Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 855503 - app-arch/p7zip-17.04 new upstream
Summary: app-arch/p7zip-17.04 new upstream
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Matthew Thode ( prometheanfire )
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-07-01 08:30 UTC by Esteve Varela Colominas
Modified: 2023-04-14 15:34 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Esteve Varela Colominas 2022-07-01 08:30:03 UTC 
Some linux distributions are starting to use https://github.com/jinfeihan57/p7zip as a new upstream, as the previous one seems to be dead.
I think it'd be a good idea to follow along.
Comment 1 Esteve Varela Colominas 2022-07-01 08:35:05 UTC 
By "some distributions" apparently I meant only Arch, so nevermind.

Apparently the full package of 7-zip now supports linux as well, but apparently it's incompatible enough to warrant a new package sadly.
Comment 2 tomas charvat 2022-07-11 19:26:40 UTC 
There is no need for fork of 7-zip since they release linux version.
https://www.7-zip.org/download.html
It would be best to remove obsolete p7zip and introduce official 7-zip.
Comment 3 tomas charvat 2022-07-11 19:28:26 UTC 
Current version of p7zip in the portage is 16.02
It is likely subject of multiple CVE
https://www.cvedetails.com/vulnerability-list/vendor_id-9220/product_id-30936/7-zip-P7zip.html
Comment 4 Esteve Varela Colominas 2023-01-23 14:25:16 UTC 
Proper upstream: https://github.com/p7zip-project/p7zip

It's worth noting that most of the CVEs were fixed in gentoo's version of 16.02, and as such this bug isn't a security bug, but rather a request to unify cross-distro efforts into a single project.
Comment 5 Joe Kappus 2023-04-14 11:06:54 UTC 
So I started to look at this situation. Gentoo switched to what most other distros now consider to be the active fork at https://github.com/p7zip-project/p7zip

This bug should really be about updating the metadata for p7zip to reflect the upstream change that was already made. I'm tacking a new commit on to close it with my current p7zip PR.

As for the official 7zip releases, that could be filed as a new package request for app-arch/7zip.

To get an idea of what other distros are tracking:
https://repology.org/project/7zip/versions
and
https://repology.org/project/p7zip/versions
Comment 6 Larry the Git Cow gentoo-dev 2023-04-14 15:34:14 UTC 
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7497eeb19e82be490eabf8ffc83d0c635d3fff6f

commit 7497eeb19e82be490eabf8ffc83d0c635d3fff6f
Author:     Joe Kappus <joe@wt.gd>
AuthorDate: 2023-04-14 11:07:38 +0000
Commit:     Matthew Thode <prometheanfire@gentoo.org>
CommitDate: 2023-04-14 15:34:05 +0000

    app-arch/p7zip: update upstream metadata
    
    Closes: https://bugs.gentoo.org/855503
    Signed-off-by: Joe Kappus <joe@wt.gd>
    Signed-off-by: Matthew Thode <prometheanfire@gentoo.org>

 app-arch/p7zip/metadata.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)