
Research
Malicious Go “crypto” Module Steals Passwords and Deploys Rekoobe Backdoor
An impersonated golang.org/x/crypto clone exfiltrates passwords, executes a remote shell stager, and delivers a Rekoobe backdoor on Linux.
xcffib
Advanced tools
xcffib is the XCB binding for Python.
For most end users of software that depends on xcffib or developers writing
code against xcffib, you can use the version of xcffib on pypi. To install it,
you'll need libxcb's headers and libxcb-render's headers (these are available
via sudo apt-get install libxcb-render0-dev on Ubuntu). Once you have the C
headers installed, you can just pip install xcffib.
If you're interested in doing development, read on...
You should be able to install all the language deps from hackage or pip. .github/workflows/ci.yaml has an example of how to install the dependencies on Ubuntu flavors.
See the Makefile for
examples on how to run the tests. Your contribution should at pass make check
before it can be merged. The newtests make target can be used to regenerate
expected haskell test data if the tests are failing because you made a change
to the generated python code.
Sometimes (more often recently), xcbproto makes some updates that we need to
do some work for. These often require some updates to xcb-types as well.
First, hack your changes into xcb-types and cabal install them, then git
clone the version of xcbproto you want to somewhere, e.g. ~/packages:
~/packages $ git clone https://gitlab.freedesktop.org/xorg/proto/xcbproto.git
Finally, you can build/test xcffib against this custom version of
xcb-{proto|types} with:
make XCBDIR=~/packages/xcbproto/src check
To go along with new xcbproto elements, sometimes you need to hack on newer versions of xcb-types. Newer cabals require you to do something like:
echo packages: ../xcb-types/xcb-types.cabal ./xcffib.cabal > cabal.project
In order to find locally modified versions of xcb-types.
FAQs
xcffib is the XCB binding for python
We found that xcffib demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
An impersonated golang.org/x/crypto clone exfiltrates passwords, executes a remote shell stager, and delivers a Rekoobe backdoor on Linux.

Security News
npm rolls out a package release cooldown and scalable trusted publishing updates as ecosystem adoption of install safeguards grows.

Security News
AI agents are writing more code than ever, and that's creating new supply chain risks. Feross joins the Risky Business Podcast to break down what that means for open source security.