My Contributions to Free Softwares¶
See also my projects and my contributions to Python.
Contributions in 2016¶
- Fedora Cloud Image, bug reports:
- testrepository
- pip
- setuptools
- python-json-patch
- numpy
- eventlet:
Contributions in 2015¶
- monotonic
- clock_gettime() is not thread-safe
- Don’t use CLOCK_MONOTONIC_RAW #13
- both merged into monotonic 0.5 released at 2015-12-27
- routes:
- pep8: fix BytesWarning on Python 3
- eventlet: Python 3 patches
- PR #275: Issue #274: Fix GreenSocket.recv_into(). Issue: On Python 3, sock.makefile(‘rb’).readline() doesn’t handle blocking errors correctly
- PR #257: Fix GreenFileIO.readall() for regular file
- Issue #248: eventlet.monkey_patch() on Python 3.4 makes stdout non-blocking: pull request Fix GreenFileIO.write()
- Issue #230: Fix patcher.original, don’t load a module twice when eventlet monkey-patched is not used
- tox 1.8 or newer is required
- Fix threading monkey-patching on Python 3.4
- Fix threading.Condition with monkey-patching on Python 3.3 and newer #187 on Python 3.3 and newer when monkey patching is used)
Contributions in 2014¶
- pip: Fix issue #1433: parse requirements in markers #1472.
Since pip 6.0, it is possible to write
futures; python_version < '2.7'
in requirements.txt. Feature very useful to specify requirements specific to Python 2, or only for an old Python version. - eventlet: Python 3 patches
- Mercurial bug reports:
Old Work (2004-2008)¶
First, see my old projects.
Accepted patches in other projects¶
- 2008-05-08, PyPy: modules pwd et syslog implémentés avec ctypes (bon maintenant j’ai un compte Subversion chez PyPy, alors j’accepte mes propres contrib’ :-))
- 2008-03-05, PyPy: _locale module implementation in ctypes
- 2008-02-21, PyPy: resource module implementation using ctypes
- 2007-12-03, Apache: Fix XSS in error page #413. Voir le commit dans Subversion.
- 2006-09-06, PyPy: Corrige le module codec pour la casse des charsets (pour être compatible avec CPython)
- 2006-08-21, urwid: Patch ‘’setuptools’’ (appliqué dans la version 0.9.6)
- 2006-04-27, Dia : http://bugzilla.gnome.org/show_bug.cgi?id=334771 Patch qui corrige un plantage alétoire lors du “dégroupage” d’un objet] (appliqué dans Dia 0.95)
- 2005-06-16, Gnome : Patch pour libgnomeui. Nautilus utilisait 500 Mo de mémoire pour générer une miniature d’une image SVG de 28 Ko ! Mon patch limite au maximum le gaspillage de mémoire. (appliqué dans la version 2.11)
Pending patches¶
- 2008-07-07, PHP: count_chars() crashs if both arguments are the same reference
- 2007-08-16, yui: container css: “cursor: pointer” instead of “cursor: hand”
INL/EdenWall¶
During my work at INL/EdenWall, I contributed to many open source softwares:
- 2007, iptables: #7080: Don’t silenty exit on failure to open /proc/net/{ip,ip6}_tables_names
- libnfnetlink: #6741: fix autogen.sh (sh syntax for string comparaison)
- libnetfilter_conntrack: #6721: fix a crash on setting the counters of a conntrack, implement getter for the ATTR_USE attribute
- 2006, libnetfilter_conntrack: #6719: Fix XML output syntax
- libnfnetlink: #6718: Initialize callback structure
- libnetfilter_conntrack: #6716: Fix new API test program (replace ntohs by htons), introduce NFCT_O_PLAIN flag
- gcrypt (july 2006): Fix missing initializer warning in gcrypt.h
- Microoptimize destruction of unused statitically initialized mutexes
- 2005, (lxml library) Invalid use of xmlIO: crash on xmlCharEncCloseFunc()
- (CPython) Bugfix for crashes on low-memory conditions
- (Python ctypes) ctypes: wrong calling convention for _string_at. See issue #3554, 3900 was a duplicate of this bug :-/
- PHP: bug report #42817
- Dia: Bug #334771 (Ungroup crashes) fixed
- libc: Bug report made by Victor Stinner: vfprintf() segfault with multibyte string and long precision. Ulrich Drepper fixed the bug: see vfprintf patch v1.136
Security vulnerabilities:
- 2007-05-22: CVE-2007-2754: FreeType Integer Overflow in TT_Load_Simple_Glyph()
- 2007-05-11: CVE-2007-2650: ClamAV OLE2 Parser Denial of Service
- 2007-05-10: CVE-2007-2645: Libexif Integer Overflow Vulnerability in exif_data_load_data_entry()
Fuzzing¶
Thanks to my project Fusil, I found and sometimes fixed many bugs in various softwares. See the list of crashes found by Fusil.
Bug reports¶
Fixed:
- 2007-05-07, ImageMagick: Crash in EXIF parser with invalid IFD count. The file also crash gwenview application.
- 2007-04-30, libc: vfprintf() segfault with multibyte string and long precision.
- Le bug a été corrigé par Ulrich Drepper : patch vfprintf v1.136
- Rapport de bug Fedora Core
- Rapport de bug Debian
- 2007-04-28, FreeType: Another bug in TTF (cmap), voir le patch sfnt/sfobjs.c version 1.128
- 2007-04-27, FreeType: Bug in fuzzed TTF file. Voir le patch (dans CVS).
Open:
- 2008-02-21: PyPy, large-file support and file.seek()
- 2008-01-28: Firefox, Venkman crashs on profiling after clearing profile data
- 2008-01-28: command-not-found, phpize is missing from program.d database
- 2007-10-01: PHP, buffer under- and overflow on clone(null)+array_push()
- Diff sur zend_vm_execute.h
- Tests de non regression : bug36071.phpt, bug42817.phpt, bug42818.phpt
- 2007-07-05, ClamAV:
- #561: OLE2: Long (slow) loop in ole2_walk_property_tree() with huge prop_index value
- #560: bitset_realloc() is not atomic (avec patch et testcase)
- #559: OLE2: Allocate too much memory with invalid file (avec patch et testcase)
- 2007-04-18, ClamAV: Bug in OLE2 file parser (DoS found with fuzzing), dans bugzilla: Bug #466 (fermé au public)
- 2007-04-20, ImageMagick: Bug report in TGA and XCF files (DoS found with fuzzing)
- 2005-06-16, gdb : Display libc function names instead of address?
Other¶
- I contributed to some articles on the french Wikipedia, like: Sténographie.