===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/65.html,v
retrieving revision 1.75
retrieving revision 1.76
diff -u -r1.75 -r1.76
--- www/65.html	2019/04/13 03:15:36	1.75
+++ www/65.html	2019/04/13 03:20:06	1.76
@@ -144,46 +144,44 @@
 
 <li>Security improvements:
   <ul>
-      <li>
-        <a href="https://man.openbsd.org/unveil.2">unveil(2)</a> has been
-        improved to understand and find covering unveil matches above the
-        working directory of the running process for relative path accesses.
-        As a result many programs now can use unveil in broad ways such as
-        unveil("/", "r");
-      <li>
-        <a href="https://man.openbsd.org/unveil.2">unveil(2)</a> no longer
-        silently allows
-        <a href="https://man.openbsd.org/stat.2">stat(2)</a> and
-        <a href="https://man.openbsd.org/access.2">access(2)</a> to work on any
-        unveiled path component.
-      <li>Now using <a href="https://man.openbsd.org/unveil.2">unveil(2)</a> in
-	<a href="https://man.openbsd.org/ospfd">ospfd(8)</a>,
-	<a href="https://man.openbsd.org/ospf6d">ospf6d(8)</a>,
-	<a href="https://man.openbsd.org/rebound">rebound(8)</a>,
-	<a href="https://man.openbsd.org/getconf">getconf(1)</a>,
-	<a href="https://man.openbsd.org/kvm_mkdb">kvm_mkdb(8)</a>,
-	<a href="https://man.openbsd.org/bdftopcf">bdftopcf(1)</a>,
-	<a href="https://man.openbsd.org/Xserver">Xserver(1)</a>,
-	<a href="https://man.openbsd.org/passwd">passwd(1)</a>,
-	<a href="https://man.openbsd.org/spamlogd">spamlogd(8)</a>,
-	<a href="https://man.openbsd.org/spamd">spamd(8)</a>,
-	<a href="https://man.openbsd.org/sensorsd">sensorsd(8)</a>,
-	<a href="https://man.openbsd.org/snmpd">snmpd(8)</a>,
-	<a href="https://man.openbsd.org/htpasswd">htpasswd(1)</a>,
-	<a href="https://man.openbsd.org/ifstated">ifstated(8)</a>.
-	Some <a href="https://man.openbsd.org/pledge.2">pledge(2)</a>
-	changes were required to accommodate unveil.
-	  <li>ROP mitigations in <a href="https://man.openbsd.org/clang-local.1">clang(1)</a>
-		  have been improved, resulting in a significant decrease in the number
-		  of polymorphic ROP gadgets in binaries on i386/amd64.
-	  <li>RETGUARD performance and security has been improved in
-		  <a href="https://man.openbsd.org/clang-local.1">clang(1)</a>
-		  by keeping data on registers instead of on the stack when possible,
-		  and lengthing the epilogue trapsled on amd64 to consume the rest
-		  of the cache line before the return.
-	  <li>RETGUARD replaces the stack protector on amd64 and arm64,
-		  since RETGUARD instruments every function that returns and provides
-		  better security properties than the traditional stack protector.
+  <li><a href="https://man.openbsd.org/unveil.2">unveil(2)</a> has been
+    improved to understand and find covering unveil matches above the
+    working directory of the running process for relative path accesses.
+    As a result many programs now can use unveil in broad ways such as
+    unveil("/", "r");
+  <li><a href="https://man.openbsd.org/unveil.2">unveil(2)</a> no longer
+    silently allows
+    <a href="https://man.openbsd.org/stat.2">stat(2)</a> and
+    <a href="https://man.openbsd.org/access.2">access(2)</a> to work on any
+    unveiled path component.
+  <li>Now using <a href="https://man.openbsd.org/unveil.2">unveil(2)</a> in
+    <a href="https://man.openbsd.org/ospfd">ospfd(8)</a>,
+    <a href="https://man.openbsd.org/ospf6d">ospf6d(8)</a>,
+    <a href="https://man.openbsd.org/rebound">rebound(8)</a>,
+    <a href="https://man.openbsd.org/getconf">getconf(1)</a>,
+    <a href="https://man.openbsd.org/kvm_mkdb">kvm_mkdb(8)</a>,
+    <a href="https://man.openbsd.org/bdftopcf">bdftopcf(1)</a>,
+    <a href="https://man.openbsd.org/Xserver">Xserver(1)</a>,
+    <a href="https://man.openbsd.org/passwd">passwd(1)</a>,
+    <a href="https://man.openbsd.org/spamlogd">spamlogd(8)</a>,
+    <a href="https://man.openbsd.org/spamd">spamd(8)</a>,
+    <a href="https://man.openbsd.org/sensorsd">sensorsd(8)</a>,
+    <a href="https://man.openbsd.org/snmpd">snmpd(8)</a>,
+    <a href="https://man.openbsd.org/htpasswd">htpasswd(1)</a>,
+    <a href="https://man.openbsd.org/ifstated">ifstated(8)</a>.
+    Some <a href="https://man.openbsd.org/pledge.2">pledge(2)</a>
+    changes were required to accommodate unveil.
+  <li>ROP mitigations in <a href="https://man.openbsd.org/clang-local.1">clang(1)</a>
+    have been improved, resulting in a significant decrease in the number
+    of polymorphic ROP gadgets in binaries on i386/amd64.
+  <li>RETGUARD performance and security has been improved in
+    <a href="https://man.openbsd.org/clang-local.1">clang(1)</a>
+    by keeping data on registers instead of on the stack when possible,
+    and lengthing the epilogue trapsled on amd64 to consume the rest
+    of the cache line before the return.
+  <li>RETGUARD replaces the stack protector on amd64 and arm64,
+    since RETGUARD instruments every function that returns and provides
+    better security properties than the traditional stack protector.
   </ul>
 <p>