16:37 #startmeeting 16:37 Meeting started Mon Nov 6 16:37:27 2017 UTC. The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:37 16:37 Available commands: action commands idea info link nick 16:37 The meeting agenda can be found at: 16:37 [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:37 [TOPIC] Announcements 16:37 Lucas Kocia (lkocia) provided a debdiff for xenial for firewalld (LP: #1617617) 16:37 Launchpad bug 1617617 in firewalld (Ubuntu Xenial) "Firewall configuration can be modified by any logged in user" [Low,Fix released] https://launchpad.net/bugs/1617617 16:37 Jeremy Bicha (jbicha) provided a debdiff for zesty for gdm3 (LP: #1729354) 16:37 Launchpad bug 1729354 in gdm3 (Ubuntu) "17.04: GDM lock screen can be circumvented when autologin is set" [High,Fix released] https://launchpad.net/bugs/1729354 16:37 Thank you for your assistance in keeping Ubuntu users secure! :) 16:37 [TOPIC] Weekly stand-up report 16:37 jdstrand: you're up 16:38 \o 16:38 o/ 16:38 hello 16:38 Last week I focused primarily on the customer regression related to the expanded udev tagging work that landed in 2.28. This week I plan: 16:38 * finish up some new spread tests based for better high-level coverage of security backcends 16:38 * investigate the udev_enumerate regression ondra reported 16:38 * investigate the broadcom-asic-control interfacec bug 16:38 * snapd PR reviews 16:38 * continue uid/gid work for snap privilege dropping 16:38 s/based// 16:39 that's it from me. mdeslaur, you're up 16:39 I'm on bug triage this week 16:39 I'm currently testing openssl updates. chrisccoulson managed to figure out the regression on armhf caused by the newer gcc on artful+ with some pretty impressive debugging work 16:40 and I have a big imagemagick update to look at 16:40 that's pretty much it for me, sbeattie? 16:41 chrisccoulson: thanks for helping out with that openssl build failure 16:41 chrisccoulson: that was quite impressive work 16:41 no worries :) 16:41 I'll go and maybe Steve will be around later 16:42 I've got a couple more eCryptfs kernel patches to review and also need to prepare for the 4.15 merge window (only bug fixes to go up) 16:42 oh, I'm in the happy place this week 16:43 I have an embargoed issue 16:43 and then I'll start work on squashfs reproduceability 16:43 I got sidetracked last week as we were finalizing the apparmor move to gitlab and figuring out the new processes 16:43 that's it for me 16:43 chrisccoulson: btw, that was a pretty awesome debug :) 16:44 jjohansen isn't around 16:44 sarnold: you're up 16:44 re squashfs reproducability> \o/ 16:45 * tyhicks pokes sarnold again 16:45 I'm in the happy place this week; I'll be doing apparmor patch reviews as I can, and embargoed work 16:45 * mdeslaur hands tyhicks the memset magic wand 16:46 I think that should be it for me this week, chrisccoulson? 16:46 I've got a firefox update to prepare, although the update isn't until next week. It's a big one though, so I wouldn't mind people installing it 16:47 chrisccoulson: let us know when we can start using it 16:48 Then there's rust 1.21. There's still 2 builds that don't complete successfully, but the failures are completely random. I'm not too sure what to do with these yet, but I want to avoid losing another week to this 16:48 (I've just hit retry on one again actually whilst there's not a backlog of builds) 16:49 did we switch to using rust's llvm fork? 16:49 And then hopefully I will actually get time to start working on other things 16:49 sarnold, I've done that already. The only architecture it's caused a problem on is s390x (doesn't build there at all) 16:49 I think that's me done 16:49 argh :/ I was hoping for better than that :( 16:50 I'm hoping this works out better. The last rust update required around 6 patches backporting to llvm. This one intentionally broke a feature entirely with the system llvm. And the next release will require a whole new llvm version 16:51 I can't remember who's next. ratliff? 16:51 I'm in the happy place this week 16:51 I have another article to write 16:52 More work on kpis 16:52 on to you leosilva 16:52 I'm community this week 16:52 I just push an update early 16:52 I'll try to work on vim update (but I'm skeptical about if the patch fix the issue) 16:52 other than that I'll follow with the normal hunting. 16:53 that's all for me... tyhicks it's back to you 16:53 I can go. 16:53 I'm on cve triage this week 16:53 I have an openjdk-8 update to publish today 16:54 I have some kernel triage stuff to catch up on 16:54 I'll be looking at identifying needed snap updates 16:54 And I have some background tasks to work on post the apparmor move to gitlab. 16:54 That'll likely consume my week. 16:55 tyhicks: back to you. 16:55 thanks! 16:55 [TOPIC] Highlighted packages 16:55 The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 16:55 See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:55 https://people.canonical.com/~ubuntu-security/cve/pkg/udfclient.html 16:55 https://people.canonical.com/~ubuntu-security/cve/pkg/pidgin.html 16:55 https://people.canonical.com/~ubuntu-security/cve/pkg/firebird2.5.html 16:55 https://people.canonical.com/~ubuntu-security/cve/pkg/tcptrack.html 16:55 https://people.canonical.com/~ubuntu-security/cve/pkg/git-annex.html 16:55 [TOPIC] Miscellaneous and Questions 16:55 Does anyone have any other questions or items to discuss? 17:00 jdstrand, mdeslaur, sbeattie, jjohansen, sarnold, ChrisCoulson, ratliff, leosilva: Thanks! 17:00 #endmeeting