===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/66.html,v
retrieving revision 1.27
retrieving revision 1.28
diff -c -r1.27 -r1.28
*** www/66.html	2019/09/30 12:53:10	1.27
--- www/66.html	2019/09/30 12:58:14	1.28
***************
*** 382,396 ****
  <li>Security improvements:
    <ul>
      <li><a href="https://man.openbsd.org/unveil.2">unveil(2)</a> is
!       now used in 77 userland programs to restrict filesystem
!       access.
      <li>Various changes
        in <a href="https://man.openbsd.org/unveil.2">unveil(2)</a>
        to improve application behavior when encountering hidden
        filesystem paths.
!     <li><a href="https://man.openbsd.org/ps.1">ps(1)</a> can now show
!       which processes have called unveil(2) to run with a restricted
!       filesystem view.
      <li>Further and improved mitigations against Spectre side-channel
        vulnerability in Intel CPUs built since 2012.
      <li>Mitigations for Intel's Microarchitectural Data Sampling
--- 382,398 ----
  <li>Security improvements:
    <ul>
      <li><a href="https://man.openbsd.org/unveil.2">unveil(2)</a> is
!       now used in 77 userland programs to redact filesystem access.
      <li>Various changes
        in <a href="https://man.openbsd.org/unveil.2">unveil(2)</a>
        to improve application behavior when encountering hidden
        filesystem paths.
!     <li><a href="https://man.openbsd.org/ps.1">ps(1)</a> can show which
!       processes have called <a href="https://man.openbsd.org/unveil.2">unveil(2)</a>
!       with the <b>u</b> and <b>U</b> flags in STATE field.
!     <li><a href="https://man.openbsd.org/ps.1">ps(1)</a> can show the list
!       of <a href="https://man.openbsd.org/pledge.2">pledge(2)</a> options
!       processes use with the <b>-o pledge</b> option.
      <li>Further and improved mitigations against Spectre side-channel
        vulnerability in Intel CPUs built since 2012.
      <li>Mitigations for Intel's Microarchitectural Data Sampling
***************
*** 403,411 ****
      <li>Rewrote <a href="https://man.openbsd.org/doas.1">doas(1)</a>
        environment inheritance not to inherit, and instead reset to the
        target user's values by default.
!     <li>Make
        the <a href="https://www.openbsd.org/amd64.htmp">amd64</a> BIOS
!       bootloader load a kernel at a random virtual address.
      <li>Introduced
        <a href="https://man.openbsd.org/malloc_conceal.3">malloc_conceal(3)</a>
        and <a href="https://man.openbsd.org/calloc_conceal.3">calloc_conceal(3)</a>,
--- 405,413 ----
      <li>Rewrote <a href="https://man.openbsd.org/doas.1">doas(1)</a>
        environment inheritance not to inherit, and instead reset to the
        target user's values by default.
!     <li>Prepare
        the <a href="https://www.openbsd.org/amd64.htmp">amd64</a> BIOS
!       bootloader for loading the kernel at a random virtual address (future work).
      <li>Introduced
        <a href="https://man.openbsd.org/malloc_conceal.3">malloc_conceal(3)</a>
        and <a href="https://man.openbsd.org/calloc_conceal.3">calloc_conceal(3)</a>,