Yep — that apt-listbugs pin seams to be the reason.
Right now you’ve got a hard APT preference:
apache2is pinned to 2.4.65 with Pin-Priority: 30000- but
apache2-bin/data/utilswant to go to 2.4.66 apache2depends on exact matching versions of those packages → mismatch → APT either “keeps back” or proposes removingapache2.
This pin was created by apt-listbugs because of Debian bug #1114729 (risk of PHP source being served during a dist-upgrade). So either:
- A) keep the pin and wait (no Apache upgrade), or
- B) temporarily remove/disable that pin, and upgrade apache2 + bin/data/utils together — ideally with Apache stopped / site blocked during the upgrade. (I wouldn’t consider maintenance mode sufficient, because it’s also PHP.)
Here’s how to handle it, step by step, (with checks in between):
Option A (safe/default): leave it pinned and do nothing
If you’re not in a hurry: just keep the pin and wait until apt-listbugs stops pinning it (or you remove the pin later).
Don’t run dist-upgrade/full-upgrade while it wants to remove apache2.
Option B (upgrade now): temporarily disable the pin, upgrade
- Disable the pin (temporary):
sudo mv /etc/apt/preferences.d/apt-listbugs /etc/apt/preferences.d/apt-listbugs.disabled
- Update package lists:
sudo apt update
- Dry-run the exact upgrade (make sure it does NOT remove apache2):
sudo apt install -s apache2 apache2-bin apache2-data apache2-utils
If you see it wants to remove apache2, stop — something else is still forcing it.
- Do the upgrade for real: (after stopping apache2)
sudo systemctl stop apache2
sudo apt install apache2 apache2-bin apache2-data apache2-utils
- Start Apache again:
sudo systemctl start apache2
and if you want that apt-listbugs protection back afterwards:
sudo mv /etc/apt/preferences.d/apt-listbugs.disabled /etc/apt/preferences.d/apt-listbugs
Good luck!
h.t.h.
ernolf