Hi,
It's probably something with your setup the upgrade logic can't handle
correctly.
In 5.5.53, MySQL changes the inbuilt secure-file-priv (determined where
the server can read/write data for import/export operations) default
setting from blank, meaning the server has read/write access anywhere,
to /var/lib/mysql-files, which should be automatically created by the
postinst. This is a fairly big change, but it was felt the old behavior
was a big enough security risk to justify it.
Do you have a special setup (partition, symlink, etc) for your /var/lib
folders, so the default directory might not be possible to create/access?
Finally, setting secure-file-priv to your datadir is very strongly
recommended against, as it pretty much gives any database user full
database access.
We recommend either setting it to a separate location, or to NULL (only
available in 5.5.53+), which will disable import/export operations for
the server.
--
Lars
On 11/08/2016 11:58 AM, Thomas Braun wrote:
Package: mysql-server-5.5
Version: 5.5.53-0+deb8u1
Severity: important
Dear Maintainer,
after tonights security update my mysql server does not start anymore.
Looking in /var/log/mysql/error.log gives:
161108 11:18:02 mysqld_safe Starting mysqld daemon with databases from
/var/lib/mysql
161108 11:18:02 [Warning] Using unique option prefix key_buffer instead of
key_buffer_size is deprecated and will be removed in a future release. Please
use the full name instead.
/usr/sbin/mysqld: Error on realpath() on '/var/lib/mysql-files' (Error 2)
161108 11:18:02 [ERROR] Failed to access directory for --secure-file-priv.
Please make sure that directory exists and is accessible by MySQL Server.
Supplied value : /var/lib/mysql-files
161108 11:18:02 [ERROR] Aborting
So it looks like that the new secure-file-priv option defaults to a different
folder than specified as datadir in my config.
I've not touched the mysql settings manually.
I've fixed the bug by adding the file
/etc/mysql/conf.d/fix-security-update-bug.cnf with contents
[mysqld]
secure_file_priv=/var/lib/mysql
Thanks for your work on the mysql packages,
Thomas
-- System Information:
Debian Release: 8.6
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages mysql-server-5.5 depends on:
ii adduser 3.113+nmu3
ii debconf [debconf-2.0] 1.5.56
ii initscripts 2.88dsf-59
ii libc6 2.19-18+deb8u6
ii libdbi-perl 1.631-3+b1
ii libgcc1 1:4.9.2-10
ii libstdc++6 4.9.2-10
ii lsb-base 4.1+Debian13+nmu1
iu mysql-client-5.5 5.5.53-0+deb8u1
ii mysql-common 5.5.53-0+deb8u1
iu mysql-server-core-5.5 5.5.53-0+deb8u1
ii passwd 1:4.2-3+deb8u1
ii perl 5.20.2-3+deb8u6
ii psmisc 22.21-2
ii zlib1g 1:1.2.8.dfsg-2+b1
Versions of packages mysql-server-5.5 recommends:
ii libhtml-template-perl 2.95-1
Versions of packages mysql-server-5.5 suggests:
ii heirloom-mailx [mailx] 12.5-4
pn tinyca <none>
-- debconf information:
mysql-server-5.5/postrm_remove_databases: false
mysql-server-5.5/start_on_boot: true
mysql-server/error_setting_password:
mysql-server-5.5/nis_warning:
mysql-server/password_mismatch:
mysql-server-5.5/really_downgrade: false
mysql-server/no_upgrade_when_using_ndb:
_______________________________________________
pkg-mysql-maint mailing list
pkg-mysql-ma...@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-mysql-maint
