I had to make that replacement a few months ago. The extra/p7zip package mentioned by Samuel is not the same as Windows 7-Zip, however, the 7-zip-full package found in the AUR, as I understand it, is. I used the same 7-zip-full package which solved some emerging compatibilty issues at the time.
With these CVE-2023-31102, and CVE-2023-40481 advisaries, now is probably a good time to replace p7zip as a dependency in packages that use it, all Unix variants.
Oh, and this has been my first forum post! Greetings all. Cheers.
p7zip is supposedly “p7zip - the port of the command line version of 7-Zip to Linux/Posix”. however the original p7zip project in sourceforge is dormant since 2016. most distros including arch has opted for the fork of the project; p7zip-project · GitHub
as aforementioned this package is simply inherited by manjaro from arch repos. however arch package maintainer will only able release a fresh version when such is released by the original project, in this case the fork of the project.
I was not aware, that Arch packages are used directly in Manjaro. I thought, there was some re-compilation or something. Thanks for this and all the other information! So, I conclude, going back to p7zip will not be affected by the mentioned CVEs?
Just to clear up possible ambiguity between 7zip versions.
From the p7zip-project: “p7zip - A new p7zip fork with additional codecs and improvements (forked from sourceforge_net/projects/sevenzip/ AND sourceforge_net/projects/p7zip/)”.
So, there are three separate code bases - only one is maintained by Igor Pavlov, in as far as I can determine. Without more research it’s difficult to say that they are all affected by the afore-mentioned CVE’s, but it would probably be a safe guess to presume they are.
@Ben This is the package I used several months ago to solve unrelated compatibility issues - 7-zip-full should be the package of choice going forward (imho) - though it will probably take a while for individual package maintainers using p7zip as a dependency to catch on, or overcome their apathy.