libbpng漏洞问题，即使在更新opencv库后 [英] Libpng vulnerability issue even after updating opencv library

问题描述

我在我的应用程序中使用以下依赖项:

I am using following dependencies in my app :

dependencies {
compile fileTree(include: '*.jar', dir: 'libs')
compile project(':zxing-2.3.0')
compile project(':ColorPickerView')
compile project(':DropboxChooserSDK')
compile project(':PullToRefreshLibrary')
compile project(':volley')
compile 'com.android.support:recyclerview-v7:24.0.0-alpha2'
compile 'com.facebook.android:facebook-android-sdk:4.5.0'
compile 'com.google.android.gms:play-services-analytics:8.4.0'
compile 'com.google.android.gms:play-services-gcm:8.4.0'
compile 'com.android.support:design:23.3.0'
compile 'com.github.ctodobom:OpenCV-3.1.0-Android:-SNAPSHOT'
}

我使用的是Opencv库版本2.4.8，而Google Play控制台拒绝了我的应用，提示libpng漏洞问题. 因此，我将opencv库更新为3.1.0，但Google Play控制台仍然拒绝说同样的libpng漏洞问题.

I was using opencv library version 2.4.8 and google play console rejected my app saying libpng vulnerability issue. So i updated opencv library to 3.1.0 and still the google play console is rejecting saying the same libpng vulnerability issue.

因此，如果上面有其他库正在使用libpng库，我会感到困惑吗?

So i am confused if any other library from above is using libpng library?

我创建了一个具有上述库的示例项目，出于测试目的，我将opencv降级到2.4.8(存在libpng问题)，我能说什么，它没有对libpng发出任何警告，它正在发布.那么问题到底出在哪里呢?

I created a sample project which has the above libraries and for testing purpose I downgraded opencv to 2.4.8 (which has libpng issue) and what can i say, it is not giving any warning about libpng, it is getting published. So where exactly is the problem?

推荐答案

我发现了问题所在. 旧的opencv库(存在漏洞问题)创建了 libopencv_java.so 文件，并且仍在 libs 文件夹，即使更新了库也是如此.因此，新的 .so 文件无法生成.

I found out the problem. The old opencv library(which has vulnerability issue) created libopencv_java.so file and it was still there in the libs folder even after updating the library. So somehow the new .so file was not generating.

已采取步骤解决:

• 首先我从libs文件夹中删除了 libopencv_java.so .
• 为清楚起见，我删除了 build 文件夹中的所有内容.
• 添加了opencv 2.4.13.1 gradle依赖项(编译'com.iparse.android:opencv:2.4.13.1')

• First i deleted libopencv_java.so from libs folder.
• Just for clarity, i deleted everything which was there in the build folder.
• Added opencv 2.4.13.1 gradle dependency (compile 'com.iparse.android:opencv:2.4.13.1')

如果要检查opencv使用的libpng版本，请首先找到 libopencv_java.so ，该文件位于 libs 或 build 文件夹中，在终端strings libopencv_java.so | grep "libpng"中使用以下命令.

If you want to check the libpng version used by opencv, first find libopencv_java.so which will be in libs or build folder and use the following command in terminal strings libopencv_java.so | grep "libpng".

此后，我在playstore中发布了，一切都很好.希望这对某人有帮助.

After this i published in playstore and everything is fine. Hope this helps someone.

这篇关于libbpng漏洞问题，即使在更新opencv库后的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！