| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| enable-gxvalid-otvalid.patch | Enable the gxvalid and otvalid table validation modules The 'ftvalid' demo in the freetype2-demos package is only useful if certain extra extensions are enabled in freetype. These extensions are not enabled upstream by default, but there's no reason for us not to enable them. |
Paul Wise <pabs@debian.org> | not-needed | debian | 2021-10-07 | |
| enable-subpixel-rendering.patch | Enable subpixel rendering to provide LCD colour filtering. | Steve Langasek <vorlon@debian.org> | not-needed | 2021-10-07 | ||
| no-web-fonts.patch | Comment out references to fonts.googleapis.com to prevent lintian from warning about potential privacy-breach-generic issues. | Hugh McMaster | not-needed | debian | 2018-07-02 | |
| hide-donations-information.patch | Use a button for donations instead of an image of the documentation. Commenting out the relevant <li> tag prevents lintian from raising several privacy-breach-donation errors. |
Paul Wise | not-needed | debian | 2021-12-28 | |
| CVE-2022-31782.patch | Exit if the number of glyphs is zero to avoid a heap overflow. Fixes CVE-2022-31782. | Alexei Podtelezhnikov <apodtele@gmail.com> | yes | upstream | https://gitlab.freedesktop.org/freetype/freetype-demos/-/commit/3541af5e7805a4d897b8a1b199eb5037b9f1a477 | 2022-05-24 |
| fix-wild-free-svg.patch | Clear correct document ownership flags to prevent a wild free. This issue was discovered with an SVG-based font with some documents compressed and other uncompressed. After loading the first compressed document, the ownership flag on the glyph slot was set to true but never set to false. As a result, after loading a compressed document, a glyph from an uncompressed document would load fine, but when this glyph slot was cleared it would try to free its document resulting in a wild free. |
Ben Wagner <bungeman@chromium.org> | yes | debian upstream | https://gitlab.freedesktop.org/freetype/freetype/-/commit/c26872ed59cba3af2f407b5eefc92fcec92aa52b | 2022-05-26 |
| hardening.patch | Pass Debian's hardening CFLAGS, CPPFLAGS and LDFLAGS to the demo programs | Hugh McMaster <hugh.mcmaster@outlook.com> | yes | 2022-06-19 | ||
| CVE-2023-2004.patch | Prevent integer overflow in tt_hvadvance_adjust(). Fixes CVE-2023-2004. | Werner Lemberg <wl@gnu.org> | not-needed | debian | https://gitlab.freedesktop.org/freetype/freetype/-/commit/e6fda039ad638866b7a6a5d046f03278ba1b7611 | 2023-04-30 |
| disable_COLRv1.patch | Disable COLRv1 support in FreeType 2.12.1. FreeType 2.12.1 shipped with COLRv1 support enabled. This was unintentional, as the partial implementation shipped is incomplete and incompatible with the final COLRv1 API. . Applications attempting to use this version of the COLRv1 API will get unexpected (and incorrect) results. |
Hugh McMaster <hugh.mcmaster@outlook.com> | not-needed | debian | 2023-09-22 | |
| get_colr_glyph_paint.patch | Use correct predicate before calling get_colr_glyph_paint() This ensures Chromium doesn't crash when the experimental COLRv1 API is disabled. | Hugh McMaster <hugh.mcmaster@outlook.com> | not-needed | https://gitlab.freedesktop.org/freetype/freetype/-/commit/16f311d72582c117796a23e22074fe9624760ee1 | 2024-02-24 |