freebsd-dev

History

Xin LI 48f9270689 Issue warning and refuse to proceed further if the configured repository signature_type is unsupported by bootstrap pkg(7). Previously, when signature_type specified an unsupported method, the bootstrap pkg(7) would proceed like when signature_type is "none". MITM attackers may be able to use this vulnerability and bypass validation and install their own versions of pkg(8). At this time, only fingerprint and none are supported by the bootstrap pkg(7). FreeBSD's official pkg(8) repository uses the fingerprint method and is therefore unaffected. Errata candidate. Discussed with: bapt@ Submitted by: Fabian Keil Obtained from: ElectroBSD		2015-08-19 18:24:39 +00:00
..
config.c	Use pkg-1.4-style platform identifiers based on MACHINE_ARCH (e.g.	2014-10-27 23:19:51 +00:00
config.h	Fix multi-repository support by properly respecting 'enabled' flag.	2013-12-12 17:59:09 +00:00
dns_utils.c	Fix build with gcc	2013-10-23 15:29:42 +00:00
dns_utils.h	Improve SRV records support for the pkg(8) bootstrap:	2013-10-23 14:06:07 +00:00
Makefile	Convert usr.sbin to LIBADD	2014-11-25 16:57:27 +00:00
Makefile.depend	Add META_MODE support.	2015-06-13 19:20:56 +00:00
pkg.7	Fix multi-repository support by properly respecting 'enabled' flag.	2013-12-12 17:59:09 +00:00
pkg.c	Issue warning and refuse to proceed further if the configured	2015-08-19 18:24:39 +00:00