debian/0000775000000000000000000000000012707464323007200 5ustar debian/manpages0000664000000000000000000000002112066255017010703 0ustar debian/fuseiso.1 debian/docs0000664000000000000000000000000712066255017010044 0ustar README debian/rules0000775000000000000000000000024212233216420010241 0ustar #!/usr/bin/make -f # -*- makefile -*- # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 export LDFLAGS=-Wl,-z,defs %: dh $@ --with autotools_dev debian/copyright0000664000000000000000000000206312066255017011130 0ustar Format-Specification: http://dep.debian.net/deps/dep5 Files: debian/* Copyright: © 2007-2012, David Paleino License: GPL-2+ Files: * Copyright: © 2005, Dmitry Morozhnikov License: GPL-2+ License: GPL-2+ This package is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. . This package is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. . You should have received a copy of the GNU General Public License along with this package; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA X-Comment: on Debian systems, the complete text of the GNU General Public License v2 can be found in `/usr/share/common-licenses/GPL-2'. debian/changelog0000664000000000000000000000522112707464166011057 0ustar fuseiso (20070708-3+deb7u1ubuntu14.04.1) trusty-security; urgency=medium * merge from Debian -- Steve Beattie Mon, 25 Apr 2016 11:53:20 -0700 fuseiso (20070708-3+deb7u1) wheezy-security; urgency=high * Non-maintainer upload by the Wheezy LTS Team. * debian/patches (Closes: #779047): (patches copied from the Squeeze version) + CVE-2015-8837 Add 02-prevent-buffer-overflow.patch. Prevent stack-based buffer overflow when concatenating strings to an absolute path name. Prevention is done by checking that the result will stay under the maximum path length as given by the platforms PATH_MAX constant. + CVE-2015-8836 Add 03-prevent-integer-overflow.patch. Prevent integer overflow in ZISO code. Bail out if a ZF block size > 2^17 is to be read. -- Thorsten Alteholz Thu, 24 Mar 2016 18:03:02 +0100 fuseiso (20070708-3ubuntu1) trusty; urgency=low * Use the autotools-dev dh addon to update config.guess/config.sub for new ports. -- Colin Watson Sun, 27 Oct 2013 07:03:24 -0700 fuseiso (20070708-3) unstable; urgency=low * Renamed dependency from fuse-utils to fuse (Closes: #689009) * Fixed typo in sourcecode (Closes: #598021) * Updated years in debian/copyright -- David Paleino Tue, 25 Dec 2012 08:47:20 +0100 fuseiso (20070708-2) unstable; urgency=low * Maintenance release * debian/control: - moved old Homepage pseudo-field into the new field in the source stanza - added Vcs-Git and Vcs-Browser fields - Standards-Version bumped to 3.8.4 - removed Build-Depends on manpage-generation tools - updated my e-mail address - debhelper dependency bumped to 7 * debian/rules: - rewritten to use dh7 * debian/fuseiso.1 manually written, remove fuseiso.1.xml * debian/compat bumped to 7 * debian/copyright updated to be DEP5-compliant * debian/manpages added * debian/docs: don't install NEWS file * debian/source/format: 3.0 (quilt) * debian/patches/: - 00-support_large_iso.patch added, imported from Fedora, thanks to Thomas Bittermann -- David Paleino Wed, 16 Jun 2010 21:42:52 +0200 fuseiso (20070708-1) unstable; urgency=low * New upstream release - 20070708: - Patch by Ryan Thomas to fix race condition with ZISO files. - Patch by Chandan Dutta Chowdhury to fix compilation on RHEL3/RHEL4. -- David Paleino Sat, 08 Sep 2007 19:31:56 +0200 fuseiso (20070507-1) unstable; urgency=low * Initial release (Closes: #426857) -- David Paleino Wed, 31 May 2007 13:35:39 +0200 debian/control0000664000000000000000000000154012233216453010574 0ustar Source: fuseiso Section: admin Priority: optional Maintainer: Ubuntu Developers XSBC-Original-Maintainer: David Paleino Build-Depends: debhelper (>= 7) , autotools-dev , libfuse-dev , zlib1g-dev , libglib2.0-dev Standards-Version: 3.8.4 Homepage: http://fuse.sourceforge.net/wiki/index.php/FuseIso Vcs-Git: git://git.debian.org/git/collab-maint/fuseiso.git Vcs-Browser: http://git.debian.org/?p=collab-maint/fuseiso.git Package: fuseiso Architecture: any Depends: ${shlibs:Depends} , ${misc:Depends} , fuse Description: FUSE module to mount ISO filesystem images This package provides a module to mount ISO filesystem images using FUSE. With FUSE it is possible to implement a fully functional filesystem in a userspace program. . It can also mount single-tracks .BIN, .MDF, .IMG and .NRG. debian/fuseiso.10000664000000000000000000000324212066255017010734 0ustar .TH FUSEISO 1 "February 2010" .SH NAME fuseiso \- FUSE module to mount ISO filesystem images .SH SYNOPSIS .B fuseiso [\fBoptions\fR] <\fIISO image\fR> <\fImount point\fR> [\fIFUSE library options\fR] .SH DESCRIPTION This manual page documents briefly the \fBfuseiso\fR command. .PP \fBfuseiso\fR provides a module to mount ISO filesystem images using FUSE. .PP With FUSE it is possible to implement a fully functional filesystem in a userspace program. .PP \fBfuseiso\fR can read ISO, BIN and NRG images containing ISO9660 filesystems. Along with it, it supports some common extensions, like Joliet, RockRidge and zisofs. .PP It also supports non\-standard images, like CloneCD's IMGs and Alcohol 120%'s MDFs, as their format looks exactly like BIN images. One major limitation of BIN images is that \fBfuseiso\fR does not handle CUE files in any way, and thus can only work with the first track of those images. .PP Other formats like CCD and MDS are not supported, since their format is not public and no one knows it. .SH OPTIONS .TP .B \-n Do \fInot\fR maintain \fI~/.mtab.fuseiso\fR. .TP .B \-p Maintain mount point, create it if it doesn't exist and delete it on exit. .TP .BI \-c " iocharset" Specify \fIiocharset\fR for Joliet filesystems. .TP .B \-h Prints an help screen. .SH Common FUSE library options .TP .B \-f Run in foreground, do not daemonize. .TP .B \-d Run in foreground and print debug information. .TP .B \-s Run single-threaded. .SH SEE ALSO .BR fusermount (1), .SH AUTHOR \fBfuseiso\fR was written by \fBDmitry Morozhnikov\fR . .PP This manual page was written by \fBDavid Paleino\fR , for the Debian project (and may be used by others). debian/patches/0000775000000000000000000000000012707463623010631 5ustar debian/patches/00-support_large_iso.patch0000664000000000000000000000514212066255017015623 0ustar From: Thomas Bittermann Subject: handle larger than 4GB isos Origin: vendor, http://koji.fedoraproject.org/koji/buildinfo?buildID=149397 Bug-Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=440436 --- src/isofs.c | 6 +++--- src/isofs.h | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) --- fuseiso.orig/src/isofs.c +++ fuseiso/src/isofs.c @@ -178,7 +178,7 @@ int isofs_real_preinit( char* imagefile, context.data_size = isonum_723(context.pd.logical_block_size); if(!context.block_size) { - fprintf(stderr, "init: wrong block data size %d, using default 2048\n", context.data_size); + fprintf(stderr, "init: wrong block data size %Lu, using default 2048\n", context.data_size); context.data_size = 2048; }; @@ -324,7 +324,7 @@ void* isofs_real_init() { if(context.block_size != 2048) { // report unusual data block size - printf("Data block size: %d\n", context.block_size); + printf("Data block size: %Lu\n", context.block_size); }; char buf[129]; @@ -479,7 +479,7 @@ static int isofs_read_raw_block(int bloc }; size_t len = read(context.fd, buf, context.data_size); if(len != context.data_size) { - fprintf(stderr, "isofs_read_raw_block: can`t read full block, read only %d bytes from offset %d, %d required; errno %d, message %s\n", + fprintf(stderr, "isofs_read_raw_block: can`t read full block, read only %d bytes from offset %d, %Lu required; errno %d, message %s\n", len, (int) off, context.data_size, errno, strerror(errno)); fprintf(stderr, "isofs_read_raw_block: huh? reading zeros beyond file end? someone want to save a penny?\n"); memset(buf + len, 0, context.data_size - len); --- fuseiso.orig/src/isofs.h +++ fuseiso/src/isofs.h @@ -38,9 +38,9 @@ typedef struct _isofs_context { struct iso_directory_record *root; int file_offset; // offset to begin of useful data (for .nrg files) int id_offset; // offset to CD001 inside file - size_t block_size; // raw block size - size_t block_offset; // offset from block start to data - size_t data_size; // data size inside block + off_t block_size; // raw block size + off_t block_offset; // offset from block start to data + off_t data_size; // data size inside block int susp; // parse susp entries int susp_skip; // skip bytes from susp SP entry int joliet_level; // joliet extension level (1, 2 or 3) debian/patches/series0000664000000000000000000000016012707463623012043 0ustar 00-support_large_iso.patch 01-fix_typo.patch 02-prevent-buffer-overflow.patch 03-prevent-integer-overflow.patch debian/patches/01-fix_typo.patch0000664000000000000000000000144412066255017013726 0ustar From: Jakub Wilk Subject: fix typo in sourcecode Origin: vendor, http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598021 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598021 --- src/fuseiso.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- fuseiso.orig/src/fuseiso.c +++ fuseiso/src/fuseiso.c @@ -295,7 +295,7 @@ void usage(const char* prog) { " -f -- run in foreground, do not daemonize\n" " -d -- run in foreground and print debug information\n" " -s -- run single-threaded\n" - "\nPlease consult with FUSE ducumentation for more information\n", + "\nPlease consult with FUSE documentation for more information\n", VERSION, prog); }; debian/patches/03-prevent-integer-overflow.patch0000664000000000000000000000112212707463623017045 0ustar Description: Prevent integer overflow in ZISO code Author: Mike Gabriel --- a/src/isofs.c +++ b/src/isofs.c @@ -1618,6 +1618,10 @@ }; static int isofs_real_read_zf(isofs_inode *inode, char *out_buf, size_t size, off_t offset) { + if( inode->zf_block_shift > 17 ) { + fprintf(stderr, "isofs_real_read_zf: can't handle ZF block size of 2^%d\n", inode->zf_block_shift); + return -EIO; + } int zf_block_size = 1 << inode->zf_block_shift; int zf_start = offset / zf_block_size; int zf_end = (offset + size) / zf_block_size; debian/patches/02-prevent-buffer-overflow.patch0000664000000000000000000000251212707463623016664 0ustar Description: Prevent stack-based buffer overflow on too-long path names Author: Mike Gabriel --- a/src/isofs.c +++ b/src/isofs.c @@ -1532,13 +1532,23 @@ if(path[1] != '\0') { // not root dir strcat(absolute_entry, "/"); }; - strcat(absolute_entry, entry); - if(g_hash_table_lookup(lookup_table, absolute_entry)) { - // already in lookup cache + + if(strlen(absolute_entry) + strlen(entry) <= PATH_MAX-1) { + strcat(absolute_entry, entry); + if(g_hash_table_lookup(lookup_table, absolute_entry)) { + // already in lookup cache + isofs_free_inode(inode); + } else { + g_hash_table_insert(lookup_table, g_strdup(absolute_entry), inode); + }; + } + else { + printf("readdir: absolute path name for entry '%s' exceeding PATH_MAX (%d)\n", entry, PATH_MAX); isofs_free_inode(inode); - } else { - g_hash_table_insert(lookup_table, g_strdup(absolute_entry), inode); - }; + free(buf); + free(entry); + return -EIO; + } free(entry); debian/watch0000664000000000000000000000007712066255017010231 0ustar version=3 http://ubiz.ru/dm/fuseiso-([[:digit:]].*)\.tar\.bz2 debian/compat0000664000000000000000000000000212066255017010372 0ustar 7 debian/source/0000775000000000000000000000000012066255017010474 5ustar debian/source/format0000664000000000000000000000001412066255017011702 0ustar 3.0 (quilt)