Also avoid clobbering some other edge cases like symlinks or
non-directories there.
This way, we have the following transitions on system updates:
- If /etc/openssl/certs is empty (as in default NetBSD<10 installs):
quietly populated on rehash.
- If /etc/openssl/certs is nonempty (you've added things to it,
e.g. by hand or with mozilla-rootcerts) and has never been managed
by certctl(8): left alone on rehash, with an error message to
explain what you need to do.
- If /etc/openssl/certs has been managed by certctl(8): quietly
updated on rehash.
Note: This means current installations made since certctl(8) was
added will be treated like /etc/openssl/certs is nonempty and has
never been managed by certctl(8). To work around this, you can just
delete /etc/openssl/certs and rerun `certctl rehash'.
Nor is it a bug that they're applied to the file rather than stored in
some magic secret database where they survive reinstalls, which the
prior wording seems to suggest was the eventual intention.
It is worth noting that they change the target file, so still say that.
in all cases here, the later parts of the structure are not actually
accessed, so there are no existing bugs here beyond general UB. for the
ufs ones, this also removes some casts.
found by GCC 12.
this introduces 4 new warning disable flags:
CC_WNO_MISSING_TEMPLATE_KEYWORD
CC_WNO_REGISTER
CC_WNO_STRINGOP_OVERREAD
CC_WNO_ARRAY_BOUNDS
and documents them in README.warnings. of these, the string op
and array bounds are both problematic (real bugs) and also spurious
(not real bugs), and the other 2 are mostly temporary for older
3rd party code.
add some new uses of CC_WNO_STRINGOP_OVERFLOW.
fix m68k build for gallium and GCC 12.
overflow checked snprintf(). for res_debug.c and res_query.c, convert
from sprintf() to snprintf().
tested scp and rcp fail properly with too-long paths.
tested getaddrinfo fails as expected for too-long domains.
tested dig and ping for similar (res_debug.c/res_query.c).
created a temporary fs with quotas to test edquota with a long EDITOR.
did not test ypserv directly, but it's the same pattern.
avoids GCC 12 snprintf() warnings, and reduces total code size.
most of these are like, eg
void foo(int[2]);
with either of these
void foo(int*) { ... }
void foo(int[]) { ... }
in some cases (such as stat or utimes* calls found in our header files),
we now match standard definition from opengroup.
found by GCC 12.
this is like the "-D" option, except it skips the xfers/s, and
reports MB/s instead of KB/s. allows for far more devices to
be displayed per line by default (about 50% more.)
This avoids rapid playback when playing from file with affected devices.
Playback using pad(4) is still preferred ad gives a better result.
Playback from pad(4) is unaffected by this change.
XXX pullup-10.
Tell the user how to list flags right away, not at the very end.
Do not repeat "for the program" 6 times for each flag letter, it's a
noise by itself already and the italics of .Ar program exacerbates it.
Make the list of flags compact but manually add breaks between the
pairs of enable/disable flags.