harfbuzz - Debian Package Tracker

general

source: harfbuzz (main)
version: 12.3.2-2
maintainer: أحمد المحمودي (Ahmed El-Mahmoudy) (DMD)
uploaders: Emilio Pozuelo Monfort [DMD]
arch: all any
std-ver: 4.7.3
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.7.4-1
oldstable: 6.0.0+dfsg-3
stable: 10.2.0-1
testing: 12.3.2-2
unstable: 12.3.2-2

versioned links

2.7.4-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
6.0.0+dfsg-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
10.2.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
12.3.2-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

gir1.2-harfbuzz-0.0
libharfbuzz-bin
libharfbuzz-cairo0
libharfbuzz-dev (2 bugs: 0, 2, 0, 0)
libharfbuzz-doc
libharfbuzz-gobject0
libharfbuzz-icu0
libharfbuzz-subset0
libharfbuzz0-udeb
libharfbuzz0b (1 bugs: 0, 1, 0, 0)

action needed

A new upstream version is available: 13.1.1 high

A new upstream version 13.1.1 is available, you should consider packaging it.

Created: 2026-03-07 Last update: 2026-03-17 22:00

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2025-01-06 Last update: 2026-03-17 22:47

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 13.0.1-1, distribution unstable) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit b712a7d616adb706796c12ea80f4cd9f71784574
Author: أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net>
Date:   Wed Mar 11 22:54:42 2026 +0100

    Update changelog for 13.0.1-1 release

commit ac5c66a281ec9b58b6097506cafd345fc71c1e03
Author: أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net>
Date:   Wed Mar 11 22:53:56 2026 +0100

    d/copyright: update copyright info

commit 24efa06a4166b6040f97d538bd63c1fb67ac218a
Author: أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net>
Date:   Tue Mar 10 06:01:21 2026 +0100

    Update changelog for 13.0.1-1 release

commit 91fa4bd68b2538784ede2262415052998dd6c304
Author: أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net>
Date:   Tue Mar 10 05:47:59 2026 +0100

    Add hide-raster-internal-symbols.patch to hide raster library internal symbols

commit 71487788c20bd8d3970e437fc20b4b80d88b3e19
Author: أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net>
Date:   Tue Mar 10 03:10:43 2026 +0100

    Add install_hb-raster.patch to install hb-raster executable

commit 4c096d889a391332cfac19e701507f4673c3c704
Author: أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net>
Date:   Sun Mar 8 21:04:12 2026 +0100

    Update changelog for 13.0.1-1~1.gbpb573c8 release

commit 5186d84c3c6bcaefbfca1bce74d0eb1cf64be6ed
Author: أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net>
Date:   Mon Mar 9 00:35:25 2026 +0100

    d/t/control: change pkg-config dep to pkgconf

commit c5ba1706e5d85b1ff35fe955cd2eca1c0130553b
Author: أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net>
Date:   Sun Mar 8 23:42:59 2026 +0100

    Update symbols

commit 263c56bbe1e3d5a8deacaeb8fad49c15b0f7f12e
Author: أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net>
Date:   Sun Mar 8 21:05:01 2026 +0100

    Drop fix-man-whatis.patch, applied upstream

commit 2a323d6d85f41920400a91aea992e9be3d8a8489
Author: أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net>
Date:   Sun Mar 8 21:00:47 2026 +0100

    Add libharfbuzz-{vector,raster}0 binary packages

commit eb0b0b5bc388fd5d0cccf2bab0ed1280b0ab021d
Merge: 473233ff d0d2f7e1
Author: أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net>
Date:   Sun Mar 8 20:48:30 2026 +0100

    Update upstream source from tag 'upstream/13.0.1'
    
    Update to upstream version '13.0.1'
    with Debian dir 7c88477d7539855937a4526083258e80d1e80285

commit 473233ff9c998a6e4d7f155fbfc27a8f5ed05d29
Author: أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net>
Date:   Thu Feb 19 22:05:16 2026 +0100

    fix-man-whatis.patch: workaround to use @OUTPUT@ instead of @INPUT@.1

commit b99d0736c5427c959f01b6088ed7e04769ec5c29
Author: أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net>
Date:   Wed Feb 18 23:37:56 2026 +0100

    Update changelog for 12.3.2-2 release

commit 98f5b5d0a16623b9bef327ea933f46b41ad6fd9f
Author: أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net>
Date:   Mon Feb 16 20:51:10 2026 +0100

    fix-man-whatis.patch: use sh -c around help2man to do shell expansion

commit 88f4bb4b8dfb36d425a165cf3631d6890994f09b
Author: أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net>
Date:   Thu Jan 29 19:20:11 2026 +0100

    Update changelog for 12.3.2-1 release

commit d69ea2cd111a2810250b678e2f1bc88dae3f3545
Merge: b4c9e824 6489b3da
Author: أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net>
Date:   Thu Jan 29 19:18:36 2026 +0100

    Update upstream source from tag 'upstream/12.3.2'
    
    Update to upstream version '12.3.2'
    with Debian dir 972541866631bfeb9e4a812f1f7f442bf52c76ce

commit b4c9e8244055d3bddeb880992c0329d16f0b169a
Author: أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net>
Date:   Sat Jan 24 19:14:32 2026 +0100

    Update changelog for 12.3.1-1 release

commit d93dc8ac733473e62b5d0c26e22ca7ccb56398af
Author: أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net>
Date:   Sat Jan 24 03:56:31 2026 +0100

    Update changelog for 12.3.1-1~2.gbp885dfb release

commit 885dfb83aec6a093f6fa97bf636211894eb59fd5
Author: أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net>
Date:   Sat Jan 24 03:55:48 2026 +0100

    Dropped fix-CVE-2026-22693.patch, applied upstream

commit a34f80f4acf3e92803bf0371b807e2d192873b79
Author: أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net>
Date:   Sat Jan 24 03:55:34 2026 +0100

    Update changelog for 12.3.1-1~1.gbp1837f9 release

commit 1837f9c92be28ed205d6af177c7f114dda04ee96
Merge: 15493d36 f1be1c8b
Author: أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net>
Date:   Sat Jan 24 03:44:43 2026 +0100

    Update upstream source from tag 'upstream/12.3.1'
    
    Update to upstream version '12.3.1'
    with Debian dir a4591288e3684236cde65e5d624ea5ae3fda7ddd

commit 15493d369cfa8dd56b7ff87ad8af2b1044ffed6f
Author: أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net>
Date:   Sat Jan 10 20:28:16 2026 +0100

    Update changelog for 12.3.0-4 release

commit c047b29686284da1d85233d37934a0efc2aa21f6
Author: أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net>
Date:   Sat Jan 10 20:26:16 2026 +0100

    d/control: Drop redundant Priority: optional

commit 9ff1134b37c635bec49bf62ea89e539ebaa042ff
Author: أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net>
Date:   Sat Jan 10 20:22:01 2026 +0100

    Add fix-CVE-2026-22693.patch to fix CVE-2026-22693
    
    Closes: #1125189

commit 6d1387a2465d5dd3a57beeaa0ded5ad838c54054
Author: أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net>
Date:   Wed Jan 7 18:49:56 2026 +0100

    Update copyright years

commit 214219534ef736d3afcda1192fee509dcf86ff3b
Author: أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net>
Date:   Wed Jan 7 01:35:03 2026 +0100

    Update changelog for 12.3.0-3 release

commit 05dbcf905048575e0dcc8413cb2a70570c7c06dc
Author: أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net>
Date:   Wed Jan 7 01:33:58 2026 +0100

    d/control: drop dh-sequence-movetousr from build-deps (again!)

commit 4c364a803a01a70ca2c4bc7f2c3afb454c99dea4
Author: أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net>
Date:   Wed Jan 7 01:32:47 2026 +0100

    Update changelog for 12.3.0-2 release

commit 448206184840e4506c16cf3237aec83ef968f777
Author: أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net>
Date:   Mon Jan 5 01:50:38 2026 +0100

    Remove d/libharfbuzz-gobject0.lintian-overrides, as it overrides an obsolete tag

commit c89a69136e5f1c3150a6a57d7f084a6db57aea5e
Author: أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net>
Date:   Sun Jan 4 15:02:30 2026 +0100

    d/libharfbuzz0-udeb.install: install in /usr/lib
    
    Closes: #1124592

commit 772a5735b0e5c4384d57816fbc2501ba45b272f7
Author: أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net>
Date:   Sat Jan 3 16:17:33 2026 +0100

    Import Debian changes 12.3.0-1
    
    harfbuzz (12.3.0-1) unstable; urgency=medium
    .
      * New upstream release
      * d/control:
        + bump standards version to 4.7.3
        + d/control: add dh-sequence-movetousr to build-deps again
          (Closes: #1124592)

commit 569d0a179b09f80b14b84785f7e450c70b4a78b9
Author: أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net>
Date:   Sun Dec 28 20:05:10 2025 +0100

    Update changelog for 12.3.0-1 release

commit 83e287f0cb8884ca779603db10899b8d223cb7c2
Author: أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net>
Date:   Mon Jan 5 01:50:38 2026 +0100

    Remove d/libharfbuzz-gobject0.lintian-overrides, as it overrides an obsolete tag

commit 8733f43f1b1e6a99365d17b281b0705e65182d88
Author: أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net>
Date:   Sun Jan 4 15:02:30 2026 +0100

    d/libharfbuzz0-udeb.install: install in /usr/lib
    
    Closes: #1124592

commit 79fce0c740ce98dbc9a4ee531e3c0aa5b0ec456c
Author: أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net>
Date:   Sun Dec 28 20:04:50 2025 +0100

    d/control: bump standards version to 4.7.3

commit 791e271edc30891cc9d2533770fda7ed68aa3a63
Author: أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net>
Date:   Sun Dec 28 19:44:21 2025 +0100

    Update changelog for 12.3.0-1~1.gbpf2e04a release

commit f2e04a979f6a3731d545356c192fe468629932b5
Merge: 96a527ce 59ebc527
Author: أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net>
Date:   Sun Dec 28 19:42:25 2025 +0100

    Update upstream source from tag 'upstream/12.3.0'
    
    Update to upstream version '12.3.0'
    with Debian dir 366276f2c27174fd8bb694cd620c900304fee0c2

commit 96a527cee9f17cf831c00dc3a2081901ca0e5bf9
Author: أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net>
Date:   Mon Nov 10 10:33:41 2025 +0100

    Update changelog for 12.2.0-1 release

commit eb091b29309064871213459e56eec8e49c84186c
Author: أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net>
Date:   Fri Dec 12 17:48:26 2025 +0100

    d/control: drop dh-sequence-movetousr from build-deps
    
    Closes: #1122764

commit e7150f0505da1dbb49bc92c60bdd5f2f3f154ea7
Author: أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net>
Date:   Mon Nov 10 10:27:19 2025 +0100

    Update changelog for 12.2.0-1~1.gbp744749 release

commit 744749601c2ff7f761f186f655a0deef0abc97c9
Merge: 26fe17b5 32081a3d
Author: أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net>
Date:   Mon Nov 10 03:31:45 2025 +0100

    Update upstream source from tag 'upstream/12.2.0'
    
    Update to upstream version '12.2.0'
    with Debian dir 47f1883b781cc9e29dc78c8a63155ae152b1d8ad

commit 26fe17b5660fa914272b167df8ad231b80edfd69
Author: أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net>
Date:   Wed Oct 1 16:58:33 2025 +0200

    Update changelog for 12.1.0-1 release

commit 99206b679bb150435af052a7d1f0abb3f9385e1f
Author: أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net>
Date:   Wed Oct 1 17:40:37 2025 +0200

    Revert "d/gbp.conf: build experimental branch"
    
    This reverts commit 91acd703f6fd9638f685d4bf4f51fe9a23de2997.
    
    Gbp-Dch: ignore

commit d0d9c9c86db8505538de652d05b137f8c31a458b
Author: أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net>
Date:   Wed Oct 1 16:25:00 2025 +0200

    d/libharfbuzz0b.symbols: update symbols

commit c94a895df38e8d274cd243361b8ac52c793b41a7
Author: أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net>
Date:   Wed Oct 1 15:37:40 2025 +0200

    Update changelog for 12.0.0-1~2.gbp2e2b6e release

commit 6c833fb074a93d236d82a0de8b88615e24467fe2
Author: Khaled Hosny <khaled@aliftype.com>
Date:   Wed Oct 1 08:26:58 2025 +0300

    [docs] Fix build

commit 4f017affdd0c95915ad102f6db6bdd41fdf79a1b
Author: Khaled Hosny <khaled@aliftype.com>
Date:   Wed Oct 1 08:24:34 2025 +0300

    12.1.0

commit b87365a4894679fa233043ace90f23ddeeb757c2
Author: Behdad Esfahbod <behdad@behdad.org>
Date:   Tue Sep 30 15:31:04 2025 -0400

    Add `hb_ot_layout_lookup_collect_glyph_alternates()` (#5367)
    
    * [map] Massage operator << overloads
    
    * [ot-layout] Add +hb_ot_layout_lookup_collect_glyph_alternates
    
    To collect all glyph mapping from SingleSubst or AlternateSubst
    lookups in one call.  Needed by FreeType autohinter for performance.
    
    New API:
    +hb_ot_layout_lookup_collect_glyph_alternates()
    
    * [layout] Change hb_ot_layout_lookup_collect_glyph_alternates() API
    
    https://github.com/harfbuzz/harfbuzz/pull/5367#discussion_r2149019638

commit 73cb7a34f78d884f0dde1e9a9d4b125eab84bf89
Author: Behdad Esfahbod <behdad@behdad.org>
Date:   Tue Sep 30 13:18:46 2025 -0600

    [pragmas] Disable -Wuninitialized and -Wmaybe-uninitialized on gcc
    
    Fixes https://github.com/harfbuzz/harfbuzz/issues/5589
    CC https://github.com/harfbuzz/harfbuzz/pull/5367

commit dcca39681b1dda111f91bb619bc655a887bf61f3
Author: Behdad Esfahbod <behdad@behdad.org>
Date:   Tue Sep 30 12:59:34 2025 -0600

    [Coverage] Simplify initialization

commit 12f18b375e6e5b16380a3391cadfd6a805837eb3
Author: Behdad Esfahbod <behdad@behdad.org>
Date:   Mon Sep 29 23:00:28 2025 -0400

    [pragmas] Demote -Wuninitialized from error to warning (#5593)
    
    I suspect a gcc false positive.
    
    "Fixes" https://github.com/harfbuzz/harfbuzz/issues/5589

commit 855b2037cf1544056f824d894569818f9d626721
Author: Behdad Esfahbod <behdad@behdad.org>
Date:   Mon Sep 29 23:00:21 2025 -0400

    [alloc-pool] Fix alignment (#5592)
    
    We were aligning on the bytes remaining. Align on actual
    pointer.
    
    Probably fixes https://github.com/harfbuzz/harfbuzz/issues/5591

commit 1182fcd386da165f4f59d2bd3834c646717ab8fa
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Mon Sep 29 13:20:00 2025 -0600

    Bump github/codeql-action from 3.30.3 to 3.30.5 (#5590)
    
    Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.30.3 to 3.30.5.
    - [Release notes](https://github.com/github/codeql-action/releases)
    - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
    - [Commits](https://github.com/github/codeql-action/compare/192325c86100d080feab897ff886c34abd4c83a3...3599b3baa15b485a2e49ef411a7a4bb2452e7f93)
    
    ---
    updated-dependencies:
    - dependency-name: github/codeql-action
      dependency-version: 3.30.5
      dependency-type: direct:production
      update-type: version-update:semver-patch
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

commit 7d990eb4fcb8ccd0694bea334112610439927367
Author: أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net>
Date:   Tue Sep 30 06:24:55 2025 +0200

    Update changelog for 12.0.0-1~1.gbpc23f63 release

commit 89c8e78d0823cada81de6acf83cf9b9244203d21
Author: Khaled Hosny <khaled@aliftype.com>
Date:   Sun Sep 28 00:55:46 2025 +0300

    12.0.0

commit 217773ec20e5ad0054b80d9e561444d1f66b9950
Author: Qunxin Liu <48925186+qxliu76@users.noreply.github.com>
Date:   Fri Sep 26 09:10:28 2025 -0700

    [subset] de-duplicate features (#5494)

commit f0800f82166ea6b2580f21bab76bfd486f965125
Author: Behdad Esfahbod <behdad@behdad.org>
Date:   Thu Sep 25 21:54:20 2025 -0400

    Reapply "[VARC] Graduate out of experimental" (#5588)
    
    This reverts commit 673934f2ce569b81a2ac094d2316033425ab6928.

commit 14fca0cd47828b9ddf8975fa58b59dbe41a249d8
Author: Behdad Esfahbod <behdad@behdad.org>
Date:   Wed Sep 24 16:39:38 2025 -0400

    [shape] Use a buffer scratch flag for fraction slash (#5587)
    
    * [shape] Use a buffer scratch flag for fraction slash
    
    * Remove unused non-ascii scratch flag

commit 5bdb49e4553f64fdb7245308a8255b56cc2a7046
Author: Behdad Esfahbod <behdad@behdad.org>
Date:   Wed Sep 24 13:28:28 2025 -0600

    [rust] Tweak debugoptimized again
    
    Now on par in perf with release, but nice stacktraces.

commit 467ca87111e5256a813bf667f681513d7c9ebb10
Author: Behdad Esfahbod <behdad@behdad.org>
Date:   Wed Sep 24 13:12:50 2025 -0600

    [rust] Change debugoptimized build to inherit dev instead of release
    
    I was getting useless profiler stacks with the previous setup.
    This one makes the debugoptimized build 30% slower than release
    in one of my benchmarks, but at least we get useful stacktraces
    by default.

commit cf8d37a834e878ae20b8951f73f9405a80a46def
Author: Behdad Esfahbod <behdad@behdad.org>
Date:   Wed Sep 24 12:42:53 2025 -0600

    [ValueFormat] comment

commit 43a1fbc2ad5ace4cc9c4c8551a6bcc14f5f1612c
Author: Behdad Esfahbod <behdad@behdad.org>
Date:   Wed Sep 24 00:04:19 2025 -0600

    Fix fuzzer issue

commit 5b3a19326cd72e1b7c2a1ae09de31a442cf4bbe8
Author: Behdad Esfahbod <behdad@behdad.org>
Date:   Wed Sep 24 01:49:57 2025 -0400

    [shape] Use a buffer scratch flag for continuations (#5586)
    
    Use it in form_clusters instead of ascii flag, for speedup.

commit 0695eca8c4322c92f712689480205e936253156c
Author: Behdad Esfahbod <behdad@behdad.org>
Date:   Wed Sep 24 00:22:56 2025 -0400

    [rust] Don't use panic_immediate_abort (#5585)
    
    It has changed. Use optimize_for_size which seems to have the
    same size reduction effect.
    
    Fixes https://github.com/harfbuzz/harfbuzz/issues/5584

commit 5424d21924f2c63ea69c468f9ca3e16fa7fbc7c4
Author: Behdad Esfahbod <behdad@behdad.org>
Date:   Tue Sep 23 19:47:01 2025 -0600

    Speed up ValueFormat len() calc

commit 088ff9de259b04d87372f3bfb408dd67788b43cd
Author: Behdad Esfahbod <behdad@behdad.org>
Date:   Tue Sep 23 22:34:02 2025 -0400

    On gcc <= 12 don't use num fast path (#5578)
    
    Fixes https://github.com/harfbuzz/harfbuzz/issues/5456

commit 6f2bbf12090b756503ebc24d66d731fd39358a55
Author: Behdad Esfahbod <behdad@behdad.org>
Date:   Tue Sep 23 19:09:46 2025 -0600

    [bit-page] Remove leftover bits from iterator

commit 0f39565cc83fac4a55e7260bc543e07658580ed2
Author: Behdad Esfahbod <behdad@behdad.org>
Date:   Tue Sep 23 20:56:53 2025 -0400

    [buffer] Remove HB_BUFFER_SCRATCH_FLAG_HAS_GLYPH_FLAGS (#5583)
    
    It complicated correctness analysis. Remove it and always
    propagate flags, which are much faster now anyway.

commit c3ba72bf5ef05ccd2cee766021acb34cb1c0e99c
Author: Behdad Esfahbod <behdad@behdad.org>
Date:   Tue Sep 23 20:44:44 2025 -0400

    [shape] Fix up propagate-flags after previous changes (#5582)

commit 77319aa26caad5879944c27eed36b550b92dff78
Author: Behdad Esfahbod <behdad@behdad.org>
Date:   Tue Sep 23 18:32:42 2025 -0600

    [shape] Fix typo in propagate_flags

commit fa15026e186ad196c30b028332529d5c204cb7c2
Author: Behdad Esfahbod <behdad@behdad.org>
Date:   Tue Sep 23 20:30:06 2025 -0400

    Propagate flags speedup (#5581)
    
    * [shape] Micro-opt
    
    * [shape] Speed up propagate_flags

commit de63be631d7369af1e292dd7f867aec55e8b27f7
Author: Qunxin Liu <48925186+qxliu76@users.noreply.github.com>
Date:   Tue Sep 23 14:32:41 2025 -0700

    [subset-repacker] bug fix: copy markFilteringSet field if exists (#5579)

commit 92b580308e783ab873ae75562c3fc30ea5d4ba9f
Author: Behdad Esfahbod <behdad@behdad.org>
Date:   Tue Sep 23 13:32:15 2025 -0400

    [chaincontext] Micro-optimize a conditional away

commit 766bd278fcb89fec4f444a97121089047ec33888
Author: Behdad Esfahbod <behdad@behdad.org>
Date:   Tue Sep 23 11:55:26 2025 -0400

    [buffer] Micro-opt next_glyphs()

commit 9c1b3274e217ce8ac6b34066dd0a776fd0c5a111
Author: Behdad Esfahbod <behdad@behdad.org>
Date:   Tue Sep 23 11:23:03 2025 -0400

    [set-digest] Comments

commit 02658c325c6f56febc485f07d72f0b61fd0c96e9
Author: Behdad Esfahbod <behdad@behdad.org>
Date:   Tue Sep 23 10:13:28 2025 -0400

    [buffer-message] Disable "more" messages by default (#5577)
    
    This was not suppoosed to be turned on by default, as it has a
    performance overhead. Instead, tools like Crowbar should define
    HB_BUFFER_MESSAGE_MORE to 1 when building HarfBuzz.

commit cbc984bdc3750fbbff9e128349a591a0df0d19b3
Author: Behdad Esfahbod <behdad@behdad.org>
Date:   Mon Sep 22 17:31:11 2025 -0400

    [ot-shape] Update update_digest() calls
    
    Correction to ccfd1ae2d68b920702c10b34711b72d5ac6ad39c

commit 9de026bccf88fb316ea11d9ae79f4ad638810201
Author: Behdad Esfahbod <behdad@behdad.org>
Date:   Mon Sep 22 16:33:52 2025 -0400

    [apply-forward] Speed up glyph skipping
    
    6% speedup in Roboto-Regular benchmark.

commit 4d464b3439100e7a388b0380fd67089ec4769996
Author: Behdad Esfahbod <behdad@behdad.org>
Date:   Mon Sep 22 16:48:32 2025 -0400

    [buffer] Retain digest in the buffer
    
    We don't have to reinitialize it for GPOS now, showing some
    1.5% speedup on Roboto-Regular benchmark.
    
    Over time we can change the various gsub_pauses to update the digest
    in-place instead of returning true.

commit c18672332f5d71bf0ae1fdb09e0c8eecd523b3b8
Author: Behdad Esfahbod <behdad@behdad.org>
Date:   Mon Sep 22 14:48:42 2025 -0400

    [iup] Use a member pointer

commit c686aa13f0dd9dad29d5ec4d4cee901bdd13ac89
Author: Behdad Esfahbod <behdad@behdad.org>
Date:   Mon Sep 22 14:45:42 2025 -0400

    [iup] Add an early exit

commit 2d6ade41b288b1422606706a7d5879df9e7946b9
Author: Behdad Esfahbod <behdad@behdad.org>
Date:   Mon Sep 22 14:36:02 2025 -0400

    [iup] Micro-optimize
    
    Doesn't matter.

commit 067b8eb1810db2f975c31acf6780f1aff3821587
Author: Khaled Hosny <khaled@aliftype.com>
Date:   Mon Sep 22 19:58:28 2025 +0300

    11.5.1

commit 708b74c06756110c5e5fb87eefee7d9921a64111
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Mon Sep 15 10:24:19 2025 +0000

    Bump hendrikmuhs/ccache-action from 1.2.18 to 1.2.19
    
    Bumps [hendrikmuhs/ccache-action](https://github.com/hendrikmuhs/ccache-action) from 1.2.18 to 1.2.19.
    - [Release notes](https://github.com/hendrikmuhs/ccache-action/releases)
    - [Commits](https://github.com/hendrikmuhs/ccache-action/compare/63069e3931dedbf3b63792097479563182fe70d1...bfa03e1de4d7f7c3e80ad9109feedd05c4f5a716)
    
    ---
    updated-dependencies:
    - dependency-name: hendrikmuhs/ccache-action
      dependency-version: 1.2.19
      dependency-type: direct:production
      update-type: version-update:semver-patch
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>

commit 1e58595cf75996fd0e02e42a38950892da95398d
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Mon Sep 15 10:20:04 2025 +0000

    Bump github/codeql-action from 3.30.1 to 3.30.3
    
    Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.30.1 to 3.30.3.
    - [Release notes](https://github.com/github/codeql-action/releases)
    - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
    - [Commits](https://github.com/github/codeql-action/compare/f1f6e5f6af878fb37288ce1c627459e94dbf7d01...192325c86100d080feab897ff886c34abd4c83a3)
    
    ---
    updated-dependencies:
    - dependency-name: github/codeql-action
      dependency-version: 3.30.3
      dependency-type: direct:production
      update-type: version-update:semver-patch
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>

commit 41570a090bebb26a1361124701918cb53eb8eb64
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Mon Sep 22 10:26:00 2025 +0000

    Bump fonttools from 4.59.2 to 4.60.0 in /.ci
    
    Bumps [fonttools](https://github.com/fonttools/fonttools) from 4.59.2 to 4.60.0.
    - [Release notes](https://github.com/fonttools/fonttools/releases)
    - [Changelog](https://github.com/fonttools/fonttools/blob/main/NEWS.rst)
    - [Commits](https://github.com/fonttools/fonttools/compare/4.59.2...4.60.0)
    
    ---
    updated-dependencies:
    - dependency-name: fonttools
      dependency-version: 4.60.0
      dependency-type: direct:production
      update-type: version-update:semver-minor
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>

commit a3011a4b51af16c323a474e2d9e8710a34e26620
Author: Behdad Esfahbod <behdad@behdad.org>
Date:   Thu Sep 18 11:18:09 2025 -0400

    [alloc-pool] Reduce memory usage by reclaiming some discards

commit 0c8f0e250b023f5381d4250e7fdcc7a8c32688ff
Author: Behdad Esfahbod <behdad@behdad.org>
Date:   Thu Sep 18 11:04:06 2025 -0400

    [alloc-pool] Implement alignment

commit 017401bdee46151cc8c77a2806672585daf166b1
Author: Behdad Esfahbod <behdad@behdad.org>
Date:   Thu Sep 18 10:57:43 2025 -0400

    [set] Speed up iterator

commit b9199489f96827acd64dfa79699e0e8010670210
Author: Behdad Esfahbod <behdad@behdad.org>
Date:   Wed Sep 17 15:32:46 2025 -0400

    [instancer/iup] Reduce mallocs again
    
    Perhaps shrink() shouldn't default to realloc. Working on it.

commit 9c23059cc541c581bbaa9cee85702298fb1ab734
Author: Behdad Esfahbod <behdad@behdad.org>
Date:   Wed Sep 17 00:31:50 2025 -0400

    Revert "[instancer] Preallocate coordinate maps from alloc pool as well"
    
    This reverts commit 3f71afe7605cdc7260990f8925e6ed49521fe728.
    
    Slowed things down.

Created: 2026-03-09 Last update: 2026-03-17 02:31

lintian reports 2 warnings normal

Lintian reports 2 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2026-01-30 Last update: 2026-02-28 06:31

1 low-priority security issue in trixie low

There is 1 open security issue in trixie.

1 issue left for the package maintainer to handle:

CVE-2026-22693: (needs triaging) HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh. The function fails to check if hb_malloc returns NULL before using placement new to construct an object at the returned pointer address. When hb_malloc fails to allocate memory (which can occur in low-memory conditions or when using custom allocators that simulate allocation failures), it returns NULL. The code then attempts to call the constructor on this null pointer using placement new syntax, resulting in undefined behavior and a Segmentation Fault. This issue has been patched in version 12.3.0.

You can find information about how to handle this issue in the security team's documentation.

Created: 2026-01-10 Last update: 2026-02-24 04:01

2 low-priority security issues in bookworm low

There are 2 open security issues in bookworm.

2 issues left for the package maintainer to handle:

CVE-2023-25193: (needs triaging) hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.
CVE-2026-22693: (needs triaging) HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh. The function fails to check if hb_malloc returns NULL before using placement new to construct an object at the returned pointer address. When hb_malloc fails to allocate memory (which can occur in low-memory conditions or when using custom allocators that simulate allocation failures), it returns NULL. The code then attempts to call the constructor on this null pointer using placement new syntax, resulting in undefined behavior and a Segmentation Fault. This issue has been patched in version 12.3.0.

You can find information about how to handle these issues in the security team's documentation.

Created: 2023-06-10 Last update: 2026-02-24 04:01

news

[rss feed]

[2026-02-24] harfbuzz 12.3.2-2 MIGRATED to testing (Debian testing watch)
[2026-02-18] Accepted harfbuzz 12.3.2-2 (source) into unstable (أحمد المحمودي (Ahmed El-Mahmoudy)) (signed by: أحمد المحمودي)
[2026-02-04] harfbuzz 12.3.2-1 MIGRATED to testing (Debian testing watch)
[2026-01-30] Accepted harfbuzz 12.3.2-1 (source) into unstable (أحمد المحمودي (Ahmed El-Mahmoudy)) (signed by: أحمد المحمودي)
[2026-01-25] Accepted harfbuzz 12.3.1-1 (source) into unstable (أحمد المحمودي (Ahmed El-Mahmoudy)) (signed by: أحمد المحمودي)
[2026-01-17] harfbuzz 12.3.0-4 MIGRATED to testing (Debian testing watch)
[2026-01-11] Accepted harfbuzz 12.3.0-4 (source) into unstable (أحمد المحمودي (Ahmed El-Mahmoudy)) (signed by: أحمد المحمودي)
[2026-01-07] Accepted harfbuzz 12.3.0-3 (source) into unstable (أحمد المحمودي (Ahmed El-Mahmoudy)) (signed by: أحمد المحمودي)
[2026-01-06] Accepted harfbuzz 12.3.0-2 (source) into unstable (أحمد المحمودي (Ahmed El-Mahmoudy)) (signed by: أحمد المحمودي)
[2026-01-05] Accepted harfbuzz 12.3.0-1 (source) into unstable (أحمد المحمودي (Ahmed El-Mahmoudy)) (signed by: أحمد المحمودي)
[2025-12-20] harfbuzz 12.2.0-1 MIGRATED to testing (Debian testing watch)
[2025-12-20] harfbuzz 12.2.0-1 MIGRATED to testing (Debian testing watch)
[2025-12-15] Accepted harfbuzz 12.2.0-1 (source) into unstable (أحمد المحمودي (Ahmed El-Mahmoudy)) (signed by: أحمد المحمودي)
[2025-10-07] harfbuzz 12.1.0-1 MIGRATED to testing (Debian testing watch)
[2025-10-02] Accepted harfbuzz 12.1.0-1 (source) into unstable (أحمد المحمودي (Ahmed El-Mahmoudy)) (signed by: أحمد المحمودي)
[2025-09-18] Accepted harfbuzz 11.5.0-1 (source) into unstable (أحمد المحمودي (Ahmed El-Mahmoudy)) (signed by: أحمد المحمودي)
[2025-09-11] harfbuzz 11.4.5-1 MIGRATED to testing (Debian testing watch)
[2025-09-02] Accepted harfbuzz 11.4.5-1 (source) into unstable (أحمد المحمودي (Ahmed El-Mahmoudy)) (signed by: أحمد المحمودي)
[2025-01-21] harfbuzz 10.2.0-1 MIGRATED to testing (Debian testing watch)
[2025-01-15] Accepted harfbuzz 10.2.0-2 (source) into experimental (أحمد المحمودي (Ahmed El-Mahmoudy)) (signed by: أحمد المحمودي)
[2025-01-14] Accepted harfbuzz 10.2.0-1 (source) into unstable (أحمد المحمودي (Ahmed El-Mahmoudy)) (signed by: أحمد المحمودي)
[2025-01-01] harfbuzz 10.1.0-2 MIGRATED to testing (Debian testing watch)
[2024-12-28] Accepted harfbuzz 10.1.0-2 (source) into unstable (Jeremy Bícha) (signed by: Jeremy Bicha)
[2024-12-12] harfbuzz 10.1.0-1 MIGRATED to testing (Debian testing watch)
[2024-12-07] Accepted harfbuzz 10.1.0-1 (source) into unstable (Jeremy Bícha) (signed by: Jeremy Bicha)
[2024-10-23] harfbuzz 10.0.1-1 MIGRATED to testing (Debian testing watch)
[2024-10-17] Accepted harfbuzz 10.0.1-1 (source) into unstable (Jeremy Bícha) (signed by: Jeremy Bicha)
[2024-08-24] harfbuzz 9.0.0-1 MIGRATED to testing (Debian testing watch)
[2024-08-14] Accepted harfbuzz 9.0.0-1 (source) into unstable (Jeremy Bícha) (signed by: Jeremy Bicha)
[2024-01-26] harfbuzz 8.3.0-2 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 5
RC: 0
I&N: 4
M&W: 1
F&P: 0
patch: 1

links

homepage
lintian (0, 2)
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 12.3.2-2
3 bugs