#ubuntu-meeting log

16:32 <mdeslaur> #startmeeting
16:32 <meetingology> Meeting started Mon May 12 16:32:49 2014 UTC.  The chair is mdeslaur. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
16:32 <meetingology> 
16:32 <meetingology> Available commands: action commands idea info link nick
16:32 <mdeslaur> The meeting agenda can be found at:
16:32 <mdeslaur> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
16:33 <mdeslaur> [TOPIC] Announcements
16:33 <mdeslaur> Thanks to the following contributors for their help on security updates last week:
16:33 <mdeslaur> Otto Kekäläinen (otto) provided debdiffs for trusty for mariadb-5.5 (LP: #1313187)
16:33 <mdeslaur> James Page (jamespage) provided a debdiff for trusty for mysql-5.6 (LP: #1313566)
16:33 <mdeslaur> Reinhard Tartler (siretart) provided an updated libav package for trusty (LP: #1277173)
16:33 <mdeslaur> Your work is very much appreciated and will keep Ubuntu users secure. Great job! :)
16:33 <ubottu> Launchpad bug 1313187 in mariadb-5.5 (Ubuntu Utopic) "USN-2170-1: MySQL vulnerabilities also applies to MariaDB" [Undecided,Fix released] https://launchpad.net/bugs/1313187
16:33 <ubottu> Launchpad bug 1313566 in mysql-5.6 (Ubuntu Utopic) "mysql 5.6.17 security update tracking bug" [High,Fix released] https://launchpad.net/bugs/1313566
16:33 <ubottu> Launchpad bug 1277173 in libav (Ubuntu) "February 2014 libav security tracking bug" [High,Fix committed] https://launchpad.net/bugs/1277173
16:33 <mdeslaur> [TOPIC] Review of any previous action items
16:33 <mdeslaur> none
16:33 <mdeslaur> [TOPIC] Weekly stand-up report
16:33 <mdeslaur> I'll go first
16:33 <mdeslaur> I'm in the happy place this week.
16:33 <mdeslaur> I'm working on some updates, and I'll probably be doing the embargoed issue tomorrow
16:33 <mdeslaur> I also have to review blueprints
16:34 <mdeslaur> and I'm going to plan a meeting to go through them with the rest of you tomorrow
16:34 <mdeslaur> quite possibly around this time
16:34 <mdeslaur> well, a half hour later
16:34 <mdeslaur> that's it from me, sbeattie, you're up
16:35 <sbeattie> I'm working on compiler hardening stuff again; I'm currently looking through the test results for gcc-4.9 for enabling -fstack-protector-strong by default and fixing the way -Wformat and -Wformat-security were being enabled.
16:36 <sbeattie> Things on that front are looking good and I'll probably hand off those patches to doko later today.
16:36 <mdeslaur> sbeattie: cool!
16:36 <sbeattie> Getting -pie by default for amd64 is looking trickier and will take some more time.
16:36 <mdeslaur> sbeattie: trickier in what way?
16:37 <doko> sbeattie, does this mean I get fixes for the testsuite? ;p
16:37 <sbeattie> Defining specs for per-arch where gcc treats i386/amd64 as the same arch is non-obvious/
16:37 <mdeslaur> sbeattie: hrm...what about the idea of conditionally patching it based on arch?
16:38 <sbeattie> doko: not immediately, but yes, I intend to look at those, too; the patches I have reduce the number of failures by a few.
16:38 <mdeslaur> or is that painful for cross-compilation or something?
16:38 <doko> is -fpie already decided?
16:39 <sbeattie> It makes it harder to avoid enabling -pie for -m32 case
16:39 <mdeslaur> doko: for amd64, pretty much yeah
16:40 * doko sees python and cc1 performans going down :-/
16:41 <mdeslaur> doko: buy a faster machine!
16:41 <sbeattie> doko: well, once we have a patch to do that, we can see the impact, if it's bad there than we can revisit and/or disable for just those.
16:42 <sbeattie> anyway. I still need to investigate mod_apparmor and track down some QRT issues with ppc64el this week.
16:42 <sbeattie> And I guess review blueprints, too.
16:42 <sbeattie> That's it for me. tyhicks?
16:43 <tyhicks> I'm wrapping up the dbus merge from debian testing
16:44 <mdeslaur> ah, right, I probably should tackle some merges too
16:44 <tyhicks> there's a new test-dbus.py failure (running make check) that I need to make sure isn't caused by the new apparmor mediation patches
16:45 <tyhicks> then it is back to kdbus (I let the merge and some apparmor testing jump in front of my planned kdbus work from last week)
16:45 <tyhicks> I also need to review blueprints and prepare for the sprint this week, since I'm out next week
16:45 <tyhicks> that's it for me
16:45 <tyhicks> jjohansen: you're up
16:46 <jjohansen> I am working on apparmor this week. I need to spend some time looking at the upstream cross rename patches, there is a reported regression in apparmor with them.
16:46 <jjohansen> I need to finish testing the patchset I have for upstream this week so it can land in time for the next kernel merge window.
16:46 <jjohansen> Hopefully there will be more feedback on the bugs I was poking at last week so I can continue looking at them while the are fresh in my mind
16:46 <jjohansen> There are some outstanding patches I that need to be reviewed on the mailing lists
16:46 <jjohansen> bp to look at
16:46 <jjohansen> and then it will be back to finishing up one of my outstanding patch queues so that it can be kicked out for review
16:47 <mdeslaur> yay
16:48 <sarnold> \o/
16:48 <jjohansen> I think that is it for me, sarnold you're up
16:48 <sarnold> I'm on triage this week
16:48 <sarnold> I have an emargoed update this week
16:49 <sarnold> and I've gotten the test-django script to only 7 instead of 8 failures on trusty, so.. 86% left to go there, I guess
16:49 <mdeslaur> sarnold: heh, nice. did you get it working with the other apache thingy?
16:49 <mdeslaur> mod_wsgi
16:49 <sarnold> mdeslaur: that was the one success :)
16:50 <mdeslaur> cool :)
16:50 <sarnold> mdeslaur: now just to figure out why the other seven still don't play along with mod_wsgi -- they might still be faults in configuration or those tests may also need more modification
16:50 <mdeslaur> sarnold: apache 2.4 moved some stuff around, and required a few more modules
16:51 <sarnold> it might be simple (django changed some of the routing API, but those changes were easy to adapt..)
16:51 <mdeslaur> a lot of the other qrt scripts needed adjustments
16:51 <mdeslaur> it may be related to that
16:51 <sarnold> mdeslaur: yeah, the auth changes required a bit of fiddling too, but at least it lines up exactly with django's change to wsgi as well..
16:53 <sarnold> it's been more work than I first expected. :)
16:53 <sarnold> mdeslaur: back to you :)
16:53 <mdeslaur> sarnold: that's why I gave it to you instead of doing it myself :)
16:53 <mdeslaur> slacker++
16:54 <mdeslaur> [TOPIC] Highlighted packages
16:54 <mdeslaur> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
16:54 <mdeslaur> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
16:54 <mdeslaur> http://people.canonical.com/~ubuntu-security/cve/pkg/nss-pam-ldapd.html
16:54 <mdeslaur> http://people.canonical.com/~ubuntu-security/cve/pkg/openjdk-6.html
16:54 <mdeslaur> http://people.canonical.com/~ubuntu-security/cve/pkg/shibboleth-sp2.html
16:54 <mdeslaur> http://people.canonical.com/~ubuntu-security/cve/pkg/libcgi-application-perl.html
16:54 <mdeslaur> http://people.canonical.com/~ubuntu-security/cve/pkg/encfs.html
16:54 <mdeslaur> [TOPIC] Miscellaneous and Questions
16:54 <mdeslaur> Does anyone have any other questions or items to discuss?
16:55 <mdeslaur> zzzz
16:55 <mdeslaur> Thanks everyone!
16:55 <mdeslaur> #endmeeting