Bug 786591 – Unable to publish android app on google play store

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 786591 - Unable to publish android app on google play store


Summary:	Unable to publish android app on google play store


Status:	RESOLVED INCOMPLETE

Product:	GStreamer
Classification:	Platform
Component:	gstreamer (core)
Version:	1.x
Hardware:	Other Windows

Importance:	Normal critical
Target Milestone:	NONE
Assigned To:	GStreamer Maintainers
QA Contact:	GStreamer Maintainers

URL:
Whiteboard:

Duplicates:	787310 (view as bug list)
Depends on:
Blocks:

Reported:	2017-08-22 05:04 UTC by chaman
Modified:	2018-01-19 18:22 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description chaman 2017-08-22 05:04:05 UTC

Error:(634, 58) error: format string is not a string literal (potentially insecure) [-Werror,-Wformat-security]


GnuTLS
The vulnerabilities were addressed in GnuTLS v.3.1.25, 3.2.15, 3.3.4 and higher. For more information and next steps, please see this Google Help Center article.


Libpng library
The vulnerabilities were fixed in libpng v1.0.66, v.1.2.56, v.1.4.19, v1.5.26 or higher. You can find more information about how resolve the issue in this Google Help Center article.

Comment 1 Sebastian Dröge (slomo) 2017-09-06 08:38:37 UTC

*** Bug 787310 has been marked as a duplicate of this bug. ***

Comment 2 Sebastian Dröge (slomo) 2017-09-06 08:39:51 UTC

Can you provide some more information about what you're doing to reproduce this problem?

Comment 3 Sebastian Dröge (slomo) 2017-09-06 08:58:48 UTC

This should solve the GnuTLS/libpng warning at least:

commit df9dde73f2ba223d7ef56447b8c470a3747b322c (HEAD -> master, origin/master, origin/HEAD)
Author: Sebastian Dröge <sebastian@centricular.com>
Date:   Wed Sep 6 11:57:47 2017 +0300

    gnutls/libtasn: Update to 3.5.15 / 4.12

commit 756fc247cb15878597506ccdc1d5fed62dce4b7d
Author: Sebastian Dröge <sebastian@centricular.com>
Date:   Wed Sep 6 11:41:27 2017 +0300

    libpng: Update to 1.6.31
    
    Fixes a couple of security issues.


Not sure where the other one comes from, you'll have to provide more information.

Comment 4 Sebastian Dröge (slomo) 2017-09-06 09:14:01 UTC

Marking this bug as public as there's no secret information in here, it's all publically known anyway.

Also marking this bug as secret and having it assigned to some random person caused it to be not noticed by any GStreamer developers in the last month.

Comment 5 Tim-Philipp Müller 2018-01-19 18:22:18 UTC

Can't really do more without further information.

Some gl code that could have caused such warnings (but was not a problem in practice since it just used variables that were assigned to string literals) was fixed in git master recently after the move to -base for what it's worth.

Closing this bug report as no further information has been provided. Please feel free to reopen this bug report if you can provide the information that was asked for in a previous comment.
Thanks!