Looking at the wpa_supplicant port, it may be a quicker win than base at the moment. I don't have much of my lunch hour left to complete anything. -- Cheers, Cy Schubert <Cy.Schubert_at_cschubert.com> FreeBSD UNIX: <cy_at_FreeBSD.org> Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few. In message <CAPQ4ffua_eQ24z6a8XSH=CCBbqrXV6vXzMD5QgSGmYi198wX4w_at_mail.gmail.c om> , Oliver Pinter writes: > Hi Adrian! > > How big effort is to update he in-tree wpa_supplicant/hostapd to the > latest supported version? > Is there any known regression / feature loss when do the upgrade? > > On 10/16/17, Adrian Chadd <adrian.chadd_at_gmail.com> wrote: > > Right, there are backported patches against 2.6, but we're running 2.5 > > in contrib/ . > > > > This is all "I'm out of time right now", so if someone wants to do the > > ports work and/or the contrib work with the patches for this vuln then > > please do. I should be able to get to it in the next few days but I'm > > busy with family and employment. > > > > > > > > -adrian > > > > > > On 16 October 2017 at 10:19, Kevin Oberman <rkoberman_at_gmail.com> wrote: > >> On Mon, Oct 16, 2017 at 8:55 AM, Adrian Chadd <adrian.chadd_at_gmail.com> > >> wrote: > >>> > >>> hi, > >>> > >>> I got the patches a couple days ago. I've been busy with personal life > >>> stuff so I haven't updated our in-tree hostapd/wpa_supplicant. If > >>> someone beats me to it, great, otherwise I'll try to do it in the next > >>> couple days. > >>> > >>> I was hoping (!) for a hostap/wpa_supplicant 2.7 update to just update > >>> everything to but so far nope. It should be easy enough to update the > >>> port for now as it's at 2.6. > >>> > >>> > >>> > >>> -adrian > >>> > >>> > >>> On 16 October 2017 at 06:04, Cy Schubert <Cy.Schubert_at_komquats.com> > >>> wrote: > >>> > In message <44161b4d-f834-a01d-6ddb-475f208762f9_at_FreeBSD.org>, Lev > >>> > Serebryakov > >>> > writes: > >>> >> On 16.10.2017 13:38, blubee blubeeme wrote: > >>> >> > >>> >> > well, that's a cluster if I ever seen one. > >>> >> It is really cluster: CVE-2017-13077, CVE-2017-13078, > >>> >> CVE-2017-13079, > >>> >> CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, > >>> >> CVE-2017-13086,CVE-2017-13087, CVE-2017-13088. > >>> > > >>> > The gory details are here: > >>> > https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-mes > sages.txt > >>> > > >>> > The announcement is here: > >>> > https://www.krackattacks.com/ > >>> > > >>> > > >>> > -- > >>> > Cheers, > >>> > Cy Schubert <Cy.Schubert_at_cschubert.com> > >>> > FreeBSD UNIX: <cy_at_FreeBSD.org> Web: http://www.FreeBSD.org > >>> > > >>> > The need of the many outweighs the greed of the few. > >>> > > >> > >> > >> While I do not encourage waiting, it is quite likely that the upstream > >> patch > >> wil show up very soon now that the vulnerability is public. > >> > >> It's also worth noting that fixing either end of the connection is all > >> that > >> is required, as I understand it. So getting an update for your AP is not > >> required. That is very fortunate as the industry has a rather poor record > >> of > >> getting out firmware updates for hardware more than a few months old. > >> Also, > >> it appears that Windows and iOS are not vulnerable due to flaws in their > >> implementation of the WPA2 spec. (Of course, if you update your AP(s), > >> you > >> no longer need to worry about your end devices. > >> -- > >> Kevin Oberman, Part time kid herder and retired Network Engineer > >> E-mail: rkoberman_at_gmail.com > >> PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683 > > _______________________________________________ > > freebsd-current_at_freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-current > > To unsubscribe, send any mail to "freebsd-current-unsubscribe_at_freebsd.org" > >Received on Mon Oct 16 2017 - 17:36:49 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:13 UTC