imagemagick: patch CVE-2025-55004

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-55004

Pick the patch that mentions the related github advisory[1] explicitly in
its commit message.

[1]: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cjc8-g9w8-chfw

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>

meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-55004.patch

@@ -0,0 +1,65 @@
+From e3b2eba8a84e7c4222bcf1a843c1677b7406db3f Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior@imagemagick.org>
+Date: Thu, 7 Aug 2025 19:14:00 -0400
+Subject: [PATCH] 
+ https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cjc8-g9w8-chfw
+
+CVE: CVE-2025-55004
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/55d97055e00a7bc7ae2776c99824002fbb4a72aa]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ coders/png.c | 33 ++++++++++-----------------------
+ 1 file changed, 10 insertions(+), 23 deletions(-)
+
+diff --git a/coders/png.c b/coders/png.c
+index 23a96e4d0..c6fae6283 100644
+--- a/coders/png.c
++++ b/coders/png.c
+@@ -4785,37 +4785,24 @@ static Image *ReadOneJNGImage(MngReadInfo *mng_info,
+       jng_image=ReadImage(alpha_image_info,exception);
+ 
+       if (jng_image != (Image *) NULL)
+-        for (y=0; y < (ssize_t) image->rows; y++)
+         {
+-          s=GetVirtualPixels(jng_image,0,y,image->columns,1,exception);
+-          q=GetAuthenticPixels(image,0,y,image->columns,1,exception);
+-          if ((s == (const Quantum *)  NULL) || (q == (Quantum *) NULL))
+-            break;
++          image->alpha_trait=BlendPixelTrait;
++          for (y=0; y < (ssize_t) image->rows; y++)
++          {
++            s=GetVirtualPixels(jng_image,0,y,image->columns,1,exception);
++            q=GetAuthenticPixels(image,0,y,image->columns,1,exception);
++            if ((s == (const Quantum *)  NULL) || (q == (Quantum *) NULL))
++              break;
+ 
+-          if (image->alpha_trait != UndefinedPixelTrait)
+             for (x=(ssize_t) image->columns; x != 0; x--)
+             {
+               SetPixelAlpha(image,GetPixelRed(jng_image,s),q);
+               q+=(ptrdiff_t) GetPixelChannels(image);
+               s+=(ptrdiff_t) GetPixelChannels(jng_image);
+             }
+-
+-          else
+-            for (x=(ssize_t) image->columns; x != 0; x--)
+-            {
+-              Quantum
+-                alpha;
+-
+-              alpha=GetPixelRed(jng_image,s);
+-              SetPixelAlpha(image,alpha,q);
+-              if (alpha != OpaqueAlpha)
+-                image->alpha_trait=BlendPixelTrait;
+-              q+=(ptrdiff_t) GetPixelChannels(image);
+-              s+=(ptrdiff_t) GetPixelChannels(jng_image);
+-            }
+-
+-          if (SyncAuthenticPixels(image,exception) == MagickFalse)
+-            break;
++            if (SyncAuthenticPixels(image,exception) == MagickFalse)
++              break;
++          }
+         }
+       (void) RelinquishUniqueFileResource(alpha_image->filename);
+       alpha_image=DestroyImageList(alpha_image);

meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb

@@ -16,6 +16,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
            file://CVE-2025-53015.patch \
            file://CVE-2025-53019.patch \
            file://CVE-2025-53101.patch \
+           file://CVE-2025-55004.patch \
            "
 SRCREV = "82572afc879b439cbf8c9c6f3a9ac7626adf98fb"