** Summary changed:
- MySQL Server installation freezes if root password contains a single quote
(apostrophe)
+ MySQL Server installation freezes if root password contains special
characters such as apostrophe
** Summary changed:
- MySQL Server installation freezes if root password contains special
characters such as apostrophe
+ MySQL Server installation fails if root password contains special characters
such as apostrophe
** Description changed:
- Running linuxmint 18, had trouble installating mysql-server. After a
- fair amount of frustration, I dug around, found a temp file that had a
- command in it to change my root password, my password was there (in
- plain text), and had a clear problem with the apostrophe in the
- password. It looked something like this:
+ The postinst script for mysql-server-5.7 can take a root password for
+ the server as input. It does not properly escape this password before
+ passing it to the server in an SQL script.
+
+ [Impact]
+ If a user enters a root password containing such a password, MySQL will throw
a syntax error when d/postinst tries to set it, causing postinst failure.
+
+ One would expect the password to support special characters, and e.g.
+ pwgen -y will generate password containing such.
+
+ We fix this by passing the password through coreutil's printf %q, which
+ escapes all special characters.
+
+ [Test case]
+ Install the mysql-server-5.7 package, and enter "pass'word" when prompted for
the root password. This should work
+
+ [Regression Potential]
+ This change has been in Yakkety for some time (5.7.15-0ubuntu2).
+
+ == printf %q changes behavior ==
+ Unlikely, since it's part of coreutils, but it might cause similar syntax
errors as what is seen now, or result in a root password that is different from
what the user expect (fixable for an admin, but would be confusing)
+
+ == printf %q escapes characters that should not be escaped ==
+ Some characters, such as $, do not need to be escaped for MySQL, but are
escaped by printf %q. For those tested, MySQL supports both (passing \$ is
equivalent to passing $), but if this support is incomplete it could result in
syntax error and postinst failure.
+
+
+ [Original description]
+ Running linuxmint 18, had trouble installating mysql-server. After a fair
amount of frustration, I dug around, found a temp file that had a command in it
to change my root password, my password was there (in plain text), and had a
clear problem with the apostrophe in the password. It looked something like
this:
SET PASSWORD FOR 'root'@'localhost' =
PASSWORD('YouWeren'tExpectingThis');
I didn't save the file, did successfully install MySQL with a password
without the single quote, and I'm not going to undo that all just to
give a better bug report. I'm sure your programmers won't have any
trouble tracking this down.
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: mysql-server-5.7 5.7.12-0ubuntu1.1
ProcVersionSignature: Ubuntu 4.4.0-28.47-generic 4.4.13
Uname: Linux 4.4.0-28-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: amd64
CurrentDesktop: X-Cinnamon
Date: Mon Jul 4 22:36:34 2016
InstallationDate: Installed on 2016-07-02 (2 days ago)
InstallationMedia: Linux Mint 18 "Sarah" - Release amd64 20160628
Logs.var.log.daemon.log:
-
+
MySQLConf.etc.mysql.conf.d.mysql.cnf: [mysql]
MySQLConf.etc.mysql.conf.d.mysqldump.cnf:
- [mysqldump]
- quick
- quote-names
- max_allowed_packet = 16M
+ [mysqldump]
+ quick
+ quote-names
+ max_allowed_packet = 16M
MySQLConf.etc.mysql.mysql.conf.d.mysqld_safe_syslog.cnf:
- [mysqld_safe]
- syslog
+ [mysqld_safe]
+ syslog
MySQLVarLibDirListing: False
ProcEnviron:
- TERM=xterm-256color
- PATH=(custom, no user)
- XDG_RUNTIME_DIR=<set>
- LANG=en_US.UTF-8
- SHELL=/bin/bash
+ TERM=xterm-256color
+ PATH=(custom, no user)
+ XDG_RUNTIME_DIR=<set>
+ LANG=en_US.UTF-8
+ SHELL=/bin/bash
SourcePackage: mysql-5.7
UpgradeStatus: No upgrade log present (probably fresh install)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1598992
Title:
MySQL Server installation fails if root password contains special
characters such as apostrophe
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mysql-5.7/+bug/1598992/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
