Skip to content

Releases: bfabiszewski/libmobi

Version 0.11

28 May 07:32
@bfabiszewski bfabiszewski
v0.11
864e3a8
Compare
Choose a tag to compare
Version 0.11 Latest
Latest

This is mainly bug fix / security release.

  • fixed multiple buffer over-reads and null pointer dereferences that can be triggered with crafted input. The security impact of these bugs is low, they can cause crashes. These bugs were identified by extensive fuzzing by various researchers: jimoyong, dupingxin (NSFOCUS Tianji Lab), jieyongma (TDHX ICS Security), cnitlrt, beidasoft-cobot-oss-fuzz, han0nly. Some of these vulnerabilities have been assigned CVEs: CVE-2022-1533, CVE-2022-1534, CVE-2022-1907, CVE-2022-1908, CVE-2022-1987, CVE-2022-2279, CVE-2022-29788.
  • fixed potential leak in dictionary parsing on corrupt data
  • improved portability of encryption key generation
  • updated Xcode and MSVC projects
Assets 4

Version 0.10

21 Mar 17:57
@bfabiszewski bfabiszewski
v0.10
aac5b1f
Compare
Choose a tag to compare
Version 0.10

This release focuses on DRM functions:

  • adds functions to allow encryption of documents
  • improves decryption routines
  • adds new tool mobidrm that handles documents encryption and decryption

Other changes:

  • adds function to split hybrid files
  • adds helper functions for retrieving orthographic index entries
  • adds basic CMake support
  • small fixes in autotools project
Assets 4

Version 0.9

25 Oct 16:32
@bfabiszewski bfabiszewski
v0.9
c2a32ce
Compare
Choose a tag to compare
Version 0.9

Maintenance release

  • fixes configuration scripts creation with Autoconf 2.70 and newer
  • fixes MinGW Autotools builds
  • fixes out-of-tree (VPATH) builds
  • cleans up Autotools files
  • quiets compiler warning
Assets 5

Version 0.8

11 Oct 13:08
@bfabiszewski bfabiszewski
v0.8
40c2171
Compare
Choose a tag to compare
Version 0.8

Bug fix release

This release fixes two more potential out-of-buffer reads fuzzed by occia (CVE-2021-3881, CVE-2021-3888 , CVE-2021-3889).
They can be triggered by corrupt or crafted data.

Assets 4

Version 0.7

09 Sep 19:14
@bfabiszewski bfabiszewski
v0.7
c814c4a
Compare
Choose a tag to compare
Version 0.7

Bug fix release

This release fixes two issues that can be triggered by corrupt data.

  • buffer overflow (potential security issue, CVE-2021-3751)
  • null pointer dereference
Assets 4

Version 0.6

01 Aug 15:11
@bfabiszewski bfabiszewski
v0.6
8dd83ca
Compare
Choose a tag to compare
Version 0.6

Mostly cosmetic changes:

  • internal functions in buffer.c has been renamed with unique prefix to avoid conflicts when linking statically
  • fixed warnings when building with gcc 7 and 8: mainly implicit fall through and format truncation
  • minor documentation and dist package fixes
Assets 3

Version 0.5

24 Jun 15:02
@bfabiszewski bfabiszewski
v0.5
8f056fd
Compare
Choose a tag to compare
Version 0.5
  • add cover dump option to mobitool
  • fix static build with miniz
Assets 2

Version 0.4

20 Jun 10:50
@bfabiszewski bfabiszewski
v0.4
c81e3c7
Compare
Choose a tag to compare
Version 0.4
  • better handling of corrupted, old, third party generated files
  • simple write and metadata editing support
  • mobimeta tool
  • many small bug fixes
  • security fixes
Assets 3

Version 0.3

21 Mar 15:11
@bfabiszewski bfabiszewski
v0.3
6e86d6a
Compare
Choose a tag to compare
Version 0.3
  • functions for extracting basic document metadata
  • optional internal xmlwriter to remove dependency on libxml2
  • minor bug fixes

Attached files:

  • libmobi-0.3.tar.gz - source archive
  • statically built mobitool utility for various platforms
Assets 9

Version 0.2

26 Feb 16:47
@bfabiszewski bfabiszewski
v0.2
f8c9ff7
Compare
Choose a tag to compare
Version 0.2
  • increased stability, many bugs fixed
Assets 3