libgd 2.2.3 has been released [0], which includes fixes for
CVE-2016-6207.

I built it on x86_64, and also cross-built to i686-linux. The 32-bit rounding
issue that Mark fixed with commit 27326064 was reported upstream [1],
and the suggested workaround is to add "-msse -mfpmath=sse" to CFLAGS
[2].

Having removed Mark's patch, I can cross-build to i686-linux using those
flags. The patch has gone stale with the 2.2.3 release:

---
gdimagerotate/bug00067.c: In function ‘main’:
gdimagerotate/bug00067.c:11:14: error: unused variable ‘filename’ [-Werror=unused-variable]
  char *path, filename[2048];
              ^
gdimagerotate/bug00067.c:11:8: error: unused variable ‘path’ [-Werror=unused-variable]
  char *path, filename[2048];
        ^
cc1: all warnings being treated as errors
Makefile:3120: recipe for target 'gdimagerotate/bug00067.o' failed
---

Should these CFLAGS values be applied unconditionally, as in the
attached patch, or should they be applied only while building on or for
specific architectures? Or something else?

[0]
https://github.com/libgd/libgd/releases/tag/gd-2.2.3

[1]
https://github.com/libgd/libgd/issues/242

[2]
https://github.com/libgd/libgd/commit/62ecc651e7780add5e4035bfc0e6cd060e90f6a9