Discovered on #100 :

One other issue: on a PaX MPROTECT system, ucg built this way [i.e. with a JIT-enabled PCRE2] needs to be marked as not MPROTECT safe. On NetBSD this is done by calling 'paxctl +m ucg' after the build is finished. (see http://netbsd.gw.com/cgi-bin/man-cgi?paxctl++NetBSD-current)
On Linux, it's done using 'paxctl -m ucg' (see https://wiki.gentoo.org/wiki/Hardened/PaX_Quickstart#paxctl).
This is a property of the file, so it can be done before installation or after (but take care that the real binary, and not a libtool shell wrapper script, is the target).

It's not clear, but from a cursory reading of the Wikipedia entry here, it seems like the real fix here would need to be done in libpcre(2), via the correct ordering of mprotect() POSIX calls on the mmap()ed area it uses for its executable JIT code.