On Fri, Feb 20, 2026 at 12:03 PM Bill Cole < [email protected]> wrote:
> On 2026-02-20 at 13:31:03 UTC-0500 (Fri, 20 Feb 2026 18:31:03 +0000) > Langer, Stephen A. (Fed) via macports-users <[email protected]> > is rumored to have said: > > > Hi --- > > > > I’ve been informed by our IT security department that ImageMagick 6 > > (the ImageMagick port) has dangerous flaws and I need to remove it > > from my systems by the end of next week. ImageMagick 7 is ok. The > > problem is that texlive indirectly depends on pstoedit and pstoedit > > depends on ImageMagic. > > > > As an experiment, I changed “ImageMagick” to “ImageMagick7” in > > the pstoedit Portfile. The modified pstoedit port builds successfully > > and LaTeX appears to run, but I have no faith that the change is safe. > > Is there a way to test that pstoedit and texlive are actually working > > correctly? Is there a better way of avoiding the ImageMagick issue? > > > > I can submit a patched Portfile for pstoedit that adds variants for > > selecting the ImageMagick version, but I’m reluctant to do that > > without knowing that the changes are correct. > > In my experience, the only times ImageMagick7 doesn't work as a > dependency where ImageMagick6 is specified are also times where the > *build* won't work. > > That is obviously a purely empirical/heuristic observation but it is > supported by the fact that pstoedit v4.02 on FreeBSD 15 is a port that > requests ImageMagick7 and the binary package on FreeBSD 15 is linked > against ImageMagick7. The pstoedit changelog shows no ImageMagick notes > since switching to the ImageMagick++ API, in v3.32. That API is > supported by IMv7 > > Bottom line: It is probably not necessary to make a port variant for > IM6, just switch it to IM7. There is an open pull request for this switch. Please assist. https://github.com/macports/macports-ports/pull/29309
