Closed dvershinin closed 1 year ago
martinhsv
commented
2 years ago Hello @dvershinin ,
Yes, that's right, it does still presuppose that you have the legacy pcre installed on your build system as well, even though you want libModSecurity to actually use pcre2.
Aside from the nuisance of needing to also install pcre1 even though you don't want it, is this causing you any other problems or difficulties?
dvershinin
commented
2 years ago @martinhsv Aside from having to have pcre1 devel on the build system and unnecessarily loading the pcre1 library at runtime (because it ends up linked to the binary) - none that I see.
FYI, the nginx module itself, compiled with pcre2 has a similar issue.
ldd /usr/lib64/nginx/modules/ngx_http_modsecurity_module.so | grep pcre gives
libpcre.so.1 => /lib64/libpcre.so.1 (0x00007f31c5ffe000)
libpcre2-8.so.0 => /lib64/libpcre2-8.so.0 (0x00007f31c5d87000)
pgnd
commented
1 year ago legacy pcre is in process of being deprecated @ Fedora
https://fedoraproject.org/wiki/PcreDeprecation "The old pcre package will be deprecated, so the new packages are not able to require it and have to require the new pcre2 version of this package. "
libmodsecurity is listed there as one of the dependent/affected pkgs
martinhsv
commented
1 year ago Thanks @dvershinin and @pgnd for highlighting this.
kub3let
commented
10 months ago Debian 12 was released without libpcre++-dev so you can't install PCRE1 anymore but modsec still requires it for building.
martinhsv
commented
10 months ago Hello @kub3let ,
It's not clear from your posting what your situation is, but this issue was closed because it was resolved.
If you are using ModSecurity >= v3.0.9, then PCRE1 is not required for the build, but you must still specify --with-pcre2 during the configure step.
yaandy
commented
1 month ago @kub3let did you successfully build and use it for Debian 12 ?
airween
commented
1 month ago @kub3let did you successfully build and use it for Debian 12 ?
Debian 12 (a.k.a. Bookworm) contains libmodsecurity3, and that uses PCRE2 (since 3.0.8):
What's the issue with that?
kub3let
commented
1 month ago @kub3let did you successfully build and use it for Debian 12 ?
I wasn't able to build it with PCRE2 but I don't remember why, I fixed it by manually installing PCRE1 from Debian 11, e.g.
Since it has no other dependencies it works with Debian 12 as well.
wget http://ftp.de.debian.org/debian/pool/main/libp/libpcre++/libpcre++-dev_0.9.5-6.1+b11_amd64.deb && \
wget http://ftp.de.debian.org/debian/pool/main/libp/libpcre++/libpcre++0v5_0.9.5-6.1+b11_amd64.deb && \
apt install -y ./libpcre++0v5_0.9.5-6.1+b11_amd64.deb ./libpcre++-dev_0.9.5-6.1+b11_amd64.deb && \
rm libpcre*.debBut I would strongly recommend against doing that and instead try with PCRE2 again.
airween
commented
1 month ago I wasn't able to build it with PCRE2 but I don't remember why,
It would be very nice to figure out the reason. Could you reproduce that?
Also: here are the (almost) newest (and non-official) package, including source:
https://modsecurity.digitalwave.hu
Could you check that too?
libmodsecurity 3.0.7 compiles fine using
--with-pcre2only when both pcre1 and pcre2 dev packages are installed, which is wrong... Moreover, the resulting binary links against both libraries... which is further wrong.If only pcre2 dev package is installed, it fails at
./configure --with-pcre2saying:In other words,
--with-pcre2still requires pcre1 dev.