Vulnerability
APK Version(s)
Libpng libraryThe vulnerabilities were fixed in libpng v1.0.66, v.1.2.56, v.1.4.19, v1.5.26 or higher. You can find more information about how resolve the issue in this Google Help Center article.
OpenSSLThe vulnerabilities were addressed in OpenSSL 1.0.2f/1.0.1r. To confirm your OpenSSL version, you can do a grep search for:
$ unzip -p YourApp.apk | strings | grep "OpenSSL"
You can find more information and next steps in this Google Help Center article.
- libpng漏洞, 更新最新的libpng:
cocos2dx目录为: /Applications/android/cocos2dx/cocos2dx2.2.6_fixlibpng/cocos2dx/platform/third_party/android/prebuilt/libpng
解决文章:
https://stackoverflow.com/questions/37852634/cocos2dx-libpng-google-play-notification-june-2016
http://blog.csdn.net/qingzijin2010/article/details/52037723
下载链接:
https://sourceforge.net/projects/libpng/files/
https://pan.baidu.com/s/1slhAznv
检查:
unzip -p pro.android.xx.apk | strings | grep "libpng"
直接检查libcocos2dcpp.so文件
strings libcocos2dcpp.so | grep libpng
2.OpenSSL 漏洞
cocos2dx的 curl存在漏洞, 修复方法是找到修补后的版本, 然后替换
解决文章:
http://blog.cocos2d-x.org/2016/04/openssl-update/
http://forum.cocos.com/t/cocos2dx-3-x-curl-openssl/37338
http://www.bengigi.com/cocos2d-x-fix-for-openssl-problem/
http://blog.csdn.net/zhongjuelong/article/details/70242788
http://www.bubuko.com/infodetail-1063060.html
下载链接:
OpenSSL 1.0.1h
http://download.csdn.net/detail/lwuit/8675511
检查:
unzip -p YourApp.apk | strings | grep "OpenSSL"
直接检查libcocos2dcpp.so文件
strings libcocos2dcpp.so | grep "OpenSSL"
3.确保cocos2dx环境变量对应正确
mac下的cocos2dx环境变量并不会根据eclipse引用cocos2dx java项目而更改, 害的我改了半天也没用
4.确保cocos2dx资源对应正确
手头上有好几版cocos2dx版本, 这导致了内容混淆, 而且我之前的项目是通过cocos2dx 2.2.5生成的, 然后改系统变量和android.mk配置都无效, 最后eclipse内部搜索工程设置里的path, 找到对应的c++编译路径, 修改掉.
5.最后的最后别忘了删掉libs和obj下的文件, 否则会产生缓存冲突
6.不用必须release出apk来监测版本, 直接对libcocos2dcpp.so就可以查询
最后截取两个版本的检测信息
libpng:
OpenSSL:(比较长, 只截了部分的, 只要找到版本是更新的就对了)
