OpenSSL vulnerability

Report bugs and issues

Re: OpenSSL vulnerability

Postby psychicsoftware » 2014-06-17 16:40

Hmm this is strange. I updated one of my apps as a test, using Nicox's rebuild of the openssl libraries.. however Bluebox scanner still claims the app is using v 1.0.0a. Anyone else seeing this?

edit: ah, sorry. Was only copying into the libs folder not the obj folder
Sam.
psychicsoftware
Platinum Boarder
Platinum Boarder
 
Posts: 355
Joined: 2010-10-10 14:36
Location: Galway, Ireland

Re: OpenSSL vulnerability

Postby _geo_ » 2014-06-18 11:41

That´s right Google has no approval process but they still discovered the SSL issue so we assume that they will come again and check whether or not it has been fixed.

We are actually just waiting for them to NOT ban our apps because of the SSL issue.
fly yes, land no | | | |
_geo_
Gold Boarder
Gold Boarder
 
Posts: 201
Joined: 2010-10-30 14:32
Location: Austria

Re: OpenSSL vulnerability

Postby gamescorpion » 2014-06-18 18:38

SSL Fix Steps using new update NiCoX has provided (Detailed Steps):

PART 1 - UAT OpenSSL Update Steps:
1. Download and unzip zip file provided by NiCoX above (http://developer.shivaengine.com/Downlo ... 1.0.1h.zip)

2. Unzip the file and you will find 6 files. Copy these files by highlighting all of them and right clicking and selecting Copy.

3. On your PC Browse to C:\\Program Files (x86)\\ShiVa Technologies\\ShiVa Authoring Tool\\Data\\Windows\\Android\\Build

4. Paste all 6 unzipped files into this Build folder which will ask you to replace and overwrite all the files.

5. Your UAT is now up to date.

PART 2 - Eclipse App Update Steps:

BEFORE YOU BEGIN: FOR EACH APP you are updating in eclipse, you will have to complete these steps. There are TWO specific pairs of files that you will be copying from the 6 available in the zip files which we will go through (arm v5 and arm v7).

1. Download and unzip zip file provided by NiCoX above (http://developer.shivaengine.com/Downlo ... 1.0.1h.zip)

2. Unzip the file and you will find 6 files. Make note of the following 4 files:

LIBCRYPTO and LIBSSL:

libcrypto_arm_v5te.so
libcrypto_arm_v7a.so
libssl_arm_v5te.so
libssl_arm_v7a.so

3. Go to your Eclipse Workspace for your apps and navigate to a project libs folder. For example C:\\workspace\\MyGame\\libs. You will notice in this folder TWO folders (Specifically armeabi and armeabi-v7a)

4. Copy libcrypto_arm_v5te.so and libssl_arm_v5te.so to the armeabi folder.

5. Delete the libcrypto.so and libssl.so files.

6. RENAME libcrypto_arm_v5te.so to libcrypto.so and libssl_arm_v5te.so to libssl.so.

7. Go back up one level back to the libs folder

8. Open the armeabi-v7a folder

9. Copy libcrypto_arm_v7a.so and libssl_arm_v7a.so to the armeabi-v7a folder.

10. Delete the libcrypto.so and libssl.so files.

11. RENAME libcrypto_arm_v7a.so to libcrypto.so and libssl_arm_v7a.so to libssl.so.

12. REPEAT the above steps for EVERY app you wish to update to the new SSL

13. Open Eclipse and if you get any errors, CLEAN YOUR PROJECTS and restart Eclipse.

14. Your Eclipse projects are now up to date.

God Bless!

Nav
Game Scorpion Inc.
Armies of Riddle Collectible Card Game:
gamescorpion
Platinum Boarder
Platinum Boarder
 
Posts: 667
Joined: 2011-07-02 08:55
Location: Ontario, Canada

Re: OpenSSL vulnerability

Postby harold35 » 2014-06-19 15:35

about this ssl vulnerability can we expect an update of the UAT ? Normaly i have read somewhere that the last version is the last before shiva 2.0... But in this case an update of the uat could be helpfull.
harold35
Platinum Boarder
Platinum Boarder
 
Posts: 519
Joined: 2008-03-04 13:35

Re: OpenSSL vulnerability

Postby feng3d » 2014-06-25 16:19

I have a question...
About OpenSSL vulnerability.
If some old apps were before on the store but now are unpublished.
Do we need to update these unpublished apps in the Google Play Developer Console?
feng3d
Expert Boarder
Expert Boarder
 
Posts: 145
Joined: 2009-12-19 12:12

Re: OpenSSL vulnerability

Postby psychicsoftware » 2014-06-25 17:13

I assume this wouldn't be required, since they're unpublished.
Sam.
psychicsoftware
Platinum Boarder
Platinum Boarder
 
Posts: 355
Joined: 2010-10-10 14:36
Location: Galway, Ireland

Re: OpenSSL vulnerability

Postby feng3d » 2014-06-26 03:05

feng3d
Expert Boarder
Expert Boarder
 
Posts: 145
Joined: 2009-12-19 12:12

Re: OpenSSL vulnerability

Postby broozar » 2014-12-17 21:34

anyone still having problems with this: rebuild your games with ShiVa 2.0 (beta).

if for whatever reason that is not possible, here is the hotfix, uploaded to the new server:
http://www.shiva-engine.com/download/ho ... 1.0.1h.zip
User avatar
broozar
Administrator
Administrator
 
Posts: 4172
Joined: 2007-09-16 10:22
Location: Berlin - Germany

Re: OpenSSL vulnerability

Postby broozar » 2015-01-04 21:53

User avatar
broozar
Administrator
Administrator
 
Posts: 4172
Joined: 2007-09-16 10:22
Location: Berlin - Germany

Re: OpenSSL vulnerability

Postby fossillabs » 2016-03-31 21:45

Google play has again started emailing open SSL warning messages.

https://support.google.com/faqs/answer/6376725 - here is the extract.

The vulnerabilites have been addressed in 1.02f/1.01r

This forum was extremely helpful in solving this in the past , special thanks to boozer.

I desperately need help to fix this issue with latest SSL zip file.

Thanks in advance to anyone who can resolve this.
fossillabs
Junior Boarder
Junior Boarder
 
Posts: 29
Joined: 2014-02-01 00:30

PreviousNext

Return to Bugs

Who is online

Users browsing this forum: No registered users and 1 guest

cron