Hi Armin, The p7zip is too old and dead since 2016 and has many vulnerable CVEs, such as: CVE-2024-11612 CVE-2024-11477 CVE-2023-52169 CVE-2023-52168 CVE-2023-40481 CVE-2023-31102 CVE-2023-1576 CVE-2022-47069
The 7z is a standalone command, and the version of all affected recipes (android-tools, python3-rarfile, xarchiver) has no change between master and scarthgap so I back ported the new 7zip recipe to scarthgap to instead of p7zip, I think the regression is little //Hongxu
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#114462): https://lists.openembedded.org/g/openembedded-devel/message/114462 Mute This Topic: https://lists.openembedded.org/mt/110240687/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
