search

owasp-modsecurity / ModSecurity

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.
https://www.modsecurity.org
Apache License 2.0
8.25k stars 1.61k forks source link

building modsecuriy 2.7.0 on linux to link with external PCRE fails to link to correct lib @ runtime #495

Closed rcbarnett-zz closed 11 years ago

rcbarnett-zz commented 11 years ago

MODSEC-347: install PCRE ...

svn co svn://vcs.exim.org/pcre/code/trunk pcre cd pcre

echo -e $CFLAGS "\n" $CXXFLAGS -O2 -march=amdfam10 -mtune=amdfam10 -fPIC -DPIC -D_GNU_SOURCE -fno-strict-aliasing -Wall -fPIC -DPIC -D_GNU_SOURCE -fno-strict-aliasing -O2 -march=amdfam10 -mtune=amdfam10 -fPIC -DPIC -D_GNU_SOURCE -fno-strict-aliasing -Wall -fPIC -DPIC -D_GNU_SOURCE -fno-strict-aliasing

sh autogen.sh ./configure --disable-static --enable-jit --with-link-size=2 --with-match-limit=10000000 --enable-utf --enable-unicode-properties --enable-newline-is-lf make make install

/usr/local/bin/pcre-config --version 8.32-RC1 pkg-config libpcre --libs --cflags -I/usr/local/include -L/usr/local/lib64 -lpcre ls -al /usr/local/lib64/libpcre -rwxr-xr-x 1 root root 965 Oct 18 11:44 /usr/local/lib64/libpcrecpp.la lrwxrwxrwx 1 root root 19 Oct 18 11:44 /usr/local/lib64/libpcrecpp.so -> libpcrecpp.so.0.0.0 lrwxrwxrwx 1 root root 19 Oct 18 11:44 /usr/local/lib64/libpcrecpp.so.0 -> libpcrecpp.so.0.0.0 -rwxr-xr-x 1 root root 46K Oct 18 11:44 /usr/local/lib64/libpcrecpp.so.0.0.0 -rwxr-xr-x 1 root root 919 Oct 18 11:44 /usr/local/lib64/libpcre.la -rwxr-xr-x 1 root root 977 Oct 18 11:44 /usr/local/lib64/libpcreposix.la lrwxrwxrwx 1 root root 21 Oct 18 11:44 /usr/local/lib64/libpcreposix.so -> libpcreposix.so.0.0.1 lrwxrwxrwx 1 root root 21 Oct 18 11:44 /usr/local/lib64/libpcreposix.so.0 -> libpcreposix.so.0.0.1 -rwxr-xr-x 1 root root 13K Oct 18 11:44 /usr/local/lib64/libpcreposix.so.0.0.1 lrwxrwxrwx 1 root root 16 Oct 18 11:44 /usr/local/lib64/libpcre.so -> libpcre.so.1.0.1 lrwxrwxrwx 1 root root 16 Oct 18 11:44 /usr/local/lib64/libpcre.so.1 -> libpcre.so.1.0.1 -rwxr-xr-x 1 root root 577K Oct 18 11:44 /usr/local/lib64/libpcre.so.1.0.1*

install modsecurity ...

ldd which httpd | grep pcre libpcre.so.1 => /usr/local/lib64/libpcre.so.1 (0x00007f6ad63a5000)

tar zxvf modsecurity-apache_2.7.0.tar.gz cd modsecurity-apache_2.7.0

unset LD_PRELOAD LD_LIBRARY_PATH echo -e $CFLAGS "\n" $CXXFLAGS "\n" $LDFLAGS -O2 -march=amdfam10 -mtune=amdfam10 -fPIC -DPIC -D_GNU_SOURCE -fno-strict-aliasing -Wall -fPIC -DPIC -D_GNU_SOURCE -fno-strict-aliasing -O2 -march=amdfam10 -mtune=amdfam10 -fPIC -DPIC -D_GNU_SOURCE -fno-strict-aliasing -Wall -fPIC -DPIC -D_GNU_SOURCE -fno-strict-aliasing -L/usr/local/ssl/lib64 -Wl,-rpath,/usr/local/ssl/lib64 -lssl -lcrypto

./configure \ --enable-shared --disable-static \ --enable-apache2-module \ --with-apxs=/usr/local/apache24x/bin/apxs \ --with-apr=/usr/local/apache24x/bin/apr-2-config \ --with-apu=/usr/local/apache24x/bin/apr-2-config \ --with-pcre=/usr/local \ --enable-pcre-jit \ --enable-pcre-study \ --disable-pcre-match-limit \ --disable-pcre-match-limit-recursion \ --disable-docs \ --enable-strict-compile=yes \ --enable-errors \ --enable-verbose-output \ --with-lua=/usr/local

make make install

ldd /usr/local/apache24x/modules/mod_security2.so* | grep pcre libpcre.so.1 => /usr/lib64/libpcre.so.1 (0x00007fc9f2736000)

that's INCORRECT based on the config options.

It can be changed @ runtime,

LD_LIBRARY_PATH="/usr/local/lib64" ldd /usr/local/apache24x/modules/mod_security2.so* | grep pcre libpcre.so.1 => /usr/local/lib64/libpcre.so.1 (0x00007f9a4c2d5000)

but the path needs to be correctly set/embedded at compile time, not requiring -- or overridable by -- a user-defined ENV var.

rcbarnett-zz commented 11 years ago

Original reporter: msd

rcbarnett-zz commented 11 years ago

msd: modifying in mod_security's generated libtool ...

./configure ... perl -pi -e 's|^(sys_lib_dlsearch_pathspec=).|$1"/usr/local/lib64 /lib64 /usr/lib64"|g' libtool make make install ldd /usr/local/apache24x/modules/modsecurity2.so | grep pcre libpcre.so.1 => /usr/local/lib64/libpcre.so.1 (0x00007fd820769000)

rcbarnett-zz commented 11 years ago

bpinto: Hello msd,

Let's make a test.

Please open the file build/libtool.m4

Then make this change (search for the line where we have the word sys_lib_dlsearch_path_spec) :

From -> sys_lib_dlsearch_path_spec="/lib /usr/lib" to -> sys_lib_dlsearch_path_spec="/lib /usr/lib /usr/local/lib64 /lib64 /usr/lib64"

Then save the file

./autogen.sh ./configure --with-pcre=/path/to/pcre-config make make install

Let me know if it fixed the issue

Thanks

rcbarnett-zz commented 11 years ago

bpinto: The sys_lib_dlsearch_path_spec is generated by libtool:

libtool --config | grep sys_lib_dlsearch_path_spec

and looks like it is done by libtool reading path options into /etc/ld.so.conf.d/ or /etc/ld.so.conf

So looks like the Distro maintainers must insert correct paths there for x64 plataform.

I'm not convinced it is a modsecurity build problem. I will look for more info.

If you have something new, let me know

rcbarnett-zz commented 11 years ago

bpinto: Can you put here the content of your /etc/ld.so.conf?

Just to make sure it does not contains the right paths.

Thanks

rcbarnett-zz commented 11 years ago

msd: > Please open the file build/libtool.m4

Then make this change (search for the line where we have the word sys_lib_dlsearch_path_spec) :

From -> sys_lib_dlsearch_path_spec="/lib /usr/lib" to -> sys_lib_dlsearch_path_spec="/lib /usr/lib /usr/local/lib64 /lib64 /usr/lib64"

Then save the file

./autogen.sh ./configure make make install

Let me know if it fixed the issue

assuming you mean the 1st instance

-> grep sys_lib_dlsearch_path_spec build/libtool.m4 sys_lib_dlsearch_path_spec="/lib /usr/lib" sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib" sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib' sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}" sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" sys_lib_dlsearch_path_spec="/usr/lib" sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec" sys_lib_dlsearch_path_spec='/usr/lib' if test "${lt_cv_sys_lib_dlsearch_path_spec+set}" = set; then sys_lib_dlsearch_path_spec="$lt_cv_sys_lib_dlsearch_path_spec" _LT_DECL([], [sys_lib_dlsearch_path_spec], [2],

then

vi build/libtool.m4
-   sys_lib_dlsearch_path_spec="/lib /usr/lib"
+   sys_lib_dlsearch_path_spec="/lib /usr/lib /usr/local/lib64 /lib64 /usr/lib64"

./autogen.sh
./configure \
  ...
  --with-pcre=/usr/local \
  ...
make
make install
ldd /usr/local/apache24x/modules/mod_security2.so* | grep pcre
        libpcre.so.1 => /usr/lib64/libpcre.so.1 (0x00007f5881eb6000)

Another fix i would like to test is:

please open build/find_pcre.m4

then in the lines : [test_paths="/usr/local/libpcre /usr/local/pcre /usr/local /opt/libpcre /opt/pcre /opt /usr and test_paths="/usr/local/pcre /usr/local /usr

Please add /usr/local/lib64 /lib64 /usr/lib64

Then rebuild and re-install.

vi build/find_pcre.m4

    -   [test_paths="/usr/local/libpcre /usr/local/pcre /usr/local /opt/libpcre /opt/pcre /opt /usr"])
    +   [test_paths="/usr/local/lib64 /lib64 /usr/lib64 /usr/local/libpcre /usr/local/pcre /usr/local /opt/libpcre /opt/pcre /opt /usr"])

    -   test_paths="/usr/local/pcre /usr/local /usr"
    +   test_paths="/usr/local/lib64 /lib64 /usr/lib64 /usr/local/pcre /usr/local /usr"

./autogen.sh
./configure \
  ...
  --with-pcre=/usr/local \
  ...
make
make install
ldd /usr/local/apache24x/modules/mod_security2.so* | grep pcre
        libpcre.so.1 => /usr/lib64/libpcre.so.1 (0x00007ff22eba2000)

Can you put here the content of your /etc/ld.so.conf?

Just to make sure it does not contains the right paths.

cat /etc/ld.so.conf /usr/local/lib64 /usr/local/lib include /etc/ld.so.conf.d/*.conf

/lib64, /lib, /usr/lib64 and /usr/lib gets added

# automatically by ldconfig after parsing this file.
# So, they do not need to be listed.
rcbarnett-zz commented 11 years ago

msd: fyi, building httpd

./configure  \
...
--with-pcre=/usr/local                  \
...
make
make install

manages to get it right,

httpd -V
    Server version: Apache/2.4.4-dev (Unix)
    Server built:   Oct 19 2012 22:04:02
    Server's Module Magic Number: 20120211:6
    Server loaded:  APR 2.0.0-dev
    Compiled using: APR 2.0.0-dev
    Architecture:   64-bit
    Server MPM:     event
      threaded:     yes (fixed thread count)
        forked:     yes (variable process count)
    Server compiled with....
     -D APR_HAS_SENDFILE
     -D APR_HAS_MMAP
     -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
     -D APR_USE_SYSVSEM_SERIALIZE
     -D APR_USE_PTHREAD_SERIALIZE
     -D APR_HAS_OTHER_CHILD
     -D AP_HAVE_RELIABLE_PIPED_LOGS
     -D DYNAMIC_MODULE_LIMIT=256
     -D HTTPD_ROOT="/usr/local/apache24x"
     -D SUEXEC_BIN="/usr/local/apache24x/bin/suexec"
     -D DEFAULT_PIDLOG="/var/run/apache2/logs/httpd.pid"
     -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
     -D DEFAULT_ERRORLOG="logs/error_log"
     -D AP_TYPES_CONFIG_FILE="/usr/local/etc/apache2/mime.types"
     -D SERVER_CONFIG_FILE="/usr/local/etc/apache2/httpd.conf"

ldd `which httpd` | grep pcre
        libpcre.so.1 => /usr/local/lib64/libpcre.so.1 (0x00007f31434f7000)

where,

cd src/apache24x
grep sys_lib_dlsearch_path_spec `grep -rlni sys_lib_dlsearch_path_spec .`
    ./srclib/apr/libtool:sys_lib_dlsearch_path_spec="/lib /usr/lib /usr/local/lib64 /usr/local/lib /usr/lib64/graphviz /usr/lib64/graphviz/sharp /usr/lib64/graphviz/java /usr/lib64/graphviz/perl /usr/lib64/graphviz/php /usr/lib64/graphviz/ocaml /usr/lib64/graphviz/python /usr/lib64/graphviz/lua /usr/lib64/graphviz/tcl /usr/lib64/graphviz/guile /usr/lib64/graphviz/ruby /opt/kde3/lib64 /opt/kde3/lib /usr/X11R6/lib64 /usr/X11R6/lib /usr/local/openvas/lib/ /usr/lib64/smokegen "
    ./srclib/apr/libtool:    eval sys_lib_dlsearch_path=\"$sys_lib_dlsearch_path_spec\"
    ./srclib/apr/build/libtool.m4:sys_lib_dlsearch_path_spec="/lib /usr/lib"
    ./srclib/apr/build/libtool.m4:  sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
    ./srclib/apr/build/libtool.m4:  sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
    ./srclib/apr/build/libtool.m4:  sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib'
    ./srclib/apr/build/libtool.m4:    sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
    ./srclib/apr/build/libtool.m4:    sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
    ./srclib/apr/build/libtool.m4:  sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}"
    ./srclib/apr/build/libtool.m4:    sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
    ./srclib/apr/build/libtool.m4:  sys_lib_dlsearch_path_spec="/usr/lib"
    ./srclib/apr/build/libtool.m4:  sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec"
    ./srclib/apr/build/libtool.m4:  sys_lib_dlsearch_path_spec='/usr/lib'
    ./srclib/apr/build/libtool.m4:if test "${lt_cv_sys_lib_dlsearch_path_spec+set}" = set; then
    ./srclib/apr/build/libtool.m4:  sys_lib_dlsearch_path_spec="$lt_cv_sys_lib_dlsearch_path_spec"
    ./srclib/apr/build/libtool.m4:_LT_DECL([], [sys_lib_dlsearch_path_spec], [2],
    ./srclib/apr/build/ltmain.sh:    eval sys_lib_dlsearch_path=\"$sys_lib_dlsearch_path_spec\"
    ./srclib/apr/config.status:sys_lib_dlsearch_path_spec='/lib /usr/lib /usr/local/lib64 /usr/local/lib /usr/lib64/graphviz /usr/lib64/graphviz/sharp /usr/lib64/graphviz/java /usr/lib64/graphviz/perl /usr/lib64/graphviz/php /usr/lib64/graphviz/ocaml /usr/lib64/graphviz/python /usr/lib64/graphviz/lua /usr/lib64/graphviz/tcl /usr/lib64/graphviz/guile /usr/lib64/graphviz/ruby /opt/kde3/lib64 /opt/kde3/lib /usr/X11R6/lib64 /usr/X11R6/lib /usr/local/openvas/lib/ /usr/lib64/smokegen '
    ./srclib/apr/config.status:for var in reload_cmds old_postinstall_cmds old_postuninstall_cmds old_archive_cmds extract_expsyms_cmds old_archive_from_new_cmds old_archive_from_expsyms_cmds archive_cmds archive_expsym_cmds module_cmds module_expsym_cmds export_symbols_cmds prelink_cmds postlink_cmds postinstall_cmds postuninstall_cmds finish_cmds sys_lib_search_path_spec sys_lib_dlsearch_path_spec; do
    ./srclib/apr/config.status:sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec
    ./srclib/apr/configure:sys_lib_dlsearch_path_spec="/lib /usr/lib"
    ./srclib/apr/configure:  sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
    ./srclib/apr/configure:  sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
    ./srclib/apr/configure:  sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib'
    ./srclib/apr/configure:    sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
    ./srclib/apr/configure:    sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
    ./srclib/apr/configure:  sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}"
    ./srclib/apr/configure:    sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
    ./srclib/apr/configure:  sys_lib_dlsearch_path_spec="/usr/lib"
    ./srclib/apr/configure:  sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec"
    ./srclib/apr/configure:  sys_lib_dlsearch_path_spec='/usr/lib'
    ./srclib/apr/configure:if test "${lt_cv_sys_lib_dlsearch_path_spec+set}" = set; then
    ./srclib/apr/configure:  sys_lib_dlsearch_path_spec="$lt_cv_sys_lib_dlsearch_path_spec"
    ./srclib/apr/configure:sys_lib_dlsearch_path_spec='`$ECHO "$sys_lib_dlsearch_path_spec" | $SED "$delay_single_quote_subst"`'
    ./srclib/apr/configure:sys_lib_dlsearch_path_spec; do
    ./srclib/apr/configure:sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec
    ./build/ltmain.sh:    eval sys_lib_dlsearch_path=\"$sys_lib_dlsearch_path_spec\"
rcbarnett-zz commented 11 years ago

bpinto: Please try set --with-pcre=/usr/local to --with-pcre=/path/to/pcre-config you want.

rcbarnett-zz commented 11 years ago

bpinto: Also..

when you do ldd /usr/local/apache24x/modules/mod_security2.so*

Make sure you are copying manually it from apache2/.libs/mod_security2.so to /usr/local/apache24x/modules/ before ldd. The reason is make install will not copy it for you.

rcbarnett-zz commented 11 years ago

msd: with

./configure \
...
--with-pcre=/usr/local \
...

it finds the correct pcre-config

grep -i pcre config.status | grep ^S
S["PCRE_LDADD"]="-L/usr/local/lib64 -lpcre"
S["PCRE_LDFLAGS"]=""
S["PCRE_CFLAGS"]="-I/usr/local/include"
S["PCRE_CPPFLAGS"]=""
S["PCRE_VERSION"]="8.32-RC1"

-> S["PCRE_CONFIG"]="/usr/local/bin/pcre-config" S["MODSEC_APXS_EXTRA_CFLAGS"]=" -Wc,-DWITH_PCRE_STUDY -Wc,-DWITH_PCRE_JIT -Wc,-DREQUEST_EARLY" S["MODSEC_EXTRA_CFLAGS"]="-DWITH_PCRE_STUDY -DWITH_PCRE_JIT -DREQUEST_EARLY "

in any case,

./configure \
...

makes no difference,

ldd /usr/local/apache24x/modules/mod_security2.so* | grep pcre
        libpcre.so.1 => /usr/lib64/libpcre.so.1 (0x00007f79f44dc000)

Make sure you are copying manually it from apache2/.libs/mod_security2.so to /usr/local/apache24x/modules/ before ldd. The reason is make install will not copy it for you.

yes, it does.

rm -f /usr/local/apache24x/modules/mod_security2.so ls -al /usr/local/apache24x/modules/mod_security (empty)

./configure \ --enable-shared --disable-static \ --enable-apache2-module \ --with-apxs=/usr/local/apache24x/bin/apxs \ --with-apr=/usr/local/apache24x/bin/apr-2-config \ --with-apu=/usr/local/apache24x/bin/apr-2-config \ --with-pcre=/usr/local/bin/pcre-config \ --enable-pcre-jit \ --enable-pcre-study \ --disable-pcre-match-limit \ --disable-pcre-match-limit-recursion \ --disable-docs \ --enable-strict-compile=yes \ --enable-errors \ --enable-verbose-output \ --with-lua=/usr/local make make install

ls -al /usr/local/apache24x/modules/mod_security -rwxr-xr-x 1 root root 415K Oct 24 09:07 /usr/local/apache24x/modules/mod_security2.so

rcbarnett-zz commented 11 years ago

bpinto: Right,

Let's try this:

Please open apache2/Makefile.am and find the line:

if LINUX mod_security2_la_LDFLAGS = -no-undefined -module -avoid-version \ @APR_LDFLAGS@ @APU_LDFLAGS@ @APXS_LDFLAGS@ \ @PCRE_LDFLAGS@ @LIBXML2_LDFLAGS@ @LUA_LDFLAGS@ endif

Change to:

if LINUX mod_security2_la_LDFLAGS = -rpath \$(libexecdir) -no-undefined -module -avoid-version \ @APR_LDFLAGS@ @APU_LDFLAGS@ @APXS_LDFLAGS@ \ @PCRE_LDFLAGS@ @LIBXML2_LDFLAGS@ @LUA_LDFLAGS@ endif

then

make clean && ./autogen.sh && ./configure --with-pcre=/usr/local/bin/pcre-config && make && make install

Let me know the results.

rcbarnett-zz commented 11 years ago

msd: > Please open Makefile.am and find the line:

if LINUX mod_security2_la_LDFLAGS = -no-undefined -module -avoid-version \ @APR_LDFLAGS@ @APU_LDFLAGS@ @APXS_LDFLAGS@ \ @PCRE_LDFLAGS@ @LIBXML2_LDFLAGS@ @LUA_LDFLAGS@ endif

??? there's no such code,

cd src/modsecurity-apache_2.7.0
cat Makefile.am
    ACLOCAL_AMFLAGS = -I build
    SUBDIRS = @TOPLEVEL_SUBDIRS@ tests

    CLEANFILES =
    MAINTAINERCLEANFILES =

    CLEANFILES += tests/regression/server_root/conf/*.t_*.conf \
       tests/regression/server_root/logs/*.log

    MAINTAINERCLEANFILES += $(CLEANFILES) \
           Makefile.in \
           aclocal.m4 \
           alp2/Makefile.in \
           apache2/Makefile.in \
           build/config.guess \
           build/config.sub \
           build/depcomp \
           build/libtool.m4 \
           build/ltmain.sh \
           build/ltoptions.m4 \
           build/ltsugar.m4 \
           build/ltversion.m4 \
           build/lt~obsolete.m4 \
           build/missing \
           configure \
           ext/Makefile.in \
           mlogc/Makefile.in \
           modsecurity_config_auto.h.in~ \
           config.log \
           Makefile \
           config.status

    # Alias for "check"
    test: check

    test-regression:
            (cd tests && $(MAKE) test-regression)

    .PHONY: test

assuming that you actually are referring to,

grep "if LINUX" `grep -rln "if LINUX" .` -A5
    ./apache2/Makefile.am:if LINUX
    ./apache2/Makefile.am-mod_security2_la_LDFLAGS = -no-undefined -module -avoid-version \
    ./apache2/Makefile.am-                           @APR_LDFLAGS@ @APU_LDFLAGS@ @APXS_LDFLAGS@ \
    ./apache2/Makefile.am-                           @PCRE_LDFLAGS@ @LIBXML2_LDFLAGS@ @LUA_LDFLAGS@
    ./apache2/Makefile.am-endif
    ./apache2/Makefile.am-
    --
    ./standalone/Makefile.am:if LINUX
    ./standalone/Makefile.am-standalone_la_LDFLAGS = -no-undefined -module -avoid-version \
    ./standalone/Makefile.am-                           @APR_LDFLAGS@ @APU_LDFLAGS@ @APXS_LDFLAGS@ \
    ./standalone/Makefile.am-                           @PCRE_LDFLAGS@ @LIBXML2_LDFLAGS@ @LUA_LDFLAGS@
    ./standalone/Makefile.am-endif
    ./standalone/Makefile.am-

Changing in BOTH to:

if LINUX
mod_security2_la_LDFLAGS = -rpath \$(libexecdir) -no-undefined -module -avoid-version \
                           @APR_LDFLAGS@ @APU_LDFLAGS@ @APXS_LDFLAGS@ \
                           @PCRE_LDFLAGS@ @LIBXML2_LDFLAGS@ @LUA_LDFLAGS@
endif

then

make clean
    make: *** No rule to make target `clean'.  Stop.
./autogen.sh
./configure --with-pcre=/usr/local/bin/pcre-config
    ...
    configure: checking httpd version
    configure: httpd is recent enough
    checking for libpcre config script... /usr/local/bin/pcre-config
    configure: using pcre v8.32-RC1
    checking for libapr config script... no
    configure: *** apr library not found.
    configure: error: apr library is required

./configure \
--enable-shared --disable-static \
--enable-apache2-module \
--with-apxs=/usr/local/apache24x/bin/apxs \
--with-apr=/usr/local/apache24x/bin/apr-2-config \
--with-apu=/usr/local/apache24x/bin/apr-2-config \
--with-pcre=/usr/local/bin/pcre-config \
--enable-pcre-jit \
--enable-pcre-study \
--disable-pcre-match-limit \
--disable-pcre-match-limit-recursion \
--disable-docs \
--enable-strict-compile=yes \
--enable-errors \
--enable-verbose-output \
--with-lua=/usr/local

make
rm -f /usr/local/apache24x/modules/mod_security2.so*
make install
ldd /usr/local/apache24x/modules/mod_security2.so* | grep pcre
        libpcre.so.1 => /usr/lib64/libpcre.so.1 (0x00007fb019cf2000)
rcbarnett-zz commented 11 years ago

bpinto: The problem is it is working fine for me:

make clean && ./autogen.sh && ./configure --with-pcre=/usr/local/bin/pcre-config && make && make install

configure: checking httpd version configure: httpd is recent enough checking for libpcre config script... /usr/local/bin/pcre-config configure: using pcre v8.32-RC1 checking for libapr config script... /usr/bin/apr-1-config configure: using apr v1.3.8

root@ubuntu:/home/brenosilva/modsecurity-apache_2.7.1# ldd apache2/.libs/mod_security2.so | grep pcre libpcre.so.1 => /usr/local/lib/libpcre.so.1 (0x00110000) root@ubuntu:/home/brenosilva/modsecurity-apache_2.7.1#

and when i do:

make clean && ./autogen.sh && ./configure --with-pcre=/usr/bin/pcre-config && make && make install

configure: checking httpd version configure: httpd is recent enough checking for libpcre config script... /usr/bin/pcre-config configure: using pcre v7.8 checking for libapr config script... /usr/bin/apr-1-config

root@ubuntu:/home/brenosilva/modsecurity-apache_2.7.1# ldd apache2/.libs/mod_security2.so | grep pcre libpcre.so.3 => /lib/libpcre.so.3 (0x00110000) root@ubuntu:/home/brenosilva/modsecurity-apache_2.7.1#

rcbarnett-zz commented 11 years ago

msd: > root@ubuntu:/home/brenosilva/modsecurity-apache_2.7.1# ldd apache2/.libs/mod_security2.so | grep pcre

libpcre.so.1 => /usr/local/lib/libpcre.so.1 (0x00110000)

you're not comparing apples-to-apples.

You've not installed into libdir -> /usr/local/lib64

@ yours,

/usr/local/lib/libpcre.so.1

@ mine,

ls -al /usr/local/lib_/_pcre -rwxr-xr-x 1 root root 1003 Oct 19 10:31 /usr/local/lib64/libpcrecpp.la lrwxrwxrwx 1 root root 19 Oct 19 10:31 /usr/local/lib64/libpcrecpp.so -> libpcrecpp.so.0.0.0 lrwxrwxrwx 1 root root 19 Oct 19 10:31 /usr/local/lib64/libpcrecpp.so.0 -> libpcrecpp.so.0.0.0 -rwxr-xr-x 1 root root 46K Oct 19 10:31 /usr/local/lib64/libpcrecpp.so.0.0.0 -rwxr-xr-x 1 root root 957 Oct 19 10:31 /usr/local/lib64/libpcre.la -rwxr-xr-x 1 root root 1015 Oct 19 10:31 /usr/local/lib64/libpcreposix.la lrwxrwxrwx 1 root root 21 Oct 19 10:31 /usr/local/lib64/libpcreposix.so -> libpcreposix.so.0.0.1 lrwxrwxrwx 1 root root 21 Oct 19 10:31 /usr/local/lib64/libpcreposix.so.0 -> libpcreposix.so.0.0.1 -rwxr-xr-x 1 root root 13K Oct 19 10:31 /usr/local/lib64/libpcreposix.so.0.0.1 lrwxrwxrwx 1 root root 16 Oct 19 10:31 /usr/local/lib64/libpcre.so -> libpcre.so.1.0.1 lrwxrwxrwx 1 root root 16 Oct 19 10:31 /usr/local/lib64/libpcre.so.1 -> libpcre.so.1.0.1 -rwxr-xr-x 1 root root 408K Oct 19 10:31 /usr/local/lib64/libpcre.so.1.0.1*

rcbarnett-zz commented 11 years ago

bpinto: Ok.

Let me install in a different directory. /usr/local/lib64 works for you ? What directory you would like to test ?

root@ubuntu:/home/brenosilva/modsecurity-apache_2.7.1# ls -al /usr/local/lib64/lib/pcre -rw-r--r-- 1 root root 148882 2012-10-24 03:21 /usr/local/lib64/lib/libpcre.a -rw-r--r-- 1 root root 36914 2012-10-24 03:21 /usr/local/lib64/lib/libpcrecpp.a -rwxr-xr-x 1 root root 1002 2012-10-24 03:21 /usr/local/lib64/lib/libpcrecpp.la lrwxrwxrwx 1 root root 19 2012-10-24 03:21 /usr/local/lib64/lib/libpcrecpp.so -> libpcrecpp.so.0.0.0 lrwxrwxrwx 1 root root 19 2012-10-24 03:21 /usr/local/lib64/lib/libpcrecpp.so.0 -> libpcrecpp.so.0.0.0 -rwxr-xr-x 1 root root 43936 2012-10-24 03:21 /usr/local/lib64/lib/libpcrecpp.so.0.0.0 -rwxr-xr-x 1 root root 949 2012-10-24 03:21 /usr/local/lib64/lib/libpcre.la -rw-r--r-- 1 root root 3976 2012-10-24 03:21 /usr/local/lib64/lib/libpcreposix.a -rwxr-xr-x 1 root root 1016 2012-10-24 03:21 /usr/local/lib64/lib/libpcreposix.la lrwxrwxrwx 1 root root 21 2012-10-24 03:21 /usr/local/lib64/lib/libpcreposix.so -> libpcreposix.so.0.0.1 lrwxrwxrwx 1 root root 21 2012-10-24 03:21 /usr/local/lib64/lib/libpcreposix.so.0 -> libpcreposix.so.0.0.1 -rwxr-xr-x 1 root root 11334 2012-10-24 03:21 /usr/local/lib64/lib/libpcreposix.so.0.0.1 lrwxrwxrwx 1 root root 16 2012-10-24 03:21 /usr/local/lib64/lib/libpcre.so -> libpcre.so.1.0.1 lrwxrwxrwx 1 root root 16 2012-10-24 03:21 /usr/local/lib64/lib/libpcre.so.1 -> libpcre.so.1.0.1 -rwxr-xr-x 1 root root 137920 2012-10-24 03:21 /usr/local/lib64/lib/libpcre.so.1.0.1 root@ubuntu:/home/brenosilva/modsecurity-apache_2.7.1#

./configure --with-pcre=/usr/local/lib64/bin/pcre-config

root@ubuntu:/home/brenosilva/modsecurity-apache_2.7.1# ldd apache2/.libs/mod_security2.so | grep pcre libpcre.so.1 => /usr/local/lib64/lib/libpcre.so.1 (0x00e3e000) root@ubuntu:/home/brenosilva/modsecurity-apache_2.7.1#

Works fine too.

rcbarnett-zz commented 11 years ago

msd: ... still not the same dirs, and you're testing on ubuntu.

What directory you would like to test ?

The directory where a pcre build actually default-installs pcre on my platform/OS,

svn co svn://vcs.exim.org/pcre/code/trunk pcre cd pcre sh autogen.sh ./configure --disable-static \ --enable-jit \ --with-link-size=2 --with-match-limit=10000000 \ --enable-utf --enable-unicode-properties --enable-newline-is-lf make make install rehash which pcre-config /usr/local/bin/pcre-config pcre-config --version 8.32-RC1 pkg-config libpcre --libs --cflags -I/usr/local/include -L/usr/local/lib64 -lpcre

ls -al /usr/local/lib64/libpcre -rwxr-xr-x 1 root root 965 Oct 18 11:44 /usr/local/lib64/libpcrecpp.la lrwxrwxrwx 1 root root 19 Oct 18 11:44 /usr/local/lib64/libpcrecpp.so -> libpcrecpp.so.0.0.0 lrwxrwxrwx 1 root root 19 Oct 18 11:44 /usr/local/lib64/libpcrecpp.so.0 -> libpcrecpp.so.0.0.0 -rwxr-xr-x 1 root root 46K Oct 18 11:44 /usr/local/lib64/libpcrecpp.so.0.0.0 -rwxr-xr-x 1 root root 919 Oct 18 11:44 /usr/local/lib64/libpcre.la -rwxr-xr-x 1 root root 977 Oct 18 11:44 /usr/local/lib64/libpcreposix.la lrwxrwxrwx 1 root root 21 Oct 18 11:44 /usr/local/lib64/libpcreposix.so -> libpcreposix.so.0.0.1 lrwxrwxrwx 1 root root 21 Oct 18 11:44 /usr/local/lib64/libpcreposix.so.0 -> libpcreposix.so.0.0.1 -rwxr-xr-x 1 root root 13K Oct 18 11:44 /usr/local/lib64/libpcreposix.so.0.0.1 lrwxrwxrwx 1 root root 16 Oct 18 11:44 /usr/local/lib64/libpcre.so -> libpcre.so.1.0.1 lrwxrwxrwx 1 root root 16 Oct 18 11:44 /usr/local/lib64/libpcre.so.1 -> libpcre.so.1.0.1 -rwxr-xr-x 1 root root 577K Oct 18 11:44 /usr/local/lib64/libpcre.so.1.0.1*

rcbarnett-zz commented 11 years ago

bpinto: By default it is installing here:

root@ubuntu:/home/brenosilva/modsecurity-apache_2.7.1# which pcre-config /usr/local/bin/pcre-config root@ubuntu:/home/brenosilva/modsecurity-apache_2.7.1#

root@ubuntu:/home/brenosilva/modsecurity-apache_2.7.1# pcre-config --version 8.32-RC1 root@ubuntu:/home/brenosilva/modsecurity-apache_2.7.1#

root@ubuntu:/home/brenosilva/modsecurity-apache_2.7.1# pkg-config libpcre --libs --cflags -I/usr/local/include -L/usr/local/lib -lpcre
root@ubuntu:/home/brenosilva/modsecurity-apache_2.7.1#

root@ubuntu:/home/brenosilva/modsecurity-apache_2.7.1# ldd apache2/.libs/mod_security2.so | grep pcre libpcre.so.1 => /usr/local/lib/libpcre.so.1 (0x0013b000) root@ubuntu:/home/brenosilva/modsecurity-apache_2.7.1#

The old one is into /lib.

Is this what you did right ?

rcbarnett-zz commented 11 years ago

msd: > Is this what you did right ?

no. I build/install on opensuse64, not ubuntu.

on ubuntu,

lsb_release -a
    No LSB modules are available.
    Distributor ID: Ubuntu
    Description:    Ubuntu 10.04.4 LTS
    Release:        10.04
    Codename:       lucid

ls -ald /lib* /usr/lib* /usr/local/lib*
    drwxr-xr-x 13 root root  12K 2012-10-04 06:52 /lib/
    lrwxrwxrwx  1 root root    4 2012-03-24 12:57 /lib64 -> /lib/
    drwxr-xr-x 56 root root  20K 2012-10-15 08:19 /usr/lib/
    lrwxrwxrwx  1 root root    3 2012-03-24 12:57 /usr/lib64 -> lib/
    drwxr-xr-x  4 root root 4.0K 2012-04-01 14:11 /usr/local/lib/

on opensuse,

lsb_release -a
    .LSB Version:   core-2.0-noarch:core-3.2-noarch:core-4.0-noarch:core-2.0-x86_64:core-3.2-x86_64:core-4.0-x86_64:desktop-4.0-amd64:desktop-4.0-noarch:graphics-2.0-amd64:graphics-2.0-noarch:graphics-3.2-amd64:graphics-3.2-noarch:graphics-4.0-amd64:graphics-4.0-noarch
    Distributor ID: SUSE LINUX
    Description:    openSUSE 12.2 (x86_64)
    Release:        12.2
    Codename:       Mantis

ls -ald /lib* /usr/lib* /usr/local/lib*
    drwxr-xr-x   16 root root 4.0K Oct 18 12:05 /lib/
    drwxr-xr-x    8 root root  12K Oct 16 19:18 /lib64/
    drwxr-xr-x  125 root root  40K Oct 23 11:43 /usr/lib/
    drwxr-xr-x  258 root root 220K Oct 23 11:52 /usr/lib64/
    drwxr-xr-x    2 root root 4.0K Nov  7  2011 /usr/libexec/
    drwxr-xr-x+  16 root root  12K Oct 18 08:01 /usr/local/lib/
    drwxr-xr-x+  15 root root  12K Oct 20 09:46 /usr/local/lib64/
    drwxrwxr-x+   3 root root 4.0K Sep  2 22:05 /usr/local/libexec/

opensuse's distro-pkg-installed pcre is in,

ls -al {/lib,/lib64,/usr/lib,/usr/lib64}/*pcre*
    ls: cannot access /lib/*pcre*: No such file or directory
    ls: cannot access /lib64/*pcre*: No such file or directory
    lrwxrwxrwx 1 root root   19 Oct  6 19:37 /usr/lib64/libpcrecpp.so -> libpcrecpp.so.0.0.0*
    lrwxrwxrwx 1 root root   19 Oct  6 19:13 /usr/lib64/libpcrecpp.so.0 -> libpcrecpp.so.0.0.0*
    -rwxr-xr-x 1 root root  35K Jul 15 16:50 /usr/lib64/libpcrecpp.so.0.0.0*
    lrwxrwxrwx 1 root root   21 Oct  6 19:37 /usr/lib64/libpcreposix.so -> libpcreposix.so.0.0.0*
    lrwxrwxrwx 1 root root   21 Oct  6 19:13 /usr/lib64/libpcreposix.so.0 -> libpcreposix.so.0.0.0*
    -rwxr-xr-x 1 root root  11K Jul 15 16:50 /usr/lib64/libpcreposix.so.0.0.0*
    lrwxrwxrwx 1 root root   16 Oct  6 19:37 /usr/lib64/libpcre.so -> libpcre.so.1.0.0*
    lrwxrwxrwx 1 root root   16 Oct  6 19:10 /usr/lib64/libpcre.so.1 -> libpcre.so.1.0.0*
    -rwxr-xr-x 1 root root 359K Jul 15 16:50 /usr/lib64/libpcre.so.1.0.0*
    lrwxrwxrwx 1 root root   16 Oct 18 11:45 /usr/lib/libpcre.so.1 -> libpcre.so.1.0.0*
    -rwxr-xr-x 1 root root 374K Jul 15 11:09 /usr/lib/libpcre.so.1.0.0*

none of which I'm interested in using.

rcbarnett-zz commented 11 years ago

bpinto: Ok. I will need build a OpenSuse box.

I just found OpenSuse 11.3 i386 VM image. Do you think it will work for testing ?

rcbarnett-zz commented 11 years ago

bpinto: Downloading a OpenSuse 12.1 box. I will need some time to test it.

I will let you know what happens.

rcbarnett-zz commented 11 years ago

msd: 12.1 is not the current release, 12.2 is.

http://software.opensuse.org/122/en

With 12.1 you may end up with different/older versions of libtool, gcc, ld, ... May, or not, have an effect.

I don't know what VM you use.

I've use none of these, but, fyi:

Here are AMIs

http://en.opensuse.org/Derivatives#Public_Amazon_EC2_AMIs

, virtualbox images,

http://virtualboximages.com/openSUSE+12.2+KDE+x86_64+VirtualBox+Virtual+Appliance http://virtualboximages.com/openSUSE+12.2+Gnome+x86_64+Desktop+VirtualBox+Virtual+Appliance

as well as image for KVM, VMware & Xen

http://stacklet.com/downloads/images/lister/OpenSuse/12.2/x86-64

rcbarnett-zz commented 11 years ago

bpinto: Hello,

Could you please send me the last lines when you type "make" to compile modec (--with-pcre=/usr/local/bin/pcre-config ) ? I would like to see it is using the right paths

libtool: link: gcc -shared .libs/mod_security2_la-mod_security2.o .libs/mod_security2_la-apache2_config.o .libs/mod_security2_la-apache2_io.o .libs/mod_security2_la-apache2_util.o .libs/mod_security2_la-re.o .libs/mod_security2_la-re_operators.o .libs/mod_security2_la-re_actions.o .libs/mod_security2_la-re_tfns.o .libs/mod_security2_la-re_variables.o .libs/mod_security2_la-msc_logging.o .libs/mod_security2_la-msc_xml.o .libs/mod_security2_la-msc_multipart.o .libs/mod_security2_la-modsecurity.o .libs/mod_security2_la-msc_parsers.o .libs/mod_security2_la-msc_util.o .libs/mod_security2_la-msc_pcre.o .libs/mod_security2_la-persist_dbm.o .libs/mod_security2_la-msc_reqbody.o .libs/mod_security2_la-msc_geo.o .libs/mod_security2_la-msc_gsb.o .libs/mod_security2_la-msc_crypt.o .libs/mod_security2_la-msc_tree.o .libs/mod_security2_la-msc_unicode.o .libs/mod_security2_la-acmp.o .libs/mod_security2_la-msc_lua.o .libs/mod_security2_la-msc_release.o -Wl,-rpath -Wl,/usr/lib -lrt -lcrypt -lpthread -ldl -lldap -llber -ldb-4.8 -lexpat -L/usr/lib -lapr-1 -laprutil-1 -L/usr/local/lib /usr/local/lib/libpcre.so /usr/lib/libxml2.so -lz -lm -Wl,-soname -Wl,mod_security2.so -o .libs/mod_security2.so

Also could you please attach your Apache error.log ? I would like to see what pcre version modsecurity is loading.

Thanks

rcbarnett-zz commented 11 years ago

msd: first, building WITH the sys_lib_dlsearch_path_spec 'fix',

./configure \
--enable-shared --disable-static \
--enable-apache2-module \
--with-apxs=/usr/local/apache24x/bin/apxs \
--with-apr=/usr/local/apache24x/bin/apr-2-config \
--with-apu=/usr/local/apache24x/bin/apr-2-config \
--with-pcre=/usr/local/bin/pcre-config \
--enable-pcre-jit \
--enable-pcre-study \
--disable-pcre-match-limit \
--disable-pcre-match-limit-recursion \
--disable-docs \
--enable-strict-compile=yes \
--enable-errors \
--enable-verbose-output \
--with-lua=/usr/local

perl -pi -e 's|^(sys_lib_dlsearch_path_spec=).*|$1"/usr/local/lib64 /lib64 /usr/lib64"|g' libtool
grep ^sys_lib_dlsearch_path_spec libtool
    sys_lib_dlsearch_path_spec="/usr/local/lib64 /lib64 /usr/lib64"

make
    ...
    /bin/sh ../libtool --tag=CC   --mode=link /usr/bin/gcc-4.7 -I/usr/local/apache24x/include  -I/usr/local/apache24x/include -I/usr/include  -I/usr/local/apache24x/include -I/usr/include -I/usr/local/include -I/usr/include/libxml2  -DWITH_PCRE_STUDY   -DWITH_PCRE_JIT -DREQUEST_EARLY         -O2 -march=amdfam10 -mtune=amdfam10 -fPIC -DPIC -D_GNU_SOURCE -fno-strict-aliasing -Wall -fPIC -DPIC -D_GNU_SOURCE -fno-strict-aliasing -no-undefined -module -avoid-version -lcrypt -luuid -lrt -lcrypt  -lpthread -ldl -lexpat  -lcrypt -luuid -lrt -lcrypt  -lpthread -ldl -lexpat  -L/usr/local/ssl/lib64   -Wl,-rpath,/usr/local/ssl/lib64   -lssl -lcrypto   -o mod_security2.la -rpath /usr/local/modsecurity/lib mod_security2_la-mod_security2.lo mod_security2_la-apache2_config.lo mod_security2_la-apache2_io.lo mod_security2_la-apache2_util.lo mod_security2_la-re.lo mod_security2_la-re_operators.lo mod_security2_la-re_actions.lo mod_security2_la-re_tfns.lo mod_security2_la-re_variables.lo mod_security2_la-msc_logging.lo mod_security2_la-msc_xml.lo mod_security2_la-msc_multipart.lo mod_security2_la-modsecurity.lo mod_security2_la-msc_parsers.lo mod_security2_la-msc_util.lo mod_security2_la-msc_pcre.lo mod_security2_la-persist_dbm.lo mod_security2_la-msc_reqbody.lo mod_security2_la-msc_geo.lo mod_security2_la-msc_gsb.lo mod_security2_la-msc_crypt.lo mod_security2_la-msc_tree.lo mod_security2_la-msc_unicode.lo mod_security2_la-acmp.lo mod_security2_la-msc_lua.lo mod_security2_la-msc_release.lo /usr/local/apache24x/lib/libapr-2.la  /usr/local/apache24x/lib/libapr-2.la -L/usr/local/lib64 -lpcre -lxml2 -lz -lm
    libtool: link: /usr/bin/gcc-4.7 -shared  .libs/mod_security2_la-mod_security2.o .libs/mod_security2_la-apache2_config.o .libs/mod_security2_la-apache2_io.o .libs/mod_security2_la-apache2_util.o .libs/mod_security2_la-re.o .libs/mod_security2_la-re_operators.o .libs/mod_security2_la-re_actions.o .libs/mod_security2_la-re_tfns.o .libs/mod_security2_la-re_variables.o .libs/mod_security2_la-msc_logging.o .libs/mod_security2_la-msc_xml.o .libs/mod_security2_la-msc_multipart.o .libs/mod_security2_la-modsecurity.o .libs/mod_security2_la-msc_parsers.o .libs/mod_security2_la-msc_util.o .libs/mod_security2_la-msc_pcre.o .libs/mod_security2_la-persist_dbm.o .libs/mod_security2_la-msc_reqbody.o .libs/mod_security2_la-msc_geo.o .libs/mod_security2_la-msc_gsb.o .libs/mod_security2_la-msc_crypt.o .libs/mod_security2_la-msc_tree.o .libs/mod_security2_la-msc_unicode.o .libs/mod_security2_la-acmp.o .libs/mod_security2_la-msc_lua.o .libs/mod_security2_la-msc_release.o   -Wl,-rpath -Wl,/usr/local/apache24x/lib -Wl,-rpath -Wl,/usr/local/apache24x/lib -luuid -lrt -lcrypt -lpthread -ldl -lexpat -L/usr/local/ssl/lib64 -lssl -lcrypto /usr/local/apache24x/lib/libapr-2.so -L/usr/local/lib64 /usr/local/lib64/libpcre.so /usr/lib64/libxml2.so -lz -lm  -march=amdfam10 -mtune=amdfam10 -Wl,-rpath -Wl,/usr/local/ssl/lib64   -pthread -Wl,-soname -Wl,mod_security2.so -o .libs/mod_security2.so
    libtool: link: ( cd ".libs" && rm -f "mod_security2.la" && ln -s "../mod_security2.la" "mod_security2.la" )
    make[2]: Leaving directory `/usr/local/src/modsecurity-apache_2.7.0/apache2'
    make[1]: Leaving directory `/usr/local/src/modsecurity-apache_2.7.0/apache2'
    Making all in mlogc
    make[1]: Entering directory `/usr/local/src/modsecurity-apache_2.7.0/mlogc'
    /usr/bin/gcc-4.7 -DHAVE_CONFIG_H -I. -I../apache2  -DLINUX -D_REENTRANT -D_GNU_SOURCE -I../apache2  -I/usr/local/apache24x/include -I/usr/include -I/usr/local/include  -O2 -march=amdfam10 -mtune=amdfam10 -fPIC -DPIC -D_GNU_SOURCE -fno-strict-aliasing -Wall -fPIC -DPIC -D_GNU_SOURCE -fno-strict-aliasing -MT mlogc-mlogc.o -MD -MP -MF .deps/mlogc-mlogc.Tpo -c -o mlogc-mlogc.o `test -f 'mlogc.c' || echo './'`mlogc.c
    mv -f .deps/mlogc-mlogc.Tpo .deps/mlogc-mlogc.Po
    /bin/sh ../libtool --tag=CC   --mode=link /usr/bin/gcc-4.7 -I/usr/local/apache24x/include -I/usr/include -I/usr/local/include  -O2 -march=amdfam10 -mtune=amdfam10 -fPIC -DPIC -D_GNU_SOURCE -fno-strict-aliasing -Wall -fPIC -DPIC -D_GNU_SOURCE -fno-strict-aliasing -lcrypt -luuid -lrt -lcrypt  -lpthread -ldl -lexpat   -L/usr/local/ssl/lib64   -Wl,-rpath,/usr/local/ssl/lib64   -lssl -lcrypto   -o mlogc mlogc-mlogc.o /usr/local/apache24x/lib/libapr-2.la -L/usr/local/lib64 -lpcre -lcurl
    libtool: link: /usr/bin/gcc-4.7 -I/usr/local/apache24x/include -I/usr/include -I/usr/local/include -O2 -march=amdfam10 -mtune=amdfam10 -fPIC -DPIC -D_GNU_SOURCE -fno-strict-aliasing -Wall -fPIC -DPIC -D_GNU_SOURCE -fno-strict-aliasing -Wl,-rpath -Wl,/usr/local/ssl/lib64 -o mlogc mlogc-mlogc.o  -luuid -lrt -lcrypt -lpthread -ldl -lexpat -L/usr/local/ssl/lib64 -lssl -lcrypto /usr/local/apache24x/lib/libapr-2.so -L/usr/local/lib64 /usr/local/lib64/libpcre.so -lcurl -pthread -Wl,-rpath -Wl,/usr/local/apache24x/lib -Wl,-rpath -Wl,/usr/local/apache24x/lib
    make[1]: Leaving directory `/usr/local/src/modsecurity-apache_2.7.0/mlogc'
    Making all in tests
    make[1]: Entering directory `/usr/local/src/modsecurity-apache_2.7.0/tests'
    make[1]: Nothing to be done for `all'.
    make[1]: Leaving directory `/usr/local/src/modsecurity-apache_2.7.0/tests'
    make[1]: Entering directory `/usr/local/src/modsecurity-apache_2.7.0'
    make[1]: Nothing to be done for `all-am'.
    make[1]: Leaving directory `/usr/local/src/modsecurity-apache_2.7.0'
make install

ldd /usr/local/apache24x/modules/mod_security2.so* | grep pcre
        libpcre.so.1 => /usr/local/lib64/libpcre.so.1 (0x00007fbc0131c000)

on apache start,

cat main.2012-10-24-00.error_log
    [Wed Oct 24 18:54:46.592207 2012] [macro:notice] [pid 16414:tid 140127370561344] mod_macro 1.2.1 started
    [Wed Oct 24 18:54:47.000092 2012] [:notice] [pid 16414:tid 140127370561344] ModSecurity for Apache/2.7.0 (http://www.modsecurity.org/) configured.
    [Wed Oct 24 18:54:47.000135 2012] [:notice] [pid 16414:tid 140127370561344] ModSecurity: APR compiled version="2.0.0-dev"; loaded version="2.0.0-dev"
    [Wed Oct 24 18:54:47.000155 2012] [:notice] [pid 16414:tid 140127370561344] ModSecurity: PCRE compiled version="8.32 "; loaded version="8.32-RC1 2012-08-08"
    [Wed Oct 24 18:54:47.000165 2012] [:warn] [pid 16414:tid 140127370561344] ModSecurity: Loaded PCRE do not match with compiled!
    [Wed Oct 24 18:54:47.000170 2012] [:notice] [pid 16414:tid 140127370561344] ModSecurity: LIBXML compiled version="2.7.8"
    [Wed Oct 24 18:54:47.035615 2012] [auth_digest:notice] [pid 16431:tid 140127370561344] AH01757: generating secret for digest authentication ...
    [Wed Oct 24 18:54:47.035934 2012] [macro:notice] [pid 16431:tid 140127370561344] mod_macro 1.2.1 started
    [Wed Oct 24 18:54:48.026593 2012] [mpm_event:notice] [pid 16431:tid 140127370561344] AH00489: Apache/2.4.4-dev (Unix) mod_macro/1.2.1 configured -- resuming normal operations
    [Wed Oct 24 18:54:48.026635 2012] [core:notice] [pid 16431:tid 140127370561344] AH00094: Command line: '/usr/local/apache24x/bin/httpd'

then, repeating withOUT the fix,

./configure \
...

and, on apache start,

cat main.2012-10-24-00.error_log
    [Wed Oct 24 19:22:12.089509 2012] [macro:notice] [pid 25185:tid 140630734321472] mod_macro 1.2.1 started
    [Wed Oct 24 19:22:13.000961 2012] [:notice] [pid 25185:tid 140630734321472] ModSecurity for Apache/2.7.0 (http://www.modsecurity.org/) configured.
    [Wed Oct 24 19:22:13.000988 2012] [:notice] [pid 25185:tid 140630734321472] ModSecurity: APR compiled version="2.0.0-dev"; loaded version="2.0.0-dev"
    [Wed Oct 24 19:22:13.000998 2012] [:notice] [pid 25185:tid 140630734321472] ModSecurity: PCRE compiled version="8.32 "; loaded version="8.32-RC1 2012-08-08"

!!!! [Wed Oct 24 19:22:13.001004 2012] [:warn] [pid 25185:tid 140630734321472] ModSecurity: Loaded PCRE do not match with compiled! [Wed Oct 24 19:22:13.001011 2012] [:notice] [pid 25185:tid 140630734321472] ModSecurity: LIBXML compiled version="2.7.8" [Wed Oct 24 19:22:13.036949 2012] [auth_digest:notice] [pid 25201:tid 140630734321472] AH01757: generating secret for digest authentication ... [Wed Oct 24 19:22:13.037094 2012] [macro:notice] [pid 25201:tid 140630734321472] mod_macro 1.2.1 started [Wed Oct 24 19:22:14.029144 2012] [mpm_event:notice] [pid 25201:tid 140630734321472] AH00489: Apache/2.4.4-dev (Unix) mod_macro/1.2.1 configured -- resuming normal operations [Wed Oct 24 19:22:14.029185 2012] [core:notice] [pid 25201:tid 140630734321472] AH00094: Command line: '/usr/local/apache24x/bin/httpd'

rcbarnett-zz commented 11 years ago

bpinto: Hey,

That OpenSuse was made to turn those tricks very difficult :)

I tried to install Apache 2.2 , 2.4 and ModSecurity with external pcre. And when you run ldd against all binaries we see the "wrong" .so file

linux-x2pw:/home/user/Downloads/modsecurity-apache_2.7.0 # ldd apache2/.libs/mod_security2.so | grep pcre libpcre.so.1 => /usr/lib/libpcre.so.1 (0xb7406000)

linux-x2pw:/home/user/Downloads/modsecurity-apache_2.7.0 # ldd /usr/local/apache2/bin/httpd | grep pcre libpcre.so.1 => /usr/lib/libpcre.so.1 (0xb76ce000)

linux-x2pw:/home/user/Downloads/modsecurity-apache_2.7.0 # pcre-config --cflags --libs --version -I/usr/local/include -L/usr/local/lib -lpcre 8.31 linux-x2pw:/home/user/Downloads/modsecurity-apache_2.7.0 #

Still trying to find a way to make it.

rcbarnett-zz commented 11 years ago

bpinto: So in both cases you have ??

with the "fix"

[Wed Oct 24 19:22:13.000998 2012] [:notice] [pid 25185:tid 140630734321472] ModSecurity: PCRE compiled version="8.32 "; loaded version="8.32-RC1 2012-08-08"

without the "fix"

[Wed Oct 24 18:54:47.000155 2012] [:notice] [pid 16414:tid 140127370561344] ModSecurity: PCRE compiled version="8.32 "; loaded version="8.32-RC1 2012-08-08"

Shouldn't be different ?

rcbarnett-zz commented 11 years ago

msd: here are you installing pcre & apache from packages, or building from source?

i'm building from source.

here,

ldd /usr/local/sbin/varnishd | grep pcre libpcre.so.1 => /usr/local/lib64/libpcre.so.1 (0x00007f80c55da000)

ldd /usr/local/apache24x/bin/httpd | grep pcre libpcre.so.1 => /usr/local/lib64/libpcre.so.1 (0x00007ff45bd20000)

ldd /usr/local/apache24x/modules/mod_security2.so* | grep pcre libpcre.so.1 => /usr/local/lib64/libpcre.so.1 (0x00007f2bdacf7000)

pcre-config --cflags --libs --version -I/usr/local/include -L/usr/local/lib64 -lpcre 8.32-RC1

Shouldn't be different ?

No idea.

It should link against the library you tell it to link, and the mod_security module should be loaded correctly by apache.

Beyond that, all I can tell you is that mod_security's linking of pcre is uniquely different.

rcbarnett-zz commented 11 years ago

bpinto: Building from source too

rcbarnett-zz commented 11 years ago

msd: is the 1st line,

[Wed Oct 24 20:45:50.001009 2012] [:notice] [pid 15125:tid 139778491606848] ModSecurity: PCRE compiled version="8.32 "; loaded version="8.32-RC1 2012-08-08"

reporting what version of pcre apache/apr were compiled against, and the 2nd line,

[Wed Oct 24 20:45:50.001020 2012] [:warn] [pid 15125:tid 139778491606848] ModSecurity: Loaded PCRE do not match with compiled!

is complaining that mod_security is compiled against (or detecting at runtime?) a different version?

rcbarnett-zz commented 11 years ago

msd: > i'm building from source.

what's your

grep ^ac_cs_config /path/tp/apache/source/config.status

?

rcbarnett-zz commented 11 years ago

msd: and,

which apr-2-config

?

rcbarnett-zz commented 11 years ago

bpinto: linux-x2pw:/home/user/Downloads/modsecurity-apache_2.7.0 # grep ^ac_cs_config ../httpd-2.4.3/config.status ac_cs_config="'--with-pcre=/usr/local/bin/pcre-config'" linux-x2pw:/home/user/Downloads/modsecurity-apache_2.7.0 #

rcbarnett-zz commented 11 years ago

bpinto: humm

The "fix" you are using perl -pi -e 's|^(sys_lib_dlsearch_path_spec=).*|$1"/usr/local/lib /lib /usr/lib"|g' libtool

Is not working here.

rcbarnett-zz commented 11 years ago

msd: that is not what I used ...

perl -pi -e 's|^(sys_lib_dlsearch_path_spec=).*|$1"/usr/local/lib64 /lib64 /usr/lib64"|g' libtool

rcbarnett-zz commented 11 years ago

msd: what are your

--with-apr=... \ --with-apu=... \ --with-pcre=... \

options for your modsec configure?

rcbarnett-zz commented 11 years ago

bpinto: Yes. My VM is not x64 so i just customized it for my env.

--with-pcre=/usr/local/bin/pcre-config

rcbarnett-zz commented 11 years ago

bpinto: The only way is working for me is:

export LD_LIBRARY_PATH=/usr/local/lib ./autogen.sh ./configure --with-pcre=/usr/loca/lib make make install

linux-x2pw:/home/user/Downloads/modsecurity-apache_2.7.0 # ldd apache2/.libs/mod_security2.so | grep pcre libpcre.so.1 => /usr/local/lib/libpcre.so.1 (0xb73a3000) linux-x2pw:/home/user/Downloads/modsecurity-apache_2.7.0 #

rcbarnett-zz commented 11 years ago

bpinto: Let's try this fix ?

Please open configure.ac file

Search for this line: --linux*) echo "Checking plataform... Identified as Linux" linuxos=true ;;

then change to:

--linux*) echo "Checking plataform... Identified as Linux" linuxos=true ADD_LD_PATH="/usr/local/lib:/usr/local/lib64" LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$ADD_LD_PATH" export LD_LIBRARY_PATH AC_MSG_NOTICE([Added $ADD_LD_PATH to LD_LIBRARY_PATH]) ;;

then ./autogen.sh ./configure --with-pcre=/usr/local/bin/pcre-config make make install

It fixed the issue for me. Let me if works for you.

Thanks

rcbarnett-zz commented 11 years ago

msd: > Yes. My VM is not x64 so i just customized it for my env.

This is an issue on 64-bit opensuse. Opensuse/64 supports both 64-bit and 32-bit libs. 64-bit go in /lib64, 32-bit go in/lib. If you want to test, you need to test on the OS/arch on which the problem exists. "customizing" your 32-bit env is not the same thing.

again, what are your

--with-apr=... \ --with-apu=... \ --with-pcre=... \

options for your modsec configure?

You did build apr (specifically, apr-2-config) with your apache24, and you are using it in your modsec build, right?

rcbarnett-zz commented 11 years ago

bpinto: I'm just setting ./configure --with-pcre=/usr/loca/lib

For ModSec and Apache.

Please let me know if that configure.ac patch works for you.

Thanks

rcbarnett-zz commented 11 years ago

msd: apr is required by this modsec build.

 ./configure --with-pcre=/usr/local/bin/pcre-config
    ...
    checking for libpcre config script... /usr/local/bin/pcre-config
    configure: using pcre v8.32-RC1
    checking for libapr config script... no
    configure: *** apr library not found.
    configure: error: apr library is required  <==============================

What is the output of

which apr-2-config

? If you don't have one, or are somehow managing to not use it, then you are NOT woking on the same system I'm reporting on.

Please let me know if that configure.ac patch works for you.

it does not.

editing

vi configure.ac

    *-*-linux*)
        echo "Checking plataform... Identified as Linux"
        linuxos=true
+       ADD_LD_PATH="/usr/local/lib:/usr/local/lib64"
+       LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$ADD_LD_PATH"
+       export LD_LIBRARY_PATH
+       AC_MSG_NOTICE([Added $ADD_LD_PATH to LD_LIBRARY_PATH])
        ;;

./autogen.sh ./configure --with-pcre=/usr/local/bin/pcre-config make make install

./configure \ --enable-shared --disable-static \ --enable-apache2-module \ --with-apxs=/usr/local/apache24x/bin/apxs \ <============================== --with-apr=/usr/local/apache24x/bin/apr-2-config \ <============================== --with-apu=/usr/local/apache24x/bin/apr-2-config \ <============================== --with-pcre=/usr/local/bin/pcre-config \ --enable-pcre-jit \ --enable-pcre-study \ --disable-pcre-match-limit \ --disable-pcre-match-limit-recursion \ --disable-docs \ --enable-strict-compile=yes \ --enable-errors \ --enable-verbose-output \ --with-lua=/usr/local

ldd /usr/local/apache24x/modules/mod_security2.so* | grep pcre libpcre.so.1 => /usr/lib64/libpcre.so.1 (0x00007fe463031000)

rcbarnett-zz commented 11 years ago

bpinto: Can you run?

echo $LD_LIBRARY_PATH

Just to make sure you have the right paths there.

rcbarnett-zz commented 11 years ago

msd: LD_LIBRARY_PATH is UNDEFINED and it's going to STAY undefined.

Once again, LD_LIBRARY_PATH is a _run_time variable. Use of LD_LIBRARY_PATH @ compile time does NOT embed the linked path, and can be trivially overridden my a user setting the runtime env var. On multilib systems in particular, libtool can guess incorrectly, so you need to set 'sys_lib_dlsearch_path_spec' correctly -- which is the one thing I've shared with you that works.

Read this:

@ https://www.gnu.org/software/libtool/manual/html_node/Configure-notes.html
    "When building on some GNU/Linux systems for multilib targets libtool sometimes guesses
     the wrong paths that the linker and dynamic linker search by default. If this occurs,
     you may override libtool's guesses at configure time by setting the autoconf cache
     variables lt_cv_sys_lib_search_path_spec and lt_cv_sys_lib_dlsearch_path_spec
     respectively to the correct search paths."

you're NOT using a 64-bit OS ==> install a 64-bit VM.

you're building/installing your pcre DIY-build libs into system locations (/usr/lib). ==> build/install pcre from source into /usr/local *

you're not building a 64-bit apache. i have no idea if you are building apr correctly. ==> build 64-bit apache & apr, using the pcre you built

do this:

cat << EOF > /etc/ld.so.conf /usr/local/lib64 /usr/local/lib EOF

ldconfig

svn co https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x apache24x svn co https://svn.apache.org/repos/asf/apr/apr/trunk apache24x/srclib/apr cd apache24x ./buildconf ./configure --prefix=/usr/local/apache24x --with-mpm=event --enable-nonportable-atomics=yes \ --enable-so --enable-mods-shared=all --with-included-apr --disable-lua --with-pcre=/usr/local make ldd .libs/httpd | grep pcre libpcre.so.1 => /usr/local/lib64/libpcre.so.1 (0x00007f91d0ddd000)

afaict, you're not building modsec using apache's apr ==> configure modsec to use the apxs/apr you built above

rcbarnett-zz commented 11 years ago

bpinto: Yes i followed your idea using LD_LIBRARY_PATH (runtime) and for some reason it worked for OpenSuse. Your "hack" in libtool didn't work for me.

So.... nothing is make sense under OpenSuse :/

I will try to find a Vmware 64 image to make some tests.

rcbarnett-zz commented 11 years ago

bpinto: Also... libtool is responsible to set the right paths and looks like it is not happing on OpenSuSe 64.

So i would suggest you report this to libtool developers.

rcbarnett-zz commented 11 years ago

msd: "my idea"? I specifically state to NOT use LD_LIBRARY_PATH ...

"hack" in libtool ? (1) that's the variable that the GNu documentation specifically tells you to modify in this case. (2) not surprising that it didn't work, given the way you've installed -- and that you don't at all have the same setup to compare

"nothing is making sense under OpenSuse"? If you want to start to change that, then install & build correctly.

"try to find a Vmware 64 image"? I already gave you a specific link: http://stacklet.com/downloads/images/lister/OpenSuse/12.2/x86-64

rcbarnett-zz commented 11 years ago

bpinto: Look

"Once again, LD_LIBRARY_PATH is a _run_time variable. Use of LD_LIBRARY_PATH @ compile time does NOT embed the linked path, and can be trivially overridden my a user setting the runtime env var."

You are compiling with the right pcre version:

[Wed Oct 24 19:22:13.000998 2012] [:notice] [pid 25185:tid 140630734321472] ModSecurity: PCRE compiled version="8.32 "

rcbarnett-zz commented 11 years ago

msd: no, the problem is that you're not correctly embedding the path to be independent of runtime parameters -- defined or not -- at build time.

you seem to be convinced that modsecurity's linking is correct, despite the fact that (1) the built binary lib clearly does NOT have the correct lib linkage (2) modsecurity's own error reporting in the apache log reports an incorrect version match (3) other apps have no such problems

i've given you the documentation and the data; I obviously can't convince you.

that's certainly ok. i know now how to work around its problems ...

thanks for your time & efforts.

rcbarnett-zz commented 11 years ago

bpinto: This is not true (at least in my VM 32bits).

Apache in my box also was linked with the wrong pcre.

I'm downloading a x86_64. Let's see what happens

rcbarnett-zz commented 11 years ago

bpinto: OK .

Installed OpenSuSe 11.2 x64 (didn't found 12.2)

Installed pcre from source:

inux-q9do:/home/notroot/Download/modsecurity-apache_2.7.0 # pcre-config --libs --cflags -L/usr/local/lib -lpcre -I/usr/local/include linux-q9do:/home/notroot/Download/modsecurity-apache_2.7.0 #

Installed ModSecurity linux-q9do:/home/notroot/Download/modsecurity-apache_2.7.0 # ./configure --with-pcre=/usr/local/bin/pcre-config

Linked and compiled with the right pcre:

linux-q9do:/home/notroot/Download/modsecurity-apache_2.7.0 # ldd apache2/.libs/mod_security2.so | grep pcre libpcre.so.1 => /usr/local/lib/libpcre.so.1 (0x00007ff6b124c000) linux-q9do:/home/notroot/Download/modsecurity-apache_2.7.0 #

Also did the same with Apache and worked:

nux-q9do:/home/notroot/Download/httpd-2.2.23 # ldd /usr/local/apache2/bin/httpd | grep pcre libpcre.so.1 => /usr/local/lib/libpcre.so.1 (0x00007f1eb3c0f000) linux-q9do:/home/notroot/Download/httpd-2.2.23 #

Different than binaries installed from pkgs:

inux-q9do:/home/notroot/Download/modsecurity-apache_2.7.0 # ldd /usr/sbin/httpd2-prefork | grep pcre libpcre.so.0 => /lib64/libpcre.so.0 (0x00007f541454d000) linux-q9do:/home/notroot/Download/modsecurity-apache_2.7.0 # ldd /usr/sbin/httpd2 | grep pcre libpcre.so.0 => /lib64/libpcre.so.0 (0x00007f3d9b341000) linux-q9do:/home/notroot/Download/modsecurity-apache_2.7.0 #

So. For me it is a bug/issue in the OpenSuSe 12. Since the ModSecurity build system AND Apache is working fine under OpenSuSe 11 and both failed in OpenSuSe 12

rcbarnett-zz commented 11 years ago

msd: nstalled pcre from source:

inux-q9do:/home/notroot/Download/modsecurity-apache_2.7.0 # pcre-config --libs --cflags -L/usr/local/lib -lpcre -I/usr/local/include

and ONCE AGAIN, you installed it incorrrectly.

64-bit libs go in 64-bit paths.

modsec's problem is with handling/finding/linking libs in those 64-bit paths.

you "conveniently" repeatedly ignore this fact, and keep using /lib instead of /lib64.

then you claim it's NOT a bug in modsec, but a bug in opensuse and close the bug -- even though your app is the ONLY ONE out of dozens built on multiple machines here that has this problem.

whatever ...