Lukas Javorsky <ljavorsk@xxxxxxxxxx> writes: > Hi, > > As from the pcre-8.45, the upstream stopped supporting this > library. The recommended procedure is to switch onto the new pcre2 > library that has full upstream support. [1] I was looking into doing this as much as possible for AL2022 and managed to dig a bit on how to solve some of these. Some knowledge I gained (and pull requests linked) below: > As a result of this announcement, the older PCRE library in Fedora will be retired. > Without upstream support, we don't have enough capacity to keep up > with the security and bugs-related issues, and thus we will support > only the new PCRE2 library. [2] > > The retirement procedure will happen in the upcoming weeks, so if you would like to take over the package let us know. > > > The list of affected packages: > aide aide has been ported upstream (at least in the dev branch), https://src.fedoraproject.org/rpms/aide/pull-request/3 > cppcheck > cppcheck-gui cppcheck can be built without HAVE_RULES which will avoid pcre at the expense of functionality. > ganglia > ganglia-gmond Ganglia has been effectively dead upstream for a long time, with no functional security patching or keeping up to date with modern PHP. Arguably it should also go, or come with bright flashing warning lights. > grep There's been some development upstream on it: commit e0d39a9133e1507345d73ac5aff85f037f39aa54 Author: Carlo Marcelo Arenas Belón <carenas@xxxxxxxxx> Date: Fri Nov 12 16:45:04 2021 -0800 grep: migrate to pcre2 and there's been a few bug fixes since then. It looks like a new release is in the works, so this should be solved shortly. > mod_security > mod_security-mlogc https://www.modsecurity.org/ seems to indicate that upstream has made some fundamental changes, and will now be community maintained. It does seem that PCRE2 support came in though https://github.com/SpiderLabs/ModSecurity/commit/f84614fe066f74d111b802d582599655d0d7e3af > nmap There appears to be a renewed interest upstream for porting over https://github.com/nmap/nmap/issues/1335 > openscap > openscap-engine-sce There's an upstream issue tracking this, I've mentioned that both Fedora and Amazon Linux are looking to be without pcre in the not too distant future. See https://github.com/OpenSCAP/openscap/issues/1873 > postfix-pcre Looks like it's a simple fix to the current upstream release: https://src.fedoraproject.org/rpms/postfix/pull-request/6 > zsh I haven't been able to find any clues on if upstream is working on this or not. I'd love to know though! _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
