Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

PXC8.0 and 8.4 yum installations on el8 pull in old 1.0.2 ssl libs via compat-openssl10 dependency

Description

When installing Percona XtraDB Cluster 8.0.x or 8.4.x on RHEL8 via YUM, it appears that the percona-xtradb-cluster-server packages has a yum dependency on the compat-openssl10 package.

On a RHEL8.10 subscribed server, for example, this will install compat-openssl10-1:1.0.2o-4.el8_6.x86_64 from the rhel-8-for-x86_64-appstream-rpms redhat repo which lays down some old 1.0.2 ssl libs e.g:

…and these will typically get flagged by vulnerability scanners now.

I know you guys did a bunch of good work recently to remove all the old bundled ssl libs from your tarball releases of PXC and PXB on el8 as per my earlier tickets and

Can this compat-openssl10 dependency be reviewed for el8 and removed if possible please for future releases.

Note that we generally advise our third parties to forcibly remove the package after PXC install using:

…which does not appear to cause any problems for our/their usage of PXC but this obviously operates outside of YUM and the package will come back if upgrading to a newer version of PXC.

Environment

None

Attachments

2

Activity

Show:

puneet.kaushik January 14, 2025 at 9:59 AM

Fix verified !

In PXC 8.4.2 installation i can see compat-openssl10

IN PXC 8.4.3 installation of PXC server it is not observed.


Aaditya Dubey January 1, 2025 at 11:27 AM

Hi

Thank you for the report.
Verified as described.

Done

Details

Assignee

Reporter

Labels

Planned Version/s

Needs QA

Yes

Components

Sprint

Affects versions

Priority

Smart Checklist

Created December 13, 2024 at 9:40 AM
Updated January 14, 2025 at 9:59 AM
Resolved January 14, 2025 at 9:59 AM