=== vladk|offline is now known as vladk | ||
=== vladk is now known as vladk|offline | ||
=== vladk|offline is now known as vladk | ||
=== dholbach_ is now known as dholbach | ||
=== vladk is now known as vladk|offline | ||
=== vladk|offline is now known as vladk | ||
=== ubott2 is now known as ubottu | ||
=== Trevinho_ is now known as Trevinho | ||
=== Adri2000 is now known as Guest67185 | ||
=== Guest67185 is now known as Adri2000_ | ||
=== doko_ is now known as doko | ||
tyhicks | hello | 16:53 |
---|---|---|
sarnold | hello | 16:53 |
jdstrand | hi! | 16:53 |
jdstrand | #startmeeting | 16:54 |
jdstrand | The meeting agenda can be found at: | 16:54 |
jdstrand | [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting | 16:54 |
mdeslaur | hello! | 16:54 |
jdstrand | [TOPIC] Announcements | 16:54 |
jdstrand | Andrew Starr-Bochicchio (andrewsomething) provided a debdiff for trusty for libtorrent-rasterbar (LP: #1330703) | 16:54 |
ubottu | Launchpad bug 1330703 in libtorrent-rasterbar (Ubuntu Trusty) "[Security] UPNP opens port 0 which fully exposes PC to the internet." [High,Fix released] https://launchpad.net/bugs/1330703 | 16:54 |
jdstrand | James Page (jamespage) provided an update for trusty for percona-xtradb-cluster-5.5 (LP: #1325916) | 16:54 |
ubottu | Launchpad bug 1325916 in percona-xtradb-cluster-5.5 (Ubuntu Utopic) "Update to 5.5.37 for security updates" [Undecided,Fix released] https://launchpad.net/bugs/1325916 | 16:54 |
jdstrand | Felix Geyer (debfx) provided a debdiff for trusty for mumble (LP: #1335597) | 16:54 |
ubottu | Launchpad bug 1335597 in mumble (Ubuntu Saucy) "CVE-2014-3755 and CVE-2014-3756" [Undecided,Confirmed] https://launchpad.net/bugs/1335597 | 16:54 |
jdstrand | Louis Bouchard (caribou) provided a debdiff for precise-utopic for openssl098 (LP: #1331452) | 16:54 |
ubottu | Launchpad bug 1331452 in openssl098 (Ubuntu Utopic) "Please backport current CVEs for Precise LTS openssl098" [High,Fix released] https://launchpad.net/bugs/1331452 | 16:54 |
jdstrand | Your work is very much appreciated and will keep Ubuntu users secure. Great job! | 16:54 |
jdstrand | [TOPIC] Weekly stand-up report | 16:54 |
jdstrand | I'll go first | 16:54 |
jdstrand | I'm back from vacation so am catching up on what I missed | 16:55 |
jdstrand | seems to be going ok so far | 16:55 |
jdstrand | thank you for covering for me | 16:55 |
jdstrand | I'm off Wednesday | 16:55 |
jdstrand | I plan to do apparmor testing of jjohansen's abstract socket mediation patch set | 16:55 |
mdeslaur | jdstrand: it was easy, I just did /nick jdstrand "I don't know." all week | 16:55 |
jdstrand | hehe | 16:55 |
jdstrand | I have an rtm work item I will be working on for click-apparmor | 16:56 |
jdstrand | and I need to really get cracking on the performance reviews | 16:56 |
jdstrand | mdeslaur: you're up | 16:56 |
mdeslaur | I'm on triage this week | 16:56 |
mdeslaur | I've got a few updates to test and release, including dbus | 16:56 |
mdeslaur | and am currently working on php5 updates | 16:56 |
mdeslaur | the list is getting long, so that's what I'll be doing the rest of the week also | 16:57 |
mdeslaur | that's it for me! sbeattie, you're up | 16:57 |
sbeattie | I'm also back from vacation and catching up on what I missed | 16:57 |
sbeattie | I digging back into the gcc pie stuff | 16:57 |
mdeslaur | ah crud, I forgot about smb's xen updates last week...I'll be sponsoring that too | 16:58 |
sbeattie | I need to sync up with jjohansen | 16:58 |
mdeslaur | sbeattie: hrm, please ask if jj has anything for you to help with before looking at gcc again | 16:58 |
sbeattie | mdeslaur: heh, yeah, that's what I'm trying to say. | 16:59 |
mdeslaur | cool | 16:59 |
sbeattie | mdeslaur: but ack | 16:59 |
sbeattie | anyway, that's pretty much it for me | 16:59 |
sbeattie | tyhicks: you're up | 16:59 |
tyhicks | I'm currently fixing an eCryptfs kernel bug | 16:59 |
tyhicks | it doesn't yet have an official bug, but it is mentioned in another bug: https://bugzilla.kernel.org/show_bug.cgi?id=41692#c2 | 17:00 |
ubottu | bugzilla.kernel.org bug 41692 in ecryptfs "Obscure improper EACCES with ecryptfs_xattr_metadata" [Normal,New] | 17:00 |
tyhicks | I also plan to review a patch for an upcoming file encryption kernel feature | 17:01 |
tyhicks | I need to rebase my dbus merge against the latest version debian testing | 17:01 |
tyhicks | and then push it through | 17:02 |
tyhicks | and then I'd like to take a look at my outstanding work items | 17:02 |
mdeslaur | tyhicks: helping jj with whatever tasks he has to land the stuff for rtm has priority | 17:02 |
tyhicks | I think "implement kernel postinst policy compiles" work item from last month would be a good one to start on | 17:02 |
jdstrand | so, jjohansen said earlier that he would likely have some abstract patches | 17:02 |
tyhicks | ok | 17:02 |
jdstrand | mdeslaur: perhaps tyhicks can help with the Ubuntu packaging/testing? | 17:03 |
tyhicks | jjohansen: give me anything you'd like and I'll drop whatever I'm working on | 17:03 |
mdeslaur | definitely | 17:03 |
tyhicks | ok | 17:03 |
jdstrand | cool, yeah, let's have tyhicks take the lead on the Ubuntu landing. | 17:03 |
* tyhicks nods | 17:03 | |
jdstrand | tyhicks: I'll work with you on that like last time | 17:03 |
tyhicks | ok | 17:03 |
tyhicks | that's it for me | 17:04 |
tyhicks | jjohansen: you're up | 17:04 |
jjohansen | well gee, I think its all been covered already :) | 17:04 |
jdstrand | hehe | 17:04 |
jdstrand | jjohansen: you are the man of the hour :) | 17:04 |
jjohansen | I need to sync up with sbeattie, and jdstrand | 17:04 |
jjohansen | I need to push out the abstract socket patches, I am currently doing some revisions on them | 17:05 |
tyhicks | jjohansen: are you revising the kernel or userspace patches? (or both?) | 17:05 |
jjohansen | tyhicks: both | 17:05 |
tyhicks | ok | 17:05 |
tyhicks | I'll watch the list for the userspace patches and then start packaging them up | 17:06 |
jjohansen | tyhicks: I'll start kicking stuff out today, I'll push the userspace first | 17:06 |
tyhicks | sounds good | 17:06 |
jdstrand | jjohansen: will this include the backports for the touch kernels? | 17:07 |
jjohansen | once the abstract/anonymous socket mediation patches look good, I have to get some patches together to push upstream | 17:07 |
jjohansen | jdstrand: uh sort of | 17:08 |
jdstrand | ? | 17:09 |
jjohansen | jdstrand: its a set of changes on top of the current stuff. I expect we are going to just drop it as a diff on top of the current set. So now rebase etc is needed | 17:09 |
jdstrand | ok, that's sounds fine | 17:09 |
jjohansen | I can certainly build touch kernels with the diff on top of the current | 17:09 |
jdstrand | we can't consider this landed until it is both userspace and the touch kernels | 17:10 |
jjohansen | jdstrand: correct | 17:10 |
jdstrand | so I just wanted to ask | 17:10 |
jdstrand | jjohansen: for tyhicks and myself, we'll need generic amd64 (at least, perhaps i386), mako and goldfish | 17:10 |
jjohansen | jdstrand: for landing there is some dependency ordering on policy | 17:10 |
jdstrand | sure | 17:10 |
jjohansen | right | 17:10 |
jdstrand | like last time | 17:10 |
jjohansen | kernel is not dependent on userspace and userspace on kernel, so just policy | 17:11 |
jjohansen | yep | 17:11 |
jdstrand | so we don't have to hash that our all here. sounds like things are in order, we just need to execute | 17:11 |
* jdstrand is excited, but slightly worried about the policy changes | 17:11 | |
jdstrand | jjohansen: have you seen anything scary wrt policy changes? | 17:12 |
jjohansen | define scary :) | 17:12 |
mdeslaur | scary as in "breaks everything" | 17:12 |
jdstrand | I'm hoping it'll be a more or less non-event for upgraders (ie, we can tweak base and apparmor-easyprof-ubuntu accordingly) | 17:12 |
jdstrand | I'm also hoping that we don't have bad required policy | 17:13 |
jjohansen | uh yeah if rules aren't in place you can break things that are using abstract sockets | 17:13 |
jdstrand | like apps have to talk to the upstart abstract socket for some reason | 17:13 |
jjohansen | think just like with the unix socket fix that was done with saucy, without certain rules in place you fail to boot | 17:14 |
jdstrand | jjohansen: right, I meant in your work, have you seen anything that was obvious that it couldn't be handled well by adjusting base, etc | 17:14 |
jdstrand | or do we expect things to be similar to signal/ptrace mediation | 17:14 |
jdstrand | (which went very well) | 17:15 |
jjohansen | jdstrand: hrmmm, I haven't really thought about where the best place for the additions is, we certainly can add to base | 17:15 |
jjohansen | yep | 17:15 |
jdstrand | ok, that's fine. just wondering if you had a feel for it yet. we certainly will once the patches go up :) | 17:15 |
* jdstrand is done with his questions | 17:16 | |
jjohansen | jdstrand: so my feel is we will stuff some of it in base. which is fine, its just a matter of tuning how tight you want things | 17:17 |
* jjohansen is done, sarnold you're up | 17:17 | |
jdstrand | cool, sounds great | 17:17 |
jdstrand | we'll discuss all that in #apparmor when the time is right | 17:17 |
* sarnold hides | 17:17 | |
sarnold | I'm on community this week; I have a MIR for trust-store to work on, blueprint items to work on, and it sounds like jj's going to give me a giant gift-wrapped bow-tied balloon-festooned box of new patches to review! \o/ | 17:18 |
mdeslaur | sarnold: are you still working with mterry on phone password handling? | 17:19 |
sarnold | mdeslaur: let me go reload that bug :) | 17:19 |
sarnold | s/bug/merge request/ | 17:19 |
mdeslaur | sarnold: I believe he had some follow up questions about how to handle empty passwords, etc, and I told him to work that out with you | 17:20 |
sarnold | mdeslaur: ah, looks like he's got wonderful answers to my questions, no new questions, looks like he's probably good :D | 17:20 |
sarnold | mdeslaur: ah right, and the securetty bits. i'm sorry I forgot about those. | 17:20 |
mdeslaur | sarnold: ping him when you get a chance and follow up to make sure all is resolved, please | 17:21 |
sarnold | mdeslaur: ack :) | 17:21 |
sarnold | I think that's me done, chrisccoulson? | 17:22 |
chrisccoulson | hi :) | 17:22 |
chrisccoulson | this week, I'm looking at getting daily builds going for oxide (I did a hangout last week with oSoMoN and psivaa, and we decided to separate the CI and daily builds tasks, with me taking the latter) | 17:23 |
chrisccoulson | also, will hopefully be testing and publishing a chromium update from chad :) | 17:23 |
mdeslaur | \o/ | 17:24 |
chrisccoulson | and, there'll be an oxide update too (with the new chromium release in) | 17:24 |
chrisccoulson | so, if you're using webapps in trusty, please do install the oxide build from https://launchpad.net/~ubuntu-mozilla-security/+archive/ppa/ | 17:24 |
mdeslaur | sweet | 17:25 |
jdstrand | chrisccoulson: re daily builds> oh nice :) | 17:26 |
chrisccoulson | also, when I did our hangout last week, I did a little diagram explaining the release cycle: https://docs.google.com/a/canonical.com/presentation/d/1cJ_2nhHgv1A4tMUy4-7Tc1kt5r861a0CnYaG9GiOqIo/edit?usp=sharing | 17:26 |
jdstrand | very nice on oxide update for trusty too | 17:26 |
mdeslaur | cool | 17:27 |
chrisccoulson | I'll put that in a blog post soon (the diagram is currently not publically shared, although there's no reason it shouldn't be) | 17:27 |
chrisccoulson | so the link won't work for anyone outside of canonical atm | 17:27 |
jdstrand | cool | 17:27 |
chrisccoulson | I think that's me done | 17:28 |
jdstrand | chrisccoulson: so, I think we need some sort of MRE like thing for oxide | 17:29 |
jdstrand | https://wiki.ubuntu.com/StableReleaseUpdates/MicroReleaseExceptions | 17:29 |
sarnold | meal ready to eat? | 17:29 |
sarnold | oh jeeze | 17:29 |
chrisccoulson | aha :) | 17:29 |
jdstrand | chrisccoulson: perhaps mdeslaur can help there since he is on the TB | 17:30 |
jdstrand | it is the plan of action, but it hasn't been ratified by the TB | 17:30 |
mdeslaur | since there are security fixes included, no need for a mre | 17:30 |
mdeslaur | if you ever want to publish new versions with only fixes, you need an mre | 17:31 |
jdstrand | this will have more than security updates aiui | 17:31 |
jdstrand | just like firefox and chromium-browser | 17:31 |
mdeslaur | doesn't matter, the mres are only for SRUs | 17:31 |
jdstrand | (which have MREs) | 17:31 |
jdstrand | ok, fair enough | 17:31 |
jdstrand | makes it easier :) | 17:31 |
mdeslaur | I mean, we still should probably ask for one, in case there are updates that don't include security fixes | 17:32 |
* jdstrand nods | 17:32 | |
mdeslaur | once we've done a couple via security updates, chrisccoulson can ask for the MRE | 17:33 |
jdstrand | sounds like a plan | 17:33 |
jdstrand | [TOPIC] Highlighted packages | 17:33 |
jdstrand | http://people.canonical.com/~ubuntu-security/cve/pkg/redis.html | 17:34 |
jdstrand | http://people.canonical.com/~ubuntu-security/cve/pkg/sup-mail.html | 17:34 |
jdstrand | http://people.canonical.com/~ubuntu-security/cve/pkg/forked-daapd.html | 17:34 |
jdstrand | http://people.canonical.com/~ubuntu-security/cve/pkg/syncevolution.html | 17:34 |
jdstrand | http://people.canonical.com/~ubuntu-security/cve/pkg/libjboss-cache3-java.html | 17:34 |
jdstrand | The Ubuntu Security team will highlight some community-supported packages (^) that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. | 17:34 |
jdstrand | See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. | 17:34 |
jdstrand | [TOPIC] Miscellaneous and Questions | 17:34 |
jdstrand | I only have one thing: if you have RTM work items, please work with mdeslaur on finding time to do them. we are rapidly approaching bug fixes only on the phone | 17:35 |
jdstrand | otoh, I have one and then there is the abstract sockets | 17:36 |
jdstrand | (mine is small and should be done this week) | 17:36 |
jdstrand | if you aren't sure if it is for rtm, ask me and mdeslaur | 17:36 |
jdstrand | Does anyone have any other questions or items to discuss? | 17:36 |
=== vladk is now known as vladk|offline | ||
jdstrand | #endmeeting | 17:39 |
jdstrand | mdeslaur, sbeattie, tyhicks, jjohansen, sarnold, ChrisCoulson: thanks! | 17:39 |
sarnold | thanks jdstrand :) | 17:39 |
tyhicks | thanks! | 17:40 |
mdeslaur | thanks jdstrand! | 17:40 |
jjohansen | thanks jdstrand | 17:40 |
jdstrand | where is meeting bot? | 17:40 |
* jdstrand shrugs | 17:40 | |
mdeslaur | jdstrand: it's a national bot holiday today | 17:41 |
jdstrand | hehe | 17:41 |
mdeslaur | either that, or world cup | 17:41 |
sbeattie | heh | 17:42 |
sbeattie | thanks jdstrand | 17:42 |
=== vladk|offline is now known as vladk | ||
=== vladk is now known as vladk|offline | ||
=== vladk|offline is now known as vladk | ||
=== vladk is now known as vladk|offline | ||
=== vladk|offline is now known as vladk | ||
=== vladk is now known as vladk|offline | ||
=== Ursinha is now known as Ursinha-afk |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!