===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/74.html,v
retrieving revision 1.79
retrieving revision 1.80
diff -c -r1.79 -r1.80
*** www/74.html	2023/10/14 19:53:05	1.79
--- www/74.html	2023/10/14 21:13:43	1.80
***************
*** 116,122 ****
    <li>On arm64, use the deep idle state available on Apple M1/M2 cores
  	in the idle loop and for suspend, resulting in power savings.
    <!-- reverted <li>In <a href="https://man.openbsd.org/xhci.4">xhci(4)</a>, when
! 	detaching devices when we suspend, we need to continue processing
  	command completion events. This fixes USB suspend/resume in Apple
  	M1/M2. -->
    </ul>
--- 116,122 ----
    <li>On arm64, use the deep idle state available on Apple M1/M2 cores
  	in the idle loop and for suspend, resulting in power savings.
    <!-- reverted <li>In <a href="https://man.openbsd.org/xhci.4">xhci(4)</a>, when
! 	detaching devices during suspend, must continue processing
  	command completion events. This fixes USB suspend/resume in Apple
  	M1/M2. -->
    </ul>
***************
*** 498,504 ****
  	the RGMII interface before taking the PHY out of reset.
    <li>Improve <a href="https://man.openbsd.org/dwqe.4">dwqe(4)</a> and
  	determine PHY mode and pass the appropriate flags down to the PHY when
! 	we attach it.
    <li>Report in <a href="https://man.openbsd.org/dmesg.8">dmesg(8)</a> on
        which gmac the <a href="https://man.openbsd.org/dwqe.4">dwqe(4)</a>
        driver is attaching to.
--- 498,504 ----
  	the RGMII interface before taking the PHY out of reset.
    <li>Improve <a href="https://man.openbsd.org/dwqe.4">dwqe(4)</a> and
  	determine PHY mode and pass the appropriate flags down to the PHY when
! 	attaching.
    <li>Report in <a href="https://man.openbsd.org/dmesg.8">dmesg(8)</a> on
        which gmac the <a href="https://man.openbsd.org/dwqe.4">dwqe(4)</a>
        driver is attaching to.
***************
*** 594,618 ****
  
  <li>Security improvements:
    <ul>
!   <li>We enabled support for branch target identification (BTI) in both
  	the kernel and userland.  On hardware that supports this feautre, it
  	helps enforcing control flow integrety by making sure malicious code
  	cannot jump into the middle of a function.
!   <li>We enabled support for pointer authentication (PAC) in userland.  On
  	hardware that supports this feature it helps enforcing control flow
  	integrety by making sure malicious code cannot manipulate a
  	function's return address.
!   <li>On the amd64 architecture, we enabled support for indirect
  	branch tracking (IBT) in both the kernel and userland.  On hardware
  	that supports this feature, it helps enforcing control flow integrety
  	by making sure malicious code cannot jump into the middle of a
  	function.
!   <li>On the arm64 architecture, we enabled support for branch target
  	identification (BTI) in both the kernel and userland.  On hardware
  	that supports this feature, it helps enforcing control flow integrety
  	by making sure malicious code cannot jump into the middle of a
  	function.
!   <li>On the arm64 architecture, we enabled support for pointer
  	authentication (PAC) in userland.  On hardware that supports this
  	feature it helps enforcing control flow integrety by making sure
  	malicious code cannot manipulate a function's return address.
--- 594,618 ----
  
  <li>Security improvements:
    <ul>
!   <li>Enabled support for branch target identification (BTI) in both
  	the kernel and userland.  On hardware that supports this feautre, it
  	helps enforcing control flow integrety by making sure malicious code
  	cannot jump into the middle of a function.
!   <li>Enabled support for pointer authentication (PAC) in userland.  On
  	hardware that supports this feature it helps enforcing control flow
  	integrety by making sure malicious code cannot manipulate a
  	function's return address.
!   <li>On the amd64 architecture, enabled support for indirect
  	branch tracking (IBT) in both the kernel and userland.  On hardware
  	that supports this feature, it helps enforcing control flow integrety
  	by making sure malicious code cannot jump into the middle of a
  	function.
!   <li>On the arm64 architecture, enabled support for branch target
  	identification (BTI) in both the kernel and userland.  On hardware
  	that supports this feature, it helps enforcing control flow integrety
  	by making sure malicious code cannot jump into the middle of a
  	function.
!   <li>On the arm64 architecture, enabled support for pointer
  	authentication (PAC) in userland.  On hardware that supports this
  	feature it helps enforcing control flow integrety by making sure
  	malicious code cannot manipulate a function's return address.
***************
*** 909,916 ****
  	remove artificial limit of 2 hours on a PIO lifetime.
    <li>Make <a href="https://man.openbsd.org/ypldap.8">ypldap(8)</a>
  	more resilient when some servers are
! 	misbehaving: keep trying LDAP servers until we get full results from
! 	one, rather than just until one accepts the TCP connection.
    <li>New <a href="https://man.openbsd.org/ifconfig.8#wgdescription"
        >wgdescription</a> parameter to
        <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>
--- 909,916 ----
  	remove artificial limit of 2 hours on a PIO lifetime.
    <li>Make <a href="https://man.openbsd.org/ypldap.8">ypldap(8)</a>
  	more resilient when some servers are
! 	misbehaving: keep trying LDAP servers until full results arrive
! 	rather than just until one accepts the TCP connection.
    <li>New <a href="https://man.openbsd.org/ifconfig.8#wgdescription"
        >wgdescription</a> parameter to
        <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>