mktemp(3). It would be amazingly unlikely, but the former method
could result in a symlink attack. A better solution would use
${TMPDIR}, though.
o Make sed not overwrite old backup files with no warning.
inter-process signalling ceased to preserve and return that value,
instead always returning EPERM. This meant that it was possible
to "probe" the pid space for processes that were not otherwise
visible. This change reverts that reversion.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
previously used "micro-optimization" (count-down loop) into a
pessimization. Now the loops are written in the more natural count-up
form.
Also, while being there, i made the logic in out_fdc() similar to the
logic in in_fdc(). The old implementation was a bit bogus anyway
since it first tested the DIO bit and only afterwards the RQM bit.
However, according to the description of the i82077, the DIO bit is
only guaranteed to be valid once the RQM bit is set. Thus, the old
implementatoin would have had the chance to misbehave on a controller
that is implemented in accordance with the i82077 description (but is
not bug-for-bug compatible).
MFC after: 3 days
results in the syncache entry being turned into a socket. While it's
not used in the main tree, this is required in the MAC tree so that
labels can be propagated from the mbuf to the socket. This is also
useful if you're doing things like transparent IP connection hijacking
and you want to use the syncache/cookie mechanism, but we won't go
there.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
structures etc. to ext2fs-specific names, and remove ufs-specific
code that is no longer required. As a first stage, the code will
still convert back and forth between the on-disk format and struct
inode, so the struct dinode fields have been added to struct inode
for now.
Note that these files are not yet connected to the build.
additional system boot ordering entry, SI_SUB_MAC_LATE, which occurs
after all MAC policies have been initialized, permitting the MAC
subsystem to take action once all "early loaded" modules are in place.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
arch. This makes "make release TARGET_ARCH=foo" really work.
(I only tested with "make rerelease" before to save some time and did
not notice the problem.)
o Bump version number to 3.0.4
o When talking to a RADIUS server, provide a NAS-Port-Type.
When the NAS-Port-Type is Ethernet, provide a NAS-Port value equal
to the SESSIONID from the environment in direct mode or the
NGM_PPPOE_SESSIONID message in other modes. If no SESSIONID is found,
default to the interface index in client mode or zero in server mode.
When the NAS-Port-Type is ISDN, set the NAS-Port to the minor number
of the physical device (ie, the N in /dev/i4brbchN).
This makes it easier for the RADIUS server to identify the client
WRT accounting data etc.
Prompted by: lsz8425 <lsz8425@mail.cd.hn.cn>
- fix a potential overrun made worse by rev 1.5 of camlib.h
- change strncpy() and strcpy() calls to strlcpy()
- use sizeof(string[]) instead of STRING_LEN to avoid future problems
- get rid of an unused variable
Thanks to BDE for pointing out some of the problems.
MFC after: 2 weeks