|
![](/i/fill.gif) |
Thomas Klausner wrote:
>> You don't need a patch for now. Rather, just force POV-Ray to
>>build and link with the libraries provided in the source archive, using
>>the --disable-lib-checks configure option. Those libs are the versions
>>that were used along the POV-Ray development.
>
> Well, that's not really a solution. pkgsrc makes all packages
> use one png package instead of tens of different internal copies
> so that e.g. vulnerabilities or platform fixes have to be applied
> only in one place.
Please use the libraries that are supplied with POV-Ray as they are known to
work properly due to extensive testing. If you insist on using a newer
version of the libraries, the proper functioning of POV-Ray is not
guaranteed by any means, and you would be on your own if there are any
problems. Clearly, as you have noticed, there are changes in the libraries
you are using, so you are already having problems...
So, *please* use what you are told to use, anything else is absolutely,
completely and without restrictions *unsupported*. POV-Ray is not qualified
for server use, and should not be exposed to untrusted users! There are no
exceptions to this recommendation. As such, your argument about security
completely misses the point! Please use the libraries supplied with POV-Ray,
as they create a reliable version of POV-Ray that will *work* properly and
be usable without problems. If you need to worry about library-level
security problems in POV-Ray, your security settings are already inadequate.
What you are currently trying to do is similar to putting on a bullet proof
vest, and then start shooting yourself in the foot. Clearly, not something
you want to do! ;-)
Thorsten Froehlich, POV-Team
Post a reply to this message
|
![](/i/fill.gif) |