uCrop
uCrop copied to clipboard
Outdated "libpng" Library Contains Known Security Flaw
Description
Current behavior:
Library appears to be using an outdated version of "libpng" (1.6.22), which contains a known severe vulnerability.
Expected behavior:
The "libpng" version has been updated to at least 1.6.32
Version
uCrop: 2.2.8-native
@shliama do you have any idea how to do it in the ucrop package? To be honest I tried but after half a day I have no clue @A-Yatsyk
@dmitriy1morozov Can you help?
@alicja-mruk as far as I remember (complied these native libs 6 years ago) - all the 3rd-party libraries like libpng
& libjpeg
were static global dependencies (basically, C++ files on my laptop) that were compiled into the .so
files https://github.com/Yalantis/uCrop/tree/develop/ucrop/src/main/jniLibs as per config file https://github.com/Yalantis/uCrop/blob/develop/ucrop/src/main/jni/Android.mk
In order to recompile the files inside the jniLibs folder, one should have the latest libpng
& libjpeg
dependencies available on their development machine, updated Android.mk
& Application.mk
scripts, some luck & use ndk build.
Easier said than done, but that's how the opens source works.
@shliama I tried to do it for 2 days and I gave up do if someone will handle that please ping me and describe step by step how to do it