===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/64.html,v
retrieving revision 1.57
retrieving revision 1.58
diff -u -r1.57 -r1.58
--- www/64.html	2018/10/14 19:34:34	1.57
+++ www/64.html	2018/10/14 22:50:28	1.58
@@ -195,9 +195,21 @@
         process to the specified files and directories.  It is most
         powerful when properly combined with privilege separation
         and <a href="https://man.openbsd.org/pledge.2">pledge(2)</a>.
+    <li>Implemented MAP_STACK option for
+        <a href="https://man.openbsd.org/mmap.2">mmap(2)</a>.
+        At pagefaults and syscalls the kernel will check that the
+        stack pointer points to MAP_STACK memory, which mitigates
+        against attacks using stack pivots.
     <li>New RETGUARD security mechanism on amd64 and arm64:
         use per-function random cookies to protect access to function
         return instructions, making them harder to use in ROP gadgets.
+    <li><a href="https://man.openbsd.org/clang-local.1">clang(1)</a>
+        includes a pass which identifies common instructions which
+        may be useful in ROP gadgets and replaces them with safe
+        alternatives on amd64 and i386.
+    <li>The Retpoline mitigation against Spectre Variant 2 has been
+        enabled in <a href="https://man.openbsd.org/clang.1">clang(1)</a>
+        and in assembly files on amd64.
     <li>Simultaneous multithreading (SMT) is now disabled by default
         and can be enabled with the new <code>hw.smt</code>
         <a href="https://man.openbsd.org/sysctl.2">sysctl(2)</a> variable.