src/truetype/ttgload.c | 27 21 + 6 - 0 !
1 file changed, 21 insertions(+), 6 deletions(-)

 properly handle phantom points for variable hinted fonts
 Scale phantom points if HVAR and/or VVAR is present.

src/base/ftoutln.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 ensure that the 'cbox' variable is reliably initialized before use.
 This fixes a build failure on ppc64el when building with -O3.

include/freetype/config/ftoption.h | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 enable subpixel rendering to provide lcd colour filtering.

modules.cfg | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 enable the gxvalid and otvalid table validation modules
 The 'ftvalid' demo in the freetype2-demos package is only useful if certain
 extra extensions are enabled in freetype. These extensions are not enabled
 upstream by default, but there's no reason for us not to enable them.

builds/unix/unix-cc.in | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 do not let libtool suppress compiler output
 We always want to see compiler output when building, so that in the
 event of a build failure, we have debuggable logs.

ft2demos/src/ftcommon.c | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 free memory allocated to font->filepathname.

ft2demos/graph/x11/rules.mk | 8 5 + 3 - 0 !
1 file changed, 5 insertions(+), 3 deletions(-)

 avoid using rpath to find x11 libraries at run-time.

ft2demos/src/ftgrid.c | 8 4 + 4 - 0 !
1 file changed, 4 insertions(+), 4 deletions(-)

 revert wrong upstream commit that causes a build failure.
 Reverts upstream commit fb964cdcd8fddd7722826379c28bcbece7b1d8fd, which
 wrongly claims to be fixing C++ compilation.  There's a better fix for that,
 stop using a C++ compiler to build your C program!

ft2docs/docs/css/freetype2.css | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 comment out references to fonts.googleapis.com to prevent lintian
 from warning about potential privacy-breach-generic issues.

ft2docs/docs/design/design-1.html | 4 2 + 2 - 0 !
ft2docs/docs/design/design-2.html | 4 2 + 2 - 0 !
ft2docs/docs/design/design-3.html | 4 2 + 2 - 0 !
ft2docs/docs/design/design-4.html | 4 2 + 2 - 0 !
ft2docs/docs/design/design-5.html | 4 2 + 2 - 0 !
ft2docs/docs/design/design-6.html | 4 2 + 2 - 0 !
ft2docs/docs/design/index.html | 4 2 + 2 - 0 !
ft2docs/docs/documentation.html | 4 2 + 2 - 0 !
ft2docs/docs/glyphs/glyphs-1.html | 4 2 + 2 - 0 !
ft2docs/docs/glyphs/glyphs-2.html | 4 2 + 2 - 0 !
ft2docs/docs/glyphs/glyphs-3.html | 4 2 + 2 - 0 !
ft2docs/docs/glyphs/glyphs-4.html | 4 2 + 2 - 0 !
ft2docs/docs/glyphs/glyphs-5.html | 4 2 + 2 - 0 !
ft2docs/docs/glyphs/glyphs-6.html | 4 2 + 2 - 0 !
ft2docs/docs/glyphs/glyphs-7.html | 4 2 + 2 - 0 !
ft2docs/docs/glyphs/index.html | 4 2 + 2 - 0 !
ft2docs/docs/index.html | 4 2 + 2 - 0 !
ft2docs/docs/subpixel-hinting.html | 4 2 + 2 - 0 !
ft2docs/docs/text-rendering-general.html | 4 2 + 2 - 0 !
ft2docs/docs/tutorial/index.html | 4 2 + 2 - 0 !
ft2docs/docs/tutorial/step1.html | 4 2 + 2 - 0 !
ft2docs/docs/tutorial/step2.html | 4 2 + 2 - 0 !
ft2docs/docs/tutorial/step3.html | 4 2 + 2 - 0 !
23 files changed, 46 insertions(+), 46 deletions(-)

 do not display donations information in the menu navigation
 of the documentation. Commenting out the relevant <li> tag prevents lintian
 from raising several privacy-breach-donation errors.

src/sfnt/pngshim.c | 14 7 + 7 - 0 !
1 file changed, 7 insertions(+), 7 deletions(-)

 [sfnt] fix heap buffer overflow (#59308).

src/sfnt/sfobjs.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 check `face_index` before decrementing to prevent heap buffer
 overflow (CVE-2022-27404).

src/base/ftobjs.c | 10 10 + 0 - 0 !
1 file changed, 10 insertions(+)

 properly guard `face_index` before attempting to read its value
 (CVE-2022-27405).

src/base/ftobjs.c | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 guard the `face->size` handle before attempting to read its value
 (CVE-2022-27406).