Beuc's homepage

• Security vulnerabilities:
  • CVE-2023-40267: GitPython, command injection (incomplete fix)
  • CVE-2023-27561: runc, isolation breach (re-introduction)
  • CVE-2021-3286: spotweb, SQL injection / filter bypass
  • CVE-2020-35176: awstats, directory traveral
  • CVE-2019-9924: bash, restricted shell bypass (reporter)
  • CVE-2018-0496: DFArc3 & Dink Smallwood HD, directory traversal
  • CVE-2017-pending: Savane, restricted shell bypass
  • CVE-2014-6275: FusionForge, isolation bypass
  • CVE-2013-2069: Amazon Web Services / Red Hat Entreprise Linux, privilege escalation
  • CVE-2010-3359: Gargoyle, LD_LIBRARY_PATH abuse
  • CVE-2009-3304: Savane & FusionForge, symlink attack
• Code hosting / forges:
  • Savannah: the GNU code hosting platform, where I was jack-of-all-trades / admin (2004-2011)
    
  • Gna!: another code hosting platform, where I was admin until we had to shut it down. Puppet-maintained VServer containers (2009-2012, 2014-2017)
    
  • Savane: hosting system for Savannah and Gna! - PHP+Perl, Python, MySQL. I maintained, upgraded legacy code, added support for Git and other SCM (2004-2011, 2017)
  • FusionForge: software that runs other forges such as InriaForge - PHP, PostgreSQL. Revamped the build system, packaging, user isolation, test suite (2014-2015)
    
• Video game / interactive development:
  • Ren'Py (Visual Novel - Python/Cython, emscripten, pygame_sdl2): challenging port to the web browser (2018-2021)
    This includes python-emscripten for porting Python/Cython to HTML5/WebAssembly.
    
    
  • Ren'Py Translator ToolKit: interoperability between Ren'Py's native translation and the PO format (gettext).
  • Escoria (point&click template for Godot): port to Godot 3.2. See also the Escoria in Daïza demo.
  • GNU FreeDink (action/rpg - C/C++, SDL2): portable and free unofficial port. Works under GNU/Linux, *BSD, MS Woe, and even in your Web browser.
    Cross-compilation, internationalization/i18n, distro packaging, unit tests, reproducible builds (2003-2019)
    
    Dink-related projects:
    • Dink Translation: localization for the main story and related content (2001-2021)
    • The Dink Solutions: walkthroughs repository, I wrote and translated a lot of them though the current incarnation dropped all authorship info (2001-2010)
      
    • Dink Network profile: other Dink contributions
  • B.A.L.L.Z. (platform/puzzle - C++, Allegro): long-term maintenance and packaging (2008-2019) - debian - fedora
    
    
  • Meritous (dungeon crawler - C, SDL): long-term maintenance and Android port (2013-2020)
    
  • FreeGLUT (portable OpenGL C library): Android port [ref] (2012)
    
  • GHM invitation (JavaScript, WebGL): demoscene-style invitation to the GNU Hackers Meeting (2013)
    
  • Ludumdare (game jam): participant [ref, ref]
• Free documentation:
  • OpenGL Wikibooks: wrote most modern (shader-based) documentation, ported GLSL articles to C/C++, Android and WebGL ports (2011-)
    
    
  • MySQL Wikibook: wrote most basics while developing teaching material (2006)
• Reverse engineering:
  • Android Rebuilds, how to rebuild SDK/NDK, precisely, without non-free EULA (2015-2021)
    
  • .zed archive file format, reverse-engineered (2017)
    
• Articles:
  • Blog
  • Introduction to Open Source / Free Software philosophy aimed at IT employees
  • Far-fetched? Apple platform through a different perspective
  • Life as a Tor node
• Misc contributions:
  • Debian packager (2006-) and developer (2010-)
    
  • Fedora package maintainer (2008-)
  
  • Planet GNU maintainer (2018-2021)
    
  • Godot (game engine - C++/GDScript): doc fixes [ref] [ref] (2020-)
  • LogsRecentsSansTrace: limnoria/supybot IRC plugin to keep limited volatile channel history (2020)
  • Emscripten (compiler to WebAssembly - Python, JavaScript): doc and bug fixes [ref] (2018-2021)
  • reproducible-builds.org: doc and bug fixes, made GNU FreeDink reproducible (2017-2019)
  • SDL_gfx (graphics library for SDL/SDL2 - assembler): 32- and 64-bit GCC-compiled MMX support (2013) and various other fixes
  • aDDict (64k demo scene - C, ASM): port Conspiracy's tool to GCC (2013)
  • SDL wiki mirror (mod_python): search-engine-friendly mirror (no all-disabling robots.txt) (2008-2021)
  • SDL 1.2 to 2.0 initial migration guide (2010)
  • SFML early Android port proof-of-concept (2012)
  • CMake Tutorial with focus on using SFML (2011)
  • Blender 3D: Noob to Pro: clarifications and fixes [ref] (2010)
  • Introduction to PDF format (2009) (now at mozilla!)
  • April Transcriptions: e.g. Privacy 2013: Why. When. How. (2013)
  • doc.cliss21.com: public company wiki with misc sysadmin & developer notes (French) (2006-2010)
  • GCourrier (snail mail dematerialization - PHP, MySQL): maintenance and improvements
  • CoSign SSO: complete installation HOWTO (2007)
  • Xaraya: authldap nested groups support (2005)
  • SpécialK: a transpiler from the K algorithmic language to Scheme (2004)
  • GNU Bison tutorial examples: autoconfiscated, ready to compile
  • Minimal autoconf+automake+gnulib project
  • Exmap: fined-grained memory analyzer, attempt at revival
  • Jamendo dumps fast import: as a Django app, for decentralization experiments
  • Other misc projects hosted at Savannah
• Privacy links:
  • Honest Achmed's root certificate
  • Freedom in the Cloud (video, texts)
  • Facebook, Twitter Revolutionizing How Parents Stalk Their College-Aged Kids
  • Web 2.0 is Sharecropping (slides copy)
  • Twitter you say? - The present is retarded.
  • Please Rob Me - Raising awareness about over-sharing
  • Before / After - rules of social networking can change anytime
  • Controlling one's infrastructure

--
Beuc