src.conf.5: regen after RELRO knob addition

share/man/man5/src.conf.5

@@ -1,6 +1,6 @@
 .\" DO NOT EDIT-- this file is @generated by tools/build/options/makeman.
 .\" $FreeBSD$
-.Dd June 8, 2022
+.Dd June 22, 2022
 .Dt SRC.CONF 5
 .Os
 .Sh NAME
@@ -196,6 +196,13 @@ Build all binaries with the
 .Dv DF_BIND_NOW
 flag set to indicate that the run-time loader should perform all relocation
 processing at process startup rather than on demand.
+The combination of the
+.Va BIND_NOW
+and
+.Va RELRO
+options provide "full" Relocation Read-Only (RELRO) support.
+With full RELRO the entire GOT is made read-only after performing relocation at
+startup, avoiding GOT overwrite attacks.
 .It Va WITHOUT_BLACKLIST
 Set this if you do not want to build
 .Xr blacklistd 8
@@ -651,8 +658,8 @@ Avoid installing examples to
 Include experimental features in the build.
 .It Va WITH_EXTRA_TCP_STACKS
 Build extra TCP stack modules.
-.It Va WITHOUT_FDT
+.It Va WITH_FDT
-Do not build Flattened Device Tree support as part of the base system.
+Build Flattened Device Tree support as part of the base system.
 This includes the device tree compiler (dtc) and libfdt support library.
 .It Va WITHOUT_FILE
 Do not build
@@ -1416,6 +1423,11 @@ by proxy.
 .It Va WITHOUT_RBOOTD
 Do not build or install
 .Xr rbootd 8 .
+.It Va WITHOUT_RELRO
+Do not apply the Relocation Read-Only (RELRO) vulnerability mitigation.
+See also the
+.Va BIND_NOW
+option.
 .It Va WITH_REPRODUCIBLE_BUILD
 Exclude build metadata (such as the build time, user, or host)
 from the kernel, boot loaders, and uname output, so that builds produce