===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/65.html,v
retrieving revision 1.69
retrieving revision 1.70
diff -c -r1.69 -r1.70
*** www/65.html	2019/04/12 14:41:47	1.69
--- www/65.html	2019/04/12 16:55:56	1.70
***************
*** 175,180 ****
--- 175,191 ----
  	<a href="https://man.openbsd.org/ifstated">ifstated(8)</a>.
  	Some <a href="https://man.openbsd.org/pledge.2">pledge(2)</a>
  	changes were required to accommodate unveil.
+ 	  <li>ROP mitigations in <a href="https://man.openbsd.org/clang-local.1">clang(1)</a>
+ 		  have been improved, resulting in a significant decrease in the number
+ 		  of polymorphic ROP gadgets in binaries on i386/amd64.
+ 	  <li>RETGUARD performance and security has been improved in
+ 		  <a href="https://man.openbsd.org/clang-local.1">clang(1)</a>
+ 		  by keeping data on registers instead of on the stack when possible,
+ 		  and lengthing the epilogue trapsled on amd64 to consume the rest
+ 		  of the cache line before the return.
+ 	  <li>RETGUARD replaces the stack protector on amd64 and arm64,
+ 		  since RETGUARD instruments every function that returns and provides
+ 		  better security properties than the traditional stack protector.
    </ul>
  <p>