src.conf: regen man page after RELRO change

1 files changed, 13 insertions, 1 deletions

diff --git a/share/man/man5/src.conf.5 b/share/man/man5/src.conf.5
index d7bb2f063fcc..62439ee77a41 100644
--- a/share/man/man5/src.conf.5
+++ b/share/man/man5/src.conf.5
@@ -1,6 +1,6 @@
 .\" DO NOT EDIT-- this file is @generated by tools/build/options/makeman.
 .\" $FreeBSD$
-.Dd February 28, 2023
+.Dd March 2, 2023
 .Dt SRC.CONF 5
 .Os
 .Sh NAME
@@ -183,6 +183,13 @@ Build all binaries with the
 .Dv DF_BIND_NOW
 flag set to indicate that the run-time loader should perform all relocation
 processing at process startup rather than on demand.
+The combination of the
+.Va BIND_NOW
+and
+.Va RELRO
+options provide "full" Relocation Read-Only (RELRO) support.
+With full RELRO the entire GOT is made read-only after performing relocation at
+startup, avoiding GOT overwrite attacks.
 .It Va WITHOUT_BLACKLIST
 Set this if you do not want to build
 .Xr blacklistd 8
@@ -1425,6 +1432,11 @@ by proxy.
 .It Va WITHOUT_RBOOTD
 Do not build or install
 .Xr rbootd 8 .
+.It Va WITHOUT_RELRO
+Do not apply the Relocation Read-Only (RELRO) vulnerability mitigation.
+See also the
+.Va BIND_NOW
+option.
 .It Va WITH_REPRODUCIBLE_BUILD
 Exclude build metadata (such as the build time, user, or host)
 from the kernel, boot loaders, and uname output, so that builds produce