group.of.nepali.translators team mailing list archive

Thread
Date
[Bug 1598992] Re: MySQL Server installation fails if root password contains special characters such as apostrophe

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1598992@xxxxxxxxxxxxxxxxxx>
Date: Wed, 05 Apr 2017 17:05:01 -0000
Reply-to: Bug 1598992 <1598992@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
This bug was fixed in the package mysql-5.7 - 5.7.17-0ubuntu0.16.04.2

---------------
mysql-5.7 (5.7.17-0ubuntu0.16.04.2) xenial; urgency=medium

  * Add libjson-perl dependency for test suite (LP: #1631338)
    The last two python tests in the mtr suite were rewritten
    in perl, and require this package. Added for mysql-testsuite
    and as a build-dep.
  * Build with DWITH_LZ4=system (LP: #1631339)
    Package was previously built with bundled liblz4, though it
    was specified as a build-dep.
  * Add support for custom datadir to systemd service (LP: #1574782)
    The service was reporting an error if no database could be found in
    /var/lib/mysql. It now checks the location specified in the config.
    Note that user must still handle apparmor access for custom datadir.
  * Fix copy of soft-link datadir to /var/lib/mysql-upgrade (LP: #1474212)
    Upgrade would sometimes fail if mysql-upgrade already contained a
    link copy from a previous upgrade.
  * Escape special characters in password (LP: #1598992)
    Special characters in the root password would cause syntax errors
    and postinst failures.
  * Failing tests on platforms supported by upstream fail build (LP: #1646488)
    A passing test suite is now enforced on i386 and amd64 platforms at
    build-time.
  * d/copyright: Updated with information about new source files
  * Unstable test main.xa_prepared_binlog_off disabled pending upstream fix.
    Upstream bug report: http://bugs.mysql.com/bug.php?id=83340
  * d/lintian-overrides: Updated line numbers

 -- Lars Tangvald <lars.tangvald@xxxxxxxxxx>  Fri, 03 Feb 2017 08:53:04
+0100

** Changed in: mysql-5.7 (Ubuntu Xenial)
       Status: Fix Committed => Fix Released

** Bug watch added: MySQL Bug System #83340
   http://bugs.mysql.com/bug.php?id=83340

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1598992

Title:
  MySQL Server installation fails if root password contains special
  characters such as apostrophe

Status in mysql-5.7 package in Ubuntu:
  Fix Released
Status in mysql-5.7 source package in Xenial:
  Fix Released

Bug description:
  The postinst script for mysql-server-5.7 can take a root password for
  the server as input. It does not properly escape this password before
  passing it to the server in an SQL script.

  [Impact]
  If a user enters a root password containing such a password, MySQL will throw a syntax error when d/postinst tries to set it, causing postinst failure.

  One would expect the password to support special characters, and e.g.
  pwgen -y will generate password containing such.

  We fix this by passing the password through coreutil's printf %q,
  which escapes all special characters.

  [Test case]
  Install the mysql-server-5.7 package, and enter "pass'word" when prompted for the root password. This should work

  [Regression Potential]
  This change has been in Yakkety for some time (5.7.15-0ubuntu2).

  == printf %q changes behavior ==
  Unlikely, since it's part of coreutils, but it might cause similar syntax errors as what is seen now, or result in a root password that is different from what the user expect (fixable for an admin, but would be confusing)

  == printf %q escapes characters that should not be escaped ==
  Some characters, such as $, do not need to be escaped for MySQL, but are escaped by printf %q. For those tested, MySQL supports both (passing \$ is equivalent to passing $), but if this support is incomplete it could result in syntax error and postinst failure.

  
  [Original description]
  Running linuxmint 18, had trouble installating mysql-server. After a fair amount of frustration, I dug around, found a temp file that had a command in it to change my root password, my password was there (in plain text), and had a clear problem with the apostrophe in the password.  It looked something like this:

  SET PASSWORD FOR 'root'@'localhost' =
  PASSWORD('YouWeren'tExpectingThis');

  I didn't save the file, did successfully install MySQL with a password
  without the single quote, and I'm not going to undo that all just to
  give a better bug report.  I'm sure your programmers won't have any
  trouble tracking this down.

  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: mysql-server-5.7 5.7.12-0ubuntu1.1
  ProcVersionSignature: Ubuntu 4.4.0-28.47-generic 4.4.13
  Uname: Linux 4.4.0-28-generic x86_64
  ApportVersion: 2.20.1-0ubuntu2.1
  Architecture: amd64
  CurrentDesktop: X-Cinnamon
  Date: Mon Jul  4 22:36:34 2016
  InstallationDate: Installed on 2016-07-02 (2 days ago)
  InstallationMedia: Linux Mint 18 "Sarah" - Release amd64 20160628
  Logs.var.log.daemon.log:

  MySQLConf.etc.mysql.conf.d.mysql.cnf: [mysql]
  MySQLConf.etc.mysql.conf.d.mysqldump.cnf:
   [mysqldump]
   quick
   quote-names
   max_allowed_packet	= 16M
  MySQLConf.etc.mysql.mysql.conf.d.mysqld_safe_syslog.cnf:
   [mysqld_safe]
   syslog
  MySQLVarLibDirListing: False
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=<set>
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: mysql-5.7
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mysql-5.7/+bug/1598992/+subscriptions