From ad6f76e309c29b9319d988d16ce551df10027a61 Mon Sep 17 00:00:00 2001
From: Alexandru Ardelean <alex@shruggie.ro>
Date: Wed, 22 Apr 2026 12:19:52 +0300
Subject: [PATCH] imagemagick: update to 7.1.2-21

Security fixes (18 GHSAs addressed between 7.1.2-1 and 7.1.2-21):
- Fix stack buffer overflow in MagnifyImage (GHSA-rqq8-jh93-f4vg, high)
- Fix heap buffer overflow in WaveletDenoiseImage (GHSA-5ggv-92r5-cp4p)
- Fix uninitialized pointer dereference in JBIG decoder (GHSA-wj8w-pjxf-9g4f, high)
- Fix heap buffer over-write in PNG encoder with large profiles (GHSA-qmw5-2p58-xvrc)
- Fix heap buffer overflow in UHDR encoder (GHSA-h95r-c8c7-mrwx)
- Fix stack buffer overflow in sixel encoder (GHSA-49hx-7656-jpg3)
- Fix heap-buffer-overflow in NewXMLTree XML parsing (GHSA-gc62-2v5p-qpmp)
- Fix heap buffer over-write on 32-bit systems in SFW decoder (GHSA-56jp-jfqg-f8f4)
- Add overflow checks to BMP/DIB, SGI, PS3, JXL, and sixel write paths

Bug fixes:
- Fix double-free in SVG gradientTransform/transform parsing
- Fix NULL pointer dereference in HEIC NCLX color profile allocation
- Fix heap over-read in BilateralBlurImage with even-dimension kernels
- Fix infinite loop when decoding JXL with -limit height/width
- Fix race condition using properties instead of global splaytree

Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
---
 multimedia/imagemagick/Makefile |  4 +--
 multimedia/imagemagick/test.sh  | 50 +++++++++++++++++++++++++++++++++
 2 files changed, 52 insertions(+), 2 deletions(-)
 create mode 100644 multimedia/imagemagick/test.sh

diff --git a/multimedia/imagemagick/Makefile b/multimedia/imagemagick/Makefile
index 4c0521cb1c..aff10ef3ec 100644
--- a/multimedia/imagemagick/Makefile
+++ b/multimedia/imagemagick/Makefile
@@ -6,7 +6,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=imagemagick
-PKG_VERSION:=7.1.2.1
+PKG_VERSION:=7.1.2.21
 PKG_RELEASE:=1
 PKG_MAINTAINER:=Alexandru Ardelean <ardeleanalex@gmail.com>
 
@@ -15,7 +15,7 @@ _PKGREV:=$(_PKGVER)-$(subst .,,$(suffix $(PKG_VERSION)))
 
 PKG_SOURCE:=ImageMagick-$(_PKGREV).tar.xz
 PKG_SOURCE_URL:=https://imagemagick.org/archive
-PKG_HASH:=ead4b5d33efab77ec84335a0be9c34a0fa7e3693456bf05e76d3fa492ad6ebbb
+PKG_HASH:=56450bf5d65b63abb09568abb2c40b493ab913418f92df135ed661471da0eb0d
 PKG_BUILD_DIR:=$(BUILD_DIR)/ImageMagick-$(_PKGREV)
 PKG_FIXUP:=autoreconf
 
diff --git a/multimedia/imagemagick/test.sh b/multimedia/imagemagick/test.sh
new file mode 100644
index 0000000000..82da005f18
--- /dev/null
+++ b/multimedia/imagemagick/test.sh
@@ -0,0 +1,50 @@
+#!/bin/sh
+
+# $2 is PKG_VERSION which uses dots: e.g. "7.1.2.21"
+# convert --version reports with a dash: "7.1.2-21"
+# Build the dash form for grep.
+_imver=$(echo "$2" | sed 's/\.\([0-9]*\)$/-\1/')
+
+case "$1" in
+imagemagick)
+	# Version check; convert and magick are both installed
+	convert --version | grep -F "ImageMagick"
+	convert --version | grep -F "$_imver"
+
+	# Create a test image via the ImageMagick convert command
+	convert -size 32x32 xc:white /tmp/im-white.png
+	[ -f /tmp/im-white.png ] || { echo "FAIL: PNG creation"; exit 1; }
+
+	# Identify: confirm format and geometry
+	identify /tmp/im-white.png | grep -E "PNG.*32x32"
+
+	# Convert to JPEG
+	convert /tmp/im-white.png /tmp/im-white.jpg
+	identify /tmp/im-white.jpg | grep "JPEG"
+
+	# Resize: exact geometry
+	convert -size 64x64 xc:blue -resize 16x16! /tmp/im-small.png
+	identify /tmp/im-small.png | grep -E "PNG.*16x16"
+
+	# Color sampling: create a known red pixel, read it back
+	convert -size 1x1 xc:'rgb(255,0,0)' /tmp/im-red.png
+	# fx/info: query exercises the pixel engine
+	convert /tmp/im-red.png -format '%[fx:p{0,0}.r*255]' info: | grep -E "^255$"
+
+	# BMP round-trip (exercises a different codec path)
+	convert /tmp/im-white.png /tmp/im-white.bmp
+	identify /tmp/im-white.bmp | grep "BMP"
+
+	# Grayscale conversion
+	convert /tmp/im-red.png -colorspace Gray /tmp/im-gray.png
+	identify -verbose /tmp/im-gray.png | grep -i "gray"
+
+	# Composite two images (exercises MagickCore composite engine)
+	convert /tmp/im-white.png /tmp/im-red.png \
+		-gravity Center -composite /tmp/im-comp.png
+	identify /tmp/im-comp.png | grep "PNG"
+
+	rm -f /tmp/im-white.png /tmp/im-white.jpg /tmp/im-small.png \
+	      /tmp/im-red.png /tmp/im-white.bmp /tmp/im-gray.png /tmp/im-comp.png
+	;;
+esac