search

irontec / sngrep

Ncurses SIP Messages flow viewer
GNU General Public License v3.0
1.03k stars 187 forks source link

sngrep: depends on obsolete pcre3 library #383

Closed linuxmaniac closed 2 years ago

linuxmaniac commented 3 years ago

From https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999958:

Source: sngrep
Severity: important
User: matthew-pcredep@debian.org
Usertags: obsolete-pcre3

Dear maintainer,

Your package still depends on the old, obsolete PCRE3[0] libraries
(i.e. libpcre3-dev). This has been end of life for a while now, and
upstream do not intend to fix any further bugs in it. Accordingly, I
would like to remove the pcre3 libraries from Debian, preferably in
time for the release of Bookworm.

The newer PCRE2 library was first released in 2015, and has been in
Debian since stretch. Upstream's documentation for PCRE2 is available
here: https://pcre.org/current/doc/html/

Many large projects that use PCRE have made the switch now (e.g. git,
php); it does involve some work, but we are now at the stage where
PCRE3 should not be used, particularly if it might ever be exposed to
untrusted input.

This mass bug filing was discussed on debian-devel@ in
https://lists.debian.org/debian-devel/2021/11/msg00176.html

Regards,

Matthew [0] Historical reasons mean that old PCRE is packaged as
pcre3 in Debian
Kaian commented 3 years ago

Thanks for the info!

It could be disabled for now with --without-pcre configure flag.

I imagine adding compatibility with libpcre2 would require source changes, so I'll try to add them for 1.4.11 as soon as I can.

Regards

dvillaume commented 2 years ago

Hi @Kaian and @linuxmaniac

Debian package is stucked to version 1.4.6 that miss some recent fixes.

Could we consider to abandon pcre usage in /pkg/debian to allow newer versions on debian ?

I'm not aware of the Debian Packaging release process, but if i should provide some help, just tell me.

Regards

Kaian commented 2 years ago

Hi @dvillaume

Thanks for the input. I have created a pcre2 branch some time ago that should replace all pcre3 calls with their equivalent:

83d0292bfa7a26070f75d2b7b8c995c0524ad098 ebb3bb7093b735bf4e2dc364a8b7eadb675f3baf

/pkg directory is not used by the official debian packages, it's just for Irontec repositories (see Wiki).

The only drawback of migrating to pcre2 is that we will break compatibility with some old systems, so I'm still thinking if it's better to add a second configure flag --with-pcre2 or just replace the existing --with-pcre one and abandon pcre3.

Regards

dvillaume commented 2 years ago

Hi @Kaian

Thanks for your feedback and clarifications.

As a simple user i cannot pretend pointing you the better way to process, but i'm so happy to be able to use sngrep even on oldest platform that i would vote for the --with-pcre2 version.

Regards

Kaian commented 2 years ago

Hi!

Above commit should add support for libpcre2 while keeping support with old libpcre. Use --with-pcre2 in configure script to compile against new libpcre-2 library.

Sorry for taking so long to code this!

Regards!