From owner-freebsd-current@freebsd.org Tue Oct 17 12:58:38 2017 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0A605E39CB5 for ; Tue, 17 Oct 2017 12:58:38 +0000 (UTC) (envelope-from david@catwhisker.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id E63E96BD2D for ; Tue, 17 Oct 2017 12:58:37 +0000 (UTC) (envelope-from david@catwhisker.org) Received: by mailman.ysv.freebsd.org (Postfix) id E23B7E39CB4; Tue, 17 Oct 2017 12:58:37 +0000 (UTC) Delivered-To: current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DF953E39CB3 for ; Tue, 17 Oct 2017 12:58:37 +0000 (UTC) (envelope-from david@catwhisker.org) Received: from mx.catwhisker.org (mx.catwhisker.org [198.144.209.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A88BB6BD2C for ; Tue, 17 Oct 2017 12:58:37 +0000 (UTC) (envelope-from david@catwhisker.org) Received: from albert.catwhisker.org (localhost [127.0.0.1]) by albert.catwhisker.org (8.15.2/8.15.2) with ESMTP id v9HCwUmE035994; Tue, 17 Oct 2017 12:58:30 GMT (envelope-from david@albert.catwhisker.org) Received: (from david@localhost) by albert.catwhisker.org (8.15.2/8.15.2/Submit) id v9HCwT8C035993; Tue, 17 Oct 2017 05:58:29 -0700 (PDT) (envelope-from david) Date: Tue, 17 Oct 2017 05:58:29 -0700 From: David Wolfskill To: Cy Schubert Cc: current@freebsd.org Subject: Re: cve-2017-13077 - WPA2 security vulni Message-ID: <20171017125829.GA35718@albert.catwhisker.org> Mail-Followup-To: David Wolfskill , Cy Schubert , current@freebsd.org References: <201710170627.v9H6R0XC078179@slippy.cwsent.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="azLHFNyN32YCQGCU" Content-Disposition: inline In-Reply-To: <201710170627.v9H6R0XC078179@slippy.cwsent.com> User-Agent: Mutt/1.9.1 (2017-09-22) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Oct 2017 12:58:38 -0000 --azLHFNyN32YCQGCU Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Oct 16, 2017 at 11:27:00PM -0700, Cy Schubert wrote: > In message , Franco= =20 > Fichtne > r writes: > ... > > wpa_supplicant 2.6_2 > >=20 > > No apparent issues with the ports, preliminary connectivity > > checks work as expected. Started a public CFT over at OPNsense > > to gather more feedback. >=20 > Agreed. > .... First: Thank you for doing this, Cy. I am now (also) running wpa_supplicant-2.6_2 successfully on my laptop (when it's running stable/11). I did have one mild surprise: I had rebooted my laptop to verify that the ports version of wpa_supplicant would work, and as the screen went dark, I recalled that I had failed to copy /etc/wpa_supplicant.conf to /usr/local/etc -- but my concern proved to be unfounded: the wpa_supplicant.conf in /etc/ was used (successfully). Question: Should one expect a wpa_supplicant-2.6_2 executable built under FreeBSD stable/11 (amd64) to work on the same hardware, but running head? For reasons that are (at best) tangential to this topic, I track, build, and smoke-test both stable/11 and head daily, but only build the ports (daily) under (the just-built/booted) stable/11 -- depending on misc/compat11 to handle things as necessary for head. This works (well, IMO)... except that when I had configured my "head slice" to use the ports version of wpa_supplicant, the latter was apparently not happy: =2E.. Oct 17 11:06:13 localhost kernel: wlan0: Ethernet address: 00:24:d6:7a:03:ce Oct 17 11:06:13 localhost wpa_supplicant[1279]: Successfully initialized wp= a_supplicant Oct 17 11:06:14 localhost wpa_supplicant[1279]: ioctl[SIOCS80211, op=3D98, = arg_len=3D32]: Invalid argument Oct 17 11:06:14 localhost wpa_supplicant[1279]: failed to IEEE80211_IOC_DEV= CAPS: Invalid argument Oct 17 11:06:14 localhost wpa_supplicant[1279]: wlan0: Failed to initialize= driver interface Oct 17 11:06:14 localhost root: /etc/rc.d/wpa_supplicant: WARNING: failed t= o start wpa_supplicant =2E... The laptop spends the vast bulk of its time running stable/11, so the threat is somewhat mitigated.... Peace, david --=20 David H. Wolfskill david@catwhisker.org Unsubstantiated claims of "Fake News" are evidence that the claimant lies a= gain. See http://www.catwhisker.org/~david/publickey.gpg for my public key. --azLHFNyN32YCQGCU Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQF8BAEBCgBmBQJZ5f51XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRDQ0I3Q0VGOTE3QTgwMUY0MzA2NEQ3N0Ix NTM5Q0M0MEEwNDlFRTE3AAoJEBU5zECgSe4XNRoH/AxKFiZVa4VjdZGxr5yoQMTb otM1rqAEw63zQDV/KVibjT5y5RtCFsR4EIjq4rVU/6Z9Vl4JwXiScfE4+plw5vOk RXhtfShUbCMzaRSkN3EyWWtg9CVR0ysjXFDGsfnRJSwwwWtiOpa8EJ68V4THRyw/ KrQDGjhkNla6WjVI0EczmNQ/UF1SKprQ2eBqgeQ7LbeFMGTMtrYggN15h7QU+EpD 36Rp6vqsbAzeo8UZoTVHgRwFyYYBIA8bb3mTdH//ob856LFwN7lCU66oIYgr1Fq5 nuq3Lk6wjt6FzekjHRQUThKYjOIGV32Avx4uQtVP0b2DcTMKgbYm/o3aXmPuVq8= =5ujC -----END PGP SIGNATURE----- --azLHFNyN32YCQGCU--