Apache update removes mod_security

Hi all,

Today I updated apache to the latest version (2.4.63-1+0~20250309.8+debian12~1) and that removed mod_security ( libapache2-mod-security2).

After some investigation I found out that apache2 and related packages come from the sury repository, not from the default debian ones, and there’s some dependency that causes this removal.

Can somebody please tell me why the sury repository is used for apache?
I thought it was only used for the various PHP versions Hestia supports.

MinG

Seems I too have got the same uninstalled. It shows:

Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 libapr1t64 : Breaks: libapr1 (< 1.7.5-1+0~20250309.2+debian12~1.gbp3e4826) but 1.7.2-3+deb12u1 is to be installed
 libaprutil1t64 : Breaks: libaprutil1 (< 1.6.3-3+0~20250309.4+debian12~1.gbp0e3dab) but 1.6.3-1+0~20250308.1+debian12~1.gbpc0b512 is to be installed
E: Unable to correct problems, you have held broken packages.

Edit: Seems sury is doing updates. I am getting new upgrades every 2 hours or so.

It has been fixed.

If apache2 doesn’t start because of this error: /usr/sbin/apache2: error while loading shared libraries: libaprutil-1.so.0: cannot open shared object file: No such file or directory

❯ systemctl status apache2 --no-pager -l
× apache2.service - The Apache HTTP Server
     Loaded: loaded (/lib/systemd/system/apache2.service; enabled; preset: enabled)
     Active: failed (Result: exit-code) since Tue 2025-03-11 10:10:12 CET; 18s ago
       Docs: https://httpd.apache.org/docs/2.4/
    Process: 3449 ExecStart=/usr/sbin/apachectl start (code=exited, status=127)
        CPU: 5ms

Mar 11 10:10:12 h19.lab.local systemd[1]: Starting apache2.service - The Apache HTTP Server...
Mar 11 10:10:12 h19.lab.local apachectl[3451]: /usr/sbin/apache2: error while loading shared libraries: libaprutil-1.so.0: cannot open shared object file: No such file or directory
Mar 11 10:10:12 h19.lab.local systemd[1]: apache2.service: Control process exited, code=exited, status=127/n/a
Mar 11 10:10:12 h19.lab.local systemd[1]: apache2.service: Failed with result 'exit-code'.
Mar 11 10:10:12 h19.lab.local systemd[1]: Failed to start apache2.service - The Apache HTTP Server.

Update repositories and reinstall libaprutil1:

apt update
apt reinstall libaprutil1
systemctl restart apache2
2 Likes

Thanks!

For me everything works fine after doing the new updates, including installing mod_security again.

The question in my original post remains open: why are we using sury for apache? I know Hestia tries to stay close to the distro’s repositories, so there must be a reason, but I couldn’t find it.

Is it simply to be able to run the multiple PHP versions sury also provides, or is there another reason?