diff --git a/ChangeLog b/ChangeLog
index d4b197b17..42f046952 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2007-05-25  Werner Lemberg  <wl@gnu.org>
+
+	* docs/CHANGES: Updated.
+
 2007-05-24  Werner Lemberg  <wl@gnu.org>
 
 	* src/truetype/ttobjs.h (tt_size_ready_bytecode): Move declaration
@@ -10,12 +14,21 @@
 
 2007-05-22  David Turner  <david@freetype.org>
 
-	* src/truetype/ttgload.c: fix Werner's recent graphics state
-	patch to avoid crashes when we don't use the bytecode interpreter !
+	* src/truetype/ttgload.c (load_truetype_glyph): Fix last change to
+	avoid crashes in case the bytecode interpreter is not used.
 
-	* src/lzw/ftzopen.h, src/lzw/ftzopen.c: fix for bug #19910
-	(heap blowup with very large .Z font file). The .Z format is
-	*really* crappy :-(
+
+	Avoid heap blowup with very large .Z font files.  This fixes
+	Savannah bug #19910.
+
+	* src/lzw/ftzopen.h (FT_LzwStateRec): Remove `in_cursor',
+	`in_limit', `pad', `pad_bits', and `in_buff' members.
+	Add `buf_tab', `buf_offset', `buf_size', `buf_clear', and
+	`buf_total' members.
+
+	* src/lzw/ftzopen.c (ft_lzwstate_get_code): Rewritten.  It now takes
+	only one argument.
+	(ft_lzwstate_refill, ft_lzwstate_reset, ft_lzwstate_io): Updated.
 
 2007-05-20  Ismail Dönmez  <ismail@pardus.org.tr>
 
@@ -154,8 +167,8 @@
 
 2007-04-25  Boris Letocha <b.letocha@cz.gmc.net>
 
-	* src/truetype/ttobjs.c: fix a typo that created a speed regression
-	in the TrueType bytecode loader
+	* src/truetype/ttobjs.c: Fix a typo that created a speed regression
+	in the TrueType bytecode loader.
 
 2007-04-10  Martin Horak  <horakm@centrum.cz>
 
diff --git a/docs/CHANGES b/docs/CHANGES
index e1a431a85..0cbf0c8e8 100644
--- a/docs/CHANGES
+++ b/docs/CHANGES
@@ -6,9 +6,18 @@ CHANGES BETWEEN 2.3.5 and 2.3.4
     - Some subglyphs in TrueType fonts were handled incorrectly due to
       a missing graphics state reinitialization.
 
+    - Large .Z files  (as distributed with some X11  packages) weren't
+      handled correctly, making FreeType increase the heap stack in an
+      endless loop.
+
 
   II. IMPORTANT CHANGES
 
+    - The  two new  cache functions  `FTC_ImageCache_LookupScaler' and
+      `FTC_SBit_Cache_LookupScaler' have been added to allow lookup of
+      glyphs using an  `FTC_Scaler' object;  this makes it possible to
+      use fractional pixel sizes in the cache.
+
     - A new API  `FT_Get_CMap_Format)' has been added to  get the cmap
       format  of a  TrueType font.   This  is useful  in handling  PDF
       files.  The code has been contributed by Derek Clegg.
diff --git a/src/lzw/ftzopen.c b/src/lzw/ftzopen.c
index 85e322362..fc7831510 100644
--- a/src/lzw/ftzopen.c
+++ b/src/lzw/ftzopen.c
@@ -8,7 +8,7 @@
 /*  be used to parse compressed PCF fonts, as found with many X11 server   */
 /*  distributions.                                                         */
 /*                                                                         */
-/*  Copyright 2005, 2006 by David Turner.                                  */
+/*  Copyright 2005, 2006, 2007 by David Turner.                            */
 /*                                                                         */
 /*  This file is part of the FreeType project, and may only be used,       */
 /*  modified, and distributed under the terms of the FreeType project      */
@@ -23,25 +23,27 @@
 #include FT_INTERNAL_STREAM_H
 #include FT_INTERNAL_DEBUG_H
 
+
   static int
   ft_lzwstate_refill( FT_LzwState  state )
   {
     FT_ULong  count;
 
-    if (state->in_eof)
+
+    if ( state->in_eof )
       return -1;
 
     count = FT_Stream_TryRead( state->source,
                                state->buf_tab,
-                               state->num_bits );  /* WHY ?? */
+                               state->num_bits );  /* WHY? */
 
-    state->buf_size   = (FT_UInt) count;
+    state->buf_size   = (FT_UInt)count;
     state->buf_total += count;
     state->in_eof     = FT_BOOL( count < state->num_bits );
     state->buf_offset = 0;
-    state->buf_size   = (state->buf_size << 3) - (state->num_bits-1);
+    state->buf_size   = ( state->buf_size << 3 ) - ( state->num_bits - 1 );
 
-    if (count == 0)  /* end of file */
+    if ( count == 0 )  /* end of file */
       return -1;
 
     return 0;
@@ -63,10 +65,10 @@
     {
       if ( state->free_ent >= state->free_bits )
       {
-        state->num_bits = ++num_bits;
+        state->num_bits  = ++num_bits;
         state->free_bits = state->num_bits < state->max_bits
-                        ? (FT_UInt)( ( 1UL << num_bits ) - 256 )
-                        : state->max_free + 1;
+                           ? (FT_UInt)( ( 1UL << num_bits ) - 256 )
+                           : state->max_free + 1;
       }
 
       if ( state->buf_clear )
@@ -87,22 +89,22 @@
     p         = &state->buf_tab[offset >> 3];
     offset   &= 7;
     result    = *p++ >> offset;
-    offset    = 8-offset;
+    offset    = 8 - offset;
     num_bits -= offset;
-    if (num_bits >= 8)
+
+    if ( num_bits >= 8 )
     {
       result   |= *p++ << offset;
       offset   += 8;
       num_bits -= 8;
     }
-    if (num_bits > 0)
-      result |= (*p & LZW_MASK(num_bits)) << offset;
+    if ( num_bits > 0 )
+      result |= ( *p & LZW_MASK( num_bits ) ) << offset;
 
     return result;
   }
 
 
-
   /* grow the character stack */
   static int
   ft_lzwstate_stack_grow( FT_LzwState  state )
@@ -173,14 +175,14 @@
   FT_LOCAL_DEF( void )
   ft_lzwstate_reset( FT_LzwState  state )
   {
-    state->in_eof    = 0;
+    state->in_eof     = 0;
     state->buf_offset = 0;
     state->buf_size   = 0;
     state->buf_clear  = 0;
     state->buf_total  = 0;
-    state->stack_top = 0;
-    state->num_bits  = LZW_INIT_BITS;
-    state->phase     = FT_LZW_PHASE_START;
+    state->stack_top  = 0;
+    state->num_bits   = LZW_INIT_BITS;
+    state->phase      = FT_LZW_PHASE_START;
   }
 
 
@@ -222,13 +224,13 @@
   }
 
 
-#define FTLZW_STACK_PUSH( c )                          \
-  FT_BEGIN_STMNT                                       \
-    if ( state->stack_top >= state->stack_size &&      \
-         ft_lzwstate_stack_grow( state ) < 0   )       \
-      goto Eof;                                        \
-                                                       \
-    state->stack[ state->stack_top++ ] = (FT_Byte)(c); \
+#define FTLZW_STACK_PUSH( c )                        \
+  FT_BEGIN_STMNT                                     \
+    if ( state->stack_top >= state->stack_size &&    \
+         ft_lzwstate_stack_grow( state ) < 0   )     \
+      goto Eof;                                      \
+                                                     \
+    state->stack[state->stack_top++] = (FT_Byte)(c); \
   FT_END_STMNT
 
 
@@ -268,7 +270,8 @@
           goto Eof;
 
         state->num_bits = LZW_INIT_BITS;
-        state->free_ent = ( state->block_mode ? LZW_FIRST : LZW_CLEAR ) - 256;
+        state->free_ent = ( state->block_mode ? LZW_FIRST
+                                              : LZW_CLEAR ) - 256;
         in_code  = 0;
 
         state->free_bits = state->num_bits < state->max_bits
@@ -306,7 +309,8 @@
 
         if ( code == LZW_CLEAR && state->block_mode )
         {
-          state->free_ent  = ( LZW_FIRST - 1 ) - 256; /* why not LZW_FIRST-256 ? */
+          /* why not LZW_FIRST-256 ? */
+          state->free_ent  = ( LZW_FIRST - 1 ) - 256;
           state->buf_clear = 1;
           c = ft_lzwstate_get_code( state );
           if ( c < 0 )
diff --git a/src/lzw/ftzopen.h b/src/lzw/ftzopen.h
index 16a53eee7..97881149c 100644
--- a/src/lzw/ftzopen.h
+++ b/src/lzw/ftzopen.h
@@ -8,7 +8,7 @@
 /*  be used to parse compressed PCF fonts, as found with many X11 server   */
 /*  distributions.                                                         */
 /*                                                                         */
-/*  Copyright 2005, 2006 by David Turner.                                  */
+/*  Copyright 2005, 2006, 2007 by David Turner.                            */
 /*                                                                         */
 /*  This file is part of the FreeType project, and may only be used,       */
 /*  modified, and distributed under the terms of the FreeType project      */
diff --git a/src/truetype/ttgload.c b/src/truetype/ttgload.c
index 6e9cc808a..038bbb7d2 100644
--- a/src/truetype/ttgload.c
+++ b/src/truetype/ttgload.c
@@ -1384,9 +1384,9 @@
 
         TT_GraphicsState  saved_GS;
 
-        if (loader->exec)
-          saved_GS = loader->exec->GS;
 
+        if ( loader->exec )
+          saved_GS = loader->exec->GS;
 
         FT_GlyphLoader_Add( gloader );
 
@@ -1397,7 +1397,7 @@
 
 
           /* reinitialize graphics state */
-          if (loader->exec)
+          if ( loader->exec )
             loader->exec->GS = saved_GS;
 
           /* Each time we call load_truetype_glyph in this loop, the   */