Bug 260334 - archivers/p7zip: Add expiration date -- has known vulns and unmaintained
Summary: archivers/p7zip: Add expiration date -- has known vulns and unmaintained
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Carlo Strub
Keywords: easy, patch, patch-ready
Depends on:
Reported: 2021-12-11 08:53 UTC by Chris Hutchinson
Modified: 2021-12-11 22:08 UTC (History)
2 users (show)

See Also:

git diff for archivers/p7zip (415 bytes, patch)
2021-12-11 08:53 UTC, Chris Hutchinson
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Chris Hutchinson 2021-12-11 08:53:07 UTC
Created attachment 230039 [details]
git diff for archivers/p7zip

This pr adds an expiration date for archivers/p7zip
It's currently an unmaintained port and has not been
maintained upstream for years. There are a few
unresolved CVE's as discussed in bug #228239
There was a recent alternative added as
archivers/7-zip which is a fork using the same algos
but unlike p7zip, is actively maintained. So the
(eventual) removal of p7zip should have no real

DEPRECATED=	Unmaintained for years and has known vulnerabilities

That's it.


Comment 1 commit-hook freebsd_committer 2021-12-11 22:07:32 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=c24478fc61e9e0a9c5d280ac0f0299710b5fd9cc

commit c24478fc61e9e0a9c5d280ac0f0299710b5fd9cc
Author:     Carlo Strub <cs@FreeBSD.org>
AuthorDate: 2021-12-11 22:04:09 +0000
Commit:     Carlo Strub <cs@FreeBSD.org>
CommitDate: 2021-12-11 22:04:09 +0000

    archivers/p7zip: Deprecate

    Vulnerabilities and no upstream maintenance

    PR:             260334
    Reported by:    Chris Hutchinson <portmaster@bsdforge.com>

 archivers/p7zip/Makefile | 3 +++
 1 file changed, 3 insertions(+)