Bug 729021

Summary: Debug file missing in debuginfo package for a binary
Product: Red Hat Enterprise Linux 6 Reporter: Karel Klíč <kklic>
Component: opensshAssignee: Jan F. Chadima <jchadima>
Status: CLOSED ERRATA QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: low Docs Contact:
Priority: low    
Version: 6.3CC: mvadkert, pvrabec, rvokal, syeghiay
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 771963 (view as bug list) Environment:
Last Closed: 2011-12-06 09:56:21 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 727919    

Description Karel Klíč 2011-08-08 15:19:49 UTC 
A problem related to debuginfo was found in the openssh-5.3p1-52.el6_1.2 package. This issue might affect crash analysis done by Automatic Bug Reporting Tool and its retrace server, and also prevent proper debugging of crashes via GDB.

A debuginfo file for a binary is not present in the debuginfo package. This might be caused by:
 - binary being compiled without debugging information
 - debugging information being removed from the binary by a build script
 - rpmbuild failing to extract debugging information from a binary in a buildroot because of permissions (eg. suid binaries, binaries without executable flag set)

affected binary: /usr/libexec/openssh/gnome-ssh-askpass
affected package: openssh-askpass-5.3p1-52.el6_1.2.i686
binary doesn't contain debug sections (it was probably stripped)
affected binary file mode: 100755

This issue can be investigated by using eu-readelf tool from the elfutils package. Use `eu-readelf --notes /path/to/binary` to get build ID of a binary. Then check that the debuginfo package does not contain /usr/lib/debug/.build-id/<aa>/<bbbbbbbb>, where <aa> are the first two chars of the build ID, and <bbbbbbbb> is the rest of it. It should be a symlink pointing back to the binary.

(This bug was detected and filed by a script.)
Comment 2 Jan F. Chadima 2011-08-08 22:57:16 UTC 
can you look at openssh-5.8p2-19.fc17.src.rpm if there is the bug repaired?
Comment 3 Karel Klíč 2011-08-09 09:31:09 UTC 
The bug is not fixed there. gnome-ssh-askpass is stripped when installed. openssh.spec:

%if ! %{no_gnome_askpass}
install -s contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/gnome-ssh-askpass
%endif


That -s option (== --strip) shouldn't be there. Rpmbuild extracts debug sections from binaries in buildroot, so the binaries must be installed there without stripping the debug sections.
Comment 4 Jan F. Chadima 2011-08-09 13:29:32 UTC 
ok , can you test openssh-5.8p2-20.fc17
Comment 5 Karel Klíč 2011-08-09 15:42:38 UTC 
The issue is fixed in openssh-5.8p2-20.fc17.
Comment 10 errata-xmlrpc 2011-12-06 09:56:21 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1551.html