Bug#433884: Should not depend on libopenH323, libpt, libSDL, libssl, libldap, ...

Fri Jul 20 06:05:59 UTC 2007

On Fri, Jul 20, 2007 at 07:31:26AM +0300, Faidon Liambotis wrote:
> Package: asterisk
> Version: 1:1.4.2~dfsg-2
> Severity: serious
> Tags: patch
> 
> Upstream's makefile builds the "asterisk" binary with CXX and H323LBLIBS.
> That is,
>   -lopenh323 -lpt -lldap -llber -lldap_r -lpthread -lsasl2 -lssl -lcrypto
>   -lexpat -lSDL -lresolv -ldl
> 
> I don't know why they did this -- I checked, and it was introduced in
> r43281 along with many other chan_h323 changes and no useful comments.
> 
> There shouldn't be any reason to do that; only chan_h323.so needs these
> libraries.
> 
> This results for the following added dependencies for the asterisk package:
>   libopenh323-1.18.0 libpt-1.10.0 libldap2 libsasl2-2, libexpat1,
>   libsdl1.2debian
> 
> The attached patch fixes this bug.
> 
> This bug is present in at least the 2 recent versions of Asterisk, and
> since I have no indication from the changelog that it was ever fixed in
> Debian, I'm marking it found for the earliest version of 1.4 I could
> find in the changelog.
> I think britney is using version tracking nowdays so this will hopefully
> allow the security fix in lenny.

The upstream rule was intended to allow building a copy of Asterisk with
all the modules embedded in it. Hence it is present since the beginning
of 1.4 . As we don't need module embedding, we cann start with your
patch. Though a better fix is needed for the upstream makefile
eventually.

Which brings me again to ask: should the main asterisk package depend on
odbc, postgresql and such, or do we take some of those modules to
subpackages as well?

-- 
               Tzafrir Cohen       
icq#16849755                    jabber:tzafrir at jabber.org
+972-50-7952406           mailto:tzafrir.cohen at xorcom.com       
http://www.xorcom.com  iax:guest at local.xorcom.com/tzafrir