My Contributions to Free Softwares

See also my projects and my contributions to Python.

Contributions in 2016

• Fedora Cloud Image, bug reports:
  • https://bugzilla.redhat.com/show_bug.cgi?id=1405391
  • https://fedorahosted.org/fedora-websites/ticket/415
• testrepository

• PR Fix two ResourceWarning warnings
• Issue Subprocesses pipes (stdout, stderr) are not explicitly closed: ResourceWarning warnings are logged

• pip
  • Issue: pip should use the distro module: platform.linux_distribution() has been deprecated in Python 3.5
  • PR: Fix a ResourceWarning in setuptools_build
• setuptools
  • Don’t use deprecated ‘U’ flag to read manifest
• python-json-patch
  • Use inspect.signature() on Python 3
  • Add tox.ini
• numpy
  • Use PyMem_RawMalloc on Python 3.4 and newer
  • Assertion error when running tests on Python 3.6 compiled in debug mode
  • https://github.com/numpy/numpy/issues/7360
• eventlet:
  • PR #303: Add hubs.default_clock and use time.monotonic
  • Bug report: Python 3: wsgi doesn’t handle correctly partial write of socket send() when using writelines()

Contributions in 2015

• monotonic
  • clock_gettime() is not thread-safe
  • Don’t use CLOCK_MONOTONIC_RAW #13
  • both merged into monotonic 0.5 released at 2015-12-27
• routes:
  • Add tox.ini
  • Fix BytesWarning in Mapper.generate()
• pep8: fix BytesWarning on Python 3
• eventlet: Python 3 patches
  • PR #275: Issue #274: Fix GreenSocket.recv_into(). Issue: On Python 3, sock.makefile(‘rb’).readline() doesn’t handle blocking errors correctly
  • PR #257: Fix GreenFileIO.readall() for regular file
  • Issue #248: eventlet.monkey_patch() on Python 3.4 makes stdout non-blocking: pull request Fix GreenFileIO.write()
  • Issue #230: Fix patcher.original, don’t load a module twice when eventlet monkey-patched is not used
  • tox 1.8 or newer is required
  • Fix threading monkey-patching on Python 3.4
  • Fix threading.Condition with monkey-patching on Python 3.3 and newer #187 on Python 3.3 and newer when monkey patching is used)

Contributions in 2014

• pip: Fix issue #1433: parse requirements in markers #1472. Since pip 6.0, it is possible to write futures; python_version < '2.7' in requirements.txt. Feature very useful to specify requirements specific to Python 2, or only for an old Python version.
• eventlet: Python 3 patches
  • Fix monkey-patched os.open(): add dir_fd parameter #170
  • enhance socketpair code in tpool #167
  • Fix monkey_patch() on Python 3 #168
• Mercurial bug reports:
  • Bug 4516 - Rename information lost after merge+edit+commit amend
  • Bug 4306 - histedit blocked if i exchange and edit a commit (unknown revision / no node)

Old Work (2004-2008)

First, see my old projects.

Accepted patches in other projects

• 2008-05-08, PyPy: modules pwd et syslog implémentés avec ctypes (bon maintenant j’ai un compte Subversion chez PyPy, alors j’accepte mes propres contrib’ :-))
• 2008-03-05, PyPy: _locale module implementation in ctypes
• 2008-02-21, PyPy: resource module implementation using ctypes
• 2007-12-03, Apache: Fix XSS in error page #413. Voir le commit dans Subversion.
• 2006-09-06, PyPy: Corrige le module codec pour la casse des charsets (pour être compatible avec CPython)
• 2006-08-21, urwid: Patch ‘’setuptools’’ (appliqué dans la version 0.9.6)
• 2006-04-27, Dia : http://bugzilla.gnome.org/show_bug.cgi?id=334771 Patch qui corrige un plantage alétoire lors du “dégroupage” d’un objet] (appliqué dans Dia 0.95)
• 2005-06-16, Gnome : Patch pour libgnomeui. Nautilus utilisait 500 Mo de mémoire pour générer une miniature d’une image SVG de 28 Ko ! Mon patch limite au maximum le gaspillage de mémoire. (appliqué dans la version 2.11)

Pending patches

• 2008-07-07, PHP: count_chars() crashs if both arguments are the same reference
• 2007-08-16, yui: container css: “cursor: pointer” instead of “cursor: hand”

INL/EdenWall

During my work at INL/EdenWall, I contributed to many open source softwares:

• 2007, iptables: #7080: Don’t silenty exit on failure to open /proc/net/{ip,ip6}_tables_names
• libnfnetlink: #6741: fix autogen.sh (sh syntax for string comparaison)
• libnetfilter_conntrack: #6721: fix a crash on setting the counters of a conntrack, implement getter for the ATTR_USE attribute
• 2006, libnetfilter_conntrack: #6719: Fix XML output syntax
• libnfnetlink: #6718: Initialize callback structure
• libnetfilter_conntrack: #6716: Fix new API test program (replace ntohs by htons), introduce NFCT_O_PLAIN flag
• gcrypt (july 2006): Fix missing initializer warning in gcrypt.h
• Microoptimize destruction of unused statitically initialized mutexes
• 2005, (lxml library) Invalid use of xmlIO: crash on xmlCharEncCloseFunc()
• (CPython) Bugfix for crashes on low-memory conditions
• (Python ctypes) ctypes: wrong calling convention for _string_at. See issue #3554, 3900 was a duplicate of this bug :-/
• PHP: bug report #42817
• Dia: Bug #334771 (Ungroup crashes) fixed
• libc: Bug report made by Victor Stinner: vfprintf() segfault with multibyte string and long precision. Ulrich Drepper fixed the bug: see vfprintf patch v1.136

Security vulnerabilities:

• 2007-05-22: CVE-2007-2754: FreeType Integer Overflow in TT_Load_Simple_Glyph()
• 2007-05-11: CVE-2007-2650: ClamAV OLE2 Parser Denial of Service
• 2007-05-10: CVE-2007-2645: Libexif Integer Overflow Vulnerability in exif_data_load_data_entry()

Fuzzing

Thanks to my project Fusil, I found and sometimes fixed many bugs in various softwares. See the list of crashes found by Fusil.

Bug reports

Fixed:

• 2007-05-07, ImageMagick: Crash in EXIF parser with invalid IFD count. The file also crash gwenview application.
• 2007-04-30, libc: vfprintf() segfault with multibyte string and long precision.

• Le bug a été corrigé par Ulrich Drepper : patch vfprintf v1.136
• Rapport de bug Fedora Core
• Rapport de bug Debian

• 2007-04-28, FreeType: Another bug in TTF (cmap), voir le patch sfnt/sfobjs.c version 1.128
• 2007-04-27, FreeType: Bug in fuzzed TTF file. Voir le patch (dans CVS).

Open:

• 2008-02-21: PyPy, large-file support and file.seek()
• 2008-01-28: Firefox, Venkman crashs on profiling after clearing profile data
• 2008-01-28: command-not-found, phpize is missing from program.d database
• 2007-10-01: PHP, buffer under- and overflow on clone(null)+array_push()

• Diff sur zend_vm_execute.h
• Tests de non regression : bug36071.phpt, bug42817.phpt, bug42818.phpt

• 2007-07-05, ClamAV:
  • #561: OLE2: Long (slow) loop in ole2_walk_property_tree() with huge prop_index value
  • #560: bitset_realloc() is not atomic (avec patch et testcase)
  • #559: OLE2: Allocate too much memory with invalid file (avec patch et testcase)
• 2007-04-18, ClamAV: Bug in OLE2 file parser (DoS found with fuzzing), dans bugzilla: Bug #466 (fermé au public)
• 2007-04-20, ImageMagick: Bug report in TGA and XCF files (DoS found with fuzzing)
• 2005-06-16, gdb : Display libc function names instead of address?

Other

• I contributed to some articles on the french Wikipedia, like: Sténographie.