Re: cve-2017-13077 - WPA2 security vulni

From: David Wolfskill <>
Date: Tue, 17 Oct 2017 05:58:29 -0700
On Mon, Oct 16, 2017 at 11:27:00PM -0700, Cy Schubert wrote:
> In message <>, Franco 
> Fichtne
> r writes:
> ...
> > wpa_supplicant	2.6_2
> > 
> > No apparent issues with the ports, preliminary connectivity
> > checks work as expected.  Started a public CFT over at OPNsense
> > to gather more feedback.
> Agreed.
> ....

First: Thank you for doing this, Cy.

I am now (also) running wpa_supplicant-2.6_2 successfully on my laptop
(when it's running stable/11).

I did have one mild surprise: I had rebooted my laptop to verify that
the ports version of wpa_supplicant would work, and as the screen went
dark, I recalled that I had failed to copy /etc/wpa_supplicant.conf to
/usr/local/etc -- but my concern proved to be unfounded: the
wpa_supplicant.conf in /etc/ was used (successfully).

Question:  Should one expect a wpa_supplicant-2.6_2 executable built
under FreeBSD stable/11 (amd64) to work on the same hardware, but
running head?

For reasons that are (at best) tangential to this topic, I track,
build, and smoke-test both stable/11 and head daily, but only build
the ports (daily) under (the just-built/booted) stable/11 -- depending
on misc/compat11 to handle things as necessary for head.  This works
(well, IMO)... except that when I had configured my "head slice"
to use the ports version of wpa_supplicant, the latter was apparently
not happy:

Oct 17 11:06:13 localhost kernel: wlan0: Ethernet address: 00:24:d6:7a:03:ce
Oct 17 11:06:13 localhost wpa_supplicant[1279]: Successfully initialized wpa_supplicant
Oct 17 11:06:14 localhost wpa_supplicant[1279]: ioctl[SIOCS80211, op=98, arg_len=32]: Invalid argument
Oct 17 11:06:14 localhost wpa_supplicant[1279]: failed to IEEE80211_IOC_DEVCAPS: Invalid argument
Oct 17 11:06:14 localhost wpa_supplicant[1279]: wlan0: Failed to initialize driver interface
Oct 17 11:06:14 localhost root: /etc/rc.d/wpa_supplicant: WARNING: failed to start wpa_supplicant

The laptop spends the vast bulk of its time running stable/11, so
the threat is somewhat mitigated....

David H. Wolfskill
Unsubstantiated claims of "Fake News" are evidence that the claimant lies again.

See for my public key.

Received on Tue Oct 17 2017 - 10:58:38 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:13 UTC