@jnsp Do we need an updated modem file from the 17.11.2 update (released today)?
Only the bootloader blob has changed. I don’t know if it contains any security fixes.
I’m preparing a new release, will be online in a few minutes.
Edit: Done, the latest modem file is available through the link in the top post.
3 Likes
I just did the update and have los 20171107, but the patchlevel is displayed as Oct 5? No security updates or mistake?
Since the Android Security Bulletin—November 2017 was just released yesterday, I think Lineage does not yet have the fixes.
Quote from the above bullentin:
Source code patches for these issues will be released to the Android Open Source Project (AOSP) repository in the next 48 hours. We will revise this bulletin with the AOSP links when they are available.
Possible, yes… Was the security level updated for the mid month KRACK fix? I can’t remember. But then, it also might show the partial Nov 1 level, but i don’t know better than you…
No, since KRACK has no own patchlevel string.
According to this, we didn’t yet get a patch for CVE-2017-7541, which is part of the 2017-11-01 security patch level.
2 Likes
Uff… wish I hadn’t seen this 
So many CVEs unpatched
Thanks
1 Like
CVE-2017-7541 is for broadcom wifi. FP2 is not affected by this, even though FP might have fixed this in the kernel.
1 Like
Hi,
I am trying to go through the CVEs. But it’s a lot of stuff and work. But: I merge the FP open kernel source, that means that we have the same protection as FP Open.
I’d even be bold and claim that the lineage kernel has more CVEs fixed than the FPopen, as I have merged more CVEs that are not covered in FP open or from Qualcomm CAF.
I’d have only one advice: if you are really concerned by security fixes, the only viable option at the moment is to buy a Pixel phone. That’s sad, but true.
MSM8974 does not get support anymore from qualcomm (for a while now). So who knows what problems the modem, blobs, or other closed source components have, that neither QCOM, nor FP can fix.
Lineage is doing best they can, but…
Chris
9 Likes
Didn’t know that that much is on your shoulders… But thinking about it, these are not LOS CVEs but kernel’s, and so it’s your burden… Can’t thank you enough, and I think with some conscious usage patterns one can at least try to minimize the exposure… In the end, there are probably still lots of undetected bugs, at least undetected by the “good side”. So, thanks again, and don’t let you get frustrated by the amount of work and naive “consumers” 
4 Likes
No problem. I just wanted to clarify, that this is a constant work-in-progress and I try to do my best in my spare time.
Chris
PS: I was not joking about buying a Pixel. At the moment, the only guys who are to some extend on top of the security stuff is unfortunatly google.
1 Like
No, I know, the Pixel is indeed first in line, and then there’s a certain amount of man power available at Google… Probably I even would use a Google device, if I hadn’t found the FP2, in 2015…
3 Likes
Update installed via TWRP (Edit: still 3.1.1-1 before I saw that 3.1.1-2 is out):
- lineage-14.1-20171107-nightly-FP2-signed.zip
- modem-17.11.2.zip
- open_gapps-arm-7.1-pico-20171107.zip
The following things work for me so far:
- call / be called
- send SMS / receive SMS
- internet via WiFi
- internet via mobile network
- location
- compass
- screenshot
- main camera (new module)
- selfie camera (new module)
- USB connection to PC / MTP
- alarm (incl. swiping it off)
- MyPhoneExplorer
- root
Would that result in the Baseband version being unchanged (4437.1-FP2-0-07)?
1 Like
I’m glad you’re asking this… I haven’t got a clue about any of this, it’s all new to me. I’m just glad there are people like @jnsp and @chrmhoffmann around 
Thanks for all the work you’re all doing!!
1 Like
Does anybody else have the problem, that when the phone is off and charging, it won’t boot? I have to unplug it, boot it and then replug it.
2 Likes
Yes, I do have the problem too…
My Problem was not any more getting Access to the system at all. I failed the moment I tried to enter the PIN for the SIM. I did not have access to the settings anymore.
Try new lineage from today.
Chris
Yes, the baseband blob hasn’t changed.
1 Like
To apply this week update we need to update modem file right? in that case I just queue it in the TWRP install? First the LOS upload followed by the modem?
Thanks