From owner-svn-src-stable-9@freebsd.org  Sun Aug 16 00:39:45 2015
Return-Path: <owner-svn-src-stable-9@freebsd.org>
Delivered-To: svn-src-stable-9@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 36D1C9BAC5A;
 Sun, 16 Aug 2015 00:39:45 +0000 (UTC) (envelope-from mav@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 275DC13C7;
 Sun, 16 Aug 2015 00:39:45 +0000 (UTC) (envelope-from mav@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.70])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id t7G0djl8051388;
 Sun, 16 Aug 2015 00:39:45 GMT (envelope-from mav@FreeBSD.org)
Received: (from mav@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id t7G0dj4U051387;
 Sun, 16 Aug 2015 00:39:45 GMT (envelope-from mav@FreeBSD.org)
Message-Id: <201508160039.t7G0dj4U051387@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: mav set sender to mav@FreeBSD.org
 using -f
From: Alexander Motin <mav@FreeBSD.org>
Date: Sun, 16 Aug 2015 00:39:45 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org
Subject: svn commit: r286820 - stable/9/lib/libgeom
X-SVN-Group: stable-9
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-stable-9@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: SVN commit messages for only the 9-stable src tree
 <svn-src-stable-9.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-stable-9>, 
 <mailto:svn-src-stable-9-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable-9/>
List-Post: <mailto:svn-src-stable-9@freebsd.org>
List-Help: <mailto:svn-src-stable-9-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-stable-9>, 
 <mailto:svn-src-stable-9-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Aug 2015 00:39:45 -0000

Author: mav
Date: Sun Aug 16 00:39:44 2015
New Revision: 286820
URL: https://svnweb.freebsd.org/changeset/base/286820

Log:
  MFC r286719: Revert part of r280687, reporting "1" (true) for empty value.
  
  For example, it made gpart partitions without label report "1" as label.

Modified:
  stable/9/lib/libgeom/geom_xml2tree.c
Directory Properties:
  stable/9/   (props changed)
  stable/9/lib/   (props changed)
  stable/9/lib/libgeom/   (props changed)

Modified: stable/9/lib/libgeom/geom_xml2tree.c
==============================================================================
--- stable/9/lib/libgeom/geom_xml2tree.c	Sun Aug 16 00:37:47 2015	(r286819)
+++ stable/9/lib/libgeom/geom_xml2tree.c	Sun Aug 16 00:39:44 2015	(r286820)
@@ -286,7 +286,7 @@ EndElement(void *userData, const char *n
 			    "element", name);
 			return;
 		}
-		gc->lg_val = p ? p : strdup("1");
+		gc->lg_val = p;
 		LIST_INSERT_HEAD(c, gc, lg_config);
 		return;
 	}

From owner-svn-src-stable-9@freebsd.org  Tue Aug 18 19:30:07 2015
Return-Path: <owner-svn-src-stable-9@freebsd.org>
Delivered-To: svn-src-stable-9@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 05DF09BC9E8;
 Tue, 18 Aug 2015 19:30:07 +0000 (UTC)
 (envelope-from delphij@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id D0DC51903;
 Tue, 18 Aug 2015 19:30:06 +0000 (UTC)
 (envelope-from delphij@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.70])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id t7IJU6KD089471;
 Tue, 18 Aug 2015 19:30:06 GMT (envelope-from delphij@FreeBSD.org)
Received: (from delphij@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id t7IJU6xe089470;
 Tue, 18 Aug 2015 19:30:06 GMT (envelope-from delphij@FreeBSD.org)
Message-Id: <201508181930.t7IJU6xe089470@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: delphij set sender to
 delphij@FreeBSD.org using -f
From: Xin LI <delphij@FreeBSD.org>
Date: Tue, 18 Aug 2015 19:30:06 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org
Subject: svn commit: r286900 - in stable: 10/contrib/expat/lib
 9/contrib/expat/lib
X-SVN-Group: stable-9
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-stable-9@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: SVN commit messages for only the 9-stable src tree
 <svn-src-stable-9.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-stable-9>, 
 <mailto:svn-src-stable-9-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable-9/>
List-Post: <mailto:svn-src-stable-9@freebsd.org>
List-Help: <mailto:svn-src-stable-9-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-stable-9>, 
 <mailto:svn-src-stable-9-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Aug 2015 19:30:07 -0000

Author: delphij
Date: Tue Aug 18 19:30:05 2015
New Revision: 286900
URL: https://svnweb.freebsd.org/changeset/base/286900

Log:
  Fix multiple integer overflows in expat.
  
  Security:	CVE-2015-1283
  Security:	FreeBSD-SA-15:20.expat

Modified:
  stable/9/contrib/expat/lib/xmlparse.c

Changes in other areas also in this revision:
Modified:
  stable/10/contrib/expat/lib/xmlparse.c

Modified: stable/9/contrib/expat/lib/xmlparse.c
==============================================================================
--- stable/9/contrib/expat/lib/xmlparse.c	Tue Aug 18 19:30:04 2015	(r286899)
+++ stable/9/contrib/expat/lib/xmlparse.c	Tue Aug 18 19:30:05 2015	(r286900)
@@ -1678,6 +1678,12 @@ XML_ParseBuffer(XML_Parser parser, int l
 void * XMLCALL
 XML_GetBuffer(XML_Parser parser, int len)
 {
+/* BEGIN MOZILLA CHANGE (sanity check len) */
+  if (len < 0) {
+    errorCode = XML_ERROR_NO_MEMORY;
+    return NULL;
+  }
+/* END MOZILLA CHANGE */
   switch (ps_parsing) {
   case XML_SUSPENDED:
     errorCode = XML_ERROR_SUSPENDED;
@@ -1689,8 +1695,13 @@ XML_GetBuffer(XML_Parser parser, int len
   }
 
   if (len > bufferLim - bufferEnd) {
-    /* FIXME avoid integer overflow */
     int neededSize = len + (int)(bufferEnd - bufferPtr);
+/* BEGIN MOZILLA CHANGE (sanity check neededSize) */
+    if (neededSize < 0) {
+      errorCode = XML_ERROR_NO_MEMORY;
+      return NULL;
+    }
+/* END MOZILLA CHANGE */
 #ifdef XML_CONTEXT_BYTES
     int keep = (int)(bufferPtr - buffer);
 
@@ -1719,7 +1730,15 @@ XML_GetBuffer(XML_Parser parser, int len
         bufferSize = INIT_BUFFER_SIZE;
       do {
         bufferSize *= 2;
-      } while (bufferSize < neededSize);
+/* BEGIN MOZILLA CHANGE (prevent infinite loop on overflow) */
+      } while (bufferSize < neededSize && bufferSize > 0);
+/* END MOZILLA CHANGE */
+/* BEGIN MOZILLA CHANGE (sanity check bufferSize) */
+      if (bufferSize <= 0) {
+        errorCode = XML_ERROR_NO_MEMORY;
+        return NULL;
+      }
+/* END MOZILLA CHANGE */
       newBuf = (char *)MALLOC(bufferSize);
       if (newBuf == 0) {
         errorCode = XML_ERROR_NO_MEMORY;

From owner-svn-src-stable-9@freebsd.org  Tue Aug 18 20:27:05 2015
Return-Path: <owner-svn-src-stable-9@freebsd.org>
Delivered-To: svn-src-stable-9@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 471429BC0A9;
 Tue, 18 Aug 2015 20:27:05 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 36F2617E;
 Tue, 18 Aug 2015 20:27:05 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.70])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id t7IKR5Ql016071;
 Tue, 18 Aug 2015 20:27:05 GMT (envelope-from gjb@FreeBSD.org)
Received: (from gjb@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id t7IKR5bb016070;
 Tue, 18 Aug 2015 20:27:05 GMT (envelope-from gjb@FreeBSD.org)
Message-Id: <201508182027.t7IKR5bb016070@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org
 using -f
From: Glen Barber <gjb@FreeBSD.org>
Date: Tue, 18 Aug 2015 20:27:05 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org
Subject: svn commit: r286906 - in stable: 10/release/doc/share/xml
 9/release/doc/share/xml
X-SVN-Group: stable-9
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-stable-9@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: SVN commit messages for only the 9-stable src tree
 <svn-src-stable-9.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-stable-9>, 
 <mailto:svn-src-stable-9-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable-9/>
List-Post: <mailto:svn-src-stable-9@freebsd.org>
List-Help: <mailto:svn-src-stable-9-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-stable-9>, 
 <mailto:svn-src-stable-9-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Aug 2015 20:27:05 -0000

Author: gjb
Date: Tue Aug 18 20:27:03 2015
New Revision: 286906
URL: https://svnweb.freebsd.org/changeset/base/286906

Log:
  Document SA-15:20, EN-15:11, EN-15:12, EN-15:13.
  
  Sponsored by:	The FreeBSD Foundation

Modified:
  stable/9/release/doc/share/xml/security.xml

Changes in other areas also in this revision:
Modified:
  stable/10/release/doc/share/xml/errata.xml
  stable/10/release/doc/share/xml/security.xml

Modified: stable/9/release/doc/share/xml/security.xml
==============================================================================
--- stable/9/release/doc/share/xml/security.xml	Tue Aug 18 20:21:45 2015	(r286905)
+++ stable/9/release/doc/share/xml/security.xml	Tue Aug 18 20:27:03 2015	(r286906)
@@ -201,6 +201,14 @@
 	<entry><para>Remote denial of service
 	    vulnerability</para></entry>
       </row>
+
+      <row>
+	<entry><link
+	    xlink:href="&security.url;/FreeBSD-SA-15:20.expat.asc">FreeBSD-SA-15:20.expat</link></entry>
+	<entry>18&nbsp;August&nbsp;2015</entry>
+	<entry><para>Fix multiple integer overflows in
+	    &man.libbsdxml.3;.</para></entry>
+      </row>
     </tbody>
   </tgroup>
 </informaltable>

From owner-svn-src-stable-9@freebsd.org  Wed Aug 19 17:51:05 2015
Return-Path: <owner-svn-src-stable-9@freebsd.org>
Delivered-To: svn-src-stable-9@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id CFFE19BEEE2;
 Wed, 19 Aug 2015 17:51:05 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id A61E8EF2;
 Wed, 19 Aug 2015 17:51:05 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.70])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id t7JHp5Xu061361;
 Wed, 19 Aug 2015 17:51:05 GMT (envelope-from gjb@FreeBSD.org)
Received: (from gjb@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id t7JHp5Aq061360;
 Wed, 19 Aug 2015 17:51:05 GMT (envelope-from gjb@FreeBSD.org)
Message-Id: <201508191751.t7JHp5Aq061360@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org
 using -f
From: Glen Barber <gjb@FreeBSD.org>
Date: Wed, 19 Aug 2015 17:51:05 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org
Subject: svn commit: r286932 - head/release/doc/en_US.ISO8859-1/errata
 stable/10/release/doc/en_US.ISO8859-1/errata
 stable/9/release/doc/en_US.ISO8859-1/errata
X-SVN-Group: stable-9
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-stable-9@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: SVN commit messages for only the 9-stable src tree
 <svn-src-stable-9.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-stable-9>, 
 <mailto:svn-src-stable-9-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable-9/>
List-Post: <mailto:svn-src-stable-9@freebsd.org>
List-Help: <mailto:svn-src-stable-9-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-stable-9>, 
 <mailto:svn-src-stable-9-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Aug 2015 17:51:05 -0000

Author: gjb
Date: Wed Aug 19 17:51:03 2015
New Revision: 286932
URL: https://svnweb.freebsd.org/changeset/base/286932

Log:
  Remove a broken link.
  While here, prefer https where possible.
  
  Sponsored by:	The FreeBSD Foundation

Modified:
  stable/9/release/doc/en_US.ISO8859-1/errata/article.xml

Changes in other areas also in this revision:
Modified:
  head/release/doc/en_US.ISO8859-1/errata/article.xml
  stable/10/release/doc/en_US.ISO8859-1/errata/article.xml

Modified: stable/9/release/doc/en_US.ISO8859-1/errata/article.xml
==============================================================================
--- stable/9/release/doc/en_US.ISO8859-1/errata/article.xml	Wed Aug 19 17:47:47 2015	(r286931)
+++ stable/9/release/doc/en_US.ISO8859-1/errata/article.xml	Wed Aug 19 17:51:03 2015	(r286932)
@@ -69,14 +69,14 @@
       out of date by definition, but other copies are kept updated on
       the Internet and should be consulted as the <quote>current
       errata</quote> for this release.  These other copies of the
-      errata are located at <uri xlink:href="http://www.FreeBSD.org/releases/">http://www.FreeBSD.org/releases/</uri>, plus any sites
+      errata are located at <uri xlink:href="https://www.FreeBSD.org/releases/">https://www.FreeBSD.org/releases/</uri>, plus any sites
       which keep up-to-date mirrors of this location.</para>
 
     <para>Source and binary snapshots of &os; &release.branch; also
       contain up-to-date copies of this document (as of the time of
       the snapshot).</para>
 
-    <para>For a list of all &os; CERT security advisories, see <uri xlink:href="http://www.FreeBSD.org/security/">http://www.FreeBSD.org/security/</uri> or <uri xlink:href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/">ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/</uri>.</para>
+    <para>For a list of all &os; CERT security advisories, see <uri xlink:href="https://www.FreeBSD.org/security/">https://www.FreeBSD.org/security/</uri>.</para>
 
   </sect1>
 

From owner-svn-src-stable-9@freebsd.org  Wed Aug 19 18:33:26 2015
Return-Path: <owner-svn-src-stable-9@freebsd.org>
Delivered-To: svn-src-stable-9@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id CE4F99BE8F2;
 Wed, 19 Aug 2015 18:33:26 +0000 (UTC)
 (envelope-from delphij@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id A409FE42;
 Wed, 19 Aug 2015 18:33:26 +0000 (UTC)
 (envelope-from delphij@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.70])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id t7JIXQXk079718;
 Wed, 19 Aug 2015 18:33:26 GMT (envelope-from delphij@FreeBSD.org)
Received: (from delphij@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id t7JIXQqi079717;
 Wed, 19 Aug 2015 18:33:26 GMT (envelope-from delphij@FreeBSD.org)
Message-Id: <201508191833.t7JIXQqi079717@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: delphij set sender to
 delphij@FreeBSD.org using -f
From: Xin LI <delphij@FreeBSD.org>
Date: Wed, 19 Aug 2015 18:33:26 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org
Subject: svn commit: r286936 - stable/9/usr.sbin/pkg
X-SVN-Group: stable-9
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-stable-9@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: SVN commit messages for only the 9-stable src tree
 <svn-src-stable-9.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-stable-9>, 
 <mailto:svn-src-stable-9-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable-9/>
List-Post: <mailto:svn-src-stable-9@freebsd.org>
List-Help: <mailto:svn-src-stable-9-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-stable-9>, 
 <mailto:svn-src-stable-9-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Aug 2015 18:33:26 -0000

Author: delphij
Date: Wed Aug 19 18:33:25 2015
New Revision: 286936
URL: https://svnweb.freebsd.org/changeset/base/286936

Log:
  Instant-MFC r286933:
  
  Issue warning and refuse to proceed further if the configured
  repository signature_type is unsupported by bootstrap pkg(7).
  
  Previously, when signature_type specified an unsupported method,
  the bootstrap pkg(7) would proceed like when signature_type is
  "none".  MITM attackers may be able to use this vulnerability and
  bypass validation and install their own versions of pkg(8).
  
  At this time, only fingerprint and none are supported by the
  bootstrap pkg(7).
  
  FreeBSD's official pkg(8) repository uses the fingerprint method
  and is therefore unaffected.
  
  Errata candidate.

Modified:
  stable/9/usr.sbin/pkg/pkg.c
Directory Properties:
  stable/9/usr.sbin/pkg/   (props changed)

Modified: stable/9/usr.sbin/pkg/pkg.c
==============================================================================
--- stable/9/usr.sbin/pkg/pkg.c	Wed Aug 19 18:32:36 2015	(r286935)
+++ stable/9/usr.sbin/pkg/pkg.c	Wed Aug 19 18:33:25 2015	(r286936)
@@ -750,7 +750,13 @@ bootstrap_pkg(bool force)
 		goto fetchfail;
 
 	if (signature_type != NULL &&
-	    strcasecmp(signature_type, "FINGERPRINTS") == 0) {
+	    strcasecmp(signature_type, "NONE") != 0) {
+		if (strcasecmp(signature_type, "FINGERPRINTS") != 0) {
+			warnx("Signature type %s is not supported for "
+			    "bootstrapping.", signature_type);
+			goto cleanup;
+		}
+
 		snprintf(tmpsig, MAXPATHLEN, "%s/pkg.txz.sig.XXXXXX",
 		    getenv("TMPDIR") ? getenv("TMPDIR") : _PATH_TMP);
 		snprintf(url, MAXPATHLEN, "%s/Latest/pkg.txz.sig",
@@ -835,7 +841,13 @@ bootstrap_pkg_local(const char *pkgpath,
 		return (-1);
 	}
 	if (signature_type != NULL &&
-	    strcasecmp(signature_type, "FINGERPRINTS") == 0) {
+	    strcasecmp(signature_type, "NONE") != 0) {
+		if (strcasecmp(signature_type, "FINGERPRINTS") != 0) {
+			warnx("Signature type %s is not supported for "
+			    "bootstrapping.", signature_type);
+			goto cleanup;
+		}
+
 		snprintf(path, sizeof(path), "%s.sig", pkgpath);
 
 		if ((fd_sig = open(path, O_RDONLY)) == -1) {