16:36 <jdstrand> #startmeeting
16:36 <meetingology> Meeting started Mon Nov 17 16:36:04 2014 UTC.  The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
16:36 <meetingology> 
16:36 <meetingology> Available commands: action commands idea info link nick
16:36 <jdstrand> The meeting agenda can be found at:
16:36 <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
16:36 <jdstrand> [TOPIC] Announcements
16:36 <jdstrand> Thanks to Jonathan Riddell (Riddell) who provided debdiffs for lucid-utopic for konversation (LP: #1389296) and debdiffs for precise-utopic for kde-workspace (LP: #1389665). Your work is very much appreciated and will keep our users secure. Great job! :)
16:36 <ubottu> Launchpad bug 1389296 in konversation (Ubuntu Vivid) "konversation: out-of-bounds read on a heap-allocated array" [Undecided,Fix released] https://launchpad.net/bugs/1389296
16:36 <ubottu> Launchpad bug 1389665 in kde-workspace (Ubuntu Utopic) "privilage escalation in clock kcontrol" [Undecided,Fix released] https://launchpad.net/bugs/1389665
16:36 <jdstrand> [TOPIC] Weekly stand-up report
16:36 <jdstrand> I'll go first
16:36 <Riddell> jdstrand: got another one coming shortly..
16:37 <chrisccoulson> hi!
16:37 <jdstrand> Riddell: cool, thanks! mention it in #ubuntu-hardened (or just subscribe ubuntu-security-sponsors) and we'll get someone assigned
16:38 <jdstrand> so, the good news is I actually got to quite a few updates last week, which was nice
16:39 <jdstrand> the PM team wanted to get a couple of policy updates in for rtm though, so between that and some embargoed work, I didn't get to a number of things I set out to do last week
16:39 <jdstrand> for this week
16:39 <jdstrand> I have more embargoed work
16:39 <jdstrand> I'm on triage
16:40 <jdstrand> I need to finish up my apparmor-easyprof-ubuntu updates for vivid
16:40 <jdstrand> finish the 0.3 click-apparmor upload
16:41 <jdstrand> have more click-reviewers-tools updates that came up last week (I did get to a few fixes there, but need to add these new ones)
16:41 <jdstrand> I think this is the week for me adding derivative branches support to UCT
16:42 <jdstrand> I hope to finish my upstream patch for docker so it can apply policy based on parser capabilities
16:42 <jdstrand> and then I will be attending the cloud sprint on wednesday since they are in town
16:42 <jdstrand> that sounds like an awful lot-- 3 of those are close to done, so hopefully it is actually doable
16:42 <jdstrand> mdeslaur: you're up
16:43 <mdeslaur> \o
16:43 <mdeslaur> I'm on community this week
16:43 <mdeslaur> I'm currently working on sponsoring quassel updates
16:43 <mdeslaur> I have an embargoed issue to test and release
16:43 <mdeslaur> and have further updates beyond that, the list is growing again :P
16:43 <mdeslaur> that's about it, sbeattie, you're up
16:44 <tyhicks> I'll go and we can circle back to him
16:45 <tyhicks> I need to publish an update for apparmor in trusty today (prep and testing is already done)
16:45 <tyhicks> I'll have to knock off all the dust on the instruction manual before doing so
16:46 <jdstrand> heh
16:46 <mdeslaur> tyhicks: is that just for that particular bug, or does it have the tools updates in it too?
16:46 <tyhicks> mdeslaur: it is only for that bug
16:46 <mdeslaur> tyhicks: you mean re-learn the secret handshake :)
16:47 <tyhicks> mdeslaur: it'll be going to -security
16:47 <mdeslaur> ah, right, cool
16:47 <tyhicks> mdeslaur: at least this handshake is well documented :)
16:47 <tyhicks> after that, my focus for this week will be on fixing bug #1390592 and making the apparmor cache handling code a library
16:47 <ubottu> bug 1390592 in apparmor (Ubuntu Trusty) "'ptrace peer=@{profile_name}' does not work on 14.04 (at least) with docker" [High,In progress] https://launchpad.net/bugs/1390592
16:47 <tyhicks> both of those were on my plate last week but the apparmor bug kept me from accomplishing much there
16:47 <tyhicks> that's it for me
16:48 <tyhicks> jjohansen: you're up
16:48 <jjohansen> I need to finish up a kernel sync of apparmor for vivid, after which I will get back to working on apparmor stacking
16:48 <jdstrand> tyhicks: isn't 1390592 the bug for the trusty update?
16:49 <tyhicks> jdstrand: yes - I meant bug #1362469
16:49 <ubottu> bug 1362469 in dbus (Ubuntu) "AppArmor unrequested reply protection generates unallowable denials" [Medium,In progress] https://launchpad.net/bugs/1362469
16:50 <jdstrand> jjohansen: didn't mean to interrupt, please continue
16:50 <jjohansen> np
16:51 <jjohansen> hopefully I will spend some more time poking at the upstreaming of apparmor's labeling bits this week as well
16:52 <jjohansen> that is it for me, sarnold you're up
16:53 <sarnold> I'm in the happy place this week
16:53 <sarnold> last week, on community, otto provided a debdiff for trusty's mariadb-5.5, but I hadn't noticed that utopic didn't already have the 5.5.40 release. So, this week I'll be picking pu the pieces from that update
16:54 <sarnold> I also have two MIRs to work on, thanks for submitting those nice and early in the cycle :)
16:54 <sarnold> and I know there's some outstanding apparmor patches that need review. I'd like to make a sweep through that if there's time left over.
16:54 <sarnold> that's it for me, chrisccoulson?
16:54 <jdstrand> sarnold: I didn't pay attention on friday-- did you get to tvoss code review?
16:55 <sarnold> jdstrand: yes, it looked good to me, I had some follow-up questions that I'm curious about but don't warrant blocking that update from being pushed in
16:55 <jdstrand> nice, thanks
16:55 <mdeslaur> sarnold: If you run out of things to do, I'd appreciate help with some updates
16:55 <sarnold> mdeslaur: okay, thanks
16:56 <chrisccoulson> this week, I've got an oxide update (and hopefully chromium too). Will also be reviewing updates to the mediahub branch. Other than that, it's business as usual
16:56 <chrisccoulson> I'm done btw :)
17:00 <chrisccoulson> I need to drop out btw. I've got to go to the chemist to pick up some antibiotics for one of my kids
17:02 <jdstrand> chrisccoulson: thanks
17:03 * sbeattie is here
17:05 <sbeattie> jdstrand: I can give my status update
17:06 <sbeattie> I'm still working on gcc pie-by-default for amd64; I have gcc packages in https://launchpad.net/~sbeattie/+archive/ubuntu/gcc-pie-amd64/+packages along with a rebuilt glibc
17:07 <sbeattie> I've been trying local builds against it, but keep running into FTBFS with packages (postgres, ruby, python) that aren't caused by my changes, the original build fails (usually in a testsuite) as well.
17:08 <sbeattie> I've rebuilt a couple of packages successfully and verified the binaries are pie on amd64.
17:08 <mdeslaur> cool
17:08 <sbeattie> I need to clean up the gcc patch a bit, and look at its additional testsuite failures.
17:09 <sbeattie> Other than that I have some apparmor patches to review.
17:09 <sbeattie> That's pretty much it for me.
17:09 <sbeattie> jdstrand: back to you.
17:10 <jdstrand> [TOPIC] Highlighted packages
17:10 <jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
17:10 <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
17:10 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/gpw.html
17:10 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/eet.html
17:10 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/icecast2.html
17:11 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/claws-mail-extra-plugins.html
17:11 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/xbuffy.html
17:11 <jdstrand> [TOPIC] Miscellaneous and Questions
17:11 <jdstrand> Does anyone have any other questions or items to discuss?
17:16 <jdstrand> mdeslaur, sbeattie, tyhicks, jjohansen, sarnold, chrisccoulson: thanks!
17:16 <jdstrand> #endmeeting