cve-2017-13077 - WPA2 security vulni

Does anyone on FreeBSD know if it's affected by this? https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-13077 ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to

Re: cve-2017-13077 - WPA2 security vulni

This is awesome, thanks! On Mon, Oct 16, 2017, 19:19 Stefan Esser wrote: > Am 16.10.17 um 12:38 schrieb blubee blubeeme: > > well, that's a cluster if I ever seen one. > > > > On Mon, Oct 16, 2017 at 6:35 PM, Poul-Henning Kamp > > wrote: > > > >>

Re: cve-2017-13077 - WPA2 security vulni

well, that's a cluster if I ever seen one. On Mon, Oct 16, 2017 at 6:35 PM, Poul-Henning Kamp wrote: > > In message gmail.com> > , blubee blubeeme writes: > > >Does anyone on FreeBSD know if it's affected

Re: cve-2017-13077 - WPA2 security vulni

In message , blubee blubeeme writes: >Does anyone on FreeBSD know if it's affected by this? >https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-13077 It is, same as Linux, we use the same wpa_supplicant software --

Re: cve-2017-13077 - WPA2 security vulni

Am 16.10.17 um 12:38 schrieb blubee blubeeme: > well, that's a cluster if I ever seen one. > > On Mon, Oct 16, 2017 at 6:35 PM, Poul-Henning Kamp > wrote: > >> >> In message > gmail.com> >> , blubee

Re: cve-2017-13077 - WPA2 security vulni

On 16.10.2017 13:38, blubee blubeeme wrote: > well, that's a cluster if I ever seen one. It is really cluster: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086,CVE-2017-13087, CVE-2017-13088. -- // Lev Serebryakov

Re: cve-2017-13077 - WPA2 security vulni

In message <21896d6e-75be-3376-bc32-9d911227d...@freebsd.org>, Stefan Esser wri tes: > Am 16.10.17 um 12:38 schrieb blubee blubeeme: > > well, that's a cluster if I ever seen one. > > > > On Mon, Oct 16, 2017 at 6:35 PM, Poul-Henning Kamp > > wrote: > > > >> > >>

Re: cve-2017-13077 - WPA2 security vulni

In message <44161b4d-f834-a01d-6ddb-475f20876...@freebsd.org>, Lev Serebryakov writes: > On 16.10.2017 13:38, blubee blubeeme wrote: > > > well, that's a cluster if I ever seen one. > It is really cluster: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, > CVE-2017-13080, CVE-2017-13081,

Re: cve-2017-13077 - WPA2 security vulni

On Mon, Oct 16, 2017 at 8:55 AM, Adrian Chadd wrote: > hi, > > I got the patches a couple days ago. I've been busy with personal life > stuff so I haven't updated our in-tree hostapd/wpa_supplicant. If > someone beats me to it, great, otherwise I'll try to do it in the

Re: cve-2017-13077 - WPA2 security vulni

Right, there are backported patches against 2.6, but we're running 2.5 in contrib/ . This is all "I'm out of time right now", so if someone wants to do the ports work and/or the contrib work with the patches for this vuln then please do. I should be able to get to it in the next few days but I'm

Re: cve-2017-13077 - WPA2 security vulni

Hi Adrian! How big effort is to update he in-tree wpa_supplicant/hostapd to the latest supported version? Is there any known regression / feature loss when do the upgrade? On 10/16/17, Adrian Chadd wrote: > Right, there are backported patches against 2.6, but we're

RE: cve-2017-13077 - WPA2 security vulni

I'll test it when I get home tonight. The WiFi here at the tech park is open so, I couldn't test here. --- Sent using a tiny phone keyboard. Apologies for any typos and autocorrect. Cy Schubert or -Original Message- From: Franco Fichtner

Re: cve-2017-13077 - WPA2 security vulni

hi, I got the patches a couple days ago. I've been busy with personal life stuff so I haven't updated our in-tree hostapd/wpa_supplicant. If someone beats me to it, great, otherwise I'll try to do it in the next couple days. I was hoping (!) for a hostap/wpa_supplicant 2.7 update to just update

RE: cve-2017-13077 - WPA2 security vulni

Eight patches have been posted so, it should be easy to patch 2.5, MFC, and bring head up to 2.6 later. This should avoid the risk of possible regressions. I haven't looked at the ports. --- Sent using a tiny phone keyboard. Apologies for any typos and autocorrect. Cy Schubert

RE: cve-2017-13077 - WPA2 security vulni

It doesn't, which is why I patched the port at lunch today. It's a quick win with the time I had. I think we should update base to 2.6 and apply the patches. --- Sent using a tiny phone keyboard. Apologies for any typos and autocorrect. Cy Schubert or

pfind_locked(pid) fails when in a jail?

Hi, A problem w.r.t. the NFSv4 client's renew thread (nfscl) running up a lot of CPU when the NFSv4 mount is in a jail has been reported to the freebsd-stable@ mailing list. I know nothing about jails, but when looking at the code, the most obvious cause of this would be "pfind_locked(pid)"

Re: pfind_locked(pid) fails when in a jail?

On Tue, Oct 17, 2017 at 12:24 AM, Rick Macklem wrote: > Hi, > > A problem w.r.t. the NFSv4 client's renew thread (nfscl) running up a lot > of CPU > when the NFSv4 mount is in a jail has been reported to the freebsd-stable@ > mailing list. > > I know nothing about jails,

Re: pfind_locked(pid) fails when in a jail?

[stuff snipped] > > > > > pfind* does not do any filtering. > > Hmm, well I have no idea why the jailed mounts get looping in here then. > > The real question though is why are you calling it in the first place. The > > calls > > I grepped in nfscl_procdoesntexist are highly suspicious - there is

Re: pfind_locked(pid) fails when in a jail?

On Tue, 2017-10-17 at 00:38 +0200, Mateusz Guzik wrote: > On Tue, Oct 17, 2017 at 12:24 AM, Rick Macklem wrote: > > > > > Hi, > > > > A problem w.r.t. the NFSv4 client's renew thread (nfscl) running up a lot > > of CPU > > when the NFSv4 mount is in a jail has been

Is there an RTC prejudice?

While I haven't [yet] experienced this problem. A bug[1] just came in on the amd64 list that is over a *year old*, and there are several individuals involved. As well as several [freebsd] versions. So I thought I'd raise the issue here. In case someone(tm) thinks they know what's wrong/ what to

Re: cve-2017-13077 - WPA2 security vulni

> On 16. Oct 2017, at 8:50 PM, Cy Schubert wrote: > > Eight patches have been posted so, it should be easy to patch 2.5, MFC, and > bring head up to 2.6 later. This should avoid the risk of possible > regressions. Nope, does not apply easily. Refactoring changed

Re: cve-2017-13077 - WPA2 security vulni

Looking at the wpa_supplicant port, it may be a quicker win than base at the moment. I don't have much of my lunch hour left to complete anything. -- Cheers, Cy Schubert FreeBSD UNIX: Web: http://www.FreeBSD.org The need of the many

Re: cve-2017-13077 - WPA2 security vulni

I'll commit the wpa_supplicant port now but I don't have enough time this lunch hour to create a vuxml entry or to update the hostapd port. It may be simpler to update base to 2.6 to facilitate patching. What do people think? -- Cheers, Cy Schubert FreeBSD UNIX:

Re: cve-2017-13077 - WPA2 security vulni

> On Mon, Oct 16, 2017 at 8:55 AM, Adrian Chadd > wrote: > > > hi, > > > > I got the patches a couple days ago. I've been busy with personal life > > stuff so I haven't updated our in-tree hostapd/wpa_supplicant. If > > someone beats me to it, great, otherwise I'll try to

Re: cve-2017-13077 - WPA2 security vulni

> On 16. Oct 2017, at 10:19 PM, Cy Schubert wrote: > > It doesn't, which is why I patched the port at lunch today. It's a quick win > with the time I had. Thank you, much appreciated. Will give it some testing. > I think we should update base to 2.6 and apply the