSSL_VERSION_NUMBER < 0x10100000L
---- a/sql/sys_vars.cc
-+++ b/sql/sys_vars.cc
-@@ -4459,6 +4459,7 @@ static Sys_var_ulong Sys_max_execution_time(
-     HINT_UPDATEABLE SESSION_VAR(max_execution_time), CMD_LINE(REQUIRED_ARG),
-     VALID_RANGE(0, ULONG_MAX), DEFAULT(0), BLOCK_SIZE(1));
- 
-+#ifndef LIBRESSL_VERSION_NUMBER
- static bool update_fips_mode(sys_var *, THD *, enum_var_type) {
-   char ssl_err_string[OPENSSL_ERROR_LENGTH] = {'\0'};
-   if (set_fips_mode(opt_ssl_fips_mode, ssl_err_string) != 1) {
-@@ -4469,15 +4470,31 @@ static bool update_fips_mode(sys_var *, THD *, enum_var_type) {
-     return false;
-   }
- }
-+#endif
-+
-+#if defined(LIBRESSL_VERSION_NUMBER)
-+static const char *ssl_fips_mode_names[] = {"OFF", 0};
-+#else
-+static const char *ssl_fips_mode_names[] = {"OFF", "ON", "STRICT", 0};
-+#endif
- 
--static const char *ssl_fips_mode_names[] = {"OFF", "ON", "STRICT", nullptr};
- static Sys_var_enum Sys_ssl_fips_mode(
-     "ssl_fips_mode",
-     "SSL FIPS mode (applies only for OpenSSL); "
-+#ifndef LIBRESSL_VERSION_NUMBER
-     "permitted values are: OFF, ON, STRICT",
-+#else
-+    "permitted values are: OFF",
-+#endif
-     GLOBAL_VAR(opt_ssl_fips_mode), CMD_LINE(REQUIRED_ARG, OPT_SSL_FIPS_MODE),
-     ssl_fips_mode_names, DEFAULT(0), NO_MUTEX_GUARD, NOT_IN_BINLOG,
--    ON_CHECK(nullptr), ON_UPDATE(update_fips_mode), nullptr);
-+    ON_CHECK(NULL),
-+#ifndef LIBRESSL_VERSION_NUMBER
-+    ON_UPDATE(update_fips_mode),
-+#else
-+    ON_UPDATE(NULL),
-+#endif
-+    NULL);
- 
- static Sys_var_bool Sys_auto_generate_certs(
-     "auto_generate_certs",
---- a/vio/viossl.cc
-+++ b/vio/viossl.cc
-@@ -45,7 +45,7 @@
-   BIO_set_callback_ex was added in openSSL 1.1.1
-   For older openSSL, use the deprecated BIO_set_callback.
- */
--#if OPENSSL_VERSION_NUMBER >= 0x10101000L
-+#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
- #define HAVE_BIO_SET_CALLBACK_EX
- #endif
- 
-@@ -634,8 +634,8 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, long timeout,
- 
- #if !defined(DBUG_OFF)
-     {
--      STACK_OF(SSL_COMP) *ssl_comp_methods = nullptr;
--      ssl_comp_methods = SSL_COMP_get_compression_methods();
-+      STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
-+      ssl_comp_methods = (STACK_OF(SSL_COMP) *)SSL_COMP_get_compression_methods();
-       n = sk_SSL_COMP_num(ssl_comp_methods);
-       DBUG_PRINT("info", ("Available compression methods:\n"));
-       if (n == 0)
-@@ -643,7 +643,7 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, long timeout,
-       else
-         for (j = 0; j < n; j++) {
-           SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j);
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-           DBUG_PRINT("info", ("  %d: %s\n", c->id, c->name));
- #else  /* OPENSSL_VERSION_NUMBER < 0x10100000L */
-           DBUG_PRINT("info",
---- a/vio/viosslfactories.cc
-+++ b/vio/viosslfactories.cc
-@@ -472,6 +472,7 @@ void ssl_start() {
-   }
- }
- 
-+#ifndef LIBRESSL_VERSION_NUMBER
- /**
-   Set fips mode in openssl library,
-   When we set fips mode ON/STRICT, it will perform following operations:
-@@ -525,6 +526,7 @@ EXIT:
-   @returns openssl current fips mode
- */
- uint get_fips_mode() { return FIPS_mode(); }
-+#endif
- 
- long process_tls_version(const char *tls_version) {
-   const char *separator = ",";
--- 
-2.26.2
-
diff --git a/dev-db/mysql-connector-c/files/mysql-connector-c-8.0.21-libressl.patch b/dev-db/mysql-connector-c/files/mysql-connector-c-8.0.21-libressl.patch
new file mode 100644
index 000000000000..78f3e78fd6d4
--- /dev/null
+++ b/dev-db/mysql-connector-c/files/mysql-connector-c-8.0.21-libressl.patch
@@ -0,0 +1,356 @@
+From 4aadff7b08f6a69160a44c1742d5a12fb5abc059 Mon Sep 17 00:00:00 2001
+From: Thomas Deutschmann <whissi@gentoo.org>
+Date: Thu, 30 Apr 2020 20:01:48 +0200
+Subject: [PATCH 5/5] Add LibreSSL support
+
+Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
+---
+ cmake/ssl.cmake                               |  5 +++--
+ mysys/my_md5.cc                               |  2 ++
+ .../bindings/xcom/xcom/xcom_ssl_transport.cc  |  6 +++++-
+ plugin/x/client/xconnection_impl.cc           |  4 ++++
+ router/src/http/src/tls_client_context.cc     |  2 +-
+ router/src/http/src/tls_context.cc            |  9 ++++++--
+ router/src/http/src/tls_server_context.cc     |  3 ++-
+ sql-common/client.cc                          |  2 ++
+ sql/mysqld.cc                                 |  4 +++-
+ sql/sys_vars.cc                               | 21 +++++++++++++++++--
+ vio/viossl.cc                                 |  8 +++----
+ vio/viosslfactories.cc                        |  2 ++
+ 12 files changed, 54 insertions(+), 14 deletions(-)
+
+diff --git a/cmake/ssl.cmake b/cmake/ssl.cmake
+index 52feadeaa..3b8332695 100644
+--- a/cmake/ssl.cmake
++++ b/cmake/ssl.cmake
+@@ -222,13 +222,14 @@ MACRO (MYSQL_CHECK_SSL)
+         OPENSSL_FIX_VERSION "${OPENSSL_VERSION_NUMBER}"
+         )
+     ENDIF()
+-    IF("${OPENSSL_MAJOR_VERSION}.${OPENSSL_MINOR_VERSION}.${OPENSSL_FIX_VERSION}" VERSION_GREATER "1.1.0")
++    CHECK_SYMBOL_EXISTS(TLS1_3_VERSION "openssl/tls1.h" HAVE_TLS1_3_VERSION)
++    IF(HAVE_TLS1_3_VERSION)
+        ADD_DEFINITIONS(-DHAVE_TLSv13)
+     ENDIF()
+     IF(OPENSSL_INCLUDE_DIR AND
+        OPENSSL_LIBRARY   AND
+        CRYPTO_LIBRARY      AND
+-       OPENSSL_MAJOR_VERSION STREQUAL "1"
++       OPENSSL_MAJOR_VERSION VERSION_GREATER_EQUAL "1"
+       )
+       SET(OPENSSL_FOUND TRUE)
+       FIND_PROGRAM(OPENSSL_EXECUTABLE openssl
+diff --git a/mysys/my_md5.cc b/mysys/my_md5.cc
+index dea997b25..531696329 100644
+--- a/mysys/my_md5.cc
++++ b/mysys/my_md5.cc
+@@ -56,7 +56,9 @@ static void my_md5_hash(unsigned char *digest, unsigned const char *buf,
+ int compute_md5_hash(char *digest, const char *buf, int len) {
+   int retval = 0;
+   int fips_mode = 0;
++#ifndef LIBRESSL_VERSION_NUMBER
+   fips_mode = FIPS_mode();
++#endif
+   /* If fips mode is ON/STRICT restricted method calls will result into abort,
+    * skipping call. */
+   if (fips_mode == 0) {
+diff --git a/plugin/group_replication/libmysqlgcs/src/bindings/xcom/xcom/xcom_ssl_transport.cc b/plugin/group_replication/libmysqlgcs/src/bindings/xcom/xcom/xcom_ssl_transport.cc
+index 8bf63ce14..02f91b44e 100644
+--- a/plugin/group_replication/libmysqlgcs/src/bindings/xcom/xcom/xcom_ssl_transport.cc
++++ b/plugin/group_replication/libmysqlgcs/src/bindings/xcom/xcom/xcom_ssl_transport.cc
+@@ -325,6 +325,7 @@ error:
+   return 1;
+ }
+ 
++#ifndef LIBRESSL_VERSION_NUMBER
+ #define OPENSSL_ERROR_LENGTH 512
+ static int configure_ssl_fips_mode(const uint fips_mode) {
+   int rc = -1;
+@@ -348,6 +349,7 @@ static int configure_ssl_fips_mode(const uint fips_mode) {
+ EXIT:
+   return rc;
+ }
++#endif
+ 
+ static int configure_ssl_ca(SSL_CTX *ssl_ctx, const char *ca_file,
+                             const char *ca_path) {
+@@ -544,10 +546,12 @@ int xcom_init_ssl(const char *server_key_file, const char *server_cert_file,
+   int verify_server = SSL_VERIFY_NONE;
+   int verify_client = SSL_VERIFY_NONE;
+ 
++#ifndef LIBRESSL_VERSION_NUMBER
+   if (configure_ssl_fips_mode(ssl_fips_mode) != 1) {
+     G_ERROR("Error setting the ssl fips mode");
+     goto error;
+   }
++#endif
+ 
+   SSL_library_init();
+   SSL_load_error_strings();
+@@ -611,7 +615,7 @@ error:
+ void xcom_cleanup_ssl() {
+   if (!xcom_use_ssl()) return;
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+   ERR_remove_thread_state(0);
+ #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+ }
+diff --git a/plugin/x/client/xconnection_impl.cc b/plugin/x/client/xconnection_impl.cc
+index 13bc6794e..5223169db 100644
+--- a/plugin/x/client/xconnection_impl.cc
++++ b/plugin/x/client/xconnection_impl.cc
+@@ -498,6 +498,7 @@ XError Connection_impl::get_ssl_error(const int error_id) {
+   return XError(CR_SSL_CONNECTION_ERROR, buffer);
+ }
+ 
++#ifndef LIBRESSL_VERSION_NUMBER
+ /**
+   Set fips mode in openssl library,
+   When we set fips mode ON/STRICT, it will perform following operations:
+@@ -537,6 +538,7 @@ int set_fips_mode(const uint32_t fips_mode,
+ EXIT:
+   return rc;
+ }
++#endif
+ 
+ XError Connection_impl::activate_tls() {
+   if (nullptr == m_vio) return get_socket_error(SOCKET_ECONNRESET);
+@@ -547,12 +549,14 @@ XError Connection_impl::activate_tls() {
+   if (!m_context->m_ssl_config.is_configured())
+     return XError{CR_SSL_CONNECTION_ERROR, ER_TEXT_TLS_NOT_CONFIGURATED, true};
+ 
++#ifndef LIBRESSL_VERSION_NUMBER
+   char err_string[OPENSSL_ERROR_LENGTH] = {'\0'};
+   if (set_fips_mode(
+           static_cast<uint32_t>(m_context->m_ssl_config.m_ssl_fips_mode),
+           err_string) != 1) {
+     return XError{CR_SSL_CONNECTION_ERROR, err_string, true};
+   }
++#endif
+   auto ssl_ctx_flags = process_tls_version(
+       details::null_when_empty(m_context->m_ssl_config.m_tls_version));
+ 
+diff --git a/router/src/http/src/tls_client_context.cc b/router/src/http/src/tls_client_context.cc
+index 297ceee30..7c1157289 100644
+--- a/router/src/http/src/tls_client_context.cc
++++ b/router/src/http/src/tls_client_context.cc
+@@ -54,7 +54,7 @@ void TlsClientContext::verify(TlsVerify verify) {
+ 
+ void TlsClientContext::cipher_suites(const std::string &ciphers) {
+ // TLSv1.3 ciphers are controlled via SSL_CTX_set_ciphersuites()
+-#if OPENSSL_VERSION_NUMBER >= ROUTER_OPENSSL_VERSION(1, 1, 1)
++#ifdef TLS1_3_VERSION
+   if (1 != SSL_CTX_set_ciphersuites(ssl_ctx_.get(), ciphers.c_str())) {
+     throw TlsError("set-cipher-suites");
+   }
+diff --git a/router/src/http/src/tls_context.cc b/router/src/http/src/tls_context.cc
+index 60ed7e6ca..388ef8f28 100644
+--- a/router/src/http/src/tls_context.cc
++++ b/router/src/http/src/tls_context.cc
+@@ -91,7 +91,7 @@ static int o11x_version(TlsVersion version) {
+       return TLS1_1_VERSION;
+     case TlsVersion::TLS_1_2:
+       return TLS1_2_VERSION;
+-#if OPENSSL_VERSION_NUMBER >= ROUTER_OPENSSL_VERSION(1, 1, 1)
++#ifdef TLS1_3_VERSION
+     case TlsVersion::TLS_1_3:
+       return TLS1_3_VERSION;
+ #endif
+@@ -120,9 +120,11 @@ void TlsContext::version_range(TlsVersion min_version, TlsVersion max_version) {
+   switch (min_version) {
+     default:
+       // unknown, leave all disabled
++#ifdef TLS1_3_VERSION
+       // fallthrough
+     case TlsVersion::TLS_1_3:
+       opts |= SSL_OP_NO_TLSv1_2;
++#endif
+       // fallthrough
+     case TlsVersion::TLS_1_2:
+       opts |= SSL_OP_NO_TLSv1_1;
+@@ -170,8 +172,10 @@ TlsVersion TlsContext::min_version() const {
+       return TlsVersion::TLS_1_1;
+     case TLS1_2_VERSION:
+       return TlsVersion::TLS_1_2;
++#ifdef TLS1_3_VERSION
+     case TLS1_3_VERSION:
+       return TlsVersion::TLS_1_3;
++#endif
+     case 0:
+       return TlsVersion::AUTO;
+     default:
+@@ -230,7 +234,8 @@ TlsContext::InfoCallback TlsContext::info_callback() const {
+ }
+ 
+ int TlsContext::security_level() const {
+-#if OPENSSL_VERSION_NUMBER >= ROUTER_OPENSSL_VERSION(1, 1, 0)
++#if OPENSSL_VERSION_NUMBER >= ROUTER_OPENSSL_VERSION(1, 1, 0) && \
++    !defined(LIBRESSL_VERSION_NUMBER)
+   return SSL_CTX_get_security_level(ssl_ctx_.get());
+ #else
+   return 0;
+diff --git a/router/src/http/src/tls_server_context.cc b/router/src/http/src/tls_server_context.cc
+index 0f4472419..707d7de86 100644
+--- a/router/src/http/src/tls_server_context.cc
++++ b/router/src/http/src/tls_server_context.cc
+@@ -167,7 +167,8 @@ void TlsServerContext::init_tmp_dh(const std::string &dh_params) {
+     }
+ 
+   } else {
+-#if OPENSSL_VERSION_NUMBER >= ROUTER_OPENSSL_VERSION(1, 1, 0)
++#if OPENSSL_VERSION_NUMBER >= ROUTER_OPENSSL_VERSION(1, 1, 0) && \
++    !defined(LIBRESSL_VERSION_NUMBER)
+     dh2048.reset(DH_get_2048_256());
+ #else
+     /*
+diff --git a/sql-common/client.cc b/sql-common/client.cc
+index ffb136b5b..8a0c7b834 100644
+--- a/sql-common/client.cc
++++ b/sql-common/client.cc
+@@ -7766,6 +7766,7 @@ int STDCALL mysql_options(MYSQL *mysql, enum mysql_option option,
+         return 1;
+       break;
+     case MYSQL_OPT_SSL_FIPS_MODE: {
++#if !defined(LIBRESSL_VERSION_NUMBER)
+       char ssl_err_string[OPENSSL_ERROR_LENGTH] = {'\0'};
+       ENSURE_EXTENSIONS_PRESENT(&mysql->options);
+       mysql->options.extension->ssl_fips_mode = *static_cast<const uint *>(arg);
+@@ -7777,6 +7778,7 @@ int STDCALL mysql_options(MYSQL *mysql, enum mysql_option option,
+             "Set Fips mode ON/STRICT failed, detail: '%s'.", ssl_err_string);
+         return 1;
+       }
++#endif
+     } break;
+     case MYSQL_OPT_SSL_MODE:
+       ENSURE_EXTENSIONS_PRESENT(&mysql->options);
+diff --git a/sql/mysqld.cc b/sql/mysqld.cc
+index 682e8d5ae..96a922d7a 100644
+--- a/sql/mysqld.cc
++++ b/sql/mysqld.cc
+@@ -5109,7 +5109,7 @@ static int init_thread_environment() {
+ 
+ static PSI_memory_key key_memory_openssl = PSI_NOT_INSTRUMENTED;
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ #define FILE_LINE_ARGS
+ #else
+ #define FILE_LINE_ARGS , const char *, int
+@@ -5143,12 +5143,14 @@ static void init_ssl() {
+ }
+ 
+ static int init_ssl_communication() {
++#ifndef LIBRESSL_VERSION_NUMBER
+   char ssl_err_string[OPENSSL_ERROR_LENGTH] = {'\0'};
+   int ret_fips_mode = set_fips_mode(opt_ssl_fips_mode, ssl_err_string);
+   if (ret_fips_mode != 1) {
+     LogErr(ERROR_LEVEL, ER_SSL_FIPS_MODE_ERROR, ssl_err_string);
+     return 1;
+   }
++#endif
+   if (TLS_channel::singleton_init(&mysql_main, mysql_main_channel, opt_use_ssl,
+                                   &server_main_callback, opt_initialize))
+     return 1;
+diff --git a/sql/sys_vars.cc b/sql/sys_vars.cc
+index 5b1a82d2f..4e2dff865 100644
+--- a/sql/sys_vars.cc
++++ b/sql/sys_vars.cc
+@@ -4474,6 +4474,7 @@ static Sys_var_ulong Sys_max_execution_time(
+     HINT_UPDATEABLE SESSION_VAR(max_execution_time), CMD_LINE(REQUIRED_ARG),
+     VALID_RANGE(0, ULONG_MAX), DEFAULT(0), BLOCK_SIZE(1));
+ 
++#ifndef LIBRESSL_VERSION_NUMBER
+ static bool update_fips_mode(sys_var *, THD *, enum_var_type) {
+   char ssl_err_string[OPENSSL_ERROR_LENGTH] = {'\0'};
+   if (set_fips_mode(opt_ssl_fips_mode, ssl_err_string) != 1) {
+@@ -4484,15 +4485,31 @@ static bool update_fips_mode(sys_var *, THD *, enum_var_type) {
+     return false;
+   }
+ }
++#endif
++
++#if defined(LIBRESSL_VERSION_NUMBER)
++static const char *ssl_fips_mode_names[] = {"OFF", 0};
++#else
++static const char *ssl_fips_mode_names[] = {"OFF", "ON", "STRICT", 0};
++#endif
+ 
+-static const char *ssl_fips_mode_names[] = {"OFF", "ON", "STRICT", nullptr};
+ static Sys_var_enum Sys_ssl_fips_mode(
+     "ssl_fips_mode",
+     "SSL FIPS mode (applies only for OpenSSL); "
++#ifndef LIBRESSL_VERSION_NUMBER
+     "permitted values are: OFF, ON, STRICT",
++#else
++    "permitted values are: OFF",
++#endif
+     GLOBAL_VAR(opt_ssl_fips_mode), CMD_LINE(REQUIRED_ARG, OPT_SSL_FIPS_MODE),
+     ssl_fips_mode_names, DEFAULT(0), NO_MUTEX_GUARD, NOT_IN_BINLOG,
+-    ON_CHECK(nullptr), ON_UPDATE(update_fips_mode), nullptr);
++    ON_CHECK(NULL),
++#ifndef LIBRESSL_VERSION_NUMBER
++    ON_UPDATE(update_fips_mode),
++#else
++    ON_UPDATE(NULL),
++#endif
++    NULL);
+ 
+ static Sys_var_bool Sys_auto_generate_certs(
+     "auto_generate_certs",
+diff --git a/vio/viossl.cc b/vio/viossl.cc
+index 0e9594741..3a589c64b 100644
+--- a/vio/viossl.cc
++++ b/vio/viossl.cc
+@@ -45,7 +45,7 @@
+   BIO_set_callback_ex was added in openSSL 1.1.1
+   For older openSSL, use the deprecated BIO_set_callback.
+ */
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
+ #define HAVE_BIO_SET_CALLBACK_EX
+ #endif
+ 
+@@ -634,8 +634,8 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, long timeout,
+ 
+ #if !defined(DBUG_OFF)
+     {
+-      STACK_OF(SSL_COMP) *ssl_comp_methods = nullptr;
+-      ssl_comp_methods = SSL_COMP_get_compression_methods();
++      STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
++      ssl_comp_methods = (STACK_OF(SSL_COMP) *)SSL_COMP_get_compression_methods();
+       n = sk_SSL_COMP_num(ssl_comp_methods);
+       DBUG_PRINT("info", ("Available compression methods:\n"));
+       if (n == 0)
+@@ -643,7 +643,7 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, long timeout,
+       else
+         for (j = 0; j < n; j++) {
+           SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+           DBUG_PRINT("info", ("  %d: %s\n", c->id, c->name));
+ #else  /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+           DBUG_PRINT("info",
+diff --git a/vio/viosslfactories.cc b/vio/viosslfactories.cc
+index 6c04029cc..f27221463 100644
+--- a/vio/viosslfactories.cc
++++ b/vio/viosslfactories.cc
+@@ -473,6 +473,7 @@ void ssl_start() {
+   }
+ }
+ 
++#ifndef LIBRESSL_VERSION_NUMBER
+ /**
+   Set fips mode in openssl library,
+   When we set fips mode ON/STRICT, it will perform following operations:
+@@ -526,6 +527,7 @@ EXIT:
+   @returns openssl current fips mode
+ */
+ uint get_fips_mode() { return FIPS_mode(); }
++#endif
+ 
+ long process_tls_version(const char *tls_version) {
+   const char *separator = ",";
+-- 
+2.27.0
+
diff --git a/dev-db/mysql-connector-c/files/mysql-connector-c-8.0.21-survive-malformed-charset-files.patch b/dev-db/mysql-connector-c/files/mysql-connector-c-8.0.21-survive-malformed-charset-files.patch
new file mode 100644
index 000000000000..72799f009c89
--- /dev/null
+++ b/dev-db/mysql-connector-c/files/mysql-connector-c-8.0.21-survive-malformed-charset-files.patch
@@ -0,0 +1,18 @@
+Description: don't crash on malformed charset files
+Origin: https://bugs.launchpad.net/ubuntu/+source/mysql-8.0/+bug/1877504/comments/19
+Bug: https://bugs.launchpad.net/ubuntu/+source/mysql-8.0/+bug/1884809
+Bug: https://bugs.gentoo.org/737002
+Forwarded: workaround, not needed
+
+--- a/mysys/charset.cc
++++ b/mysys/charset.cc
+@@ -922,7 +922,7 @@ size_t escape_quotes_for_mysql(CHARSET_I
+ 
+ void charset_uninit() {
+   for (CHARSET_INFO *cs : all_charsets) {
+-    if (cs && cs->coll->uninit) {
++    if (cs && cs->coll && cs->coll->uninit) {
+       cs->coll->uninit(cs);
+     }
+   }
+ 
diff --git a/dev-db/mysql-connector-c/files/mysql_com.patch b/dev-db/mysql-connector-c/files/mysql_com.patch
deleted file mode 100644
index 36a7d5a23791..000000000000
--- a/dev-db/mysql-connector-c/files/mysql_com.patch
+++ /dev/null
@@ -1,31 +0,0 @@
---- a/include/mysql_com.h	2014-06-10 23:10:43.000000000 -0400
-+++ b/include/mysql_com.h	2015-08-11 15:20:54.487091000 -0400
-@@ -179,7 +171,7 @@
- #define CLIENT_IGNORE_SIGPIPE   4096    /* IGNORE sigpipes */
- #define CLIENT_TRANSACTIONS	8192	/* Client knows about transactions */
- #define CLIENT_RESERVED         16384   /* Old flag for 4.1 protocol  */
--#define CLIENT_RESERVED2        32768   /* Old flag for 4.1 authentication */
-+#define CLIENT_SECURE_CONNECTION 32768  /* New 4.1 authentication */
- #define CLIENT_MULTI_STATEMENTS (1UL << 16) /* Enable/disable multi-stmt support */
- #define CLIENT_MULTI_RESULTS    (1UL << 17) /* Enable/disable multi-results */
- #define CLIENT_PS_MULTI_RESULTS (1UL << 18) /* Multi-results in PS-protocol */
-@@ -226,7 +216,7 @@
-                            | CLIENT_IGNORE_SIGPIPE \
-                            | CLIENT_TRANSACTIONS \
-                            | CLIENT_RESERVED \
--                           | CLIENT_RESERVED2 \
-+                           | CLIENT_SECURE_CONNECTION \
-                            | CLIENT_MULTI_STATEMENTS \
-                            | CLIENT_MULTI_RESULTS \
-                            | CLIENT_PS_MULTI_RESULTS \
---- a/libmysql/client_settings.h	2015-02-25 16:09:49.000000000 -0500
-+++ b/libmysql/client_settings.h	2015-08-11 15:44:10.804091000 -0400
-@@ -31,7 +31,7 @@
-                              CLIENT_LONG_FLAG |     \
-                              CLIENT_TRANSACTIONS |  \
-                              CLIENT_PROTOCOL_41 | \
--                             CLIENT_RESERVED2 | \
-+                             CLIENT_SECURE_CONNECTION | \
-                              CLIENT_MULTI_RESULTS | \
-                              CLIENT_PS_MULTI_RESULTS | \
-                              CLIENT_PLUGIN_AUTH | \
diff --git a/dev-db/mysql-connector-c/mysql-connector-c-6.1.11-r2.ebuild b/dev-db/mysql-connector-c/mysql-connector-c-6.1.11-r2.ebuild
deleted file mode 100644
index 90eb839cd3e1..000000000000
--- a/dev-db/mysql-connector-c/mysql-connector-c-6.1.11-r2.ebuild
+++ /dev/null
@@ -1,83 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit cmake-multilib
-
-MULTILIB_WRAPPED_HEADERS+=(
-	/usr/include/mysql/my_config.h
-)
-
-# wrap the config script
-MULTILIB_CHOST_TOOLS=( /usr/bin/mysql_config )
-
-DESCRIPTION="C client library for MariaDB/MySQL"
-HOMEPAGE="https://dev.mysql.com/downloads/connector/c/"
-LICENSE="GPL-2"
-
-SRC_URI="https://dev.mysql.com/get/Downloads/Connector-C/${P}-src.tar.gz"
-S="${WORKDIR}/${P}-src"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~mips ppc ppc64 s390 sparc x86"
-
-SUBSLOT="18"
-SLOT="0/${SUBSLOT}"
-IUSE="libressl static-libs"
-
-CDEPEND="
-	sys-libs/zlib:=[${MULTILIB_USEDEP}]
-	libressl? ( dev-libs/libressl:0=[${MULTILIB_USEDEP}] )
-	!libressl? ( dev-libs/openssl:0=[${MULTILIB_USEDEP}] )
-	"
-RDEPEND="${CDEPEND}
-	!dev-db/mariadb-connector-c[mysqlcompat]
-	"
-DEPEND="${CDEPEND}"
-
-DOCS=( README )
-PATCHES=(
-	"${FILESDIR}/mysql_com.patch"
-	"${FILESDIR}/20028_all_mysql-5.6-gcc7.patch"
-	"${FILESDIR}/6.1.11-openssl-1.1.patch"
-)
-
-src_prepare() {
-	sed -i -e 's/CLIENT_LIBS/CONFIG_CLIENT_LIBS/' "${S}/scripts/CMakeLists.txt" || die
-	if use libressl ; then
-		sed -i 's/OPENSSL_MAJOR_VERSION STREQUAL "1"/OPENSSL_MAJOR_VERSION STREQUAL "2"/' \
-			"${S}/cmake/ssl.cmake" || die
-	fi
-	cmake-utils_src_prepare
-}
-
-multilib_src_configure() {
-	local mycmakeargs=(
-		-DINSTALL_LAYOUT=RPM
-		-DINSTALL_LIBDIR=$(get_libdir)
-		-DWITH_DEFAULT_COMPILER_OPTIONS=OFF
-		-DWITH_DEFAULT_FEATURE_SET=OFF
-		-DENABLED_LOCAL_INFILE=ON
-		-DMYSQL_UNIX_ADDR="${EPREFIX}/var/run/mysqld/mysqld.sock"
-		-DWITH_ZLIB=system
-		-DENABLE_DTRACE=OFF
-		-DWITH_SSL=system
-		-DLIBMYSQL_OS_OUTPUT_NAME=mysqlclient
-		-DSHARED_LIB_PATCH_VERSION="0"
-	)
-	cmake-utils_src_configure
-}
-
-multilib_src_install_all() {
-	if ! use static-libs ; then
-		find "${ED}" -name "*.a" -delete || die
-	fi
-}
-
-pkg_preinst() {
-	if [[ -z ${REPLACING_VERSIONS} && -e "${EROOT}/usr/$(get_libdir)/libmysqlclient.so" ]] ; then
-		elog "Due to ABI changes when switching between different client libraries,"
-		elog "revdep-rebuild must find and rebuild all packages linking to libmysqlclient."
-		elog "Please run: revdep-rebuild --library libmysqlclient.so.${SUBSLOT}"
-		ewarn "Failure to run revdep-rebuild may cause issues with other programs or libraries"
-	fi
-}
diff --git a/dev-db/mysql-connector-c/mysql-connector-c-8.0.19.ebuild b/dev-db/mysql-connector-c/mysql-connector-c-8.0.19.ebuild
deleted file mode 100644
index b48adece2a67..000000000000
--- a/dev-db/mysql-connector-c/mysql-connector-c-8.0.19.ebuild
+++ /dev/null
@@ -1,111 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit cmake-multilib
-
-# wrap the config script
-MULTILIB_CHOST_TOOLS=( /usr/bin/mysql_config )
-
-DESCRIPTION="C client library for MariaDB/MySQL"
-HOMEPAGE="https://dev.mysql.com/downloads/"
-LICENSE="GPL-2"
-
-SRC_URI="https://dev.mysql.com/get/Downloads/MySQL-8.0/mysql-boost-${PV}.tar.gz"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~mips ppc ppc64 s390 sparc x86"
-
-SLOT="0/21"
-IUSE="ldap libressl static-libs"
-
-RDEPEND="
-	>=app-arch/lz4-0_p131:=
-	sys-libs/zlib:=[${MULTILIB_USEDEP}]
-	ldap? ( dev-libs/cyrus-sasl:=[${MULTILIB_USEDEP}] )
-	libressl? ( dev-libs/libressl:0=[${MULTILIB_USEDEP}] )
-	!libressl? ( dev-libs/openssl:0=[${MULTILIB_USEDEP}] )
-	"
-DEPEND="${RDEPEND}"
-
-# Avoid file collisions, #692580
-RDEPEND+=" !<dev-db/mysql-5.6.45-r1"
-RDEPEND+=" !=dev-db/mysql-5.7.23*"
-RDEPEND+=" !=dev-db/mysql-5.7.24*"
-RDEPEND+=" !=dev-db/mysql-5.7.25*"
-RDEPEND+=" !=dev-db/mysql-5.7.26-r0"
-RDEPEND+=" !=dev-db/mysql-5.7.27-r0"
-RDEPEND+=" !<dev-db/percona-server-5.7.26.29-r1"
-
-DOCS=( README )
-
-S="${WORKDIR}/mysql-${PV}"
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-8.0.18-always-build-decompress-utilities.patch
-	"${FILESDIR}"/${PN}-8.0.17-use-relative-include-path-for-udf_registration_types-h.patch
-	"${FILESDIR}"/${PN}-8.0.19-do-not-install-comp_err.patch
-	"${FILESDIR}"/${PN}-8.0.19-libressl.patch
-)
-
-src_prepare() {
-	sed -i -e 's/CLIENT_LIBS/CONFIG_CLIENT_LIBS/' "${S}/scripts/CMakeLists.txt" || die
-
-	# All these are for the server only.
-	# Disable rpm call which would trigger sandbox, #692368
-	sed -i \
-		-e '/MYSQL_CHECK_LIBEVENT/d' \
-		-e '/MYSQL_CHECK_RAPIDJSON/d' \
-		-e '/MYSQL_CHECK_ICU/d' \
-		-e '/MYSQL_CHECK_EDITLINE/d' \
-		-e '/MYSQL_CHECK_CURL/d' \
-		-e '/ADD_SUBDIRECTORY(man)/d' \
-		-e '/ADD_SUBDIRECTORY(share)/d' \
-		-e '/INCLUDE(cmake\/boost/d' \
-		-e 's/MY_RPM rpm/MY_RPM rpmNOTEXISTENT/' \
-		CMakeLists.txt || die
-
-	# Skip building clients
-	echo > client/CMakeLists.txt || die
-
-	# Forcefully disable auth plugin
-	if ! use ldap ; then
-		sed -i -e '/MYSQL_CHECK_SASL/d' CMakeLists.txt || die
-		echo > libmysql/authentication_ldap/CMakeLists.txt || die
-	fi
-
-	cmake-utils_src_prepare
-}
-
-multilib_src_configure() {
-	local mycmakeargs=(
-		-DINSTALL_LAYOUT=RPM
-		-DINSTALL_LIBDIR=$(get_libdir)
-		-DWITH_DEFAULT_COMPILER_OPTIONS=OFF
-		-DWITH_DEFAULT_FEATURE_SET=OFF
-		-DENABLED_LOCAL_INFILE=ON
-		-DMYSQL_UNIX_ADDR="${EPREFIX}/run/mysqld/mysqld.sock"
-		-DWITH_ZLIB=system
-		-DWITH_SSL=system
-		-DWITH_NUMA=OFF
-		-DLIBMYSQL_OS_OUTPUT_NAME=mysqlclient
-		-DSHARED_LIB_PATCH_VERSION="0"
-		-DCMAKE_POSITION_INDEPENDENT_CODE=ON
-		-DWITHOUT_SERVER=ON
-	)
-	cmake-utils_src_configure
-}
-
-multilib_src_install() {
-	cmake-utils_src_install
-}
-
-multilib_src_install_all() {
-	doman \
-		man/my_print_defaults.1 \
-		man/perror.1 \
-		man/zlib_decompress.1
-
-	if ! use static-libs ; then
-		find "${ED}" -name "*.a" -delete || die
-	fi
-}
diff --git a/dev-db/mysql-connector-c/mysql-connector-c-8.0.20.ebuild b/dev-db/mysql-connector-c/mysql-connector-c-8.0.20.ebuild
deleted file mode 100644
index db0c6dcd3c15..000000000000
--- a/dev-db/mysql-connector-c/mysql-connector-c-8.0.20.ebuild
+++ /dev/null
@@ -1,111 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit cmake-multilib
-
-# wrap the config script
-MULTILIB_CHOST_TOOLS=( /usr/bin/mysql_config )
-
-DESCRIPTION="C client library for MariaDB/MySQL"
-HOMEPAGE="https://dev.mysql.com/downloads/"
-LICENSE="GPL-2"
-
-SRC_URI="https://dev.mysql.com/get/Downloads/MySQL-8.0/mysql-boost-${PV}.tar.gz"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86"
-
-SLOT="0/21"
-IUSE="ldap libressl static-libs"
-
-RDEPEND="
-	>=app-arch/lz4-0_p131:=
-	sys-libs/zlib:=[${MULTILIB_USEDEP}]
-	ldap? ( dev-libs/cyrus-sasl:=[${MULTILIB_USEDEP}] )
-	libressl? ( dev-libs/libressl:0=[${MULTILIB_USEDEP}] )
-	!libressl? ( dev-libs/openssl:0=[${MULTILIB_USEDEP}] )
-	"
-DEPEND="${RDEPEND}"
-
-# Avoid file collisions, #692580
-RDEPEND+=" !<dev-db/mysql-5.6.45-r1"
-RDEPEND+=" !=dev-db/mysql-5.7.23*"
-RDEPEND+=" !=dev-db/mysql-5.7.24*"
-RDEPEND+=" !=dev-db/mysql-5.7.25*"
-RDEPEND+=" !=dev-db/mysql-5.7.26-r0"
-RDEPEND+=" !=dev-db/mysql-5.7.27-r0"
-RDEPEND+=" !<dev-db/percona-server-5.7.26.29-r1"
-
-DOCS=( README )
-
-S="${WORKDIR}/mysql-${PV}"
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-8.0.18-always-build-decompress-utilities.patch
-	"${FILESDIR}"/${PN}-8.0.17-use-relative-include-path-for-udf_registration_types-h.patch
-	"${FILESDIR}"/${PN}-8.0.19-do-not-install-comp_err.patch
-	"${FILESDIR}"/${PN}-8.0.20-libressl.patch
-)
-
-src_prepare() {
-	sed -i -e 's/CLIENT_LIBS/CONFIG_CLIENT_LIBS/' "${S}/scripts/CMakeLists.txt" || die
-
-	# All these are for the server only.
-	# Disable rpm call which would trigger sandbox, #692368
-	sed -i \
-		-e '/MYSQL_CHECK_LIBEVENT/d' \
-		-e '/MYSQL_CHECK_RAPIDJSON/d' \
-		-e '/MYSQL_CHECK_ICU/d' \
-		-e '/MYSQL_CHECK_EDITLINE/d' \
-		-e '/MYSQL_CHECK_CURL/d' \
-		-e '/ADD_SUBDIRECTORY(man)/d' \
-		-e '/ADD_SUBDIRECTORY(share)/d' \
-		-e '/INCLUDE(cmake\/boost/d' \
-		-e 's/MY_RPM rpm/MY_RPM rpmNOTEXISTENT/' \
-		CMakeLists.txt || die
-
-	# Skip building clients
-	echo > client/CMakeLists.txt || die
-
-	# Forcefully disable auth plugin
-	if ! use ldap ; then
-		sed -i -e '/MYSQL_CHECK_SASL/d' CMakeLists.txt || die
-		echo > libmysql/authentication_ldap/CMakeLists.txt || die
-	fi
-
-	cmake-utils_src_prepare
-}
-
-multilib_src_configure() {
-	local mycmakeargs=(
-		-DINSTALL_LAYOUT=RPM
-		-DINSTALL_LIBDIR=$(get_libdir)
-		-DWITH_DEFAULT_COMPILER_OPTIONS=OFF
-		-DWITH_DEFAULT_FEATURE_SET=OFF
-		-DENABLED_LOCAL_INFILE=ON
-		-DMYSQL_UNIX_ADDR="${EPREFIX}/run/mysqld/mysqld.sock"
-		-DWITH_ZLIB=system
-		-DWITH_SSL=system
-		-DWITH_NUMA=OFF
-		-DLIBMYSQL_OS_OUTPUT_NAME=mysqlclient
-		-DSHARED_LIB_PATCH_VERSION="0"
-		-DCMAKE_POSITION_INDEPENDENT_CODE=ON
-		-DWITHOUT_SERVER=ON
-	)
-	cmake-utils_src_configure
-}
-
-multilib_src_install() {
-	cmake-utils_src_install
-}
-
-multilib_src_install_all() {
-	doman \
-		man/my_print_defaults.1 \
-		man/perror.1 \
-		man/zlib_decompress.1
-
-	if ! use static-libs ; then
-		find "${ED}" -name "*.a" -delete || die
-	fi
-}
diff --git a/dev-db/mysql-connector-c/mysql-connector-c-8.0.21-r2.ebuild b/dev-db/mysql-connector-c/mysql-connector-c-8.0.21-r2.ebuild
new file mode 100644
index 000000000000..c79b084636c2
--- /dev/null
+++ b/dev-db/mysql-connector-c/mysql-connector-c-8.0.21-r2.ebuild
@@ -0,0 +1,114 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit cmake-multilib
+
+# wrap the config script
+MULTILIB_CHOST_TOOLS=( /usr/bin/mysql_config )
+
+DESCRIPTION="C client library for MariaDB/MySQL"
+HOMEPAGE="https://dev.mysql.com/downloads/"
+LICENSE="GPL-2"
+
+SRC_URI="https://dev.mysql.com/get/Downloads/MySQL-8.0/mysql-boost-${PV}.tar.gz"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~mips ppc ppc64 s390 sparc x86"
+
+SLOT="0/21"
+IUSE="ldap libressl static-libs"
+
+RDEPEND="
+	>=app-arch/lz4-0_p131:=[${MULTILIB_USEDEP}]
+	app-arch/zstd:=[${MULTILIB_USEDEP}]
+	sys-libs/zlib:=[${MULTILIB_USEDEP}]
+	ldap? ( dev-libs/cyrus-sasl:=[${MULTILIB_USEDEP}] )
+	libressl? ( dev-libs/libressl:0=[${MULTILIB_USEDEP}] )
+	!libressl? ( dev-libs/openssl:0=[${MULTILIB_USEDEP}] )
+	"
+DEPEND="${RDEPEND}"
+
+# Avoid file collisions, #692580
+RDEPEND+=" !<dev-db/mysql-5.6.45-r1"
+RDEPEND+=" !=dev-db/mysql-5.7.23*"
+RDEPEND+=" !=dev-db/mysql-5.7.24*"
+RDEPEND+=" !=dev-db/mysql-5.7.25*"
+RDEPEND+=" !=dev-db/mysql-5.7.26-r0"
+RDEPEND+=" !=dev-db/mysql-5.7.27-r0"
+RDEPEND+=" !<dev-db/percona-server-5.7.26.29-r1"
+
+DOCS=( README )
+
+S="${WORKDIR}/mysql-${PV}"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-8.0.18-always-build-decompress-utilities.patch
+	"${FILESDIR}"/${PN}-8.0.19-do-not-install-comp_err.patch
+	"${FILESDIR}"/${PN}-8.0.21-libressl.patch
+	"${FILESDIR}"/${PN}-8.0.21-survive-malformed-charset-files.patch
+)
+
+src_prepare() {
+	sed -i -e 's/CLIENT_LIBS/CONFIG_CLIENT_LIBS/' "${S}/scripts/CMakeLists.txt" || die
+
+	# All these are for the server only.
+	# Disable rpm call which would trigger sandbox, #692368
+	sed -i \
+		-e '/MYSQL_CHECK_LIBEVENT/d' \
+		-e '/MYSQL_CHECK_RAPIDJSON/d' \
+		-e '/MYSQL_CHECK_ICU/d' \
+		-e '/MYSQL_CHECK_EDITLINE/d' \
+		-e '/MYSQL_CHECK_CURL/d' \
+		-e '/ADD_SUBDIRECTORY(man)/d' \
+		-e '/ADD_SUBDIRECTORY(share)/d' \
+		-e '/INCLUDE(cmake\/boost/d' \
+		-e 's/MY_RPM rpm/MY_RPM rpmNOTEXISTENT/' \
+		CMakeLists.txt || die
+
+	# Skip building clients
+	echo > client/CMakeLists.txt || die
+
+	# Forcefully disable auth plugin
+	if ! use ldap ; then
+		sed -i -e '/MYSQL_CHECK_SASL/d' CMakeLists.txt || die
+		echo > libmysql/authentication_ldap/CMakeLists.txt || die
+	fi
+
+	cmake-utils_src_prepare
+}
+
+multilib_src_configure() {
+	local mycmakeargs=(
+		-DINSTALL_LAYOUT=RPM
+		-DINSTALL_LIBDIR=$(get_libdir)
+		-DWITH_DEFAULT_COMPILER_OPTIONS=OFF
+		-DWITH_DEFAULT_FEATURE_SET=OFF
+		-DENABLED_LOCAL_INFILE=ON
+		-DMYSQL_UNIX_ADDR="${EPREFIX}/run/mysqld/mysqld.sock"
+		-DWITH_LZ4=system
+		-DWITH_NUMA=OFF
+		-DWITH_SSL=system
+		-DWITH_ZLIB=system
+		-DWITH_ZSTD=system
+		-DLIBMYSQL_OS_OUTPUT_NAME=mysqlclient
+		-DSHARED_LIB_PATCH_VERSION="0"
+		-DCMAKE_POSITION_INDEPENDENT_CODE=ON
+		-DWITHOUT_SERVER=ON
+	)
+	cmake-utils_src_configure
+}
+
+multilib_src_install() {
+	cmake-utils_src_install
+}
+
+multilib_src_install_all() {
+	doman \
+		man/my_print_defaults.1 \
+		man/perror.1 \
+		man/zlib_decompress.1
+
+	if ! use static-libs ; then
+		find "${ED}" -name "*.a" -delete || die
+	fi
+}
-- 
cgit v1.2.3