scanelf: rpath_security_checks(): Security problem NULL DT_RPATH in /var/tmp/portage/sys-apps/keyutils-1.4/image/sbin/request-key scanelf: rpath_security_checks(): Security problem NULL DT_RUNPATH in /var/tmp/portage/sys-apps/keyutils-1.4/image/sbin/request-key scanelf: rpath_security_checks(): Security problem NULL DT_RPATH in /var/tmp/portage/sys-apps/keyutils-1.4/image/bin/keyctl scanelf: rpath_security_checks(): Security problem NULL DT_RUNPATH in /var/tmp/portage/sys-apps/keyutils-1.4/image/bin/keyctl * QA Notice: The following files contain insecure RUNPATHs * Please file a bug about this at http://bugs.gentoo.org/ * with the maintaining herd of the package. * sbin/request-key * bin/keyctl Reproducible: Always $ emerge --info =sys-apps/keyutils-1.4 Portage 2.2_rc67 (default/linux/amd64/10.0, gcc-4.4.4, glibc-2.11.2-r0, 2.6.34-gentoo-r1 x86_64) ================================================================= System Settings ================================================================= System uname: Linux-2.6.34-gentoo-r1-x86_64-Intel-R-_Core-TM-2_CPU_T5500_@_1.66GHz-with-gentoo-2.0.1 Timestamp of tree: Thu, 15 Jul 2010 00:45:02 +0000 app-shells/bash: 4.1_p7 dev-lang/python: 2.6.5-r3, 3.1.2-r4 dev-util/cmake: 2.8.1-r2 sys-apps/baselayout: 2.0.1 sys-apps/openrc: 0.6.1-r1 sys-apps/sandbox: 2.2 sys-devel/autoconf: 2.13, 2.65-r1 sys-devel/automake: 1.9.6-r3, 1.10.3, 1.11.1 sys-devel/binutils: 2.20.1-r1 sys-devel/gcc: 4.4.4-r1 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.10 virtual/os-headers: 2.6.34 ACCEPT_KEYWORDS="amd64 ~amd64" ACCEPT_LICENSE="@FREE" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=native -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/X11/xkb" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c" CXXFLAGS="-march=native -O2 -pipe" DISTDIR="/usr/portage/distfiles" EMERGE_DEFAULT_OPTS="--ask" FEATURES="assume-digests distlocks fixpackages news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unmerge-logs unmerge-orphans userfetch" GENTOO_MIRRORS="http://gentoo.netnitco.net http://mirror.mcs.anl.gov/pub/gentoo/ http://mirror.csclub.uwaterloo.ca/gentoo-distfiles/ http://mirror.datapipe.net/gentoo ftp://mirror.datapipe.net/gentoo" LDFLAGS="-Wl,-O1,--as-needed" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.namerica.gentoo.org/gentoo-portage" USE="X acl acpi afs alsa amd64 berkdb bzip2 cairo caps cdr cli cracklib crypt cxx dbus dri dvd dvdr emacs fortran gd gdbm gimp gpm gtk hal iconv jpeg kerberos latex mmx modules mudflap multilib ncurses nptl nptlonly opengl openmp pam pcre perl png pppd python readline reflection session smp spl sse sse2 ssl ssse3 sysfs system-sqlite tcpd truetype unicode xorg xscreensaver zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="evdev synaptics" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" RUBY_TARGETS="ruby18" SANE_BACKENDS="epson2" USERLAND="GNU" VIDEO_CARDS="radeon" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, FFLAGS, INSTALL_MASK, LANG, LC_ALL, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS ================================================================= Package Settings ================================================================= sys-apps/keyutils-1.4 was built with the following: USE="(multilib)"
Created attachment 238929 [details] build.log
I confirm this on x86 stable (keyutils-1.2-r2). My emerge info: Portage 2.1.8.3 (default/linux/x86/10.0/desktop, gcc-4.4.3, glibc-2.11.2-r0, 2.6.33-tuxonice-r2 i686) ================================================================= System uname: Linux-2.6.33-tuxonice-r2-i686-Intel-R-_Atom-TM-_CPU_N270_@_1.60GHz-with-gentoo-2.0.1 Timestamp of tree: Wed, 07 Jul 2010 09:15:01 +0000 distcc 3.0 i686-pc-linux-gnu [enabled] ccache version 2.4 [enabled] app-shells/bash: 4.0_p37 dev-java/java-config: 2.1.11 dev-lang/python: 2.5.4-r4, 2.6.5-r2, 3.1.2-r3 dev-util/ccache: 2.4-r7 dev-util/cmake: 2.8.1-r2 sys-apps/baselayout: 2.0.1 sys-apps/openrc: 0.6.1-r1 sys-apps/sandbox: 1.6-r2 sys-devel/autoconf: 2.13, 2.65 sys-devel/automake: 1.9.6-r3, 1.10.3, 1.11.1 sys-devel/binutils: 2.20.1-r1 sys-devel/gcc: 4.4.3-r2 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.6b virtual/os-headers: 2.6.30-r1 ACCEPT_KEYWORDS="x86" ACCEPT_LICENSE="* -@EULA" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=core2 -mtune=generic -mssse3 -mfpmath=sse -fomit-frame-pointer -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/X11/xkb" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c" CXXFLAGS="-O2 -march=core2 -mtune=generic -mssse3 -mfpmath=sse -fomit-frame-pointer -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="assume-digests ccache distcc distlocks fixpackages news parallel-fetch protect-owned sandbox sfperms strict unmerge-logs unmerge-orphans userfetch userpriv" GENTOO_MIRRORS="ftp://mirror.yandex.ru/gentoo-distfiles" LANG="ru_RU.utf8" LDFLAGS="-Wl,-O1" LINGUAS="ru" MAKEOPTS="-j5" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage/layman/rion /usr/local/portage/layman/pro-audio /usr/local/portage/layman/lxde /usr/local/portage/layman/desktop-effects /usr/local/portage/layman/sunrise /usr/local/portage/layman/jasiu /usr/local/portage/layman/qting-edge /usr/local/portage/layman/wirelay /usr/local/portage/layman/gnome /usr/local/portage/layman/rafaelmartins /usr/local/portage/layman/x11 /usr/local/portage/layman/gnome-live /usr/local/portage/layman/gentoo-china /usr/local/portage/layman/dev-zero /usr/local/portage/layman/java-overlay /usr/local/portage/layman/science /usr/local/portage/layman/mozilla /home/maks/maksbotan-overlay" SYNC="rsync://mirror.yandex.ru/gentoo-portage" USE="X a52 aac acl acpi alsa apm avahi bash-completion berkdb bluetooth bonjour branding bzip2 cairo cli consolekit cracklib crypt cups cxx dbus doomsday dri dts dvd dvdr emboss encode exif fam fbcon ffmpeg firefox flac fortran gcj gdbm gif gpm gstreamer gtk hal iconv ipod ipv6 jpeg laptop lcms ldap libnotify lm_sensors mad mikmod mng modules mp3 mp4 mpeg mudflap ncurses nls nptl nptlonly nsplugin offensive ogg opengl openmp pam pango pcre pdf perl pmu png ppds pppd python qt3support readline reflection samba scanner sdl session spell spl ssl startup-notification svg sysfs tcpd tiff truetype unicode usb vim-syntax vorbis wifi x264 x86 xcb xcomposite xml xorg xulrunner xv xvid zeroconf zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="evdev synaptics" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="ru" QEMU_SOFTMMU_TARGETS="i386 x86_64 ppc ppc64" QEMU_USER_TARGETS="i386 x86_64 ppc ppc64" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="intel" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LC_ALL, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Also applies to keyutils-1.4-r1. >>> Completed installing keyutils-1.4-r1 into /var/tmp/portage/sys-apps/keyutils-1.4-r1/image/ strip: x86_64-pc-linux-gnu-strip --strip-unneeded -R .comment bin/keyctl lib64/libkeyutils.so.1.3 sbin/request-key usr/lib64/libkeyutils.a ecompressdir: bzip2 -9 /usr/share/man scanelf: rpath_security_checks(): Security problem NULL DT_RPATH in /var/tmp/portage/sys-apps/keyutils-1.4-r1/image/bin/keyctl scanelf: rpath_security_checks(): Security problem NULL DT_RUNPATH in /var/tmp/portage/sys-apps/keyutils-1.4-r1/image/bin/keyctl scanelf: rpath_security_checks(): Security problem NULL DT_RPATH in /var/tmp/portage/sys-apps/keyutils-1.4-r1/image/sbin/request-key scanelf: rpath_security_checks(): Security problem NULL DT_RUNPATH in /var/tmp/portage/sys-apps/keyutils-1.4-r1/image/sbin/request-key * QA Notice: The following files contain insecure RUNPATHs * Please file a bug about this at http://bugs.gentoo.org/ * with the maintaining herd of the package. * bin/keyctl * sbin/request-key Auto fixing rpaths for bin/keyctl sbin/request-key >>> Installing (68 of 560) sys-apps/keyutils-1.4-r1
I can confirm that too (In reply to comment #3) > Also applies to keyutils-1.4-r1. > > > >>> Completed installing keyutils-1.4-r1 into /var/tmp/portage/sys-apps/keyutils-1.4-r1/image/ > > strip: x86_64-pc-linux-gnu-strip --strip-unneeded -R .comment > bin/keyctl > lib64/libkeyutils.so.1.3 > sbin/request-key > usr/lib64/libkeyutils.a > ecompressdir: bzip2 -9 /usr/share/man > scanelf: rpath_security_checks(): Security problem NULL DT_RPATH in > /var/tmp/portage/sys-apps/keyutils-1.4-r1/image/bin/keyctl > scanelf: rpath_security_checks(): Security problem NULL DT_RUNPATH in > /var/tmp/portage/sys-apps/keyutils-1.4-r1/image/bin/keyctl > scanelf: rpath_security_checks(): Security problem NULL DT_RPATH in > /var/tmp/portage/sys-apps/keyutils-1.4-r1/image/sbin/request-key > scanelf: rpath_security_checks(): Security problem NULL DT_RUNPATH in > /var/tmp/portage/sys-apps/keyutils-1.4-r1/image/sbin/request-key > > * QA Notice: The following files contain insecure RUNPATHs > * Please file a bug about this at http://bugs.gentoo.org/ > * with the maintaining herd of the package. > * bin/keyctl > * sbin/request-key > > Auto fixing rpaths for bin/keyctl > sbin/request-key > > >>> Installing (68 of 560) sys-apps/keyutils-1.4-r1 >
While on my amd64 box this issue is just a warning and the autofixing part seems to workaround this, on sparc this issue is fatal: strip: sparc-unknown-linux-gnu-strip --strip-unneeded -R .comment bin/keyctl sbin/request-key lib32/libkeyutils-1.2.so usr/lib32/libkeyutils.a scanelf: rpath_security_checks(): Security problem NULL DT_RPATH in /var/tmp/portage/sys-apps/keyutils-1.2-r1/image/bin/keyctl scanelf: rpath_security_checks(): Security problem NULL DT_RUNPATH in /var/tmp/portage/sys-apps/keyutils-1.2-r1/image/bin/keyctl scanelf: rpath_security_checks(): Security problem NULL DT_RPATH in /var/tmp/portage/sys-apps/keyutils-1.2-r1/image/sbin/request-key scanelf: rpath_security_checks(): Security problem NULL DT_RUNPATH in /var/tmp/portage/sys-apps/keyutils-1.2-r1/image/sbin/request-key * QA Notice: The following files contain insecure RUNPATHs * Please file a bug about this at http://bugs.gentoo.org/ * with the maintaining herd of the package. * bin/keyctl * sbin/request-key Auto fixing rpaths for bin/keyctl sbin/request-key * QA Notice: Missing gen_usr_ldscript for libkeyutils.so * ERROR: sys-apps/keyutils-1.2-r1 failed: * add those ldscripts Moreover, this package is a dependency for app-crypt/mit-krb5-.8.3-r1 which was stabilized due to security. This makes this issue critical for users that are blocked from updating to a secure version.
For completeness: Portage 2.1.9.24 (default/linux/sparc/experimental/multilib/server, gcc-4.4.4, glibc-2.11.2-r3, 2.6.34-gentoo-r12 sparc64) ================================================================= System uname: Linux-2.6.34-gentoo-r12-sparc64-sun4u-with-gentoo-2.0.1 Timestamp of tree: Sat, 27 Nov 2010 15:45:01 +0000 ccache version 2.4 [enabled] app-shells/bash: 4.1_p7 dev-lang/python: 2.6.5-r3 dev-util/ccache: 2.4-r7 dev-util/cmake: 2.8.1-r2 sys-apps/baselayout: 2.0.1 sys-apps/openrc: 0.6.3 sys-apps/sandbox: 2.3-r1 sys-devel/autoconf: 2.13::<unknown repository>, 2.65-r1 sys-devel/automake: 1.10.3, 1.11.1 sys-devel/binutils: 2.20.1-r1 sys-devel/gcc: 4.4.4-r2 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.10 sys-devel/make: 3.81-r2 virtual/os-headers: 2.6.30-r1 (sys-kernel/linux-headers) ACCEPT_KEYWORDS="sparc" ACCEPT_LICENSE="* -@EULA" CBUILD="sparc-unknown-linux-gnu" CFLAGS="-O2 -mcpu=ultrasparc -pipe -ggdb" CHOST="sparc-unknown-linux-gnu" CONFIG_PROTECT="/etc /usr/share/X11/xkb" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-O2 -mcpu=ultrasparc -pipe -ggdb" DISTDIR="/usr/portage/distfiles" FEATURES="assume-digests binpkg-logs ccache collision-protect distlocks fixlafiles fixpackages multilib-strict news parallel-fetch protect-owned sandbox sfperms splitdebug strict test unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox" GENTOO_MIRRORS="ftp://mirror.netcologne.de/gentoo/ ftp://gentoo.tiscali.nl/pub/mirror/gentoo/ ftp://mirror.cambrium.nl/pub/os/linux/gentoo/ ftp://ftp.join.uni-muenster.de/pub/linux/distributions/gentoo ftp://ftp6.uni-muenster.de/pub/linux/distributions/gentoo" LDFLAGS="-Wl,-O1 -Wl,--as-needed" LINGUAS="en de" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_COMPRESS="" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_EXTRA_OPTS="--timeout=500" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/var/lib/layman/sping /var/lib/layman/DuPol /usr/local/portage/modified" SYNC="rsync://rsync.de.gentoo.org/gentoo-portage" USE="X acl admin bash-completion branding bzip2 cli coverpage cracklib crypt cups cxx dbus dri fortran gd git gpm hal iconv iproute2 javascript jpeg kerberos keyscrub logrotate loop-aes mime modules mudflap multilib nls nptl nptlonly openmp pam pcre png posix pppd readline sasl session sparc ssl sysfs syslog system-sqlite tcpd threads tiff truetype unicode userlocales xml xorg zlib" ALSA_CARDS="cs4231" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="auth_basic auth_core authn_file authz_core authz_host authz_user dav dir log_config mime unixd" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en de" PHP_TARGETS="php5-2" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="mach64" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS_FLAGS
Note that this bug applies to sys-apps/keyutils-1.2-r1 as well, for non-x86 architectures at least. I get the same error as Dustin on my alpha machine.
confirmed for keyutils-1.4-r1 on amd64 QA Notice: The following files contain insecure RUNPATHs │ │ Please file a bug about this at http://bugs.gentoo.org/ │ │ with the maintaining herd of the package. │ │ bin/keyctl │ │ sbin/request-key
Okay, let's clearify this a bit. I should had looked more closely before... (In reply to comment #5) > While on my amd64 box this issue is just a warning and the autofixing part > seems to workaround this, on sparc this issue is fatal: (In reply to comment #7) > Note that this bug applies to sys-apps/keyutils-1.2-r1 as well, for non-x86 > architectures at least. I get the same error as Dustin on my alpha machine. amd64 did install because it has keyutils-1.2-r2 stable while on sparc only -r1 is stable which does not have the gen_usr_ldscript yet. Unmasking keyutils-1.2-r2 on sparc and arm throws the warning but does install. Therefore, I suggest to mark 1.2-r2 stable on all ARCHs that have 1.2-r1 stable already and then dump 1.2-r1 as it never will install. Ebuilds for 1.4 work around the buggy Makefile by using gen_usr_ldscript, so they should not error out. I don't know how this issue is fixed properly, but I want to share what I found out from looking at the Makefile: Problematic lines seem to be the following: """ keyctl: keyctl.c keyutils.h Makefile $(DEVELLIB) $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< -L. -lkeyutils -Wl,-rpath,$(LIB) request-key: request-key.c keyutils.h Makefile $(DEVELLIB) $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< -L. -lkeyutils -Wl,-rpath,$(LIB) """ which reference $(LIB). $(LIB), however, is not defined and thus empty.
keyutils-1.5.3 should have the issue fixed
Created attachment 312269 [details, diff] Patch to fix NULL RPATH in keyutils-1.4 I see this bug is still open. I've used this attached patch to address the problem in 1.4. I based it on looking at the modifications to the Makefile in keyutils-1.5.2.
Is there anything preventing 1.5.5 from being stabilized?
*** Bug 417915 has been marked as a duplicate of this bug. ***