=== vladk|offline is now known as vladk === vladk is now known as vladk|offline === vladk|offline is now known as vladk === vladk is now known as vladk|offline === vladk|offline is now known as vladk === vladk is now known as vladk|offline === vladk|offline is now known as vladk === vladk is now known as vladk|offline === vladk|offline is now known as vladk === shadeslayer_ is now known as shadeslayer === vladk is now known as vladk|offline === vladk|offline is now known as vladk === vladk is now known as vladk|offline [16:30] hi! [16:30] hello [16:30] hi! [16:31] #startmeeting [16:31] huh, the bot seems dead [16:31] The meeting agenda can be found at: [16:31] hi! [16:31] [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting [16:31] [TOPIC] Announcements [16:32] Rohan Garg (rohangarg) provided debdiffs for saucy and trusty for kde4libs (LP: #1332064). Your work is very much appreciated and will keep Ubuntu users secure. Great job! [16:32] Launchpad bug 1332064 in kde4libs (Ubuntu Trusty) "[CVE-2014-3494] KMail/KIO POP3 SSL MITM Flaw" [Undecided,New] https://launchpad.net/bugs/1332064 [16:32] [TOPIC] Weekly stand-up report [16:32] I'll go first [16:32] fyi, I'm off all next week [16:32] I'm on triage this week [16:33] I'm helping test/coordinate the apparmor landing with mdeslaur today. I expect it to be pushed to the archive in a little while [16:33] \o/ [16:33] nice [16:33] I will be working on the ofono profiles bug this week, and any other June work items I can get to [16:33] I have a pending update I will hopefully get out later today [16:33] that's it from me [16:33] mdeslaur: you're up [16:34] I'm on community this week [16:34] I just pushed out a few updates [16:34] and am currently testing the apparmor and other packages that will get published [16:34] I plan on taking a bite out of the long list of accumulating CVEs [16:34] tomorrow, I'm on national holiday [16:35] and I also have to write a wiki page about click store package signing [16:35] that's it from me [16:35] sbeattie: you're up [16:35] so you're planning on uploading the new apparmor and then splitting for day?? ;) [16:35] tyhicks: SUCKS TO BE YOU! [16:35] :) [16:36] I'm still working on pie by default for gcc/amd64. [16:36] heh :) [16:36] (mdeslaur: heh) [16:36] tyhicks: don't be surprised if he is sick tomorrow [16:36] sbeattie: any progress there? [16:37] One thing I discovered is that if an otherwise dynamically linked binary includes a libxxx.a, the object files in that .a file need to be compiled with -fPIE as well, which isn't a big deal when they're in the same package, but could introduce an ordering issue for situations where they're in different source packages. [16:38] interesting, I hadn't heard that before. [16:38] (the apparmor parser does this, but since it's just internal to the source, it's not a big deal) [16:38] sarnold: yeah. I get a link time failure if they're not. [16:40] anyway. Other things for this week: I need to look at a mod_apparmor issue — I missed a note in the 2.2 -> 2.4 transition about the authentication hooks changing, which is causing some of people's problems with the HANDLING_UNTRUSTED_INPUT hat, I think [16:40] and other misc apparmor stuff. [16:41] that's pretty much it for my week. tyhicks? [16:41] I'm wanting to wrap up my rtm work items this week [16:41] "review trust session and lp:trust-store for pid/APP_ID/apparmor/etc" has turned into a design discussion [16:42] and "verify kernel security features in phablet image (besides ufw and apparmor)" just needs a little bit of testing today before I send out the kernel config patches [16:43] I had done one swoop at verifying the kernel security features and enabled everything that we test for in QRT, but there's other things that we don't test for [16:43] things that we're interested in but are not enabled in all of the touch kernels [16:43] (like ecryptfs) [16:43] so I'll add those config tests to QRT after I send out the patches [16:44] tyhicks: thanks for that. [16:44] np [16:44] that's it for me [16:44] jjohansen1: you're up [16:44] tyhicks: design discussion? [16:44] I'm working on my rtm WIs this week [16:44] tyhicks: does that mean you are blocked? [16:45] I also have the latest revision for the touch kernels to land this week, as soon as the new userspace lands [16:45] and I am off tuesday [16:46] jjohansen1: that should land today. does that mean as soon as it lands you can do the pull request? [16:46] rtm WIs == apparmor extended mediation of unix sockets [16:46] jdstrand: yes [16:46] cool [16:47] re your rtm work items-- would it help if tyhicks or sbeattie helped you if they put aside non-rtm work items? [16:48] if so, we can take that offline (just putting it out there) [16:49] jdstrand: no, I'm not blocked - my WI was to review the code and I guess that is technically done [16:49] jdstrand: now it has turned into a discussion on how to improve things [16:50] tyhicks: I see. update the work item as you see fit and continue guiding them as necessary :) thanks for taking that on [16:50] that is it for me sarnold you are up [16:50] jjohansen1: did you see my question about help? [16:52] jdstrand: not yet but soon, I'll poke them later in the week, wednesday, thursday, [16:52] I'm in the happy place this week, there's an openssl098 community update I'm still working on from last week, I'm still working on the qrt test-django script, and I'm hopeful for some apparmor patch reviews to distract me from the test-django work :) [16:52] jdstrand: don't worry I'll poke you to join the party too [16:53] jjohansen1: ok, thanks [16:53] I think that's it for me, chrisccoulson? [16:54] so, bug 1312082 is finished. I'm just waiting on something olivier is finishing before I merge it, so that I don't break his work [16:54] bug 1312082 in Oxide "Stop using deprecated compositing paths" [High,In progress] https://launchpad.net/bugs/1312082 [16:54] i've got through some of my review queue :) [16:55] today, I started on bug 1332754, which should hopefully improve our memory usage a bit [16:55] bug 1332754 in Oxide "Evict frames for hidden webviews" [High,In progress] https://launchpad.net/bugs/1332754 [16:55] other than that, it's business as usual :) [16:56] i think that's me done [16:58] sarnold: there were some other reviews that are listed as work items that we talked about last week-- did you work on those, where are they prioritized for you? [16:58] chrisccoulson: re 1312082> nice! [16:59] chrisccoulson: seems like the media-hub/oxide integration is progressing well (which is part of your reviews I think) [16:59] jdstrand, tyhicks, jjohansen1, chrisccoulson, sarnold, sbeattie: we're nearing the end of june. Please look at your assigned work items, and if anything is marked may or june and you won't be done in the next week, please let me know [16:59] ack [16:59] mdeslaur: okay [16:59] jdstrand: I'd really like to be out from underneath this test-django script, so I was hoping to get it done. I'm sick of it. :) [17:00] sarnold: sure. how close are you? [17:00] jdstrand: it feels like another day or two [17:01] mdeslaur: ack [17:01] ok, cool [17:03] I'm going to proceed-- chrisccoulson feel free to interrupt to answer my question whenever [17:03] [TOPIC] Highlighted packages [17:03] The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. [17:03] See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. [17:03] http://people.canonical.com/~ubuntu-security/cve/pkg/merkaartor.html [17:03] http://people.canonical.com/~ubuntu-security/cve/pkg/libipc-pubsub-perl.html [17:03] http://people.canonical.com/~ubuntu-security/cve/pkg/gridengine.html [17:03] http://people.canonical.com/~ubuntu-security/cve/pkg/autotrace.html [17:03] http://people.canonical.com/~ubuntu-security/cve/pkg/gajim.html [17:03] [TOPIC] Miscellaneous and Questions [17:03] Does anyone have any other questions or items to discuss? [17:07] #endmeeting [17:07] mdeslaur, sbeattie, tyhicks, jjohansen, sarnold, ChrisCoulson: thanks! [17:07] thanks [17:07] thanks jdstrand [17:07] thanks, jdstrand [17:08] thanks jdstrand [17:11] thanks jdstrand === vladk|offline is now known as vladk === vladk is now known as vladk|offline