Bug 977776

Summary: python-matplotlib failures in fips mode
Product: Red Hat Enterprise Linux 7 Reporter: Bohuslav "Slavek" Kabrda <bkabrda>
Component: python-matplotlibAssignee: John Kacur <jkacur>
Status: CLOSED WONTFIX QA Contact: BaseOS QE - Apps <qe-baseos-apps>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.0CC: bhu, jkacur, jkejda, omoris, riehecky, williams
Target Milestone: rc   
Target Release: 7.3   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-03-27 15:49:34 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1282960, 1313485, 1570035    

Description Bohuslav "Slavek" Kabrda 2013-06-25 10:10:54 UTC 
python-matplotlib fails in certain functions when run in fips mode:\
- lib/matplotlib/finance.py - check_historical_yahoo - creates file named according to md5 of downloaded url - this could imo be safely used with "usedforsecurity=False", since the file gets completely overwritten
- lib/matplotlib/backends/backend_svg.py - hashing of content for svg clip references - not a security use, should be fixable same as above
- lib/matplotlib/texmanager.py - creating tex file name according to result of hash - the function here is sometimes used for creating names of files that will be read, therefore this may pose some security risk, I would probably leave this as it is
- lib/matplotlib/sphinxext/mathmpl.py - constructs name of png image for conversion of latex file to html - I'm not sure whether this would be safe to leave there
Comment 3 RHEL Program Management 2014-03-22 06:45:35 UTC 
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.
Comment 5 John Kacur 2016-07-13 12:17:08 UTC 
These issues were brought to our attention late in the cycle so moving to rhel-7.4