gnu: gd: Update to 2.3.0.

* gnu/packages/patches/gd-fix-tests-on-i686.patch: Adjust context.
* gnu/packages/patches/gd-CVE-2018-1000222.patch,
gnu/packages/patches/gd-CVE-2018-5711.patch,
gnu/packages/patches/gd-CVE-2019-6977.patch,
gnu/packages/patches/gd-CVE-2019-6978.patch,
gnu/packages/patches/gd-freetype-test-failure.patch: Delete files.
* gnu/packages/patches/gd-brect-bounds.patch: New file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly
* gnu/packages/gd.scm (gd): Update to 2.3.0.
[source](patches): Remove obsolete.
* gnu/packages/gd.scm (gd):
[propagated-inputs]: Move LIBJPEG-TURBO and FONTCONFIG ...
[inputs]: ... here.

9 files changed, 72 insertions, 563 deletions

diff --git a/gnu/local.mk b/gnu/local.mk
index ff92662cf4..6d689f6dc2 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -925,12 +925,8 @@ dist_patch_DATA =						\
   %D%/packages/patches/gcc-8-strmov-store-file-names.patch	\
   %D%/packages/patches/gcc-9-asan-fix-limits-include.patch	\
   %D%/packages/patches/gcc-9-strmov-store-file-names.patch	\
-  %D%/packages/patches/gd-CVE-2018-5711.patch			\
-  %D%/packages/patches/gd-CVE-2018-1000222.patch		\
-  %D%/packages/patches/gd-CVE-2019-6977.patch			\
-  %D%/packages/patches/gd-CVE-2019-6978.patch			\
   %D%/packages/patches/gd-fix-tests-on-i686.patch		\
-  %D%/packages/patches/gd-freetype-test-failure.patch		\
+  %D%/packages/patches/gd-brect-bounds.patch			\
   %D%/packages/patches/geoclue-config.patch			\
   %D%/packages/patches/ghc-8.0-fall-back-to-madv_dontneed.patch	\
   %D%/packages/patches/ghc-testsuite-dlopen-pie.patch		\
diff --git a/gnu/packages/gd.scm b/gnu/packages/gd.scm
index 444c76956a..3c818872c1 100644
--- a/gnu/packages/gd.scm
+++ b/gnu/packages/gd.scm
@@ -42,7 +42,7 @@
     ;; Note: With libgd.org now pointing to github.com, genuine old
     ;; tarballs are no longer available.  Notably, versions 2.0.x are
     ;; missing.
-    (version "2.2.5")
+    (version "2.3.0")
     (source (origin
              (method url-fetch)
              (uri (string-append
@@ -50,14 +50,9 @@
                    version "/libgd-" version ".tar.xz"))
              (sha256
               (base32
-               "0lfy5f241sbv8s3splm2zqiaxv7lxrcshh875xryryk7yk5jqc4c"))
-
-             (patches (search-patches "gd-CVE-2018-5711.patch"
-                                      "gd-CVE-2018-1000222.patch"
-                                      "gd-CVE-2019-6977.patch"
-                                      "gd-CVE-2019-6978.patch"
-                                      "gd-fix-tests-on-i686.patch"
-                                      "gd-freetype-test-failure.patch"))))
+               "0n5czhxzinvjvmhkf5l9fwjdx5ip69k5k7pj6zwb6zs1k9dibngc"))
+             (patches (search-patches "gd-fix-tests-on-i686.patch"
+                                      "gd-brect-bounds.patch"))))
     (build-system gnu-build-system)
     (arguments
       ;; As recommended by github.com/libgd/libgd/issues/278 to fix rounding
@@ -78,12 +73,11 @@
     (native-inputs
      `(("pkg-config" ,pkg-config)))
     (inputs
-     `(("freetype" ,freetype)
+     `(("fontconfig" ,fontconfig)
+       ("freetype" ,freetype)
+       ("libjpeg" ,libjpeg-turbo)
        ("libpng" ,libpng)
        ("zlib" ,zlib)))
-    (propagated-inputs
-     `(("fontconfig" ,fontconfig)
-       ("libjpeg" ,libjpeg-turbo)))
     (home-page "https://www.libgd.org/")
     (synopsis "Library for the dynamic creation of images by programmers")
     (description
diff --git a/gnu/packages/patches/gd-CVE-2018-1000222.patch b/gnu/packages/patches/gd-CVE-2018-1000222.patch
deleted file mode 100644
index 7e94295bb6..0000000000
--- a/gnu/packages/patches/gd-CVE-2018-1000222.patch
+++ /dev/null
@@ -1,87 +0,0 @@
-Fix CVE-2018-1000222:
-
-https://github.com/libgd/libgd/issues/447
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000222
-
-Patch copied from upstream source repository:
-
-https://github.com/libgd/libgd/commit/4b1e18a00ce7c4b7e6919c3b3109a034393b805a
-
-From 4b1e18a00ce7c4b7e6919c3b3109a034393b805a Mon Sep 17 00:00:00 2001
-From: Mike Frysinger <vapier@gentoo.org>
-Date: Sat, 14 Jul 2018 13:54:08 -0400
-Subject: [PATCH] bmp: check return value in gdImageBmpPtr
-
-Closes #447.
-
-(cherry picked from commit ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5)
----
- src/gd_bmp.c | 17 ++++++++++++++---
- 1 file changed, 14 insertions(+), 3 deletions(-)
-
-diff --git a/src/gd_bmp.c b/src/gd_bmp.c
-index ccafdcd..d625da1 100644
---- a/src/gd_bmp.c
-+++ b/src/gd_bmp.c
-@@ -48,6 +48,8 @@ static int bmp_read_4bit(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info, bmp
- static int bmp_read_8bit(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info, bmp_hdr_t *header);
- static int bmp_read_rle(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info);
- 
-+static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression);
-+
- #define BMP_DEBUG(s)
- 
- static int gdBMPPutWord(gdIOCtx *out, int w)
-@@ -88,8 +90,10 @@ BGD_DECLARE(void *) gdImageBmpPtr(gdImagePtr im, int *size, int compression)
- 	void *rv;
- 	gdIOCtx *out = gdNewDynamicCtx(2048, NULL);
- 	if (out == NULL) return NULL;
--	gdImageBmpCtx(im, out, compression);
--	rv = gdDPExtractData(out, size);
-+	if (!_gdImageBmpCtx(im, out, compression))
-+		rv = gdDPExtractData(out, size);
-+	else
-+		rv = NULL;
- 	out->gd_free(out);
- 	return rv;
- }
-@@ -142,6 +146,11 @@ BGD_DECLARE(void) gdImageBmp(gdImagePtr im, FILE *outFile, int compression)
- 		compression - whether to apply RLE or not.
- */
- BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
-+{
-+	_gdImageBmpCtx(im, out, compression);
-+}
-+
-+static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
- {
- 	int bitmap_size = 0, info_size, total_size, padding;
- 	int i, row, xpos, pixel;
-@@ -149,6 +158,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
- 	unsigned char *uncompressed_row = NULL, *uncompressed_row_start = NULL;
- 	FILE *tmpfile_for_compression = NULL;
- 	gdIOCtxPtr out_original = NULL;
-+	int ret = 1;
- 
- 	/* No compression if its true colour or we don't support seek */
- 	if (im->trueColor) {
-@@ -326,6 +336,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
- 		out_original = NULL;
- 	}
- 
-+	ret = 0;
- cleanup:
- 	if (tmpfile_for_compression) {
- #ifdef _WIN32
-@@ -339,7 +350,7 @@ cleanup:
- 	if (out_original) {
- 		out_original->gd_free(out_original);
- 	}
--	return;
-+	return ret;
- }
- 
- static int compress_row(unsigned char *row, int length)
--- 
-2.18.0
-
diff --git a/gnu/packages/patches/gd-CVE-2018-5711.patch b/gnu/packages/patches/gd-CVE-2018-5711.patch
deleted file mode 100644
index 83b12cde63..0000000000
--- a/gnu/packages/patches/gd-CVE-2018-5711.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-This patch is adapted from commit a11f47475e6443b7f32d21f2271f28f417e2ac04 and
-fixes CVE-2018-5711.
-
-From a11f47475e6443b7f32d21f2271f28f417e2ac04 Mon Sep 17 00:00:00 2001
-From: "Christoph M. Becker" <cmbecker69@gmx.de>
-Date: Wed, 29 Nov 2017 19:37:38 +0100
-Subject: [PATCH] Fix #420: Potential infinite loop in gdImageCreateFromGifCtx
-
-Due to a signedness confusion in `GetCode_` a corrupt GIF file can
-trigger an infinite loop.  Furthermore we make sure that a GIF without
-any palette entries is treated as invalid *after* open palette entries
-have been removed.
-
-CVE-2018-5711
-
-See also https://bugs.php.net/bug.php?id=75571.
----
- src/gd_gif_in.c             |  12 ++++++------
- 1 file changed, 38 insertions(+), 6 deletions(-)
-
-diff --git a/src/gd_gif_in.c b/src/gd_gif_in.c
-index daf26e7..0a8bd71 100644
---- a/src/gd_gif_in.c
-+++ b/src/gd_gif_in.c
-@@ -335,11 +335,6 @@ terminated:
- 		return 0;
- 	}
- 
--	if(!im->colorsTotal) {
--		gdImageDestroy(im);
--		return 0;
--	}
--
- 	/* Check for open colors at the end, so
- 	 * we can reduce colorsTotal and ultimately
- 	 * BitsPerPixel */
-@@ -351,6 +346,11 @@ terminated:
- 		}
- 	}
- 
-+	if(!im->colorsTotal) {
-+		gdImageDestroy(im);
-+		return 0;
-+	}
-+
- 	return im;
- }
- 
-@@ -447,7 +447,7 @@ static int
- GetCode_(gdIOCtx *fd, CODE_STATIC_DATA *scd, int code_size, int flag, int *ZeroDataBlockP)
- {
- 	int i, j, ret;
--	unsigned char count;
-+	int count;
- 
- 	if(flag) {
- 		scd->curbit = 0;
-
--- 
-2.13.6
-
diff --git a/gnu/packages/patches/gd-CVE-2019-6977.patch b/gnu/packages/patches/gd-CVE-2019-6977.patch
deleted file mode 100644
index b21a8ac619..0000000000
--- a/gnu/packages/patches/gd-CVE-2019-6977.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-Fix CVE-2019-6977:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6977
-
-Patch copied from Debian:
-
-https://salsa.debian.org/debian/libgd2/commit/2d7d3b68bb79843e5271a05543e996fd5a3a8cd1
-
-Description: Heap-based buffer overflow in gdImageColorMatch
-Origin: other, https://gist.github.com/cmb69/1f36d285eb297ed326f5c821d7aafced
-Bug-PHP: https://bugs.php.net/bug.php?id=77270
-Bug-Debian: https://bugs.debian.org/920645
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-6977
-Forwarded: no
-Author: "Christoph M. Becker" <cmbecker69@gmx.de>
-Last-Update: 2019-02-01
-
-At least some of the image reading functions may return images which
-use color indexes greater than or equal to im->colorsTotal.  We cater
-to this by always using a buffer size which is sufficient for
-`gdMaxColors` in `gdImageColorMatch()`.
----
-
---- a/src/gd_color_match.c
-+++ b/src/gd_color_match.c
-@@ -31,8 +31,8 @@ BGD_DECLARE(int) gdImageColorMatch (gdIm
- 		return -4; /* At least 1 color must be allocated */
- 	}
- 
--	buf = (unsigned long *)gdMalloc(sizeof(unsigned long) * 5 * im2->colorsTotal);
--	memset (buf, 0, sizeof(unsigned long) * 5 * im2->colorsTotal );
-+	buf = (unsigned long *)gdMalloc(sizeof(unsigned long) * 5 * gdMaxColors);
-+	memset (buf, 0, sizeof(unsigned long) * 5 * gdMaxColors );
- 
- 	for (x=0; x < im1->sx; x++) {
- 		for( y=0; y<im1->sy; y++ ) {
diff --git a/gnu/packages/patches/gd-CVE-2019-6978.patch b/gnu/packages/patches/gd-CVE-2019-6978.patch
deleted file mode 100644
index 69fc5056fc..0000000000
--- a/gnu/packages/patches/gd-CVE-2019-6978.patch
+++ /dev/null
@@ -1,301 +0,0 @@
-Fix CVE-2019-6978:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6978
-
-Patch copied from upstream source repository:
-
-https://github.com/libgd/libgd/commit/553702980ae89c83f2d6e254d62cf82e204956d0
-
-From 553702980ae89c83f2d6e254d62cf82e204956d0 Mon Sep 17 00:00:00 2001
-From: "Christoph M. Becker" <cmbecker69@gmx.de>
-Date: Thu, 17 Jan 2019 11:54:55 +0100
-Subject: [PATCH] Fix #492: Potential double-free in gdImage*Ptr()
-
-Whenever `gdImage*Ptr()` calls `gdImage*Ctx()` and the latter fails, we
-must not call `gdDPExtractData()`; otherwise a double-free would
-happen.  Since `gdImage*Ctx()` are void functions, and we can't change
-that for BC reasons, we're introducing static helpers which are used
-internally.
-
-We're adding a regression test for `gdImageJpegPtr()`, but not for
-`gdImageGifPtr()` and `gdImageWbmpPtr()` since we don't know how to
-trigger failure of the respective `gdImage*Ctx()` calls.
-
-This potential security issue has been reported by Solmaz Salimi (aka.
-Rooney).
----
- src/gd_gif_out.c                  | 18 +++++++++++++++---
- src/gd_jpeg.c                     | 20 ++++++++++++++++----
- src/gd_wbmp.c                     | 21 ++++++++++++++++++---
- tests/jpeg/.gitignore             |  1 +
- tests/jpeg/CMakeLists.txt         |  1 +
- tests/jpeg/Makemodule.am          |  3 ++-
- tests/jpeg/jpeg_ptr_double_free.c | 31 +++++++++++++++++++++++++++++++
- 7 files changed, 84 insertions(+), 11 deletions(-)
- create mode 100644 tests/jpeg/jpeg_ptr_double_free.c
-
-diff --git a/src/gd_gif_out.c b/src/gd_gif_out.c
-index 298a581..d5a9534 100644
---- a/src/gd_gif_out.c
-+++ b/src/gd_gif_out.c
-@@ -99,6 +99,7 @@ static void char_init(GifCtx *ctx);
- static void char_out(int c, GifCtx *ctx);
- static void flush_char(GifCtx *ctx);
- 
-+static int _gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out);
- 
- 
- 
-@@ -131,8 +132,11 @@ BGD_DECLARE(void *) gdImageGifPtr(gdImagePtr im, int *size)
- 	void *rv;
- 	gdIOCtx *out = gdNewDynamicCtx(2048, NULL);
- 	if (out == NULL) return NULL;
--	gdImageGifCtx(im, out);
--	rv = gdDPExtractData(out, size);
-+	if (!_gdImageGifCtx(im, out)) {
-+		rv = gdDPExtractData(out, size);
-+	} else {
-+		rv = NULL;
-+	}
- 	out->gd_free(out);
- 	return rv;
- }
-@@ -220,6 +224,12 @@ BGD_DECLARE(void) gdImageGif(gdImagePtr im, FILE *outFile)
- 
- */
- BGD_DECLARE(void) gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out)
-+{
-+	_gdImageGifCtx(im, out);
-+}
-+
-+/* returns 0 on success, 1 on failure */
-+static int _gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out)
- {
- 	gdImagePtr pim = 0, tim = im;
- 	int interlace, BitsPerPixel;
-@@ -231,7 +241,7 @@ BGD_DECLARE(void) gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out)
- 		based temporary image. */
- 		pim = gdImageCreatePaletteFromTrueColor(im, 1, 256);
- 		if(!pim) {
--			return;
-+			return 1;
- 		}
- 		tim = pim;
- 	}
-@@ -247,6 +257,8 @@ BGD_DECLARE(void) gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out)
- 		/* Destroy palette based temporary image. */
- 		gdImageDestroy(	pim);
- 	}
-+
-+	return 0;
- }
- 
- 
-diff --git a/src/gd_jpeg.c b/src/gd_jpeg.c
-index fc05842..96ef430 100644
---- a/src/gd_jpeg.c
-+++ b/src/gd_jpeg.c
-@@ -117,6 +117,8 @@ static void fatal_jpeg_error(j_common_ptr cinfo)
- 	exit(99);
- }
- 
-+static int _gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality);
-+
- /*
-  * Write IM to OUTFILE as a JFIF-formatted JPEG image, using quality
-  * QUALITY.  If QUALITY is in the range 0-100, increasing values
-@@ -231,8 +233,11 @@ BGD_DECLARE(void *) gdImageJpegPtr(gdImagePtr im, int *size, int quality)
- 	void *rv;
- 	gdIOCtx *out = gdNewDynamicCtx(2048, NULL);
- 	if (out == NULL) return NULL;
--	gdImageJpegCtx(im, out, quality);
--	rv = gdDPExtractData(out, size);
-+	if (!_gdImageJpegCtx(im, out, quality)) {
-+		rv = gdDPExtractData(out, size);
-+	} else {
-+		rv = NULL;
-+	}
- 	out->gd_free(out);
- 	return rv;
- }
-@@ -253,6 +258,12 @@ void jpeg_gdIOCtx_dest(j_compress_ptr cinfo, gdIOCtx *outfile);
- 
- */
- BGD_DECLARE(void) gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality)
-+{
-+	_gdImageJpegCtx(im, outfile, quality);
-+}
-+
-+/* returns 0 on success, 1 on failure */
-+static int _gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality)
- {
- 	struct jpeg_compress_struct cinfo;
- 	struct jpeg_error_mgr jerr;
-@@ -287,7 +298,7 @@ BGD_DECLARE(void) gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality)
- 		if(row) {
- 			gdFree(row);
- 		}
--		return;
-+		return 1;
- 	}
- 
- 	cinfo.err->emit_message = jpeg_emit_message;
-@@ -328,7 +339,7 @@ BGD_DECLARE(void) gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality)
- 	if(row == 0) {
- 		gd_error("gd-jpeg: error: unable to allocate JPEG row structure: gdCalloc returns NULL\n");
- 		jpeg_destroy_compress(&cinfo);
--		return;
-+		return 1;
- 	}
- 
- 	rowptr[0] = row;
-@@ -405,6 +416,7 @@ BGD_DECLARE(void) gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality)
- 	jpeg_finish_compress(&cinfo);
- 	jpeg_destroy_compress(&cinfo);
- 	gdFree(row);
-+	return 0;
- }
- 
- 
-diff --git a/src/gd_wbmp.c b/src/gd_wbmp.c
-index f19a1c9..a49bdbe 100644
---- a/src/gd_wbmp.c
-+++ b/src/gd_wbmp.c
-@@ -88,6 +88,8 @@ int gd_getin(void *in)
- 	return (gdGetC((gdIOCtx *)in));
- }
- 
-+static int _gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out);
-+
- /*
- 	Function: gdImageWBMPCtx
- 
-@@ -100,6 +102,12 @@ int gd_getin(void *in)
- 		out   - the stream where to write
- */
- BGD_DECLARE(void) gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out)
-+{
-+	_gdImageWBMPCtx(image, fg, out);
-+}
-+
-+/* returns 0 on success, 1 on failure */
-+static int _gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out)
- {
- 	int x, y, pos;
- 	Wbmp *wbmp;
-@@ -107,7 +115,7 @@ BGD_DECLARE(void) gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out)
- 	/* create the WBMP */
- 	if((wbmp = createwbmp(gdImageSX(image), gdImageSY(image), WBMP_WHITE)) == NULL) {
- 		gd_error("Could not create WBMP\n");
--		return;
-+		return 1;
- 	}
- 
- 	/* fill up the WBMP structure */
-@@ -123,11 +131,15 @@ BGD_DECLARE(void) gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out)
- 
- 	/* write the WBMP to a gd file descriptor */
- 	if(writewbmp(wbmp, &gd_putout, out)) {
-+		freewbmp(wbmp);
- 		gd_error("Could not save WBMP\n");
-+		return 1;
- 	}
- 
- 	/* des submitted this bugfix: gdFree the memory. */
- 	freewbmp(wbmp);
-+
-+	return 0;
- }
- 
- /*
-@@ -271,8 +283,11 @@ BGD_DECLARE(void *) gdImageWBMPPtr(gdImagePtr im, int *size, int fg)
- 	void *rv;
- 	gdIOCtx *out = gdNewDynamicCtx(2048, NULL);
- 	if (out == NULL) return NULL;
--	gdImageWBMPCtx(im, fg, out);
--	rv = gdDPExtractData(out, size);
-+	if (!_gdImageWBMPCtx(im, fg, out)) {
-+		rv = gdDPExtractData(out, size);
-+	} else {
-+		rv = NULL;
-+	}
- 	out->gd_free(out);
- 	return rv;
- }
-#diff --git a/tests/jpeg/.gitignore b/tests/jpeg/.gitignore
-#index c28aa87..13bcf04 100644
-#--- a/tests/jpeg/.gitignore
-#+++ b/tests/jpeg/.gitignore
-#@@ -3,5 +3,6 @@
-# /jpeg_empty_file
-# /jpeg_im2im
-# /jpeg_null
-#+/jpeg_ptr_double_free
-# /jpeg_read
-# /jpeg_resolution
-diff --git a/tests/jpeg/CMakeLists.txt b/tests/jpeg/CMakeLists.txt
-index 19964b0..a8d8162 100644
---- a/tests/jpeg/CMakeLists.txt
-+++ b/tests/jpeg/CMakeLists.txt
-@@ -2,6 +2,7 @@ IF(JPEG_FOUND)
- LIST(APPEND TESTS_FILES
- 	jpeg_empty_file
- 	jpeg_im2im
-+	jpeg_ptr_double_free
- 	jpeg_null
- )
- 
-diff --git a/tests/jpeg/Makemodule.am b/tests/jpeg/Makemodule.am
-index 7e5d317..b89e169 100644
---- a/tests/jpeg/Makemodule.am
-+++ b/tests/jpeg/Makemodule.am
-@@ -2,7 +2,8 @@ if HAVE_LIBJPEG
- libgd_test_programs += \
- 	jpeg/jpeg_empty_file \
- 	jpeg/jpeg_im2im \
--	jpeg/jpeg_null
-+	jpeg/jpeg_null \
-+	jpeg/jpeg_ptr_double_free
- 
- if HAVE_LIBPNG
- libgd_test_programs += \
-diff --git a/tests/jpeg/jpeg_ptr_double_free.c b/tests/jpeg/jpeg_ptr_double_free.c
-new file mode 100644
-index 0000000..df5a510
---- /dev/null
-+++ b/tests/jpeg/jpeg_ptr_double_free.c
-@@ -0,0 +1,31 @@
-+/**
-+ * Test that failure to convert to JPEG returns NULL
-+ *
-+ * We are creating an image, set its width to zero, and pass this image to
-+ * `gdImageJpegPtr()` which is supposed to fail, and as such should return NULL.
-+ *
-+ * See also <https://github.com/libgd/libgd/issues/381>
-+ */
-+
-+
-+#include "gd.h"
-+#include "gdtest.h"
-+
-+
-+int main()
-+{
-+    gdImagePtr src, dst;
-+    int size;
-+
-+    src = gdImageCreateTrueColor(1, 10);
-+    gdTestAssert(src != NULL);
-+
-+    src->sx = 0; /* this hack forces gdImageJpegPtr() to fail */
-+
-+    dst = gdImageJpegPtr(src, &size, 0);
-+    gdTestAssert(dst == NULL);
-+
-+    gdImageDestroy(src);
-+
-+    return gdNumFailures();
-+}
--- 
-2.20.1
-
diff --git a/gnu/packages/patches/gd-brect-bounds.patch b/gnu/packages/patches/gd-brect-bounds.patch
new file mode 100644
index 0000000000..575e4dc2ad
--- /dev/null
+++ b/gnu/packages/patches/gd-brect-bounds.patch
@@ -0,0 +1,63 @@
+Revert upstream commit 04bb9a08b3c25f8e3c0c235f9cefc0f94df59a5a because it
+causes a test failure on i686 and possibly other architectures.
+
+See <https://github.com/libgd/libgd/issues/613>.
+
+diff --git a/src/gdft.c b/src/gdft.c
+--- a/src/gdft.c
++++ b/src/gdft.c
+@@ -1579,6 +1579,12 @@ BGD_DECLARE(char *) gdImageStringFTEx (gdImage * im, int *brect, int fg, const c
+ 		double scalex = (double)hdpi / (64 * METRIC_RES);
+ 		double scaley = (double)vdpi / (64 * METRIC_RES);
+ 
++		/* increase by 1 pixel to allow for rounding */
++		total_min.x -= METRIC_RES;
++		total_min.y -= METRIC_RES;
++		total_max.x += METRIC_RES;
++		total_max.y += METRIC_RES;
++
+ 		/* rotate bounding rectangle, scale and round to int pixels, and translate */
+ 		brect[0] = x + (total_min.x * cos_a + total_max.y * sin_a)*scalex;
+ 		brect[1] = y - (total_min.x * sin_a - total_max.y * cos_a)*scaley;
+diff --git a/tests/gdimagestringft/gdimagestringft_bbox.c b/tests/gdimagestringft/gdimagestringft_bbox.c
+--- a/tests/gdimagestringft/gdimagestringft_bbox.c
++++ b/tests/gdimagestringft/gdimagestringft_bbox.c
+@@ -8,22 +8,22 @@
+ #define DELTA (PI/8)
+ 
+ static int EXPECT[16][8] = {
+-	{500, 400, 628, 400, 628, 376, 500, 376},
+-	{492, 362, 611, 312, 601, 290, 483, 339},
+-	{470, 330, 561, 239, 544, 221, 453, 312},
+-	{437, 308, 486, 189, 464, 180, 414, 299},
+-	{400, 301, 400, 173, 376, 173, 376, 301},
+-	{363, 309, 313, 190, 291, 200, 340, 318},
+-	{332, 331, 241, 240, 223, 257, 314, 348},
+-	{311, 363, 192, 314, 183, 336, 302, 386},
+-	{304, 399, 176, 399, 176, 423, 304, 423},
+-	{312, 435, 193, 485, 203, 507, 321, 458},
+-	{333, 465, 242, 556, 259, 574, 350, 483},
+-	{364, 486, 315, 605, 337, 614, 387, 495},
+-	{399, 492, 399, 620, 423, 620, 423, 492},
+-	{434, 484, 484, 603, 506, 593, 457, 475},
+-	{463, 464, 554, 555, 572, 538, 481, 447},
+-	{483, 434, 602, 483, 611, 461, 492, 411},
++	{498, 401, 630, 401, 630, 374, 498, 374},
++	{491, 364, 613, 313, 602, 288, 481, 338},
++	{470, 332, 563, 239, 544, 219, 451, 312},
++	{438, 310, 488, 189, 463, 178, 412, 300},
++	{401, 303, 401, 171, 374, 171, 374, 303},
++	{365, 310, 314, 188, 289, 199, 339, 320},
++	{334, 331, 241, 238, 221, 257, 314, 350},
++	{313, 362, 192, 312, 181, 337, 303, 388},
++	{306, 398, 174, 398, 174, 425, 306, 425},
++	{313, 433, 191, 484, 202, 509, 323, 459},
++	{333, 463, 240, 556, 259, 576, 352, 483},
++	{363, 484, 313, 605, 338, 616, 389, 494},
++	{398, 490, 398, 622, 425, 622, 425, 490},
++	{432, 483, 483, 605, 508, 594, 458, 473},
++	{461, 464, 554, 557, 574, 538, 481, 445},
++	{481, 435, 602, 485, 613, 460, 491, 409},
+ };
+ 
+ int main()
diff --git a/gnu/packages/patches/gd-fix-tests-on-i686.patch b/gnu/packages/patches/gd-fix-tests-on-i686.patch
index 280893c1d4..7ec8e7fee9 100644
--- a/gnu/packages/patches/gd-fix-tests-on-i686.patch
+++ b/gnu/packages/patches/gd-fix-tests-on-i686.patch
@@ -38,7 +38,7 @@ diff -ru libgd-2.2.3.orig/tests/gdimagecopyresampled/bug00201.c libgd-2.2.3/test
 @@ -65,7 +66,8 @@
      gdImageDestroy(background);
      gdImageDestroy(scaled_logo);
-     
+ 
 -    gdAssertImageEqualsToFile("gdimagecopyresampled/bug00201_exp.png", img);
 +    if (FLT_EVAL_METHOD != 2)
 +        gdAssertImageEqualsToFile("gdimagecopyresampled/bug00201_exp.png", img);
diff --git a/gnu/packages/patches/gd-freetype-test-failure.patch b/gnu/packages/patches/gd-freetype-test-failure.patch
deleted file mode 100644
index 49c16ca089..0000000000
--- a/gnu/packages/patches/gd-freetype-test-failure.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-Fix a test failure with freetype 2.7:
-
-https://github.com/libgd/libgd/commit/a5570d3ed30ff76c2a8bdd54f4ab1825acca0143
-
-Patch copied from upstream source repository:
-
-https://github.com/libgd/libgd/commit/a5570d3ed30ff76c2a8bdd54f4ab1825acca0143
-
-From a5570d3ed30ff76c2a8bdd54f4ab1825acca0143 Mon Sep 17 00:00:00 2001
-From: "Christoph M. Becker" <cmbecker69@gmx.de>
-Date: Sun, 29 Jan 2017 17:07:50 +0100
-Subject: [PATCH] Fix #302: Test suite fails with freetype 2.7
-
-Actually, the test failures are not necessarily related to freetype
-2.7, but rather are caused by subpixel hinting which is enabled by
-default in freetype 2.7. Subpixel hinting is, however, already
-available in freetype 2.5 and in versions having the "Infinality"
-patch.
-
-To get the expected results in all environments, we have to disable
-subpixel hinting, what is easily done by setting a respective
-environment variable.
-
-See also:
-* https://www.freetype.org/freetype2/docs/subpixel-hinting.html
-* https://www.freetype.org/freetype2/docs/reference/ft2-tt_driver.html
----
- tests/freetype/bug00132.c                    | 3 +++
- tests/gdimagestringft/gdimagestringft_bbox.c | 3 +++
- 2 files changed, 6 insertions(+)
-
-diff --git a/tests/freetype/bug00132.c b/tests/freetype/bug00132.c
-index 713dd2d..42ed5b1 100644
---- a/tests/freetype/bug00132.c
-+++ b/tests/freetype/bug00132.c
-@@ -11,6 +11,9 @@ int main()
- 	char *path;
- 	char *ret = NULL;
- 
-+	/* disable subpixel hinting */
-+	putenv("FREETYPE_PROPERTIES=truetype:interpreter-version=35");
-+
- 	im = gdImageCreateTrueColor(50, 30);
- 
- 	if (!im) {
-diff --git a/tests/gdimagestringft/gdimagestringft_bbox.c b/tests/gdimagestringft/gdimagestringft_bbox.c
-index 0161ec8..1596a9e 100644
---- a/tests/gdimagestringft/gdimagestringft_bbox.c
-+++ b/tests/gdimagestringft/gdimagestringft_bbox.c
-@@ -38,6 +38,9 @@ int main()
- 	int error = 0;
- 	FILE *fp;
- 
-+	/* disable subpixel hinting */
-+	putenv("FREETYPE_PROPERTIES=truetype:interpreter-version=35");
-+
- 	path = gdTestFilePath("freetype/DejaVuSans.ttf");
- 	im = gdImageCreate(800, 800);
- 	gdImageColorAllocate(im, 0xFF, 0xFF, 0xFF); /* allocate white for background color */