===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/67.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- www/67.html	2020/05/06 12:20:45	1.1
+++ www/67.html	2020/05/06 12:36:08	1.2
@@ -669,16 +669,12 @@
 	features and auditing it. The kernel API accessible to these
 	programs is now restricted through <a
 	href="https://man.openbsd.org/pledge">pledge(2)</a>.
-
-<!-- syscall call-from -->
-    <li><span style="color: red;">"syscall call-from" checking</span>
-    <li>Introduced <a
-	href="https://man.openbsd.org/msyscall">msyscall(2)</a>, permitting
-	system calls from selected code regions only: the main program, <a
-	href="https://man.openbsd.org/ld.so">ld.so(1)</a>, libc.so and
-	sigtramp. This is intended to harden against a mixture of W^X failures
-	and JIT bugs allowing syscall misinterpretation.
-
+    <li>System calls may now only be performed from selected code regions:
+	the main program, <a href="https://man.openbsd.org/ld.so">ld.so(1)</a>,
+	libc.so and the signal trampoline. A new system call
+	<a href="https://man.openbsd.org/msyscall">msyscall(2)</a> indicates
+	the the libc range, and activates the locking.  This change hardens
+	against some attack methods.
     <li>Prevented stack trace saving from inspecting untrusted data on
 	amd64, arm64 and i386.
     <li>Used lfence in place of stac/clac on pre-SMAP CPUs to protect