Lukas Javorsky <ljavorsk(a)redhat.com> writes:
Hi,
As from the pcre-8.45, the upstream stopped supporting this
library. The recommended procedure is to switch onto the new pcre2
library that has full upstream support. [1]
I was looking into doing this as much as possible for AL2022 and managed
to dig a bit on how to solve some of these. Some knowledge I gained (and
pull requests linked) below:
As a result of this announcement, the older PCRE library in Fedora
will be retired.
Without upstream support, we don't have enough capacity to keep up
with the security and bugs-related issues, and thus we will support
only the new PCRE2 library. [2]
The retirement procedure will happen in the upcoming weeks, so if you would like to take
over the package let us know.
The list of affected packages:
aide
aide has been ported upstream (at least in the dev branch),
https://src.fedoraproject.org/rpms/aide/pull-request/3
cppcheck
cppcheck-gui
cppcheck can be built without HAVE_RULES which will avoid pcre at the
expense of functionality.
ganglia
ganglia-gmond
Ganglia has been effectively dead upstream for a long time, with no
functional security patching or keeping up to date with modern
PHP. Arguably it should also go, or come with bright flashing warning
lights.
grep
There's been some development upstream on it:
commit e0d39a9133e1507345d73ac5aff85f037f39aa54
Author: Carlo Marcelo Arenas Belón <carenas(a)gmail.com>
Date: Fri Nov 12 16:45:04 2021 -0800
grep: migrate to pcre2
and there's been a few bug fixes since then. It looks like a new release
is in the works, so this should be solved shortly.
mod_security
mod_security-mlogc
https://www.modsecurity.org/ seems to indicate that upstream has made
some fundamental changes, and will now be community maintained.
It does seem that PCRE2 support came in though
https://github.com/SpiderLabs/ModSecurity/commit/f84614fe066f74d111b802d5...
nmap
There appears to be a renewed interest upstream for porting over
https://github.com/nmap/nmap/issues/1335
openscap
openscap-engine-sce
There's an upstream issue tracking this, I've mentioned that both
Fedora and Amazon Linux are looking to be without pcre in the not too
distant future.
See
https://github.com/OpenSCAP/openscap/issues/1873
postfix-pcre
Looks like it's a simple fix to the current upstream release:
https://src.fedoraproject.org/rpms/postfix/pull-request/6
zsh
I haven't been able to find any clues on if upstream is working on this
or not. I'd love to know though!