Oracle *Has Not* Stopped Publishing MySQL To Launchpad

Stewart over at Percona noticed that our trees on Launchpad were out of date, and this has been picked up and taken as gospel by others, notably Henrik today.

Unfortunately, Henrik doesn’t seem to have checked Launchpad before publishing his blog – otherwise he would have noticed that all of the trees are currently up to date with the current releases.

He would also have noticed that there is now a new MySQL 5.6 branch, so that we can continue with trunk as the future MySQL version after MySQL 5.6.

So let me repeat this again, Oracle has not stopped updating the MySQL branches on Launchpad.

Sorry about the blips in updating, however.

ALTER USER … PASSWORD EXPIRE – bitten by a bug

MySQL 5.6.6 was released yesterday – the list of changes is impressive.

One of the new things added within 5.6.6 was the ALTER USER … PASSWORD EXPIRE statement, which allows an administrator to expire the passwords for a user, so that they must update their password on next login.

Unfortunately, this was released within 5.6.6 with a serious problem – already noted by Kolbe Kegel – as it updated the password column to an empty string, as well as setting the password_expired flag. This obviously has serious implications, that really means you should not use this feature, if you are planning on using 5.6.6 in production (for whatever reason, given that it is not a GA release yet).

The good news is that this was caught and fixed around a month ago, but didn’t quite make the 5.6.6 cut off date (where we build, and put the release through QA testing) – here’s the same kind of test on my self-built 5.6.7 release:

$ mysql -uroot -pmysql -P3307
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 152259
Server version: 5.6.7 MySQL Community Server (GPL)

Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> grant all on *.* to mark@localhost identified by 'mark';
Query OK, 0 rows affected (0.00 sec)

mysql> select user, host, password, password_expired from mysql.user;
+-----------------+-----------+-------------------------------------------+------------------+
| user            | host      | password                                  | password_expired |
+-----------------+-----------+-------------------------------------------+------------------+
| root            | localhost | *E74858DB86EBA20BC33D0AECAE8A8108C56B17FA | N                |
| mark            | localhost | *E6ACCEDB2495496B191ED488F598F04239C85E73 | N                |
+-----------------+-----------+-------------------------------------------+------------------+
2 rows in set (0.00 sec)

mysql> alter user mark@localhost password expire;
Query OK, 0 rows affected (0.00 sec)

mysql> select user, host, password, password_expired from mysql.user;
+-----------------+-----------+-------------------------------------------+------------------+
| user            | host      | password                                  | password_expired |
+-----------------+-----------+-------------------------------------------+------------------+
| root            | localhost | *E74858DB86EBA20BC33D0AECAE8A8108C56B17FA | N                |
| mark            | localhost | *E6ACCEDB2495496B191ED488F598F04239C85E73 | Y                |
+-----------------+-----------+-------------------------------------------+------------------+
2 rows in set (0.00 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

mysql> select user, host, password, password_expired from mysql.user;
+-----------------+-----------+-------------------------------------------+------------------+
| user            | host      | password                                  | password_expired |
+-----------------+-----------+-------------------------------------------+------------------+
| root            | localhost | *E74858DB86EBA20BC33D0AECAE8A8108C56B17FA | N                |
| mark            | localhost | *E6ACCEDB2495496B191ED488F598F04239C85E73 | Y                |
+-----------------+-----------+-------------------------------------------+------------------+
2 rows in set (0.00 sec)

mysql> exit
Bye
$ mysql -umark -P3307
ERROR 1045 (28000): Access denied for user 'mark'@'localhost' (using password: NO)
$ mysql -umark -pmark -P3307
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 163413
Server version: 5.6.7

Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> select * from mysql.user;
ERROR 1820 (HY000): You must SET PASSWORD before executing this statement
mysql> set password = password('newmark');
Query OK, 0 rows affected (0.00 sec)

mysql> show grants;
+----------------------------------------------------------------------------------------------------------------------+
| Grants for mark@localhost                                                                                            |
+----------------------------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'mark'@'localhost' IDENTIFIED BY PASSWORD '*00B6543E480F70E68EB0FE311882F1B32E7EEF43' |
+----------------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)

mysql> select password('newmark');
+-------------------------------------------+
| password('newmark')                       |
+-------------------------------------------+
| *00B6543E480F70E68EB0FE311882F1B32E7EEF43 |
+-------------------------------------------+
1 row in set (0.00 sec)

So, please don’t use this feature until 5.6.7 is released! We’re sorry that this problem slipped in to the milestone release, but thankfully it was caught before our GA release, both with our own internal testing, and external community interest (thanks Kolbe!).

The documentation will be updated to reflect this in the near future as well.