Beuc's homepage
Software engineer
Contributions to Free Software
(for my mostly separate professional experience, contact me)
- Security vulnerabilities:
- CVE-2024-29894: Cacti, XSS
- CVE-2023-40267: GitPython, command injection (incomplete fix)
- CVE-2023-27561: runc, isolation breach (re-introduction)
- CVE-2021-3286: spotweb, SQL injection / filter bypass
- CVE-2020-35176: awstats, directory traveral
- CVE-2019-9924: bash, restricted shell bypass (reporter)
- CVE-2018-0496: DFArc3 & Dink Smallwood HD, directory traversal
- CVE-2017-pending: Savane, restricted shell bypass
- CVE-2014-6275: FusionForge, isolation bypass
- CVE-2013-2069: Amazon Web Services / Red Hat Entreprise Linux, privilege escalation
- CVE-2010-3359: Gargoyle, LD_LIBRARY_PATH abuse
- CVE-2009-3304: Savane & FusionForge, symlink attack
- Code hosting / forges:
- Savannah: the GNU
code hosting platform, where I was jack-of-all-trades / admin
(2004-2011)
- Gna!:
another code hosting platform, where I was admin until we had
to shut it down. Puppet-maintained VServer containers
(2009-2012, 2014-2017)
- Savane:
hosting system for Savannah and Gna! - PHP+Perl, Python, MySQL. I
maintained, upgraded legacy code, added support for Git and
other SCM (2004-2011, 2017)
- FusionForge: software
that runs other forges such as InriaForge - PHP, PostgreSQL.
Revamped the build system, packaging, user isolation, test
suite (2014-2015)
- Video game / interactive development:
-
Ren'Py (Visual Novel -
Python/Cython, emscripten, pygame_sdl2): challenging port to
the web browser (2018-2021)
This
includes python-emscripten
for porting Python/Cython to HTML5/WebAssembly.
- Ren'Py
Translator ToolKit: interoperability between Ren'Py's
native translation and the PO format (gettext).
- Escoria
(point&click template for Godot): port to Godot 3.2. See
also
the Escoria
in Daïza demo.
-
GNU FreeDink
(action/rpg - C/C++, SDL2): portable and free
unofficial port. Works under GNU/Linux, *BSD, MS Woe, and
even in your Web browser.
Cross-compilation,
internationalization/i18n, distro packaging, unit tests,
reproducible builds (2003-2019)
Dink-related projects:
-
B.A.L.L.Z.
(platform/puzzle - C++, Allegro): long-term maintenance and packaging (2008-2019)
- debian - fedora
-
Meritous
(dungeon crawler - C, SDL): long-term maintenance and Android port (2013-2020)
- FreeGLUT
(portable OpenGL C library): Android port
[ref] (2012)
- GHM invitation (JavaScript, WebGL): demoscene-style invitation to the GNU Hackers Meeting (2013)
- Ludumdare (game jam):
participant
[ref, ref]
- Free documentation:
- OpenGL Wikibooks: wrote most modern (shader-based) documentation, ported GLSL articles to C/C++, Android and WebGL ports (2011-)
- MySQL Wikibook: wrote most basics while developing teaching material (2006)
- Reverse engineering:
- Articles:
- Misc contributions:
- Privacy links:
--
Beuc