ModSecurity: Loaded PCRE do not match with compiled!

[rcbarnett-zz]

MODSEC-324: I can't figure this out, had it working flawlessly with httpd 2.2 and --with-pcre=/usr...

[root@om SPECS]# rpm -qa|grep pcre
pcre-devel-7.8-4.el6.x86_64
pcre-7.8-4.el6.x86_64

[root@om SPECS]# rpm -qf /lib64/libpcre.so.0
pcre-7.8-4.el6.x86_64
[root@om SPECS]#

root@om SPECS]# ldd which httpd |grep pcre
libpcre.so.0 => /lib64/libpcre.so.0 (0x00007f2a23b18000)

[root@om SPECS]# ldd /etc/httpd/modules/mod_security2.so|grep pcre
libpcre.so.0 => /lib64/libpcre.so.0 (0x00007fe8ee185000)
[root@om SPECS]#

httpd.spec: --with-pcre=/usr/bin/pcre-config
mod_security-art.spec: -with-pcre=/usr/bin/pcre-config

[Thu Aug 02 22:57:12.000927 2012] [:notice] [pid 30453:tid 140488856004416] ModSecurity: APR compiled version="1.4.6"; loaded version="1.4.6"
[Thu Aug 02 22:57:12.000934 2012] [:notice] [pid 30453:tid 140488856004416] ModSecurity: PCRE compiled version="7.08"; loaded version="7.8 2008-09-05"
[Thu Aug 02 22:57:12.000942 2012] [:warn] [pid 30453:tid 140488856004416] ModSecurity: Loaded PCRE do not match with compiled!

httpd.conf:

LoadFile /usr/lib64/libpcre.so
LoadModule security2_module lib64/httpd/modules/mod_security2.so

[root@om SPECS]# rpmbuild -ba mod_security-art.spec > modsec

• umask 022
• cd /root/rpmbuild/BUILD
• LANG=C
• export LANG
• unset DISPLAY
• cd /root/rpmbuild/BUILD
• rm -rf modsecurity-apache_2.6.7
• /usr/bin/gzip -dc /root/rpmbuild/SOURCES/modsecurity-apache_2.6.7.tar.gz
• /bin/tar -xvvf -
• STATUS=0
• '[' 0 -ne 0 ']'
• cd modsecurity-apache_2.6.7
• /bin/chmod -Rf a+rX,u+w,g-w,o-w .
• echo 'Patch #0 (asl3-logging.patch):'
• /bin/cat /root/rpmbuild/SOURCES/asl3-logging.patch
• /usr/bin/patch -s -p1 --fuzz=0
• echo 'Patch TODO  #1 (waf-label.patch):'
• /bin/cat /root/rpmbuild/SOURCES/waf-label.patch
• /usr/bin/patch -s -p1 --fuzz=0
• exit 0
• umask 022
• cd /root/rpmbuild/BUILD
• cd modsecurity-apache_2.6.7
• LANG=C
• export LANG
• unset DISPLAY
• CFLAGS='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic'
• export CFLAGS
• CFLAGS='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic'
• export CFLAGS
• CXXFLAGS='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic'
• export CXXFLAGS
• FFLAGS='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -I/usr/lib64/gfortran/modules'
• export FFLAGS
• ./configure --build=x86_64-unknown-linux-gnu --host=x86_64-unknown-linux-gnu --target=x86_64-redhat-linux-gnu --program-prefix= --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib64 --libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/var/lib --mandir=/usr/share/man --infodir=/usr/share/info --disable-pcre-match-limit --disable-pcre-match-limit-recursion -with-pcre=/usr/bin/pcre-config
• make -j8
  re_actions.c: In function 'msre_action_ctl_execute':
  re_actions.c:1061: warning: unused variable 'updated_rule'
  msc_multipart.c: In function 'validate_quotes':
  msc_multipart.c:35: warning: pointer targets in passing argument 1 of 'strlen' differ in signedness
  /usr/include/string.h:399: note: expected 'const char *' but argument is of type 'unsigned char *'
  msc_multipart.c:42: warning: pointer targets in passing argument 2 of 'log_escape_nq' differ in signedness
  msc_util.h:72: note: expected 'const char *' but argument is of type 'unsigned char *'
  msc_multipart.c: In function 'multipart_parse_content_disposition':
  msc_multipart.c:185: warning: pointer targets in passing argument 2 of 'validate_quotes' differ in signedness
  msc_multipart.c:23: note: expected 'unsigned char *' but argument is of type 'char *'
  msc_multipart.c:202: warning: pointer targets in passing argument 2 of 'validate_quotes' differ in signedness
  msc_multipart.c:23: note: expected 'unsigned char *' but argument is of type 'char *'
  msc_multipart.c:227: warning: format '%d' expects type 'int', but argument 5 has type 'size_t'
  acmp.c:258: warning: 'acmp_clone_node_no_state' defined but not used
• exit 0
• umask 022
• cd /root/rpmbuild/BUILD
• '[' /root/rpmbuild/BUILDROOT/mod_security-2.6.7-2.1.art.x86_64 '!=' / ']'
• rm -rf /root/rpmbuild/BUILDROOT/mod_security-2.6.7-2.1.art.x86_64
  ++ dirname /root/rpmbuild/BUILDROOT/mod_security-2.6.7-2.1.art.x86_64
• mkdir -p /root/rpmbuild/BUILDROOT
• mkdir /root/rpmbuild/BUILDROOT/mod_security-2.6.7-2.1.art.x86_64
• cd modsecurity-apache_2.6.7
• LANG=C
• export LANG
• unset DISPLAY
• rm -rf /root/rpmbuild/BUILDROOT/mod_security-2.6.7-2.1.art.x86_64
• mkdir -p /root/rpmbuild/BUILDROOT/mod_security-2.6.7-2.1.art.x86_64//etc/httpd/modsecurity.d/
• mkdir -p /root/rpmbuild/BUILDROOT/mod_security-2.6.7-2.1.art.x86_64//etc/httpd/conf.d/
• install -D -m755 apache2/.libs/mod_security2.so /root/rpmbuild/BUILDROOT/mod_security-2.6.7-2.1.art.x86_64//usr/lib64/httpd/modules/mod_security2.so
• install -D -m644 /root/rpmbuild/SOURCES/00_mod_security.conf /root/rpmbuild/BUILDROOT/mod_security-2.6.7-2.1.art.x86_64//etc/httpd/conf.d/00_mod_security.conf
• /usr/lib/rpm/find-debuginfo.sh --strict-build-id /root/rpmbuild/BUILD/modsecurity-apache_2.6.7
  1947 blocks
• /usr/lib/rpm/check-buildroot
• /usr/lib/rpm/redhat/brp-compress
• /usr/lib/rpm/redhat/brp-strip-static-archive /usr/bin/strip
• /usr/lib/rpm/redhat/brp-strip-comment-note /usr/bin/strip /usr/bin/objdump
• /usr/lib/rpm/brp-python-bytecompile
• /usr/lib/rpm/redhat/brp-python-hardlink
• /usr/lib/rpm/redhat/brp-java-repack-jars
• umask 022
• cd /root/rpmbuild/BUILD
• cd modsecurity-apache_2.6.7
• DOCDIR=/root/rpmbuild/BUILDROOT/mod_security-2.6.7-2.1.art.x86_64/usr/share/doc/mod_security-2.6.7
• export DOCDIR
• rm -rf /root/rpmbuild/BUILDROOT/mod_security-2.6.7-2.1.art.x86_64/usr/share/doc/mod_security-2.6.7
• /bin/mkdir -p /root/rpmbuild/BUILDROOT/mod_security-2.6.7-2.1.art.x86_64/usr/share/doc/mod_security-2.6.7
• cp -pr CHANGES LICENSE README.TXT modsecurity.conf-recommended doc /root/rpmbuild/BUILDROOT/mod_security-2.6.7-2.1.art.x86_64/usr/share/doc/mod_security-2.6.7
• exit 0
• umask 022
• cd /root/rpmbuild/BUILD
• cd modsecurity-apache_2.6.7
• rm -rf /root/rpmbuild/BUILDROOT/mod_security-2.6.7-2.1.art.x86_64
• exit 0
  [root@om SPECS]#

rpmbuild -ba httpd.spec:
...
...
...
...
checking for APR-util... yes
checking for x86_64-unknown-linux-gnu-gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking how to run the C preprocessor... gcc -E
checking for gcc option to accept ISO C99... -std=gnu99
checking for pcre-config... /usr/bin/pcre-config
configure: Using external PCRE library from /usr/bin/pcre-config
setting PCRE_INCLUDES to ""
setting PCRE_LIBS to "-lpcre"

The server wasn't tainted by source installs, crystal clean

[rcbarnett-zz]

Original reporter: supaducta

[rcbarnett-zz]

bpinto: Thanks Boris,

It was caused by a patch we applied. However we detected it was an error and i decided to revert it and rebuild the tarball.
Please download it again. (Just sent a message today to mod-users list talking about it).

Sorry for that

Breno

[rcbarnett-zz]

supaducta: Breno,

thanks much :)

[Fri Aug 03 07:53:26.000834 2012] [:notice] [pid 24305:tid 140093941724992] ModSecurity: PCRE compiled version="7.8 "; loaded version="7.8 2008-09-05"

Perfect :)