Version 0.12

• Fix some build issues:
  • build with libxml >= 2.12
  • CMake debug build with MSVC
  • clang warnings
• Minor fix: potential undefined behavior on corrupt input
• Code cleanup

Version 0.11

This is mainly bug fix / security release.

• fixed multiple buffer over-reads and null pointer dereferences that can be triggered with crafted input. The security impact of these bugs is low, they can cause crashes. These bugs were identified by extensive fuzzing by various researchers: jimoyong, dupingxin (NSFOCUS Tianji Lab), jieyongma (TDHX ICS Security), cnitlrt, beidasoft-cobot-oss-fuzz, han0nly. Some of these vulnerabilities have been assigned CVEs: CVE-2022-1533, CVE-2022-1534, CVE-2022-1907, CVE-2022-1908, CVE-2022-1987, CVE-2022-2279, CVE-2022-29788.
• fixed potential leak in dictionary parsing on corrupt data
• improved portability of encryption key generation
• updated Xcode and MSVC projects

Version 0.10

This release focuses on DRM functions:

• adds functions to allow encryption of documents
• improves decryption routines
• adds new tool mobidrm that handles documents encryption and decryption

Other changes:

• adds function to split hybrid files
• adds helper functions for retrieving orthographic index entries
• adds basic CMake support
• small fixes in autotools project

Version 0.9

Maintenance release

• fixes configuration scripts creation with Autoconf 2.70 and newer
• fixes MinGW Autotools builds
• fixes out-of-tree (VPATH) builds
• cleans up Autotools files
• quiets compiler warning

Version 0.8

Bug fix release

This release fixes two more potential out-of-buffer reads fuzzed by occia (CVE-2021-3881, CVE-2021-3888 , CVE-2021-3889).
They can be triggered by corrupt or crafted data.

Version 0.7

Bug fix release

This release fixes two issues that can be triggered by corrupt data.

• buffer overflow (potential security issue, CVE-2021-3751)
• null pointer dereference

Version 0.6

Mostly cosmetic changes:

• internal functions in buffer.c has been renamed with unique prefix to avoid conflicts when linking statically
• fixed warnings when building with gcc 7 and 8: mainly implicit fall through and format truncation
• minor documentation and dist package fixes

Version 0.5

• add cover dump option to mobitool
• fix static build with miniz

Version 0.4

• better handling of corrupted, old, third party generated files
• simple write and metadata editing support
• mobimeta tool
• many small bug fixes
• security fixes

Version 0.3

• functions for extracting basic document metadata
• optional internal xmlwriter to remove dependency on libxml2
• minor bug fixes

Attached files:

• libmobi-0.3.tar.gz - source archive
• statically built mobitool utility for various platforms