Libpng漏洞
Libpng vulnerability
我的应用程序用于使用 wifi 进行实时视频流和录制(音频和视频)。使用以下依赖项:
repositories { maven { url 'https://raw.github.com/iParse/android-library-opencv/master/releases' } }
compile fileTree(include: ['*.jar'], dir: 'libs')
compile project(':main')
compile files('libs/javacpp.jar')
compile files('libs/javacv.jar')
compile 'com.android.support:appcompat-v7:23.2.1'
compile 'com.android.support:design:23.2.1'
compile 'com.iparse.android:opencv:2.4.13.1'
testCompile 'junit:junit:4.12'
compile files('libs/armeabi.jar')
有一次我尝试上传到 play store Google 由于 Libpng 漏洞拒绝了我的申请,我发现 opencv lib 版本有问题,所以用它的 gradle 依赖替换了 opencv jar 文件,并且我从 libs/armeabi.jar 文件夹中删除了 .so 文件,然后 Google 没有显示该漏洞问题并将其上传到 Play 商店。
这是我们应用程序的 link:https://play.google.com/store/apps/details?id=com.steelmanpro.wifivideoscope&hl=en
我从 google 得到的回复是:
Hello Google Play Developer,
We rejected STEELMAN PRO – Video Scope, with package name com.steelmanpro.wifivideoscope, for violating our Malicious Behavior or User Data policy. If you submitted an update, the previous version of your app is still available on Google Play.
This app uses software that contains security vulnerabilities for users or allows the collection of user data without proper disclosure.
Below is the list of issues and the corresponding APK versions that were detected in your recent submission. Please upgrade your app(s) as soon as possible and increment the version number of the upgraded APK.
Vulnerability
APK Version(s)
Libpng library
The vulnerabilities were fixed in libpng v1.0.66, v.1.2.56, v.1.4.19, v1.5.26 or higher. You can find more information about how resolve the issue in this Google Help Center article.
3
To confirm you’ve upgraded correctly, submit the updated version of your app to the Developer Console and check back after five hours to make sure the warning is gone.
While these vulnerabilities may not affect every app that uses this software, it’s best to stay up to date on all security patches. Make sure to update any libraries in your app that have known security issues, even if you're not sure the issues are relevant to your app.
Apps must also comply with the Developer Distribution Agreement and Developer Program Policies.
If you feel we have made this determination in error, please reach out to our developer support team.
Best,
The Google Play Team
但是现在没有录制视频。这些是我的应用程序中使用的 .so 文件:
.so files used in the application.
请参考这个答案
- 将 opencv、javaCV、javaCpp 和 FFMPEG 更新到最新版本
依赖项以及
- 将架构指定为"arm"
- 下载
所有库的相同版本的 android arm.jar 文件来自
Maven 存储库
- 解压jar并复制so文件
从所有 jar 库中的 libs 文件夹粘贴 .so 文件
在 src/main/jnlibs/armeabiv7a
之下
列表项
同时在build.gradle
更新gradle如下:
dependencies {
compile fileTree(include: ['*.jar'], dir: 'libs')
compile group: 'org.bytedeco', name: 'javacv', version: '1.3.1'
compile group: 'org.bytedeco.javacpp-presets', name: 'opencv', version: '3.1.0-1.3', classifier: 'android-arm'
compile group: 'org.bytedeco.javacpp-presets', name: 'ffmpeg', version: '3.2.1-1.3', classifier: 'android-arm'
compile 'com.android.support:appcompat-v7:23.2.1'
compile 'com.android.support:design:23.2.1'
testCompile 'junit:junit:4.12'
compile files('libs/test.jar')
compile files('libs/zxing.jar')
compile(name:'FFmpegAndroid', ext:'aar')
}
我得到了解决方案。 FFMPEG 和 Opencv 使用易受攻击的 libpng 版本,我们将所有共享对象文件添加为单独的 jar 文件。我们更新了库并添加了以下依赖项
我将 build.gradle 文件更新为
dependencies {
compile fileTree(include: ['*.jar'], dir: 'libs')
compile group: 'org.bytedeco', name: 'javacv', version: '1.3.1'
compile group: 'org.bytedeco.javacpp-presets', name: 'opencv', version: '3.1.0-1.3', classifier: 'android-arm'
compile group: 'org.bytedeco.javacpp-presets', name: 'ffmpeg', version: '3.2.1-1.3', classifier: 'android-arm'
compile 'com.android.support:appcompat-v7:23.2.1'
compile 'com.android.support:design:23.2.1'
testCompile 'junit:junit:4.12'
compile files('libs/test.jar')
compile files('libs/zxing.jar')
compile(name:'FFmpegAndroid', ext:'aar')
}
我的应用程序用于使用 wifi 进行实时视频流和录制(音频和视频)。使用以下依赖项:
repositories { maven { url 'https://raw.github.com/iParse/android-library-opencv/master/releases' } }
compile fileTree(include: ['*.jar'], dir: 'libs')
compile project(':main')
compile files('libs/javacpp.jar')
compile files('libs/javacv.jar')
compile 'com.android.support:appcompat-v7:23.2.1'
compile 'com.android.support:design:23.2.1'
compile 'com.iparse.android:opencv:2.4.13.1'
testCompile 'junit:junit:4.12'
compile files('libs/armeabi.jar')
有一次我尝试上传到 play store Google 由于 Libpng 漏洞拒绝了我的申请,我发现 opencv lib 版本有问题,所以用它的 gradle 依赖替换了 opencv jar 文件,并且我从 libs/armeabi.jar 文件夹中删除了 .so 文件,然后 Google 没有显示该漏洞问题并将其上传到 Play 商店。 这是我们应用程序的 link:https://play.google.com/store/apps/details?id=com.steelmanpro.wifivideoscope&hl=en
我从 google 得到的回复是:
Hello Google Play Developer,
We rejected STEELMAN PRO – Video Scope, with package name com.steelmanpro.wifivideoscope, for violating our Malicious Behavior or User Data policy. If you submitted an update, the previous version of your app is still available on Google Play.
This app uses software that contains security vulnerabilities for users or allows the collection of user data without proper disclosure.
Below is the list of issues and the corresponding APK versions that were detected in your recent submission. Please upgrade your app(s) as soon as possible and increment the version number of the upgraded APK.
Vulnerability
APK Version(s)
Libpng library
The vulnerabilities were fixed in libpng v1.0.66, v.1.2.56, v.1.4.19, v1.5.26 or higher. You can find more information about how resolve the issue in this Google Help Center article.
3
To confirm you’ve upgraded correctly, submit the updated version of your app to the Developer Console and check back after five hours to make sure the warning is gone.
While these vulnerabilities may not affect every app that uses this software, it’s best to stay up to date on all security patches. Make sure to update any libraries in your app that have known security issues, even if you're not sure the issues are relevant to your app.
Apps must also comply with the Developer Distribution Agreement and Developer Program Policies.
If you feel we have made this determination in error, please reach out to our developer support team.
Best,
The Google Play Team
但是现在没有录制视频。这些是我的应用程序中使用的 .so 文件:
.so files used in the application.
请参考这个答案
- 将 opencv、javaCV、javaCpp 和 FFMPEG 更新到最新版本 依赖项以及
- 将架构指定为"arm"
- 下载 所有库的相同版本的 android arm.jar 文件来自 Maven 存储库
- 解压jar并复制so文件 从所有 jar 库中的 libs 文件夹粘贴 .so 文件 在 src/main/jnlibs/armeabiv7a 之下
列表项
同时在build.gradle
中指定ndk文件夹
更新gradle如下:
dependencies {
compile fileTree(include: ['*.jar'], dir: 'libs')
compile group: 'org.bytedeco', name: 'javacv', version: '1.3.1'
compile group: 'org.bytedeco.javacpp-presets', name: 'opencv', version: '3.1.0-1.3', classifier: 'android-arm'
compile group: 'org.bytedeco.javacpp-presets', name: 'ffmpeg', version: '3.2.1-1.3', classifier: 'android-arm'
compile 'com.android.support:appcompat-v7:23.2.1'
compile 'com.android.support:design:23.2.1'
testCompile 'junit:junit:4.12'
compile files('libs/test.jar')
compile files('libs/zxing.jar')
compile(name:'FFmpegAndroid', ext:'aar')
}
我得到了解决方案。 FFMPEG 和 Opencv 使用易受攻击的 libpng 版本,我们将所有共享对象文件添加为单独的 jar 文件。我们更新了库并添加了以下依赖项
我将 build.gradle 文件更新为
dependencies {
compile fileTree(include: ['*.jar'], dir: 'libs')
compile group: 'org.bytedeco', name: 'javacv', version: '1.3.1'
compile group: 'org.bytedeco.javacpp-presets', name: 'opencv', version: '3.1.0-1.3', classifier: 'android-arm'
compile group: 'org.bytedeco.javacpp-presets', name: 'ffmpeg', version: '3.2.1-1.3', classifier: 'android-arm'
compile 'com.android.support:appcompat-v7:23.2.1'
compile 'com.android.support:design:23.2.1'
testCompile 'junit:junit:4.12'
compile files('libs/test.jar')
compile files('libs/zxing.jar')
compile(name:'FFmpegAndroid', ext:'aar')
}