From owner-freebsd-current@freebsd.org  Mon Oct 16 20:20:06 2017
Return-Path: <owner-freebsd-current@freebsd.org>
Delivered-To: freebsd-current@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 328B3E4424B
 for <freebsd-current@mailman.ysv.freebsd.org>;
 Mon, 16 Oct 2017 20:20:06 +0000 (UTC)
 (envelope-from cy.schubert@komquats.com)
Received: from smtp-out-no.shaw.ca (smtp-out-no.shaw.ca [64.59.134.13])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "Client", Issuer "CA" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id F1FC06BA60;
 Mon, 16 Oct 2017 20:20:05 +0000 (UTC)
 (envelope-from cy.schubert@komquats.com)
Received: from spqr.komquats.com ([96.50.22.10]) by shaw.ca with SMTP
 id 4BrgeVPWNM9gt4BrhepI8m; Mon, 16 Oct 2017 14:19:59 -0600
X-Authority-Analysis: v=2.2 cv=a+JAzQaF c=1 sm=1 tr=0
 a=jvE2nwUzI0ECrNeyr98KWA==:117 a=jvE2nwUzI0ECrNeyr98KWA==:17
 a=02M-m0pO-4AA:10 a=YxBL1-UpAAAA:8 a=6I5d2MoRAAAA:8 a=BWvPGDcYAAAA:8
 a=beCajIYSYeKNm25g5KgA:9 a=CjuIK1q_8ugA:10 a=a3SBYUOku7_WlhUB:21
 a=_W_S_7VecoQA:10 a=Ia-lj3WSrqcvXOmTRaiG:22 a=IjZwj45LgO3ly-622nXo:22
 a=pxhY87DP9d2VeQe4joPk:22
Received: from [25.172.12.81] (S0106d4ca6d8943b0.gv.shawcable.net
 [24.68.134.59])
 by spqr.komquats.com (Postfix) with ESMTPSA id A2477AD;
 Mon, 16 Oct 2017 13:19:55 -0700 (PDT)
MIME-Version: 1.0
From: Cy Schubert <Cy.Schubert@komquats.com>
Subject: RE: cve-2017-13077 - WPA2 security vulni
Date: Mon, 16 Oct 2017 13:19:56 -0700
To: Franco Fichtner <franco@lastsummer.de>
CC: "Rodney W. Grimes" <freebsd-rwg@pdx.rh.CN85.dnsmgr.net>, 
 Kevin Oberman <rkoberman@gmail.com>, Adrian Chadd <adrian.chadd@gmail.com>, 
 Lev Serebryakov <lev@freebsd.org>, blubee blubeeme <gurenchan@gmail.com>, 
 Poul-Henning Kamp <phk@phk.freebsd.dk>, 
 FreeBSD current <freebsd-current@freebsd.org>
Message-Id: <20171016201955.A2477AD@spqr.komquats.com>
X-CMAE-Envelope: MS4wfMwVdCG6CDiuH4Jk9HcqMPvrSb3v488n2hHBfgT94qgbWty2+Me7ULsrLRJFJvLsjvLO9uUBEJAWJ2Xm6rBF1SnChlbBkwxRVtId0dI7IVlf1FMqpQ9r
 Xq/ajqCa7Cr5y3yJh5fgTjGvE1HanKUrbv0A7wA864tt0q90vziHzE2bOfzCmTz24cATF4fgHszpsa+fV7dJi6B9F52ENrCP+7JdgGxAnWfvuz43yr5jTyCt
 SyCJYtazxMRDKe5CmP8wIxtT0l3qMQxwqhbvkBw2iQuk1Uc3Ywb3HgxHNhfGmj7uOVZV4Crjg4cwOx9EO0bWedTTwxMmkzp5SMW2fadZ4NcRpQehndnfmHbo
 b9Mc28ruWA/e1WHsxFmLYkk5GhT9CRHLfHtysKW3CxTeXSjDEZ3123xQxZk2EjCo7G+jSBRy
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.23
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Oct 2017 20:20:06 -0000

It doesn't, which is why I patched the port at lunch today. It's a quick wi=
n with the time I had.

I think we should update base to 2.6 and apply the patches.

---
Sent using a tiny phone keyboard. Apologies for any typos and autocorrect.

Cy Schubert
<Cy.Schubert@cschubert.com> or <cy@freebsd.org>

-----Original Message-----
From: Franco Fichtner
Sent: 16/10/2017 11:57
To: Cy Schubert
Cc: Rodney W. Grimes; Kevin Oberman; Adrian Chadd; Lev Serebryakov; blubee =
blubeeme; Poul-Henning Kamp; FreeBSD current
Subject: Re: cve-2017-13077 - WPA2 security vulni


> On 16. Oct 2017, at 8:50 PM, Cy Schubert <Cy.Schubert@komquats.com> wrote=
:
>=20
> Eight patches have been posted so, it should be easy to patch 2.5, MFC, a=
nd bring head up to 2.6 later. This should avoid the risk of possible regre=
ssions.

Nope, does not apply easily.  Refactoring changed contexts, function names
and variable usage logic between 2.5 and 2.6.


Cheers,
Franco