mod_security2 v2.9.8 cannot be compiled with a specific CFLAG

[airween]

Describe the bug

mod_security2 codebase cannot be compiled if CFLAG -Werror=format-security is present. This CFLAG is default on Debian and Ubuntu systems.

Logs and dumps

There is no log, the build process stopped with this error message:

re.c: In function 'update_rule_target_ex':
re.c:475:9: error: format not a string literal and no format arguments [-Werror=format-security]
  475 |         if (msr) msr_log(msr, 9, my_error_msg);
      |         ^~
re.c:476:9: error: format not a string literal and no format arguments [-Werror=format-security]
  476 |         else ap_log_error(APLOG_MARK, APLOG_INFO, 0, NULL, my_error_msg);
      |         ^~~~

To Reproduce

Download the source and run configure:

./configure ... 'CFLAGS=-Werror=format-security'

Expected behavior

Code must be compiled.

Server (please complete the following information):

• ModSecurity version (and connector): v2.9.8

[saberph]

On RHEL8 same issue. However, on RHEL7 it's fine.

[airween]

Hi @saberph,

On RHEL8 same issue. However, on RHEL7 it's fine.

Thanks for confirming. Hope we can release the fixed version soon.

[airween]

Completed via #3250 - closing.