Copy stable/11@r303970 to releng/11.0 as part of the 11.0-RELEASE
cycle.

Prune svn:mergeinfo from the new branch, and rename it to RC1.

Update __FreeBSD_version.

Use the quarterly branch for the default FreeBSD.conf pkg(8) repo and
the dvd1.iso packages population.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle.
Prune svn:mergeinfo from the new branch, as nothing has been merged
here.

Additional commits post-branch will follow.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Merge the projects/release-pkg branch to head.

This allows packaging the base system with pkg(8), including
but not limited to providing the ability to provide upstream
binary update possibilities for non-tier-1 architectures.

This merge is a requirement of the 11.0-RELEASE, and as such,
thank you to everyone that has tested the project branch.

Documentation in build(7) etc. is still somewhat sparse, but
updates to those parts will follow.

Sponsored by: The FreeBSD Foundation

DIRDEPS_BUILD: Regenerate without local dependencies.

These are no longer needed after the recent 'beforebuild: depend' changes
and hooking DIRDEPS_BUILD into a subset of FAST_DEPEND which supports
skipping 'make depend'.

Sponsored by: EMC / Isilon Storage Division

For INTERNALLIB always add in the corresponding _DP_ and use LIBADD in
the real build file.

This lessens the need to define DPADD_<lib> and LDADD_<lib> to just very
special cases.

Sponsored by: EMC / Isilon Storage Division

Don't add LIBADD=ipf to libipf itself.

This had no real impact since libipf is a static INTERNALLIB. It does conflict
with an assertion I am adding for LIBADD though.

Sponsored by: EMC / Isilon Storage Division

Update dependencies after r291406 added libelf to libkvm.

Unfortunately filemon/meta mode tracks all indirect dependencies here
since ld(1) is reading libelf when linking in libkvm. Churn would be
reduced if this was able to be limited to direct dependencies.

Sponsored by: EMC / Isilon Storage Division

Remove redundant DPSRCS which were already in SRCS.

DPSRCS already contains all of SRCS.

MFC after: 1 week
Sponsored by: EMC / Isilon Storage Division

META_MODE: For some reason meta mode cannot generate the intermediate tab.c
files. Split up all of the targets to be more clear on how they are generated
to fix the problem.

MFC after: 2 weeks
Sponsored by: EMC / Isilon Storage Division

Add SUBDIR_PARALLEL.

MFC after: 2 weeks
Sponsored by: EMC / Isilon Storage Division

Remove disconnected directories.

These were added disconnected in 2005 in r145524.

Sponsored by: EMC / Isilon Storage Division

Update META_MODE dependencies.

Add META_MODE support.

Off by default, build behaves normally.
WITH_META_MODE we get auto objdir creation, the ability to
start build from anywhere in the tree.

Still need to add real targets under targets/ to build packages.

Differential Revision: D2796
Reviewed by: brooks imp

Convert sbin/ to LIBADD
Reduce overlinking

Revert r267233 for now. PIE support needs to be reworked.

1. 50+% of NO_PIE use is fixed by adding -fPIC to INTERNALLIB and other
build-only utility libraries.
2. Another 40% is fixed by generating _pic.a variants of various libraries.
3. Some of the NO_PIE use is a bit absurd as it is disabling PIE (and ASLR)
where it never would work anyhow, such as csu or loader. This suggests
there may be better ways of adding support to the tree. Many of these
cases can be fixed such that -fPIE will work but there is really no
reason to have it in those cases.
4. Some of the uses are working around hacks done to some Makefiles that are
really building libraries but have been using bsd.prog.mk because the code
is cleaner. Had they been using bsd.lib.mk then NO_PIE would not have
been needed.

We likely do want to enable PIE by default (opt-out) for non-tree consumers
(such as ports). For in-tree though we probably want to only enable PIE
(opt-in) for common attack targets such as remote service daemons and setuid
utilities. This is also a great performance compromise since ASLR is expected
to reduce performance. As such it does not make sense to enable it in all
utilities such as ls(1) that have little benefit to having it enabled.

Reported by: kib

Honour WITH and WITHOUT_INET6_SUPPORT.

Approved by: glebius (mentor)
MFC after: 3 days

In preparation for ASLR [1] support add WITH_PIE to support building with -fPIE.

This is currently an opt-in build flag. Once ASLR support is ready and stable
it should changed to opt-out and be enabled by default along with ASLR.

Each application Makefile uses opt-out to ensure that ASLR will be enabled by
default in new directories when the system is compiled with PIE/ASLR. [2]

Mark known build failures as NO_PIE for now.

The only known runtime failure was rtld.

[1] http://www.bsdcan.org/2014/schedule/events/452.en.html
Submitted by: Shawn Webb <lattera@gmail.com>
Discussed between: des@ and Shawn Webb [2]

Update ipfilter 4.1.28 --> 5.1.2.

Approved by: glebius (mentor)
BSD Licensed by: Darren Reed <darrenr@reed.wattle.id.au> (author)

Link ipfilter(4) and ipfilter(5) to the build to stop the wrong man page
displaying for 'man 4 ipfilter'.

PR: docs/118020
Approved by: gjb (mentor)
MFC after: 5 days

Use both NO_WFORMAT and NO_WARRAY_BOUNDS for sbin/ipf, it would be too
disruptive to actually fix all the warnings, and the code hasn't been
maintained for several years.

MFC after: 1 week

Always assign WARNS using ?=

- fix some nearby style bugs
- include Makefile.inc where it makes sense and reduces duplication

Approved by: ed (co-mentor)

Switch the default WARNS level for sbin/ to 6.

Submitted by: Ulrich Spörlein

This makefile builds contrib code, so I won't try to fix all the
casts from pointer to int here.

Exclude inet_addr.c from the build.
It only provides inet_aton(), which is already provided by the libc. This
causes multiple symbol definitions when linking statically.

Reviewed by: darrenr

Merge IPFilter 4.1.23 back to HEAD
See src/contrib/ipfilter/HISTORY for details of changes since 4.1.13

Fix the manual build.

Regularly scheduled patch to unbreak regularly scheduled post-ipfilter
buildworld breakage.

Exclude loglevel.c from the build. It does not appear to be used by
anything in the tree and buildworld succeeds just fine without it.

Adapt to ipf 4.1.13

fix style nit

Add missing library dependencies.

Add printproto.c to libipf

Fix the contents of the underneath .depend files and "make checkdpadd".

Enable building /sbin/ipf (but not the rescue version) with the ability to
parse bpf strings for filter rules in ipf.conf

Patches from Ruslam Ermilov to remove NetBSD bits from Makefiles and cleanup
build problems with rescue.

Not looking for ipfilter source files in the right place

create a new build heirarchy for ipfilter tools

Link a couple of missing manpages

Submitted by: Hideyuki KURASHINA <rushani@FreeBSD.org>
MFC after: 1 week

style.Makefile(5):
Use WARNS?= instead of WARNS=.

Move my maintainership of parts of ipfilter back to Darren Reed

* add extra -I path to get the "matching" header files.

Default to WARNS=2.
Binary builds that cannot handle this must explicitly set WARNS=0.

Reviewed by: mike

Pick up the correct headers from sys/contrib/ipfilter/netinet.

Backout previous change (removal of -I${.CURDIR}/../../sys/netinet).
This is needed to pick up the right headers. Wrong headers from
src/contrib/ipfilter are used otherwise.

The right fix would be to fix contrib/ipfilter C sources to pick up
headers from <sys/netinet>.

Noticed by: peter

Removed -I${.CURDIR}/.../sys from CFLAGS.

- Backout botched attempt to introduce MANSECT feature.
- MAN[1-9] -> MAN.

Build with -DUSE_INET6 so that we can actually use the IPv6 support in
IPFilter 3.4.x.

Approved by: darrenr, guido

add common.c to SRCS to fix compile problems

Add MAINTAINER tag.

The Makefiles in sbin/{ipfstat,ipmon,ipnat} were repository copied
from the respective directories in usr.sbin

Revive userland stuff for ipfilter.
Also fixes:
PR: 7791