diff --git a/pkgs/applications/kde/ark/default.nix b/pkgs/applications/kde/ark/default.nix
index dbbfcf80c6b..76cc423f546 100644
--- a/pkgs/applications/kde/ark/default.nix
+++ b/pkgs/applications/kde/ark/default.nix
@@ -9,14 +9,14 @@
   libarchive, libzip,
 
   # Archive tools
-  lrzip,
+  p7zip, lrzip,
 
   # Unfree tools
   unfreeEnableUnrar ? false, unrar,
 }:
 
 let
-  extraTools = [ lrzip ] ++ lib.optional unfreeEnableUnrar unrar;
+  extraTools = [ p7zip lrzip ] ++ lib.optional unfreeEnableUnrar unrar;
 in
 
 mkDerivation {
diff --git a/pkgs/development/python-modules/binwalk/default.nix b/pkgs/development/python-modules/binwalk/default.nix
index e8a20b6df47..97c6b957a43 100644
--- a/pkgs/development/python-modules/binwalk/default.nix
+++ b/pkgs/development/python-modules/binwalk/default.nix
@@ -7,6 +7,7 @@
 , gzip
 , bzip2
 , gnutar
+, p7zip
 , cabextract
 , lzma
 , nose
@@ -28,7 +29,7 @@ buildPythonPackage {
     sha256 = "1bxgj569fzwv6jhcbl864nmlsi9x1k1r20aywjxc8b9b1zgqrlvc";
   };
 
-  propagatedBuildInputs = [ zlib xz ncompress gzip bzip2 gnutar cabextract lzma pycrypto ]
+  propagatedBuildInputs = [ zlib xz ncompress gzip bzip2 gnutar p7zip cabextract lzma pycrypto ]
   ++ stdenv.lib.optional visualizationSupport pyqtgraph;
 
   # setup.py only installs version.py during install, not test
diff --git a/pkgs/tools/archivers/p7zip/12-CVE-2016-9296.patch b/pkgs/tools/archivers/p7zip/12-CVE-2016-9296.patch
deleted file mode 100644
index 42245c92c0a..00000000000
--- a/pkgs/tools/archivers/p7zip/12-CVE-2016-9296.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-From: Robert Luberda <robert@debian.org>
-Date: Sat, 19 Nov 2016 08:48:08 +0100
-Subject: Fix nullptr dereference (CVE-2016-9296)
-
-Patch taken from https://sourceforge.net/p/p7zip/bugs/185/
----
- CPP/7zip/Archive/7z/7zIn.cpp | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/CPP/7zip/Archive/7z/7zIn.cpp b/CPP/7zip/Archive/7z/7zIn.cpp
-index b0c6b98..7c6dde2 100644
---- a/CPP/7zip/Archive/7z/7zIn.cpp
-+++ b/CPP/7zip/Archive/7z/7zIn.cpp
-@@ -1097,7 +1097,8 @@ HRESULT CInArchive::ReadAndDecodePackedStreams(
-       if (CrcCalc(data, unpackSize) != folders.FolderCRCs.Vals[i])
-         ThrowIncorrect();
-   }
--  HeadersSize += folders.PackPositions[folders.NumPackStreams];
-+  if (folders.PackPositions)
-+      HeadersSize += folders.PackPositions[folders.NumPackStreams];
-   return S_OK;
- }
- 
diff --git a/pkgs/tools/archivers/p7zip/13-CVE-2017-17969.patch b/pkgs/tools/archivers/p7zip/13-CVE-2017-17969.patch
deleted file mode 100644
index a9787c4a908..00000000000
--- a/pkgs/tools/archivers/p7zip/13-CVE-2017-17969.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From: =?utf-8?q?Antoine_Beaupr=C3=A9?= <anarcat@debian.org>
-Date: Fri, 2 Feb 2018 11:11:41 +0100
-Subject: Heap-based buffer overflow in 7zip/Compress/ShrinkDecoder.cpp
-
-Origin: vendor, https://sourceforge.net/p/p7zip/bugs/_discuss/thread/0920f369/27d7/attachment/CVE-2017-17969.patch
-Forwarded: https://sourceforge.net/p/p7zip/bugs/_discuss/thread/0920f369/#27d7
-Bug: https://sourceforge.net/p/p7zip/bugs/204/
-Bug-Debian: https://bugs.debian.org/888297
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-17969
-Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
-Last-Update: 2018-02-01
-Applied-Upstream: 18.00-beta
----
- CPP/7zip/Compress/ShrinkDecoder.cpp | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/CPP/7zip/Compress/ShrinkDecoder.cpp b/CPP/7zip/Compress/ShrinkDecoder.cpp
-index 80b7e67..ca37764 100644
---- a/CPP/7zip/Compress/ShrinkDecoder.cpp
-+++ b/CPP/7zip/Compress/ShrinkDecoder.cpp
-@@ -121,8 +121,13 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream *
-     {
-       _stack[i++] = _suffixes[cur];
-       cur = _parents[cur];
-+      if (cur >= kNumItems || i >= kNumItems)
-+        break;
-     }
--    
-+
-+    if (cur >= kNumItems || i >= kNumItems)
-+      break;
-+
-     _stack[i++] = (Byte)cur;
-     lastChar2 = (Byte)cur;
- 
diff --git a/pkgs/tools/archivers/p7zip/default.nix b/pkgs/tools/archivers/p7zip/default.nix
index d6ad699eaa8..773d37f0b75 100644
--- a/pkgs/tools/archivers/p7zip/default.nix
+++ b/pkgs/tools/archivers/p7zip/default.nix
@@ -1,28 +1,17 @@
-{ stdenv, fetchurl, fetchpatch, lib, enableUnfree ? false }:
+{ stdenv, fetchFromGitHub, lib, enableUnfree ? false }:
 
 stdenv.mkDerivation rec {
   pname = "p7zip";
-  version = "16.02";
+  version = "17.01";
 
-  src = fetchurl {
-    url = "mirror://sourceforge/p7zip/p7zip_${version}_src_all.tar.bz2";
-    sha256 = "5eb20ac0e2944f6cb9c2d51dd6c4518941c185347d4089ea89087ffdd6e2341f";
-  };
 
-  patches = [
-    ./12-CVE-2016-9296.patch
-    ./13-CVE-2017-17969.patch
-    (fetchpatch {
-      name = "3-CVE-2018-5996.patch";
-      url = "https://raw.githubusercontent.com/termux/termux-packages/master/packages/p7zip/3-CVE-2018-5996.patch";
-      sha256 = "1zivvkazmza0653i498ccp3zbpbpc7dvxl3zxwllbx41b6n589yp";
-    })
-    (fetchpatch {
-      name = "4-CVE-2018-10115.patch";
-      url = "https://raw.githubusercontent.com/termux/termux-packages/master/packages/p7zip/4-CVE-2018-10115.patch";
-      sha256 = "1cr7q8gnrk9yp6dcvxaqi1yhdbgp964nkv65ls41mw1kdfm44zn6";
-    })
-  ];
+  src = fetchFromGitHub {
+    owner  = "szcnick";
+    repo   = pname;
+    rev    = "v${version}";
+    sha256 = "0gczdmypwbfnxzb11rjrrndjkkb3jzxfby2cchn5j8ysny13mfps";
+  }
+  ;
 
   # Default makefile is full of impurities on Darwin. The patch doesn't hurt Linux so I'm leaving it unconditional
   postPatch = ''
@@ -39,14 +28,15 @@ stdenv.mkDerivation rec {
     # (see DOC/License.txt, https://fedoraproject.org/wiki/Licensing:Unrar)
     rm -r CPP/7zip/Compress/Rar*
     find . -name makefile'*' -exec sed -i '/Rar/d' {} +
+    chmod +x install.sh
   '';
 
   preConfigure = ''
     makeFlagsArray=(DEST_HOME=$out)
-    buildFlags=all3
-  '' + stdenv.lib.optionalString stdenv.isDarwin ''
-    cp makefile.macosx_llvm_64bits makefile.machine
-  '';
+      buildFlags=all3
+        '' + stdenv.lib.optionalString stdenv.isDarwin ''
+        cp makefile.macosx_llvm_64bits makefile.machine
+'';
 
   enableParallelBuilding = true;
 
@@ -55,15 +45,10 @@ stdenv.mkDerivation rec {
   NIX_CFLAGS_COMPILE = stdenv.lib.optionalString stdenv.cc.isClang "-Wno-error=c++11-narrowing";
 
   meta = {
-    homepage = "http://p7zip.sourceforge.net/";
-    description = "A port of the 7-zip archiver";
+    homepage = "https://github.com/szcnick/p7zip";
+    description = "A new p7zip fork with additional codecs and improvements (forked from https://sourceforge.net/projects/p7zip/)";
     platforms = stdenv.lib.platforms.unix;
     maintainers = [ stdenv.lib.maintainers.raskin ];
-    knownVulnerabilities = [
-      # p7zip is abandoned, according to this thread on its forums:
-      # https://sourceforge.net/p/p7zip/discussion/383043/thread/fa143cf2/#1817
-      "p7zip is abandoned and may not receive important security fixes"
-    ];
     # RAR code is under non-free UnRAR license, but we remove it
     license = if enableUnfree then lib.licenses.unfree else lib.licenses.lgpl2Plus;
   };
diff --git a/pkgs/tools/compression/dtrx/default.nix b/pkgs/tools/compression/dtrx/default.nix
index edca969a1e8..81a446066d9 100644
--- a/pkgs/tools/compression/dtrx/default.nix
+++ b/pkgs/tools/compression/dtrx/default.nix
@@ -1,18 +1,15 @@
 {stdenv, lib, fetchurl, pythonPackages
-, gnutar, unzip, lhasa, rpm, binutils, cpio, gzip, cabextract, unrar, unshield
+, gnutar, unzip, lhasa, rpm, binutils, cpio, gzip, p7zip, cabextract, unrar, unshield
 , bzip2, xz, lzip
-# unsafe:
-# ,p7zip
-# unzip is no longer handled by p7zip, since it's unsafe
-, unzipSupport ? true
+# unzip is handled by p7zip
+, unzipSupport ? false
 , unrarSupport ? false }:
 
 let
-  # p7zip
-  archivers = lib.makeBinPath ([ gnutar lhasa rpm binutils cpio gzip cabextract unshield ]
-                               ++ lib.optional (unzipSupport) unzip
-                               ++ lib.optional (unrarSupport) unrar
-                               ++ [ bzip2 xz lzip ]);
+  archivers = lib.makeBinPath ([ gnutar lhasa rpm binutils cpio gzip p7zip cabextract unshield ]
+  ++ lib.optional (unzipSupport) unzip
+  ++ lib.optional (unrarSupport) unrar
+  ++ [ bzip2 xz lzip ]);
 
 in pythonPackages.buildPythonApplication rec {
   pname = "dtrx";
diff --git a/pkgs/tools/misc/woeusb/default.nix b/pkgs/tools/misc/woeusb/default.nix
index 991ab622490..4c235b4866f 100644
--- a/pkgs/tools/misc/woeusb/default.nix
+++ b/pkgs/tools/misc/woeusb/default.nix
@@ -1,5 +1,5 @@
 { stdenv, fetchFromGitHub, autoreconfHook, makeWrapper
-, coreutils, dosfstools, findutils, gawk, gnugrep, grub2_light, ncurses, ntfs3g, parted, utillinux, wget
+, coreutils, dosfstools, findutils, gawk, gnugrep, grub2_light, ncurses, ntfs3g, parted, p7zip, utillinux, wget
 , wxGTK30 }:
 
 stdenv.mkDerivation rec {
@@ -39,7 +39,7 @@ stdenv.mkDerivation rec {
     # should be patched with a less useless default PATH, but for now
     # we add everything we need manually.
     wrapProgram "$out/bin/woeusb" \
-      --set PATH '${stdenv.lib.makeBinPath [ coreutils dosfstools findutils gawk gnugrep grub2_light ncurses ntfs3g parted utillinux wget ]}'
+      --set PATH '${stdenv.lib.makeBinPath [ coreutils dosfstools findutils gawk gnugrep grub2_light ncurses ntfs3g parted utillinux wget p7zip ]}'
   '';
 
   doInstallCheck = true;