Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mod_security2 v2.9.8 cannot be compiled with a specific CFLAG #3249

Closed
airween opened this issue Sep 3, 2024 · 3 comments
Closed

mod_security2 v2.9.8 cannot be compiled with a specific CFLAG #3249

airween opened this issue Sep 3, 2024 · 3 comments
Labels
2.x Related to ModSecurity version 2.x

Comments

@airween
Copy link
Member

airween commented Sep 3, 2024

Describe the bug

mod_security2 codebase cannot be compiled if CFLAG -Werror=format-security is present. This CFLAG is default on Debian and Ubuntu systems.

Logs and dumps

There is no log, the build process stopped with this error message:

re.c: In function 'update_rule_target_ex':
re.c:475:9: error: format not a string literal and no format arguments [-Werror=format-security]
  475 |         if (msr) msr_log(msr, 9, my_error_msg);
      |         ^~
re.c:476:9: error: format not a string literal and no format arguments [-Werror=format-security]
  476 |         else ap_log_error(APLOG_MARK, APLOG_INFO, 0, NULL, my_error_msg);
      |         ^~~~

To Reproduce

Download the source and run configure:

./configure ... 'CFLAGS=-Werror=format-security'

Expected behavior

Code must be compiled.

Server (please complete the following information):

  • ModSecurity version (and connector): v2.9.8
@airween airween added the 2.x Related to ModSecurity version 2.x label Sep 3, 2024
@airween airween mentioned this issue Sep 3, 2024
Merged
@saberph
Copy link

saberph commented Sep 5, 2024

On RHEL8 same issue. However, on RHEL7 it's fine.

@airween
Copy link
Member Author

airween commented Sep 5, 2024

Hi @saberph,

On RHEL8 same issue. However, on RHEL7 it's fine.

Thanks for confirming. Hope we can release the fixed version soon.

@airween
Copy link
Member Author

airween commented Sep 5, 2024

Completed via #3250 - closing.

@airween airween closed this as completed Sep 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
2.x Related to ModSecurity version 2.x
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@airween @saberph