tukaani-project
Vcpkg
tukaani-project | Vcpkg | |
---|---|---|
5 | 147 | |
- | 21,773 | |
- | 2.4% | |
- | 10.0 | |
- | 5 days ago | |
CMake | ||
- | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
tukaani-project
-
Backdoor in upstream xz/liblzma leading to SSH server compromise
Thank you. If you wouldn't have explained the background, I totally would've thought that this is just an innocent typo.
(I still think it's like... 60% a typo? don't know)
Anyhow, other people called the CCing of JiaT75 by Lasse suspicious:
https://news.ycombinator.com/item?id=39867593
https://lore.kernel.org/lkml/20240320183846.19475-2-lasse.co...
Someone pointed out the "mental health issues" and "some other things"
https://news.ycombinator.com/item?id=39868881
https://www.mail-archive.com/[email protected]/msg00567.h...
Lasse is of course a Nordic name, and the whole project has a finnish name and hosting
https://news.ycombinator.com/item?id=39866902
If I wanted to go rogue and insert a backdoor in a project of mine, I'd probably create a new sockpuppet account and hand over management of the project to them. The above is worringly compatible with this hypothesis.
OTOH, JiaT75 did not reuse the existing hosting provider, but rather switched the site to github.io and uploaded there old tarballs:
https://github.com/tukaani-project/tukaani-project.github.io...
If JiaT75 is an old-timer in the project, wouldn't they have kept using the same hosting infra?
There are also some other grim possibilities: someone forced Lasse to hand over the project (violence or blackmailing? as farfetched as that sounds)... or maybe stole Lasse devices (and identity?) and now Lasse is incapacitated?
Or maybe it's just some other fellow scandinavian who pretends to be chinese and got Lasse's trust.
Is the same person sockpuppeting Hans Jansen? It's amusing (but unsurprising) that they are using both german-sounding and chinese-sounding identities.
That said, I don't think it's unreasonable to think that Lasse genuinely trusted JiaT75, genuinely believed that the ifunc stuff was reasonable (it probably isn't: https://news.ycombinator.com/item?id=39869538 ) and handed over the project to them.
And at the end of the day, the only thing linking JiaT75 is a swedish/finnish racist joke which could well be a typo. People already checked the timezone of the commits, but I wonder if anyone has already checked the time-of-day of those commits... does it actually match the working hours that a person genuinely living (and sleeping) in China would follow?
Vcpkg
-
Xmake: A modern C/C++ build tool
re: C/C++ development: anybody using conda/pixi for dependency management? Here's an example of compiling a C++ SDL program using pixi and the SDL dependency from conda-forge [1].
Seems viable as a replacement for things like vckpg [2] which only builds from source.
I'm still researching this but it seems like rattler [3] is the tool to use to build/publish packages. The supported repos are: prefix.dev's own hosting, anaconda.org, artifactory or a self-hosted server.
--
1: https://github.com/prefix-dev/pixi/blob/main/examples/cpp-sd...
2: https://github.com/microsoft/vcpkg
3: https://prefix-dev.github.io/rattler-build/latest/authentica...
-
Backdoor in upstream xz/liblzma leading to SSH server compromise
5.4.5 can be compromised
https://github.com/microsoft/vcpkg/issues/37197
- GitHub - microsoft/vcpkg: C++ Library Manager for Windows, Linux, and MacOS
-
Dependencies Belong in Version Control
vcpkg may expire assets after 1.5 years, so achieve long-term reproducibility you will need to cache your dependencies.... Somewhere. Not sure what the expected solution is.
https://github.com/microsoft/vcpkg/pull/30546#issuecomment-1...
-
My first Software Release using GitHub Release
There were various approaches recommended depending on our language and ecosystem. My classmates who developed using Node.js were recommended npm, and PyPI or poetry for Python. Since my program is written in C++, I was recommended to look into one of vcpkg or conan, but I ultimately did not use either package manager.
-
Anyone else frustrated with Conan2?
Which dependencies are not in vcpkg? We can ask them to add it. It’s pretty easy just open an issue there https://github.com/microsoft/vcpkg/issues .
-
How to install libraries for c++ on a Linux CentOS supercomputer where I'm not a sudoer
./vcpkg search netcdf gdal[netcdf] Enable NetCDF support minc 2.4.03#3 MINC - Medical Image NetCDF or MINC isn't netCDF minc[minc1] Support minc1 file format, requires NETCDF netcdf-c 4.8.1#2 A set of self-describing, machine-independent data formats that support th... netcdf-c[dap] Build with DAP remote access client support netcdf-c[hdf5] Build with HDF5 support netcdf-c[nczarr] Build with NCZarr cloud storage access support netcdf-c[nczarr-zip] Build with NCZarr ZIP support netcdf-c[netcdf-4] Build with netCDF-4 support netcdf-c[platform-default-features] Enable platform-dependent default features netcdf-c[tools] Build utilities netcdf-cxx4 4.3.1#4 a set of machine-independent data formats that support the creation, acces... The result may be outdated. Run `git pull` to get the latest results. If your port is not listed, please open an issue at and/or consider making a pull request. - https://github.com/Microsoft/vcpkg/issues
- Does anyone has a idea to read out dependencies out of c/cpp directories to create .sbom files?
-
hypergrep: A new "fastest grep" to search directories recursively for a regex pattern
The hyperscan update to vcpkg seems to have happened from 5.4.0 to 5.4.2 in this commit on Apr 20.
-
Configuring incomplete due to CMake Error(missing OpenCVConfig.cmake ProtobufConfig.cmake and TIFF etc.)
Dear Fictrac team, I am hoping to install Fictrac in our windows 11 x64 laptop (Visual Studio 2019, cMake 3.26.4). I followed the installation guideline on github page fictrac and used the latest vcpkg
What are some alternatives?
systemd - The systemd System and Service Manager
conan - Conan - The open-source C and C++ package manager
xz - XZ Utils [GET https://api.github.com/repos/tukaani-project/xz: 403 - Repository access blocked]
CPM.cmake - 📦 CMake's missing package manager. A small CMake script for setup-free, cross-platform, reproducible dependency management.
homebrew-core - 🍻 Default formulae for the missing package manager for macOS (or Linux)
Boost.Program_options - Boost.org program_options module
wasmtime - A fast and secure runtime for WebAssembly
Ncurses - ncurses Git mirror
rust1 - rust1
vulkan - Haskell bindings for Vulkan
openconnect
meson - The Meson Build System