-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 21 Mar 2026 19:34:10 +0100 Source: p7zip Binary: p7zip p7zip-dbgsym p7zip-full p7zip-full-dbgsym Architecture: ppc64el Version: 16.02+really25.01+dfsg-0+deb12u1 Distribution: bookworm Urgency: high Maintainer: ppc64el Build Daemon (ppc64el-conova-01) Changed-By: Sylvain Beucler Description: p7zip - 7zr file archiver with high compression ratio p7zip-full - 7z and 7za file archivers with high compression ratio Closes: 1111068 Changes: p7zip (16.02+really25.01+dfsg-0+deb12u1) bookworm; urgency=high . * Non-maintainer upload by the LTS Security Team. * Move codebase to 7-Zip (not p7zip) upstream 25.01, fixes: - CVE-2022-47069: heap-buffer-overflow vulnerability via the function NArchive::NZip::CInArchive::FindCd - CVE-2023-31102: Ppmd7.c allows an integer underflow and invalid read operation via a crafted 7Z archive. - CVE-2023-40481: SquashFS File Parsing Out-Of-Bounds Write RCE - CVE-2023-52168: heap-based buffer overflow in NTFS handler - CVE-2023-52169: out-of-bounds read in NTFS handler - CVE-2024-11612: CopyCoder Infinite Loop Denial-of-Service - CVE-2025-11001: ZIP File Parsing Directory Traversal RCE - CVE-2025-11002: ZIP File Parsing Directory Traversal RCE - CVE-2025-53817: null pointer dereference in the Compound handler may lead to denial of service - CVE-2025-55188: does not always properly handle symbolic links during extraction. (Closes: #1111068) * Add NEWS entry and edit package description about the codebase change. * Drop assembly support, which would require asmc-linux, not present before trixie, or re-porting the ASM code to yasm as p7zip did. * Make 7-Zip behave like p7zip to avoid compatibility issues: - d/p/p7zip-compat-version-output.patch: mimic p7zip output - d/p/p7zip-compat-symlinks.patch: mimic symlinks handling - d/p/p7zip-compat-utf16.patch: mimic -[no-]utf16 options * Sync patches from 25.01+dfsg-1~deb13u1: - drop all old patches - drop new patches: - 000*-Use-c-flags-for-asmc.patch (no ASM) - 000*-Add-fpic-for-Asmc-options.patch (no ASM) - 000*-Use-system-locale-to-select-codepage-for-legacy-zip-.patch (behavior change) * Selectively import packaging from trixie, to avoid disruption in stable release: - Sync debian/copyright. - Import debian/rules, drop ASM rules, adapt p7zip.install and p7zip-full.install, add dependency to dh-exec for *.install rename support (as in the 7zip package). - Adjust d/p7zip-full.docs, drop d/p7zip-full.doc-base and d/p7zip-full.links (no more HTML documentation). - Import debian/man/ from trixie (except for 7zz.1), merge d/p7zip.1 to debian/man/ (same file), make 7zr.1 the primary file (as it's the only one in the p7zip base package / !full). - Import debian/test/ (except for 7zz tests). - Drop debian/format/ options. * Stub debian/watch (reuse 7zip tarball instead). * Enable Salsa CI. * Configure git-buildpackage for oldstable. Checksums-Sha1: 0322e56f735513b75def60997172c21f2bf67c15 3174332 p7zip-dbgsym_16.02+really25.01+dfsg-0+deb12u1_ppc64el.deb bb088caa6040fbafad6d02acfc085204ecf21722 13514252 p7zip-full-dbgsym_16.02+really25.01+dfsg-0+deb12u1_ppc64el.deb 86f483e6887e159c3ebbb4021e05fec4de0a308b 1482560 p7zip-full_16.02+really25.01+dfsg-0+deb12u1_ppc64el.deb b358e7a1f0aa833424aff0af20169c451e229183 7113 p7zip_16.02+really25.01+dfsg-0+deb12u1_ppc64el-buildd.buildinfo 953708fbb99a8703f2693b9ed59a0fb5dec31f5a 476152 p7zip_16.02+really25.01+dfsg-0+deb12u1_ppc64el.deb Checksums-Sha256: f12508fbb3559c8e9ddff4029b77d7b705cd6c1807ef7cc37544b5d8dd2dfc67 3174332 p7zip-dbgsym_16.02+really25.01+dfsg-0+deb12u1_ppc64el.deb 6f0870ee82ad749feeb566037a92e9184c3edb1d7176435bc661a9667c830540 13514252 p7zip-full-dbgsym_16.02+really25.01+dfsg-0+deb12u1_ppc64el.deb 44d19050254ad039027a078ace7c65be609d12f44bb99e8538e1678933f4236b 1482560 p7zip-full_16.02+really25.01+dfsg-0+deb12u1_ppc64el.deb 0ca037024329bb562406d640affd3bb83914861041f68585401587c2ee7dc4ce 7113 p7zip_16.02+really25.01+dfsg-0+deb12u1_ppc64el-buildd.buildinfo ab3fa14b46b396681962e46300ca5a314ab63c599dbb788d5e064e4d7aa6ebea 476152 p7zip_16.02+really25.01+dfsg-0+deb12u1_ppc64el.deb Files: 8da2c018e76342fd023e046cef37a34d 3174332 debug optional p7zip-dbgsym_16.02+really25.01+dfsg-0+deb12u1_ppc64el.deb 8e1fab50ff7243bb3536a2472322b3a9 13514252 debug optional p7zip-full-dbgsym_16.02+really25.01+dfsg-0+deb12u1_ppc64el.deb c310374837469b43f78572d094832b7c 1482560 utils optional p7zip-full_16.02+really25.01+dfsg-0+deb12u1_ppc64el.deb b13d7a5ba88d26186d5bf7d854c4755f 7113 utils optional p7zip_16.02+really25.01+dfsg-0+deb12u1_ppc64el-buildd.buildinfo 60c2a2d7014fc4364f3bc28f3a561aee 476152 utils optional p7zip_16.02+really25.01+dfsg-0+deb12u1_ppc64el.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEDoRc43uRWMOoIqIgDNLUPhbmg7MFAmn3SjYACgkQDNLUPhbm g7NcahAAqGG44nwfBOBJbGeSEhnPAAfatxKV3rytJ085IowNvF64FOcZVjVWzwF0 BGtsG5W/P5AOpUw/EzF4YEaYAny1AwL1CfLRX/U/nAlLpy2IiLjppfkPaoluYWyX wSEgXJBMhXV0b4C6v7qV/7wd8D8AqAhhJ8yOWp4CyNyYzcfrFSqWOAB0hVq18Kh8 pKFEdqHg/2bkRsl2mFIyU9+ysymzJtS3d18OVtyG9QGdiz0bgzbeso2kj7NzstGm 8lQQa7jtDKmZzfiLOHJGc2aFYRsuINXciUDhJ609LKFRuPDFvqHP1G7TZTnYjOvv Wbv3NDwBhE7aTJHw77GmOhaojeA/oXIcsRMfYXNz1E+ux86xCTv9iNbKzOD7t0sb uihf1pRxMLst7dJPMd/vea0+BRMaMA4qplYQ/OUx2yani0gQJXcTkvctoaG5O4Nt C3EAJKszQW6cHjKea2ve1hADKgsLgpdjq+FDRpB27J683SGu+GoFCGW9CV9N36+5 m9UGqjXvPI/yZ1j0DsJXZTqS9ULV8WqyiKQKcpAR+Mkf74tK2FLsAYYrRSa5wOw9 nq47rsBCdyW+Nx7PA4eYF+EAKl36VV3SeF6GOjidJu81jdLjbR95+O4nO1Ek0xvX +f6WuXfdZ6dfTWLJYLHGohV5xsUi8mqhweWe2xdGBZSLtuObdtc= =D+YR -----END PGP SIGNATURE-----