Bug 973673 - Do not link against lcms
Do not link against lcms
Status: NEW
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: libmng (Show other bugs)
7.1
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Nikola Forró
BaseOS QE - Apps
:
Depends On:
Blocks: 1473612
  Show dependency treegraph
 
Reported: 2013-06-12 09:27 EDT by Richard Hughes
Modified: 2017-07-27 04:34 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Richard Hughes 2013-06-12 09:27:20 EDT
Description of problem:

libmng links against lcms which has just been blocked from rhel-7. lcms is an old and unmaintained library with known security problems. Programs should link against the newer and maintained lcms2 that has minor API changes.

Given that the security bugs are exploitable, and libmng can open random images from the internet (and dragged onto the DVD by Qt) I think that this bug is quite important to fix.

See https://engineering.redhat.com/rt/Ticket/Display.html?id=199807 for ticket.
Comment 2 RHEL Product and Program Management 2014-03-22 02:46:36 EDT
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.
Comment 3 Nikola Forró 2017-07-27 04:34:42 EDT
Linking against lcms was disabled in libmng-1.0.10-12.el7 (bug #973965), but the fix wasn't enough to enable linking against lcms2, instead, CMS support was disabled entirely.

Note You need to log in before you can comment on or make changes to this bug.