On 2026-02-20 at 13:31:03 UTC-0500 (Fri, 20 Feb 2026 18:31:03 +0000)
Langer, Stephen A. (Fed) via macports-users <[email protected]>
is rumored to have said:
Hi ---
I’ve been informed by our IT security department that ImageMagick 6
(the ImageMagick port) has dangerous flaws and I need to remove it
from my systems by the end of next week. ImageMagick 7 is ok. The
problem is that texlive indirectly depends on pstoedit and pstoedit
depends on ImageMagic.
As an experiment, I changed “ImageMagick” to “ImageMagick7” in
the pstoedit Portfile. The modified pstoedit port builds successfully
and LaTeX appears to run, but I have no faith that the change is safe.
Is there a way to test that pstoedit and texlive are actually working
correctly? Is there a better way of avoiding the ImageMagick issue?
I can submit a patched Portfile for pstoedit that adds variants for
selecting the ImageMagick version, but I’m reluctant to do that
without knowing that the changes are correct.
In my experience, the only times ImageMagick7 doesn't work as a
dependency where ImageMagick6 is specified are also times where the
*build* won't work.
That is obviously a purely empirical/heuristic observation but it is
supported by the fact that pstoedit v4.02 on FreeBSD 15 is a port that
requests ImageMagick7 and the binary package on FreeBSD 15 is linked
against ImageMagick7. The pstoedit changelog shows no ImageMagick notes
since switching to the ImageMagick++ API, in v3.32. That API is
supported by IMv7
Bottom line: It is probably not necessary to make a port variant for
IM6, just switch it to IM7.
--
Bill Cole
[email protected] or [email protected]
(AKA @[email protected] and many *@billmail.scconsult.com
addresses)
Please keep discussion mailing list replies *on-list*
Not Currently Available For Hire
