16:37 <tyhicks> #startmeeting 16:37 <meetingology> Meeting started Mon Nov 6 16:37:27 2017 UTC. The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:37 <meetingology> 16:37 <meetingology> Available commands: action commands idea info link nick 16:37 <tyhicks> The meeting agenda can be found at: 16:37 <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:37 <tyhicks> [TOPIC] Announcements 16:37 <tyhicks> Lucas Kocia (lkocia) provided a debdiff for xenial for firewalld (LP: #1617617) 16:37 <ubottu> Launchpad bug 1617617 in firewalld (Ubuntu Xenial) "Firewall configuration can be modified by any logged in user" [Low,Fix released] https://launchpad.net/bugs/1617617 16:37 <tyhicks> Jeremy Bicha (jbicha) provided a debdiff for zesty for gdm3 (LP: #1729354) 16:37 <ubottu> Launchpad bug 1729354 in gdm3 (Ubuntu) "17.04: GDM lock screen can be circumvented when autologin is set" [High,Fix released] https://launchpad.net/bugs/1729354 16:37 <tyhicks> Thank you for your assistance in keeping Ubuntu users secure! :) 16:37 <tyhicks> [TOPIC] Weekly stand-up report 16:37 <tyhicks> jdstrand: you're up 16:38 <mdeslaur> \o 16:38 <leosilva> o/ 16:38 <jdstrand> hello 16:38 <jdstrand> Last week I focused primarily on the customer regression related to the expanded udev tagging work that landed in 2.28. This week I plan: 16:38 <jdstrand> * finish up some new spread tests based for better high-level coverage of security backcends 16:38 <jdstrand> * investigate the udev_enumerate regression ondra reported 16:38 <jdstrand> * investigate the broadcom-asic-control interfacec bug 16:38 <jdstrand> * snapd PR reviews 16:38 <jdstrand> * continue uid/gid work for snap privilege dropping 16:38 <jdstrand> s/based// 16:39 <jdstrand> that's it from me. mdeslaur, you're up 16:39 <mdeslaur> I'm on bug triage this week 16:39 <mdeslaur> I'm currently testing openssl updates. chrisccoulson managed to figure out the regression on armhf caused by the newer gcc on artful+ with some pretty impressive debugging work 16:40 <mdeslaur> and I have a big imagemagick update to look at 16:40 <mdeslaur> that's pretty much it for me, sbeattie? 16:41 <tyhicks> chrisccoulson: thanks for helping out with that openssl build failure 16:41 <tyhicks> chrisccoulson: that was quite impressive work 16:41 <chrisccoulson> no worries :) 16:41 <tyhicks> I'll go and maybe Steve will be around later 16:42 <tyhicks> I've got a couple more eCryptfs kernel patches to review and also need to prepare for the 4.15 merge window (only bug fixes to go up) 16:42 <tyhicks> oh, I'm in the happy place this week 16:43 <tyhicks> I have an embargoed issue 16:43 <tyhicks> and then I'll start work on squashfs reproduceability 16:43 <tyhicks> I got sidetracked last week as we were finalizing the apparmor move to gitlab and figuring out the new processes 16:43 <tyhicks> that's it for me 16:43 <jdstrand> chrisccoulson: btw, that was a pretty awesome debug :) 16:44 <tyhicks> jjohansen isn't around 16:44 <tyhicks> sarnold: you're up 16:44 <jdstrand> re squashfs reproducability> \o/ 16:45 * tyhicks pokes sarnold again 16:45 <sarnold> I'm in the happy place this week; I'll be doing apparmor patch reviews as I can, and embargoed work 16:45 * mdeslaur hands tyhicks the memset magic wand 16:46 <sarnold> I think that should be it for me this week, chrisccoulson? 16:46 <chrisccoulson> I've got a firefox update to prepare, although the update isn't until next week. It's a big one though, so I wouldn't mind people installing it 16:47 <tyhicks> chrisccoulson: let us know when we can start using it 16:48 <chrisccoulson> Then there's rust 1.21. There's still 2 builds that don't complete successfully, but the failures are completely random. I'm not too sure what to do with these yet, but I want to avoid losing another week to this 16:48 <chrisccoulson> (I've just hit retry on one again actually whilst there's not a backlog of builds) 16:49 <sarnold> did we switch to using rust's llvm fork? 16:49 <chrisccoulson> And then hopefully I will actually get time to start working on other things 16:49 <chrisccoulson> sarnold, I've done that already. The only architecture it's caused a problem on is s390x (doesn't build there at all) 16:49 <chrisccoulson> I think that's me done 16:49 <sarnold> argh :/ I was hoping for better than that :( 16:50 <chrisccoulson> I'm hoping this works out better. The last rust update required around 6 patches backporting to llvm. This one intentionally broke a feature entirely with the system llvm. And the next release will require a whole new llvm version 16:51 <chrisccoulson> I can't remember who's next. ratliff? 16:51 <ratliff> I'm in the happy place this week 16:51 <ratliff> I have another article to write 16:52 <ratliff> More work on kpis 16:52 <ratliff> on to you leosilva 16:52 <leosilva> I'm community this week 16:52 <leosilva> I just push an update early 16:52 <leosilva> I'll try to work on vim update (but I'm skeptical about if the patch fix the issue) 16:52 <leosilva> other than that I'll follow with the normal hunting. 16:53 <leosilva> that's all for me... tyhicks it's back to you 16:53 <sbeattie> I can go. 16:53 <sbeattie> I'm on cve triage this week 16:53 <sbeattie> I have an openjdk-8 update to publish today 16:54 <sbeattie> I have some kernel triage stuff to catch up on 16:54 <sbeattie> I'll be looking at identifying needed snap updates 16:54 <sbeattie> And I have some background tasks to work on post the apparmor move to gitlab. 16:54 <sbeattie> That'll likely consume my week. 16:55 <sbeattie> tyhicks: back to you. 16:55 <tyhicks> thanks! 16:55 <tyhicks> [TOPIC] Highlighted packages 16:55 <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 16:55 <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:55 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/udfclient.html 16:55 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/pidgin.html 16:55 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/firebird2.5.html 16:55 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/tcptrack.html 16:55 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/git-annex.html 16:55 <tyhicks> [TOPIC] Miscellaneous and Questions 16:55 <tyhicks> Does anyone have any other questions or items to discuss? 17:00 <tyhicks> jdstrand, mdeslaur, sbeattie, jjohansen, sarnold, ChrisCoulson, ratliff, leosilva: Thanks! 17:00 <tyhicks> #endmeeting