16:42 <jdstrand> #startmeeting 16:42 <meetingology> Meeting started Mon Dec 9 16:42:55 2013 UTC. The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:42 <meetingology> 16:42 <meetingology> Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired 16:42 <tyhicks> hello 16:42 <jdstrand> The meeting agenda can be found at: 16:42 <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:43 <jdstrand> [TOPIC] Announcements 16:43 <jdstrand> Thanks to Ritesh Khadgaray (ritz) for providing preliminary patches for pixman for precise-saucy (LP: #1197921). Your work is very much appreciated and will keep Ubuntu users secure. Great job! :) 16:43 <ubottu> Launchpad bug 1197921 in xorg-server (Ubuntu Saucy) "LibreOffice spreadsheet causes full Xorg crash with Anti-Aliasing enabled" [Undecided,New] https://launchpad.net/bugs/1197921 16:43 <jdstrand> [TOPIC] Weekly stand-up report 16:43 <jdstrand> I'll go first 16:43 <jdstrand> I'm in the happy place this week 16:44 <jdstrand> I've got another short week 16:44 <jdstrand> I'm working on some pending updates 16:44 <jdstrand> I've also got some apparmor-easyprof-ubuntu work items to do to unblock mardy 16:44 <jdstrand> and more 14.04 planning 16:44 <jdstrand> mdeslaur: you're up 16:44 <mdeslaur> I'm on triage this week 16:44 <mdeslaur> and have just published gimp updates 16:45 <mdeslaur> I have a few more updates I'm working on 16:45 <mdeslaur> and am still going down the list, etc. 16:45 <mdeslaur> that's it from me, sbeattie, you're up 16:46 <tyhicks> I don't think he's here so I'll go ahead 16:46 <tyhicks> I'm still hardening the goldfish kernel config 16:47 <tyhicks> I need to investigate one test failure when running test-click-apparmor.py on goldfish with apparmor enabled 16:47 <tyhicks> After that, I'll prepare apparmor and dbus uploads to add support for an 'eavesdrop' permission (all of the code is already written) 16:47 <tyhicks> Then I'll start on the user data encryption work items 16:47 <tyhicks> that's it for me 16:47 <tyhicks> jjohansen: you're up 16:48 <tyhicks> oh, I know he's not here today 16:48 <tyhicks> sarnold: you're up 16:49 <sarnold> I'm on community this week 16:49 <sarnold> I'll be going through some apparmor patches, I know there's still a few left on the list that I haven't reviewed yet 16:49 <sarnold> and I'll be handling some MIR audits 16:50 <tyhicks> there's not many patches left - thanks for reviewing so many last week :) 16:50 <sarnold> I think that's it for me, chrisccoulson, you're up :) 16:50 <sarnold> woo :) 16:50 <chrisccoulson> hi :) 16:50 <chrisccoulson> this week, i've got firefox and thunderbird updates 16:50 <chrisccoulson> and going to get chromium out too 16:51 <chrisccoulson> also, trying to get oxide to build successfully on arm, which is proving to be less fun than i imagine ;) 16:51 <chrisccoulson> **imagined 16:51 <jdstrand> chrisccoulson: is is more gyp-finagling? 16:51 <jdstrand> s/is is/is it/ 16:51 <chrisccoulson> jdstrand, out of memory when linking 16:51 <sarnold> owwwww 16:51 <chrisccoulson> i'm currently trying a build with gold 16:52 <chrisccoulson> i have another option if that fails 16:52 <jdstrand> classic 16:52 <chrisccoulson> heh 16:52 <chrisccoulson> so it's going to be a busy last few days for me before i finish for christmas 16:52 <jdstrand> curious that we can get chromium to build but not oxide 16:53 <chrisccoulson> jdstrand, we do a component build of chromium, which carves up all of the modules in to lots of small libraries 16:53 <jdstrand> is chromium-browser doing anything special to work around that? 16:53 <chrisccoulson> it's really only a developer option 16:53 <jdstrand> I see 16:53 <chrisccoulson> and also, the blink debug symbols are disabled 16:53 <chrisccoulson> we need cross builds ;) 16:53 <chrisccoulson> anyway, i think that's me done 16:54 <jdstrand> if your remainging to options don't work, perhaps talk to slangasek (or infinity) on options? 16:54 <jdstrand> s/remainging to/remaining two/ 16:55 <chrisccoulson> jdstrand, the component build option would work, although i'd need to make some changes to oxide to support that 16:55 <jdstrand> that sounds like it would be quite a bit more work 16:55 <jdstrand> I thought all this was supposed to be fixed with the new armhf boxes... 16:55 <sarnold> armhf isn't 64 bit :/ 16:55 <mdeslaur> chrisccoulson: are we getting a chromium-browser release this week? 16:56 <chrisccoulson> yeah, that's the main problem 16:56 <chrisccoulson> mdeslaur, yeah 16:56 <mdeslaur> chrisccoulson: oh, sorry, didn't see that comment above 16:56 <jdstrand> well, neither is the i386 buildd 16:57 <jdstrand> or am I missing something? 16:58 <jdstrand> chrisccoulson: ^ 16:58 <chrisccoulson> jdstrand, not sure. perhaps the linker on arm just uses more memory? 16:59 <mdeslaur> perhaps the builders have less ram? 16:59 <jdstrand> ok, well, I think it might make sense to talk to some arm buildd experts before going the component build route (if we are facing that) 16:59 <chrisccoulson> sure 16:59 <jdstrand> mdeslaur: that is what I thought, which is why I thought this was all fixed with the new armhf boxes 16:59 <mdeslaur> they doubled from "almost none" to "slightly more" I believe :) 16:59 <jdstrand> maybe the buildd that is getting assigned isn't a new one. infinity could definitely answer those questions 17:00 <jdstrand> anyhoo 17:00 <jdstrand> let's move on 17:00 <jdstrand> TOPIC] Highlighted packages 17:00 <jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 17:00 <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 17:00 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/haskell-tls-extra.html 17:00 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/webfs.html 17:00 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/proftpd-dfsg.html 17:00 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/xine-ui.html 17:00 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/gnome-shell.html 17:01 <jdstrand> [TOPIC] Miscellaneous and Questions 17:01 <jdstrand> Does anyone have any other questions or items to discuss? 17:03 <tyhicks> It looks like bug #1158500 is something that we'll need to address 17:03 <ubottu> bug 1158500 in audit (Ubuntu) "auditd fails to add rules when used in precise with -lts-quantal kernel" [Undecided,New] https://launchpad.net/bugs/1158500 17:03 <tyhicks> especially now that audit is in main 17:04 <slangasek> chrisccoulson: "we need cross-builds" - cross-building chromium-browser should work, it's just not a complete analogue to what you get with a native build (so won't let you debug all native build failures) 17:04 <tyhicks> I'm not going to have the cycles to look into it this week, but it is something that will need to be thought out in time for trusty 17:04 <sarnold> tyhicks: oww :/ 17:04 <mdeslaur> tyhicks: I think that would be a kernel team issue, no? 17:04 <tyhicks> mdeslaur: possibly 17:05 <mdeslaur> tyhicks: I'd attempt tricking them into taking it first :P 17:05 <mdeslaur> oh wait, universe, it's community supported 17:06 <tyhicks> mdeslaur: it was universe for precise 17:06 <mdeslaur> yep 17:06 <tyhicks> mdeslaur: it will be in main for trusty, which will have the same problem 17:06 <mdeslaur> how so? 17:07 <tyhicks> lts kernel updates will cause the syscall table to be updated 17:07 <mdeslaur> oooh, yeah, point the kernel team at it then 17:07 <mdeslaur> it just needs a rebuild? 17:07 <tyhicks> I don't know 17:08 <tyhicks> I'm not sure where it gets the syscall table from 17:08 <mdeslaur> ok 17:08 <jdstrand> if it gets a rebuild, would that break the release kernel? 17:09 <tyhicks> I'd think so 17:09 <jdstrand> yikes 17:09 <jdstrand> tyhicks: can I add a work item for you to followup with the kernel team on the bug? 17:09 <tyhicks> jdstrand: sure 17:09 <jdstrand> tyhicks: then we can go from there on who does what 17:11 <jdstrand> I imagine we would handle it similarly to the xorg stack 17:11 <jdstrand> (ie different packages to go with that kernel) 17:11 <jdstrand> but I don't know what that would look like 17:12 <mdeslaur> yeah, I think they already have a list of packages they need to update/repackage, so that would need to be added 17:12 <tyhicks> ah, I didn't realize that was a possibility 17:13 <jdstrand> mdeslaur, tyhicks, sarnold, chrisccoulson: thanks! 17:13 <jdstrand> #endmeeting