Bug #2014 RPM upgrade path is a little hazardous
Submitted: 4 Dec 2003 8:48 Modified: 6 Dec 2003 9:12
Reporter: [ name withheld ] Email Updates:
Status: Won't fix Impact on me:
None 
Category:MySQL Server: Installing Severity:S3 (Non-critical)
Version:4.1.1-Alpha OS:Linux (RH Linux 9)
Assigned to: CPU Architecture:Any

[4 Dec 2003 8:48] [ name withheld ]
Description:
Upgrading from 4.1.0 to 4.1.1 via rpm -Fvh or rpm -Uvh can leave the user in a 
state of confusion if they try to use SHOW GRANTS.  There appears to be an 
incompatibility somewhere in the code that prevents a 4.1.1 server daemon from 
reading the 4.1.0 grant tables properly - or the error message is just 
unclear. 
 
See the 'repeat' section for some logs of a tested upgrade process.  It pays 
to have good documentation on what the user/password combos are.  A diffed 
mysqldump from before and after the upgrade revealed no changes to the mysql 
tables. 
 

How to repeat:
rpm -ivh MySQL-server-4.1.0-0.i386.rpm MySQL-shared-4.1.0-0.i386.rpm 
MySQL-devel-4.1.0-0.i386.rpm MySQL-client-4.1.0-0.i386.rpm  --nodeps 
(--nodeps to work around that silly libcrypto issue on RH 9+ systems) 
 
Starting mysqld daemon with databases from /var/lib/mysql 
   3:MySQL-shared           ########################################### [ 75%] 
   4:MySQL-devel            ########################################### [100%] 
[root@flyingfish rpm]# mysql 
Welcome to the MySQL monitor.  Commands end with ; or \g. 
Your MySQL connection id is 1 to server version: 4.1.0-alpha-log 
 
Type 'help;' or '\h' for help. Type '\c' to clear the buffer. 
 
mysql> grant select on *.* to user@192.168.0.121 identified by  'a long 
password with spaces and other spaces'; 
Query OK, 0 rows affected (0.00 sec) 
 
mysql> show grants for user@192.168.0.121; 
+----------------------------------------------------------------------------------------------------------------------+ 
| Grants for user@192.168.0.121                                                                                        
| 
+----------------------------------------------------------------------------------------------------------------------+ 
| GRANT SELECT ON *.* TO 'user'@'192.168.0.121' IDENTIFIED BY PASSWORD 
'*bf2dfbf7980286479678e696485e892a847bec19e0ce' | 
+----------------------------------------------------------------------------------------------------------------------+ 
1 row in set (0.00 sec) 
 
rpm -Uvh MySQL* --nodeps 
warning: MySQL-client-4.1.1-0.i386.rpm: V3 DSA signature: NOKEY, key ID 
5072e1f5 
Preparing...                ########################################### [100%] 
   1:MySQL-shared           ########################################### [ 25%] 
   2:MySQL-client           ########################################### [ 50%] 
   3:MySQL-devel            ########################################### [ 75%] 
031204 16:37:30  mysqld ended 
 
Giving mysqld a couple of seconds to exit nicely 
   4:MySQL-server           ########################################### [100%] 
/usr/bin/mysql_install_db: line 202: /usr/bin/mysql_create_system_tables: No 
such file or directory 
ERROR: 1046  No Database Selected 
ERROR: 1046  No Database Selected 
ERROR: 1046  No Database Selected 
ERROR: 1046  No Database Selected 
. 
. 
. 
. 
Welcome to the MySQL monitor.  Commands end with ; or \g. 
Your MySQL connection id is 1 to server version: 4.1.1-alpha-standard-log 
 
Type 'help;' or '\h' for help. Type '\c' to clear the buffer. 
 
mysql> show grants for user@192.168.0.121; 
ERROR 1141 (42000): There is no such grant defined for user 'user' on host 
'192.168.0.121' 
mysql> grant select on *.* to user@192.168.0.121 identified by  'a long 
password with spaces and other spaces'; 
Query OK, 0 rows affected (0.00 sec) 
 
mysql> show grants for user@192.168.0.121; 
ERROR 1141 (42000): There is no such grant defined for user 'user' on host 
'192.168.0.121' 
mysql> flush privileges; 
Query OK, 0 rows affected (0.00 sec) 
 
mysql> show grants for user@192.168.0.121; 
+------------------------------------------------------------------------------------------------------------------+ 
| Grants for user@192.168.0.121                                                                                    
| 
+------------------------------------------------------------------------------------------------------------------+ 
| GRANT SELECT ON *.* TO 'user'@'192.168.0.121' IDENTIFIED BY PASSWORD 
'*FB193CB95C54B46ECF2B626965335C9BF75BDC4B' | 
+------------------------------------------------------------------------------------------------------------------+ 
1 row in set (0.00 sec) 
 

Suggested fix:
Report a useful error, such as 'Grant is in an invalid format.  Re-issue the 
grant.'
[6 Dec 2003 4:51] Alexander Keremidarski
Sorry, but the bug system is not the appropriate forum for asking
support questions. Your problem is not the result of a bug.
For a list of more appropriate places to ask for help using MySQL
products, please visit http://www.mysql.com/support/

Thank you for your interest in MySQL.

Additional info:

What you refer to is docummented incompatible change bewteen 4.1.0 and 4.1.1

From http://www.mysql.com/doc/en/News-4.1.1.html
D.2.2 Changes in release 4.1.1 (01 Dec 2003)

# Warning: Incompatible change! Client authentication now is based on 41-byte passwords in the user table, not 45-byte passwords as in 4.1.0. Any 45-byte passwords created for 4.1.0 must be reset after running the mysql_fix_privilege_tables script.

mysql_fix_privilege_table_script should be run manually as it touches your Privilege tables which MySQL RPMs never update (as well as all your other MySQL data)
[6 Dec 2003 9:12] Sergei Golubchik
the real reason for not having a better eror message is that authentication protocol in 4.1.0 contained a bug that made it very insecure. As this flaw is present only in 4.1.0-alpha version we decided not to add compatibility support for 4.1.0 authentication protocol and privilege tables in 4.1.1, for not to encourage people to use insecure (and slow) protocol.

Thus 4.1.1 does not know anything about password format in 4.1.0 and cannot issue a very meaningful error message. (after you fixed privilege tables that is, with old - 4.1.0 - privilege tables you get an appropriate error message).