Fortified compiling prevents building older RPM

Today I had to build and test some older Open MPI RPM packages. However, I was prevented to build them, although the code apparently was correct.

The command:

rpmbuild -ba openmpi-1.2.1.spec

The error message was:

In function 'open',
    inlined from 'orte_abort' at runtime/orte_abort.c:91:
/usr/include/bits/fcntl2.h:51: error: call to '__open_missing_mode' declared with attribute error: open with O_CREAT in second argument needs 3 arguments

The line of source code that causes the error is:

fd = open(abort_file, O_CREAT);

After some research, I discovered that the source code is correct. But nowadays, newer versions of gcc do additional security checking that were not available that the time the code was written.

For security reasons, calling open with O_CREAT and only two parameters is not acceptable anymore.

In order to build the RPM, I would either need to change the SPEC file or the src.rpm package, or find out a build options for rpmbuild that turns off further code protection.

First, I changed the the src.rpm package, chaning the problematic line to:

fd = open(abort_file, O_CREAT, 0666);

Then, I confirmed that it is also possible to pass additional parameters to rpmbuild in order to turn off code protection:

rpmbuild -ba openmpi-1.2.1.spec --define 'configure_options CFLAGS=-D_FORTIFY_SOURCE=0'

References:

• http://www.redhat.com/archives/fedora-devel-announce/2007-September/msg00015.html
• http://www.redhat.com/magazine/009jul05/features/execshield/
• http://www.redhat.com/archives/fedora-tools-list/2004-September/msg00002.html
• http://wiki.debian.org/Hardening
• https://wiki.ubuntu.com/CompilerFlags