mod_security2 v2.9.8 cannot be compiled with a specific CFLAG

Question

mod_security2 v2.9.8 cannot be compiled with a specific CFLAG

airween opened this issue 2 months ago · 3 comments

Describe the bug

mod_security2 codebase cannot be compiled if CFLAG -Werror=format-security is present. This CFLAG is default on Debian and Ubuntu systems.

Logs and dumps

There is no log, the build process stopped with this error message:

re.c: In function 'update_rule_target_ex':
re.c:475:9: error: format not a string literal and no format arguments [-Werror=format-security]
  475 |         if (msr) msr_log(msr, 9, my_error_msg);
      |         ^~
re.c:476:9: error: format not a string literal and no format arguments [-Werror=format-security]
  476 |         else ap_log_error(APLOG_MARK, APLOG_INFO, 0, NULL, my_error_msg);
      |         ^~~~

To Reproduce

Download the source and run configure:

./configure ... 'CFLAGS=-Werror=format-security'

Expected behavior

Code must be compiled.

Server (please complete the following information):

ModSecurity version (and connector): v2.9.8

Answer 1 · 2024-09-05T15:31:18.000Z

On RHEL8 same issue. However, on RHEL7 it's fine.

Answer 2 · 2024-09-05T15:46:10.000Z

Hi @saberph,

On RHEL8 same issue. However, on RHEL7 it's fine.

Thanks for confirming. Hope we can release the fixed version soon.

Answer 3 · 2024-09-05T15:46:39.000Z

Completed via #3250 - closing.