Red Hat Bugzilla – Bug 973673
Do not link against lcms
Last modified: 2017-07-27 04:34:42 EDT
Description of problem:
libmng links against lcms which has just been blocked from rhel-7. lcms is an old and unmaintained library with known security problems. Programs should link against the newer and maintained lcms2 that has minor API changes.
Given that the security bugs are exploitable, and libmng can open random images from the internet (and dragged onto the DVD by Qt) I think that this bug is quite important to fix.
See https://engineering.redhat.com/rt/Ticket/Display.html?id=199807 for ticket.
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.
Linking against lcms was disabled in libmng-1.0.10-12.el7 (bug #973965), but the fix wasn't enough to enable linking against lcms2, instead, CMS support was disabled entirely.