On Tue, Jul 11, 2023 at 05:01:11PM +0200, Tobias Frost wrote:
>
> The situation is explained in more details in #1040799, but the gist
> is that src:libnginx-mod-http-modsecurity is currently compiled against "old"
> PCRE3 instead
> of "new" PCRE2, and thus is broken in unstable, testing and stable..
>
> This were the events that lead to the issue:
>
> - nginx uploaded with OLD PCRE
> - libnginx-mod-http-modsecurity entered NEW and had been accepted
> - it uses the OLD PCRE, as it is compiled against libmodsecurity3, which uses
> PCRE at that time
> - nginx uploaded with NEW PCRE2
> - modsecurity uploaded with PCRE2
>
> Situation:
> nginx -> PCRE2
> modsecurity -> PCRE2
> libnginx-mod-http-modsecurity -> OLD PCRE
thanks for clarification.
> --> a binnmu will rectify that.
>
> As Adam said in #1040799, this needs to be fixed first in unstable, this is
> why I'm filing this bug. ("b3" is required to ensure that unstable is newr
> than stable)
thanks again.
Now if the new (binNMU) package will be uploaded in the unstable (without
any modification), then we can apply the pending PR[1] and upload
it with a new version, eg. libnginx-mod-http-modsecurity_1.0.3-2?
a.
1:
https://salsa.debian.org/modsecurity-packaging-team/libnginx-mod-http-modsecurity/-/merge_requests/1
