naxsi
naxsi copied to clipboard
naxsi build fails with pcre*2*-enabled nginx-1.21.5: incorrect PCRE_MULTILINE usage
Building/packaging latest nginx-1.21.5
On 12/28/21 10:33, Maxim Dounin wrote:
> details: https://hg.nginx.org/nginx/rev/d986378168fd
> branches:
> changeset: 7989:d986378168fd
> user: Maxim Dounin <[email protected]>
> date: Tue Dec 28 18:28:37 2021 +0300
> description:
> nginx-1.21.5-RELEASE
on Fedora 35, with PCRE2,
rpm -qa | grep pcre2 | sort
pcre2-10.37-4.fc35.x86_64
pcre2-devel-10.37-4.fc35.x86_64
pcre2-syntax-10.37-4.fc35.noarch
pcre2-utf16-10.37-4.fc35.x86_64
pcre2-utf32-10.37-4.fc35.x86_64
and only PCRE2 enabled,
https://download.copr.fedorainfracloud.org/results/pgfed/nginx-mainline/fedora-35-x86_64/03084864-nginx/nginx.spec
fails,
https://download.copr.fedorainfracloud.org/results/pgfed/nginx-mainline/fedora-35-x86_64/03084864-nginx/builder-live.log.gz
at,
...
/usr/bin/gcc -c -fPIC -I/usr/local/lua-resty-luajit2/include/luajit-2.1 -O3 -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -march=x86-64 -mtune=generic -O3 -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -march=x86-64 -mtune=generic -DNDK_SET_VAR -Wno-deprecated-declarations -I src/core -I src/event -I src/event/modules -I src/os/unix -I src/http/modules/perl -I ../ngx_devel_kit-master/objs -I objs/addon/ndk -I ../ngx_devel_kit-master/src -I ../ngx_devel_kit-master/objs -I objs/addon/ndk -I /usr/local/lua-resty-luajit2/include/luajit-2.1 -I ../lua-nginx-module-master/src/api -I /usr/include -I ../njs-master/nginx/../src -I ../njs-master/nginx/../build -I ../njs-master/nginx/../src -I ../njs-master/nginx/../build -I /usr/include/libxml2 -I objs -I src/http -I src/http/modules -I src/http/v2 -I ../ngx_devel_kit-master/src -I src/mail -I src/stream \
-o objs/addon/naxsi_src/naxsi_config.o \
../naxsi-master/naxsi_src/naxsi_config.c
../naxsi-master/naxsi_src/naxsi_runtime.c: In function 'ngx_http_process_basic_rule_buffer':
../naxsi-master/naxsi_src/naxsi_runtime.c:205:61: error: invalid use of incomplete typedef 'ngx_regex_t' {aka 'struct pcre2_real_code_8'}
205 | (tmp_idx < len && (match = pcre_exec(rl->br->rx->regex->code,
| ^~
../naxsi-master/naxsi_src/naxsi_runtime.c: In function 'ngx_http_naxsi_pcre_wrapper':
../naxsi-master/naxsi_src/naxsi_runtime.c:500:30: error: invalid use of incomplete typedef 'ngx_regex_t' {aka 'struct pcre2_real_code_8'}
500 | match = pcre_exec(rx->regex->code, 0, (const char*)str, len, 0, 0, captures, 1);
| ^~
make[1]: *** [objs/Makefile:1715: objs/addon/naxsi_src/naxsi_runtime.o] Error 1
make[1]: *** Waiting for unfinished jobs....
make[1]: Leaving directory '/builddir/build/BUILD/nginx-release-1.21.5'
make: *** [Makefile:10: build] Error 2
error: Bad exit status from /var/tmp/rpm-tmp.hYoU7Y (%build)
Possibly connected commits:
- https://github.com/nginx/nginx/commit/931acbf5bcd550af8613d131f4ba49e22e909efb
- https://github.com/nginx/nginx/commit/d5f1f169bc71d32b96960266d54e189c69af00ba (mentions NAXSI)
- https://github.com/nginx/nginx/commit/c6fec0b027569a4e0b1d8aaee7dea0f2e4d6052b
@petecooper
from nginx-devel ML,
https://forum.nginx.org/read.php?29,293178,293179#msg-293179
the second issue, above, seems to be the relevant one here.
and,
"The NAXSI bug mentioned in the second commit needs to be fixed before it will be possible to build NAXSI with PCRE2."
"The" bug refers to incorrect usage of PCRE_MULTILINE
.
but, afaict, is not yet filed/open as an existing issue here @ naxsi
same issue. nginx: 1.21.5 pcre2: 10.39
../modules/ngx_http_naxsi_module/naxsi_src/naxsi_runtime.c
../modules/ngx_http_naxsi_module/naxsi_src/naxsi_runtime.c: In function 'ngx_http_process_basic_rule_buffer':
../modules/ngx_http_naxsi_module/naxsi_src/naxsi_runtime.c:205:61: error: invalid use of incomplete typedef 'ngx_regex_t' {aka 'struct pcre2_real_code_8'}
205 | (tmp_idx < len && (match = pcre_exec(rl->br->rx->regex->code,
| ^~
../modules/ngx_http_naxsi_module/naxsi_src/naxsi_runtime.c: In function 'ngx_http_naxsi_pcre_wrapper':
../modules/ngx_http_naxsi_module/naxsi_src/naxsi_runtime.c:500:30: error: invalid use of incomplete typedef 'ngx_regex_t' {aka 'struct pcre2_real_code_8'}
500 | match = pcre_exec(rx->regex->code, 0, (const char*)str, len, 0, 0, captures, 1);
| ^~
make[1]: *** [objs/Makefile:2297: objs/addon/naxsi_src/naxsi_runtime.o] Error 1
make: *** [Makefile:10: build] Error 2
same issue. nginx: 1.22.0 pcre2: 10.39
-o objs/addon/naxsi_src/naxsi_runtime.o \
/src/naxsi/naxsi_src/naxsi_runtime.c
/src/naxsi/naxsi_src/naxsi_runtime.c: In function 'ngx_http_process_basic_rule_buffer':
/src/naxsi/naxsi_src/naxsi_runtime.c:205:61: error: invalid use of incomplete typedef 'ngx_regex_t' {aka 'struct pcre2_real_code_8'}
205 | (tmp_idx < len && (match = pcre_exec(rl->br->rx->regex->code,
| ^~
/src/naxsi/naxsi_src/naxsi_runtime.c: In function 'ngx_http_naxsi_pcre_wrapper':
/src/naxsi/naxsi_src/naxsi_runtime.c:500:30: error: invalid use of incomplete typedef 'ngx_regex_t' {aka 'struct pcre2_real_code_8'}
500 | match = pcre_exec(rx->regex->code, 0, (const char*)str, len, 0, 0, captures, 1);
| ^~
make[1]: *** [objs/Makefile:3170: objs/addon/naxsi_src/naxsi_runtime.o] Error 1
make: *** [Makefile:16: modules] Error 2
same here:
make[1]: *** [objs/Makefile:2244: objs/addon/naxsi_src/naxsi_runtime.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/rpm/nginx-1.22.0' make: *** [Makefile:10: build] Error 2
For what's worth, we are using this patch on Arch to build this module: https://github.com/archlinux/svntogit-community/blob/packages/nginx-mod-naxsi/trunk/587-pcre2.patch
I do not know why this is still open but it was fixed: https://github.com/wargio/naxsi/commit/9e06c5f53b2e393e40e9df7746a7b8bc4c2abfa4
Hello,
Could you please release this fix 👍 ?
Hello,
Could you please release this fix +1 ?
It is fixed: https://github.com/wargio/naxsi
Sorry, it wasn't clear enough. Thank you for fixing this 🙏 . My question is more about making a new release, version 1.4, including this fix. 🚀
Not going to happen in this repository. This repository is considered abandoned thus you should use mine.