Bug 973673

Summary: Do not link against lcms
Product: Red Hat Enterprise Linux 7 Reporter: Richard Hughes <rhughes>
Component: libmngAssignee: Nikola Forró <nforro>
Status: CLOSED WONTFIX QA Contact: BaseOS QE - Apps <qe-baseos-apps>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.1CC: hhorak, nforro, optak
Target Milestone: rcKeywords: Patch
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-12-20 10:48:22 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1473612    
Attachments:
Description Flags
Port libmng to lcms2 none

Description Richard Hughes 2013-06-12 13:27:20 UTC 
Description of problem:

libmng links against lcms which has just been blocked from rhel-7. lcms is an old and unmaintained library with known security problems. Programs should link against the newer and maintained lcms2 that has minor API changes.

Given that the security bugs are exploitable, and libmng can open random images from the internet (and dragged onto the DVD by Qt) I think that this bug is quite important to fix.

See https://engineering.redhat.com/rt/Ticket/Display.html?id=199807 for ticket.
Comment 2 RHEL Program Management 2014-03-22 06:46:36 UTC 
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.
Comment 3 Nikola Forró 2017-07-27 08:34:42 UTC 
Linking against lcms was disabled in libmng-1.0.10-12.el7 (bug #973965), but the fix wasn't enough to enable linking against lcms2, instead, CMS support was disabled entirely.
Comment 4 Nikola Forró 2017-08-23 14:34:02 UTC 
Created attachment 1317113 [details]
Port libmng to lcms2