diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..d450213
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+SOURCES/ntfs-3g_ntfsprogs-2015.3.14.tgz
diff --git a/.libguestfs-winsupport.metadata b/.libguestfs-winsupport.metadata
new file mode 100644
index 0000000..2f1bc36
--- /dev/null
+++ b/.libguestfs-winsupport.metadata
@@ -0,0 +1 @@
+0ebd9adffd5a6ddcfbacade6be8efe1eba4b1a08 SOURCES/ntfs-3g_ntfsprogs-2015.3.14.tgz
diff --git a/SOURCES/0001-Fixed-reporting-an-error-when-failed-to-build-the-mo.patch b/SOURCES/0001-Fixed-reporting-an-error-when-failed-to-build-the-mo.patch
new file mode 100644
index 0000000..1a90ba1
--- /dev/null
+++ b/SOURCES/0001-Fixed-reporting-an-error-when-failed-to-build-the-mo.patch
@@ -0,0 +1,63 @@
+From 85c1634a26faa572d3c558d4cf8aaaca5202d4e9 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= <jean-pierre.andre@wanadoo.fr>
+Date: Wed, 19 Dec 2018 15:57:50 +0100
+Subject: [PATCH] Fixed reporting an error when failed to build the mountpoint
+
+The size check was inefficient because getcwd() uses an unsigned int
+argument.
+---
+ src/lowntfs-3g.c | 6 +++++-
+ src/ntfs-3g.c    | 6 +++++-
+ 2 files changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/src/lowntfs-3g.c b/src/lowntfs-3g.c
+index 993867fa..0660439b 100644
+--- a/src/lowntfs-3g.c
++++ b/src/lowntfs-3g.c
+@@ -4411,7 +4411,8 @@ int main(int argc, char *argv[])
+ 	else {
+ 		ctx->abs_mnt_point = (char*)ntfs_malloc(PATH_MAX);
+ 		if (ctx->abs_mnt_point) {
+-			if (getcwd(ctx->abs_mnt_point,
++			if ((strlen(opts.mnt_point) < PATH_MAX)
++			    && getcwd(ctx->abs_mnt_point,
+ 				     PATH_MAX - strlen(opts.mnt_point) - 1)) {
+ 				strcat(ctx->abs_mnt_point, "/");
+ 				strcat(ctx->abs_mnt_point, opts.mnt_point);
+@@ -4419,6 +4420,9 @@ int main(int argc, char *argv[])
+ 			/* Solaris also wants the absolute mount point */
+ 				opts.mnt_point = ctx->abs_mnt_point;
+ #endif /* defined(__sun) && defined (__SVR4) */
++			} else {
++				free(ctx->abs_mnt_point);
++				ctx->abs_mnt_point = (char*)NULL;
+ 			}
+ 		}
+ 	}
+diff --git a/src/ntfs-3g.c b/src/ntfs-3g.c
+index 6ce89fef..4e0912ae 100644
+--- a/src/ntfs-3g.c
++++ b/src/ntfs-3g.c
+@@ -4148,7 +4148,8 @@ int main(int argc, char *argv[])
+ 	else {
+ 		ctx->abs_mnt_point = (char*)ntfs_malloc(PATH_MAX);
+ 		if (ctx->abs_mnt_point) {
+-			if (getcwd(ctx->abs_mnt_point,
++			if ((strlen(opts.mnt_point) < PATH_MAX)
++			    && getcwd(ctx->abs_mnt_point,
+ 				     PATH_MAX - strlen(opts.mnt_point) - 1)) {
+ 				strcat(ctx->abs_mnt_point, "/");
+ 				strcat(ctx->abs_mnt_point, opts.mnt_point);
+@@ -4156,6 +4157,9 @@ int main(int argc, char *argv[])
+ 			/* Solaris also wants the absolute mount point */
+ 				opts.mnt_point = ctx->abs_mnt_point;
+ #endif /* defined(__sun) && defined (__SVR4) */
++			} else {
++				free(ctx->abs_mnt_point);
++				ctx->abs_mnt_point = (char*)NULL;
+ 			}
+ 		}
+ 	}
+-- 
+2.20.1
+
diff --git a/SOURCES/0001-unistr.c-Enable-encoding-broken-UTF-16-into-broken-U.patch b/SOURCES/0001-unistr.c-Enable-encoding-broken-UTF-16-into-broken-U.patch
new file mode 100644
index 0000000..7412dc4
--- /dev/null
+++ b/SOURCES/0001-unistr.c-Enable-encoding-broken-UTF-16-into-broken-U.patch
@@ -0,0 +1,172 @@
+From d9c61dd60ec484909f70b7a916ada3a93af94b60 Mon Sep 17 00:00:00 2001
+From: Erik Larsson <mechie@users.sourceforge.net>
+Date: Fri, 8 Apr 2016 05:39:48 +0200
+Subject: [PATCH 1/2] unistr.c: Enable encoding broken UTF-16 into broken
+ UTF-8, A.K.A. WTF-8.
+
+Windows filenames may contain invalid UTF-16 sequences (specifically
+broken surrogate pairs), which cannot be converted to UTF-8 if we do
+strict conversion.
+
+This patch enables encoding broken UTF-16 into similarly broken UTF-8 by
+encoding any surrogate character that don't have a match into a separate
+3-byte UTF-8 sequence.
+
+This is "sort of" valid UTF-8, but not valid Unicode since the code
+points used for surrogate pair encoding are not supposed to occur in a
+valid Unicode string... but on the other hand the source UTF-16 data is
+also broken, so we aren't really making things any worse.
+
+This format is sometimes referred to as WTF-8 (Wobbly Translation
+Format, 8-bit encoding) and is a common solution to represent broken
+UTF-16 as UTF-8.
+
+It is a lossless round-trip conversion, i.e converting from broken
+UTF-16 to "WTF-8" and back to UTF-16 yields the same broken UTF-16
+sequence. Because of this property it enables accessing these files
+by filename through ntfs-3g and the ntfsprogs (e.g. ls -la works as
+expected).
+
+To disable this behaviour you can pass the preprocessor/compiler flag
+'-DALLOW_BROKEN_SURROGATES=0' when building ntfs-3g.
+---
+ libntfs-3g/unistr.c | 67 +++++++++++++++++++++++++++++++++++++++++++++++++++--
+ 1 file changed, 65 insertions(+), 2 deletions(-)
+
+diff --git a/libntfs-3g/unistr.c b/libntfs-3g/unistr.c
+index 7f278cd..71802aa 100644
+--- a/libntfs-3g/unistr.c
++++ b/libntfs-3g/unistr.c
+@@ -61,6 +61,11 @@
+ 
+ #define NOREVBOM 0  /* JPA rejecting U+FFFE and U+FFFF, open to debate */
+ 
++#ifndef ALLOW_BROKEN_SURROGATES
++/* Erik allowing broken UTF-16 surrogate pairs by default, open to debate. */
++#define ALLOW_BROKEN_SURROGATES 1
++#endif /* !defined(ALLOW_BROKEN_SURROGATES) */
++
+ /*
+  * IMPORTANT
+  * =========
+@@ -462,8 +467,22 @@ static int utf16_to_utf8_size(const ntfschar *ins, const int ins_len, int outs_l
+ 			if ((c >= 0xdc00) && (c < 0xe000)) {
+ 				surrog = FALSE;
+ 				count += 4;
+-			} else 
++			} else {
++#if ALLOW_BROKEN_SURROGATES
++				/* The first UTF-16 unit of a surrogate pair has
++				 * a value between 0xd800 and 0xdc00. It can be
++				 * encoded as an individual UTF-8 sequence if we
++				 * cannot combine it with the next UTF-16 unit
++				 * unit as a surrogate pair. */
++				surrog = FALSE;
++				count += 3;
++
++				--i;
++				continue;
++#else
+ 				goto fail;
++#endif /* ALLOW_BROKEN_SURROGATES */
++			}
+ 		} else
+ 			if (c < 0x80)
+ 				count++;
+@@ -473,6 +492,10 @@ static int utf16_to_utf8_size(const ntfschar *ins, const int ins_len, int outs_l
+ 				count += 3;
+ 			else if (c < 0xdc00)
+ 				surrog = TRUE;
++#if ALLOW_BROKEN_SURROGATES
++			else if (c < 0xe000)
++				count += 3;
++#endif /* ALLOW_BROKEN_SURROGATES */
+ #if NOREVBOM
+ 			else if ((c >= 0xe000) && (c < 0xfffe))
+ #else
+@@ -487,7 +510,11 @@ static int utf16_to_utf8_size(const ntfschar *ins, const int ins_len, int outs_l
+ 		}
+ 	}
+ 	if (surrog) 
++#if ALLOW_BROKEN_SURROGATES
++		count += 3; /* ending with a single surrogate */
++#else
+ 		goto fail;
++#endif /* ALLOW_BROKEN_SURROGATES */
+ 
+ 	ret = count;
+ out:
+@@ -548,8 +575,24 @@ static int ntfs_utf16_to_utf8(const ntfschar *ins, const int ins_len,
+ 				*t++ = 0x80 + ((c >> 6) & 15) + ((halfpair & 3) << 4);
+ 				*t++ = 0x80 + (c & 63);
+ 				halfpair = 0;
+-			} else 
++			} else {
++#if ALLOW_BROKEN_SURROGATES
++				/* The first UTF-16 unit of a surrogate pair has
++				 * a value between 0xd800 and 0xdc00. It can be
++				 * encoded as an individual UTF-8 sequence if we
++				 * cannot combine it with the next UTF-16 unit
++				 * unit as a surrogate pair. */
++				*t++ = 0xe0 | (halfpair >> 12);
++				*t++ = 0x80 | ((halfpair >> 6) & 0x3f);
++				*t++ = 0x80 | (halfpair & 0x3f);
++				halfpair = 0;
++
++				--i;
++				continue;
++#else
+ 				goto fail;
++#endif /* ALLOW_BROKEN_SURROGATES */
++			}
+ 		} else if (c < 0x80) {
+ 			*t++ = c;
+ 	    	} else {
+@@ -562,6 +605,13 @@ static int ntfs_utf16_to_utf8(const ntfschar *ins, const int ins_len,
+ 		        	*t++ = 0x80 | (c & 0x3f);
+ 			} else if (c < 0xdc00)
+ 				halfpair = c;
++#if ALLOW_BROKEN_SURROGATES
++			else if (c < 0xe000) {
++				*t++ = 0xe0 | (c >> 12);
++				*t++ = 0x80 | ((c >> 6) & 0x3f);
++				*t++ = 0x80 | (c & 0x3f);
++			}
++#endif /* ALLOW_BROKEN_SURROGATES */
+ 			else if (c >= 0xe000) {
+ 				*t++ = 0xe0 | (c >> 12);
+ 				*t++ = 0x80 | ((c >> 6) & 0x3f);
+@@ -570,6 +620,13 @@ static int ntfs_utf16_to_utf8(const ntfschar *ins, const int ins_len,
+ 				goto fail;
+ 	        }
+ 	}
++#if ALLOW_BROKEN_SURROGATES
++	if (halfpair) { /* ending with a single surrogate */
++		*t++ = 0xe0 | (halfpair >> 12);
++		*t++ = 0x80 | ((halfpair >> 6) & 0x3f);
++		*t++ = 0x80 | (halfpair & 0x3f);
++	}
++#endif /* ALLOW_BROKEN_SURROGATES */
+ 	*t = '\0';
+ 	
+ #if defined(__APPLE__) || defined(__DARWIN__)
+@@ -693,10 +750,16 @@ static int utf8_to_unicode(u32 *wc, const char *s)
+ 			/* Check valid ranges */
+ #if NOREVBOM
+ 			if (((*wc >= 0x800) && (*wc <= 0xD7FF))
++#if ALLOW_BROKEN_SURROGATES
++			  || ((*wc >= 0xD800) && (*wc <= 0xDFFF))
++#endif /* ALLOW_BROKEN_SURROGATES */
+ 			  || ((*wc >= 0xe000) && (*wc <= 0xFFFD)))
+ 				return 3;
+ #else
+ 			if (((*wc >= 0x800) && (*wc <= 0xD7FF))
++#if ALLOW_BROKEN_SURROGATES
++			  || ((*wc >= 0xD800) && (*wc <= 0xDFFF))
++#endif /* ALLOW_BROKEN_SURROGATES */
+ 			  || ((*wc >= 0xe000) && (*wc <= 0xFFFF)))
+ 				return 3;
+ #endif
+-- 
+2.10.2
+
diff --git a/SOURCES/0002-unistr.c-Unify-the-two-defines-NOREVBOM-and-ALLOW_BR.patch b/SOURCES/0002-unistr.c-Unify-the-two-defines-NOREVBOM-and-ALLOW_BR.patch
new file mode 100644
index 0000000..3467837
--- /dev/null
+++ b/SOURCES/0002-unistr.c-Unify-the-two-defines-NOREVBOM-and-ALLOW_BR.patch
@@ -0,0 +1,170 @@
+From f0370bfa9c47575d4e47c94e443aa91983683a43 Mon Sep 17 00:00:00 2001
+From: Erik Larsson <mechie@users.sourceforge.net>
+Date: Tue, 12 Apr 2016 17:02:40 +0200
+Subject: [PATCH 2/2] unistr.c: Unify the two defines NOREVBOM and
+ ALLOW_BROKEN_SURROGATES.
+
+In the mailing list discussion we came to the conclusion that there
+doesn't seem to be any reason to keep these declarations separate since
+they address the same issue, namely libntfs-3g's tolerance for bad
+Unicode data in filenames and other UTF-16 strings in the file system,
+so merge the two defines into the new define ALLOW_BROKEN_UNICODE.
+---
+ libntfs-3g/unistr.c | 58 +++++++++++++++++++++++------------------------------
+ 1 file changed, 25 insertions(+), 33 deletions(-)
+
+diff --git a/libntfs-3g/unistr.c b/libntfs-3g/unistr.c
+index 71802aa..753acc0 100644
+--- a/libntfs-3g/unistr.c
++++ b/libntfs-3g/unistr.c
+@@ -59,12 +59,11 @@
+ #include "logging.h"
+ #include "misc.h"
+ 
+-#define NOREVBOM 0  /* JPA rejecting U+FFFE and U+FFFF, open to debate */
+-
+-#ifndef ALLOW_BROKEN_SURROGATES
+-/* Erik allowing broken UTF-16 surrogate pairs by default, open to debate. */
+-#define ALLOW_BROKEN_SURROGATES 1
+-#endif /* !defined(ALLOW_BROKEN_SURROGATES) */
++#ifndef ALLOW_BROKEN_UNICODE
++/* Erik allowing broken UTF-16 surrogate pairs and U+FFFE and U+FFFF by default,
++ * open to debate. */
++#define ALLOW_BROKEN_UNICODE 1
++#endif /* !defined(ALLOW_BROKEN_UNICODE) */
+ 
+ /*
+  * IMPORTANT
+@@ -468,7 +467,7 @@ static int utf16_to_utf8_size(const ntfschar *ins, const int ins_len, int outs_l
+ 				surrog = FALSE;
+ 				count += 4;
+ 			} else {
+-#if ALLOW_BROKEN_SURROGATES
++#if ALLOW_BROKEN_UNICODE
+ 				/* The first UTF-16 unit of a surrogate pair has
+ 				 * a value between 0xd800 and 0xdc00. It can be
+ 				 * encoded as an individual UTF-8 sequence if we
+@@ -481,7 +480,7 @@ static int utf16_to_utf8_size(const ntfschar *ins, const int ins_len, int outs_l
+ 				continue;
+ #else
+ 				goto fail;
+-#endif /* ALLOW_BROKEN_SURROGATES */
++#endif /* ALLOW_BROKEN_UNICODE */
+ 			}
+ 		} else
+ 			if (c < 0x80)
+@@ -492,15 +491,13 @@ static int utf16_to_utf8_size(const ntfschar *ins, const int ins_len, int outs_l
+ 				count += 3;
+ 			else if (c < 0xdc00)
+ 				surrog = TRUE;
+-#if ALLOW_BROKEN_SURROGATES
++#if ALLOW_BROKEN_UNICODE
+ 			else if (c < 0xe000)
+ 				count += 3;
+-#endif /* ALLOW_BROKEN_SURROGATES */
+-#if NOREVBOM
+-			else if ((c >= 0xe000) && (c < 0xfffe))
+-#else
+ 			else if (c >= 0xe000)
+-#endif
++#else
++			else if ((c >= 0xe000) && (c < 0xfffe))
++#endif /* ALLOW_BROKEN_UNICODE */
+ 				count += 3;
+ 			else 
+ 				goto fail;
+@@ -510,11 +507,11 @@ static int utf16_to_utf8_size(const ntfschar *ins, const int ins_len, int outs_l
+ 		}
+ 	}
+ 	if (surrog) 
+-#if ALLOW_BROKEN_SURROGATES
++#if ALLOW_BROKEN_UNICODE
+ 		count += 3; /* ending with a single surrogate */
+ #else
+ 		goto fail;
+-#endif /* ALLOW_BROKEN_SURROGATES */
++#endif /* ALLOW_BROKEN_UNICODE */
+ 
+ 	ret = count;
+ out:
+@@ -576,7 +573,7 @@ static int ntfs_utf16_to_utf8(const ntfschar *ins, const int ins_len,
+ 				*t++ = 0x80 + (c & 63);
+ 				halfpair = 0;
+ 			} else {
+-#if ALLOW_BROKEN_SURROGATES
++#if ALLOW_BROKEN_UNICODE
+ 				/* The first UTF-16 unit of a surrogate pair has
+ 				 * a value between 0xd800 and 0xdc00. It can be
+ 				 * encoded as an individual UTF-8 sequence if we
+@@ -591,7 +588,7 @@ static int ntfs_utf16_to_utf8(const ntfschar *ins, const int ins_len,
+ 				continue;
+ #else
+ 				goto fail;
+-#endif /* ALLOW_BROKEN_SURROGATES */
++#endif /* ALLOW_BROKEN_UNICODE */
+ 			}
+ 		} else if (c < 0x80) {
+ 			*t++ = c;
+@@ -605,13 +602,13 @@ static int ntfs_utf16_to_utf8(const ntfschar *ins, const int ins_len,
+ 		        	*t++ = 0x80 | (c & 0x3f);
+ 			} else if (c < 0xdc00)
+ 				halfpair = c;
+-#if ALLOW_BROKEN_SURROGATES
++#if ALLOW_BROKEN_UNICODE
+ 			else if (c < 0xe000) {
+ 				*t++ = 0xe0 | (c >> 12);
+ 				*t++ = 0x80 | ((c >> 6) & 0x3f);
+ 				*t++ = 0x80 | (c & 0x3f);
+ 			}
+-#endif /* ALLOW_BROKEN_SURROGATES */
++#endif /* ALLOW_BROKEN_UNICODE */
+ 			else if (c >= 0xe000) {
+ 				*t++ = 0xe0 | (c >> 12);
+ 				*t++ = 0x80 | ((c >> 6) & 0x3f);
+@@ -620,13 +617,13 @@ static int ntfs_utf16_to_utf8(const ntfschar *ins, const int ins_len,
+ 				goto fail;
+ 	        }
+ 	}
+-#if ALLOW_BROKEN_SURROGATES
++#if ALLOW_BROKEN_UNICODE
+ 	if (halfpair) { /* ending with a single surrogate */
+ 		*t++ = 0xe0 | (halfpair >> 12);
+ 		*t++ = 0x80 | ((halfpair >> 6) & 0x3f);
+ 		*t++ = 0x80 | (halfpair & 0x3f);
+ 	}
+-#endif /* ALLOW_BROKEN_SURROGATES */
++#endif /* ALLOW_BROKEN_UNICODE */
+ 	*t = '\0';
+ 	
+ #if defined(__APPLE__) || defined(__DARWIN__)
+@@ -748,21 +745,16 @@ static int utf8_to_unicode(u32 *wc, const char *s)
+ 			    | ((u32)(s[1] & 0x3F) << 6)
+ 			    | ((u32)(s[2] & 0x3F));
+ 			/* Check valid ranges */
+-#if NOREVBOM
++#if ALLOW_BROKEN_UNICODE
+ 			if (((*wc >= 0x800) && (*wc <= 0xD7FF))
+-#if ALLOW_BROKEN_SURROGATES
+ 			  || ((*wc >= 0xD800) && (*wc <= 0xDFFF))
+-#endif /* ALLOW_BROKEN_SURROGATES */
+-			  || ((*wc >= 0xe000) && (*wc <= 0xFFFD)))
+-				return 3;
+-#else
+-			if (((*wc >= 0x800) && (*wc <= 0xD7FF))
+-#if ALLOW_BROKEN_SURROGATES
+-			  || ((*wc >= 0xD800) && (*wc <= 0xDFFF))
+-#endif /* ALLOW_BROKEN_SURROGATES */
+ 			  || ((*wc >= 0xe000) && (*wc <= 0xFFFF)))
+ 				return 3;
+-#endif
++#else
++			if (((*wc >= 0x800) && (*wc <= 0xD7FF))
++			  || ((*wc >= 0xe000) && (*wc <= 0xFFFD)))
++				return 3;
++#endif /* ALLOW_BROKEN_UNICODE */
+ 		}
+ 		goto fail;
+ 					/* four-byte */
+-- 
+2.10.2
+
diff --git a/SOURCES/CVE-2015-3202.patch b/SOURCES/CVE-2015-3202.patch
new file mode 100644
index 0000000..6e5cf08
--- /dev/null
+++ b/SOURCES/CVE-2015-3202.patch
@@ -0,0 +1,80 @@
+--- ntfs-3g_ntfsprogs-2015.3.14/libfuse-lite/mount_util.c.ref	2015-03-14 15:10:12.000000000 +0100
++++ ntfs-3g_ntfsprogs-2015.3.14/libfuse-lite/mount_util.c	2015-05-18 11:02:50.330654300 +0200
+@@ -66,6 +66,7 @@ 
+         return -1;
+     }
+     if (res == 0) {
++        char *env = NULL;
+         char templ[] = "/tmp/fusermountXXXXXX";
+         char *tmp;
+ 
+@@ -87,8 +88,8 @@ 
+             exit(1);
+         }
+         rmdir(tmp);
+-        execl("/sbin/mount", "/sbin/mount", "-F", type, "-o", opts,
+-              fsname, mnt, NULL);
++        execle("/sbin/mount", "/sbin/mount", "-F", type, "-o", opts,
++              fsname, mnt, NULL, &env);
+         fprintf(stderr, "%s: failed to execute /sbin/mount: %s\n", progname,
+                 strerror(errno));
+         exit(1);
+@@ -120,9 +121,16 @@ 
+         return -1;
+     }
+     if (res == 0) {
++        char *env = NULL;
++
+         setuid(geteuid());
+-        execl("/sbin/umount", "/sbin/umount", !lazy ? "-f" : NULL, mnt,
+-              NULL);
++        if (lazy) {
++            execle("/sbin/umount", "/sbin/umount", mnt,
++                   NULL, &env);
++        } else {
++            execle("/sbin/umount", "/sbin/umount", "-f", mnt,
++                   NULL, &env);
++        }
+         fprintf(stderr, "%s: failed to execute /sbin/umount: %s\n", progname,
+                 strerror(errno));
+         exit(1);
+@@ -302,6 +310,7 @@ 
+         return 0;
+     }
+     if (res == 0) {
++        char *env = NULL;
+         char templ[] = "/tmp/fusermountXXXXXX";
+         char *tmp;
+ 
+@@ -325,8 +334,8 @@ 
+             exit(1);
+         }
+         rmdir(tmp);
+-        execl("/bin/mount", "/bin/mount", "-i", "-f", "-t", type, "-o", opts,
+-              fsname, mnt, NULL);
++        execle("/bin/mount", "/bin/mount", "-i", "-f", "-t", type, "-o", opts,
++               fsname, mnt, NULL, &env);
+         fprintf(stderr, "%s: failed to execute /bin/mount: %s\n", progname,
+                 strerror(errno));
+         exit(1);
+@@ -353,11 +362,18 @@ 
+         return -1;
+     }
+     if (res == 0) {
++        char *env = NULL;
++
+         if (setuid(geteuid()))
+             fprintf(stderr, "%s: failed to setuid : %s\n", progname,
+                          strerror(errno));
+-        execl("/bin/umount", "/bin/umount", "-i", mnt, lazy ? "-l" : NULL,
+-              NULL);
++        if (lazy) {
++            execle("/bin/umount", "/bin/umount", "-i", mnt, "-l",
++                   NULL, &env);
++        } else {
++            execle("/bin/umount", "/bin/umount", "-i", mnt,
++                   NULL, &env);
++        }
+         fprintf(stderr, "%s: failed to execute /bin/umount: %s\n", progname,
+                 strerror(errno));
+         exit(1);
diff --git a/SOURCES/ntfs-3g_ntfsprogs-2011.10.9-RC-ntfsck-unsupported-return-0.patch b/SOURCES/ntfs-3g_ntfsprogs-2011.10.9-RC-ntfsck-unsupported-return-0.patch
new file mode 100644
index 0000000..8fd39c6
--- /dev/null
+++ b/SOURCES/ntfs-3g_ntfsprogs-2011.10.9-RC-ntfsck-unsupported-return-0.patch
@@ -0,0 +1,16 @@
+diff -up ntfs-3g_ntfsprogs-2011.10.9-RC/ntfsprogs/ntfsck.c.OLD ntfs-3g_ntfsprogs-2011.10.9-RC/ntfsprogs/ntfsck.c
+--- ntfs-3g_ntfsprogs-2011.10.9-RC/ntfsprogs/ntfsck.c.OLD	2011-10-11 10:24:02.381335115 -0400
++++ ntfs-3g_ntfsprogs-2011.10.9-RC/ntfsprogs/ntfsck.c	2011-10-11 10:26:41.513559206 -0400
+@@ -877,7 +877,11 @@ int main(int argc, char **argv)
+ 	if (errors)
+ 		return 2;
+ 	if (unsupported)
+-		return 1;
++		ntfs_log_info("ntfsck was unable to run properly.\n");
++		// If we return 1 here, we fail for ntfs services fscking on boot just because
++		// ntfsck isn't smart enough to handle 99% of cases. So, we just return 0.
++		// return 1;
++		return 0;
+ 	return 0;
+ }
+ 
diff --git a/SPECS/libguestfs-winsupport.spec b/SPECS/libguestfs-winsupport.spec
new file mode 100644
index 0000000..4c26e0c
--- /dev/null
+++ b/SPECS/libguestfs-winsupport.spec
@@ -0,0 +1,173 @@
+%global         ntfs_version 2015.3.14
+
+# debuginfo makes no sense for this package, so disable it
+%global         debug_package %{nil}
+
+Name:           libguestfs-winsupport
+Version:        7.2
+Release:        3%{?dist}
+Summary:        Add support for Windows guests to virt-v2v and virt-p2v
+
+URL:            http://www.ntfs-3g.org/
+License:        GPLv2+
+ExclusiveArch:  aarch64 x86_64
+
+# This package shouldn't be installed without installing the base
+# libguestfs package.
+Requires:       libguestfs >= 1:1.28.1
+
+# Source and patches for ntfs.  Try to keep this in step with Fedora.
+Source0:        http://tuxera.com/opensource/ntfs-3g_ntfsprogs-%{ntfs_version}.tgz
+
+Patch0:         ntfs-3g_ntfsprogs-2011.10.9-RC-ntfsck-unsupported-return-0.patch
+Patch1:         CVE-2015-3202.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=1301593#c8
+Patch2:         0001-unistr.c-Enable-encoding-broken-UTF-16-into-broken-U.patch
+Patch3:         0002-unistr.c-Unify-the-two-defines-NOREVBOM-and-ALLOW_BR.patch
+# CVE-2019-9755 (https://bugzilla.redhat.com/show_bug.cgi?id=1698502)
+Patch4:         0001-Fixed-reporting-an-error-when-failed-to-build-the-mo.patch
+
+BuildRequires:  libtool, libattr-devel
+BuildRequires:  libconfig-devel, libgcrypt-devel, gnutls-devel, libuuid-devel
+
+
+%description
+This optional package adds support for Windows guests (NTFS) to the
+virt-v2v and virt-p2v programs.
+
+
+%prep
+%setup -q -n ntfs-3g_ntfsprogs-%{ntfs_version}
+%patch0 -p1 -b .unsupported
+%patch1 -p1 -b .cve
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
+
+
+%build
+CFLAGS="$RPM_OPT_FLAGS -D_FILE_OFFSET_BITS=64"
+%configure \
+        --disable-static \
+        --disable-ldconfig \
+        --exec-prefix=/ \
+        --enable-crypto \
+        --enable-extras \
+        --enable-quarantined
+make %{?_smp_mflags} LIBTOOL=%{_bindir}/libtool
+
+
+%install
+# Build it into a destdir which is not the final buildroot.
+mkdir destdir
+make LIBTOOL=%{_bindir}/libtool DESTDIR=$(pwd)/destdir install
+rm -rf destdir/%{_libdir}/*.la
+rm -rf destdir/%{_libdir}/*.a
+
+rm -rf destdir/%{_sbindir}/mount.ntfs-3g
+cp -a destdir/%{_bindir}/ntfs-3g destdir/%{_sbindir}/mount.ntfs-3g
+
+# Actually make some symlinks for simplicity...
+# ... since we're obsoleting ntfsprogs-fuse
+pushd destdir/%{_bindir}
+ln -s ntfs-3g ntfsmount
+popd
+pushd destdir/%{_sbindir}
+ln -s mount.ntfs-3g mount.ntfs-fuse
+# And since there is no other package in Fedora that provides an ntfs 
+# mount...
+ln -s mount.ntfs-3g mount.ntfs
+# Need this for fsck to find it
+ln -s ../bin/ntfsck fsck.ntfs
+popd
+mv destdir/sbin/* destdir/%{_sbindir}
+rmdir destdir/sbin
+
+# We get this on our own, thanks.
+rm -r destdir/%{_defaultdocdir}
+
+# Remove development files.
+rm -r destdir/%{_includedir}
+rm -r destdir/%{_libdir}/pkgconfig
+
+# Take the destdir and put it into a tarball for the libguestfs appliance.
+mkdir -p %{buildroot}%{_libdir}/guestfs/supermin.d
+pushd destdir
+tar zcf %{buildroot}%{_libdir}/guestfs/supermin.d/zz-winsupport.tar.gz .
+popd
+
+
+%files
+%doc AUTHORS ChangeLog COPYING CREDITS NEWS README
+
+%{_libdir}/guestfs/supermin.d/zz-winsupport.tar.gz
+
+
+%changelog
+* Wed Apr 10 2017 Richard W.M. Jones <rjones@redhat.com> - 7.2-3
+- Fix for CVE-2019-9755
+  (heap-based buffer overflow leads to local root privilege escalation)
+  resolves: rhbz#1698502
+
+* Wed Feb 22 2017 Richard W.M. Jones <rjones@redhat.com> - 7.2-2
+- Fix for handling guest filenames with invalid or incomplete
+  multibyte or wide characters
+  resolves: rhbz#1301593
+
+* Tue Jul 07 2015 Richard W.M. Jones <rjones@redhat.com> - 7.2-1
+- Rebase and rebuild for RHEL 7.2
+  resolves: rhbz#1240278
+
+* Tue Jun 30 2015 Richard W.M. Jones <rjones@redhat.com> - 7.1-6
+- Bump version and rebuild.
+  related: rhbz#1221583
+
+* Fri May 15 2015 Richard W.M. Jones <rjones@redhat.com> - 7.1-5
+- Enable aarch64 architecture.
+  resolves: rhbz#1221583
+
+* Thu Aug 28 2014 Richard W.M. Jones <rjones@redhat.com> - 7.1-4
+- Enable debuginfo support and stripping.
+  resolves: rhbz#1100319
+
+* Thu Aug 28 2014 Richard W.M. Jones <rjones@redhat.com> - 7.1-3
+- Add patches from Fedora package which add fstrim support.
+  resolves: rhbz#1100319
+
+* Mon Jul 21 2014 Richard W.M. Jones <rjones@redhat.com> - 7.1-2
+- New package for RHEL 7.1
+- Rebase to ntfs-3g 2014.2.15
+  resolves: rhbz#1100319
+- Change the package so it works with supermin5.
+- Remove dependency on external FUSE.
+
+* Wed Apr  3 2013 Richard W.M. Jones <rjones@redhat.com> - 7.0-2
+- Resync against Rawhide package (ntfs-3g 2013.1.13).
+- Drop HAL file since HAL is dead.
+  resolves: rhbz#819939
+
+* Thu Dec 20 2012 Richard W.M. Jones <rjones@redhat.com> - 7.0-1
+- New package for RHEL 7
+  resolves: rhbz#819939
+- Resync against Rawhide package.
+
+* Mon Mar 28 2011 Richard W.M. Jones <rjones@redhat.com> - 1.0-7
+- Disable debuginfo package.
+  resolves: RHBZ#691555.
+
+* Tue Mar  8 2011 Richard W.M. Jones <rjones@redhat.com> - 1.0-6
+- Require libguestfs 1.7.17 (newer version in RHEL 6.1).
+- Require febootstrap-supermin-helper instead of febootstrap
+  resolves: RHBZ#670299.
+
+* Thu Jul  1 2010 Richard W.M. Jones <rjones@redhat.com> - 1.0-5
+- Make sure intermediate lib* directories are created in hostfiles (RHBZ#603429)
+
+* Thu Jun  3 2010 Richard W.M. Jones <rjones@redhat.com> - 1.0-4
+- Requires fuse-libs (RHBZ#599300).
+
+* Fri May 21 2010 Richard W.M. Jones <rjones@redhat.com> - 1.0-3
+- ExclusiveArch x86_64.
+
+* Tue May 18 2010 Richard W.M. Jones <rjones@redhat.com> - 1.0-2
+- Package Windows support for libguestfs.