[debian-mysql] Request for help with MariaDB 10.3 / mysql-defaults / pam-mysql packaging

wferi at niif.hu wferi at niif.hu
Fri Dec 28 09:05:12 GMT 2018

Otto Kekäläinen <otto at debian.org> writes:

> The recent upload of MariadB 10.3 to Debian unstable and also the new
> mysql-defaults break the Debian CI tests of your package pam-mysql.

Hi Otto,

Yes, I noticed, and a user even reported the actual breakage.

> I would appreciate very much if you can debug what exactly goes wrong
> in the pam-mysql tests and perhaps even file a merge request on Salsa
> against mariadb-10.3 to get it fixed.

The problem is that

# objdump -T /lib/x86_64-linux-gnu/security/pam_mysql.so | fgrep password
0000000000000000      DF *UND*	0000000000000000  libmysqlclient_18 make_scrambled_password_323
0000000000000000      DF *UND*	0000000000000000  libmysqlclient_18 make_scrambled_password

and the current sid version does not export these symbols, while

# objdump -T /usr/lib/x86_64-linux-gnu/libmariadbclient.so.18 | fgrep password
000000000003cf70 g    DF .text	0000000000000027  libmariadbclient_18 make_scrambled_password
0000000000026f40 g    DF .text	0000000000000051  libmariadbclient_18 get_tty_password
0000000000026f40 g    DF .text	0000000000000000 (libmariadbclient_16) get_tty_password
000000000003cf00 g    DF .text	0000000000000000 (libmariadbclient_16) my_make_scrambled_password
000000000003cf00 g    DF .text	0000000000000067  libmariadbclient_18 my_make_scrambled_password
000000000003ca10 g    DF .text	0000000000000027  libmariadbclient_18 make_scrambled_password_323

on a stretch system.

> I've spent a lot of effort to create gitlab-ci integration into
> mariadb-10.3 so it is easy for other DDs to write, test and submit
> contributions. The process is documented at
> https://wiki.debian.org/Teams/MySQL/patches

That's great work!  However, I don't think the solution is bringing back
these deprecated symbols, maybe except for make_scrambled_password if
MariaDB upstream agrees to make it an official interface (as far as I
know, currently there's no exported function which imitates the effect
of the PASSWORD server function).  Moreover, I think pam-mysql misuses
my_make_scrambled_password in stretch, because this function changed
behavior in MySQL 5.6, see https://bugs.mysql.com/bug.php?id=86357.

Anyway, a simple rebuild should fix this issue, because if the pam-mysql
configue script does not find these symbols, it switches to using an
internal implementation of make_scrambled_password and drops the
functionality provided by make_scrambled_password_323.  So just ask for
a binNMU or ignore the problem for now (I'll ask upstream for a new
release shortly and upload that).

More information about the pkg-mysql-maint mailing list