===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/59.html,v
retrieving revision 1.41
retrieving revision 1.42
diff -u -r1.41 -r1.42
--- www/59.html	2016/02/24 21:57:33	1.41
+++ www/59.html	2016/02/25 07:28:57	1.42
@@ -105,6 +105,10 @@
     <li>453 out of 707 base system binaries adapted to use pledge.
     <li>14 ports adapted to use pledge (some decompression tools, mutt,
 	some pdf tools, chromium/iridium, and the i3 window manager).
+    <li>pledge exposed several bugs that has been corrected, for example in <a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/bgpd/bgpd.c?rev=1.181&content-type=text/x-cvsweb-markup">bgpd(8)</a>, <a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin/iked/config.c?rev=1.40&content-type=text/x-cvsweb-markup">iked(8)</a>, <a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/ldapd/control.c?rev=1.13&content-type=text/x-cvsweb-markup">ldapd(8)</a>, <a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/ntpd/constraint.c?rev=1.25&content-type=text/x-cvsweb-markup">ntpd(8)</a> or <a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/syslogd/syslogd.c?rev=1.200&content-type=text/x-cvsweb-markup">syslogd(8)</a>,
+    <li>and several misguided "features" that has been removed, like <a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/asr/asr.c?rev=1.50&content-type=text/x-cvsweb-markup">support for HOSTALIASES from the resolver</a>, <a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/asr/asr.c?rev=1.49&content-type=text/x-cvsweb-markup">support for "lookup yp" in /etc/resolv.conf</a>, <a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/gnu/usr.bin/binutils-2.17/binutils/rename.c?rev=1.2&content-type=text/x-cvsweb-markup">setuid-preserving code in binutils tools</a> or <a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/patch/ed.c?rev=1.1&content-type=text/x-cvsweb-markup">ed-style diffs via proc/exec in patch(1)</a>.
+    <li>pledge has require a somehow intensive audit of userland to properly annotate programs, resulting some design changes like in <a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/rdate/rdate.c?rev=1.33&content-type=text/x-cvsweb-markup">rdate(1)</a>, <a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/sndiod/sndiod.c?rev=1.18&content-type=text/x-cvsweb-markup">sndiod(8)</a> or the introduction of SOCK_DNS <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=socket&sektion=2">socket(2)</a> flag that makes SS_DNS tagged socket conceptually different from plain socket.
+    <li>it also has been used to constraint programs in a more strict POSIX subset, like some <a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/gnu/usr.bin/binutils-2.17/binutils/objdump.c?rev=1.2&content-type=text/x-cvsweb-markup">binutils</a> tools that handle untrusted data (<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strings&sektion=1">strings(1)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=objdump&sektion=1">objdump(1)</a>, ...), or the RSA-privsep process in <a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/ca.c?rev=1.15&content-type=text/x-cvsweb-markup">smtpd(1)</a>.
     </ul>
 <p>