My Contributions to Free Softwares¶
See also my projects and my contributions to Python.
Contributions in 2016¶
Fedora Cloud Image, bug reports:
testrepository
pip
setuptools
python-json-patch
numpy
eventlet:
Contributions in 2015¶
monotonic
both merged into monotonic 0.5 released at 2015-12-27
routes:
eventlet: Python 3 patches
PR #275: Issue #274: Fix GreenSocket.recv_into(). Issue: On Python 3, sock.makefile(‘rb’).readline() doesn’t handle blocking errors correctly
Issue #248: eventlet.monkey_patch() on Python 3.4 makes stdout non-blocking: pull request Fix GreenFileIO.write()
Issue #230: Fix patcher.original, don’t load a module twice when eventlet monkey-patched is not used
Fix threading.Condition with monkey-patching on Python 3.3 and newer #187 on Python 3.3 and newer when monkey patching is used)
Contributions in 2014¶
pip: Fix issue #1433: parse requirements in markers #1472. Since pip 6.0, it is possible to write
futures; python_version < '2.7'
in requirements.txt. Feature very useful to specify requirements specific to Python 2, or only for an old Python version.eventlet: Python 3 patches
Mercurial bug reports:
Old Work (2004-2008)¶
First, see my old projects.
Accepted patches in other projects¶
2008-05-08, PyPy: modules pwd et syslog implémentés avec ctypes (bon maintenant j’ai un compte Subversion chez PyPy, alors j’accepte mes propres contrib’ :-))
2008-03-05, PyPy: _locale module implementation in ctypes
2008-02-21, PyPy: resource module implementation using ctypes
2007-12-03, Apache: Fix XSS in error page #413. Voir le commit dans Subversion.
2006-09-06, PyPy: Corrige le module codec pour la casse des charsets (pour être compatible avec CPython)
2006-08-21, urwid: Patch ‘’setuptools’’ (appliqué dans la version 0.9.6)
2006-04-27, Dia : http://bugzilla.gnome.org/show_bug.cgi?id=334771 Patch qui corrige un plantage alétoire lors du “dégroupage” d’un objet] (appliqué dans Dia 0.95)
2005-06-16, Gnome : Patch pour libgnomeui. Nautilus utilisait 500 Mo de mémoire pour générer une miniature d’une image SVG de 28 Ko ! Mon patch limite au maximum le gaspillage de mémoire. (appliqué dans la version 2.11)
Pending patches¶
2008-07-07, PHP: count_chars() crashs if both arguments are the same reference
2007-08-16, yui: container css: “cursor: pointer” instead of “cursor: hand”
INL/EdenWall¶
During my work at INL/EdenWall, I contributed to many open source softwares:
2007, iptables: #7080: Don’t silenty exit on failure to open /proc/net/{ip,ip6}_tables_names
libnfnetlink: #6741: fix autogen.sh (sh syntax for string comparaison)
libnetfilter_conntrack: #6721: fix a crash on setting the counters of a conntrack, implement getter for the ATTR_USE attribute
2006, libnetfilter_conntrack: #6719: Fix XML output syntax
libnfnetlink: #6718: Initialize callback structure
libnetfilter_conntrack: #6716: Fix new API test program (replace ntohs by htons), introduce NFCT_O_PLAIN flag
gcrypt (july 2006): Fix missing initializer warning in gcrypt.h
Microoptimize destruction of unused statitically initialized mutexes
2005, (lxml library) Invalid use of xmlIO: crash on xmlCharEncCloseFunc()
(Python ctypes) ctypes: wrong calling convention for _string_at. See issue #3554, 3900 was a duplicate of this bug :-/
Dia: Bug #334771 (Ungroup crashes) fixed
libc: Bug report made by Victor Stinner: vfprintf() segfault with multibyte string and long precision. Ulrich Drepper fixed the bug: see vfprintf patch v1.136
Security vulnerabilities:
2007-05-22: CVE-2007-2754: FreeType Integer Overflow in TT_Load_Simple_Glyph()
2007-05-11: CVE-2007-2650: ClamAV OLE2 Parser Denial of Service
2007-05-10: CVE-2007-2645: Libexif Integer Overflow Vulnerability in exif_data_load_data_entry()
Fuzzing¶
Thanks to my project Fusil, I found and sometimes fixed many bugs in various softwares. See the list of crashes found by Fusil.
Bug reports¶
Fixed:
2007-05-07, ImageMagick: Crash in EXIF parser with invalid IFD count. The file also crash gwenview application.
2007-04-30, libc: vfprintf() segfault with multibyte string and long precision.
Le bug a été corrigé par Ulrich Drepper : patch vfprintf v1.136
2007-04-28, FreeType: Another bug in TTF (cmap), voir le patch sfnt/sfobjs.c version 1.128
2007-04-27, FreeType: Bug in fuzzed TTF file. Voir le patch (dans CVS).
Open:
2008-02-21: PyPy, large-file support and file.seek()
2008-01-28: Firefox, Venkman crashs on profiling after clearing profile data
2008-01-28: command-not-found, phpize is missing from program.d database
2007-10-01: PHP, buffer under- and overflow on clone(null)+array_push()
Tests de non regression : bug36071.phpt, bug42817.phpt, bug42818.phpt
2007-07-05, ClamAV:
#561: OLE2: Long (slow) loop in ole2_walk_property_tree() with huge prop_index value
#560: bitset_realloc() is not atomic (avec patch et testcase)
#559: OLE2: Allocate too much memory with invalid file (avec patch et testcase)
2007-04-18, ClamAV: Bug in OLE2 file parser (DoS found with fuzzing), dans bugzilla: Bug #466 (fermé au public)
2007-04-20, ImageMagick: Bug report in TGA and XCF files (DoS found with fuzzing)
2005-06-16, gdb : Display libc function names instead of address?
Other¶
I contributed to some articles on the french Wikipedia, like: Sténographie.