== Meeting == * '''Who''': SecurityTeam * '''When''': [[http://www.timeanddate.com/worldclock/fixedtime.html?month=06&day=23&year=2014&hour=&min=30&sec=0&p1=0|Mon Jun 23rd 2014 16:30 UTC]] * '''End''': 17:00 UTC * '''Where''': #ubuntu-meeting on irc.freenode.net * '''Chaired By''': JamieStrandboge (jdstrand) == Attendance == * jdstrand * mdeslaur * sbeattie * tyhicks * jjohansen * sarnold * chrisccoulson == Not present == * None == Agenda == * Announcements * Rohan Garg (rohangarg) provided debdiffs for saucy and trusty for kde4libs (LP: #1332064). Your work is very much appreciated and will keep Ubuntu users secure. Great job! * Weekly stand-up report (each member discusses any pending and planned future work for the week) * jdstrand * off next week * weekly role: triage * ofono profiles * !AppArmor landing with mdeslaur * pending updates * work items for June * mdeslaur * short week * weekly role: community * pending updates * apparmor upload for utopic * wiki page on click store package singing * sbeattie * still working on pie by default for gcc/amd64 * mod_apparmor * tyhicks * rtm work items * kernel pull request for touch kernel config changes should be done soon * update QRT for the above * jjohansen * kernel pull request for signal/ptrace * apparmor extended mediation of unix sockets * sarnold * sponsored updates * qrt test-django script * !AppArmor patch reviews * chrisccoulson * Bug:1312082 is finished * oxide reviews * Highlighted packages The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. The highlighted packages for this week are: <> * Miscellaneous and Questions == Log == Logbot was unavailable at the time of the meeting. Here is the irc log:{{{ 11:31 < jdstrand> #startmeeting 11:31 < jdstrand> huh, the bot seems dead 11:31 < jdstrand> The meeting agenda can be found at: 11:31 < chrisccoulson> hi! 11:31 < jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 11:31 < jdstrand> [TOPIC] Announcements 11:31 < jdstrand> Rohan Garg (rohangarg) provided debdiffs for saucy and trusty for kde4libs (LP: #1332064). Your work is very much appreciated and will keep Ubuntu users secure. Great job! 11:32 < ubottu> Launchpad bug 1332064 in kde4libs (Ubuntu Trusty) "[CVE-2014-3494] KMail/KIO POP3 SSL MITM Flaw" [Undecided,New] https://launchpad.net/bugs/1332064 11:32 < jdstrand> [TOPIC] Weekly stand-up report 11:32 < jdstrand> I'll go first 11:32 < jdstrand> fyi, I'm off all next week 11:32 < jdstrand> I'm on triage this week 11:33 < jdstrand> I'm helping test/coordinate the apparmor landing with mdeslaur today. I expect it to be pushed to the archive in a little while 11:33 < mdeslaur> \o/ 11:33 < tyhicks> nice 11:33 < jdstrand> I will be working on the ofono profiles bug this week, and any other June work items I can get to 11:33 < jdstrand> I have a pending update I will hopefully get out later today 11:33 < jdstrand> that's it from me 11:33 < jdstrand> mdeslaur: you're up 11:34 < mdeslaur> I'm on community this week 11:34 < mdeslaur> I just pushed out a few updates 11:34 < mdeslaur> and am currently testing the apparmor and other packages that will get published 11:34 < mdeslaur> I plan on taking a bite out of the long list of accumulating CVEs 11:34 < mdeslaur> tomorrow, I'm on national holiday 11:35 < mdeslaur> and I also have to write a wiki page about click store package signing 11:35 < mdeslaur> that's it from me 11:35 < mdeslaur> sbeattie: you're up 11:35 < tyhicks> so you're planning on uploading the new apparmor and then splitting for day?? ;) 11:35 < mdeslaur> tyhicks: SUCKS TO BE YOU! 11:35 < mdeslaur> :) 11:36 < sbeattie> I'm still working on pie by default for gcc/amd64. 11:36 < tyhicks> heh :) 11:36 < sbeattie> (mdeslaur: heh) 11:36 < jjohansen1> tyhicks: don't be surprised if he is sick tomorrow 11:36 < mdeslaur> sbeattie: any progress there? 11:37 < sbeattie> One thing I discovered is that if an otherwise dynamically linked binary includes a libxxx.a, the object files in that .a file need to be compiled with -fPIE as well, which isn't a big deal when they're in the same package, but could introduce an ordering issue for situations where they're in different source packages. 11:38 < sarnold> interesting, I hadn't heard that before. 11:38 < sbeattie> (the apparmor parser does this, but since it's just internal to the source, it's not a big deal) 11:38 < sbeattie> sarnold: yeah. I get a link time failure if they're not. 11:40 < sbeattie> anyway. Other things for this week: I need to look at a mod_apparmor issue รข<80><94> I missed a note in the 2.2 -> 2.4 transition about the authentication hooks changing, which is causing some of people's problems with the HANDLING_UNTRUSTED_INPUT hat, I think 11:40 < sbeattie> and other misc apparmor stuff. 11:41 < sbeattie> that's pretty much it for my week. tyhicks? 11:41 < tyhicks> I'm wanting to wrap up my rtm work items this week 11:41 < tyhicks> "review trust session and lp:trust-store for pid/APP_ID/apparmor/etc" has turned into a design discussion 11:42 < tyhicks> and "verify kernel security features in phablet image (besides ufw and apparmor)" just needs a little bit of testing today before I send out the kernel config patches 11:43 < tyhicks> I had done one swoop at verifying the kernel security features and enabled everything that we test for in QRT, but there's other things that we don't test for 11:43 < tyhicks> things that we're interested in but are not enabled in all of the touch kernels 11:43 < tyhicks> (like ecryptfs) 11:43 < tyhicks> so I'll add those config tests to QRT after I send out the patches 11:44 < sbeattie> tyhicks: thanks for that. 11:44 < tyhicks> np 11:44 < tyhicks> that's it for me 11:44 < tyhicks> jjohansen1: you're up 11:44 < jdstrand> tyhicks: design discussion? 11:44 < jjohansen1> I'm working on my rtm WIs this week 11:44 < jdstrand> tyhicks: does that mean you are blocked? 11:45 < jjohansen1> I also have the latest revision for the touch kernels to land this week, as soon as the new userspace lands 11:45 < jjohansen1> and I am off tuesday 11:46 < jdstrand> jjohansen1: that should land today. does that mean as soon as it lands you can do the pull request? 11:46 < jjohansen1> rtm WIs == apparmor extended mediation of unix sockets 11:46 < jjohansen1> jdstrand: yes 11:46 < jdstrand> cool 11:47 < jdstrand> re your rtm work items-- would it help if tyhicks or sbeattie helped you if they put aside non-rtm work items? 11:48 < jdstrand> if so, we can take that offline (just putting it out there) 11:49 < tyhicks> jdstrand: no, I'm not blocked - my WI was to review the code and I guess that is technically done 11:49 < tyhicks> jdstrand: now it has turned into a discussion on how to improve things 11:50 < jdstrand> tyhicks: I see. update the work item as you see fit and continue guiding them as necessary :) thanks for taking that on 11:50 < jjohansen1> that is it for me sarnold you are up 11:50 < jdstrand> jjohansen1: did you see my question about help? 11:52 < jjohansen1> jdstrand: not yet but soon, I'll poke them later in the week, wednesday, thursday, 11:52 < sarnold> I'm in the happy place this week, there's an openssl098 community update I'm still working on from last week, I'm still working on the qrt test-django script, and I'm hopeful for some apparmor patch reviews to distract me from the test-django work :) 11:52 < jjohansen1> jdstrand: don't worry I'll poke you to join the party too 11:53 -!- davidcalle [~david@LAubervilliers-151-13-11-89.w217-128.abo.wanadoo.fr] has quit [Quit: Ex-Chat] 11:53 < jdstrand> jjohansen1: ok, thanks 11:53 < sarnold> I think that's it for me, chrisccoulson? 11:54 < chrisccoulson> so, bug 1312082 is finished. I'm just waiting on something olivier is finishing before I merge it, so that I don't break his work 11:54 < ubottu> bug 1312082 in Oxide "Stop using deprecated compositing paths" [High,In progress] https://launchpad.net/bugs/1312082 11:54 < chrisccoulson> i've got through some of my review queue :) 11:55 < chrisccoulson> today, I started on bug 1332754, which should hopefully improve our memory usage a bit 11:55 < ubottu> bug 1332754 in Oxide "Evict frames for hidden webviews" [High,In progress] https://launchpad.net/bugs/1332754 11:55 < chrisccoulson> other than that, it's business as usual :) 11:56 < chrisccoulson> i think that's me done 11:58 < jdstrand> sarnold: there were some other reviews that are listed as work items that we talked about last week-- did you work on those, where are they prioritized for you? 11:58 < jdstrand> chrisccoulson: re 1312082> nice! 11:59 < jdstrand> chrisccoulson: seems like the media-hub/oxide integration is progressing well (which is part of your reviews I think) 11:59 < mdeslaur> jdstrand, tyhicks, jjohansen1, chrisccoulson, sarnold, sbeattie: we're nearing the end of june. Please look at your assigned work items, and if anything is marked may or june and you won't be done in the next week, please let me know 11:59 < tyhicks> ack 11:59 < sbeattie> mdeslaur: okay 11:59 < sarnold> jdstrand: I'd really like to be out from underneath this test-django script, so I was hoping to get it done. I'm sick of it. :) 12:00 < jdstrand> sarnold: sure. how close are you? 12:00 < sarnold> jdstrand: it feels like another day or two 12:01 < sarnold> mdeslaur: ack 12:01 < jdstrand> ok, cool 12:03 < jdstrand> I'm going to proceed-- chrisccoulson feel free to interrupt to answer my question whenever 12:03 < jdstrand> [TOPIC] Highlighted packages 12:03 < jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 12:03 < jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 12:03 < jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/merkaartor.html 12:03 < jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/libipc-pubsub-perl.html 12:03 < jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/gridengine.html 12:03 < jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/autotrace.html 12:03 < jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/gajim.html 12:03 < jdstrand> [TOPIC] Miscellaneous and Questions 12:03 < jdstrand> Does anyone have any other questions or items to discuss? 12:07 < jdstrand> #endmeeting 12:07 < jdstrand> mdeslaur, sbeattie, tyhicks, jjohansen, sarnold, ChrisCoulson: thanks! }}}