使用cocos2d-x 2.1.5版本开发了一个游戏提交到Google Play后,收到GooglePlay的一封邮件,拒绝了这个游戏的上线。大概内容是说游戏里包含的libpng库存在安全风险,会被恶意利用。原文内包含以下内容:
We detected that your app(s) listed at the end of this email are using an unsafe version of the libpng library. Apps with vulnerabilities like this can expose users to risk of compromise and may be considered in violation of our Malicious Behavior policy.
What’s happening
Beginning September 17, 2016, Google Play will block publishing of any new apps or updates that use vulnerable versions of libpng. Your published APK version will not be affected, however any updates to the app will be blocked unless you address this vulnerability.
Action required: Migrate your app(s) to use libpng v1.0.66, v.1.2.56, v.1.4.19, v1.5.26 or higher as soon as possible and increment the version number of the upgraded APK.
Next steps
Download the latest version of libpng from the libpng website.
Sign in to your Developer Console and submit the updated version of your app.
Check back after five hours – we’ll show a warning message if the app hasn’t been updated correctly.
The vulnerability stems from an out of bounds memory access that could potentially lead to code execution. Versions 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 are affected.
….
然后网上查了下,的确会有这个问题,不过幸好可以通过更改库来解决。
首先下载新的cocos2d-x库(下载地址),下载后解压;
- 然后将解压文件夹中的libpng替换 cocos2dx/platform/third_party/android/prebuilt/libpng 这个目录
- 还有就是把zlib目录也拷贝到 cocos2dx/platform/third_party/android/prebuilt/zlib
- 最后找到cocos2dx目录下的Android.mk,修改以下内容
... LOCAL_WHOLE_STATIC_LIBRARIES += cocos_zlib_static ... $(call import-module,zlib) |
最后就是重新编译一下游戏,再次提交GooglePlay,完美通过~
- 本文固定链接: https://freemanapp.com/zh/?p=264
- 转载请注明: freeman 于 FreemanApp 发表
《修复google play提示的libpng库安全问题》有 1 条评论