16:36 #startmeeting 16:36 Meeting started Mon Nov 17 16:36:04 2014 UTC. The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:36 16:36 Available commands: action commands idea info link nick 16:36 The meeting agenda can be found at: 16:36 [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:36 [TOPIC] Announcements 16:36 Thanks to Jonathan Riddell (Riddell) who provided debdiffs for lucid-utopic for konversation (LP: #1389296) and debdiffs for precise-utopic for kde-workspace (LP: #1389665). Your work is very much appreciated and will keep our users secure. Great job! :) 16:36 Launchpad bug 1389296 in konversation (Ubuntu Vivid) "konversation: out-of-bounds read on a heap-allocated array" [Undecided,Fix released] https://launchpad.net/bugs/1389296 16:36 Launchpad bug 1389665 in kde-workspace (Ubuntu Utopic) "privilage escalation in clock kcontrol" [Undecided,Fix released] https://launchpad.net/bugs/1389665 16:36 [TOPIC] Weekly stand-up report 16:36 I'll go first 16:36 jdstrand: got another one coming shortly.. 16:37 hi! 16:37 Riddell: cool, thanks! mention it in #ubuntu-hardened (or just subscribe ubuntu-security-sponsors) and we'll get someone assigned 16:38 so, the good news is I actually got to quite a few updates last week, which was nice 16:39 the PM team wanted to get a couple of policy updates in for rtm though, so between that and some embargoed work, I didn't get to a number of things I set out to do last week 16:39 for this week 16:39 I have more embargoed work 16:39 I'm on triage 16:40 I need to finish up my apparmor-easyprof-ubuntu updates for vivid 16:40 finish the 0.3 click-apparmor upload 16:41 have more click-reviewers-tools updates that came up last week (I did get to a few fixes there, but need to add these new ones) 16:41 I think this is the week for me adding derivative branches support to UCT 16:42 I hope to finish my upstream patch for docker so it can apply policy based on parser capabilities 16:42 and then I will be attending the cloud sprint on wednesday since they are in town 16:42 that sounds like an awful lot-- 3 of those are close to done, so hopefully it is actually doable 16:42 mdeslaur: you're up 16:43 \o 16:43 I'm on community this week 16:43 I'm currently working on sponsoring quassel updates 16:43 I have an embargoed issue to test and release 16:43 and have further updates beyond that, the list is growing again :P 16:43 that's about it, sbeattie, you're up 16:44 I'll go and we can circle back to him 16:45 I need to publish an update for apparmor in trusty today (prep and testing is already done) 16:45 I'll have to knock off all the dust on the instruction manual before doing so 16:46 heh 16:46 tyhicks: is that just for that particular bug, or does it have the tools updates in it too? 16:46 mdeslaur: it is only for that bug 16:46 tyhicks: you mean re-learn the secret handshake :) 16:47 mdeslaur: it'll be going to -security 16:47 ah, right, cool 16:47 mdeslaur: at least this handshake is well documented :) 16:47 after that, my focus for this week will be on fixing bug #1390592 and making the apparmor cache handling code a library 16:47 bug 1390592 in apparmor (Ubuntu Trusty) "'ptrace peer=@{profile_name}' does not work on 14.04 (at least) with docker" [High,In progress] https://launchpad.net/bugs/1390592 16:47 both of those were on my plate last week but the apparmor bug kept me from accomplishing much there 16:47 that's it for me 16:48 jjohansen: you're up 16:48 I need to finish up a kernel sync of apparmor for vivid, after which I will get back to working on apparmor stacking 16:48 tyhicks: isn't 1390592 the bug for the trusty update? 16:49 jdstrand: yes - I meant bug #1362469 16:49 bug 1362469 in dbus (Ubuntu) "AppArmor unrequested reply protection generates unallowable denials" [Medium,In progress] https://launchpad.net/bugs/1362469 16:50 jjohansen: didn't mean to interrupt, please continue 16:50 np 16:51 hopefully I will spend some more time poking at the upstreaming of apparmor's labeling bits this week as well 16:52 that is it for me, sarnold you're up 16:53 I'm in the happy place this week 16:53 last week, on community, otto provided a debdiff for trusty's mariadb-5.5, but I hadn't noticed that utopic didn't already have the 5.5.40 release. So, this week I'll be picking pu the pieces from that update 16:54 I also have two MIRs to work on, thanks for submitting those nice and early in the cycle :) 16:54 and I know there's some outstanding apparmor patches that need review. I'd like to make a sweep through that if there's time left over. 16:54 that's it for me, chrisccoulson? 16:54 sarnold: I didn't pay attention on friday-- did you get to tvoss code review? 16:55 jdstrand: yes, it looked good to me, I had some follow-up questions that I'm curious about but don't warrant blocking that update from being pushed in 16:55 nice, thanks 16:55 sarnold: If you run out of things to do, I'd appreciate help with some updates 16:55 mdeslaur: okay, thanks 16:56 this week, I've got an oxide update (and hopefully chromium too). Will also be reviewing updates to the mediahub branch. Other than that, it's business as usual 16:56 I'm done btw :) 17:00 I need to drop out btw. I've got to go to the chemist to pick up some antibiotics for one of my kids 17:02 chrisccoulson: thanks 17:03 * sbeattie is here 17:05 jdstrand: I can give my status update 17:06 I'm still working on gcc pie-by-default for amd64; I have gcc packages in https://launchpad.net/~sbeattie/+archive/ubuntu/gcc-pie-amd64/+packages along with a rebuilt glibc 17:07 I've been trying local builds against it, but keep running into FTBFS with packages (postgres, ruby, python) that aren't caused by my changes, the original build fails (usually in a testsuite) as well. 17:08 I've rebuilt a couple of packages successfully and verified the binaries are pie on amd64. 17:08 cool 17:08 I need to clean up the gcc patch a bit, and look at its additional testsuite failures. 17:09 Other than that I have some apparmor patches to review. 17:09 That's pretty much it for me. 17:09 jdstrand: back to you. 17:10 [TOPIC] Highlighted packages 17:10 The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 17:10 See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 17:10 http://people.canonical.com/~ubuntu-security/cve/pkg/gpw.html 17:10 http://people.canonical.com/~ubuntu-security/cve/pkg/eet.html 17:10 http://people.canonical.com/~ubuntu-security/cve/pkg/icecast2.html 17:11 http://people.canonical.com/~ubuntu-security/cve/pkg/claws-mail-extra-plugins.html 17:11 http://people.canonical.com/~ubuntu-security/cve/pkg/xbuffy.html 17:11 [TOPIC] Miscellaneous and Questions 17:11 Does anyone have any other questions or items to discuss? 17:16 mdeslaur, sbeattie, tyhicks, jjohansen, sarnold, chrisccoulson: thanks! 17:16 #endmeeting