Patch for KRACK (CVE-2017-13077)

Matthew Dillon dillon at backplane.com
Wed Oct 10 07:46:01 PDT 2018


Upgrading the base wpa_supplicant would be a good idea.  At the moment it
indicates its temporary status in the dmesg output... basically just there
so you can boot up, bootstrap packages, and install the dports
wpa_supplicant.

-Matt

On Tue, Oct 9, 2018 at 9:23 PM Aaron LI <aly at aaronly.me> wrote:

> On Tue, 9 Oct 2018 20:29:41 +0800
> Ridwan Shariffdeen <rshariffdeen at gmail.com> wrote:
>
> Hi Shariffdeen
>
> > I noticed the wpa_supplicant code in (
> >
> https://github.com/DragonFlyBSD/DragonFlyBSD/tree/master/contrib/wpa_supplicant
> )
> > is not updated for the last 4 years.
> >
> > There was a recent disclosure of bugs in wpa standard (
> > https://www.krackattacks.com/)
> >
> > I am wondering if the patches are merged or this is not a valid bug for
> > DragonFlyBSD?
> > Please help me clarify.
>
> Thanks for referring to the security bug in dfly's base wpa_supplicant.
> Yes, the base wpa_supplicant hasn't been updated for years, and its startup
> script will print a warning suggesting that users should install the latest
> wpa_supplicant from dports/packages.
>
> Nevertheless, one developer may take time to upgrade the wpa_supplicant in
> base.
>
>
> Cheers,
> --
> Aaron
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dragonflybsd.org/pipermail/users/attachments/20181010/ae2df90a/attachment-0003.htm>


More information about the Users mailing list