16:31 <tyhicks> #startmeeting 16:31 <meetingology> Meeting started Mon Nov 30 16:31:19 2015 UTC. The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:31 <meetingology> 16:31 <meetingology> Available commands: action commands idea info link nick 16:31 <tyhicks> The meeting agenda can be found at: 16:31 <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:31 <tyhicks> [TOPIC] Announcements 16:31 <tyhicks> Stefan Bader (smb) provided a debdiff for precise for xen 16:31 <tyhicks> Andreas Cadhalpun provided a debdiff for wily for ffmpeg 16:31 <tyhicks> Thank you for your assistance in keeping Ubuntu users secure! :) 16:31 <tyhicks> [TOPIC] Weekly stand-up report 16:32 <tyhicks> jdstrand: since you'll be in and out, let us know when you're "in" 16:32 <tyhicks> mdeslaur: go ahead 16:32 <mdeslaur> I'm on community this week 16:32 <mdeslaur> I have a gnutls26 update to test and push out 16:32 <mdeslaur> and I'm trying to reproduce an nss issue in xenial 16:32 <mdeslaur> to do that, I'm trying to fix uvt to work properly with xenial 16:33 <mdeslaur> and after that, I may work on some sudo updates that rebase xenial's version for older releases to finally fix the clock issue 16:33 <mdeslaur> that's pretty much it...sbeattie, you're up 16:33 <sbeattie> I'm on bug triage this week. 16:34 <sbeattie> On the pie gcc front, I'm hip deep in kernel build process stuff, trying to figure out all the locations where to disable it. 16:35 <sbeattie> I have an openjdk-6 update to test and push out, along with another package 16:35 <mdeslaur> sbeattie: I saw a gcc-5 upload with some peculiar changelog entries...did it get enabled? 16:36 <sbeattie> mdeslaur: oh, I'm pulling the latest upload down right now, I haven't looked at the changelog. 16:36 <sbeattie> do ko sent me an email asking about stuff. 16:37 <tyhicks> * Add --enable-default-pie option to GCC configure, taken from the trunk. 16:37 <sbeattie> ah, woot! 16:37 <tyhicks> nice :) 16:38 <mdeslaur> does that mean it's on, or just that the option is added? 16:38 <mdeslaur> because that's in the debian changelog part 16:38 <mdeslaur> then there's "* Configure with --enable-default-pie on s390x." 16:40 <sbeattie> yeah, it looks like it just got turned on for s390x. interesting 16:41 <jjohansen> no chance for regressions there 16:41 <sbeattie> anyway, I'll still need to deal with fallout from that, so, along with a shortish week (friday off), that + usual email and kernel triage will probably consume my week 16:41 <sbeattie> tyhicks: you're up 16:42 <tyhicks> I'm on cve triage 16:42 <tyhicks> I need to send off my findings from my mapplauncherd review as well as the code and profile generation bits for confining the generic booster process 16:42 <jdstrand> I'm in 16:42 <tyhicks> jdstrand: go ahead 16:43 <jdstrand> ok, I'm catching up from holiday 16:43 <jdstrand> preparing for a sprint next week 16:43 <jdstrand> have an embargoed item 16:43 <jdstrand> and finishing up some policy work on touch and snappy that I started before the holiday 16:43 <jdstrand> that's it from me 16:44 <tyhicks> thanks 16:45 <tyhicks> I also need to do snappy sprint prep 16:45 <tyhicks> I have a review to do for the snapd socket access checks so that non-root processes can connect 16:45 <tyhicks> and I'm still trying to get to unprivileged AppArmor policy loads inside of a user namespace 16:45 <tyhicks> jjohansen: you're up 16:46 <jjohansen> so I am primarily working on apparmor stacking this week 16:46 <jjohansen> I have some ml followup to do, and some bug follow-up that could eat some time depending on testing 16:47 <jjohansen> primarily bug 1446906, that I am following 16:47 <ubottu> bug 1446906 in lxc (Ubuntu) "lxc container with postfix, permission denied on mailq" [Medium,Confirmed] https://launchpad.net/bugs/1446906 16:47 <tyhicks> jjohansen: could you send that fix to sarnold and myself for review? 16:47 <jjohansen> the kt also has an apparmor related bug in 4.3 that they are looking at, they think it might be test related 16:48 <sarnold> is that the caching timestamp bug? 16:48 <jjohansen> tyhicks: yeah, I want to clean it up a bit first, but I will send it out. Note that its on top of the larger 25 patch series 16:49 <tyhicks> ok 16:49 <jjohansen> sarnold: no, it is to due with mediation of a file based unix domain socket that has been shutdown 16:49 <sarnold> jjohansen: heh, sorry, I meant the one the KT reported that they think is test relatede 16:50 <jjohansen> sarnold: not sure, I have just seen the mention of it and that brad is looking into it 16:50 <jjohansen> so its on my radar but I don't have details yet 16:50 <jjohansen> oh, I should also get ahead of the curve and do the 4.4 rebase, and point tim and and andy at it 16:50 <sarnold> aha. I took a quick look at what they were talking about last week, and I couldn't figure out how on earth that test goes wrong. it feels like it'd be worth taking apparmor out of the equation on that one and try to write a reproduer that does't rely upon upstart .. 16:51 <jjohansen> oh fun, looks like sarnold has volunteered to take that one off my hands :) 16:51 <tyhicks> jjohansen: ISTR you and Tim talking at the sprint about how the 4.4 rebase required no changes from the 4.3 rebase so Tim was just going to handle it himself? 16:52 <jjohansen> tyhicks: that was the 4.3 rebase at the sprint, I haven't looked at 4.4 at all 16:52 <tyhicks> ah 16:52 <jjohansen> though I expect it is similar 16:52 <tyhicks> ok 16:52 <tyhicks> sarnold: you're up 16:52 <sarnold> i'm in the happy place this week 16:53 <sarnold> I'd like to take a short week this week (thinking friday off) 16:53 <sarnold> i will finish the libmicrohttpd mir, will start (and probably finish) the dpdk mir, catch up from holiday email, and hopefully review an apparmor patch or two 16:54 <sarnold> tyhicks feels like he's drowning this week, so perhaps steal a day of cve triage 16:54 <tyhicks> :) 16:54 <sarnold> that's it for me, chrisccoulson? 16:54 <tyhicks> I'll let you know 16:54 <tyhicks> thanks 16:55 <chrisccoulson> So, last week I got the camera working in the browser on the phone. I'm still ironing out some bugs with that (orientation is still messed up, and I'm seeing the device reset frequently as well) 16:55 <sarnold> woo :) 16:55 <chrisccoulson> I also need to get someone to review my changes to libhybris, but I'm not sure who's responsible for that now 16:56 <chrisccoulson> Other than that, I plan to tackle the stuff I wanted to do last week but never got around to :) (bug 1447345), as well as the usual code review stuff 16:56 <ubottu> bug 1447345 in Oxide "Support the unprivileged namespace sandbox" [High,Triaged] https://launchpad.net/bugs/1447345 16:56 <chrisccoulson> (short week too - I'm out on wednesday) 16:56 <chrisccoulson> That's me done 16:57 <tyhicks> chrisccoulson: nice to hear that the camera work is progressing :) 16:57 <tyhicks> [TOPIC] Highlighted packages 16:57 <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 16:57 <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:57 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/pngcrush.html 16:57 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/wv2.html 16:58 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/libxml-dt-perl.html 16:58 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/dimp1.html 16:58 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/xcfa.html 16:58 <tyhicks> [TOPIC] Miscellaneous and Questions 16:58 <tyhicks> Does anyone have any other questions or items to discuss? 16:59 <tyhicks> jdstrand, mdeslaur, sbeattie, jjohansen, sarnold, ChrisCoulson: Thanks! 16:59 <tyhicks> #endmeeting