[debian-mysql] Bug#850216: Bug#850216: mysql-server-5.6: Listens on * by default after installation (related to use of alternatives)
Robie Basak
robie.basak at ubuntu.com
Thu Jan 5 13:52:11 UTC 2017
reassign 850216 libmariadbclient18
thanks
Hi Salvatore,
Thank you for the report. I can reproduce this on stretch.
Otto: please could you take a look at this?
It seems that the problem is that libmariadbclient18 depends on
mariadb-common directly. mariadb-common's postinst adds
/etc/mysql/mariadb.conf to the configuration. And various things depend
on libmariadbclient18 now, such as libdbd-mysql-perl, which is pulling
it in.
I think this is wrong for two reasons:
1) libmariadbclient18 shouldn't add mariadb.cnf as an alternative at
all. Nor does libmysqlclient{18,20} add mysql.cnf currently, for
example. We both use and share my.cnf.fallback from the mysql-common
package for client library use. libmariadbclient18's use of
/usr/share/mysql-common/configure-symlinks should move to
mariadb-server-... packaging.
2) libmariadbclient18 should depend only on mysql-common, not
mariadb-common, since it doesn't (shouldn't) need anything from
mariadb-common.
I think the above issue is quite serious in itself, as it causes MariaDB
packaging to cause disruption and unexpected behaviour to users of MySQL
by taking over my.cnf when it shouldn't.
Another way of looking at this is that mariadb.cnf and mysql.cnf should
never end up both activated in update-alternatives on the same system at
once. In the original design, it is only mysql-server-* and
mariadb-server-* that provide the symlinks, and these packages conflict
with each other, uninstalling the symlink in postrm remove, so did
ensure this would never happen. By putting the configure-symlinks call
in mariadb-common, this mechanism stops working correctly.
It looks like mariadb-common has been like this ever since the symlink
handling was introduced. I'm sorry I didn't notice this problem at the
time. I guess the problem has only come up now because non-MariaDB
packaging is pulling in mariadb-common now, which didn't happen before.
For the security issue you reported, I can confirm it is fixed by
running "update-alternatives --remove my.cnf /etc/mysql/mariadb.cnf" and
restarting, so I'm confident that fixing the above issue will fix this
problem for MySQL. mariadb-server seems unaffected.
Robie
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-mysql-maint/attachments/20170105/64009a5d/attachment.sig>
More information about the pkg-mysql-maint
mailing list