[Call for testing] Announcing out-of-schedule Ubuntu Touch 20.04 OTA-7
-
We're going to release Ubuntu Touch 20.04 OTA-7 earlier than schedule to fix a number of security issues affecting Pulseaudio, our audio server. One of the issue affects privacy of Ubuntu Touch users, and thus we've decided to release an out-of-schedule update.
The issues are as follow:
- Confined applications can remove the Trust Store permission system module from Pulseaudio, allowing such applications to access the phone's microphone without user knowing, amongst a number of privileged actions.
- Confined applications are able to crash Pulseaudio by performing a volume control on a specific virtual device when a Bluetooth headset is connected.
Both of the issues are specific to the way Ubuntu Touch patches and uses Pulseaudio. However, the second issue has a potential to affect some Ubuntu 16.04 installations running non-default configuration (newer versions are not affected). As such, we've coordinated with Canonical on the timing before making this announcement.
Due to the way our release pipeline works, Ubuntu Touch 20.04 OTA-7 will also contain a number of fixes which are not related to the aforementioned issues. Thus, we'll release an RC for 20.04 OTA-7 in upcoming days and we'll announce a call-for-testing. We plan to release Ubuntu Touch 20.04 OTA-7 on Friday 29 November 2024.
Updated: Ubuntu Touch 20.04 OTA-7 RC is out, which should have version 2024-W47. Please take some time to switch your spare/development phone to the 20.04 RC channel and test this OTA.
Update: Ubuntu Touch 20.04 OTA-7 is released. Thank you everyone involved in testing.
-
A arubislander pinned this topic
-
@peat_psuwit Hello and thank you for this information. In concrete terms, the risk would concern fraudulent applications that would use the microphone? Has the case already been seen? Thank you
-
@Kinuk We've not encountered any application trying to exploit this yet. That said, because Pulseaudio (the audio server) doesn't log a successful attempt at loading/unloading modules, should any application try to exploit this, there would be no evidence that we can see. This is one of the reason we've decided to roll out this update as soon as possible.
-
@peat_psuwit, Ok, thank you for your quick feedback.
-
@peat_psuwit I'm on the Volla 22.
No apparent malfunction. -
@domubpkm same for me on opo5, thanks for the work!
-
Hmmm... Not sure if this is related or different bug, but I bought new BT headset last week (Xiaomi Redmi Buds 6) and I can crash Lomiri while paring the headset to the phone with approx 50/50 chance
Notes:
- The isue was present before current OTA7 RC update
- This is on Xiaomi Redmi Note 9 with update from RC 2024-W47
-
@Boldos Then it is unrelated.
-
Device Android 10 - joyeuse - 2024-w47
https://devices.ubuntu-touch.io/device/joyeuse/booting - ok
incoming and outgoing calls - ok
mobile data- ok
sms - ok
bluetooth audio - ok -
Hej just a feedback here on my Fairphone4.
No changes or problems to my daily usage since the update. Since its my daily driver i would notice any troubles...
-Battery holds up
-Network connections work and stable
-Bluetooth does as it should
-Restart and shut down as usual (not always
responding as it should)
-Notification/Ringtones work
....Ye so for now all is well, will upate if something is out of the ordinary.
-
Just noticed that music app crashes on volla 22 when wanted to play a track and doesn't find albums ! Confirmed ?
Edit : i desinstalled the music app .click and can't be installed again.
-
Ubuntu Touch 20.04 OTA-7 is released. Thank you everyone involved in testing.
https://ubports.com/blog/ubports-news-1/post/ubuntu-touch-ota-7-focal-release-3943
-
Hi @domubpkm
Sadly too late.
Music app is one of the core preinstalled apps and you shouldn't try to uninstall them as it is not handled in the same way as other regular apps.
See this thread: https://forums.ubports.com/topic/10425/camera-app-cannot-be-installed
And maybe also this one: https://forums.ubports.com/topic/10498/music-app-stopped-working
Even if the latest was correlated with an issue on the music app that required a fix if my memory serves me well.The easiest way would be to reinstall without wiping the data or maybe open an issue if the issue is confirmed (or another thread to confirm your observation).
-
A AppLee locked this topic
-
A AppLee unlocked this topic
-
@domubpkm I'm sorry I didn't notice this before start rolling out. However, since this should be able to be remedied later via Open-Store, I've decided to not holding back the system update.
I personally am unable to reproduce the crash, but maybe I don't understand the reproduction steps well. Could you please elaborate more on this at Music app's issue tracker?
https://gitlab.com/ubports/development/apps/lomiri-music-app/-/issues
As for the Music app being unable to re-install, please help us gathering the log and then follow the workaround at:
https://gitlab.com/ubports/development/core/click/-/issues/27
(Music app's click package id is
music.ubports) -
Just wanted to say thank you!
OTA-7 arrived tonight on my Redmi Note 9S and I applied it successfully.
All seems perfectly fine.
So thank you for continuous hard work!
-
System unpinned this topic
