DoubangoTelecom / imsdroid

High Quality Video SIP/IMS client for Google Android
https://doubango.org
Other
296 stars 169 forks source link

OpenSSL version is vulnerable to logjam (1.0.2a) #578

Closed behelit closed 8 years ago

behelit commented 8 years ago

Subject: Google Play warning: You are using a vulnerable version of OpenSSL

Hello Google Play Developer, Your app(s) listed at the end of this email utilize a version of OpenSSL that contains one or more security vulnerabilities. If you have more than 20 affected apps in your account, please check the Developer Console for a full list. Please migrate your app(s) to OpenSSL 1.02f/1.01r or higher as soon as possible and increment the version number of the upgraded APK. Beginning July 11, 2016, Google Play will block publishing of any new apps or updates that use older versions of OpenSSL. If you’re using a 3rd party library that bundles OpenSSL, you’ll need to upgrade it to a version that bundles OpenSSL 1.02f/1.01r or higher. The vulnerabilities were addressed in OpenSSL 1.02f/1.01r. The latest versions of OpenSSL can be downloaded here. To confirm your OpenSSL version, you can do a grep search for ($ unzip -p YourApp.apk | strings | grep "OpenSSL").

Is there a way to easily update the OpenSSL version used?

gang018 commented 8 years ago

any solution?

gang018 commented 8 years ago

@behelit check out latest commit on master https://github.com/DoubangoTelecom/imsdroid/commit/7454f8db01423e90d59823664ec109a5f9a3afc4

seems like it is a fix. I will try it today

gang018 commented 8 years ago

I've successfully implemented commit https://github.com/DoubangoTelecom/imsdroid/commit/7454f8db01423e90d59823664ec109a5f9a3afc4 All is working fine, alert on Google Play disappeared. So issue can be closed

kosmich87 commented 7 years ago

Can you update OpenSSL and commit new *.so libs. Please.