18:02:18 <jdstrand> #startmeeting 18:02:18 <meetingology> Meeting started Mon Feb 27 18:02:18 2012 UTC. The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 18:02:18 <meetingology> 18:02:18 <meetingology> Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired 18:02:29 <jdstrand> The meeting agenda can be found at: 18:02:30 <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 18:02:35 <jdstrand> [TOPIC] Announcements 18:03:05 <jdstrand> * Andreas Moog (amoog) provided debdiffs for maverick-oneiric for gypsy (LP: #690323) 18:03:09 <jdstrand> * Zubin Mithra (zubin-mithra) provided a debdiff for maverick for dhcpcd (LP: #931036) 18:03:14 <jdstrand> Your work is very much appreciated and will keep Ubuntu users secure. Great job! :) 18:03:27 <jdstrand> [TOPIC] Review of any previous action items 18:03:34 * sbeattie sighs 18:03:36 * jdstrand sbeattie to follow up on qrt bugs from QA team 18:03:40 <jdstrand> sbeattie: hehe 18:04:01 * jdstrand moves along 18:04:26 <jdstrand> [TOPIC] Weekly stand-up report 18:04:35 <jdstrand> I'll go first 18:05:21 <jdstrand> last week I was on triage and updated UCT to integrate with Debian's secure-testing even more 18:05:47 <jdstrand> I fixed some bugs in the triage process, so hopefully that will be even better 18:05:56 <jdstrand> tyhicks: let me know if you encounter any bugs 18:06:03 <jdstrand> this week I am on community 18:06:10 <jdstrand> and am patch piloting today 18:06:26 <jdstrand> libxml2 should go out today 18:06:59 <jdstrand> I have not been able to catchup on archive admin deNEWs, or auditing. I'm hopeful I'll get caught up on that this week 18:07:25 <jdstrand> between that and an embargoed issue I am working on, I should be able to get back to reactive work soonish 18:07:47 <jdstrand> that should be it from me 18:07:51 <jdstrand> mdeslaur: you're up 18:08:07 <mdeslaur> I've finally pushed out the python-httplib2 updates this morning 18:08:17 <jdstrand> \o/ 18:08:19 <mdeslaur> so everything that uses that library should be properly checking server certificates now 18:08:38 <mdeslaur> I've uploaded some preliminary mysql updates to the security-proposed PPA 18:09:01 <mdeslaur> I've just done basic upgrade testing with them, but haven't run the qa scripts yet, or the exhaustive test suite 18:09:13 <mdeslaur> if anyone is interested, testing feedback is appreciated 18:09:23 <mdeslaur> once I've tested them, I'll be pushing them to -proposed 18:09:30 <mdeslaur> and will send out a public call for testing 18:09:37 <mdeslaur> and will release them a week or two after that 18:09:54 <mdeslaur> I also have some postgresql updates to build and release 18:10:07 <mdeslaur> and will further go down the list if I have time 18:10:13 <mdeslaur> I am in the happy place this week 18:10:14 <jdstrand> mdeslaur: re mysql> seems reasonable all things considered. thanks for handling that :) 18:10:21 <mdeslaur> that's it from me! 18:10:25 <mdeslaur> sbeattie: you're turn 18:10:40 <sbeattie> I'm in the happy place this week, also. 18:10:40 <mdeslaur> s/you're/your/ 18:10:46 * jdstrand declares this "The Week of the Database" 18:11:31 <sbeattie> I'm working on an eglibc update 18:11:46 <sbeattie> also trying to get one last armel openjdk build to occur 18:12:26 <sbeattie> Otherwise, I'm planning on getting to the open apparmor issues I have on my plate. 18:12:35 <jdstrand> sbeattie: can you remind me how we will deal with this going forward? we will do a micro-release update in -proposed that will allow these to build on pandas? 18:12:36 <sbeattie> I think that's it for me. 18:12:46 <mdeslaur> sbeattie: do you think you'll get those two done this week? (eglibc and openjdk)? 18:12:57 <jdstrand> (and by 'we', I don't necessarily mean you ;) 18:13:25 <sbeattie> jdstrand: yes, this is the last upstream supported release of icedtea 1.8.x , so we need to transition away from there. 18:14:21 <sbeattie> Although, I do fear that the panda issue is a toolchain or kernel issue (I can reproduce the build failure on the porter, and I get a message in dmesg when it fails) 18:14:36 <mdeslaur> ouch 18:14:40 <sbeattie> and that merely moving forward may not solve the issue. 18:15:08 <sbeattie> mdeslaur: this week> yeah, that's the plan. 18:15:15 <jdstrand> sbeattie: if you haven't (istr you have), please forward all your info to doko to see if it is a toolchain issue 18:15:29 <sbeattie> jdstrand: I have not, will do. 18:15:33 <mdeslaur> sbeattie: ok, cool...please do your essential work items after those two...if any other updates come up, throw them my way 18:15:41 <sbeattie> okay. 18:16:18 <sbeattie> micahg: I think you're up. 18:16:22 <jdstrand> sbeattie: thanks! :) 18:16:30 <mdeslaur> sbeattie: thanks! 18:17:26 <micahg> so, I'm working on getting webkit building on stable releases, chromium beta won't even build a source package now, so I'll be looking into that, there's an icedtea regression that affects Firefox 10+ that someone needs to work on, I can take that if sbeattie is working on more pressing things 18:17:47 <mdeslaur> micahg: what's the regression? do we have a fix for it? 18:17:58 <micahg> mdeslaur: fix was uploaded to precise earlier today 18:18:16 <micahg> bug 927282 18:18:17 <ubottu> Launchpad bug 927282 in icedtea-web (Ubuntu) "Java crash with icedtea plugin and Firefox 10+" [High,Triaged] https://launchpad.net/bugs/927282 18:18:46 <mdeslaur> micahg: ah, yes, could you please take that? 18:18:50 <micahg> yes 18:18:54 <mdeslaur> micahg: thanks 18:18:57 <sbeattie> micahg: were you able to reproduce the crash? Have you confirmed that the precise version is fixed? 18:19:16 <micahg> sbeattie: was able to reproduce the crash in oneiric VM, have not tested the precise fix yet 18:19:31 <micahg> I'll test that locally first and then move to build 18:20:10 <micahg> so, that's my top priority ATM (icedtea), then chromium beta and webkit as they're both long builds I can work on them in parallel 18:20:35 <jdstrand> micahg: did you work out the OOM stuff? 18:20:35 <mdeslaur> micahg: cool 18:20:46 <micahg> oh, and powerpc is still broke for Firefox 11, I hope to grab a fix for that so we don't regress the stable releases 18:21:19 <micahg> jdstrand: I forgot cyphermox gave me 2 build flags to fix that, I applied them wrong last night and will kick off a build shortly which hopefully will solve the OOM issues as well 18:21:36 <jdstrand> cool 18:21:47 <jdstrand> micahg: btw, is firefox 11 building now on older releases? 18:22:03 <micahg> yeah, in the beta PPA (amd64/i386) 18:22:29 <jdstrand> excellent 18:22:40 <micahg> I'll have release builds next Friday, but I'd prefer not to wait until release week to fix powerpc 18:23:01 <micahg> i.e. March 9 18:23:34 <micahg> upstream is working on it, so it shouldn't be too much effort on my part 18:23:36 <mdeslaur> micahg: is the fix known? don't spend too much time on powerpc 18:23:42 <jdstrand> seems reasonable, but be mindful we can pull powerpc in later too if needed (it is no an officially supported arch as you know) 18:24:14 <micahg> right 18:24:25 <micahg> that's it for me then 18:24:47 <tyhicks> I am in the triage role this week 18:24:58 <sbeattie> micahg: poke me when you get to the openjdk patch and I give you a little guidance there. 18:25:07 <sbeattie> (sorry tyhicks, go ahead) 18:25:10 <tyhicks> np :) 18:26:12 <tyhicks> I really feel like I can get the ruby1.8 update out today. I said that late last week, but the update breaks a number of puppet spec tests. 18:26:51 <mdeslaur> tyhicks: did you figure out why? 18:27:15 <tyhicks> I've now found bugs opened in the puppet bug tracker for almost all of the issues, so I am in the process of adding those to the expected failure lists in test-puppet.py and then I'll rerun everything again 18:27:36 <mdeslaur> huh 18:27:40 <jdstrand> huh 18:27:45 <tyhicks> mdeslaur: Yeah, hash table list outputs being randomized after fixing the hash table DoS issue 18:27:59 <jdstrand> ah, that would make sense 18:28:04 <mdeslaur> ah, yes, that,s a common problem 18:28:11 * jdstrand has to do something similar with the libxml2 tests 18:28:15 <tyhicks> ok 18:28:36 <tyhicks> After I get that out, I'm going to fix eCryptfs bug #842647 18:28:38 <ubottu> Launchpad bug 842647 in eCryptfs "[git] file blocks duplicated at the end of the file" [High,In progress] https://launchpad.net/bugs/842647 18:28:39 <jdstrand> tyhicks: after the meeting, can you paste the output of a test-puppet.py run? 18:28:45 <tyhicks> jdstrand: sure 18:29:18 <tyhicks> I've got a patch that I started on for that eCryptfs bug, I just need to finish it off and get it upstream 18:29:42 <mdeslaur> tyhicks: cool...so that would pretty much be the last ecryptfs issue for precise? 18:29:48 <tyhicks> mdeslaur: That bug should probably be retargeted for beta 2. Even if I get it fixed and upstream in the next couple days, I don't think it will make it into the beta1 kernel 18:30:30 <mdeslaur> tyhicks: done 18:30:51 <tyhicks> mdeslaur: I still need to quiet down the logging in some error paths (simple fix). I was waiting on the kernel team to decide about turning on CONFIG_DYNAMIC_DEBUG and they determined that it increases the kernel size too much. 18:31:19 <mdeslaur> tyhicks: just replace all the warnings with "eCryptfs is working fine. No need to file a bug." 18:31:37 <jdstrand> lol 18:31:49 <jdstrand> nice one! 18:31:49 <mdeslaur> "This isn't the corruption you are looking for." 18:31:53 <jdstrand> 5 18:31:53 <jdstrand> o/ 18:31:55 <tyhicks> mdeslaur: Heh... or at least ratelimit a few of printks so that a find command doesn't fill up the hard drive ;) 18:31:59 <tyhicks> :) 18:32:03 <mdeslaur> 5 18:32:05 <mdeslaur> \o 18:32:13 <jdstrand> :) 18:32:38 <tyhicks> I've got a few kernel patches I need to review and apply and then I'll get back to my update queue after that 18:32:45 <mdeslaur> tyhicks: cool 18:32:47 <tyhicks> that's it for me 18:32:59 <tyhicks> you're up jjohansen 18:33:00 <jjohansen> I am pushing apparmor patches upstream this week and looking into the bugs that we hit on friday when pushing in the 2.8beta into precise. 18:33:00 <jjohansen> That is a minimization bug, an auditing bug, and what looks like it might be a race in the test suite for mount (no bugs #s on those yet /me needs to sync with jdstrand first). 18:33:00 <jjohansen> Beyond that I need to finish up some misc workitems, add more testing to mount rules, look at why overlayfs is causing bug#925028 when attach_disconnected is not used and the task is not in another namespace), and get the latest dbus stuff into a repository so work can begin on that again. 18:33:32 * tyhicks wonders if jj wrote a bot that watches for me to say 'you're up jjohansen' :) 18:33:35 <mdeslaur> jjohansen: cool 18:33:58 <jjohansen> tyhicks: nah I stole the kt bot 18:34:36 <jjohansen> hrmmm I think thats it from me 18:35:01 <jjohansen> jdstrand: back to you 18:35:01 <sbeattie> jjohansen: I think your status report took longer than an entire kernel team meeting... 18:35:11 <mdeslaur> jjohansen: so, when do you think you'll be sending your stuff to the kernel team? 18:36:03 <jjohansen> sbeattie: hehe, okay you caught me I didn't use the bot I was just waiting and pasted the text 18:36:18 <jjohansen> mdeslaur: I sent them a pull request friday 18:36:39 <mdeslaur> jjohansen: oh, is the minimization issue in user space only? 18:37:09 <jjohansen> mdeslaur: well yes, and no. There is a kernel interface bug it exposed as well that needs to be fixed and pushed 18:37:18 <mdeslaur> jjohansen: ok, cool 18:38:32 <jdstrand> [TOPIC] Highlighted packages 18:38:37 <jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 18:38:42 <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 18:38:56 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/libparallel-forkmanager-perl.html 18:38:59 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/pyftpd.html 18:39:02 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/cabextract.html 18:39:05 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/tesseract.html 18:39:08 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/ayttm.html 18:39:22 <jdstrand> [TOPIC] Miscellaneous and Questions 18:39:26 <jdstrand> Does anyone have any other questions or items to discuss? 18:44:00 * mdeslaur hears crickets 18:45:21 <crickets> chirp chirp 18:45:33 <mdeslaur> hehe 18:46:03 <mdeslaur> jdstrand: fall sleep? :) 18:47:09 * jdstrand was enjoying the chirping 18:47:20 <mdeslaur> chirp chirp 18:47:27 <jdstrand> mdeslaur, sbeattie, micahg, tyhicks, jjohansen: thanks! 18:47:31 <jdstrand> #endmeeting