Beuc's homepage
Software engineer
Contributions to Free Software
(for my mostly separate professional experience, contact me)
- Security vulnerabilities:
- CVE-2024-29894: Cacti, XSS
- CVE-2023-40267: GitPython, command injection (incomplete fix)
- CVE-2023-27561: runc, isolation breach (re-introduction)
- CVE-2021-3286: spotweb, SQL injection / filter bypass
- CVE-2020-35176: awstats, directory traveral
- CVE-2019-9924: bash, restricted shell bypass (reporter)
- CVE-2018-0496: DFArc3 & Dink Smallwood HD, directory traversal
- CVE-2017-pending: Savane, restricted shell bypass
- CVE-2014-6275: FusionForge, isolation bypass
- CVE-2013-2069: Amazon Web Services / Red Hat Entreprise Linux, privilege escalation
- CVE-2010-3359: Gargoyle, LD_LIBRARY_PATH abuse
- CVE-2009-3304: Savane & FusionForge, symlink attack
- Code hosting / forges:
- Savannah: the GNU
code hosting platform, where I was jack-of-all-trades / admin
(2004-2011)
- Gna!:
another code hosting platform, where I was admin until we had
to shut it down. Puppet-maintained VServer containers
(2009-2012, 2014-2017)
- Savane:
hosting system for Savannah and Gna! - PHP+Perl, Python, MySQL. I
maintained, upgraded legacy code, added support for Git and
other SCM (2004-2011, 2017)
- FusionForge: software
that runs other forges such as InriaForge - PHP, PostgreSQL.
Revamped the build system, packaging, user isolation, test
suite (2014-2015)
- Video game / interactive development:
-
Ren'Py (Visual Novel -
Python/Cython, emscripten, pygame_sdl2): challenging port to
the web browser (2018-2021)
This
includes python-emscripten
for porting Python/Cython to HTML5/WebAssembly.
- Ren'Py
Translator ToolKit: interoperability between Ren'Py's
native translation and the PO format (gettext).
- Escoria
(point&click template for Godot): port to Godot 3.2. See
also
the Escoria
in Daïza demo.
-
GNU FreeDink
(action/rpg - C/C++, SDL2): portable and free
unofficial port. Works under GNU/Linux, *BSD, MS Woe, and
even in your Web browser.
Cross-compilation,
internationalization/i18n, distro packaging, unit tests,
reproducible builds (2003-2019)
Dink-related projects:
-
B.A.L.L.Z.
(platform/puzzle - C++, Allegro): long-term maintenance and packaging (2008-2019)
- debian - fedora
-
Meritous
(dungeon crawler - C, SDL): long-term maintenance and Android port (2013-2020)
- FreeGLUT
(portable OpenGL C library): Android port
[ref] (2012)
- GHM invitation (JavaScript, WebGL): demoscene-style invitation to the GNU Hackers Meeting (2013)
- Ludumdare (game jam):
participant
[ref, ref]
- Free documentation:
- OpenGL Wikibooks: wrote most modern (shader-based) documentation, ported GLSL articles to C/C++, Android and WebGL ports (2011-)
- MySQL Wikibook: wrote most basics while developing teaching material (2006)
- Reverse engineering:
- Articles:
- Misc contributions:
- Debian packager (2006-) and developer (2010-)
- Fedora package maintainer (2008-)
- Planet GNU maintainer (2018-2021)
- Godot (game engine - C++/GDScript): doc fixes [ref] [ref] (2020-)
- LogsRecentsSansTrace: limnoria/supybot IRC plugin to keep limited volatile channel history (2020)
- Emscripten (compiler to WebAssembly - Python, JavaScript): doc and bug fixes [ref] (2018-2021)
- reproducible-builds.org: doc and bug fixes, made GNU FreeDink reproducible (2017-2019)
- SDL_gfx (graphics library for SDL/SDL2 - assembler): 32- and 64-bit GCC-compiled MMX support (2013) and various other fixes
- aDDict (64k demo scene - C, ASM): port Conspiracy's tool to GCC (2013)
- SDL wiki mirror (mod_python): search-engine-friendly mirror (no all-disabling robots.txt) (2008-2021)
- SDL 1.2 to 2.0 initial migration guide (2010)
- SFML early Android port proof-of-concept (2012)
- CMake Tutorial with focus on using SFML (2011)
- Blender 3D: Noob to Pro: clarifications and fixes [ref] (2010)
- Introduction to PDF format (2009) (now at mozilla!)
- April Transcriptions: e.g. Privacy 2013: Why. When. How. (2013)
- doc.cliss21.com: public company wiki with misc sysadmin & developer notes (French) (2006-2010)
- GCourrier (snail mail dematerialization - PHP, MySQL): maintenance and improvements
- CoSign SSO: complete installation HOWTO (2007)
- Xaraya: authldap nested groups support (2005)
- SpécialK: a transpiler from the K algorithmic language to Scheme (2004)
- GNU Bison tutorial examples: autoconfiscated, ready to compile
- Minimal autoconf+automake+gnulib project
- Exmap: fined-grained memory analyzer, attempt at revival
- Jamendo dumps fast import: as a Django app, for decentralization experiments
- Other misc projects hosted at Savannah
Privacy links:
--
Beuc