Patch for KRACK (CVE-2017-13077)

Ridwan Shariffdeen rshariffdeen at gmail.com
Wed Oct 10 08:26:15 PDT 2018


Is it just a code merge from the upstream?
or does it involve modifications?

On Wed, Oct 10, 2018 at 10:46 PM Matthew Dillon <dillon at backplane.com>
wrote:

> Upgrading the base wpa_supplicant would be a good idea.  At the moment it
> indicates its temporary status in the dmesg output... basically just there
> so you can boot up, bootstrap packages, and install the dports
> wpa_supplicant.
>
> -Matt
>
> On Tue, Oct 9, 2018 at 9:23 PM Aaron LI <aly at aaronly.me> wrote:
>
>> On Tue, 9 Oct 2018 20:29:41 +0800
>> Ridwan Shariffdeen <rshariffdeen at gmail.com> wrote:
>>
>> Hi Shariffdeen
>>
>> > I noticed the wpa_supplicant code in (
>> >
>> https://github.com/DragonFlyBSD/DragonFlyBSD/tree/master/contrib/wpa_supplicant
>> )
>> > is not updated for the last 4 years.
>> >
>> > There was a recent disclosure of bugs in wpa standard (
>> > https://www.krackattacks.com/)
>> >
>> > I am wondering if the patches are merged or this is not a valid bug for
>> > DragonFlyBSD?
>> > Please help me clarify.
>>
>> Thanks for referring to the security bug in dfly's base wpa_supplicant.
>> Yes, the base wpa_supplicant hasn't been updated for years, and its
>> startup
>> script will print a warning suggesting that users should install the
>> latest
>> wpa_supplicant from dports/packages.
>>
>> Nevertheless, one developer may take time to upgrade the wpa_supplicant in
>> base.
>>
>>
>> Cheers,
>> --
>> Aaron
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dragonflybsd.org/pipermail/users/attachments/20181010/4b6e533e/attachment-0003.htm>


More information about the Users mailing list