===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/34.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- www/34.html	2003/09/04 05:04:08	1.5
+++ www/34.html	2003/09/04 06:29:45	1.6
@@ -76,12 +76,16 @@
 <li>The i386 architecture has been switched to the ELF executable format.
 <p>
 
-<li>Further W^X improvements, including support for the i386 and powerpc
-    architectures.
+<li>Further W^X improvements, including support for the i386 architecture.
+    Native i386 binaries have their executable segments rearranged to support
+    isolating code from data.
 <p>
 
-<li>ELF platforms now have random library ordering for greater resistance to
-    attacks.
+<li>ld.so on ELF platforms now loads libraries in a random order for
+    greater resistance to attacks.  The i386 architecture also has libraries
+    mapped at random addresses.  Along with W^X, these changes increase the
+    difficulty of successfully exploiting an application error, such as a
+    buffer overflow.
 <p>
 
 <li>A static bounds checker has been added to the compiler to perform basic
@@ -94,15 +98,16 @@
     to the original authors where possible.
 <p>
 
-<li>Privilege separation has been implemented for the syslog daemon, making it much
-    more robust against future errors.  The child which listens to network traffic
-    now runs as a normal user and chroots itself, while the parent process tracks
-    the state of the child and performs privileged operations on its behalf.
+<li>Privilege separation has been implemented for the syslog daemon, making
+    it much more robust against future errors.  The child which listens to
+    network traffic now runs as a normal user and chroots itself, while the
+    parent process tracks the state of the child and performs privileged
+    operations on its behalf.
 <p>
 
 <li>Many unsafe string functions have been removed from the kernel and userland
-    utilities.  This audit is one of the most comprehensive OpenBSD has ever done,
-    with thousands of occurrences of
+    utilities.  This audit is one of the most comprehensive OpenBSD has ever
+    done, with thousands of occurrences of
     <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strcpy">strcpy(3)</a> and
     <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strcat">strcat(3)</a> 
     being replaced with safer, bounded alternatives such as
@@ -121,14 +126,30 @@
 
 <li>The ports tree now supports building programs under 
     <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace">systrace(1)</a>,
-    preventing the possibility of applications harming the system at compile-time
-    via trojaned configuration scripts or otherwise.
+    preventing the possibility of applications harming the system at
+    compile-time via trojaned configuration scripts or otherwise.
 <p>
 
 <li>More licenses fixes, including the removal of the advertising clause
-for large parts of the source tree.
+    for large parts of the source tree.
 <p>
 
+<li>Replacement of GNU diff, grep, and gzip with BSD licensed equivalents.
+<p>
+
+<li>Addition of read-only support for NTFS file systems.
+<p>
+
+<li>Reliability improvements to layered file systems, enabling NULLFS to
+    work again.
+<p>
+
+<li>Improvements to the linux emulator enabling more applications to run.
+<p>
+
+<li>Restructuring of Kerberos libraries for easier management.
+<p>
+
 <li>Over 2400 tested packages.
 <p>
 
@@ -457,7 +478,7 @@
 alt="OpenBSD"></a>
 <a href="mailto:www@openbsd.org">www@openbsd.org</a>
 <br><small>
-$OpenBSD: 34.html,v 1.5 2003/09/04 05:04:08 avsm Exp $
+$OpenBSD: 34.html,v 1.6 2003/09/04 06:29:45 tedu Exp $
 </small>
 
 </body>
