16:32 <tyhicks> #startmeeting 16:32 <meetingology> Meeting started Mon Mar 30 16:32:16 2015 UTC. The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:32 <meetingology> 16:32 <meetingology> Available commands: action commands idea info link nick 16:32 <tyhicks> The meeting agenda can be found at: 16:32 <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:32 <tyhicks> [TOPIC] Weekly stand-up report 16:32 <tyhicks> jdstrand: you're up 16:34 <mdeslaur> \o 16:37 <tyhicks> mdeslaur: would you mind going and then we'll swing back around to jdstrand? 16:37 <mdeslaur> sure! 16:37 <mdeslaur> I'm on community this week 16:37 <mdeslaur> and tomorrow I have patch piloting duties 16:37 <mdeslaur> I'm currently working on tiff and gnupg/libgcrypt updates 16:37 <mdeslaur> and I'll continue down the list, as usual 16:37 <mdeslaur> that's pretty much it, sbeattie? 16:37 <sbeattie> I'm on bug triage this week 16:38 <sbeattie> I'm finishing up testing apparmor for an upload to vivid today or tomorrow 16:38 <sbeattie> I have some upstream patches to review 16:38 <sbeattie> I also still have gcc testing on my plate 16:39 <sbeattie> that's the prioroities for me this week. 16:39 <sbeattie> tyhicks: you're up. 16:39 <tyhicks> I'm on cve triage this week 16:40 <tyhicks> I focused heavily on landing the libapparmor policy cache API changes into upstream apparmor last week 16:40 <tyhicks> there are a few pending improvements/fixups needed but all of those patches are out on the list except for one 16:41 <tyhicks> I'm still working on what would be the best approach 16:41 <tyhicks> as for the other work I plan to do this week... 16:41 <tyhicks> Review the initial snappy launcher code 16:41 <tyhicks> Restart work on AppArmor kernel keyring mediation for user data encryption 16:41 <tyhicks> Finish up the patches to fix bug #1430532 and send them out for review 16:41 <ubottu> bug 1430532 in AppArmor "libapparmor needs a public function to break a context into a label and mode" [Medium,In progress] https://launchpad.net/bugs/1430532 16:42 <tyhicks> and either sarnold or myself need to pick up the python-cryptography MIR (LP: #1430082) this week 16:42 <ubottu> Launchpad bug 1430082 in python-cryptography (Ubuntu) "[MIR] python-cryptography, python-cffi, pycparser, enum34" [High,New] https://launchpad.net/bugs/1430082 16:42 <tyhicks> we'll discuss that later 16:42 <tyhicks> that's it for me 16:42 <tyhicks> jjohansen: you're up 16:44 <jjohansen> so I have a lot of catching up to do this week, I have all too much email to dig (who am I kidding, skim) through, several patches to review, kernel workflow to catchup on and then back to working on apparmor cleanups 16:44 <sarnold> "undo last week" :) 16:45 <tyhicks> jjohansen: before your vacation, you were working on finishing up fixes for bug #1431717 and bug #1430546 16:45 <ubottu> bug 1431717 in AppArmor "audit qualifier does not become effective" [Undecided,Confirmed] https://launchpad.net/bugs/1431717 16:45 <ubottu> bug 1430546 in linux (Ubuntu) "apparmor kernel BUG kills firefox" [Medium,Triaged] https://launchpad.net/bugs/1430546 16:45 * jdstrand says hello 16:45 <tyhicks> jjohansen: do you still have work to do on those? 16:46 <jjohansen> tyhicks: yep, so I bug #1431717 has its fix checked in, and I just have a few edits to patches to the set of man page updates that fell out of that 16:46 <ubottu> bug 1431717 in AppArmor "audit qualifier does not become effective" [Undecided,Confirmed] https://launchpad.net/bugs/1431717 16:47 <tyhicks> ah, that's right 16:47 <jjohansen> and I need to check back in on bug #1430546, which I was waiting for testing of a patched kernel on 16:47 <ubottu> bug 1430546 in linux (Ubuntu) "apparmor kernel BUG kills firefox" [Medium,Triaged] https://launchpad.net/bugs/1430546 16:48 <tyhicks> jjohansen: I see that you're still waiting on testing 16:48 <jjohansen> yeah 16:48 <tyhicks> jjohansen: that's something that I can help with in a day or two if the original reporter doesn't get back to you 16:48 * jjohansen too 16:48 <jjohansen> ack thanks 16:48 <jjohansen> I think that is it for me, sarnold you're up 16:49 <tyhicks> jjohansen: one last reminder, you were also going to 'Followup with kernel team regarding the bug #1423810 and #1423810 fixes landing' 16:49 <ubottu> bug 1423810 in linux-manta (Ubuntu) "apparmor fd_inheritance regression test causes kernel to crash on touch kernel backports" [Medium,In progress] https://launchpad.net/bugs/1423810 16:49 <tyhicks> (no comment needed - just throwing it out there since it was in my notes) 16:49 <tyhicks> sarnold: go ahead :) 16:49 <jjohansen> ack 16:50 <sarnold> I'm in the happy place this week; I'm working on the server-stack automated openstack testing, which is finally feeliung some progress; I think the glance changes in the PPA broke image uploading, so it might even be paying dividends already 16:50 <sbeattie> tyhicks: FYI, 1431717 should be fixed in vivid in with the pending apparmor upload 16:50 <tyhicks> oh nice :) 16:51 <sarnold> there's also some still-outstanding MIRs to work on, conntrack, python-cryptography, ppc64-diag's dependencies.. I won't have time to get through them all, but I should be able to do one this week and probably progress on more 16:51 <sarnold> I also saw some SRU fixes requiring testing, I thought some of thos emight be worth working on too 16:52 <sarnold> I hate seeing fixes go wasted 16:52 <sarnold> that's it for me, chrisccoulson? 16:52 <tyhicks> sarnold: I'd suggest python-cryptography as the first MIR to get back to 16:52 <chrisccoulson> This week, I've got Mozilla updates to do 16:53 <chrisccoulson> I've also still got some work to do to make future firefox releases (from 38 onwards) build on precise. I have it built successfully using a standalone build of gcc 4.8 now, but it doesn't have the hardening flags atm 16:53 <tyhicks> that sounds like good progress 16:54 <chrisccoulson> I got http://bazaar.launchpad.net/~oxide-developers/oxide/oxide.trunk/revision/1017 landed last week too, which fixed the main issues with the browser on arale :) 16:54 <tyhicks> \o/ 16:55 <chrisccoulson> other than that, I'll be focused on bug 1428754, bug 1410996 and bug 1422920 16:55 <tyhicks> chrisccoulson: is bug #1428754 still on your radar for this week? 16:55 <ubottu> bug 1428754 in Oxide "Persist permission request decisions for a session" [High,Triaged] https://launchpad.net/bugs/1428754 16:55 <chrisccoulson> I think that's me done 16:55 <ubottu> bug 1410996 in Oxide "Add WebView.mediaAccessPermissionRequested API" [High,In progress] https://launchpad.net/bugs/1410996 16:55 <ubottu> bug 1422920 in Oxide "Additions to LocationBarController API" [Medium,Triaged] https://launchpad.net/bugs/1422920 16:55 <tyhicks> nevermind :) 16:55 <chrisccoulson> tyhicks, yeah :) 16:56 <tyhicks> jdstrand: you're up 16:56 <jdstrand> sorry I was late 16:57 <jdstrand> so, I think sbeattie and I might have miscommunicated slightly on apparmor. I tested it and click-apparmor over the weekend and this morning and just publiched to the archive 16:57 <jdstrand> published* 16:57 <sarnold> d'oh 16:57 <sbeattie> jdstrand: no worries. 16:57 <jdstrand> I know sbeattie tested previous binaries, but then I uploaded the final one over the weekend 16:58 <jdstrand> (which didn't change his patches, but did need a recompile of course) 16:58 <tyhicks> well that's even better since it takes something off his plate for the week 16:58 <jdstrand> I'm now going to be reviewing mvo's framework policies branch for snappy 16:58 <jdstrand> I have review tools updates for the week 16:58 <jdstrand> and also looking at reviewing mvo's seccomp launcher branch 16:59 <jdstrand> which means I'll be preparing seccomp policy 16:59 <jdstrand> I also have an embargoed issue 16:59 <jdstrand> that's it from me 17:00 <tyhicks> jdstrand: sorry taht I still haven't been able to review the launcher branch - is that something that both of us should do or just one of us? 17:00 <tyhicks> (that was one of the things that I intended to get to this week, too) 17:02 <jdstrand> tyhicks: well, I just didn't want mvo to be blocked on it. at this point I can do it but I'll ask if I need help 17:02 <tyhicks> ok 17:04 <tyhicks> [TOPIC] Highlighted packages 17:04 <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 17:04 <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 17:04 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/nsd3.html 17:04 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/webfs.html 17:04 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/musl.html 17:04 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/gcc-4.6-armhf-cross.html 17:05 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/aria2.html 17:06 <tyhicks> [TOPIC] Miscellaneous and Questions 17:06 <tyhicks> Does anyone have any other questions or items to discuss? 17:07 <tyhicks> jdstrand, mdeslaur, sbeattie, jjohansen, sarnold, chriscoulson: Thanks! 17:07 <tyhicks> #endmeeting