Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
---|---|---|---|---|---|---|
enable-gxvalid-otvalid.patch | Enable the gxvalid and otvalid table validation modules The 'ftvalid' demo in the freetype2-demos package is only useful if certain extra extensions are enabled in freetype. These extensions are not enabled upstream by default, but there's no reason for us not to enable them. |
Paul Wise <pabs@debian.org> | not-needed | debian | 2021-10-07 | |
enable-subpixel-rendering.patch | Enable subpixel rendering to provide LCD colour filtering. | Steve Langasek <vorlon@debian.org> | not-needed | 2021-10-07 | ||
no-web-fonts.patch | Comment out references to fonts.googleapis.com to prevent lintian from warning about potential privacy-breach-generic issues. | Hugh McMaster | not-needed | debian | 2018-07-02 | |
hide-donations-information.patch | Use a button for donations instead of an image of the documentation. Commenting out the relevant <li> tag prevents lintian from raising several privacy-breach-donation errors. |
Paul Wise | not-needed | debian | 2021-12-28 | |
CVE-2022-31782.patch | Exit if the number of glyphs is zero to avoid a heap overflow. Fixes CVE-2022-31782. | Alexei Podtelezhnikov <apodtele@gmail.com> | yes | upstream | https://gitlab.freedesktop.org/freetype/freetype-demos/-/commit/3541af5e7805a4d897b8a1b199eb5037b9f1a477 | 2022-05-24 |
fix-wild-free-svg.patch | Clear correct document ownership flags to prevent a wild free. This issue was discovered with an SVG-based font with some documents compressed and other uncompressed. After loading the first compressed document, the ownership flag on the glyph slot was set to true but never set to false. As a result, after loading a compressed document, a glyph from an uncompressed document would load fine, but when this glyph slot was cleared it would try to free its document resulting in a wild free. |
Ben Wagner <bungeman@chromium.org> | yes | debian upstream | https://gitlab.freedesktop.org/freetype/freetype/-/commit/c26872ed59cba3af2f407b5eefc92fcec92aa52b | 2022-05-26 |
hardening.patch | Pass Debian's hardening CFLAGS, CPPFLAGS and LDFLAGS to the demo programs | Hugh McMaster <hugh.mcmaster@outlook.com> | yes | 2022-06-19 | ||
CVE-2023-2004.patch | Prevent integer overflow in tt_hvadvance_adjust(). Fixes CVE-2023-2004. | Werner Lemberg <wl@gnu.org> | not-needed | debian | https://gitlab.freedesktop.org/freetype/freetype/-/commit/e6fda039ad638866b7a6a5d046f03278ba1b7611 | 2023-04-30 |