Fix local privilege escalation in IRET handler. [SA-15:21]

Fix OpenSSH multiple vulnerabilities. [SA-15:22]

Disabled ixgbe(4) flow-director support. [EN-15:14]

Fix insufficient check of unsupported pkg(7) signature methods.
[EN-15:15]

Approved by:	so

1 files changed, 14 insertions, 2 deletions

diff --git a/usr.sbin/pkg/pkg.c b/usr.sbin/pkg/pkg.c
index 182c739..49f60f0 100644
--- a/usr.sbin/pkg/pkg.c
+++ b/usr.sbin/pkg/pkg.c
@@ -774,7 +774,13 @@ bootstrap_pkg(bool force)
 		goto fetchfail;
 
 	if (signature_type != NULL &&
-	    strcasecmp(signature_type, "FINGERPRINTS") == 0) {
+	    strcasecmp(signature_type, "NONE") != 0) {
+		if (strcasecmp(signature_type, "FINGERPRINTS") != 0) {
+			warnx("Signature type %s is not supported for "
+			    "bootstrapping.", signature_type);
+			goto cleanup;
+		}
+
 		snprintf(tmpsig, MAXPATHLEN, "%s/pkg.txz.sig.XXXXXX",
 		    getenv("TMPDIR") ? getenv("TMPDIR") : _PATH_TMP);
 		snprintf(url, MAXPATHLEN, "%s/Latest/pkg.txz.sig",
@@ -854,7 +860,13 @@ bootstrap_pkg_local(const char *pkgpath, bool force)
 		return (-1);
 	}
 	if (signature_type != NULL &&
-	    strcasecmp(signature_type, "FINGERPRINTS") == 0) {
+	    strcasecmp(signature_type, "NONE") != 0) {
+		if (strcasecmp(signature_type, "FINGERPRINTS") != 0) {
+			warnx("Signature type %s is not supported for "
+			    "bootstrapping.", signature_type);
+			goto cleanup;
+		}
+
 		snprintf(path, sizeof(path), "%s.sig", pkgpath);
 
 		if ((fd_sig = open(path, O_RDONLY)) == -1) {