16:36 <jdstrand> #startmeeting 16:36 <meetingology> Meeting started Mon Nov 17 16:36:04 2014 UTC. The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:36 <meetingology> 16:36 <meetingology> Available commands: action commands idea info link nick 16:36 <jdstrand> The meeting agenda can be found at: 16:36 <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:36 <jdstrand> [TOPIC] Announcements 16:36 <jdstrand> Thanks to Jonathan Riddell (Riddell) who provided debdiffs for lucid-utopic for konversation (LP: #1389296) and debdiffs for precise-utopic for kde-workspace (LP: #1389665). Your work is very much appreciated and will keep our users secure. Great job! :) 16:36 <ubottu> Launchpad bug 1389296 in konversation (Ubuntu Vivid) "konversation: out-of-bounds read on a heap-allocated array" [Undecided,Fix released] https://launchpad.net/bugs/1389296 16:36 <ubottu> Launchpad bug 1389665 in kde-workspace (Ubuntu Utopic) "privilage escalation in clock kcontrol" [Undecided,Fix released] https://launchpad.net/bugs/1389665 16:36 <jdstrand> [TOPIC] Weekly stand-up report 16:36 <jdstrand> I'll go first 16:36 <Riddell> jdstrand: got another one coming shortly.. 16:37 <chrisccoulson> hi! 16:37 <jdstrand> Riddell: cool, thanks! mention it in #ubuntu-hardened (or just subscribe ubuntu-security-sponsors) and we'll get someone assigned 16:38 <jdstrand> so, the good news is I actually got to quite a few updates last week, which was nice 16:39 <jdstrand> the PM team wanted to get a couple of policy updates in for rtm though, so between that and some embargoed work, I didn't get to a number of things I set out to do last week 16:39 <jdstrand> for this week 16:39 <jdstrand> I have more embargoed work 16:39 <jdstrand> I'm on triage 16:40 <jdstrand> I need to finish up my apparmor-easyprof-ubuntu updates for vivid 16:40 <jdstrand> finish the 0.3 click-apparmor upload 16:41 <jdstrand> have more click-reviewers-tools updates that came up last week (I did get to a few fixes there, but need to add these new ones) 16:41 <jdstrand> I think this is the week for me adding derivative branches support to UCT 16:42 <jdstrand> I hope to finish my upstream patch for docker so it can apply policy based on parser capabilities 16:42 <jdstrand> and then I will be attending the cloud sprint on wednesday since they are in town 16:42 <jdstrand> that sounds like an awful lot-- 3 of those are close to done, so hopefully it is actually doable 16:42 <jdstrand> mdeslaur: you're up 16:43 <mdeslaur> \o 16:43 <mdeslaur> I'm on community this week 16:43 <mdeslaur> I'm currently working on sponsoring quassel updates 16:43 <mdeslaur> I have an embargoed issue to test and release 16:43 <mdeslaur> and have further updates beyond that, the list is growing again :P 16:43 <mdeslaur> that's about it, sbeattie, you're up 16:44 <tyhicks> I'll go and we can circle back to him 16:45 <tyhicks> I need to publish an update for apparmor in trusty today (prep and testing is already done) 16:45 <tyhicks> I'll have to knock off all the dust on the instruction manual before doing so 16:46 <jdstrand> heh 16:46 <mdeslaur> tyhicks: is that just for that particular bug, or does it have the tools updates in it too? 16:46 <tyhicks> mdeslaur: it is only for that bug 16:46 <mdeslaur> tyhicks: you mean re-learn the secret handshake :) 16:47 <tyhicks> mdeslaur: it'll be going to -security 16:47 <mdeslaur> ah, right, cool 16:47 <tyhicks> mdeslaur: at least this handshake is well documented :) 16:47 <tyhicks> after that, my focus for this week will be on fixing bug #1390592 and making the apparmor cache handling code a library 16:47 <ubottu> bug 1390592 in apparmor (Ubuntu Trusty) "'ptrace peer=@{profile_name}' does not work on 14.04 (at least) with docker" [High,In progress] https://launchpad.net/bugs/1390592 16:47 <tyhicks> both of those were on my plate last week but the apparmor bug kept me from accomplishing much there 16:47 <tyhicks> that's it for me 16:48 <tyhicks> jjohansen: you're up 16:48 <jjohansen> I need to finish up a kernel sync of apparmor for vivid, after which I will get back to working on apparmor stacking 16:48 <jdstrand> tyhicks: isn't 1390592 the bug for the trusty update? 16:49 <tyhicks> jdstrand: yes - I meant bug #1362469 16:49 <ubottu> bug 1362469 in dbus (Ubuntu) "AppArmor unrequested reply protection generates unallowable denials" [Medium,In progress] https://launchpad.net/bugs/1362469 16:50 <jdstrand> jjohansen: didn't mean to interrupt, please continue 16:50 <jjohansen> np 16:51 <jjohansen> hopefully I will spend some more time poking at the upstreaming of apparmor's labeling bits this week as well 16:52 <jjohansen> that is it for me, sarnold you're up 16:53 <sarnold> I'm in the happy place this week 16:53 <sarnold> last week, on community, otto provided a debdiff for trusty's mariadb-5.5, but I hadn't noticed that utopic didn't already have the 5.5.40 release. So, this week I'll be picking pu the pieces from that update 16:54 <sarnold> I also have two MIRs to work on, thanks for submitting those nice and early in the cycle :) 16:54 <sarnold> and I know there's some outstanding apparmor patches that need review. I'd like to make a sweep through that if there's time left over. 16:54 <sarnold> that's it for me, chrisccoulson? 16:54 <jdstrand> sarnold: I didn't pay attention on friday-- did you get to tvoss code review? 16:55 <sarnold> jdstrand: yes, it looked good to me, I had some follow-up questions that I'm curious about but don't warrant blocking that update from being pushed in 16:55 <jdstrand> nice, thanks 16:55 <mdeslaur> sarnold: If you run out of things to do, I'd appreciate help with some updates 16:55 <sarnold> mdeslaur: okay, thanks 16:56 <chrisccoulson> this week, I've got an oxide update (and hopefully chromium too). Will also be reviewing updates to the mediahub branch. Other than that, it's business as usual 16:56 <chrisccoulson> I'm done btw :) 17:00 <chrisccoulson> I need to drop out btw. I've got to go to the chemist to pick up some antibiotics for one of my kids 17:02 <jdstrand> chrisccoulson: thanks 17:03 * sbeattie is here 17:05 <sbeattie> jdstrand: I can give my status update 17:06 <sbeattie> I'm still working on gcc pie-by-default for amd64; I have gcc packages in https://launchpad.net/~sbeattie/+archive/ubuntu/gcc-pie-amd64/+packages along with a rebuilt glibc 17:07 <sbeattie> I've been trying local builds against it, but keep running into FTBFS with packages (postgres, ruby, python) that aren't caused by my changes, the original build fails (usually in a testsuite) as well. 17:08 <sbeattie> I've rebuilt a couple of packages successfully and verified the binaries are pie on amd64. 17:08 <mdeslaur> cool 17:08 <sbeattie> I need to clean up the gcc patch a bit, and look at its additional testsuite failures. 17:09 <sbeattie> Other than that I have some apparmor patches to review. 17:09 <sbeattie> That's pretty much it for me. 17:09 <sbeattie> jdstrand: back to you. 17:10 <jdstrand> [TOPIC] Highlighted packages 17:10 <jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 17:10 <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 17:10 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/gpw.html 17:10 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/eet.html 17:10 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/icecast2.html 17:11 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/claws-mail-extra-plugins.html 17:11 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/xbuffy.html 17:11 <jdstrand> [TOPIC] Miscellaneous and Questions 17:11 <jdstrand> Does anyone have any other questions or items to discuss? 17:16 <jdstrand> mdeslaur, sbeattie, tyhicks, jjohansen, sarnold, chrisccoulson: thanks! 17:16 <jdstrand> #endmeeting