xz
Vcpkg
xz | Vcpkg | |
---|---|---|
24 | 147 | |
160 | 21,699 | |
- | 2.1% | |
9.7 | 10.0 | |
about 2 months ago | 6 days ago | |
C | CMake | |
GNU General Public License v3.0 or later | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
xz
-
XZ backdoor story – Initial analysis
Very funny. This one:
https://github.com/tukaani-project/xz/commits?author=thesame...
- Xz: Update maintainer and author info. The other maintainer suddenly disappeared
- Thanks Andres Freud
- The xz-utils backdoor has been removed
-
The xz sshd backdoor rabbithole goes quite a bit deeper
> The payload of the 'hack' contains fairly easy ways for the xz hackers to update the payload. They actually used it to remove a real issue where their hackery causes issues with valgrind that might lead to discovering it, and they also used it to release 5.6.1 which rewrites significant chunks;
The valgrind fix in 5.6.1 overwrites the same test files used in 5.6.0 instead of using the injection code's extension hooks. This is done with what should have been a highly suspicious commit: https://github.com/tukaani-project/xz/commit/6e636819e8f0703... - this replaces "random" test files with other "random" test files. The state reson is questionable to begin but not including the seed used when the the purpoted reason was to be able to re-create the files in the future is highly suspicous. This should have raised red flags bug no one was watching. I'd say this is another part of the operation that was much more sloppy than it needed to be.
-
Timeline of the xz open source attack
In https://archive.softwareheritage.org/browse/revision/e446ab7...
-
GitHub Disabled the Xz Repo
You're right, but maybe because there's nothing to see : https://github.com/tukaani-project/xz
- Xz Repository Censored by GitHub
- Backdoor in upstream xz/liblzma leading to SSH server compromise
- The Return of the Frame Pointers
Vcpkg
-
Xmake: A modern C/C++ build tool
re: C/C++ development: anybody using conda/pixi for dependency management? Here's an example of compiling a C++ SDL program using pixi and the SDL dependency from conda-forge [1].
Seems viable as a replacement for things like vckpg [2] which only builds from source.
I'm still researching this but it seems like rattler [3] is the tool to use to build/publish packages. The supported repos are: prefix.dev's own hosting, anaconda.org, artifactory or a self-hosted server.
--
1: https://github.com/prefix-dev/pixi/blob/main/examples/cpp-sd...
2: https://github.com/microsoft/vcpkg
3: https://prefix-dev.github.io/rattler-build/latest/authentica...
-
Backdoor in upstream xz/liblzma leading to SSH server compromise
5.4.5 can be compromised
https://github.com/microsoft/vcpkg/issues/37197
- GitHub - microsoft/vcpkg: C++ Library Manager for Windows, Linux, and MacOS
-
Dependencies Belong in Version Control
vcpkg may expire assets after 1.5 years, so achieve long-term reproducibility you will need to cache your dependencies.... Somewhere. Not sure what the expected solution is.
https://github.com/microsoft/vcpkg/pull/30546#issuecomment-1...
-
My first Software Release using GitHub Release
There were various approaches recommended depending on our language and ecosystem. My classmates who developed using Node.js were recommended npm, and PyPI or poetry for Python. Since my program is written in C++, I was recommended to look into one of vcpkg or conan, but I ultimately did not use either package manager.
-
Anyone else frustrated with Conan2?
Which dependencies are not in vcpkg? We can ask them to add it. It’s pretty easy just open an issue there https://github.com/microsoft/vcpkg/issues .
-
How to install libraries for c++ on a Linux CentOS supercomputer where I'm not a sudoer
./vcpkg search netcdf gdal[netcdf] Enable NetCDF support minc 2.4.03#3 MINC - Medical Image NetCDF or MINC isn't netCDF minc[minc1] Support minc1 file format, requires NETCDF netcdf-c 4.8.1#2 A set of self-describing, machine-independent data formats that support th... netcdf-c[dap] Build with DAP remote access client support netcdf-c[hdf5] Build with HDF5 support netcdf-c[nczarr] Build with NCZarr cloud storage access support netcdf-c[nczarr-zip] Build with NCZarr ZIP support netcdf-c[netcdf-4] Build with netCDF-4 support netcdf-c[platform-default-features] Enable platform-dependent default features netcdf-c[tools] Build utilities netcdf-cxx4 4.3.1#4 a set of machine-independent data formats that support the creation, acces... The result may be outdated. Run `git pull` to get the latest results. If your port is not listed, please open an issue at and/or consider making a pull request. - https://github.com/Microsoft/vcpkg/issues
- Does anyone has a idea to read out dependencies out of c/cpp directories to create .sbom files?
-
hypergrep: A new "fastest grep" to search directories recursively for a regex pattern
The hyperscan update to vcpkg seems to have happened from 5.4.0 to 5.4.2 in this commit on Apr 20.
-
Configuring incomplete due to CMake Error(missing OpenCVConfig.cmake ProtobufConfig.cmake and TIFF etc.)
Dear Fictrac team, I am hoping to install Fictrac in our windows 11 x64 laptop (Visual Studio 2019, cMake 3.26.4). I followed the installation guideline on github page fictrac and used the latest vcpkg
What are some alternatives?
wasmtime - A fast and secure runtime for WebAssembly
conan - Conan - The open-source C and C++ package manager
libarchive - Multi-format archive and compression library
CPM.cmake - 📦 CMake's missing package manager. A small CMake script for setup-free, cross-platform, reproducible dependency management.
stencil-golang - Template repository for Golang applications
Boost.Program_options - Boost.org program_options module
tukaani-project
Ncurses - ncurses Git mirror
Folly - An open-source C++ library developed and used at Facebook.
vulkan - Haskell bindings for Vulkan
freedesktop-sdk
meson - The Meson Build System