--- /dev/null
+libyaml (0.1.6-3) unstable; urgency=high
+
+ * debian/patches/CVE-2014-9130.patch: Fix CVE-2014-9130 assertion
+ failure caused by wrapped strings. (Closes: #771366)
+ * Bump Standards-Version to 3.9.6 (no changes needed).
+
+ -- Anders Kaseorg <andersk@mit.edu> Fri, 28 Nov 2014 22:05:10 -0500
+
+libyaml (0.1.6-2) unstable; urgency=medium
+
+ * Move doxygen from Build-Depends to Build-Depends-Indep.
+
+ -- Anders Kaseorg <andersk@mit.edu> Tue, 19 Aug 2014 21:56:25 -0400
+
+libyaml (0.1.6-1) unstable; urgency=medium
+
+ * New upstream version 0.1.6.
+ + Fix CVE-2013-6393: heap-based buffer overflow when parsing YAML
+ tags.
+ + Fix CVE-2014-2525: heap-based buffer overflow in
+ yaml_parser_scan_uri_escapes.
+ * Drop upstreamed patches.
+ * Run tests at build time.
+ * Bump Standards-Version to 3.9.5 (no changes needed).
+ * Use dh-autoreconf. (Closes: #745078)
+ * Use dh-buildinfo.
+ * Add libyaml-doc package for Doxygen-generated API documentation and
+ examples. (Closes: #696821)
+ * Acknowledge NMUs.
+
+ -- Anders Kaseorg <andersk@mit.edu> Tue, 19 Aug 2014 00:03:53 -0400
+
+libyaml (0.1.4-3.2) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Add CVE-2014-2525.patch patch.
+ CVE-2014-2525: Fixes heap overflow in yaml_parser_scan_uri_escapes.
+ The heap overflow is caused by not properly expanding a string before
+ writing to it in function yaml_parser_scan_uri_escapes in scanner.c.
+ (Closes: #742732)
+
+ -- Salvatore Bonaccorso <carnil@debian.org> Thu, 27 Mar 2014 06:22:25 +0100
+
+libyaml (0.1.4-3.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Drop libyaml-indent-column-overflow-v2.patch patch.
+ This patch causes additional regressions on simple YAML files.
+ * Add libyaml-guard-against-overflows-in-indent-and-flow_level.patch patch.
+ Add upstream's patch to guard against overflows in indent and
+ flow_level. (Closes: #738587)
+
+ -- Salvatore Bonaccorso <carnil@debian.org> Thu, 13 Feb 2014 07:51:58 +0100
+
+libyaml (0.1.4-3) unstable; urgency=high
+
+ * Fix CVE-2013-6393: heap-based buffer overflow when parsing YAML tags.
+ (Closes: #737076)
+
+ -- Anders Kaseorg <andersk@mit.edu> Wed, 29 Jan 2014 20:11:48 -0500
+
+libyaml (0.1.4-2) unstable; urgency=low
+
+ * Remove extra libyaml-0.so symlink from libyaml-dev.
+ * Bump Debhelper compat level to 9.
+ * Support multiarch. (Closes: #653748) (LP: #905630)
+ * Use 3.0 (quilt) source format.
+
+ -- Anders Kaseorg <andersk@mit.edu> Fri, 30 Dec 2011 17:14:52 -0500
+
+libyaml (0.1.4-1) unstable; urgency=low
+
+ * New upstream version 0.1.4.
+ + Fixed a bug that prevented an empty mapping being used as a simple
+ key.
+ + Fixed pointer overflow when calculating the position of a potential
+ simple key.
+ + Added pkg-config support. (Closes: #537834)
+ * Remove unneded libyaml.la file. (Closes: #622452)
+ * Add libyaml-0-2-dbg package with debugging symbols.
+ (Closes: #592747)
+ * Bumped standards version to 3.9.2 without further change
+
+ -- Anders Kaseorg <andersk@mit.edu> Mon, 30 May 2011 22:27:27 -0400
+
+libyaml (0.1.3-1) unstable; urgency=low
+
+ * New upstream version 0.1.3.
+ + This release fixes non-standard structure initialization and a
+ streaming-related issue.
+ * Bump priority from extra to optional.
+
+ -- Anders Kaseorg <andersk@mit.edu> Sun, 04 Oct 2009 14:07:18 -0400
+
+libyaml (0.1.2-1) unstable; urgency=low
+
+ * New upstream version 0.1.2.
+ + Fixed grammar in error messages (from YAML::XS::LibYAML).
+ + Rewritten whitespace detection in the scalar analyzer and block
+ scalar writers (ported from PyYAML).
+ + Fixed emitting folded scalars with trailing breaks; Forced emitting
+ of a document end indicator when there is a possibility of ambiguous
+ parsing.
+
+ -- Anders Kaseorg <andersk@mit.edu> Mon, 29 Dec 2008 21:10:48 -0500
+
+libyaml (0.1.1-1) unstable; urgency=low
+
+ * Initial release (Closes: #484381).
+
+ -- Anders Kaseorg <andersk@mit.edu> Tue, 10 Jun 2008 02:37:34 -0400
--- /dev/null
+Source: libyaml
+Section: libs
+Priority: optional
+Maintainer: Anders Kaseorg <andersk@mit.edu>
+Build-Depends: cdbs (>= 0.4.93~),
+ autotools-dev,
+ debhelper (>= 9~),
+ dh-buildinfo (>= 0.9+nmu1~),
+ dh-autoreconf
+Build-Depends-Indep: doxygen
+Standards-Version: 3.9.6
+Homepage: http://pyyaml.org/wiki/LibYAML
+Vcs-Git: git://andersk.mit.edu/libyaml.git
+Vcs-Browser: http://andersk.mit.edu/gitweb/libyaml.git
+
+Package: libyaml-0-2
+Architecture: any
+Multi-Arch: same
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Pre-Depends: ${misc:Pre-Depends}
+Description: Fast YAML 1.1 parser and emitter library
+ LibYAML is a C library for parsing and emitting data in YAML 1.1, a
+ human-readable data serialization format.
+
+Package: libyaml-0-2-dbg
+Section: debug
+Priority: extra
+Architecture: any
+Multi-Arch: same
+Depends: ${misc:Depends}, libyaml-0-2 (= ${binary:Version})
+Description: Fast YAML 1.1 parser and emitter library (debugging symbols)
+ LibYAML is a C library for parsing and emitting data in YAML 1.1, a
+ human-readable data serialization format.
+ .
+ This package contains detached debuging symbols for the library found
+ in libyaml-0-2.
+
+Package: libyaml-dev
+Section: libdevel
+Architecture: any
+Multi-Arch: same
+Depends: ${misc:Depends}, libyaml-0-2 (= ${binary:Version})
+Suggests: libyaml-doc
+Description: Fast YAML 1.1 parser and emitter library (development)
+ LibYAML is a C library for parsing and emitting data in YAML 1.1, a
+ human-readable data serialization format.
+ .
+ This package contains development headers and static libraries.
+
+Package: libyaml-doc
+Section: doc
+Architecture: all
+Depends: ${misc:Depends}
+Description: Fast YAML 1.1 parser and emitter library (documentation)
+ LibYAML is a C library for parsing and emitting data in YAML 1.1, a
+ human-readable data serialization format.
+ .
+ This package contains API documentation for developers in HTML
+ format, and some example programs from the LibYAML distribution.
--- /dev/null
+Source: libyaml
+Section: libs
+Priority: optional
+Maintainer: Anders Kaseorg <andersk@mit.edu>
+Build-Depends: @cdbs@
+Build-Depends-Indep: doxygen
+Standards-Version: 3.9.6
+Homepage: http://pyyaml.org/wiki/LibYAML
+Vcs-Git: git://andersk.mit.edu/libyaml.git
+Vcs-Browser: http://andersk.mit.edu/gitweb/libyaml.git
+
+Package: libyaml-0-2
+Architecture: any
+Multi-Arch: same
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Pre-Depends: ${misc:Pre-Depends}
+Description: Fast YAML 1.1 parser and emitter library
+ LibYAML is a C library for parsing and emitting data in YAML 1.1, a
+ human-readable data serialization format.
+
+Package: libyaml-0-2-dbg
+Section: debug
+Priority: extra
+Architecture: any
+Multi-Arch: same
+Depends: ${misc:Depends}, libyaml-0-2 (= ${binary:Version})
+Description: Fast YAML 1.1 parser and emitter library (debugging symbols)
+ LibYAML is a C library for parsing and emitting data in YAML 1.1, a
+ human-readable data serialization format.
+ .
+ This package contains detached debuging symbols for the library found
+ in libyaml-0-2.
+
+Package: libyaml-dev
+Section: libdevel
+Architecture: any
+Multi-Arch: same
+Depends: ${misc:Depends}, libyaml-0-2 (= ${binary:Version})
+Suggests: libyaml-doc
+Description: Fast YAML 1.1 parser and emitter library (development)
+ LibYAML is a C library for parsing and emitting data in YAML 1.1, a
+ human-readable data serialization format.
+ .
+ This package contains development headers and static libraries.
+
+Package: libyaml-doc
+Section: doc
+Architecture: all
+Depends: ${misc:Depends}
+Description: Fast YAML 1.1 parser and emitter library (documentation)
+ LibYAML is a C library for parsing and emitting data in YAML 1.1, a
+ human-readable data serialization format.
+ .
+ This package contains API documentation for developers in HTML
+ format, and some example programs from the LibYAML distribution.
--- /dev/null
+Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: LibYAML
+Upstream-Contact: Kirill Simonov <xi@resolvent.net>
+Source: http://pyyaml.org/wiki/LibYAML
+
+Files: *
+Copyright: 2006, Kirill Simonov <xi@resolvent.net>
+License: Expat
+ Permission is hereby granted, free of charge, to any person obtaining
+ a copy of this software and associated documentation files (the
+ “Software”), to deal in the Software without restriction, including
+ without limitation the rights to use, copy, modify, merge, publish,
+ distribute, sublicense, and/or sell copies of the Software, and to
+ permit persons to whom the Software is furnished to do so, subject to
+ the following conditions:
+ .
+ The above copyright notice and this permission notice shall be
+ included in all copies or substantial portions of the Software.
+ .
+ THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND,
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ SOFTWARE.
+
+Files: debian/*
+Copyright: 2008, Anders Kaseorg <andersk@mit.edu>
+License: permissive
+ Copying and distribution of this package, with or without
+ modification, are permitted in any medium without royalty
+ provided the copyright notice and this notice are
+ preserved.
--- /dev/null
+usr/lib/*/*.so.*
--- /dev/null
+usr/include/*
+usr/lib/*/*.a
+usr/lib/*/*.so
+usr/lib/*/pkgconfig/*
--- /dev/null
+Document: libyaml
+Title: LibYAML API documentation
+Author: Kirill Simonov <xi@resolvent.net>
+Abstract: Doxygen-generated API documentation for LibYAML.
+Section: Programming/C
+
+Format: HTML
+Index: /usr/share/doc/libyaml-doc/html/index.html
+Files: /usr/share/doc/libyaml-doc/html/*.html
--- /dev/null
+doc/html/
+tests/example-*.c
+tests/run-*.c
--- /dev/null
+From: Kirill Simonov <xi@resolvent.net>
+Subject: Removed invalid simple key assertion (thank to Jonathan Gray).
+Origin: upstream, https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2
+Bug: https://bitbucket.org/xi/libyaml/issue/10
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771366
+Last-Update: 2014-11-28
+
+---
+ src/scanner.c | 7 -------
+ 1 file changed, 7 deletions(-)
+
+diff --git a/src/scanner.c b/src/scanner.c
+index 88d4fa5..5ec0be0 100644
+--- a/src/scanner.c
++++ b/src/scanner.c
+@@ -1106,13 +1106,6 @@ yaml_parser_save_simple_key(yaml_parser_t *parser)
+ && parser->indent == (ptrdiff_t)parser->mark.column);
+
+ /*
+- * A simple key is required only when it is the first token in the current
+- * line. Therefore it is always allowed. But we add a check anyway.
+- */
+-
+- assert(parser->simple_key_allowed || !required); /* Impossible. */
+-
+- /*
+ * If the current position may start a simple key, save it.
+ */
+
+--
+2.2.0
+
--- /dev/null
+CVE-2014-9130.patch
--- /dev/null
+#!/usr/bin/make -f
+
+include /usr/share/cdbs/1/rules/debhelper.mk
+include /usr/share/cdbs/1/class/autotools.mk
+include /usr/share/cdbs/1/rules/autoreconf.mk
+
+CDBS_BUILD_DEPENDS += , cdbs (>= 0.4.93~) # for $(DEB_HOST_MULTIARCH)
+
+# dh_buildinfo < 0.9+nmu1 fails at multiarch: http://bugs.debian.org/620104
+CDBS_BUILD_DEPENDS_rules_debhelper_buildinfo = dh-buildinfo (>= 0.9+nmu1~)
+
+build/libyaml-doc::
+ $(MAKE) html
+
+DEB_CONFIGURE_EXTRA_FLAGS += --libdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH)
+DEB_MAKE_CHECK_TARGET = check
+DEB_DH_INSTALL_SOURCEDIR = $(DEB_DESTDIR)
+DEB_DBG_PACKAGE_libyaml-0-2 = libyaml-0-2-dbg
--- /dev/null
+package-needs-versioned-debhelper-build-depends 9
--- /dev/null
+3.0 (quilt)
--- /dev/null
+version=3
+http://pyyaml.org/download/libyaml/yaml-(.*)\.tar\.gz