18:13:28 #startmeeting 18:13:28 Meeting started Mon Aug 6 18:13:28 2012 UTC. The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 18:13:28 18:13:28 Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired 18:13:52 The meeting agenda can be found at: 18:13:53 [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 18:13:59 [TOPIC] Announcements 18:14:10 Thanks to the following individuals: 18:14:15 Felix Geyer (debfx) provided debdiffs for oneiric-precise for ruby-actionpack-2.3 (LP: #1030984) 18:14:18 Mike !McClurg (mike-mcclurg) provided a debdiff for precise for xen-api (LP: #1031375) 18:14:23 Your work is very much appreciated and will keep Ubuntu users secure. Great job! :) 18:14:31 [TOPIC] Weekly stand-up report 18:14:41 I'll go first 18:15:21 so, I spent a *lot* of time on webkit and kde/archive admin stuff last week 18:15:49 the former is mostly done, but I need to follow up with some discussions, etc 18:16:14 the latter is done for now. There is more that can be done, but I don't have the stamina to do it atm 18:16:28 :-) 18:16:47 I'm in the happy place 18:17:15 I have a couple of MIR audits left, then after that, recruiting and back to pending updates 18:17:25 mdeslaur: you're up 18:17:40 I'm on community this week 18:17:44 just published the nvidia driver updates 18:17:59 and now I'm looking at koffice and uhm... 18:18:02 what's it called 18:18:03 calligra? 18:18:18 tomorrow, I'll be working on openoffice and libreoffice 18:18:23 and will try and get to libxml too 18:18:26 that's it for me 18:18:33 tyhicks: you're up 18:18:43 mdeslaur: thanks again for working on that mvidia issue 18:18:47 nvidia 18:19:01 * micahg wonders where he went 18:19:01 np 18:19:07 micahg: go ahead 18:19:21 hehe, I wasn't sure who was usually after steve 18:19:35 sorry for aggravating your OCD :) 18:19:45 * jdstrand allows goes with longevity on team 18:19:52 I'm still working on webkit, hopefully will see the light at the end of the tunnel soon, I'm also SRUing a regression fix from the icedtea-web in natty/oneiric for sbeattie 18:19:56 that is the only way I can keep it straight :) 18:20:18 as well as the standard mozilla pretesting of the week 18:20:41 I think that's it for me 18:20:57 I'm covering triage this week for steve 18:21:33 My focus will be on updates and working a new eCryptfs data corruption bug 18:22:01 :\ how widespread is that? 18:22:08 It is intermittent and only happens when downloading really large files, so it will be a fun one :/ 18:22:22 How large is really large? 18:22:35 ScottK: I've only reproduced it with > 3G files 18:22:47 OK. 18:22:48 jdstrand: Not too widespread. I've only seen one report on it. 18:23:02 The concerned eCryptfs user sits back down. 18:23:13 It is very subtle, too. Only one or two bytes changed in the corrupted file. 18:23:23 (at least in the couple times that I was able to reproduce it) 18:23:39 tyhicks: what bug # is that? 18:23:43 * tyhicks looks 18:23:52 tyhicks: let's talk outside of the meeting on how you are reproducing 18:24:22 bug 1027450 18:24:23 Launchpad bug 1027450 in eCryptfs "File corruption in ecryptfs folder" [High,Incomplete] https://launchpad.net/bugs/1027450 18:24:24 jdstrand: ack 18:24:40 That's it for me 18:25:41 jjohansen: you're up 18:25:42 I guess I'm up 18:25:43 I've got a couple of apparmor bugs to look into, cboltz's profile cache failing reported on the ml, and a no new privs issue from hallyn, 18:25:43 While I am at the no new privs issue, I'll also look into how to deal with that in stacking, it may require us to carry some information in the stack 18:25:43 I've got a qrt kernel security failure to finishing looking into 18:25:43 beyond that I'll be pushing out the 3rd iteration of the current patchset with the locking rework, and might include some of the perm remapping, profile hashing and stacking patches with it 18:26:41 jdstrand: back to you 18:27:23 [TOPIC] Highlighted packages 18:27:29 http://people.canonical.com/~ubuntu-security/cve/pkg/syscp.html 18:27:33 http://people.canonical.com/~ubuntu-security/cve/pkg/libhtml-template-pro-perl.html 18:27:36 http://people.canonical.com/~ubuntu-security/cve/pkg/network-manager-openvpn.html 18:27:39 http://people.canonical.com/~ubuntu-security/cve/pkg/gridengine.html 18:27:41 http://people.canonical.com/~ubuntu-security/cve/pkg/ncpfs.html 18:27:59 The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 18:28:05 See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 18:28:11 I pasted the highlighted packages above 18:28:19 [TOPIC] Miscellaneous and Questions 18:28:30 There are a lot of merge opportunities for packages listed in http://people.canonical.com/~ubuntu-security/d2u/. Performing these updates is a great way to help Ubuntu and bolster your developer application. 18:28:39 Does anyone have any other questions or items to discuss? 18:28:47 \o 18:28:53 ScottK: go ahead 18:29:06 The Calligra/KOffice issue is in an embedded copy of wv2. 18:29:23 We also have a packaged wv2 that's significantly older. 18:29:43 The code in the area of the fix is superficially similar, but the package doesn't build with the patch. 18:30:13 I was wondering if when you're looking at Calligra/KOffice you might have a glance at wv2 and see if you think it's also relevant to it. 18:30:15 .. 18:30:33 it did look relevant at first glance 18:30:55 (I was in a rush on saturday and heaved an updated wv2 at quantal. 18:31:03 It FTBFS. 18:31:18 scottK: that looks like a gcc-4.7 failure 18:31:41 OK. 18:31:46 Thanks. 18:31:54 I'll see if I can find someone to help me with it. 18:32:16 (that or remove the package, there aren't any users for the lib and it's dead upstream other than the embedded on in Calligra. 18:33:56 ScottK: thanks 18:34:03 any other questions or items to discuss? 18:38:03 mdeslaur, micahg, tyhicks, jjohansen, ScottK: thanks! 18:38:06 #endmeeting