On Fri, Jul 20, 2007 at 07:31:26AM +0300, Faidon Liambotis wrote: > Package: asterisk > Version: 1:1.4.2~dfsg-2 > Severity: serious > Tags: patch > > Upstream's makefile builds the "asterisk" binary with CXX and H323LBLIBS. > That is, > -lopenh323 -lpt -lldap -llber -lldap_r -lpthread -lsasl2 -lssl -lcrypto > -lexpat -lSDL -lresolv -ldl > > I don't know why they did this -- I checked, and it was introduced in > r43281 along with many other chan_h323 changes and no useful comments. > > There shouldn't be any reason to do that; only chan_h323.so needs these > libraries. > > This results for the following added dependencies for the asterisk package: > libopenh323-1.18.0 libpt-1.10.0 libldap2 libsasl2-2, libexpat1, > libsdl1.2debian > > The attached patch fixes this bug. > > This bug is present in at least the 2 recent versions of Asterisk, and > since I have no indication from the changelog that it was ever fixed in > Debian, I'm marking it found for the earliest version of 1.4 I could > find in the changelog. > I think britney is using version tracking nowdays so this will hopefully > allow the security fix in lenny.
The upstream rule was intended to allow building a copy of Asterisk with all the modules embedded in it. Hence it is present since the beginning of 1.4 . As we don't need module embedding, we cann start with your patch. Though a better fix is needed for the upstream makefile eventually. Which brings me again to ask: should the main asterisk package depend on odbc, postgresql and such, or do we take some of those modules to subpackages as well? -- Tzafrir Cohen icq#16849755 jabber:[EMAIL PROTECTED] +972-50-7952406 mailto:[EMAIL PROTECTED] http://www.xorcom.com iax:[EMAIL PROTECTED]/tzafrir -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]