Android: Removing OpenCV older version will resolve Libpng Vulnerability warning? - libpng

I got an email from Google play store regarding - "Google Play warning: You are using a vulnerable version of libpng".
Email contains the below information -
https://support.google.com/faqs/answer/7011127
I didn't use libpng library in my application anywhere. But, In my android application, I am using the OpenCV2.4.5 library. After searching in the internet, I came to know that the OpenCV library uses the libpng.
My question - The upgrading of OpenCV2.4.5 to OpenCV3.1.0 will resolve "vulnerable version of libpng" warning?

The vulnerable version of libpng in OpenCV 2.4.x was updated in OpenCV 2.4.13.1.
It can be downloaded from here.
As #Simon says, OpenCV 3.x is not affected.
More info: #6694 OpenCV 2.x uses vulnerable version of libpng

Yes, now confirmed with Google: Updating to 3.1.0 will fix the issue - I've upgraded one of my apps to 3.1.0, and while there's a bit of a bug in Google's detection of this vulnerability, I've had confirmation from a support representative that the new version is not vulnerable to this issue.
--
Previous answer:
No - I've upgraded to 3.1.0 and still get the warning. Edit: see below for update
The OpenCV Android SDK hasn't been updated since December 2015, so hopefully a newer version this year will use a fixed version of libpng.
Edit: some odd behaviour on Google Play, and some digging into the version of libpng that that OpenCV 3.1.0 uses leads me to think that 3.1.0 is not vulnerable. I updated my app and the vulnerability warning was still there (with its warning text updated to the new APK version number). Now, however, Google Play has dismissed the alert, though it still confusingly refers to the new version as vulnerable.

Related

Sceneform Dependencies for 1.16.0 (Not AndroidX Compatible)

Hi all to those who are using Sceneform 1.16.0, there were several issues that I found disturbing. Do give me some advice if you know how to fix these issues.
After the Sceneform 1.15.0 plugin broke on newer Android Studio platform >3.6+, I made the shift to 1.16.0 on the advice of the github sceneform-sdk page. After installing the Sceneform sdk 1.16.0, I faced several major issues.
The sdk is not androidx compatible. Even though I changed the annotations to androidx manually: import androidx.annotation.Nullable; import androidx.annotation.RequiresApi;, some things just broke --> My ViewRenderables code cracks even though it is the typical sample codes taken from the github page. This is the code sample that is vaguely similar to my current code.
Node tigerTitleNode = new Node();
tigerTitleNode.setParent(model);
tigerTitleNode.setEnabled(false);
tigerTitleNode.setLocalPosition(new Vector3(0.0f, 1.0f, 0.0f));
ViewRenderable.builder()
.setView(this, R.layout.fragment_stage_data)
.build()
.thenAccept(
(renderable) -> {
tigerTitleNode.setRenderable(renderable);
tigerTitleNode.setEnabled(true);
})
.exceptionally(
(throwable) -> {
throw new AssertionError("Could not load card view.", throwable);
}
);
});
If I choose to use the old support packages implementation "com.android.support:appcompat-v7:28.0.0" as suggested on the github sample page, it is also a problem, for example, if I intend to use the newer support library packages in androidx, I would have difficulties managing code conflicts or bugs.
The state of Sceneform SDK libraries. From reddit chats, some people have suggested the shift to other rendering engines like Filament or other 3rd party game engines like Unity. I understand the difficulties of building the Sceneform libraries and managing them, but the sudden "deprecation" of this project is a problem to people who wish to do native programming for AR.
I find that it was also a disappointment that the 'newest' sample codes from 3 months ago (est. June 2020) were still using the old support libs when the some of the more fast-paced Google teams are already building on top androidx capabilities. (Sorry to fredsa, tpsiaki who has been so hard at work trying to help update the library from Filament engine 1.7.0, but I would like to see some codes written in androidx for reference).
Right now I hope to find somebody to actually give some suggestions to my current project:
Migrate the project to Filament/Unity
Downgrade my codes back to 1.15.0 and redo my project
Wait for somebody to fix the bug or I go fix the bug (which I don't know how to)
Btw, I also have a question on 1.17.1 and how different it is from 1.16.0, and why it is similar to 1.15.0
This is my code error and do assist if my project can be saved.
2020-09-01 11:46:43.335 3542-3571/? E/WindowManager: RemoteException occurs on reporting focusChanged, w=Window{41c8196 u0 com.sutd.swatapp/com.sutd.swatapp.mainactivity.MainActivity EXITING}
android.os.DeadObjectException
at android.os.BinderProxy.transactNative(Native Method)
at android.os.BinderProxy.transact(Binder.java:1145)
at android.view.IWindow$Stub$Proxy.windowFocusChanged(IWindow.java:500)
at com.android.server.wm.WindowState.reportFocusChangedSerialized(WindowState.java:3981)
at com.android.server.wm.WindowManagerService$H.handleMessage(WindowManagerService.java:5539)
at android.os.Handler.dispatchMessage(Handler.java:106)
at android.os.Looper.loop(Looper.java:214)
at android.os.HandlerThread.run(HandlerThread.java:65)
at com.android.server.ServiceThread.run(ServiceThread.java:44)
let me answer your question even if it is already a year old. It is true that the last released version of the original Sceneform SDK is not compatible with AndroidX. You can change this quite easily by yourself, but there are better options out there.
ARCore SDK for Android: Scratch Sceneform and work directly with ARCore, but that would require you to work with OpenGL.
Google ARCore SDK for Unity: If you know about Unity
Sceneform Maintained Android SDK: Based on Sceneform with latest compatibly and functionalities from Android (including androidx**), ARCore and Filament. Currently a small community is working on it to keep it up to date and to develop new features.
If you want to know more about the community maintained version of Sceneform check out this Medium Article

Module compiled with Swift 5.1 cannot be imported by the Swift 5.1.3 compiler

Check several publications with the same compilation error, and it really seems annoying that some libraries do not have support for current versions, well Apple also updates the Xcode many times along with the Swift version. Then after reviewing many publications and research, I discovered this post where they indicate:
Swift 5 provides binary compatibility for applications: a guarantee
that, in the future, an application created with one version of the
Swift compiler will be able to communicate with a library built with
another version. This applies even when using the version
compatibility mode from previous languages ​​(-swift-version 4.2).
In other cases, they indicate using carthage update --platform iOS --no-use-binaries but I am using cocoapod so I cannot use that solution and finally indicate enabling Build Libraries For Distribution, but nothing really worked for me until now and I can't help thinking that maybe tomorrow they will launch swift 5.1.4 and the support they make for swift 5.1.3 is unusable.
I really hope you can help me with the solution to the problem I present with the compilation error and if anyone knows about the post ABI STABILITY

OS X version for Tesseract-OCR?

As ios dev, the OCR ( https://github.com/gali8/Tesseract-OCR-iOS ) is quite good for iPhone devices.
How can easily get the OS X OCR version from this code ? Thanks,
You can compile tesseract and leptonica by yourself in Xcode. The resulting binary can be used in Mac and iOS as well. Check the Xcode examples here:
https://github.com/mcku/tesseract-osx
https://github.com/mcku/leptonica-osx
I got a version of Tesseract for my Mac 10.9 from the repository here: http://code.google.com/p/tesseract-ocr/downloads/list.
The documentation was here: http://code.google.com/p/tesseract-ocr/wiki/ReadMe
I did have download the specific language, as well.
The current home of Tesseract-OCR is here on GitHub.
They recommend installing on OSX using macports or homebrew. However, the current version available in macports is only 3.02 (same as on the archived google code site). If you require the more recent 3.04, you need to compile it yourself (just follow the instructions on the wiki page).

adding libz.1.2.3.dylib vs libz.1.1.3.dylib or libz.1.2.5.dylib

I am following this tutorial
The tutorial states to add libz.1.2.3.dylib. library, but because I have downloaded newer or older library (I don't know exactly if my library is newer or older that the library in the tutorial, but 99% it is newer). So, when I tried to add the libz.1.2.3.dylib. library, I didn't find it. However, when I typed libz I found these choices:
which one should I choose please?
In using dynamic libraries the one you normally use is libX.major_version.dylib in this case libz.1.2.dylib. This is a link to a library libX.major_version.minor_version.dylib which here is libz.1.2.5.dylib
The rationale for this is that the major version is changed only when the API is changed, the minor version is updated when any change is made. Thus your program should work when it uses any of the same major version and so you want the latest version.
In this case the tutorial had an older install and so its libz.1.2.dylib. should have pointed to libz.1.2.3.dylib.
For you you should use libz.1.2.5.dylib which should be like the tutorials version but with bug fixes and possibly extra functions that don't matter here as the tutorial won't call the new functions.
Normally libX.1.x.dylib would be older than libX.2.y.dylib but the writers might produce bug fixes to the old API whilst also working on the new API
Following on from the rational I gave libz.dylib should be a link to the highest number library but I would not use it as you are writing to a particular API so I would use a version specific (In this case if missing a link the I would not trust what libz.dylib points to)

iOS6 does not have libxml2.2.7.3.dylib.are there any substitutes?

I have made a project in xcode4.2 and when i opened it with xcode4.5 ,iOS 6 SDK it gives error 255 and the reason seems to be absence of libxml2.2.7.3.dylib.
What are my options is there any other substitute provided?
thanks
Xcode 4.5, or more precisely the iOS6 SDK (because the libraries available are dependent of the SDK, not the Xcode version) still has libxml2.2.dylib.
It is just probably not the version 2.2.7.3 but a newer, up-to-date 2.2.x.y version that is embedded in the SDK now.
You should generally not link your application with a specific version of libraries like that, but better with a generic version like libxml2.dylib or libxml2.2.dylib.
Generally libraries respect the semantic versionning, meaning that:
their major version change only when the API is not backward compatible with the previous major version,
the minor version change only when new methods are introduced in the API, but are still compatible with the previous API,
patch version means that some bug fixes have been made, but the API hasn't changed.
So if libxml respect this semantic versioning (and I guess is does, like quite every standard library), every version 2.2.x.y of libxml is API-compatible with any other 2.2.x.y version and will continue to work with your program. A hypothetic new version libxml2.2.x.z will simply fix bugs, but won't introduce any change in its API. And when a version of libxml2.3.x.y will arise, it will still be backward compatible with 2.1 and 2.2 too (just adding new features but not dropping the existing ones).
Thus, you can safely link your application with the generic library version libxml2.dylib, which will automatically point to the latest 2.x.y.z version available in the current SDK. Or link with libxml2.2.dylib which will point to the latest 2.2.x.y version (these are symbolic links to the latest versions, as all UNIX-like OSes use to do)
I think SDK for iOS6 just contains different version of libxml

Resources