16:45 <jdstrand> #startmeeting
16:45 <jdstrand> The meeting agenda can be found at:
16:45 <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
16:45 <jdstrand> [TOPIC] Announcements
16:45 <jdstrand> Thanks to Thomas Ward (teward) provided debdiffs for precise-saucy for nginx (LP: #1253691)
16:45 <ubottu> Launchpad bug 1253691 in nginx (Ubuntu Trusty) "Specially crafted request URI permits security restriction bypass [CVE-2013-4547]" [High,Fix released] https://launchpad.net/bugs/1253691
16:45 <jdstrand> Your work is very much appreciated and will keep Ubuntu users secure. Great job! :)
16:46 <jdstrand> [TOPIC] Weekly stand-up report
16:46 <jdstrand> I'll go first
16:46 <jdstrand> I have a very short week this week. I am working today and tomorrow
16:46 <jdstrand> I'm on triage
16:46 <jdstrand> I'm working on an update for keystone which should go out today
16:46 <mdeslaur> jdstrand: I'll take over triage for the rest of the week
16:46 <jdstrand> mdeslaur: thanks :)
16:47 <jdstrand> and I need to get the work items in shape for this cycle. I figure I'll work with you guys on that when I have something to review
16:47 <jdstrand> mdeslaur: you're up
16:47 <mdeslaur> I'm on community this week
16:47 <mdeslaur> I have some jpeg updates to write some test scripts for
16:48 <mdeslaur> and am working on merging ruby and uploading some packages in an attempt to get ruby1.8 demoted from main
16:48 <mdeslaur> since we now have three rubys in main, and I don't want that for a 5-year supported lts
16:48 <jdstrand> what's the story with puppet there?
16:48 <jdstrand> (and yes, great idea)
16:49 <mdeslaur> hrm, good question
16:49 <jdstrand> well, worht looking at. I don't mean to derail the meeting
16:49 <mdeslaur> looks like it's using whatever ruby is default instead of 1.8
16:49 <mdeslaur> so 1.9.1 presumably
16:50 <mdeslaur> it didn't show up on my list of reverse depends
16:50 <jdstrand> cool
16:50 <jdstrand> ah, perfect
16:50 <mdeslaur> pending that, I'll be going down the cve list, as usual
16:50 <mdeslaur> that's it from me
16:50 <mdeslaur> sbeattie: you're up
16:50 <mdeslaur> (if you're here...)
16:50 <jdstrand> that was the only thing I could think of otoh that might be weird. glad it isn't an issue at all :)
16:50 <sbeattie> I'm on apparmor again this week
16:51 <sbeattie> I'll be working on testing improvements as well as some parser fixes/improvements
16:51 <sbeattie> Which is pretty much it for me.
16:51 <jdstrand> is that for IPC?
16:51 <sbeattie> the testing stuff, yes. The parser bits, no.
16:52 <sbeattie> tyhicks: I think you're up.
16:52 <tyhicks> I have a very short week this week
16:52 <tyhicks> I'm only working today
16:52 <tyhicks> Right now, I'm looking into some apparmor_parser oddness
16:52 <tyhicks> It segfaults if I change AA_DBUS_EAVESDROP from (1 << 5) to (1 << 7)
16:52 <tyhicks> That shouldn't happen and makes me think there's a bigger bug lurking somewhere
16:52 <tyhicks> I'll spend a little more time on that
16:52 <tyhicks> Then I'm going to switch to the yama on touch work items
16:52 <tyhicks> (I haven't been able to start on them yet)
16:53 <jdstrand> tyhicks: I didn't think having a week shorter than mine was possible :)
16:53 <tyhicks> jdstrand: beat ya :)
16:53 <tyhicks> that's it for me
16:53 <mdeslaur> bunch of slackers :)
16:53 <tyhicks> jjohansen: you're up
16:53 <sbeattie> tyhicks: oh hrm, is that with the patch set you submitted?
16:53 <tyhicks> sbeattie: yep
16:53 * jjohansen is working on apparmor ipc again this week.
16:54 <jjohansen> I need to coordinate with sbeattie on some testing and see if I can't get him a new kernel
16:55 <sbeattie> +1
16:55 <jdstrand> jjohansen(, sbeattie): can you give a brief update on IPC (eg, are we still on track for ppa this month, archive, next, etc)?
16:56 <jjohansen> jdstrand: we are running behind, since this week is the last week of the month. PPA this month might not happen, if not this week though hopefully next
16:57 <jdstrand> jjohansen: ok, well, please don't feel like you have to work through the holiday
16:58 <jjohansen> who me?
16:58 <jjohansen> never
16:58 <jjohansen> :)
16:58 <jdstrand> jjohansen: was there anything on goldfish?
16:58 <jdstrand> s/thing/ update/
16:59 <jjohansen> oh, I suppose I need to send the patch to the kernel team today, and make sure, the apparmor=0 work around is reverted once the kernel rolls out
16:59 <jdstrand> ah, so you found the problem? what was it?
16:59 <jjohansen> it was that patch from last week, the #ifdef SMP
16:59 <jjohansen> one
17:00 <jdstrand> oh, interesting. I thought that was something else
17:00 <jdstrand> cool
17:00 <jdstrand> (that but number was old iirc)
17:00 <jdstrand> anyhoo, nice! :)
17:01 <jjohansen> jdstrand: well there was a bug against the saucy kernel from some guy doing self compiled kernels
17:01 <jjohansen> that was the old bug number, same bug really
17:01 <jjohansen> sarnold: your up
17:03 <sarnold> I'm in the happy place this week, also a short week, off thursday and friday; I have a merge of libgcrypt11 to work on, a new MIR audit, and -maybe- ask for a CVE for an already-known issue I discovered while working on a MIR audit last week
17:04 <sarnold> it'd be wonderful to make some further dents in the apparmor patches that are still unreviewed, I know there's several of them left..
17:04 <sarnold> I think that's it for me, chrisccoulson you're up :)
17:04 <chrisccoulson> yoyo
17:05 <chrisccoulson> the oxide packaging is almost done now. just waiting on https://code.launchpad.net/~osomon/oxide/initial-build-fixes/+merge/195076, which is basically the last blocker
17:05 <chrisccoulson> i should have it in a PPA after that :)
17:05 <chrisccoulson> this week, i'm focusing on getting bug 1214049 finished
17:05 <ubottu> bug 1214049 in Oxide "Support accelerated compositing" [High,In progress] https://launchpad.net/bugs/1214049
17:06 <mdeslaur> \o/
17:06 <chrisccoulson> oSoMoN has been contributing some fixes as well now
17:06 <sarnold> wow :)
17:06 <sarnold> \o/ :D
17:07 <chrisccoulson> so we got http://bazaar.launchpad.net/~oxide-developers/oxide/oxide.trunk/revision/257 and http://bazaar.launchpad.net/~oxide-developers/oxide/oxide.trunk/revision/256 last week
17:07 <chrisccoulson> i think that's me done
17:08 <jdstrand> chrisccoulson: nice! :)
17:08 <chrisccoulson> oh, i had the joy of learning how to use bzrlib last week too
17:08 <chrisccoulson> that wasn't fun ;)
17:09 <jdstrand> :)
17:09 <jdstrand> [TOPIC] Highlighted packages
17:09 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/network-manager-openvpn.html


17:10 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/djbdns.html

17:10 <jdstrand> [TOPIC] Miscellaneous and Questions
17:10 <jdstrand> Does anyone have any other questions or items to discuss?
17:10 <sarnold> djbdns? o_O I'm shocked :)
17:11 <jdstrand> the CVEs are old. possibly needs more triage
17:12 <sbeattie> well, the package version we ship hasn't changed since precise, either.
17:15 <jdstrand> mdeslaur, sbeattie, tyhicks, jjohansen, sarnold, ChrisCoulson: thanks!
17:15 <sarnold> thanks jdstrand :)
17:15 <jdstrand> #endmeeting