From owner-freebsd-current@freebsd.org Tue Oct 17 13:19:15 2017 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 347D6E3A4B2 for ; Tue, 17 Oct 2017 13:19:15 +0000 (UTC) (envelope-from cy.schubert@komquats.com) Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 173786CAB3 for ; Tue, 17 Oct 2017 13:19:15 +0000 (UTC) (envelope-from cy.schubert@komquats.com) Received: by mailman.ysv.freebsd.org (Postfix) id 13595E3A4B1; Tue, 17 Oct 2017 13:19:15 +0000 (UTC) Delivered-To: current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 12FC7E3A4AF for ; Tue, 17 Oct 2017 13:19:15 +0000 (UTC) (envelope-from cy.schubert@komquats.com) Received: from smtp-out-no.shaw.ca (smtp-out-no.shaw.ca [64.59.134.9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id DA5586CAB2 for ; Tue, 17 Oct 2017 13:19:14 +0000 (UTC) (envelope-from cy.schubert@komquats.com) Received: from spqr.komquats.com ([96.50.22.10]) by shaw.ca with SMTP id 4RlyeZZRQM9gt4Rlzers81; Tue, 17 Oct 2017 07:19:08 -0600 X-Authority-Analysis: v=2.2 cv=a+JAzQaF c=1 sm=1 tr=0 a=jvE2nwUzI0ECrNeyr98KWA==:117 a=jvE2nwUzI0ECrNeyr98KWA==:17 a=kj9zAlcOel0A:10 a=02M-m0pO-4AA:10 a=JAf30KXuAAAA:8 a=YxBL1-UpAAAA:8 a=6I5d2MoRAAAA:8 a=O0oC2_XnyK8vZQgHNRMA:9 a=CjuIK1q_8ugA:10 a=GEL62FyrTCmHtEug2d3R:22 a=Ia-lj3WSrqcvXOmTRaiG:22 a=IjZwj45LgO3ly-622nXo:22 Received: from slippy.cwsent.com (slippy [10.1.1.91]) by spqr.komquats.com (Postfix) with ESMTPS id 26837150; Tue, 17 Oct 2017 06:19:06 -0700 (PDT) Received: from slippy (localhost [127.0.0.1]) by slippy.cwsent.com (8.15.2/8.15.2) with ESMTP id v9HDJ5QI004672; Tue, 17 Oct 2017 06:19:05 -0700 (PDT) (envelope-from Cy.Schubert@cschubert.com) Message-Id: <201710171319.v9HDJ5QI004672@slippy.cwsent.com> X-Mailer: exmh version 2.8.0 04/21/2012 with nmh-1.6 Reply-to: Cy Schubert From: Cy Schubert X-os: FreeBSD X-Sender: cy@cwsent.com X-URL: http://www.cschubert.com/ To: David Wolfskill , Cy Schubert , current@freebsd.org Subject: Re: cve-2017-13077 - WPA2 security vulni In-Reply-To: Message from David Wolfskill of "Tue, 17 Oct 2017 05:58:29 -0700." <20171017125829.GA35718@albert.catwhisker.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 17 Oct 2017 06:19:05 -0700 X-CMAE-Envelope: MS4wfMF3n041CWyUKXi4S68R1yw9VFIivN6dyC1x5q4t8dn2lqhPnvd/Tv7se6F/7Z+UNsk+TxmeBpsYy8l2pBj22TaQXYKTnm3WifgJvriYVKFf0pm855Lw QfLopnoItGZJUzUjHPAkIRVUjHw4sYJooDYz4ryRY/NaHGUHgD4M5M6up942qTmrbiBJrJROSgUPoYaoERGGjrmjhxYwo1DvCeA= X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Oct 2017 13:19:15 -0000 In message <20171017125829.GA35718@albert.catwhisker.org>, David Wolfskill writ es: > > > --azLHFNyN32YCQGCU > Content-Type: text/plain; charset=us-ascii > Content-Disposition: inline > Content-Transfer-Encoding: quoted-printable > > On Mon, Oct 16, 2017 at 11:27:00PM -0700, Cy Schubert wrote: > > In message , Franco= > =20 > > Fichtne > > r writes: > > ... > > > wpa_supplicant 2.6_2 > > >=20 > > > No apparent issues with the ports, preliminary connectivity > > > checks work as expected. Started a public CFT over at OPNsense > > > to gather more feedback. > >=20 > > Agreed. > > .... > > First: Thank you for doing this, Cy. No problem. I was aiming to put something together in base but an hour at noon wasn't enough so I switched gears and went after the port instead. It was a quick win. > > I am now (also) running wpa_supplicant-2.6_2 successfully on my laptop > (when it's running stable/11). > > I did have one mild surprise: I had rebooted my laptop to verify that > the ports version of wpa_supplicant would work, and as the screen went > dark, I recalled that I had failed to copy /etc/wpa_supplicant.conf to > /usr/local/etc -- but my concern proved to be unfounded: the > wpa_supplicant.conf in /etc/ was used (successfully). > > Question: Should one expect a wpa_supplicant-2.6_2 executable built > under FreeBSD stable/11 (amd64) to work on the same hardware, but > running head? Possibly. I run head here. The things that could impact you are shared libraries (ABI) and KBI. > > For reasons that are (at best) tangential to this topic, I track, > build, and smoke-test both stable/11 and head daily, but only build > the ports (daily) under (the just-built/booted) stable/11 -- depending > on misc/compat11 to handle things as necessary for head. This works > (well, IMO)... except that when I had configured my "head slice" > to use the ports version of wpa_supplicant, the latter was apparently > not happy: > > =2E.. > Oct 17 11:06:13 localhost kernel: wlan0: Ethernet address: 00:24:d6:7a:03:ce > Oct 17 11:06:13 localhost wpa_supplicant[1279]: Successfully initialized wp= > a_supplicant > Oct 17 11:06:14 localhost wpa_supplicant[1279]: ioctl[SIOCS80211, op=3D98, = > arg_len=3D32]: Invalid argument > Oct 17 11:06:14 localhost wpa_supplicant[1279]: failed to IEEE80211_IOC_DEV= > CAPS: Invalid argument > Oct 17 11:06:14 localhost wpa_supplicant[1279]: wlan0: Failed to initialize= > driver interface > Oct 17 11:06:14 localhost root: /etc/rc.d/wpa_supplicant: WARNING: failed t= > o start wpa_supplicant You have your answer. It's likely a KBI issue. > =2E... > > The laptop spends the vast bulk of its time running stable/11, so > the threat is somewhat mitigated.... It appears you may need to in some cases rebuild some ports on head. -- Cheers, Cy Schubert FreeBSD UNIX: Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few.