Version in base suite: 2.12.1+dfsg-5+deb12u3

Base version: freetype_2.12.1+dfsg-5+deb12u3
Target version: freetype_2.12.1+dfsg-5+deb12u4
Base file: /srv/ftp-master.debian.org/ftp/pool/main/f/freetype/freetype_2.12.1+dfsg-5+deb12u3.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/f/freetype/freetype_2.12.1+dfsg-5+deb12u4.dsc

 changelog                                             |    7 +++
 patches/Minimal-stop-gap-fix-for-CVE-2025-27363.patch |   41 ++++++++++++++++++
 patches/series                                        |    1 
 3 files changed, 49 insertions(+)

diff -Nru freetype-2.12.1+dfsg/debian/changelog freetype-2.12.1+dfsg/debian/changelog
--- freetype-2.12.1+dfsg/debian/changelog	2024-02-24 11:01:26.000000000 +0000
+++ freetype-2.12.1+dfsg/debian/changelog	2025-03-14 19:57:00.000000000 +0000
@@ -1,3 +1,10 @@
+freetype (2.12.1+dfsg-5+deb12u4) bookworm-security; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * Minimal stop-gap fix for CVE-2025-27363
+
+ -- Salvatore Bonaccorso <carnil@debian.org>  Fri, 14 Mar 2025 20:57:00 +0100
+
 freetype (2.12.1+dfsg-5+deb12u3) bookworm; urgency=medium
 
   * Disable the experimental and incomplete COLRv1 API once again.
diff -Nru freetype-2.12.1+dfsg/debian/patches/Minimal-stop-gap-fix-for-CVE-2025-27363.patch freetype-2.12.1+dfsg/debian/patches/Minimal-stop-gap-fix-for-CVE-2025-27363.patch
--- freetype-2.12.1+dfsg/debian/patches/Minimal-stop-gap-fix-for-CVE-2025-27363.patch	1970-01-01 00:00:00.000000000 +0000
+++ freetype-2.12.1+dfsg/debian/patches/Minimal-stop-gap-fix-for-CVE-2025-27363.patch	2025-03-14 19:56:01.000000000 +0000
@@ -0,0 +1,41 @@
+From: Marc Deslauriers <marc.deslauriers@canonical.com>
+Date: Fri, 14 Mar 2025 08:55:06 -0400
+Subject: [PATCH] Minimal stop-gap fix for CVE-2025-27363
+Origin: https://www.openwall.com/lists/oss-security/2025/03/14/3
+Bug: https://gitlab.freedesktop.org/freetype/freetype/-/issues/1322
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2025-27363
+
+---
+ src/truetype/ttgload.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/src/truetype/ttgload.c b/src/truetype/ttgload.c
+index 2ca63d65a3a3..7ce6d2a6fb29 100644
+--- a/src/truetype/ttgload.c
++++ b/src/truetype/ttgload.c
+@@ -1948,7 +1948,7 @@
+         short        i, limit;
+         FT_SubGlyph  subglyph;
+ 
+-        FT_Outline  outline;
++        FT_Outline  outline = { 0, 0, NULL, NULL, NULL, 0 };
+         FT_Vector*  points    = NULL;
+         char*       tags      = NULL;
+         short*      contours  = NULL;
+@@ -1957,6 +1957,13 @@
+ 
+         limit = (short)gloader->current.num_subglyphs;
+ 
++        /* make sure this isn't negative as we're going to add 4 later */
++        if ( limit < 0 )
++        {
++          error = FT_THROW( Invalid_Argument );
++          goto Exit;
++        }
++
+         /* construct an outline structure for              */
+         /* communication with `TT_Vary_Apply_Glyph_Deltas' */
+         outline.n_points   = (short)( gloader->current.num_subglyphs + 4 );
+-- 
+2.47.2
+
diff -Nru freetype-2.12.1+dfsg/debian/patches/series freetype-2.12.1+dfsg/debian/patches/series
--- freetype-2.12.1+dfsg/debian/patches/series	2024-02-24 11:01:26.000000000 +0000
+++ freetype-2.12.1+dfsg/debian/patches/series	2025-03-14 19:56:20.000000000 +0000
@@ -8,3 +8,4 @@
 CVE-2023-2004.patch
 disable_COLRv1.patch
 get_colr_glyph_paint.patch
+Minimal-stop-gap-fix-for-CVE-2025-27363.patch