Package: asterisk
Version: 1:1.4.2~dfsg-2
Severity: serious
Tags: patch
Upstream's makefile builds the "asterisk" binary with CXX and H323LBLIBS.
That is,
-lopenh323 -lpt -lldap -llber -lldap_r -lpthread -lsasl2 -lssl -lcrypto
-lexpat -lSDL -lresolv -ldl
I don't know why they did this -- I checked, and it was introduced in
r43281 along with many other chan_h323 changes and no useful comments.
There shouldn't be any reason to do that; only chan_h323.so needs these
libraries.
This results for the following added dependencies for the asterisk package:
libopenh323-1.18.0 libpt-1.10.0 libldap2 libsasl2-2, libexpat1,
libsdl1.2debian
The attached patch fixes this bug.
This bug is present in at least the 2 recent versions of Asterisk, and
since I have no indication from the changelog that it was ever fixed in
Debian, I'm marking it found for the earliest version of 1.4 I could
find in the changelog.
I think britney is using version tracking nowdays so this will hopefully
allow the security fix in lenny.
Regards,
Faidon
--- asterisk-1.4.8~dfsg+bristuff.orig/main/Makefile
+++ asterisk-1.4.8~dfsg+bristuff/main/Makefile
@@ -135,7 +135,7 @@ asterisk: $(OBJS) editline/libedit.a db1
@rm -f $(ASTTOPDIR)/include/asterisk/build.h.tmp
@$(CC) -c -o buildinfo.o $(ASTCFLAGS) buildinfo.c
$(ECHO_PREFIX) echo " [LD] $^ -> $@"
- $(CMD_PREFIX) $(CXX) $(STATIC_BUILD) -o $@ $(ASTLINK)
$(AST_EMBED_LDFLAGS) $(ASTLDFLAGS) $(H323LDFLAGS) $^ buildinfo.o $(AST_LIBS)
$(AST_EMBED_LIBS) $(H323LDLIBS)
+ $(CMD_PREFIX) $(CC) $(STATIC_BUILD) -o $@ $(ASTLINK)
$(AST_EMBED_LDFLAGS) $(ASTLDFLAGS) $^ buildinfo.o $(AST_LIBS) $(AST_EMBED_LIBS)
@$(ASTTOPDIR)/build_tools/strip_nonapi $@
clean::
