Update to FreeBSD head 2018-12-20

Git mirror commit 19a6ceb89dbacf74697d493e48c388767126d418.

It includes an update of wpa_supplicant to version 2.7.

It includes an update of the OpenSSL baseline to version 1.1.1a.

Update #3472.

freebsd/sbin/ping/ping.c

@@ -98,6 +98,7 @@ __FBSDID("$FreeBSD$");
 #include <netipsec/ipsec.h>
 #endif /*IPSEC*/
 
+#include <capsicum_helpers.h>
 #include <ctype.h>
 #include <err.h>
 #include <errno.h>
@@ -322,9 +323,9 @@ main(int argc, char *const *argv)
 #ifdef IPSEC_POLICY_IPSEC
 	policy_in = policy_out = NULL;
 #endif
+#ifndef __rtems__
 	cap_rights_t rights;
-	bool cansandbox;
-#ifdef __rtems__
+#else /* __rtems__ */
 	struct getopt_data getopt_data;
 	memset(&getopt_data, 0, sizeof(getopt_data));
 #define optind getopt_data.optind
@@ -387,7 +388,7 @@ main(int argc, char *const *argv)
 			break;
 		case 'c':
 			ltmp = strtol(optarg, &ep, 0);
-			if (*ep || ep == optarg || ltmp > LONG_MAX || ltmp <=0)
+			if (*ep || ep == optarg || ltmp <= 0)
 				errx(EX_USAGE,
 				    "invalid count of packets to transmit: `%s'",
 				    optarg);
@@ -780,28 +781,23 @@ main(int argc, char *const *argv)
 		ip->ip_dst = to->sin_addr;
         }
 
-	if (options & F_NUMERIC)
-		cansandbox = true;
-	else if (capdns != NULL)
-		cansandbox = CASPER_SUPPORT;
-	else
-		cansandbox = false;
-
+#ifndef __rtems__
 	/*
 	 * Here we enter capability mode. Further down access to global
 	 * namespaces (e.g filesystem) is restricted (see capsicum(4)).
 	 * We must connect(2) our socket before this point.
 	 */
-	if (cansandbox && cap_enter() < 0 && errno != ENOSYS)
+	caph_cache_catpages();
+	if (caph_enter_casper() < 0)
 		err(1, "cap_enter");
 
 	cap_rights_init(&rights, CAP_RECV, CAP_EVENT, CAP_SETSOCKOPT);
-	if (cap_rights_limit(srecv, &rights) < 0 && errno != ENOSYS)
+	if (caph_rights_limit(srecv, &rights) < 0)
 		err(1, "cap_rights_limit srecv");
-
 	cap_rights_init(&rights, CAP_SEND, CAP_SETSOCKOPT);
-	if (cap_rights_limit(ssend, &rights) < 0 && errno != ENOSYS)
+	if (caph_rights_limit(ssend, &rights) < 0)
 		err(1, "cap_rights_limit ssend");
+#endif /* __rtems__ */
 
 	/* record route option */
 	if (options & F_RROUTE) {
@@ -883,17 +879,21 @@ main(int argc, char *const *argv)
 	hold = IP_MAXPACKET + 128;
 	(void)setsockopt(srecv, SOL_SOCKET, SO_RCVBUF, (char *)&hold,
 	    sizeof(hold));
+#ifndef __rtems__
 	/* CAP_SETSOCKOPT removed */
 	cap_rights_init(&rights, CAP_RECV, CAP_EVENT);
-	if (cap_rights_limit(srecv, &rights) < 0 && errno != ENOSYS)
+	if (caph_rights_limit(srecv, &rights) < 0)
 		err(1, "cap_rights_limit srecv setsockopt");
+#endif /* __rtems__ */
 	if (uid == 0)
 		(void)setsockopt(ssend, SOL_SOCKET, SO_SNDBUF, (char *)&hold,
 		    sizeof(hold));
+#ifndef __rtems__
 	/* CAP_SETSOCKOPT removed */
 	cap_rights_init(&rights, CAP_SEND);
-	if (cap_rights_limit(ssend, &rights) < 0 && errno != ENOSYS)
+	if (caph_rights_limit(ssend, &rights) < 0)
 		err(1, "cap_rights_limit ssend setsockopt");
+#endif /* __rtems__ */
 
 	if (to->sin_family == AF_INET) {
 		(void)printf("PING %s (%s)", hostname,