** Summary changed: - MySQL Server installation freezes if root password contains a single quote (apostrophe) + MySQL Server installation freezes if root password contains special characters such as apostrophe
** Summary changed: - MySQL Server installation freezes if root password contains special characters such as apostrophe + MySQL Server installation fails if root password contains special characters such as apostrophe ** Description changed: - Running linuxmint 18, had trouble installating mysql-server. After a - fair amount of frustration, I dug around, found a temp file that had a - command in it to change my root password, my password was there (in - plain text), and had a clear problem with the apostrophe in the - password. It looked something like this: + The postinst script for mysql-server-5.7 can take a root password for + the server as input. It does not properly escape this password before + passing it to the server in an SQL script. + + [Impact] + If a user enters a root password containing such a password, MySQL will throw a syntax error when d/postinst tries to set it, causing postinst failure. + + One would expect the password to support special characters, and e.g. + pwgen -y will generate password containing such. + + We fix this by passing the password through coreutil's printf %q, which + escapes all special characters. + + [Test case] + Install the mysql-server-5.7 package, and enter "pass'word" when prompted for the root password. This should work + + [Regression Potential] + This change has been in Yakkety for some time (5.7.15-0ubuntu2). + + == printf %q changes behavior == + Unlikely, since it's part of coreutils, but it might cause similar syntax errors as what is seen now, or result in a root password that is different from what the user expect (fixable for an admin, but would be confusing) + + == printf %q escapes characters that should not be escaped == + Some characters, such as $, do not need to be escaped for MySQL, but are escaped by printf %q. For those tested, MySQL supports both (passing \$ is equivalent to passing $), but if this support is incomplete it could result in syntax error and postinst failure. + + + [Original description] + Running linuxmint 18, had trouble installating mysql-server. After a fair amount of frustration, I dug around, found a temp file that had a command in it to change my root password, my password was there (in plain text), and had a clear problem with the apostrophe in the password. It looked something like this: SET PASSWORD FOR 'root'@'localhost' = PASSWORD('YouWeren'tExpectingThis'); I didn't save the file, did successfully install MySQL with a password without the single quote, and I'm not going to undo that all just to give a better bug report. I'm sure your programmers won't have any trouble tracking this down. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: mysql-server-5.7 5.7.12-0ubuntu1.1 ProcVersionSignature: Ubuntu 4.4.0-28.47-generic 4.4.13 Uname: Linux 4.4.0-28-generic x86_64 ApportVersion: 2.20.1-0ubuntu2.1 Architecture: amd64 CurrentDesktop: X-Cinnamon Date: Mon Jul 4 22:36:34 2016 InstallationDate: Installed on 2016-07-02 (2 days ago) InstallationMedia: Linux Mint 18 "Sarah" - Release amd64 20160628 Logs.var.log.daemon.log: - + MySQLConf.etc.mysql.conf.d.mysql.cnf: [mysql] MySQLConf.etc.mysql.conf.d.mysqldump.cnf: - [mysqldump] - quick - quote-names - max_allowed_packet = 16M + [mysqldump] + quick + quote-names + max_allowed_packet = 16M MySQLConf.etc.mysql.mysql.conf.d.mysqld_safe_syslog.cnf: - [mysqld_safe] - syslog + [mysqld_safe] + syslog MySQLVarLibDirListing: False ProcEnviron: - TERM=xterm-256color - PATH=(custom, no user) - XDG_RUNTIME_DIR=<set> - LANG=en_US.UTF-8 - SHELL=/bin/bash + TERM=xterm-256color + PATH=(custom, no user) + XDG_RUNTIME_DIR=<set> + LANG=en_US.UTF-8 + SHELL=/bin/bash SourcePackage: mysql-5.7 UpgradeStatus: No upgrade log present (probably fresh install) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1598992 Title: MySQL Server installation fails if root password contains special characters such as apostrophe To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mysql-5.7/+bug/1598992/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs