18:13:28 <jdstrand> #startmeeting
18:13:28 <meetingology> Meeting started Mon Aug  6 18:13:28 2012 UTC.  The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
18:13:28 <meetingology> 
18:13:28 <meetingology> Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired
18:13:52 <jdstrand> The meeting agenda can be found at:
18:13:53 <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
18:13:59 <jdstrand> [TOPIC] Announcements
18:14:10 <jdstrand> Thanks to the following individuals:
18:14:15 <jdstrand> Felix Geyer (debfx) provided debdiffs for oneiric-precise for ruby-actionpack-2.3 (LP: #1030984)
18:14:18 <jdstrand> Mike !McClurg (mike-mcclurg) provided a debdiff for precise for xen-api (LP: #1031375)
18:14:23 <jdstrand> Your work is very much appreciated and will keep Ubuntu users secure. Great job! :)
18:14:31 <jdstrand> [TOPIC] Weekly stand-up report
18:14:41 <jdstrand> I'll go first
18:15:21 <jdstrand> so, I spent a *lot* of time on webkit and kde/archive admin stuff last week
18:15:49 <jdstrand> the former is mostly done, but I need to follow up with some discussions, etc
18:16:14 <jdstrand> the latter is done for now. There is more that can be done, but I don't have the stamina to do it atm
18:16:28 <ScottK> :-)
18:16:47 <jdstrand> I'm in the happy place
18:17:15 <jdstrand> I have a couple of MIR audits left, then after that, recruiting and back to pending updates
18:17:25 <jdstrand> mdeslaur: you're up
18:17:40 <mdeslaur> I'm on community this week
18:17:44 <mdeslaur> just published the nvidia driver updates
18:17:59 <mdeslaur> and now I'm looking at koffice and uhm...
18:18:02 <mdeslaur> what's it called
18:18:03 <mdeslaur> calligra?
18:18:18 <mdeslaur> tomorrow, I'll be working on openoffice and libreoffice
18:18:23 <mdeslaur> and will try and get to libxml too
18:18:26 <mdeslaur> that's it for me
18:18:33 <mdeslaur> tyhicks: you're up
18:18:43 <jdstrand> mdeslaur: thanks again for working on that mvidia issue
18:18:47 <jdstrand> nvidia
18:19:01 * micahg wonders where he went
18:19:01 <mdeslaur> np
18:19:07 <tyhicks> micahg: go ahead
18:19:21 <mdeslaur> hehe, I wasn't sure who was usually after steve
18:19:35 <mdeslaur> sorry for aggravating your OCD :)
18:19:45 * jdstrand allows goes with longevity on team
18:19:52 <micahg> I'm still working on webkit, hopefully will see the light at the end of the tunnel soon, I'm also SRUing a regression fix from the icedtea-web in natty/oneiric for sbeattie
18:19:56 <jdstrand> that is the only way I can keep it straight :)
18:20:18 <micahg> as well as the standard mozilla pretesting of the week
18:20:41 <micahg> I think that's it for me
18:20:57 <tyhicks> I'm covering triage this week for steve
18:21:33 <tyhicks> My focus will be on updates and working a new eCryptfs data corruption bug
18:22:01 <jdstrand> :\ how widespread is that?
18:22:08 <tyhicks> It is intermittent and only happens when downloading really large files, so it will be a fun one :/
18:22:22 <ScottK> How large is really large?
18:22:35 <tyhicks> ScottK: I've only reproduced it with > 3G files
18:22:47 <ScottK> OK.
18:22:48 <tyhicks> jdstrand: Not too widespread. I've only seen one report on it.
18:23:02 <ScottK> The concerned eCryptfs user sits back down.
18:23:13 <tyhicks> It is very subtle, too. Only one or two bytes changed in the corrupted file.
18:23:23 <tyhicks> (at least in the couple times that I was able to reproduce it)
18:23:39 <kirkland> tyhicks: what bug # is that?
18:23:43 * tyhicks looks
18:23:52 <jdstrand> tyhicks: let's talk outside of the meeting on how you are reproducing
18:24:22 <tyhicks> bug 1027450
18:24:23 <ubottu> Launchpad bug 1027450 in eCryptfs "File corruption in ecryptfs folder" [High,Incomplete] https://launchpad.net/bugs/1027450
18:24:24 <tyhicks> jdstrand: ack
18:24:40 <tyhicks> That's it for me
18:25:41 <jdstrand> jjohansen: you're up
18:25:42 <jjohansen> I guess I'm up
18:25:43 <jjohansen> I've got a couple of apparmor bugs to look into, cboltz's profile cache failing reported on the ml, and a no new privs issue from hallyn,
18:25:43 <jjohansen> While I am at the no new privs issue, I'll also look into how to deal with that in stacking, it may require us to carry some information in the stack
18:25:43 <jjohansen> I've got a qrt kernel security failure to finishing looking into
18:25:43 <jjohansen> beyond that I'll be pushing out the 3rd iteration of the current patchset with the locking rework, and might include some of the perm remapping, profile hashing and stacking patches with it
18:26:41 <jjohansen> jdstrand: back to you
18:27:23 <jdstrand> [TOPIC] Highlighted packages
18:27:29 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/syscp.html
18:27:33 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/libhtml-template-pro-perl.html
18:27:36 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/network-manager-openvpn.html
18:27:39 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/gridengine.html
18:27:41 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/ncpfs.html
18:27:59 <jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
18:28:05 <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
18:28:11 <jdstrand> I pasted the highlighted packages above
18:28:19 <jdstrand> [TOPIC] Miscellaneous and Questions
18:28:30 <jdstrand> There are a lot of merge opportunities for packages listed in http://people.canonical.com/~ubuntu-security/d2u/. Performing these updates is a great way to help Ubuntu and bolster your developer application.
18:28:39 <jdstrand> Does anyone have any other questions or items to discuss?
18:28:47 <ScottK> \o
18:28:53 <jdstrand> ScottK: go ahead
18:29:06 <ScottK> The Calligra/KOffice issue is in an embedded copy of wv2.
18:29:23 <ScottK> We also have a packaged wv2 that's significantly older.
18:29:43 <ScottK> The code in the area of the fix is superficially similar, but the package doesn't build with the patch.
18:30:13 <ScottK> I was wondering if when you're looking at Calligra/KOffice you might have a glance at wv2 and see if you think it's also relevant to it.
18:30:15 <ScottK> ..
18:30:33 <mdeslaur> it did look relevant at first glance
18:30:55 <ScottK> (I was in a rush on saturday and heaved an updated wv2 at quantal.
18:31:03 <ScottK> It FTBFS.
18:31:18 <micahg> scottK: that looks like a gcc-4.7 failure
18:31:41 <ScottK> OK.
18:31:46 <ScottK> Thanks.
18:31:54 <ScottK> I'll see if I can find someone to help me with it.
18:32:16 <ScottK> (that or remove the package, there aren't any users for the lib and it's dead upstream other than the embedded on in Calligra.
18:33:56 <jdstrand> ScottK: thanks
18:34:03 <jdstrand> any other questions or items to discuss?
18:38:03 <jdstrand> mdeslaur, micahg, tyhicks, jjohansen, ScottK: thanks!
18:38:06 <jdstrand> #endmeeting