diff -Nru tardiff-0.1/debian/changelog tardiff-0.1/debian/changelog
--- tardiff-0.1/debian/changelog	2015-10-17 15:53:30.000000000 +0000
+++ tardiff-0.1/debian/changelog	2019-01-14 16:28:23.000000000 +0000
@@ -1,3 +1,21 @@
+tardiff (0.1-5~build0.16.04.1) xenial-security; urgency=medium
+
+  * fake sync from Debian
+
+ -- Mike Salvatore <mike.salvatore@canonical.com>  Mon, 14 Jan 2019 11:28:23 -0500
+
+tardiff (0.1-5) unstable; urgency=medium
+
+  * Also fix `tar …` code injection which is also part of CVE-2015-0857.
+  * Update Vcs-Browser header to use https and cgit.
+  * Declare compliance with Debian Policy 3.9.8. (No changes needed.)
+  * Update Vcs-Git header to use https:// instead of git://.
+  * Fix typos found by lintian in man page and long package description.
+  * Add lintian overrides for "pedantic"-level warnings related to tardiff
+    being distributed as a single file.
+
+ -- Axel Beckert <abe@debian.org>  Fri, 29 Apr 2016 00:37:49 +0200
+
 tardiff (0.1-4) unstable; urgency=high
 
   * Fix CVE-2015-0858.diff to explicitly hardcode OldStyle diff style to
diff -Nru tardiff-0.1/debian/control tardiff-0.1/debian/control
--- tardiff-0.1/debian/control	2015-10-17 15:06:57.000000000 +0000
+++ tardiff-0.1/debian/control	2016-04-28 18:05:36.000000000 +0000
@@ -3,10 +3,10 @@
 Priority: optional
 Maintainer: Axel Beckert <abe@debian.org>
 Build-Depends: debhelper (>= 9~)
-Standards-Version: 3.9.6
+Standards-Version: 3.9.8
 Homepage: http://tardiff.coolprojects.org/
-Vcs-Git: git://anonscm.debian.org/collab-maint/tardiff.git
-Vcs-Browser: http://anonscm.debian.org/gitweb/?p=collab-maint/tardiff.git
+Vcs-Git: https://anonscm.debian.org/git/collab-maint/tardiff.git
+Vcs-Browser: https://anonscm.debian.org/cgit/collab-maint/tardiff.git
 
 Package: tardiff
 Architecture: all
@@ -17,6 +17,6 @@
  TarDiff compares the contents of two tarballs and reports on any
  differences found between them. Its use is mainly for release
  managers who can use it as a QA tool to make sure no files have
- accidently been left over or were added by mistake. TarDiff supports
- compressed tarballs, diff statistics and suppression of GNU autotool
- changes.
+ accidentally been left over or were added by mistake. TarDiff
+ supports compressed tarballs, diff statistics and suppression of GNU
+ autotool changes.
diff -Nru tardiff-0.1/debian/lintian-overrides tardiff-0.1/debian/lintian-overrides
--- tardiff-0.1/debian/lintian-overrides	1970-01-01 00:00:00.000000000 +0000
+++ tardiff-0.1/debian/lintian-overrides	2016-04-28 18:10:44.000000000 +0000
@@ -0,0 +1,2 @@
+# Distributed as single file as of now
+tardiff: no-upstream-changelog
diff -Nru tardiff-0.1/debian/patches/CVE-2015-0857.diff tardiff-0.1/debian/patches/CVE-2015-0857.diff
--- tardiff-0.1/debian/patches/CVE-2015-0857.diff	2015-10-17 15:32:37.000000000 +0000
+++ tardiff-0.1/debian/patches/CVE-2015-0857.diff	2016-04-28 22:36:47.000000000 +0000
@@ -6,8 +6,8 @@
 
 Index: tardiff/tardiff
 ===================================================================
---- tardiff.orig/tardiff	2015-10-17 15:46:15.088415393 +0200
-+++ tardiff/tardiff	2015-10-17 15:46:29.968391267 +0200
+--- tardiff.orig/tardiff	2016-04-28 19:19:02.194646937 +0200
++++ tardiff/tardiff	2016-04-28 19:36:41.253948109 +0200
 @@ -6,6 +6,7 @@
  # Published under GNU GPL conditions
  
@@ -16,7 +16,21 @@
  
  my $VERSION = '0.1';
  
-@@ -116,7 +117,7 @@
+@@ -73,7 +74,12 @@
+ 		$flag = "-j";
+ 	}
+ 
+-	my $list = `tar -C $tempdir $flag -xvf $tarball 2>/dev/null`;
++	open(TARLIST, '-|', qw(tar -C), $tempdir, $flag, qw(-xvf), $tarball)
++	    or die "Can't call tar as expected: $!";
++	local $/ = undef; # slurp mode
++	my $list = <TARLIST> or die "Couldn't read from tar";
++	close(TARLIST) or warn "tar exited with non-zero exit code";
++
+ 	return $list;
+ }
+ 
+@@ -116,7 +122,7 @@
  	if(-d $file1 and -d $file2){
  		return 0;
  	}elsif(-f $file1 and -f $file2){
diff -Nru tardiff-0.1/debian/patches/CVE-2015-0858.diff tardiff-0.1/debian/patches/CVE-2015-0858.diff
--- tardiff-0.1/debian/patches/CVE-2015-0858.diff	2015-10-17 14:56:00.000000000 +0000
+++ tardiff-0.1/debian/patches/CVE-2015-0858.diff	2016-04-28 18:24:37.000000000 +0000
@@ -7,8 +7,8 @@
 
 Index: tardiff/tardiff
 ===================================================================
---- tardiff.orig/tardiff	2015-10-17 15:38:03.629194527 +0200
-+++ tardiff/tardiff	2015-10-17 15:41:47.268844335 +0200
+--- tardiff.orig/tardiff	2016-04-28 20:24:06.913565891 +0200
++++ tardiff/tardiff	2016-04-28 20:24:06.909565907 +0200
 @@ -7,12 +7,13 @@
  
  use strict;
@@ -24,7 +24,7 @@
  
  $SIG{'__DIE__'} = 'cleanup';
  $SIG{'TERM'} = 'cleanup';
-@@ -168,9 +169,6 @@
+@@ -173,9 +174,6 @@
  sub tardiff{
  	my $error = 0;
  
@@ -34,7 +34,7 @@
  	my $filelist1 = untar($tarball1) or die "Error: Could not unpack $tarball1.";
  	my $filelist2 = untar($tarball2) or die "Error: Could not unpack $tarball2.";
  
-@@ -211,10 +209,6 @@
+@@ -216,10 +214,6 @@
  sub cleanup{
  	my $handler = shift(@_);
  
diff -Nru tardiff-0.1/debian/source/lintian-overrides tardiff-0.1/debian/source/lintian-overrides
--- tardiff-0.1/debian/source/lintian-overrides	1970-01-01 00:00:00.000000000 +0000
+++ tardiff-0.1/debian/source/lintian-overrides	2016-04-28 18:11:07.000000000 +0000
@@ -0,0 +1,2 @@
+# Distributed as single file as of now
+tardiff source: debian-watch-may-check-gpg-signature
diff -Nru tardiff-0.1/debian/tardiff.1 tardiff-0.1/debian/tardiff.1
--- tardiff-0.1/debian/tardiff.1	2015-10-17 13:15:29.000000000 +0000
+++ tardiff-0.1/debian/tardiff.1	2016-04-28 18:05:20.000000000 +0000
@@ -4,7 +4,7 @@
 .SH DESCRIPTION
 TarDiff compares the contents of two tarballs and reports on any
 differences found between them. Its use is mainly for release managers
-who can use it as a QA tool to make sure no files have accidently been
+who can use it as a QA tool to make sure no files have accidentally been
 left over or were added by mistake. TarDiff supports compressed
 tarballs, diff statistics and suppression of GNU autotool changes.
 .SH SYNOPSIS