16:42 #startmeeting 16:42 Meeting started Mon Dec 9 16:42:55 2013 UTC. The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:42 16:42 Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired 16:42 hello 16:42 The meeting agenda can be found at: 16:42 [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:43 [TOPIC] Announcements 16:43 Thanks to Ritesh Khadgaray (ritz) for providing preliminary patches for pixman for precise-saucy (LP: #1197921). Your work is very much appreciated and will keep Ubuntu users secure. Great job! :) 16:43 Launchpad bug 1197921 in xorg-server (Ubuntu Saucy) "LibreOffice spreadsheet causes full Xorg crash with Anti-Aliasing enabled" [Undecided,New] https://launchpad.net/bugs/1197921 16:43 [TOPIC] Weekly stand-up report 16:43 I'll go first 16:43 I'm in the happy place this week 16:44 I've got another short week 16:44 I'm working on some pending updates 16:44 I've also got some apparmor-easyprof-ubuntu work items to do to unblock mardy 16:44 and more 14.04 planning 16:44 mdeslaur: you're up 16:44 I'm on triage this week 16:44 and have just published gimp updates 16:45 I have a few more updates I'm working on 16:45 and am still going down the list, etc. 16:45 that's it from me, sbeattie, you're up 16:46 I don't think he's here so I'll go ahead 16:46 I'm still hardening the goldfish kernel config 16:47 I need to investigate one test failure when running test-click-apparmor.py on goldfish with apparmor enabled 16:47 After that, I'll prepare apparmor and dbus uploads to add support for an 'eavesdrop' permission (all of the code is already written) 16:47 Then I'll start on the user data encryption work items 16:47 that's it for me 16:47 jjohansen: you're up 16:48 oh, I know he's not here today 16:48 sarnold: you're up 16:49 I'm on community this week 16:49 I'll be going through some apparmor patches, I know there's still a few left on the list that I haven't reviewed yet 16:49 and I'll be handling some MIR audits 16:50 there's not many patches left - thanks for reviewing so many last week :) 16:50 I think that's it for me, chrisccoulson, you're up :) 16:50 woo :) 16:50 hi :) 16:50 this week, i've got firefox and thunderbird updates 16:50 and going to get chromium out too 16:51 also, trying to get oxide to build successfully on arm, which is proving to be less fun than i imagine ;) 16:51 **imagined 16:51 chrisccoulson: is is more gyp-finagling? 16:51 s/is is/is it/ 16:51 jdstrand, out of memory when linking 16:51 owwwww 16:51 i'm currently trying a build with gold 16:52 i have another option if that fails 16:52 classic 16:52 heh 16:52 so it's going to be a busy last few days for me before i finish for christmas 16:52 curious that we can get chromium to build but not oxide 16:53 jdstrand, we do a component build of chromium, which carves up all of the modules in to lots of small libraries 16:53 is chromium-browser doing anything special to work around that? 16:53 it's really only a developer option 16:53 I see 16:53 and also, the blink debug symbols are disabled 16:53 we need cross builds ;) 16:53 anyway, i think that's me done 16:54 if your remainging to options don't work, perhaps talk to slangasek (or infinity) on options? 16:54 s/remainging to/remaining two/ 16:55 jdstrand, the component build option would work, although i'd need to make some changes to oxide to support that 16:55 that sounds like it would be quite a bit more work 16:55 I thought all this was supposed to be fixed with the new armhf boxes... 16:55 armhf isn't 64 bit :/ 16:55 chrisccoulson: are we getting a chromium-browser release this week? 16:56 yeah, that's the main problem 16:56 mdeslaur, yeah 16:56 chrisccoulson: oh, sorry, didn't see that comment above 16:56 well, neither is the i386 buildd 16:57 or am I missing something? 16:58 chrisccoulson: ^ 16:58 jdstrand, not sure. perhaps the linker on arm just uses more memory? 16:59 perhaps the builders have less ram? 16:59 ok, well, I think it might make sense to talk to some arm buildd experts before going the component build route (if we are facing that) 16:59 sure 16:59 mdeslaur: that is what I thought, which is why I thought this was all fixed with the new armhf boxes 16:59 they doubled from "almost none" to "slightly more" I believe :) 16:59 maybe the buildd that is getting assigned isn't a new one. infinity could definitely answer those questions 17:00 anyhoo 17:00 let's move on 17:00 TOPIC] Highlighted packages 17:00 The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 17:00 See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 17:00 http://people.canonical.com/~ubuntu-security/cve/pkg/haskell-tls-extra.html 17:00 http://people.canonical.com/~ubuntu-security/cve/pkg/webfs.html 17:00 http://people.canonical.com/~ubuntu-security/cve/pkg/proftpd-dfsg.html 17:00 http://people.canonical.com/~ubuntu-security/cve/pkg/xine-ui.html 17:00 http://people.canonical.com/~ubuntu-security/cve/pkg/gnome-shell.html 17:01 [TOPIC] Miscellaneous and Questions 17:01 Does anyone have any other questions or items to discuss? 17:03 It looks like bug #1158500 is something that we'll need to address 17:03 bug 1158500 in audit (Ubuntu) "auditd fails to add rules when used in precise with -lts-quantal kernel" [Undecided,New] https://launchpad.net/bugs/1158500 17:03 especially now that audit is in main 17:04 chrisccoulson: "we need cross-builds" - cross-building chromium-browser should work, it's just not a complete analogue to what you get with a native build (so won't let you debug all native build failures) 17:04 I'm not going to have the cycles to look into it this week, but it is something that will need to be thought out in time for trusty 17:04 tyhicks: oww :/ 17:04 tyhicks: I think that would be a kernel team issue, no? 17:04 mdeslaur: possibly 17:05 tyhicks: I'd attempt tricking them into taking it first :P 17:05 oh wait, universe, it's community supported 17:06 mdeslaur: it was universe for precise 17:06 yep 17:06 mdeslaur: it will be in main for trusty, which will have the same problem 17:06 how so? 17:07 lts kernel updates will cause the syscall table to be updated 17:07 oooh, yeah, point the kernel team at it then 17:07 it just needs a rebuild? 17:07 I don't know 17:08 I'm not sure where it gets the syscall table from 17:08 ok 17:08 if it gets a rebuild, would that break the release kernel? 17:09 I'd think so 17:09 yikes 17:09 tyhicks: can I add a work item for you to followup with the kernel team on the bug? 17:09 jdstrand: sure 17:09 tyhicks: then we can go from there on who does what 17:11 I imagine we would handle it similarly to the xorg stack 17:11 (ie different packages to go with that kernel) 17:11 but I don't know what that would look like 17:12 yeah, I think they already have a list of packages they need to update/repackage, so that would need to be added 17:12 ah, I didn't realize that was a possibility 17:13 mdeslaur, tyhicks, sarnold, chrisccoulson: thanks! 17:13 #endmeeting