On Tue, Jul 11, 2023 at 05:01:11PM +0200, Tobias Frost wrote: > > The situation is explained in more details in #1040799, but the gist > is that src:libnginx-mod-http-modsecurity is currently compiled against "old" > PCRE3 instead > of "new" PCRE2, and thus is broken in unstable, testing and stable.. > > This were the events that lead to the issue: > > - nginx uploaded with OLD PCRE > - libnginx-mod-http-modsecurity entered NEW and had been accepted > - it uses the OLD PCRE, as it is compiled against libmodsecurity3, which uses > PCRE at that time > - nginx uploaded with NEW PCRE2 > - modsecurity uploaded with PCRE2 > > Situation: > nginx -> PCRE2 > modsecurity -> PCRE2 > libnginx-mod-http-modsecurity -> OLD PCRE
thanks for clarification. > --> a binnmu will rectify that. > > As Adam said in #1040799, this needs to be fixed first in unstable, this is > why I'm filing this bug. ("b3" is required to ensure that unstable is newr > than stable) thanks again. Now if the new (binNMU) package will be uploaded in the unstable (without any modification), then we can apply the pending PR[1] and upload it with a new version, eg. libnginx-mod-http-modsecurity_1.0.3-2? a. 1: https://salsa.debian.org/modsecurity-packaging-team/libnginx-mod-http-modsecurity/-/merge_requests/1