Package: prosody Version: 0.11.9-2 Severity: serious Justification: Policy 10.7.3
During an upgrade from buster to bullseye, prosody broke my SSL configuration, as shown by etckeeper / “git log -p” in /etc: diff --git a/prosody/certs/localhost.crt b/prosody/certs/localhost.crt index f119f6c..2d292e2 120000 --- a/prosody/certs/localhost.crt +++ b/prosody/certs/localhost.crt @@ -1 +1 @@ -../../ssl/deflt+ca.pem \ No newline at end of file +/etc/ssl/certs/ssl-cert-snakeoil.pem \ No newline at end of file diff --git a/prosody/certs/localhost.key b/prosody/certs/localhost.key index 7fbf56c..8dd7db9 120000 --- a/prosody/certs/localhost.key +++ b/prosody/certs/localhost.key @@ -1 +1 @@ -../../ssl/private/default.key \ No newline at end of file +/etc/ssl/private/ssl-cert-snakeoil.key \ No newline at end of file And indeed, I had to manually revert this change: root@caas:/etc/prosody/certs # ll total 0 […] lrwxrwxrwx 1 root root 36 Dec 12 19:16 localhost.crt -> /etc/ssl/certs/ssl-cert-snakeoil.pem lrwxrwxrwx 1 root root 38 Dec 12 19:16 localhost.key -> /etc/ssl/private/ssl-cert-snakeoil.key root@caas:/etc/prosody/certs # ln -sf ../../ssl/deflt+ca.pem localhost.crt root@caas:/etc/prosody/certs # ln -sf ../../ssl/private/default.key localhost.key root@caas:/etc/prosody/certs # ll total 0 […] lrwxrwxrwx 1 root root 22 Dec 12 19:29 localhost.crt -> ../../ssl/deflt+ca.pem lrwxrwxrwx 1 root root 29 Dec 12 19:29 localhost.key -> ../../ssl/private/default.key This is a violation of Policy: * local changes must be preserved during a package upgrade, and -- System Information: Debian Release: 11.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-18-amd64 (SMP w/1 CPU thread) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/lksh Init: sysvinit (via /sbin/init) Versions of packages prosody depends on: ii adduser 3.118 ii init-system-helpers 1.60 ii libc6 2.31-13+deb11u2 ii libidn11 1.33-3 ii libssl1.1 1.1.1k-1+deb11u1 ii lsb-base 11.1.0 ii lua-bitop [lua5.2-bitop] 1.0.2-5 ii lua-expat [lua5.2-expat] 1.3.0-4+b1 ii lua-filesystem [lua5.2-filesystem] 1.8.0-1 ii lua-sec [lua5.2-sec] 1.0-1 ii lua-socket [lua5.2-socket] 3.0~rc1+git+ac3201d-4 ii lua5.2 5.2.4-1.1+b3 ii ssl-cert 1.1.0+nmu1 Versions of packages prosody recommends: pn lua5.2-event <none> Versions of packages prosody suggests: pn lua-dbi-mysql <none> pn lua-dbi-postgresql <none> pn lua-dbi-sqlite3 <none> pn lua-zlib <none> -- Configuration Files: /etc/init.d/prosody changed [not included] /etc/prosody/conf.avail/example.com.cfg.lua [Errno 13] Permission denied: '/etc/prosody/conf.avail/example.com.cfg.lua' /etc/prosody/conf.avail/localhost.cfg.lua [Errno 13] Permission denied: '/etc/prosody/conf.avail/localhost.cfg.lua' /etc/prosody/prosody.cfg.lua [Errno 13] Permission denied: '/etc/prosody/prosody.cfg.lua' -- no debconf information