p7zip

p7zip, a port/fork of 7-Zip for UNIX systems, has been unmaintained upstream. Additionally, 7-Zip security fixes are unfortunately not isolated, hence hard to locate, backport and test.

To address security vulnerabilities, we now regularly replace p7zip with a recent 7-Zip (which now supports GNU/Linux natively), slightly modified to make it reasonably compatible with p7zip, along with a specific DEP-8 test.

Manual testing:

• GUIs: engrampa/file-roller, ark, lxqt-archiver; in particular symlinks handling

• CLI wrappers: mc, atool…

• Antivirus: amavisd-new

• Usage in test suites: libio-compress-lzma-perl (autopkgtest)

• Illegal usage of (private) 7z.so: android-platform-external-libunwind (build); Crc* and Xz* symbols remained stable over time so far

• SFX (SelF-eXtracting archive): concatenating /usr/lib/p7zip/7zCon.sfx with a .7z file and executing it

• Password encryption: -p (encrypt content), -mhe=on (encrypt headers/metadata)

• p7zip-rar module (non-free): ensure it remains compatible

Sample bookworm SPUs:

• https://bugs.debian.org/1132466: p7zip 25.01

• https://bugs.debian.org/1138759: p7zip 26.01

• https://bugs.debian.org/1132759: p7zip-rar 25.01

Copyright (C) 2026 Sylvain Beucler