Sorry your browser is not supported!

You are using an outdated browser that does not support modern web technologies, in order to use this site please update to a new browser.

Browsers supported include Chrome, FireFox, Safari, Opera, Internet Explorer 10+ or Microsoft Edge.

AppGameKit Classic Chat / Securtity Alert - Libpng

Author
Message
Polaraul
9
Years of Service
User Offline
Joined: 13th Dec 2014
Location:
Posted: 15th Jun 2016 17:33 Edited at: 15th Jun 2016 18:10
Link
This has just appeared in the Google Play Developer Console on all four of the Android apps I created with AGK. How do I fix this please?

Your app is using a version of libpng containing a security vulnerability. Please see this Google Help Centre article for details, including the deadline for fixing the vulnerability.

Affects APK version 1.

https://support.google.com/faqs/answer/7011127
Back to top
Profile PM
lmr2013
11
Years of Service
User Offline
Joined: 15th Jul 2013
Location:
Posted: 15th Jun 2016 19:43
Link
Same here .. with our google app.

"Please migrate your app(s) to libpng v1.0.66, v.1.2.56, v.1.4.19, v1.5.26 or higher as soon as possible and increment the version number of the upgraded APK. Beginning 17 Sep 2016, Google Play will block publishing of any new apps or updates that use vulnerable versions of libpng"

any idea how to fix ?
http://2bigpixels.com/
Back to top
Profile PM Website
Jack
20
Years of Service
User Offline
Joined: 4th Oct 2004
Location: [Germany]
Posted: 15th Jun 2016 21:52
Link
You can't fix this, it's Paul's job. I hope he finds that information.

[/url]
Back to top
Profile PM Email Website
CJB
Valued Member
20
Years of Service
User Offline
Joined: 10th Feb 2004
Location: Essex, UK
Posted: 15th Jun 2016 21:56
Link
Same here with all my AppGameKit apps in Google Play store. Ideally would need to recompile and resubmit with the latest LIBPNG (http://libpng.sourceforge.net/index.html), although the help page states: "Your published app version will remain unaffected, however any updates to the app will be blocked unless they address this vulnerability.".

@Paul: Are you able to make sure the next (hopefully imminent) release of AppGameKit includes a version of LIBPNG that addresses the CVE-2015-8540 vuln. Thanks!


V2 T1 (Mostly)
Phone Tap!
Uzmadesign
Back to top
Profile PM Email Website
Gordon@PuddleduckApps
8
Years of Service
User Offline
Joined: 15th Jun 2016
Location:
Posted: 16th Jun 2016 00:17
Link
I've had the same alert on all 30+ of my apps on Google Play ... was only expecting to see the usual Google thing of "we've changed blah blah blah" etc etc ... bit of a shock to see the same alert listed that many times, lol.
Back to top
Profile PM Email
Paul Johnston
TGC Developer
22
Years of Service
User Offline
Joined: 16th Nov 2002
Location: United Kingdom
Posted: 16th Jun 2016 02:45
Link
Thanks for letting me know, I've updated AppGameKit to use libPNG 1.5.27 for the next version, which will be well before the 17th Sept deadline.
Back to top
Profile PM Email
Jack
20
Years of Service
User Offline
Joined: 4th Oct 2004
Location: [Germany]
Posted: 16th Jun 2016 02:54 Edited at: 16th Jun 2016 02:56
Link
Quote: "which will be well before the 17th Sept deadline."


Woah, nice!
I am so dependent on a working .DAE importer right now, in 2.019 it's broken and not working on android anymore.
I would also like to use (aka this is urgent) the fused orientation commands on my S7, because of Samsung Gear you know, they are still broken in 2.019.
If you get this done fast, I can find at least eight new AppGameKit users.

[/url]
Back to top
Profile PM Email Website
Paul Johnston
TGC Developer
22
Years of Service
User Offline
Joined: 16th Nov 2002
Location: United Kingdom
Posted: 16th Jun 2016 03:14
Link
Quote: "I am so dependent on a working .DAE importer right now, in 2.019 it's broken and not working on android anymore."

I'm not familiar with any issues with .DAE files, there was an issue with .FBX but that has been fixed. Can you send me a link to the thread discussing this problem?

Quote: "I would also like to use (aka this is urgent) the fused orientation commands on my S7, because of Samsung Gear you know, they are still broken in 2.019. "

Unfortunately if it doesn't work in 2.0.19 then I'm not sure what else I can do. We now request the minimum possible refresh time on the rotation vector sensor (or 16 milliseconds, whichever is greater), but this is only a guide and the device may update at a different rate.
Back to top
Profile PM Email
Jack
20
Years of Service
User Offline
Joined: 4th Oct 2004
Location: [Germany]
Posted: 16th Jun 2016 06:45 Edited at: 16th Jun 2016 06:48
Link
Quote: "Can you send me a link to the thread discussing this problem?"

I mentioned it the first time in the 2.019 beta thread and thought it's already done, once I got no response and the thread got unsticky.
But the .DAE format is based on the .FBX format, so maybe it will work too.

I attached you some .DAE objects. Would you be so kind and test them?

Quote: "We now request the minimum possible refresh time on the rotation vector sensor"

The strange part is, that the accelerometer and gyro was broken in 2.018 too on the S7, but they are working perfectly now in 2.019.
It looks like one of the sensors in the fused sensor code, I think the accelerometer, does not get the new refresh rate. :/

If you have no Idea, I have to build a custom sensor fusion code in AppGameKit with the working RAW sensors.
My problem is, that I am stuck right now with 2.019 I can't go back because of new commands, that are essential for my code.

I heard you have the Matrix4 commands already in the code and waiting for release, or have I heard something wrong?

[/url]

Attachments

Login to view attachments
Back to top
Profile PM Email Website
CJB
Valued Member
20
Years of Service
User Offline
Joined: 10th Feb 2004
Location: Essex, UK
Posted: 16th Jun 2016 09:43
Link
I think the issue is that the "built in" fused sensor commands are not sufficient for proper, solid 3D orientation detection or SLAM (Simultaneous Localisation And Mapping). Paul would have to put in some serious hours implementing a Kalman Filter algorithm to get a fused sensor reading we could use for head tracking, not just expose the built-in fused-sensor from NDK.
V2 T1 (Mostly)
Phone Tap!
Uzmadesign
Back to top
Profile PM Email Website
Jack
20
Years of Service
User Offline
Joined: 4th Oct 2004
Location: [Germany]
Posted: 16th Jun 2016 15:23 Edited at: 16th Jun 2016 15:31
Link
Quote: "I think the issue is that the "built in" fused sensor commands are not sufficient for proper
"

They work pretty well on my old Samsung S3, but not on the new Samsung S7. But the sensor rate on the S7 is good outside AGK.

Quote: "serious hours implementing a Kalman Filter algorithm to get a fused sensor reading"

I already started building one, there is a lot of scientific material flying around the net, we just have to implement the current kalman filter logic
in AppGameKit or NDK.

Paul, please take a look at this: https://sourceforge.net/projects/kalman/files/kalman/

KFilter is a library implementing an Extended Kalman Filter in C++. Configurable template classes are available. Subclassing allows to define different matrix contents for the filter to work with. Kalman filters are used for some time now, in aeronautics, robot vision and robotics in general. It is useful to estimate a state vector and correct the estimation by using measures taken from sensors. Its main uses is for tracking or data fusion. The library is fully operational and has been used in two research projects at Ecole Polytechnique de Montreal.

Hammer time!

[/url]
Back to top
Profile PM Email Website
Paul Johnston
TGC Developer
22
Years of Service
User Offline
Joined: 16th Nov 2002
Location: United Kingdom
Posted: 16th Jun 2016 15:33
Link
Quote: "I attached you some .DAE objects. Would you be so kind and test them?"

Thanks, fixed for the next version. The crash was caused by the mesh having multiple primitive types (triangle and polygon) in a single mesh, which Android wasn't handling properly.

Quote: "It looks like one of the sensors in the fused sensor code, I think the accelerometer, does not get the new refresh rate."

If the accelerometer by itself is working then it should be working for the fused rotation vector. If I had to guess I'd suspect the magnetometer isn't updating frequently.

Quote: "I heard you have the Matrix4 commands already in the code and waiting for release"

AGK uses some internal matrix functions to handle things like the view and world matrices, but they are not exposed to Tier 1, and are definitely not "waiting for release". I'll have a look at them when I'm next working on the 3D commands.

If you have any more questions please start a new thread.
Back to top
Profile PM Email
IBOL
Retired Moderator
20
Years of Service
User Offline
Joined: 30th Mar 2004
Location: @IBOL17
Posted: 16th Jun 2016 18:07
Link
This thread has been derailed, but it seems to have solved that side-issue as well.

I was terrified by the alert I got from google play, and very happy to see that Paul is aware of it and going to fix it.

Thanks TGC!

http://ibology.org/
Back to top
Profile PM Email Website
Back to top

Login to post a reply

Server time is: 2024-11-25 06:56:53
Your offset time is: 2024-11-25 06:56:53