diff -Nru appstream-glib-0.6.3/debian/changelog appstream-glib-0.6.3/debian/changelog
--- appstream-glib-0.6.3/debian/changelog	2016-10-06 05:31:37.000000000 +1300
+++ appstream-glib-0.6.3/debian/changelog	2017-02-21 12:14:27.000000000 +1300
@@ -1,3 +1,11 @@
+appstream-glib (0.6.3-1ubuntu1) yakkety; urgency=medium
+
+  * debian/patches/0002-Invalid-YAML.patch:
+    - Cherry-pick upstream patch to handle invalid YAML being downloaded, e.g.
+      if the contents are actually from a captive portal (LP: #1637024)
+
+ -- Robert Ancell <robert.ancell@canonical.com>  Tue, 21 Feb 2017 12:14:27 +1300
+
 appstream-glib (0.6.3-1) unstable; urgency=medium
 
   * Imported Upstream version 0.6.3
diff -Nru appstream-glib-0.6.3/debian/patches/0002-Invalid-YAML.patch appstream-glib-0.6.3/debian/patches/0002-Invalid-YAML.patch
--- appstream-glib-0.6.3/debian/patches/0002-Invalid-YAML.patch	1970-01-01 12:00:00.000000000 +1200
+++ appstream-glib-0.6.3/debian/patches/0002-Invalid-YAML.patch	2017-02-21 12:14:11.000000000 +1300
@@ -0,0 +1,42 @@
+commit 538da2d8e078de3ec7f38b56e4ddadd1da401c4d
+Author: Richard Hughes <richard@hughsie.com>
+Date:   Fri Nov 18 10:55:28 2016 +0000
+
+    Detect invalid files in the libyaml read handler
+    
+    If non-gzipped files are saved as .yml.gz they are seeked by the GInputStream
+    GZlibDecompressor which fails.
+    
+    This can happen when the user is connected to a badly configured captive portal
+    and the downloaded 'gzipped yaml file' is actually the captive portal HTML
+    login page. Detect this and handle the error the best we can given the libyaml
+    API constraints.
+    
+    This probably fixes bugs like https://github.com/hughsie/fwupd/issues/70
+    and similar bugs in gnome-software.
+
+diff --git a/libappstream-glib/as-yaml.c b/libappstream-glib/as-yaml.c
+index 3b03fc3..76cab57 100644
+--- a/libappstream-glib/as-yaml.c
++++ b/libappstream-glib/as-yaml.c
+@@ -428,12 +428,14 @@ as_yaml_read_handler_cb (void *data,
+ 			 size_t *size_read)
+ {
+ 	GInputStream *stream = G_INPUT_STREAM (data);
+-	*size_read = (gsize) g_input_stream_read (stream,
+-						  buffer,
+-						  (gsize)
+-						  size,
+-						  NULL,
+-						  NULL);
++	gssize len = g_input_stream_read (stream,
++					  buffer,
++					  (gsize) size,
++					  NULL,
++					  NULL);
++	if (len < 0)
++		return 0;
++	*size_read = (gsize) len;
+ 	return 1;
+ }
+ #endif
diff -Nru appstream-glib-0.6.3/debian/patches/series appstream-glib-0.6.3/debian/patches/series
--- appstream-glib-0.6.3/debian/patches/series	2016-10-06 05:31:37.000000000 +1300
+++ appstream-glib-0.6.3/debian/patches/series	2017-02-21 12:14:21.000000000 +1300
@@ -1 +1,2 @@
 0001-Don-t-show-a-critical-warning-on-invalid-yaml-file.patch
+0002-Invalid-YAML.patch