diff mbox series

[meta-oe,1/2] 7zip: do not provide p7zip

Message ID 20260515054814.107161-1-hongxu.jia@windriver.com
State Under Review
Headers show
Series [meta-oe,1/2] 7zip: do not provide p7zip | expand

Commit Message

Hongxu Jia May 15, 2026, 5:48 a.m. UTC 
We have replaced p7zip more than 2 years, do not make 7zip provide
p7zip any more, then CVE scan on p7zip would be skipped

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
---
 meta-oe/recipes-extended/7zip/7zip_26.01.bb | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

Comments

Hongxu Jia May 15, 2026, 5:55 a.m. UTC | #1 
On 5/15/26 13:48, hongxu via lists.openembedded.org wrote:
> These CVEs was fixed in current 7zip version
>
> Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
> ---
>   meta-oe/recipes-extended/7zip/7zip_26.01.bb | 12 ++++++++++++
>   1 file changed, 12 insertions(+)
>
> diff --git a/meta-oe/recipes-extended/7zip/7zip_26.01.bb b/meta-oe/recipes-extended/7zip/7zip_26.01.bb
> index 61be89c7ba..3fc3037bcc 100644
> --- a/meta-oe/recipes-extended/7zip/7zip_26.01.bb
> +++ b/meta-oe/recipes-extended/7zip/7zip_26.01.bb
> @@ -68,3 +68,15 @@ RPROVIDES:${PN} += "lib7z.so()(64bit) 7z lib7z.so"
>   RPROVIDES:${PN}-dev += "lib7z.so()(64bit) 7z lib7z.so"
>   
>   BBCLASSEXTEND = "native nativesdk"
> +
> +# https://nvd.nist.gov/vuln/detail/CVE-2022-47111
> +CVE_STATUS[CVE-2022-47111] = "fixed-version: The issue was found in 7-Zip 22.01. Some later versions are unaffected."
> +# https://nvd.nist.gov/vuln/detail/CVE-2022-47112
> +CVE_STATUS[CVE-2022-47112] = "fixed-version: The issue was found in 7-Zip 22.01. Some later versions are unaffected."
> +# https://sourceforge.net/p/sevenzip/patches/417/
> +# https://www.appsecure.security/vulnerability-database/cve-2023-40481
> +CVE_STATUS[CVE-2023-40481] = "fixed-version: That bug was fixed in v23.00."
> +# https://www.appsecure.security/vulnerability-database/CVE-2023-52168
> +CVE_STATUS[CVE-2023-52168] = "fixed-version: A high-severity vulnerability identified in the NtfsHandler.cpp NTFS handler of 7-Zip prior to version 24.01."
> +$ https://www.appsecure.security/vulnerability-database/CVE-2023-52169

Sorry for the typo, please drop this and use v2 to instead

//Hongxu

> +CVE_STATUS[CVE-2023-52169] = "fixed-version: Relates to the NtfsHandler.cpp NTFS handler in 7-Zip, affecting versions prior to 24.01."
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#127000): https://lists.openembedded.org/g/openembedded-devel/message/127000
> Mute This Topic: https://lists.openembedded.org/mt/119325752/3617049
> Group Owner: openembedded-devel+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [hongxu.jia@windriver.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
diff mbox series

Patch

diff --git a/meta-oe/recipes-extended/7zip/7zip_26.01.bb b/meta-oe/recipes-extended/7zip/7zip_26.01.bb
index a3e124518a..61be89c7ba 100644
--- a/meta-oe/recipes-extended/7zip/7zip_26.01.bb
+++ b/meta-oe/recipes-extended/7zip/7zip_26.01.bb
@@ -64,8 +64,7 @@  do_install() {
 	install -m 0644 ${S}/DOC/readme.txt ${D}${includedir}/${BPN}/DOC
 }
 
-PROVIDES += "p7zip"
-RPROVIDES:${PN} += "lib7z.so()(64bit) 7z lib7z.so p7zip"
+RPROVIDES:${PN} += "lib7z.so()(64bit) 7z lib7z.so"
 RPROVIDES:${PN}-dev += "lib7z.so()(64bit) 7z lib7z.so"
 
 BBCLASSEXTEND = "native nativesdk"