Apache update removes mod_security

MinG · March 10, 2025, 3:05pm

Hi all,

Today I updated apache to the latest version (2.4.63-1+0~20250309.8+debian12~1) and that removed mod_security ( libapache2-mod-security2).

After some investigation I found out that apache2 and related packages come from the sury repository, not from the default debian ones, and there’s some dependency that causes this removal.

Can somebody please tell me why the sury repository is used for apache?
I thought it was only used for the various PHP versions Hestia supports.

MinG

nu01 · March 10, 2025, 3:16pm

Seems I too have got the same uninstalled. It shows:

Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 libapr1t64 : Breaks: libapr1 (< 1.7.5-1+0~20250309.2+debian12~1.gbp3e4826) but 1.7.2-3+deb12u1 is to be installed
 libaprutil1t64 : Breaks: libaprutil1 (< 1.6.3-3+0~20250309.4+debian12~1.gbp0e3dab) but 1.6.3-1+0~20250308.1+debian12~1.gbpc0b512 is to be installed
E: Unable to correct problems, you have held broken packages.

Edit: Seems sury is doing updates. I am getting new upgrades every 2 hours or so.

sahsanu · March 10, 2025, 8:50pm

It has been fixed.

github.com/oerdnj/deb.sury.org

Several apr libs missing

opened 11:08AM - 10 Mar 25 UTC

fretb

**Frequently asked questions** - [x] I have read [Frequently Asked Questions](h…ttps://github.com/oerdnj/deb.sury.org/wiki/Frequently-Asked-Questions) - [x] I have looked at the list of the existing issues (including closed issues) and searched if my issue has been already reported - [x] I have tried to resolve the issue myself and will describe what I did in clear and concise manner **Describe the bug** Hello @oerdnj, as always, let me begin by thanking you for all your hard work! I noticed that since recently, there seem to be some libapr* builds missing in the current repository. On Debian Bookworm amd64: ``` The following packages have unmet dependencies: libapr1t64 : Breaks: libapr1 (< 1.7.5-1+0~20250309.2+debian12~1.gbp3e4826) but 1.7.2-3+deb12u1 is to be installed libaprutil1t64 : Breaks: libaprutil1 (< 1.6.3-3+0~20250309.4+debian12~1.gbp0e3dab) but 1.6.3-1+0~20250308.1+debian12~1.gbpc0b512 is to be installed ``` If I look in the repository, I indeed so older builds active for `libapr1` and `libaprutil1`: - https://packages.sury.org/apache2/pool/main/a/apr/libapr1_1.7.2-2%2B0~20250308.1%2Bdebian12~1.gbpacc583_amd64.deb - https://packages.sury.org/apache2/pool/main/a/apr-util/libaprutil1_1.6.3-1%2B0~20250308.1%2Bdebian12~1.gbpc0b512_amd64.deb Maybe something went wrong during the release of the latest builds?

sahsanu · March 11, 2025, 9:17am

If apache2 doesn’t start because of this error: /usr/sbin/apache2: error while loading shared libraries: libaprutil-1.so.0: cannot open shared object file: No such file or directory

❯ systemctl status apache2 --no-pager -l
× apache2.service - The Apache HTTP Server
     Loaded: loaded (/lib/systemd/system/apache2.service; enabled; preset: enabled)
     Active: failed (Result: exit-code) since Tue 2025-03-11 10:10:12 CET; 18s ago
       Docs: https://httpd.apache.org/docs/2.4/
    Process: 3449 ExecStart=/usr/sbin/apachectl start (code=exited, status=127)
        CPU: 5ms

Mar 11 10:10:12 h19.lab.local systemd[1]: Starting apache2.service - The Apache HTTP Server...
Mar 11 10:10:12 h19.lab.local apachectl[3451]: /usr/sbin/apache2: error while loading shared libraries: libaprutil-1.so.0: cannot open shared object file: No such file or directory
Mar 11 10:10:12 h19.lab.local systemd[1]: apache2.service: Control process exited, code=exited, status=127/n/a
Mar 11 10:10:12 h19.lab.local systemd[1]: apache2.service: Failed with result 'exit-code'.
Mar 11 10:10:12 h19.lab.local systemd[1]: Failed to start apache2.service - The Apache HTTP Server.

Update repositories and reinstall libaprutil1:

apt update
apt reinstall libaprutil1
systemctl restart apache2

MinG · March 11, 2025, 10:35am

Thanks!

For me everything works fine after doing the new updates, including installing mod_security again.

The question in my original post remains open: why are we using sury for apache? I know Hestia tries to stay close to the distro’s repositories, so there must be a reason, but I couldn’t find it.

Is it simply to be able to run the multiple PHP versions sury also provides, or is there another reason?