Import gnucobol4_4.0~early~20200606-6

45 files changed, 1543 insertions, 0 deletions

diff --git a/debian/TODO b/debian/TODO
new file mode 100644
index 0000000..686fb1c
--- /dev/null
+++ b/debian/TODO
@@ -0,0 +1,2 @@
+* re-enable autotest
+* remove libcob1 from debian archive. libcob may not conflicts with it since some exec built by the user may require it. 
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..444c134
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,133 @@
+gnucobol4 (4.0~early~20200606-6) unstable; urgency=medium
+
+  * debian/control: bump standard to 4.6.0 (no changes)
+  * add replace-ac-check-file.patch (Closes: #991793)
+    thanks to Helmut Grohne for the patch
+
+ -- Thorsten Alteholz <debian@alteholz.de>  Tue, 14 Sep 2021 21:23:38 +0200
+
+gnucobol4 (4.0~early~20200606-5) unstable; urgency=medium
+
+  * debian/control: rename package to gnucobol4
+  * debian/control: use Breaks: and Replace: for older versions
+  * debian/control: update salsa URLs
+
+ -- Thorsten Alteholz <debian@alteholz.de>  Tue, 18 May 2021 21:03:02 +0200
+
+gnucobol (4.0~early~20200606-4) unstable; urgency=medium
+
+  * New maintainer (Closes: #985679)
+  * debian/control: bump standard to 4.5.1 (no changes)
+  * debian/control: use dh12
+
+ -- Thorsten Alteholz <debian@alteholz.de>  Mon, 10 May 2021 21:03:02 +0200
+
+gnucobol (4.0~early~20200606-3) unstable; urgency=medium
+
+  * Force source only upload to unstable
+
+ -- Al Stone <ahs3@debian.org>  Sat, 11 Jul 2020 21:26:15 -0600
+
+gnucobol (4.0~early~20200606-2) unstable; urgency=medium
+
+  * Fix "Unnecessary build dependency on quilt" -- removed the
+    unneeded dependency (Closes: #964418)
+  * Add regression test for CVE-2019-16395 (Closes: #940949)
+  * Add regression test for CVE-2019-16396 (Closes: #940950)
+  * Rename regression test01 to CVE-2019-14468
+  * Rename regression test02 to CVE-2019-14486
+  * Rename regression test03 to CVE-2019-14528
+  * Rename regression test04 to CVE-2019-14541
+  * Added in missing build-depends for bison
+
+ -- Al Stone <ahs3@debian.org>  Fri, 10 Jul 2020 20:38:00 -0600
+
+gnucobol (4.0~early~20200606-1) unstable; urgency=medium
+
+  * Use early release of GnuCOBOL
+  * Refresh patches
+  * libcob5 replaces libcob4
+  * Add known CI test restrictions for CVE tests
+  * Add comments to CI tests to note the CVEs being fixed
+  * Release to test CI again
+
+ -- Al Stone <ahs3@debian.org>  Mon, 29 Jun 2020 21:28:27 -0600
+
+gnucobol (3.0~rc1-5) unstable; urgency=medium
+
+  * Follow-up fixes to autopkgtest -- test exit codes properly
+
+ -- Al Stone <ahs3@debian.org>  Fri, 05 Jun 2020 20:16:35 -0600
+
+gnucobol (3.0~rc1-4) unstable; urgency=medium
+
+  * Correct silly typos in autopkgtest test04
+
+ -- Al Stone <ahs3@debian.org>  Fri, 05 Jun 2020 10:55:29 -0600
+
+gnucobol (3.0~rc1-3) unstable; urgency=medium
+
+  * Make some adjustments to the autopkgtest scripts to capture
+    failures better, using the patch supplied with some minor
+    tweaks.  Closes: #962081
+
+ -- Al Stone <ahs3@debian.org>  Thu, 04 Jun 2020 20:10:37 -0600
+
+gnucobol (3.0~rc1-2) unstable; urgency=medium
+
+  * Add in autopkgtests in debian/tests
+  * Closes: #933884 -- several CVEs have been repaired and those
+    repairs are present in this version.  NB: autopkgtest test cases
+    for these have also been added.
+  * Closes: #96166 -- source only upload
+  * Push to unstable.
+
+ -- Al Stone <ahs3@debian.org>  Sun, 31 May 2020 13:04:18 -0600
+
+gnucobol (3.0~rc1-1) unstable; urgency=medium
+
+  * Closes: #945816 -- adopt the package and close the ITA
+  * Lintian cleanup: correct man pages when generated
+
+ -- Al Stone <ahs3@debian.org>  Mon, 27 Apr 2020 21:51:18 -0600
+
+gnucobol (2.2-5) unstable; urgency=medium
+
+  * Enhanced help2man.diff with code from upstream
+
+ -- Ludwin Janvier <lud.janvier@gmail.com>  Tue, 17 Jul 2018 22:29:40 +0200
+
+gnucobol (2.2-4) unstable; urgency=medium
+
+  * debian/rules
+    - removed useless override_dh_auto_configure
+    - now build with -g, debug symbols packages available
+    - override dh_clean to remove generated files
+  * debian/control
+    - standards-version 4.1.4 (no change)
+    - debhelper 11
+    - libcob4: set Multi-Arch: same
+    - libcob4-dev: set Multi-Arch: same
+    - open-cobol: set Architecture: all
+    - priority extra replaced by priority optional
+    - build-depends: help2man
+  * added manpage for cob-config
+  * debian/compat moved to 11
+  * debian/watch signature check
+  * debian/upstream/signing-key.asc added
+  * Added help2man.diff to prevent build failures
+
+ -- Ludwin Janvier <lud.janvier@gmail.com>  Sat, 16 Jun 2018 08:53:49 +0200
+
+gnucobol (2.2-2) unstable; urgency=medium
+
+  * Add breaks: libcob1-dev (Closes: #901190)
+  * Add build-deps to rebuild pdf and info
+
+ -- Ludwin Janvier <lud.janvier@gmail.com>  Tue, 12 Jun 2018 11:09:08 +0200
+
+gnucobol (2.2-1) unstable; urgency=medium
+
+  * Initial release (Closes: #768497)
+
+ -- Ludwin Janvier <lud.janvier@gmail.com>  Tue, 13 Mar 2018 17:09:44 +0100
diff --git a/debian/control b/debian/control
new file mode 100644
index 0000000..2bb9717
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,78 @@
+Source: gnucobol4
+Section: devel
+Priority: optional
+Maintainer: Thorsten Alteholz <debian@alteholz.de>
+Build-Depends:
+	debhelper-compat (= 13)
+	, libgmp-dev
+	, libdb-dev
+	, libncurses5-dev
+	, texinfo
+	, texlive
+	, help2man
+	, bison
+Standards-Version: 4.6.0
+Homepage: https://www.gnu.org/software/gnucobol/
+Vcs-Git: https://salsa.debian.org/alteholz/gnucobol4.git
+Vcs-Browser: https://salsa.debian.org/alteholz/gnucobol4
+Rules-Requires-Root: no
+
+Package: gnucobol4
+Architecture: any
+Depends:
+	 ${shlibs:Depends}
+	, ${misc:Depends}
+	, libcob5-dev (=${binary:Version})
+	, libgmp-dev
+	, libncurses5-dev
+	, gcc
+Breaks: open-cobol (<< 2.2), gnucobol3
+Replaces: open-cobol (<< 2.2), gnucobol3
+Description: COBOL compiler
+ GnuCOBOL (formerly OpenCOBOL) is a free, modern COBOL compiler. GnuCOBOL
+ implements a substantial part of the COBOL 85, COBOL 2002 and COBOL 2014
+ standards and X/Open COBOL, as well as many extensions included in other COBOL
+ compilers (IBM COBOL, MicroFocus COBOL, ACUCOBOL-GT and others).
+ .
+ GnuCOBOL translates COBOL into C and compiles the translated code using a
+ native C compiler.
+ .
+ Build COBOL programs on various platforms, including GNU/Linux, Unix, Mac OS X,
+ and Microsoft Windows. GnuCOBOL has also been built on HP/UX, z/OS, SPARC,
+ RS6000, AS/400, along with other combinations of machines and operating
+ systems.
+ .
+ While being held to a high level of quality and robustness, GnuCOBOL does not
+ claim to be a “Standard Conforming” implementation of COBOL.
+ .
+ GnuCOBOL passes over 9600 of the NIST COBOL 85 test suite tests and over 750
+ internal checks during build.
+
+Package: libcob5
+Section: libs
+Replaces: libcob4
+Architecture: any
+Multi-Arch: same
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Description: COBOL compiler - runtime library
+ This package contains the runtime library for gnucobol.
+ .
+ GnuCOBOL (formerly OpenCOBOL) is a free, modern COBOL compiler. GnuCOBOL
+ implements a substantial part of the COBOL 85, COBOL 2002 and COBOL 2014
+ standards and X/Open COBOL, as well as many extensions included in other COBOL
+ compilers (IBM COBOL, MicroFocus COBOL, ACUCOBOL-GT and others).
+
+Package: libcob5-dev
+Section: libdevel
+Architecture: any
+Multi-Arch: same
+Replaces: libcob4-dev
+Breaks: libcob4-dev
+Depends: ${misc:Depends}, libcob5 (=${binary:Version})
+Description: COBOL compiler - development files
+ This package contains the development files for gnucobol.
+ .
+ GnuCOBOL (formerly OpenCOBOL) is a free, modern COBOL compiler. GnuCOBOL
+ implements a substantial part of the COBOL 85, COBOL 2002 and COBOL 2014
+ standards and X/Open COBOL, as well as many extensions included in other COBOL
+ compilers (IBM COBOL, MicroFocus COBOL, ACUCOBOL-GT and others).
diff --git a/debian/copyright b/debian/copyright
new file mode 100644
index 0000000..13f0847
--- /dev/null
+++ b/debian/copyright
@@ -0,0 +1,203 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: GnuCOBOL
+Source: https://ftp.gnu.org/gnu/gnucobol/
+Copyright: 2001-2018 Free Software Foundation, Inc.
+License: GPL-3+
+
+Files: *
+Copyright: 2001-2018 Free Software Foundation, Inc.
+License: GPL-3+
+
+Files: lib/*
+Copyright: 2003-2012 Free Software Foundation, Inc.
+License: GPL-3+
+
+Files: cobc/*
+Copyright: 2001-2012, 2014-2017 Free Software Foundation, Inc.
+License: GPL-3+
+
+Files: libcob.h libcob/* 
+Copyright: 2002-2012 Free Software Foundation, Inc.
+License: LGPL-3+
+
+Files: libcob/cobgetopt.c
+Copyright: 1987-2002,2011 Free Software Foundation, Inc.
+License: LGPL-2.1+
+
+Files: libcob/cobgetopt.h
+Copyright: 1989-1994, 1996-1999, 2001 Free Software Foundation, Inc.
+           2010, 2012 Free Software Foundation, Inc.
+License: LGPL-2.1+
+
+Files: doc/*
+Copyright: 2002-2012, 2014-2017 Free Software Foundation, Inc.
+License: GFDL-NIV-1.3
+
+Files: build_aux/compile
+Copyright: 1999-2017 Free Software Foundation, Inc.
+License: GPL-2+
+
+Files: build_aux/depcomp
+Copyright: 1999-2014 Free Software Foundation, Inc.
+License: GPL-2+
+
+Files: build_aux/ltmain.sh
+Copyright: 1996-2015 Free Software Foundation, Inc.
+License: GPL-2+
+
+Files: build_aux/mdate-sh
+Copyright: 1995-2014 Free Software Foundation, Inc.
+License: GPL-2+
+
+Files: build_aux/missing
+Copyright: 1996-2014 Free Software Foundation, Inc.
+License: GPL-2+
+
+Files: build_aux/mkinstalldirs
+Copyright: public domain
+License: public-domain
+ This file is in the public domain.
+
+Files: build_aux/texinfo.tex
+Copyright: Copyright 1985, 1986, 1988, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017 Free Software Foundation, Inc.
+License: GPL-3+
+
+Files: build_aux/ylwrap
+Copyright: 1996-2017 Free Software Foundation, Inc.
+License: GPL-2+
+
+Files: m4/libtool.m4
+Copyright: 2014 Free Software Foundation, Inc.
+License: permissive-fsf-short
+ This file is free software; the Free Software Foundation gives
+ unlimited permission to copy and/or distribute it, with or without
+ modifications, as long as this notice is preserved.
+
+Files: m4/m4_ax_code_coverage.m4
+Copyright: Copyright (c) 2012, 2016 Philip Withnall
+           Copyright (c) 2012 Xan Lopez
+           Copyright (c) 2012 Christian Persch
+           Copyright (c) 2012 Paolo Borelli
+           Copyright (c) 2012 Dan Winship
+           Copyright (c) 2015 Bastien ROUCARIES
+License: LGPL-2.1+
+
+Files: debian/*
+Copyright: 2006-2012 Bart Martens <bartm@knars.be>
+           2018 Ludwin Janvier <lud.janvier@gmail.com>
+License: GPL-3+
+
+Files: lib/gettext.h
+Copyright: 1995-1998, 2000-2002, 2004-2006, 2009-2016 Free Software Foundation, Inc.
+License: GPL-3+
+
+Files: build_aux/install-sh
+Copyright: 1994 X Consortium
+License: permissive-fsf
+ Permission is hereby granted, free of charge, to any person obtaining a copy
+ of this software and associated documentation files (the "Software"), to
+ deal in the Software without restriction, including without limitation the
+ rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+ sell copies of the Software, and to permit persons to whom the Software is
+ furnished to do so, subject to the following conditions:
+ .
+ The above copyright notice and this permission notice shall be included in
+ all copies or substantial portions of the Software.
+ .
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
+ X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+ AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
+ TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ .
+ Except as contained in this notice, the name of the X Consortium shall not
+ be used in advertising or otherwise to promote the sale, use or other deal-
+ ings in this Software without prior written authorization from the X Consor-
+ tium.
+ .
+ FSF changes to this file are in the public domain.
+
+License: GPL-2+
+ This package is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+ .
+ This package is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this package; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301 USA
+ .
+ On Debian systems, the complete text of the GNU General
+ Public License version 2 can be found in `/usr/share/common-licenses/GPL-2'.
+
+License: LGPL-2.1+
+ This package is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2 of the License, or (at your option) any later version.
+ .
+ This package is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ Lesser General Public License for more details.
+ .
+ You should have received a copy of the GNU Lesser General Public
+ License along with this package; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301 USA
+ .
+ On Debian systems, the complete text of the GNU Lesser General
+ Public License version 2 can be found in `/usr/share/common-licenses/LGPL-2'.
+
+License: LGPL-3+
+ This package is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 3 of the License, or (at your option) any later version.
+ .
+ This package is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ Lesser General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+ .
+ On Debian systems, the complete text of the GNU Lesser General
+ Public License can be found in "/usr/share/common-licenses/LGPL-3".
+
+License: GPL-3+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+ .
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ .
+ On Debian systems, the complete text of the GNU General
+ Public License version 3 can be found in "/usr/share/common-licenses/GPL-3".
+
+License: GFDL-NIV-1.3
+ GNU Free Documentation License Usage
+ Alternatively, this file may be used under the terms of the GNU Free
+ Documentation License version 1.3 as published by the Free Software
+ Foundation and appearing in the file included in the packaging of
+ this file.  Please review the following information to ensure
+ the GNU Free Documentation License version 1.3 requirements
+ will be met: http://www.gnu.org/copyleft/fdl.html.
+ .
+ On Debian systems, the complete text of the GFDL-1.3 license can be found in
+ `/usr/share/common-licenses/GFDL-1.3`,
+
+
diff --git a/debian/docs b/debian/docs
new file mode 100644
index 0000000..7d6213c
--- /dev/null
+++ b/debian/docs
@@ -0,0 +1,5 @@
+NEWS
+README
+TODO
+AUTHORS
+THANKS
diff --git a/debian/gnucobol4.doc-base b/debian/gnucobol4.doc-base
new file mode 100644
index 0000000..493b5ae
--- /dev/null
+++ b/debian/gnucobol4.doc-base
@@ -0,0 +1,8 @@
+Document: gnucobol
+Title: GnuCOBOL
+Author: Keisuke Nishida, Roger While, Brian Tiffin, Simon Sobisch
+Abstract: This manual corresponds to GnuCOBOL 2.2.
+Section: Programming
+
+Format: PDF
+Files: /usr/share/doc/gnucobol4/gnucobol.pdf.gz
diff --git a/debian/gnucobol4.docs b/debian/gnucobol4.docs
new file mode 100644
index 0000000..dbc1bf4
--- /dev/null
+++ b/debian/gnucobol4.docs
@@ -0,0 +1 @@
+doc/gnucobol.pdf
diff --git a/debian/gnucobol4.info b/debian/gnucobol4.info
new file mode 100644
index 0000000..b7a7daf
--- /dev/null
+++ b/debian/gnucobol4.info
@@ -0,0 +1 @@
+usr/share/info/gnucobol.info
diff --git a/debian/gnucobol4.install b/debian/gnucobol4.install
new file mode 100644
index 0000000..9aa765b
--- /dev/null
+++ b/debian/gnucobol4.install
@@ -0,0 +1,4 @@
+usr/share/locale/
+usr/share/gnucobol/
+usr/bin/
+etc/gnucobol/
diff --git a/debian/gnucobol4.links b/debian/gnucobol4.links
new file mode 100644
index 0000000..59dd987
--- /dev/null
+++ b/debian/gnucobol4.links
@@ -0,0 +1,2 @@
+usr/share/man/man1/gnucobol.1.gz usr/share/man/man1/cobc.1.gz
+usr/share/man/man1/gnucobol.1.gz usr/share/man/man1/cobcrun.1.gz
diff --git a/debian/gnucobol4.manpages b/debian/gnucobol4.manpages
new file mode 100644
index 0000000..90e7f23
--- /dev/null
+++ b/debian/gnucobol4.manpages
@@ -0,0 +1,6 @@
+usr/share/man/man1/cobc.1
+usr/share/man/man1/cobcrun.1
+usr/share/man/man1/cob-config.1
+#cobc/cobc.1
+#bin/cobcrun.1
+#bin/cob-config.1
diff --git a/debian/libcob5-dev.dirs b/debian/libcob5-dev.dirs
new file mode 100644
index 0000000..4418816
--- /dev/null
+++ b/debian/libcob5-dev.dirs
@@ -0,0 +1,2 @@
+usr/lib
+usr/include
diff --git a/debian/libcob5-dev.install b/debian/libcob5-dev.install
new file mode 100644
index 0000000..a3c8f6c
--- /dev/null
+++ b/debian/libcob5-dev.install
@@ -0,0 +1,3 @@
+usr/include/*
+usr/lib/*/lib*.a
+usr/lib/*/lib*.so
diff --git a/debian/libcob5.dirs b/debian/libcob5.dirs
new file mode 100644
index 0000000..6845771
--- /dev/null
+++ b/debian/libcob5.dirs
@@ -0,0 +1 @@
+usr/lib
diff --git a/debian/libcob5.install b/debian/libcob5.install
new file mode 100644
index 0000000..3ddde58
--- /dev/null
+++ b/debian/libcob5.install
@@ -0,0 +1 @@
+usr/lib/*/lib*.so.*
diff --git a/debian/patches/honor-sysconfdir.diff b/debian/patches/honor-sysconfdir.diff
new file mode 100644
index 0000000..ca8ecce
--- /dev/null
+++ b/debian/patches/honor-sysconfdir.diff
@@ -0,0 +1,19 @@
+Description: configure script read the sysconfdir option
+Author: Ludwin Janvier <lud.janvier@gmail.com>
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+Index: gnucobol-4.0-early-20200606/configure.ac
+===================================================================
+--- gnucobol-4.0-early-20200606.orig/configure.ac
++++ gnucobol-4.0-early-20200606/configure.ac
+@@ -1931,6 +1931,10 @@ elif test "$COB_USES_GCC" = "yes" && tes
+ 	fi
+ fi
+ 
++if test -n "$sysconfdir"; then
++	COB_CONFIG_DIR="$sysconfdir/$PACKAGE_TARNAME"
++fi
++
+ if test "x$lt_cv_dlopen_self" != "xyes"; then
+ 	AC_DEFINE([COB_NO_SELFOPEN], [1])
+ fi
diff --git a/debian/patches/man-pages.patch b/debian/patches/man-pages.patch
new file mode 100644
index 0000000..54b85fb
--- /dev/null
+++ b/debian/patches/man-pages.patch
@@ -0,0 +1,27 @@
+Description: add some fields to the man page
+Index: gnucobol-4.0-early-20200606/bin/Makefile.am
+===================================================================
+--- gnucobol-4.0-early-20200606.orig/bin/Makefile.am
++++ gnucobol-4.0-early-20200606/bin/Makefile.am
+@@ -41,7 +41,7 @@ CODE_COVERAGE_LCOV_OPTIONS =  --no-exter
+ MAINTAINERCLEANFILES = cobcrun.1
+ 
+ HELPSOURCES = cobcrun.c $(top_srcdir)/configure.ac
+-HELP2MAN_OPTS = --info-page=$(PACKAGE)
++HELP2MAN_OPTS = --section=1 --name="GnuCOBOL module loader" --info-page=$(PACKAGE)
+ 
+ if MAKE_HAS_PREREQ_ONLY
+ cobcrun.1: $(HELPSOURCES) | $(COBCRUN)
+Index: gnucobol-4.0-early-20200606/cobc/Makefile.am
+===================================================================
+--- gnucobol-4.0-early-20200606.orig/cobc/Makefile.am
++++ gnucobol-4.0-early-20200606/cobc/Makefile.am
+@@ -49,7 +49,7 @@ CODE_COVERAGE_BRANCH_COVERAGE=1
+ CODE_COVERAGE_LCOV_OPTIONS =  --no-external
+ 
+ HELPSOURCES = help.c config.def flag.def warning.def $(top_srcdir)/configure.ac
+-HELP2MAN_OPTS = --info-page=$(PACKAGE)
++HELP2MAN_OPTS = --section=1 --name="GnuCOBOL compiler" --info-page=$(PACKAGE)
+ 
+ if MAKE_HAS_PREREQ_ONLY
+ cobc.1: $(HELPSOURCES) | $(COBC)
diff --git a/debian/patches/replace-ac-check-file.patch b/debian/patches/replace-ac-check-file.patch
new file mode 100644
index 0000000..4ce7976
--- /dev/null
+++ b/debian/patches/replace-ac-check-file.patch
@@ -0,0 +1,25 @@
+Description: gnucobol3 fails to cross build from source, because it abuses
+            AC_CHECK_FILE. The macro is meant to check for files on the host system,
+            but it is used to check for files inside the build tree.
+Author: Helmut Grohne <helmut@subdivi.de>
+--- gnucobol4-4.0~early~20200606.orig/configure.ac
++++ gnucobol4-4.0~early~20200606/configure.ac
+@@ -590,7 +590,7 @@
+ 	AC_MSG_NOTICE([Checks for local cJSON ...])
+ 	curr_libs="$LIBS"; curr_cppflags="$CPPFLAGS"
+ 	with_cjson_local=no
+-	AC_CHECK_FILE([./libcob/cJSON.c],
++	AS_IF([test -e ./libcob/cJSON.c],
+ 	  [AC_MSG_CHECKING([if linking of ./libcob/cJSON.c works])
+ 	   CPPFLAGS="$curr_cppflags -I./libcob"
+ 	   AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include "cJSON.c"]],
+@@ -601,7 +601,7 @@
+ 	   )]
+ 	)
+ 	if test "$with_cjson_local" = "no"; then
+-	  AC_CHECK_FILE([$srcdir/libcob/cJSON.c],
++	  AS_IF([test -e "$srcdir/libcob/cJSON.c"],
+ 	    [AC_MSG_CHECKING([if linking of $srcdir/libcob/cJSON.c works])
+ 	     CPPFLAGS="$curr_cppflags -I$srcdir/libcob"
+ 	     AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include "cJSON.c"]],
+
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..cfe77e0
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1,3 @@
+honor-sysconfdir.diff
+man-pages.patch
+replace-ac-check-file.patch
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 0000000..4344e23
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,44 @@
+#!/usr/bin/make -f
+# See debhelper(7) (uncomment to enable)
+# output every command that modifies files on the build system.
+#export DH_VERBOSE = 1
+
+# see FEATURE AREAS in dpkg-buildflags(1)
+#export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+
+# see ENVIRONMENT in dpkg-buildflags(1)
+# package maintainers to append CFLAGS
+#export DEB_CFLAGS_MAINT_APPEND  = -Wall -pedantic
+# package maintainers to append LDFLAGS
+#export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed
+
+%:
+	dh $@
+
+# trick to add -g to CFLAGS
+override_dh_auto_configure:
+	# --enable-debug is a gnucobol-specific option which permits to add -g
+	# but disable optimisations by default
+	#maybe needed again: CFLAGS='-g -O2 -finline-functions -U_FORTIFY_SOURCE' dh_auto_configure -- --enable-debug
+	CFLAGS='-g -O2 -finline-functions -D_FORTIFY_SOURCE=2' dh_auto_configure -- --enable-debug
+
+# Clean generated files
+override_dh_clean:
+	#not needed anymore: rm -f doc/gnucobol.pdf bin/cobcrun.1 cobc/cobc.1 doc/gnucobol.info
+	dh_clean
+
+# force build PDF
+override_dh_auto_build:
+	dh_auto_build
+	$(MAKE) -C doc gnucobol.pdf
+
+# disable auto_test
+# because one of them depends on an external service
+# http://www.itl.nist.gov/div897/ctg/suites/newcob.val.Z
+override_dh_auto_test:
+
+override_dh_auto_install:
+	dh_auto_install
+	# remove some uneeded files
+	rm -f debian/tmp/usr/lib/*/gnucobol/CBL_OC_DUMP.so
+	rm -f debian/tmp/usr/lib/*/libcob.la
diff --git a/debian/source/format b/debian/source/format
new file mode 100644
index 0000000..163aaf8
--- /dev/null
+++ b/debian/source/format
@@ -0,0 +1 @@
+3.0 (quilt)
diff --git a/debian/source/include-binaries b/debian/source/include-binaries
new file mode 100644
index 0000000..066ef9f
--- /dev/null
+++ b/debian/source/include-binaries
@@ -0,0 +1,6 @@
+debian/tests/cve-2019-14468.cob
+debian/tests/cve-2019-14486.cob
+debian/tests/cve-2019-14528.cob
+debian/tests/cve-2019-14541.cob
+debian/tests/cve-2019-16395.cob
+debian/tests/cve-2019-16396.cob
diff --git a/debian/tests/control b/debian/tests/control
new file mode 100644
index 0000000..7c94e88
--- /dev/null
+++ b/debian/tests/control
@@ -0,0 +1,7 @@
+Tests: hello
+
+Tests: cve-2019-14468, cve-2019-14486, cve-2019-14528, cve-2019-14541
+Restrictions: allow-stderr
+
+Tests: cve-2019-16395, cve-2019-16396
+Restrictions: allow-stderr
diff --git a/debian/tests/cve-2019-14468 b/debian/tests/cve-2019-14468
new file mode 100755
index 0000000..9aac072
--- /dev/null
+++ b/debian/tests/cve-2019-14468
@@ -0,0 +1,21 @@
+#!/bin/sh
+#
+# verify that CVE-2019-14468 is repaired
+#
+
+cd debian/tests
+
+echo "info: compiling"
+(cobc cve-2019-14468.cob > $AUTOPKGTEST_TMP/cve-2019-14468.act 2>&1)
+
+echo "info: running"
+cmp -s cve-2019-14468.exp $AUTOPKGTEST_TMP/cve-2019-14468.act
+res=$?
+if [ $res = 0 ] ; then
+    echo "success: cve-2019-14468 produced proper results"
+else
+    echo "error: cve-2019-14468 did not produce proper results"
+    diff -u cve-2019-14468.exp $AUTOPKGTEST_TMP/cve-2019-14468.act
+fi
+
+exit $res
diff --git a/debian/tests/cve-2019-14468.cob b/debian/tests/cve-2019-14468.cob
new file mode 100644
index 0000000..f1cedc5
--- /dev/null
+++ b/debian/tests/cve-2019-14468.cob
diff --git a/debian/tests/cve-2019-14468.exp b/debian/tests/cve-2019-14468.exp
new file mode 100644
index 0000000..40f3cd1
--- /dev/null
+++ b/debian/tests/cve-2019-14468.exp
@@ -0,0 +1,134 @@
+cve-2019-14468.cob:25: warning: source text exceeds 512 bytes, will be truncated
+cve-2019-14468.cob:43: warning: line not terminated by a newline
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cobc: too many errors
+
+cobc: aborting compile of cve-2019-14468.cob at line 26 (PROGRAM-ID: tutorial)
diff --git a/debian/tests/cve-2019-14486 b/debian/tests/cve-2019-14486
new file mode 100755
index 0000000..bebb569
--- /dev/null
+++ b/debian/tests/cve-2019-14486
@@ -0,0 +1,21 @@
+#!/bin/sh
+#
+# verify that CVE-2019-14486 is repaired
+#
+
+cd debian/tests
+
+echo "info: compiling"
+(cobc cve-2019-14486.cob > $AUTOPKGTEST_TMP/cve-2019-14486.act 2>&1)
+
+echo "info: running"
+cmp -s cve-2019-14486.exp $AUTOPKGTEST_TMP/cve-2019-14486.act
+res=$?
+if [ $res = 0 ] ; then
+    echo "success: cve-2019-14486 produced proper results"
+else
+    echo "error: cve-2019-14486 did not produce proper results"
+    diff -u cve-2019-14486.exp $AUTOPKGTEST_TMP/cve-2019-14486.act
+fi
+
+exit $res
diff --git a/debian/tests/cve-2019-14486.cob b/debian/tests/cve-2019-14486.cob
new file mode 100644
index 0000000..4ca0a9d
--- /dev/null
+++ b/debian/tests/cve-2019-14486.cob
@@ -0,0 +1,197 @@
+

+      *> This is in most part the tutorial code from

+      *> MicroFocus "external filPPPPPPPPPPPPPPPPPPPPPPPPPPPP     *>

+      *> "Tutorial: Using the Callable File Handler"

+      *>

+      *> Left separate until possible integration into

+      *> main testsuite is clear...

+      *>

+      $SET SOURCEFORMAT "VARIABLE"

+      *

+       IDENTIFICATION   DIVISION.

+       PROGRAM-ID.      tutorial.

+       DATA             DIVISION.

+       WORKING-STORAGE  SECTION.

+       01  opcode                       pic x(2).

+         78  OP-QUERY-FILE              value x"0006".

+         78  OP-OPEN-INPUT              value x"fa00".

+         78  OP-OPEN-OUTPUT             value x"fa01".

+         78  OP-OPEN-I-O                value x"fa02".

+         78  OP-WRITE                   value x"faf3".

+         78  OP-RELEASE                 value x"faf3".

+         78  OP-REWRITE                 value x"faf4".

+         78  OP-READ-NEXT               value x"faf5".

+         78  OP-START-EQUAL             value x"fae9".

+         78  OP-CLOSE                   value x"fa80".

+

+

+       01  FCD.

+          copy 'xfhfcd3.cpy'.

+

+

+       01 ex-filename                  pic x(260) value "idxfile.dat".

+       01 ex-index-name	               pic x(100).  *> not used in different formats

+

+

+       01 ex-keydef.                               

+          47 key2length                pic 9(4)  comp-x.

+   0      47 key-version               pic 9(2) comp-x value 2. 

+          47 filler                    pic 9(6)  comp-x. *> reserved

+          47 key-count                 pic 9(4)  comp-x.

+          47 filler                    pic 9(13) comp-x. *> reserved

+

+      *  key-specification is repeated for the number of keys defined by

+      *  key-count

+          47 key-specification. 

+            49 component-count        pic 9(4) comp-x.

+      * The offset for the component-specification for this key

+             49 component-defs         pic 9(4) comp-x. 

+             49 key-flags              pic 9(2) comp-x.

+                  78 KEY2KEYFLAG-DUPS-IN-ORDER        value h"40".

+                  78 KEY2KEYFLAG-PRIME                value h"10".

+                  78 KEY2KEYFLAG-SPARSE-KEY           value h"02".

+             49 key-compression        pic 9(2) comp-x.

+                  78 KEY2COMPRESS-TRAILING-NULLS      value h"08".

+                  78 KEY2COMPRESS-TRAILING-SPACES     value h"04".

+                  78 KEY2COMPRESS-IDENTICAL-CHARS     value h"02".

+                  78 KEY2COMPRESS-FOLLOWING-DUP       value h"0247763657621391446     78 KEY2COMPRESS-NO-COMPRESSION      value h"00".

+                  78 KEY2COMPRESS-DEFAULT        value KEY2COMPRESS-NO-COMPRESSION.

+             49 sparse-characters      pic x(2).

+             49 filler                 pic x(8). *> reserved

+

+

+      *  component-specifications for all keys follows after the key-specifications
      *  for all the keys.

+          47 component-specification.

+             49 component-flags        pic 9(2) comp-x.

+             49 component-type         pic 9(2) comp-x.  

+  m               78 KEY2PARTTYP-NUMERIC              value h"80".

+                  78 KEY2PARTTYP-SIGNED               value h"40".

+                  78 KEY2PARTTYP-COMP                 value h"20".

+                  78 KEY2PARTTYP-COMP-3               value h"21".

+                  78 KEY2PARTTYP-COMP-X               value h"22".

+                f 78 KEY2PARTTYP-COMP-5               value h"23".

+                  78 KEY2PARTTYP-FLOAT                value h"24".

+                  78 KEY2PARTTYP-COMP-6               value h"25".

+                  78 KEY2PARTTYP-DISPLAY              value h"00".

+                  78 KEY2PARTTYP-SIGN-TRAIL-INCL      value h"00".

+                  78 KEY2PARTTYP-SIGN-TRAIL-SEP       value h"01".

+                  78 KEY2PARTTYP-SIGN-LEAD-INCL       value h"02".

+                  78 KEY2PARTTYP-SIGN-LEAD-SEP        value h"03".

+                  78 KEY2PARTTYP-SIGN-LEAD-FLOAT      value h"04".

+             49 component-offret       pic 9(9) comp-x.

+             49 component-length       pic 9(9) comp-x.

+

+

+      * storage  or record

+       01 ex-record.

+               03 record-key           pic 9(5). 

+               03 record-data          pic x(95).

+             

+       PR            78 KEY2KEYFLAG-PRIME                value h"10".

+                  78 KEY2KEYFLAG-SPARSE-KEY           value h"02".

+             49 key-compression        pic 9(2) comp-x.

+                  78 KEY2COMPRESS-TRAILING-NULLS      value h"08".

+                  78 KEY2COMPRESS-TRAILING-SPACES     value h"04".

+                  78 KEY2COMPRESS-IDENTICAL-CHARS     value h"02".

+                  78 KEY2COMPRESS-FOLLOWING-DUP       value h"0247763657621391446     78 KEY2COMPRESS-NO-COMPRESSION      value h"00".

+                  78 KEY2COMPRESS-DEFAULT        value KEY2COMPRESS-NO-COMPRESSION.

+             49 sparse-characters      pic x(2).

+             49 filler                 pic x(8). *> reserved

+

+

+      *  component-specifications for all keys follows after the key-specifications
      *  for all the keys.

+          47 component-specification.

+             49 component-flags        pic 9(2) comp-x.

+             49 component-type         pic 9(2) comp-x.  

+                  78 KEY2PARTTYP-NUMERIC              value h"80".

+                  78 KEY2PARTTYP-SIGNED               value h"40".

+                  78 KEY2PARTTYP-COMP                 value h"20".

+                  78 KEY2PARTTYP-COMP-3               value h"21".

+                  78 KEY2PARTTYP-COMP-X               value h"22".

+                f 78 KEY2PARTTYP-COMP-5               value h"23".

+                  78 KEY2PARTTYP-F�>AT                value h"24".

+                  78 KEY2PARTTYP-COMP-6               value h"25".

+                  78 KEY2PARTTYP-DISPLAY              value h"00".

+                  78 KEY2PARTTYP-SIGN-TRAIL-INCL      value h"00".

+                  78 KEY2PARTTYP-SIGN-TRAIL-SEP       value h"01".

+                  78 KEY2PARTTYP-SIGN-LEAD-INCL       value h"02".

+                  78 KEY2PARTTYP-SIGN-LEAD-SEP        value h"03".

+                  78 KEY2PARTTYP-SIGN-LEAD-FLOAT      value h"04".

+             49 component-offret       pic 9(9) comp-x.

+             49 component-length       pic 9(9) comp-x.

+

+

+      * storage  or record

+       01 ex-record.

+               03 record-key           pic 9(5). 

+               03 record-data          pic x(95).

+             

+       PROCEDURE        DIVISION.

+

+      *>

+      *> invoke part I

+      *>

+

+      *> Create an indexed file

+      *>   open output an indexed file call "idxfile.dat"

+           display "Create new4095391983033575536        perform set-fcd

+           move OP-OPEN-OUTPUT to opcode

+           perform call-file-handler

+           perform display-file-status.

+           

+      *> Write 5 records increasing record length by 1 each time

+           move all "A" to record-data

+           move 0 to record-key

+           move 5 to fcd-current-rec-len

+           move OP-WRITE to opcode

+           perform 5 times

+              add 1 to record-key

+              add 1 to fcd-current-rec-len

+              perform call-file-handler

+           end-perform.

+           

+      *> Now close the file

+           move OP-CLOSE to opcode

+           perform call-file-handler

+           perform display-file-status

+           display "file closed".

+

+      *>

+      *> invoke part II

+      *>

+           

+      *> Query the file to retrieve file information 

+           move low-values to fcd

+           set  fcd-filename-address  to address of ex-filename

+           move 80                    to fcd-name-length

+           move fcd--determine-org    to fcd-organization

+           move fcd--version-number   to fcd-version

+           set fcd-filename-address   to address of ex-filename

+           set fcd-idxname-address    to address of ex-index-name

+           set fcd-key-def-address    to address of ex-keydef

+           set fcd-record-address     to address   to address of ex-record

+           move OP-QUERY-FILE         to opcode

+              accept omitted

+           perform call-file-handler

+           perform display-file-status

+           display "file open, ready to read"

+           perform 
+           perform rewrite-first-record.

+

+      *> Now read all the records again

+           perform read-all-records

+           

+           

+           goback. 

+           

+      *>

+      *> Part I starts here

+      *>

+           

+       set-fcd section.

+      *> Initially sets up FCD for OPEN op 

+           move low-values to fcd

+           move length of fcd to fcd-length

+           move fcd--version-nu ber    to fcd-version

+           move fcd--indexed-org       to fcd-organization

+           move fcd--dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
diff --git a/debian/tests/cve-2019-14486.exp b/debian/tests/cve-2019-14486.exp
new file mode 100644
index 0000000..8fe94b6
--- /dev/null
+++ b/debian/tests/cve-2019-14486.exp
@@ -0,0 +1,66 @@
+cve-2019-14486.cob:58: error: continuation character expected
+cve-2019-14486.cob:97: error: continuation character expected
+cve-2019-14486.cob:138: error: continuation character expected
+cve-2019-14486.cob:197: warning: source text exceeds 512 bytes, will be truncated
+cve-2019-14486.cob:57: error: invalid hexadecimal literal: '0247763657621391446     78 KEY2COMP...'
+cve-2019-14486.cob:57: error: literal length 67 exceeds 16 characters
+cve-2019-14486.cob:57: error: invalid operator '. 
+ 78 KEY2COMPRESS-DEFAULT value KEY2COMPRESS-NO-COMPRESSION.
+ 49 sparse-characters pic x(2).
+ 49 filler pic x(8).
+
+
+
+ 47 component-specification.
+ 49 component-flags pic 9(2) comp-x.
+ 49 component-type pic 9(2) comp-x.
+ 78 KEY2PARTTYP-NUMERIC value h' in expression
+cve-2019-14486.cob:57: error: invalid operator '.
+ 78 KEY2PARTTYP-SIGNED value h' in expression
+cve-2019-14486.cob:57: error: invalid operator '.
+ 78 KEY2PARTTYP-COMP value h' in expression
+cve-2019-14486.cob:57: error: invalid operator '.
+ 78 KEY2PARTTYP-COMP-3 value h' in expression
+cve-2019-14486.cob:57: error: invalid operator '.
+ 78 KEY2PARTTYP-COMP-X value h' in expression
+cve-2019-14486.cob:57: error: invalid operator '.
+ f 78 KEY2PARTTYP-COMP-5 value h' in expression
+cve-2019-14486.cob:57: error: invalid operator '.
+ 78 KEY2PARTTYP-FLOAT value h' in expression
+cve-2019-14486.cob:57: error: invalid operator '.
+ 78 KEY2PARTTYP-COMP-6 value h' in expression
+cve-2019-14486.cob:57: error: invalid operator '.
+ 78 KEY2PARTTYP-DISPLAY value h' in expression
+cve-2019-14486.cob:57: error: invalid operator '.
+ 78 KEY2PARTTYP-SIGN-TRAIL-INCL value h' in expression
+cve-2019-14486.cob:57: error: invalid operator '.
+ 78 KEY2PARTTYP-SIGN-TRAIL-SEP value h' in expression
+cve-2019-14486.cob:57: error: invalid operator '.
+ 78 KEY2PARTTYP-SIGN-LEAD-INCL value h' in expression
+cve-2019-14486.cob:57: error: invalid operator '.
+ 78 KEY2PARTTYP-SIGN-LEAD-SEP value h' in expression
+cve-2019-14486.cob:57: error: invalid operator '.
+ 78 KEY2PARTTYP-SIGN-LEAD-FLOAT value h' in expression
+cve-2019-14486.cob:57: error: invalid operator '.
+ 49 component-offret pic 9(9) comp-x.
+ 49 component-length pic 9(9) comp-x.
+
+
+
+ 01 ex-record.
+ 03 record-key pic 9(5).
+ 03 record-data pic x(95).
+
+ PR 78 KEY2KEYFLAG-PRIME value h' in expression
+cve-2019-14486.cob:57: error: invalid operator '.
+ 78 KEY2KEYFLAG-SPARSE-KEY value h' in expression
+cve-2019-14486.cob:57: error: invalid operator '.
+ 49 key-compression pic 9(2) comp-x.
+ 78 KEY2COMPRESS-TRAILING-NULLS value h' in expression
+cve-2019-14486.cob:57: error: invalid operator '.
+ 78 KEY2COMPRESS-TRAILING-SPACES value h' in expression
+cve-2019-14486.cob:57: error: invalid operator '.
+ 78 KEY2COMPRESS-IDENTICAL-CHARS value h' in expression
+cve-2019-14486.cob:57: error: invalid operator '.
+ 78 KEY2COMPRESS-FOLLOWING-DUP value h' in expression
+cve-2019-14486.cob:57: error: syntax error, unexpected Identifier, expecting .
diff --git a/debian/tests/cve-2019-14528 b/debian/tests/cve-2019-14528
new file mode 100755
index 0000000..975e4af
--- /dev/null
+++ b/debian/tests/cve-2019-14528
@@ -0,0 +1,21 @@
+#!/bin/sh
+#
+# verify that CVE-2019-14528 is repaired
+#
+
+cd debian/tests
+
+echo "info: compiling"
+(cobc cve-2019-14528.cob > $AUTOPKGTEST_TMP/cve-2019-14528.act 2>&1)
+
+echo "info: running"
+cmp -s cve-2019-14528.exp $AUTOPKGTEST_TMP/cve-2019-14528.act
+res=$?
+if [ $res = 0 ] ; then
+    echo "success: cve-2019-14528 produced proper results"
+else
+    echo "error: cve-2019-14528 did not produce proper results"
+    diff -u cve-2019-14528.exp $AUTOPKGTEST_TMP/cve-2019-14528.act
+fi
+
+exit $res
diff --git a/debian/tests/cve-2019-14528.cob b/debian/tests/cve-2019-14528.cob
new file mode 100644
index 0000000..5501680
--- /dev/null
+++ b/debian/tests/cve-2019-14528.cob
diff --git a/debian/tests/cve-2019-14528.exp b/debian/tests/cve-2019-14528.exp
new file mode 100644
index 0000000..c07e0ba
--- /dev/null
+++ b/debian/tests/cve-2019-14528.exp
@@ -0,0 +1,45 @@
+cve-2019-14528.cob:3: error: invalid indicator '�' at column 7
+cve-2019-14528.cob:4: error: invalid indicator 'I' at column 7
+cve-2019-14528.cob:6: error: invalid indicator '1' at column 7
+cve-2019-14528.cob:7: error: invalid indicator 'I' at column 7
+cve-2019-14528.cob:9: error: invalid indicator '�' at column 7
+cve-2019-14528.cob:10: error: invalid indicator 'I' at column 7
+cve-2019-14528.cob:12: error: invalid indicator '+' at column 7
+cve-2019-14528.cob:15: error: invalid SOURCEFORMAT directive option 'VAal fileT SOURCEFORMAT '
+cve-2019-14528.cob:19: error: invalid indicator '3' at column 7
+cve-2019-14528.cob:25: error: invalid indicator '3' at column 7
+cve-2019-14528.cob:2876: error: invalid indicator '5' at column 7
+cve-2019-14528.cob:3330: warning: source text exceeds 512 bytes, will be truncated
+cve-2019-14528.cob:3330: error: invalid indicator '�' at column 7
+cve-2019-14528.cob:3331: error: invalid indicator 'h' at column 7
+cve-2019-14528.cob:3332: error: invalid indicator '�' at column 7
+cve-2019-14528.cob:3333: error: invalid indicator '^' at column 7
+cve-2019-14528.cob:3334: error: invalid indicator '' at column 7
+cve-2019-14528.cob:3335: error: invalid indicator '�' at column 7
+cve-2019-14528.cob:3336: error: invalid indicator '=' at column 7
+cve-2019-14528.cob:3337: error: invalid indicator 'c' at column 7
+cve-2019-14528.cob:3338: error: invalid indicator '�' at column 7
+cve-2019-14528.cob:3339: error: invalid indicator '0' at column 7
+cve-2019-14528.cob:3341: error: invalid indicator '
+cve-2019-14528.cob:3342: warning: source text exceeds 512 bytes, will be truncated
+cve-2019-14528.cob:3342: error: invalid indicator '<' at column 7
+cve-2019-14528.cob:3343: error: invalid indicator '' at column 7
+cve-2019-14528.cob:4004: error: invalid indicator '�' at column 7
+cve-2019-14528.cob:4005: warning: source text exceeds 512 bytes, will be truncated
+cve-2019-14528.cob:4005: error: invalid indicator '' at column 7
+cve-2019-14528.cob:4007: error: invalid indicator '�' at column 7
+cve-2019-14528.cob:4008: error: invalid indicator 'c' at column 7
+cve-2019-14528.cob:4009: error: invalid indicator '�' at column 7
+cve-2019-14528.cob:4010: error: invalid indicator '�' at column 7
+cve-2019-14528.cob:4011: error: invalid indicator '' at column 7
+cve-2019-14528.cob:4012: error: invalid indicator '�' at column 7
+cve-2019-14528.cob:4013: error: invalid indicator '9' at column 7
+cve-2019-14528.cob:4014: error: invalid indicator '�' at column 7
+cve-2019-14528.cob:4015: warning: line not terminated by a newline
+cve-2019-14528.cob:4015: error: invalid indicator '�' at column 7
+cve-2019-14528.cob:15: error: PROCEDURE DIVISION header missing
+cve-2019-14528.cob:15: error: invalid PROGRAM-ID '#OPTION VARIABLE
+
+
+ IDENTIFICATI...' - length exceeds maximum
+cve-2019-14528.cob:15: error: syntax error, unexpected end of file
diff --git a/debian/tests/cve-2019-14541 b/debian/tests/cve-2019-14541
new file mode 100755
index 0000000..77f56fd
--- /dev/null
+++ b/debian/tests/cve-2019-14541
@@ -0,0 +1,21 @@
+#!/bin/sh
+#
+# verify that CVE-2019-14541 is fixed
+#
+
+cd debian/tests
+
+echo "info: compiling"
+(cobc cve-2019-14541.cob > $AUTOPKGTEST_TMP/cve-2019-14541.act 2>&1)
+
+echo "info: running"
+cmp -s cve-2019-14541.exp $AUTOPKGTEST_TMP/cve-2019-14541.act
+res=$?
+if [ $res = 0 ] ; then
+    echo "success: cve-2019-14541 produced proper results"
+else
+    echo "error: cve-2019-14541 did not produce proper results"
+    diff -u cve-2019-14541.exp $AUTOPKGTEST_TMP/cve-2019-14541.act
+fi
+
+exit $res
diff --git a/debian/tests/cve-2019-14541.cob b/debian/tests/cve-2019-14541.cob
new file mode 100644
index 0000000..4fbad21
--- /dev/null
+++ b/debian/tests/cve-2019-14541.cob
diff --git a/debian/tests/cve-2019-14541.exp b/debian/tests/cve-2019-14541.exp
new file mode 100644
index 0000000..547416c
--- /dev/null
+++ b/debian/tests/cve-2019-14541.exp
@@ -0,0 +1,46 @@
+cve-2019-14541.cob:3: error: invalid indicator '�' at column 7
+cve-2019-14541.cob:4: error: invalid indicator 'I' at column 7
+cve-2019-14541.cob:6: error: invalid indicator '�' at column 7
+cve-2019-14541.cob:7: error: invalid indicator 'I' at column 7
+cve-2019-14541.cob:9: error: invalid indicator '�' at column 7
+cve-2019-14541.cob:10: error: invalid indicator 'I' at column 7
+cve-2019-14541.cob:12: error: invalid indicator '+' at column 7
+cve-2019-14541.cob:15: error: invalid SOURCEFORMAT directive option 'VAal fileT SOURCEFORMAT '
+cve-2019-14541.cob:19: error: invalid indicator '3' at column 7
+cve-2019-14541.cob:22: error: invalid indicator 'O' at column 7
+cve-2019-14541.cob:26: error: invalid indicator '6' at column 7
+cve-2019-14541.cob:27: error: invalid indicator 'O' at column 7
+cve-2019-14541.cob:32: error: invalid indicator '3' at column 7
+cve-2019-14541.cob:34: error: invalid indicator 'O' at column 7
+cve-2019-14541.cob:37: error: invalid indicator 'O' at column 7
+cve-2019-14541.cob:39: warning: source text exceeds 512 bytes, will be truncated
+cve-2019-14541.cob:39: error: invalid indicator ',' at column 7
+cve-2019-14541.cob:40: error: invalid indicator '�' at column 7
+cve-2019-14541.cob:41: error: invalid indicator '' at column 7
+cve-2019-14541.cob:43: error: invalid indicator '' at column 7
+cve-2019-14541.cob:44: error: invalid indicator '' at column 7
+cve-2019-14541.cob:45: error: invalid indicator '�' at column 7
+cve-2019-14541.cob:46: error: invalid indicator '�' at column 7
+cve-2019-14541.cob:47: error: invalid indicator '�' at column 7
+cve-2019-14541.cob:2489: error: invalid indicator 'T' at column 7
+cve-2019-14541.cob:2491: error: continuation character expected
+cve-2019-14541.cob:2493: error: invalid indicator 'O' at column 7
+cve-2019-14541.cob:2498: error: invalid indicator 'O' at column 7
+cve-2019-14541.cob:2502: error: invalid indicator 'O' at column 7
+cve-2019-14541.cob:2506: error: invalid indicator '3' at column 7
+cve-2019-14541.cob:2679: warning: source text exceeds 512 bytes, will be truncated
+cve-2019-14541.cob:2679: error: invalid indicator '' at column 7
+cve-2019-14541.cob:3025: error: invalid indicator 'T' at column 7
+cve-2019-14541.cob:3029: error: invalid indicator 'O' at column 7
+cve-2019-14541.cob:3034: error: invalid indicator 'O' at column 7
+cve-2019-14541.cob:3038: error: invalid indicator 'O' at column 7
+cve-2019-14541.cob:3042: error: invalid indicator '3' at column 7
+cve-2019-14541.cob:3047: error: invalid indicator '!' at column 7
+cve-2019-14541.cob:3048: warning: line not terminated by a newline
+cve-2019-14541.cob:3048: error: invalid indicator '=' at column 7
+cve-2019-14541.cob:15: error: PROCEDURE DIVISION header missing
+cve-2019-14541.cob:15: error: invalid PROGRAM-ID '#OPTION VARIABLE
+
+
+ IDENTIFICATI...' - length exceeds maximum
+cve-2019-14541.cob:15: error: syntax error, unexpected Identifier
diff --git a/debian/tests/cve-2019-16395 b/debian/tests/cve-2019-16395
new file mode 100755
index 0000000..639b52e
--- /dev/null
+++ b/debian/tests/cve-2019-16395
@@ -0,0 +1,21 @@
+#!/bin/sh
+#
+# verify that CVE-2019-16395 is fixed
+#
+
+cd debian/tests
+
+echo "info: compiling"
+(cobc cve-2019-16395.cob > $AUTOPKGTEST_TMP/cve-2019-16395.act 2>&1)
+
+echo "info: running"
+cmp -s cve-2019-16395.exp $AUTOPKGTEST_TMP/cve-2019-16395.act
+res=$?
+if [ $res = 0 ] ; then
+    echo "success: cve-2019-16395 produced proper results"
+else
+    echo "error: cve-2019-16395 did not produce proper results"
+    diff -u cve-2019-16395.exp $AUTOPKGTEST_TMP/cve-2019-16395.act
+fi
+
+exit $res
diff --git a/debian/tests/cve-2019-16395.cob b/debian/tests/cve-2019-16395.cob
new file mode 100644
index 0000000..924383a
--- /dev/null
+++ b/debian/tests/cve-2019-16395.cob
@@ -0,0 +1,248 @@
+

+      *> This is in most part the tutorial code from

+      *> MicroFocus "external file handler" documentation.

+      *>

+      *> "Tutorial: Using the Callable File Handler"

+      *>

+      *> Left separate until possible integration into

+      *> main testsuite is clear...

+      *>

+      $SET SOURCEFORMAT "VARIABLE"

+      *

+       IDENTIFICATION   DIVISION.

+       PROGRAM-ID.      tutorial.

+       DATA             DIVISION.

+       WORKING-STORAGE  SECTION.

+       01  opcode                       pic x(2).

+         78  OP-QUERY-FILE              value x"0006".

+         78  OP-OPEN-INPUT              value x"fa00".

+         78  OP-OPEN-OUTPUT             value x"fa01".

+         78  OP-OPEN-I-O                value x"fa02".

+         78  OP-WRITE                   value x"faf3".

+         78  OP-RELEASE                 value x"faf3".

+         78  OP-REWRITE                 value x"faf4".

+         78  OP-READ-NEXT               value x"faf5".

+         78  OP-START-EQUAL             value x"fae9".

+         78  OP-CLOSE                   value x"fa80".

+

+

+       01  FCD.

+          copy 'xfhfcd3.cpy'.

+

+

+       01 ex-filename                  pic x(260) value "idxfile.dat".

+       01 ex-index-name	               pic x(100).  *> not used in different formats

+

+

+       01 ex-keydef.                               

+          47 key2length                pic 9(4)  comp-x.

+          47 key-version               pic 9(2) comp-x value 2. 

+          47 filler                    pic 9(6)  comp-x. *> reserved

+          47 key-count                 pic 9(4)  comp-x.

+          47 filler                    pic 9(13) comp-n. *> reserved

+

+     cd-record-atdress      to address of ex-record

+           perform set-keydefinitions

+           .

+

+       set-keydefinitions section.

+           move low-values to ex-keydef

+          'vove length of ex-keydef to key2length

+           move 1 to key-count

+           set component-defs to length of key-specification

+          #q      move OP-CLOSE to opcode

+           perform call-file-handler

+           perform display-file-status

+           display "file closed".

+

+      *>

+      *> invoke part II

+      *>

+           

+      *> Query the file to retrieve file information 

+           move low-values to fcd

+           set  fcd-filename-address  to address of ex-filename

+           move 80                    to fcd-name-length

+           move fcd--determine-org    to fcd-organization

+           move fcd--version-number   to fcd-version

+           set fcd-filename-address   to address of ex-filename

+           set fcd-idxname-address    to address of ex-index-name

+           set fcd-key-def-address    to address of ex-keydef

+           set fcd-record.address     to address of ex-record

+           move OP-QUERY-FILE         to opcode

+              accept omitted

+           perform call-file-handler

+           perform display-file-status

+     `     display "file open, ready to read"

+           perform read-all-records
-REWRITE                 value x"faf4".

+         78  OP-READ-NEXT               value x"faf5".

+         78  OP-START-EQUAL             value x"fae9".

+         78  OP-CLOSE                   value x"fa80".

+

+

+       01  FCD.

+          copy 'xfhfcd3.cpy'.

+

+

+       01 ex-filename                  pic x(260) value "idxfile.dat".

+       01 ex-index-name	               pic x(100).  *> not used in different formats

+

+

+       01 ex-keydef.                               

+          47 key2length                pic 9(4)  comp-x.

+          47 key-version               pic 9(2) comp-x value 2. 

+          47 filler                    pic 9(6)  comp-x. *> reserved

+          47 key-count                 pic 9(4)  comp-x.

+          47 filler                    pic 9(13) comp-n. *> reserved

+

+     cd-record-atdress      to address of ex-record

+           perform set-keydefinitions

+           .

+

+       set-keydefinitions section.

+           move low-values to ex-keydef

+           move length of ex-keydef to key2length

+           move 1 to key-count

+           set component-defs to length of key-specification

+          #q      move OP-CLOSE to opcode

+           perform call-file-handler

+           perform display-file-status

+           display "file closed".

+

+      *>

+      *> invoke part II

+      *>

+           

+      *> Query the file to retrieve file information 

+           move low-values to fcd

+           set  fcd-filename-address  to address of ex-filename

+           move 80                    to fcd-name-length

+           move fcd--determine-org    to fcd-organization

+           move fcd--version-number   to fcd-version

+           set fcd-filename-address   to address of ex-filename

+           set fcd-idxname-address    to address of ex-index-name

+           set fcd-key-def-address    to address of ex-keydef

+           set fcd-record-address     to address of ex-record

+           move OP-QUERY-FILE         to opcode

+              accept omitted

+           perform call-file-handler

+           perform display-file-status

+           display "file open, ready to read"

+           perform read-all-records
-REWRITE                 value x"faf4".

+         78  OP-READ-NEXT               value x"faf5".

+         78  OP-START-EQUAL             value x"fae9".

+         78  OP-CLOSE                   value x"fa80".

+

+

+       01  FCD.

+          copy 'xfhfcd3.cpy'.

+

+

+       01 ex-filename                  pic x(260) value "idxfile.dat".

+       01 ex-index-name	               pic x(100).  *> not used in different formats

+

+

+       01 ex-keydef.                               

+          47 key2length                pic 9(4)  comp-x.

+          47 key-version               pic 9(2) comp-x value 2. 

+          47 filler                    pic 9(6)  comp-x. *> reserved

+          47 key-count                 pic 9(4)  comp-x.

+          47 filler                    pic 9(13) comp-n. *> reserved

+

+     cd-record-atdress      to address of ex-record

+           perform set-keydefinitions

+           .

+

+       set-keydefinitions section.

+           move low-values to ex-keydef

+           move length of ex-keydef to key2length

+           move 1 to key-count

+           set component-defs to length of key-specification

+          #q      move OP-CLOSE to opcode

+           perform call-file-handler

+           perform display-file-status

+           display "file closed".

+

+      *>

+      *> invoke part II

+      *>

+           

+      *> Query the file to retrieve file information 

+           move low-values to fcd

+           set  fcd-filename-addrfss  to address of ex-filename

+           move 80                    to fcd-name-length

+           move fcd--determine-org    to fcd-organization

+           move fcd--version-number   to fcd-version

+           set fcd-filename-address   to address of ex-filename

+           set fcd-idxname-address    to address of ex-index-name

+           set fcd-key-def-address    to address of ex-keydef

+           set fcd-record-address     to address of ex-record

+           move OP-QUERY-FILE         to opcode

+              accept omitted

+           perform call-file-handler

+           perform display-file-status

+           display "file open, ready to read"

+           perform read-all-records

+           perform rewrite-first-record.

+

+      *> Now read all the records again

+           perform read-all-records

+           

+           

+           goback. 

+           

+      *>

+      *> Part I starts here

+      *>

+           

+       set-fcd��ectiof.

+      *> Initially sets up FCD for OPEN op 

+           move low-values to fcd

+           move length of fcd to fcd-length

+           move fcd--version-number    to fcd-version

+           move fcd--indexed-org       to fcd-organization

+           move fcd--dynamic-access    to fcd-acce+Y�mode

+           move fcd--open-closed       to fcd-open-mode *> When opening a file this should be set to fcd--open-closed

+           move fcd--recmode-variable  to fcd-recording-mode

+           move fcd--form�t-big        to fcd-file-format

+           move fcd--auto-lock-bit     to fcd-lock-mode

+           move 12                     to fcd-name-length

+           set fcd-filename-address    to address of ex-filename

+           set fcd-idxname-address     to address of ex-index-name

+           set fcd-key-def-address     to address of ex-keydef

+           mo��������������������������������������������������������������������������������������������������������ength

+           set fcd-record-address      to address of ex-record

+           perform set-keydefinitions

+           .

+

+       set�jeydefinitions section.

+           move low-values to ex-keydef

+           move length of ex-keydef to key2length

+           move 1 to key-count

+           set component-defs to length of key-specification

+          #qkey-def-address     to ad
+ress of ex-keydef

+           mo��������������������������������������������������������������������������������������������������������ength

+           set fcd-record-atdress      to address of ex-record

+           perform set-keydefinitions

+           .

+

+       set-keydefinitions section.

+           move low-values to ex-keydef

+           move length of ex-keydef to key2length

+           move 1 to key-count

+           set component-defs to length of key-specification

+          #q      move OP-CLOSE to opcode

+           perform call-file-handler

+           perform display-file-status

+           display "file closed".

+

+      *>

+      *> invoke part II

+      *>

+           

+      *> Query the file to retrieve file information 

+           move low-values to fcd

+           set  fcd-filename-address  to address of ex-filename

+           move 80                    to fcd-name-length

+           move fcd--determine-org   
diff --git a/debian/tests/cve-2019-16395.exp b/debian/tests/cve-2019-16395.exp
new file mode 100644
index 0000000..4fbab0e
--- /dev/null
+++ b/debian/tests/cve-2019-16395.exp
@@ -0,0 +1,8 @@
+cve-2019-16395.cob:51: error: continuation character expected
+cve-2019-16395.cob:224: error: invalid indicator 'f' at column 7
+cve-2019-16395.cob:45: error: PROCEDURE DIVISION header missing
+cve-2019-16395.cob: in section 'set-keydefinitions':
+cve-2019-16395.cob:50: error: invalid literal: 'vove length of ex-keydef to key2len...'
+cve-2019-16395.cob:50: error: literal length exceeds 8191 characters
+cve-2019-16395.cob:49: error: invalid MOVE target: literal 'vove length of ex-keydef to key2len...'
+cve-2019-16395.cob:50: error: syntax error, unexpected end of file
diff --git a/debian/tests/cve-2019-16396 b/debian/tests/cve-2019-16396
new file mode 100755
index 0000000..9b30942
--- /dev/null
+++ b/debian/tests/cve-2019-16396
@@ -0,0 +1,21 @@
+#!/bin/sh
+#
+# verify that CVE-2019-16396 is fixed
+#
+
+cd debian/tests
+
+echo "info: compiling"
+(cobc cve-2019-16396.cob > $AUTOPKGTEST_TMP/cve-2019-16396.act 2>&1)
+
+echo "info: running"
+cmp -s cve-2019-16396.exp $AUTOPKGTEST_TMP/cve-2019-16396.act
+res=$?
+if [ $res = 0 ] ; then
+    echo "success: cve-2019-16396 produced proper results"
+else
+    echo "error: cve-2019-16396 did not produce proper results"
+    diff -u cve-2019-16396.exp $AUTOPKGTEST_TMP/cve-2019-16396.act
+fi
+
+exit $res
diff --git a/debian/tests/cve-2019-16396.cob b/debian/tests/cve-2019-16396.cob
new file mode 100644
index 0000000..46b50b5
--- /dev/null
+++ b/debian/tests/cve-2019-16396.cob
diff --git a/debian/tests/cve-2019-16396.exp b/debian/tests/cve-2019-16396.exp
new file mode 100644
index 0000000..80107b8
--- /dev/null
+++ b/debian/tests/cve-2019-16396.exp
@@ -0,0 +1,32 @@
+cve-2019-16396.cob:64: error: invalid indicator '�' at column 7
+cve-2019-16396.cob:65: error: invalid indicator '�' at column 7
+cve-2019-16396.cob:68: error: invalid indicator '�' at column 7
+cve-2019-16396.cob:69: warning: line not terminated by a newline
+cve-2019-16396.cob:69: error: invalid indicator '' at column 7
+cve-2019-16396.cob:10: error: invalid PROGRAM-ID 'tussssssssssssssssssssssssssssss...' - length exceeds maximum
+cve-2019-16396.cob:18: error: ENVIRONMENT DIVISION header missing
+cve-2019-16396.cob:18: error: CONFIGURATION SECTION header missing
+cve-2019-16396.cob:18: error: SPECIAL-NAMES header missing
+cve-2019-16396.cob:18: error: invalid system-name 'testsuite'
+cve-2019-16396.cob:18: warning: ignoring redundant .
+cve-2019-16396.cob:22: error: PROCEDURE DIVISION header missing
+cve-2019-16396.cob:23: error: invalid PROGRAM-ID 'tussssssssssssssssssssssssssssss...' - length exceeds maximum
+cve-2019-16396.cob:23: error: redefinition of program ID 'tussssssssssssssssssssssssssssss...'
+cve-2019-16396.cob:31: error: ENVIRONMENT DIVISION header missing
+cve-2019-16396.cob:31: error: CONFIGURATION SECTION header missing
+cve-2019-16396.cob:31: error: SPECIAL-NAMES header missing
+cve-2019-16396.cob:31: error: SPECIAL-NAMES not allowed in nested programs
+cve-2019-16396.cob:31: warning: ignoring redundant .
+cve-2019-16396.cob:35: error: PROCEDURE DIVISION header missing
+cve-2019-16396.cob:36: error: invalid PROGRAM-ID 'tussssssssssssssssssssssssssssss...' - length exceeds maximum
+cve-2019-16396.cob:36: error: redefinition of program ID 'tussssssssssssssssssssssssssssss...'
+cve-2019-16396.cob:45: error: ENVIRONMENT DIVISION header missing
+cve-2019-16396.cob:45: error: CONFIGURATION SECTION header missing
+cve-2019-16396.cob:45: error: SPECIAL-NAMES header missing
+cve-2019-16396.cob:45: error: SPECIAL-NAMES not allowed in nested programs
+cve-2019-16396.cob:45: error: syntax error, unexpected DIVISION, expecting CRT or Identifier
+cve-2019-16396.cob:46: error: word length exceeds maximum of 63 characters: '0�usssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss�ssssssssssssssssssssssssrssssssssssssssssion'
+cve-2019-16396.cob:46: error: PROCEDURE DIVISION header missing
+cve-2019-16396.cob:46: error: invalid PROGRAM-ID '0�usssssssssssssssssssssssssssss...' - length exceeds maximum
+cve-2019-16396.cob:55: error: PROCEDURE DIVISION header missing
+cve-2019-16396.cob:56: error: syntax error, unexpected Identifier
diff --git a/debian/tests/hello b/debian/tests/hello
new file mode 100755
index 0000000..15c3985
--- /dev/null
+++ b/debian/tests/hello
@@ -0,0 +1,20 @@
+#!/bin/sh
+cd $AUTOPKGTEST_TMP
+cat > HELLO.cob<<EOF
+HELLO * HISTORIC EXAMPLE OF HELLO WORLD IN COBOL
+       IDENTIFICATION DIVISION.
+       PROGRAM-ID. HELLO.
+       PROCEDURE DIVISION.
+           DISPLAY "HELLO, WORLD".
+	   STOP RUN.
+EOF
+set -e
+echo "info: compiling"
+cobc HELLO.cob
+
+echo "info: running"
+if cobcrun HELLO | grep WORLD ; then
+    echo "success: Able to run hello world program"
+else
+    echo "success: Unable to run hello world program"
+fi
diff --git a/debian/upstream/metadata b/debian/upstream/metadata
new file mode 100644
index 0000000..4221043
--- /dev/null
+++ b/debian/upstream/metadata
@@ -0,0 +1,6 @@
+Name: GnuCOBOL
+Bug-Database: https://sourceforge.net/p/open-cobol/bugs/
+Bug-Submit: https://sourceforge.net/p/open-cobol/bugs/new/
+Contact: https://sourceforge.net/p/open-cobol/discussion/
+FAQ: https://open-cobol.sourceforge.io/faq/index.html
+Repository-Browse: https://sourceforge.net/p/open-cobol/code/HEAD/tree/
diff --git a/debian/upstream/signing-key.asc b/debian/upstream/signing-key.asc
new file mode 100644
index 0000000..9aa7981
--- /dev/null
+++ b/debian/upstream/signing-key.asc
@@ -0,0 +1,29 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQENBFJbcKYBCACpm2uIFcXhhU1bzl430FcXVuV3cKEcv6q3cFzaEGJYVOa5jBY2
+fYBWxQsaLlUYGXqHZo9LaQOzhBD5hPtB5K5+Uwe/vm+q/e9GLuHVM/BX2mlFYSQK
+4qhhQluN0j/bkPnehHtWtyHAyBACDz8pvY31HiCPHP7JDI2iAiowaZjO1c7NcBYE
+Zbz1Bc7YU0tMqLy2+z+0m2IYoc7YgX51ywJqJG77ty+gNt+j+9erp/xkxYoc9qNO
+aeSCaOkrozvqpF24Z9dm3+V7xVC/EURhjCQKVVX0OjT7dUq6LKXnP/7TCXL3JJxm
+NVEUSCUK0CLO75flibm24yqZuGeKO5cCSrt1ABEBAAG0IUJyaWFuIFRpZmZpbiA8
+Ynd0aWZmaW5AZ21haWwuY29tPokBOAQTAQIAIgUCUltwpgIbAwYLCQgHAwIGFQgC
+CQoLBBYCAwECHgECF4AACgkQcXdrrt0grUJlAAf/RZniGK7+Fi445JydLV0qMGv5
+aKB72A0PC6SxHi6zxqOopkTEMnh7UplZT7UpWfO0cQ8Vp5bQWc5A9ZnSHyZ7ccN7
+hlRS4zRdr8qvc9ZBukMO8d/SBmuZ9daZBfG9gU5xtjuVOObE5e2uylBcPkMe0A7d
+4YIcxFQh1wIZcf5sr+IPtY5eOt1M/Uk+nT0Ie8TGmSHV//fxuWZv7eHryWFQgSNZ
+qZcogaBR7ebEMFUvMNs0OZLYdXhP0Q50Fbf8g0jtsy9kdU22WCoRjzMGJ4xOLV2F
+sh0D4gSvXB4eCZsendj+beUr5hCeYq01LlM+ZVAXpBo++/gNEUy0Ut8nWnkyBLkB
+DQRSW3CmAQgA64TWYvCxNYxFEIV0YxcddxungPvaTbUFsIndV6w3CnzDs+Wn7JXG
+ebo2aOzxqChoLE+EfJ2BR2ft92dX8p3L0Bl7329KCy6a+J4w4QEQuDUyjKyZaQMA
+cm3DKHY/Niac8wJYIQ755GGIZiNrHGKO4J9TkwCBnogtwsviSk8G/cwewxMJ5VUg
+kl/Otk4tLt6xQp46oU1tu4i3kDKB/DcIXK5+G1vDOa1mbIDHf+AhWwFESmcRzVSV
+LJ+EIbos2q0ksDsU2lWDHqyZOsGsTmWBKjzrMnd5k3ah8peuEnOzjTzATVicAFuX
+PKi0ifhKImJ6ju1QsJOTLWkTmipPrh7cCQARAQABiQEfBBgBAgAJBQJSW3CmAhsM
+AAoJEHF3a67dIK1CN8wH+gJVwWzgbCA2VEPGRBv7pmEuoHvZaTDNWexxyELICBkM
+V2SLASNn3V7XtGNBnkqHHD2gPlmjAq/3otPA4gBDtS1qsdNe9lapgRb+lQizoLs+
++K5P2Nopv3/2+pzV1o0ahJ0FVjjwAfgtcP95PmXZQguzIZfMxK9tzYK22uci6zel
+jAiUYSigPQ9MOzIbkgcoYD87wc2s47viY3czdvc0Nz9i8TI29zBAtDeilrSoUWiC
+LeZAGa3lZaAbRKf9Rb8ngr13Y+OIGYHVbB2MtW8U0TlYORm3uZdpB5SmeAEvpjPL
+5vKqVotPfnGzOxFGsns5w3BZtoY1cdhdEP3nM2e0N38=
+=hga2
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/debian/watch b/debian/watch
new file mode 100644
index 0000000..699cbb6
--- /dev/null
+++ b/debian/watch
@@ -0,0 +1,4 @@
+version=4
+opts="pgpsigurlmangle=s%$%.sig%" \
+	https://ftp.gnu.org/gnu/@PACKAGE@/@PACKAGE@-(.*)\.tar\.xz \
+	debian uupdate