Re: Question about a potential false positive error

[Felix Lechner <felix.lechner@lease-up.com>]

Hi Troy,

On Thu, Feb 10, 2022 at 12:20 PM Troy Heber <troyh@debian.org> wrote:
>
> a false positive error while working on
>         E: crash: embedded-library usr/bin/crash: zlib

First off, that tag does not work very well. It was reduced to a
classification tag [1] that is largely hidden from public view, but
the change has not been released.

> libz is dynamically linked as a shared library:

The check looks for strings [2] with this pattern. [3]

Your build system could have linked the executable to libz in addition
to embedding the library. Is that what happened?

> my current build on people

In your executable, I locally see the following strings:

➤ strings dir/usr/bin/crash | grep -P '(?m)(?<!4 )(?:in|de)flate
(?:\\d[ \\w.\\-]{1,20}[\\w.\\-])'
 deflate 1.2.11 Copyright 1995-2017 Jean-loup Gailly and Mark Adler
 inflate 1.2.11 Copyright 1995-2017 Mark Adler

Could Lintian be correct?

Kind regards,
Felix Lechner

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932634#34
[2] https://salsa.debian.org/lintian/lintian/-/blob/master/lib/Lintian/Check/Libraries/Embedded.pm#L111
[3] After the second and final ||,
https://salsa.debian.org/lintian/lintian/-/blob/master/data/binaries/embedded-libs#L110