sys-fs/fuseiso: revbump for security patches

This fixes CVE-2015-8837 and another possible
vulnerability using patches from Debian.

Bug: https://bugs.gentoo.org/713328
Package-Manager: Portage-2.3.103, Repoman-2.3.23
Signed-off-by: Sam James <sam@gentoo.org>

3 files changed, 79 insertions, 0 deletions

diff --git a/sys-fs/fuseiso/files/fuseiso-20070708-CVE-2015-8837.patch b/sys-fs/fuseiso/files/fuseiso-20070708-CVE-2015-8837.patch
new file mode 100644
index 000000000000..1e760fd89f66
--- /dev/null
+++ b/sys-fs/fuseiso/files/fuseiso-20070708-CVE-2015-8837.patch
@@ -0,0 +1,35 @@
+Description: Prevent stack-based buffer overflow on too-long path names
+Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
+
+--- a/src/isofs.c
++++ b/src/isofs.c
+@@ -1532,13 +1532,23 @@
+             if(path[1] != '\0') { // not root dir
+                 strcat(absolute_entry, "/");
+             };
+-            strcat(absolute_entry, entry);
+-            if(g_hash_table_lookup(lookup_table, absolute_entry)) {
+-                // already in lookup cache
++
++            if(strlen(absolute_entry) + strlen(entry) <= PATH_MAX-1) {
++                strcat(absolute_entry, entry);
++                if(g_hash_table_lookup(lookup_table, absolute_entry)) {
++                    // already in lookup cache
++                    isofs_free_inode(inode);
++                } else {
++                    g_hash_table_insert(lookup_table, g_strdup(absolute_entry), inode);
++                };
++            }
++            else {
++                printf("readdir: absolute path name for entry '%s' exceeding PATH_MAX (%d)\n", entry, PATH_MAX);
+                 isofs_free_inode(inode);
+-            } else {
+-                g_hash_table_insert(lookup_table, g_strdup(absolute_entry), inode);
+-            };
++                free(buf);
++                free(entry);
++                return -EIO;
++            }
+             
+             free(entry);
+             
diff --git a/sys-fs/fuseiso/files/fuseiso-20070708-integer-overflow.patch b/sys-fs/fuseiso/files/fuseiso-20070708-integer-overflow.patch
new file mode 100644
index 000000000000..83c2c9451a61
--- /dev/null
+++ b/sys-fs/fuseiso/files/fuseiso-20070708-integer-overflow.patch
@@ -0,0 +1,16 @@
+Description: Prevent integer overflow in ZISO code
+Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
+
+--- a/src/isofs.c
++++ b/src/isofs.c
+@@ -1618,6 +1618,10 @@
+ };
+ 
+ static int isofs_real_read_zf(isofs_inode *inode, char *out_buf, size_t size, off_t offset) {
++    if( inode->zf_block_shift > 17 ) {
++        fprintf(stderr, "isofs_real_read_zf: can't handle ZF block size of 2^%d\n", inode->zf_block_shift);
++        return -EIO;
++    }
+     int zf_block_size = 1 << inode->zf_block_shift;
+     int zf_start = offset / zf_block_size;
+     int zf_end = (offset + size) / zf_block_size;
diff --git a/sys-fs/fuseiso/fuseiso-20070708-r3.ebuild b/sys-fs/fuseiso/fuseiso-20070708-r3.ebuild
new file mode 100644
index 000000000000..a49b359127b3
--- /dev/null
+++ b/sys-fs/fuseiso/fuseiso-20070708-r3.ebuild
@@ -0,0 +1,28 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+DESCRIPTION="Fuse module to mount ISO9660"
+HOMEPAGE="https://sourceforge.net/projects/fuseiso"
+SRC_URI="http://superb-dca2.dl.sourceforge.net/project/${PN}/${PN}/${PV}/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~ppc64 ~x86"
+
+RDEPEND="sys-fs/fuse:0=
+	sys-libs/zlib
+	dev-libs/glib:2"
+
+DEPEND="${RDEPEND}"
+BDEPEND="virtual/pkgconfig"
+
+DOCS=( AUTHORS ChangeLog NEWS README )
+
+PATCHES=(
+	"${FILESDIR}/${P}-largeiso.patch"
+	"${FILESDIR}/${P}-fix-typo.patch"
+	"${FILESDIR}/${P}-CVE-2015-8837.patch"
+	"${FILESDIR}/${P}-integer-overflow.patch"
+)