diff -Nru fontforge-20201107~dfsg/debian/changelog fontforge-20201107~dfsg/debian/changelog
--- fontforge-20201107~dfsg/debian/changelog	2020-11-25 01:21:25.000000000 +0000
+++ fontforge-20201107~dfsg/debian/changelog	2020-12-23 05:24:44.000000000 +0000
@@ -1,3 +1,12 @@
+fontforge (1:20201107~dfsg-2+rpi1) bullseye-staging; urgency=medium
+
+  [changes brought forward from 1:20190801~dfsg-4+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Wed, 01 Apr 2020 17:53:42 +0000]
+  * Disable call to SplineFontFree in _MergeFont to work around use after
+    free bug (see debian bug 948876).
+  * Fix clean target.
+
+ -- Peter Michael Greem <plugwash@raspbian.org>  Wed, 23 Dec 2020 05:24:44 +0000
+
 fontforge (1:20201107~dfsg-2) unstable; urgency=medium
 
   * debian/libfontforge4.install: Fix incorrect path.  For example, on i386,
diff -Nru fontforge-20201107~dfsg/debian/patches/4000-use-after-free-hack.patch fontforge-20201107~dfsg/debian/patches/4000-use-after-free-hack.patch
--- fontforge-20201107~dfsg/debian/patches/4000-use-after-free-hack.patch	1970-01-01 00:00:00.000000000 +0000
+++ fontforge-20201107~dfsg/debian/patches/4000-use-after-free-hack.patch	2020-12-23 05:24:44.000000000 +0000
@@ -0,0 +1,20 @@
+Description:  Disable call to SplineFontFree in _MergeFont 
+ works around use after  free bug (see debian bug 948876) at the cost of
+ probablly causing a memory leak.
+Author: Peter Michael Green <plugwash@raspbian.org>
+
+Index: fontforge-20190801~dfsg/fontforge/fvfonts.c
+===================================================================
+--- fontforge-20190801~dfsg.orig/fontforge/fvfonts.c
++++ fontforge-20190801~dfsg/fontforge/fvfonts.c
+@@ -1157,8 +1157,8 @@ static void _MergeFont(SplineFont *into,
+     free(mapping);
+     GlyphHashFree(into);
+     MergeFixupRefChars(into);
+-    if ( other->fv==NULL )
+-	SplineFontFree(other);
++//    if ( other->fv==NULL )
++//	SplineFontFree(other);
+     into->changed = true;
+     FontViewReformatAll(into);
+     GlyphHashFree(into);
diff -Nru fontforge-20201107~dfsg/debian/patches/series fontforge-20201107~dfsg/debian/patches/series
--- fontforge-20201107~dfsg/debian/patches/series	2020-11-25 01:21:25.000000000 +0000
+++ fontforge-20201107~dfsg/debian/patches/series	2020-12-23 05:24:44.000000000 +0000
@@ -3,3 +3,4 @@
 0003-use-local-libjs-mathjax.patch
 2003_avoid_privacy_breach.patch
 2004-fix-privacy-breach-logo.patch
+4000-use-after-free-hack.patch
diff -Nru fontforge-20201107~dfsg/debian/rules fontforge-20201107~dfsg/debian/rules
--- fontforge-20201107~dfsg/debian/rules	2020-11-23 07:54:36.000000000 +0000
+++ fontforge-20201107~dfsg/debian/rules	2020-12-23 05:24:44.000000000 +0000
@@ -57,6 +57,10 @@
 override_dh_strip:
 	dh_strip --dbgsym-migration='fontforge-dbg (<< 1:20170731~dfsg-2~)'
 
+override_dh_auto_clean:
+	dh_auto_clean
+	rm -rf build
+
 # track symbols using pkgkde-symbolshelper
 %:
 	dh $@ --with pkgkde_symbolshelper