Description
Describe the bug
I'm trying to update the FreeBSD port to 2.9.8 (current version in ports is 2.9.6) and to link with pcre2 instead of pcre.
I can build it and apache runs, but when modsecurity tries to write an audit log, the httpd process dies with SIGSEGV.
Setting SecAuditLogType Concurrent stops httpd from dying.
Logs and dumps
Output of:
Notice: Be carefully to not leak any confidential information.
To Reproduce
Steps to reproduce the behavior:
Anything that causes mod_security to write an audit log.
Expected behavior
A clear and concise description of what you expected to happen.
Server (please complete the following information):
- ModSecurity version (and connector): [e.g. ModSecurity v3.0.1 with nginx-connector v1.0.0]
- 2.9.8
- WebServer: [e.g. nginx-1.15.5]
- apache 2.4.62
- OS (and distro): [e.g. Linux, archlinux]
- FreeBSD 14.1-RELEASE
Rule Set (please complete the following information):
- Running any public or commercial rule set? [e.g. SpiderLabs commercial rules]
- What is the version number? [e.g. 2018-08-11]
Additional context
The stacktrace indicates that the problem is in apr_global_mutex_lock().
The configure command that the ports build generates and uses to build is:
./configure --with-apxs=/usr/local/sbin/apxs --with-pcre2=/usr/local --with-yajl=/usr/local --with-curl=/usr/local --without-ssdeep --without-lua --disable-mlogc --prefix=/usr/local --localstatedir=/var --mandir=/usr/local/share/man --disable-silent-rules --infodir=/usr/local/share/info/ --build=amd64-portbld-freebsd14.1
I'm trying to get the port in FreeBSD ports updated, so even though I can workaround the problem, we need to address this issue if it is to be merged upstream.