855503 – app-arch/p7zip-17.04 new upstream

Bug 855503 - app-arch/p7zip-17.04 new upstream

Summary: app-arch/p7zip-17.04 new upstream

Status:	UNCONFIRMED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Matthew Thode ( prometheanfire )

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2022-07-01 08:30 UTC by Esteve Varela Colominas
Modified:	2023-01-23 14:25 UTC (History)
CC List:	4 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Esteve Varela Colominas 2022-07-01 08:30:03 UTC

Some linux distributions are starting to use https://github.com/jinfeihan57/p7zip as a new upstream, as the previous one seems to be dead.
I think it'd be a good idea to follow along.

Comment 1 Esteve Varela Colominas 2022-07-01 08:35:05 UTC

By "some distributions" apparently I meant only Arch, so nevermind.

Apparently the full package of 7-zip now supports linux as well, but apparently it's incompatible enough to warrant a new package sadly.

Comment 2 tomas charvat 2022-07-11 19:26:40 UTC

There is no need for fork of 7-zip since they release linux version.
https://www.7-zip.org/download.html
It would be best to remove obsolete p7zip and introduce official 7-zip.

Comment 3 tomas charvat 2022-07-11 19:28:26 UTC

Current version of p7zip in the portage is 16.02
It is likely subject of multiple CVE
https://www.cvedetails.com/vulnerability-list/vendor_id-9220/product_id-30936/7-zip-P7zip.html

Comment 4 Esteve Varela Colominas 2023-01-23 14:25:16 UTC

Proper upstream: https://github.com/p7zip-project/p7zip

It's worth noting that most of the CVEs were fixed in gentoo's version of 16.02, and as such this bug isn't a security bug, but rather a request to unify cross-distro efforts into a single project.