Google Play: How fix apps containing Libpng Vulnerability

Google Play: How fix apps containing Libpng Vulnerability
0

Continuing the discussion from OpenSSL problem again:

Please Any solution for this problem?

I use previous open SSL library updated file by given you.

Thank You

I have received notification on my many apps on Google Play all developed in COCOS2DX, the Notification states that there is a security vulnerability in libpng, I am sure this is in cocos2dX because I haven’t received them on games developed in AndEngine or Unity.
We are using COCOS2DX version 2.2, 2.1.2 and 2.2.6 and
we need to fix this ASAP
Can any one suggest a solution for this problem? We cannot move to new
COCOS2dX Version because we have many game so we need to fix the old
version.
Thanks

Do you resolve it?

No I am still waiting for a solution.

I have the same problem

I think we can take the new libpng from the latest Cocos2d-x version and apply it to the old one.

I’ve made a fix but didn’t have time to test it, please test it and let me know:

libpng Fix for Cocos2dx 2.x

1 Like

3q,I’ll test it

Some problem.

D:/androidtool/android-ndk-r10/toolchains/arm-linux-androideabi-4.6/prebuilt/win
dows-x86_64/bin/…/lib/gcc/arm-linux-androideabi/4.6/…/…/…/…/arm-linux-andro
ideabi/bin/ld.exe:
D:\taiwan_hg\program\client\src\android_kick9\proj.android/…
/…/cross-platform/lib/cocos2dx/platform/third_party/android/prebuilt/libpng/lib
s/armeabi/libpng.a(pngrutil.o): in function png_inflate_claim:pngrutil.c(.text.p
ng_inflate_claim+0x62): error: undefined reference to ‘inflateReset2’
D:/androidtool/android-ndk-r10/toolchains/arm-linux-androideabi-4.6/prebuilt/win
dows-x86_64/bin/…/lib/gcc/arm-linux-androideabi/4.6/…/…/…/…/arm-linux-andro
ideabi/bin/ld.exe:
D:\taiwan_hg\program\client\src\android_kick9\proj.android/…
/…/cross-platform/lib/cocos2dx/platform/third_party/android/prebuilt/libpng/lib
s/armeabi/libpng.a(pngrutil.o): in function png_decompress_chunk.constprop.5:png
rutil.c(.text.png_decompress_chunk.constprop.5+0x9a): error: undefined reference
to ‘inflateReset2’
collect2: ld returned 1 exit status
make.exe: *** [obj/local/armeabi/libsgcraft.so] Error 1
make.exe: Leaving directory `D:/taiwan_hg/program/client/src/android_kick9/proj.
android’

I think it maybe related to missing zlib, I’ll try to add it somehow :smile:

@q734809128 Please visit the link again, I’ve added zlib + instructions on change the Android.mk file.

I created an issue for it.
@Obg1’s solution is correct.

Thanks man. Worked for me.

I fixed the issue, please refer to the github issue for detail information.

If someone will have this issue, there is solution:

A simple fix is to extract the following zip file into your “cocos2dx\platform\third_party\android\prebuilt” folder:

Download the fix from here:
libpng_fix.zip for Cocos2d-x 2.x
http://bengigi.com/wp-content/uploads/libpng_fix.zip

And change “Android.mk” file under “cocos2dx” folder:

Change:
LOCAL_WHOLE_STATIC_LIBRARIES := cocos_libpng_static

to
LOCAL_WHOLE_STATIC_LIBRARIES := cocos_libzlib_static
LOCAL_WHOLE_STATIC_LIBRARIES += cocos_libpng_static

Change:
$(call import-module,libpng)

to:
$(call import-module,libzlib)
$(call import-module,libpng)

if planning to use from cocos2d-x lib then just rename(remove lib from name):
LOCAL_WHOLE_STATIC_LIBRARIES := cocos_zlib_static

$(call import-module,zlib)

I’ve amended it, but I still make the same mistake.

/Users/PandaSoul/Documents/All_Cocos2d/cocos/All_Cocos2d/cocos2dx/aiyangcheng/pro.android-studio/app/…/…/libs/cocos2dx/platform/third_party/android/prebuilt/libpng/libs/armeabi/libpng.a(pngrutil.o):pngrutil.c:function png_decompress_chunk.constprop.5: error: undefined reference to ‘inflateReset2’

collect2: error: ld returned 1 exit status