My Contributions to Free Softwares

See also my projects and my contributions to Python.

Contributions in 2016

• Fedora Cloud Image, bug reports:

  • https://bugzilla.redhat.com/show_bug.cgi?id=1405391

  • https://fedorahosted.org/fedora-websites/ticket/415

• testrepository

• PR Fix two ResourceWarning warnings

• Issue Subprocesses pipes (stdout, stderr) are not explicitly closed: ResourceWarning warnings are logged

• pip

  • Issue: pip should use the distro module: platform.linux_distribution() has been deprecated in Python 3.5

  • PR: Fix a ResourceWarning in setuptools_build

• setuptools

  • Don’t use deprecated ‘U’ flag to read manifest

• python-json-patch

  • Use inspect.signature() on Python 3

  • Add tox.ini

• numpy

  • Use PyMem_RawMalloc on Python 3.4 and newer

  • Assertion error when running tests on Python 3.6 compiled in debug mode

  • https://github.com/numpy/numpy/issues/7360

• eventlet:

  • PR #303: Add hubs.default_clock and use time.monotonic

  • Bug report: Python 3: wsgi doesn’t handle correctly partial write of socket send() when using writelines()

Contributions in 2015

• monotonic

  • clock_gettime() is not thread-safe

  • Don’t use CLOCK_MONOTONIC_RAW #13

  • both merged into monotonic 0.5 released at 2015-12-27

• routes:

  • Add tox.ini

  • Fix BytesWarning in Mapper.generate()

• pep8: fix BytesWarning on Python 3

• eventlet: Python 3 patches

  • PR #275: Issue #274: Fix GreenSocket.recv_into(). Issue: On Python 3, sock.makefile(‘rb’).readline() doesn’t handle blocking errors correctly

  • PR #257: Fix GreenFileIO.readall() for regular file

  • Issue #248: eventlet.monkey_patch() on Python 3.4 makes stdout non-blocking: pull request Fix GreenFileIO.write()

  • Issue #230: Fix patcher.original, don’t load a module twice when eventlet monkey-patched is not used

  • tox 1.8 or newer is required

  • Fix threading monkey-patching on Python 3.4

  • Fix threading.Condition with monkey-patching on Python 3.3 and newer #187 on Python 3.3 and newer when monkey patching is used)

Contributions in 2014

• pip: Fix issue #1433: parse requirements in markers #1472. Since pip 6.0, it is possible to write futures; python_version < '2.7' in requirements.txt. Feature very useful to specify requirements specific to Python 2, or only for an old Python version.

• eventlet: Python 3 patches

  • Fix monkey-patched os.open(): add dir_fd parameter #170

  • enhance socketpair code in tpool #167

  • Fix monkey_patch() on Python 3 #168

• Mercurial bug reports:

  • Bug 4516 - Rename information lost after merge+edit+commit amend

  • Bug 4306 - histedit blocked if i exchange and edit a commit (unknown revision / no node)

Old Work (2004-2008)

First, see my old projects.

Accepted patches in other projects

• 2008-05-08, PyPy: modules pwd et syslog implémentés avec ctypes (bon maintenant j’ai un compte Subversion chez PyPy, alors j’accepte mes propres contrib’ :-))

• 2008-03-05, PyPy: _locale module implementation in ctypes

• 2008-02-21, PyPy: resource module implementation using ctypes

• 2007-12-03, Apache: Fix XSS in error page #413. Voir le commit dans Subversion.

• 2006-09-06, PyPy: Corrige le module codec pour la casse des charsets (pour être compatible avec CPython)

• 2006-08-21, urwid: Patch ‘’setuptools’’ (appliqué dans la version 0.9.6)

• 2006-04-27, Dia : http://bugzilla.gnome.org/show_bug.cgi?id=334771 Patch qui corrige un plantage alétoire lors du “dégroupage” d’un objet] (appliqué dans Dia 0.95)

• 2005-06-16, Gnome : Patch pour libgnomeui. Nautilus utilisait 500 Mo de mémoire pour générer une miniature d’une image SVG de 28 Ko ! Mon patch limite au maximum le gaspillage de mémoire. (appliqué dans la version 2.11)

Pending patches

• 2008-07-07, PHP: count_chars() crashs if both arguments are the same reference

• 2007-08-16, yui: container css: “cursor: pointer” instead of “cursor: hand”

INL/EdenWall

During my work at INL/EdenWall, I contributed to many open source softwares:

• 2007, iptables: #7080: Don’t silenty exit on failure to open /proc/net/{ip,ip6}_tables_names

• libnfnetlink: #6741: fix autogen.sh (sh syntax for string comparaison)

• libnetfilter_conntrack: #6721: fix a crash on setting the counters of a conntrack, implement getter for the ATTR_USE attribute

• 2006, libnetfilter_conntrack: #6719: Fix XML output syntax

• libnfnetlink: #6718: Initialize callback structure

• libnetfilter_conntrack: #6716: Fix new API test program (replace ntohs by htons), introduce NFCT_O_PLAIN flag

• gcrypt (july 2006): Fix missing initializer warning in gcrypt.h

• Microoptimize destruction of unused statitically initialized mutexes

• 2005, (lxml library) Invalid use of xmlIO: crash on xmlCharEncCloseFunc()

• (CPython) Bugfix for crashes on low-memory conditions

• (Python ctypes) ctypes: wrong calling convention for _string_at. See issue #3554, 3900 was a duplicate of this bug :-/

• PHP: bug report #42817

• Dia: Bug #334771 (Ungroup crashes) fixed

• libc: Bug report made by Victor Stinner: vfprintf() segfault with multibyte string and long precision. Ulrich Drepper fixed the bug: see vfprintf patch v1.136

Security vulnerabilities:

• 2007-05-22: CVE-2007-2754: FreeType Integer Overflow in TT_Load_Simple_Glyph()

• 2007-05-11: CVE-2007-2650: ClamAV OLE2 Parser Denial of Service

• 2007-05-10: CVE-2007-2645: Libexif Integer Overflow Vulnerability in exif_data_load_data_entry()

Fuzzing

Thanks to my project Fusil, I found and sometimes fixed many bugs in various softwares. See the list of crashes found by Fusil.

Bug reports

Fixed:

• 2007-05-07, ImageMagick: Crash in EXIF parser with invalid IFD count. The file also crash gwenview application.

• 2007-04-30, libc: vfprintf() segfault with multibyte string and long precision.

• Le bug a été corrigé par Ulrich Drepper : patch vfprintf v1.136

• Rapport de bug Fedora Core

• Rapport de bug Debian

• 2007-04-28, FreeType: Another bug in TTF (cmap), voir le patch sfnt/sfobjs.c version 1.128

• 2007-04-27, FreeType: Bug in fuzzed TTF file. Voir le patch (dans CVS).

Open:

• 2008-02-21: PyPy, large-file support and file.seek()

• 2008-01-28: Firefox, Venkman crashs on profiling after clearing profile data

• 2008-01-28: command-not-found, phpize is missing from program.d database

• 2007-10-01: PHP, buffer under- and overflow on clone(null)+array_push()

• Diff sur zend_vm_execute.h

• Tests de non regression : bug36071.phpt, bug42817.phpt, bug42818.phpt

• 2007-07-05, ClamAV:

  • #561: OLE2: Long (slow) loop in ole2_walk_property_tree() with huge prop_index value

  • #560: bitset_realloc() is not atomic (avec patch et testcase)

  • #559: OLE2: Allocate too much memory with invalid file (avec patch et testcase)

• 2007-04-18, ClamAV: Bug in OLE2 file parser (DoS found with fuzzing), dans bugzilla: Bug #466 (fermé au public)

• 2007-04-20, ImageMagick: Bug report in TGA and XCF files (DoS found with fuzzing)

• 2005-06-16, gdb : Display libc function names instead of address?

Other

• I contributed to some articles on the french Wikipedia, like: Sténographie.