From 29fa171a9d19cbb6da7a4074d501e189542d7f52 Mon Sep 17 00:00:00 2001
From: Gyorgy Sarvari <skandigraun@gmail.com>
Date: Thu, 8 Jan 2026 11:53:13 +0100
Subject: [PATCH] imagemagick: patch CVE-2025-55212

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-55212

Backport the patch that is mentioned in the NVD advisory.

Notes about the backport:
The original patch deletes two extra lines compared to the backport:
those lines were a previous attempt[1] to solve the same vulnerability,
and the final patch reverted them. Since that patch wasn't part of the
recipe, those deletions were dropped from the backported patch.

The PerceptibleReciprocal function was renamed[2] to MagickSafeReciprocal
after the recipe's revision, but there were no functional changes
in the function's behavior.

[1]: https://github.com/ImageMagick/ImageMagick/commit/43d92bf855155e8e716ecbb50ed94c2ed41ff9f6
[2]: https://github.com/ImageMagick/ImageMagick/commit/7e5d87fe6e9

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
---
 .../imagemagick/CVE-2025-55212.patch          | 29 +++++++++++++++++++
 .../imagemagick/imagemagick_7.1.1.bb          |  1 +
 2 files changed, 30 insertions(+)
 create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-55212.patch

diff --git a/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-55212.patch b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-55212.patch
new file mode 100644
index 0000000000..40a1b6fc4d
--- /dev/null
+++ b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-55212.patch
@@ -0,0 +1,29 @@
+From 3cc6cf85fbe2d147c7b3d48e53f4e9f081448ae8 Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior@imagemagick.org>
+Date: Sun, 17 Aug 2025 14:33:44 -0400
+Subject: [PATCH] 
+ https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fh55-q5pj-pxgw
+
+CVE: CVE-2025-55212
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/5f0bcf986b8b5e90567750d31a37af502b73f2af]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ MagickCore/resize.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/MagickCore/resize.c b/MagickCore/resize.c
+index ea6e535f4..298662f8a 100644
+--- a/MagickCore/resize.c
++++ b/MagickCore/resize.c
+@@ -4624,8 +4624,9 @@ MagickExport Image *ThumbnailImage(const Image *image,const size_t columns,
+         x_factor,
+         y_factor;
+ 
+-      x_factor=(ssize_t) image->columns/(ssize_t) columns;
+-      y_factor=(ssize_t) image->rows/(ssize_t) rows;
++      x_factor=(ssize_t) (image->columns*PerceptibleReciprocal((double) 
++        columns));
++      y_factor=(ssize_t) (image->rows*PerceptibleReciprocal((double) rows));
+       if ((x_factor > 4) && (y_factor > 4))
+         {
+           thumbnail_image=SampleImage(clone_image,4*columns,4*rows,exception);
diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb
index 5e9561291c..b299f0d2b6 100644
--- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb
+++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb
@@ -20,6 +20,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
            file://CVE-2025-55005.patch \
            file://CVE-2025-55154.patch \
            file://CVE-2025-55160.patch \
+           file://CVE-2025-55212.patch \
            "
 SRCREV = "82572afc879b439cbf8c9c6f3a9ac7626adf98fb"