PCRE2 support still requires PCRE1

[dvershinin]

libmodsecurity 3.0.7 compiles fine using --with-pcre2 only when both pcre1 and pcre2 dev packages are installed, which is wrong...
Moreover, the resulting binary links against both libraries... which is further wrong.

[danila@pc libmodsecurity-rpm]$ ldd /usr/lib64/libmodsecurity.so.3.0.7
        ...
        libpcre.so.1 => /lib64/libpcre.so.1 (0x00007f2403734000)
        libpcre2-8.so.0 => /lib64/libpcre2-8.so.0 (0x00007f24034b0000)
        ...

If only pcre2 dev package is installed, it fails at ./configure --with-pcre2 saying:

checking for libpcre config script... no
configure: *** pcre library not found.
configure: error: pcre library is required

In other words, --with-pcre2 still requires pcre1 dev.

[martinhsv]

Hello @dvershinin ,

Yes, that's right, it does still presuppose that you have the legacy pcre installed on your build system as well, even though you want libModSecurity to actually use pcre2.

Aside from the nuisance of needing to also install pcre1 even though you don't want it, is this causing you any other problems or difficulties?

[dvershinin]

@martinhsv Aside from having to have pcre1 devel on the build system and unnecessarily loading the pcre1 library at runtime (because it ends up linked to the binary) - none that I see.

FYI, the nginx module itself, compiled with pcre2 has a similar issue.

ldd /usr/lib64/nginx/modules/ngx_http_modsecurity_module.so | grep pcre gives

	libpcre.so.1 => /lib64/libpcre.so.1 (0x00007f31c5ffe000)
	libpcre2-8.so.0 => /lib64/libpcre2-8.so.0 (0x00007f31c5d87000)

[pgnd]

legacy pcre is in process of being deprecated @ Fedora

https://fedoraproject.org/wiki/PcreDeprecation
"The old pcre package will be deprecated, so the new packages are not able to require it and have to require the new pcre2 version of this package. "

libmodsecurity is listed there as one of the dependent/affected pkgs

[martinhsv]

Thanks @dvershinin and @pgnd for highlighting this.

[kub3let]

Debian 12 was released without libpcre++-dev so you can't install PCRE1 anymore but modsec still requires it for building.

[martinhsv]

Hello @kub3let ,

It's not clear from your posting what your situation is, but this issue was closed because it was resolved.

If you are using ModSecurity >= v3.0.9, then PCRE1 is not required for the build, but you must still specify --with-pcre2 during the configure step.

[yaandy]

@kub3let did you successfully build and use it for Debian 12 ?

[airween]

@kub3let did you successfully build and use it for Debian 12 ?

Debian 12 (a.k.a. Bookworm) contains libmodsecurity3, and that uses PCRE2 (since 3.0.8):

https://metadata.ftp-master.debian.org/changelogs//main/m/modsecurity/modsecurity_3.0.9-1+deb12u1_changelog

What's the issue with that?

[kub3let]

@kub3let did you successfully build and use it for Debian 12 ?

I wasn't able to build it with PCRE2 but I don't remember why, I fixed it by manually installing PCRE1 from Debian 11, e.g.

Since it has no other dependencies it works with Debian 12 as well.

wget http://ftp.de.debian.org/debian/pool/main/libp/libpcre++/libpcre++-dev_0.9.5-6.1+b11_amd64.deb && \
wget http://ftp.de.debian.org/debian/pool/main/libp/libpcre++/libpcre++0v5_0.9.5-6.1+b11_amd64.deb && \
apt install -y ./libpcre++0v5_0.9.5-6.1+b11_amd64.deb ./libpcre++-dev_0.9.5-6.1+b11_amd64.deb && \
rm libpcre*.deb

But I would strongly recommend against doing that and instead try with PCRE2 again.

[airween]

I wasn't able to build it with PCRE2 but I don't remember why,

It would be very nice to figure out the reason. Could you reproduce that?

Also: here are the (almost) newest (and non-official) package, including source:

https://modsecurity.digitalwave.hu

Could you check that too?