Solved mysql_upgrade in jail fails

After pkg update / pkg upgrade for myjail ( pkg -j myjail up...)I got a reminder from MySQL:
Code:
* * * * * * * * * * * * * * * * * * * * * * * *
Message from mysql56-server-5.6.32:
************************************************************************

Remember to run mysql_upgrade the first time you start the MySQL server
after an upgrade from an earlier version.

However when I do this, this happens.
Code:
root@myjail:/ # mysql_upgrade
Looking for 'mysql' as: mysql
Looking for 'mysqlcheck' as: mysqlcheck
Error: Failed while fetching Server version! Could be due to unauthorized access
.
FATAL ERROR: Upgrade failed
root@myjail:/ #
What could I have done wrong?
 
It turned out that mysql_upgrade wants to be run with the option -u root -p.
If one omits this option it throws this misleading error message.
When run this way, this happened:

Code:
root@myjail:/ # mysql_upgrade --verbose -u root -p
Enter password:
Looking for 'mysql' as: mysql
Looking for 'mysqlcheck' as: mysqlcheck
Error: Server version (5.6.30) does not match with the version of
the server (5.6.32) with which this program was built/distributed. You can
use --skip-version-check to skip this check.
FATAL ERROR: Upgrade failed
root@myjail:/ #

What a surprise! Did pkg downgrade mysql? Apparently no.
Code:
root@myjail:/ # mysql -V
mysql  Ver 14.14 Distrib 5.6.32, for FreeBSD11.0 (amd64) using  EditLine wrapper
root@myjail:/ #

When run with the option --skip-version-check mysql_upgrade worked.
But it turned out that there was no point in updating mysql:
Code:
root@myjail:/ # pkg audit
mysql56-server-5.6.32 is vulnerable:
mysql -- Remote Root Code Execution
CVE: CVE-2016-6662
WWW: https://vuxml.FreeBSD.org/freebsd/856b88bf-7984-11e6-81e7-d050996490d0.html

1 problem(s) in the installed packages found.
root@myjail:/ # pkg update
Updating FreeBSD repository catalogue...
FreeBSD repository is up-to-date.
All repositories are up-to-date.
root@myjail:/ #

Code:
Message from mysql56-client-5.6.32:
* * * * * * * * * * * * * * * * * * * * * * * *

Please be aware the database client is vulnerable
to CVE-2015-3152 - SSL Downgrade aka "BACKRONYM".
You may find more information at the following URL:

http://www.vuxml.org/freebsd/36bd352d-299b-11e5-86ff-14dae9d210b8.html

Although this database client is not listed as
"affected", it is vulnerable and will not be
receiving a patch. Please take note of this when
deploying this software.
"it is vulnerable and will not be receiving a patch."

Looks like it is advisable to better avoid oracleware in future.
 
There's no need to run the upgrade scripts for minor updates. It's intended use is for upgrading major versions (5.5 -> 5.6 for example).
 
Back
Top