===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/74.html,v
retrieving revision 1.86
retrieving revision 1.87
diff -c -r1.86 -r1.87
*** www/74.html	2023/10/14 23:00:49	1.86
--- www/74.html	2023/10/15 00:30:41	1.87
***************
*** 253,259 ****
    <li>Extend and improve the ibuf API in <a
  	href="https://man.openbsd.org/ibuf_add_buf.3">libutil</a> and add
  	function for more specific data types, for modifying data at specific
! 	offsets, for getting and setting the filedescriptor stored on the ibuf
  	and for efficient wrapping of ibufs into imesgs. The ibuf API is
  	mostly used in network daemons.
    <li>In <a href="https://man.openbsd.org/wsconsctl.8">wsconsctl(8)</a>,
--- 253,259 ----
    <li>Extend and improve the ibuf API in <a
  	href="https://man.openbsd.org/ibuf_add_buf.3">libutil</a> and add
  	function for more specific data types, for modifying data at specific
! 	offsets, for getting and setting the file descriptor stored on the ibuf
  	and for efficient wrapping of ibufs into imesgs. The ibuf API is
  	mostly used in network daemons.
    <li>In <a href="https://man.openbsd.org/wsconsctl.8">wsconsctl(8)</a>,
***************
*** 394,400 ****
  	@weekly, @daily and @hourly entries.
    <li>Fix a bug in <a
  	href="https://man.openbsd.org/cron.8">cron(8)</a> where whitespace
! 	after usernames would not be completly skipped while parsing the
  	href="https://man.openbsd.org/crontab.5">crontab(5)</a> file.
    <li>In pax(1), safely escape characters when displaying messages
  	that may include file names, and truncate times to the correct maximum
--- 394,400 ----
  	@weekly, @daily and @hourly entries.
    <li>Fix a bug in <a
  	href="https://man.openbsd.org/cron.8">cron(8)</a> where whitespace
! 	after usernames would not be completely skipped while parsing the
  	href="https://man.openbsd.org/crontab.5">crontab(5)</a> file.
    <li>In pax(1), safely escape characters when displaying messages
  	that may include file names, and truncate times to the correct maximum
***************
*** 417,423 ****
    <li>Add support for TEMPerGold 3.4 temperature sensor to
        <a href="https://man.openbsd.org/ugold.4">ugold(4)</a>.
    <li>Add <a href="https://man.openbsd.org/qcrng.4">qcrng(4)</a>,
! 	a driver for the Qualcomm RNG device found on the Thinkpad X13s.
    <li>Add <a href="https://man.openbsd.org/rkusbphy.4">rkusbphy(4)</a>,
        a driver for the usb2phy on Rockchip SoCs.
    <li>Support AP806/CP110 SoCs in
--- 417,423 ----
    <li>Add support for TEMPerGold 3.4 temperature sensor to
        <a href="https://man.openbsd.org/ugold.4">ugold(4)</a>.
    <li>Add <a href="https://man.openbsd.org/qcrng.4">qcrng(4)</a>,
! 	a driver for the Qualcomm RNG device found on the ThinkPad X13s.
    <li>Add <a href="https://man.openbsd.org/rkusbphy.4">rkusbphy(4)</a>,
        a driver for the usb2phy on Rockchip SoCs.
    <li>Support AP806/CP110 SoCs in
***************
*** 449,455 ****
  	a driver for the PMIC Shared Direct Access Memory found on
  	Qualcomm SoCs.
    <li>Add <a href="https://man.openbsd.org/stfrng.4">stfrng(4)</a>, a
! 	driver for the random number generator on the risc-v JH7110 SoC.
    <li>Add support for the PCIe controller on the JH7110 SoC with <a
  	href="https://man.openbsd.org/stfpciephy.4">stfpciephy(4)</a>
  
--- 449,455 ----
  	a driver for the PMIC Shared Direct Access Memory found on
  	Qualcomm SoCs.
    <li>Add <a href="https://man.openbsd.org/stfrng.4">stfrng(4)</a>, a
! 	driver for the random number generator on the StarFive JH7110 SoC.
    <li>Add support for the PCIe controller on the JH7110 SoC with <a
  	href="https://man.openbsd.org/stfpciephy.4">stfpciephy(4)</a>
  
***************
*** 645,670 ****
  <li>Security improvements:
    <ul>
    <li>Enabled support for branch target identification (BTI) in both
! 	the kernel and userland.  On hardware that supports this feautre, it
! 	helps enforcing control flow integrety by making sure malicious code
  	cannot jump into the middle of a function.
    <li>Enabled support for pointer authentication (PAC) in userland.  On
  	hardware that supports this feature it helps enforcing control flow
! 	integrety by making sure malicious code cannot manipulate a
  	function's return address.
    <li>On the amd64 architecture, enabled support for indirect
  	branch tracking (IBT) in both the kernel and userland.  On hardware
! 	that supports this feature, it helps enforcing control flow integrety
  	by making sure malicious code cannot jump into the middle of a
  	function.
    <li>On the arm64 architecture, enabled support for branch target
  	identification (BTI) in both the kernel and userland.  On hardware
! 	that supports this feature, it helps enforcing control flow integrety
  	by making sure malicious code cannot jump into the middle of a
  	function.
    <li>On the arm64 architecture, enabled support for pointer
  	authentication (PAC) in userland.  On hardware that supports this
! 	feature it helps enforcing control flow integrety by making sure
  	malicious code cannot manipulate a function's return address.
    </ul>
  
--- 645,670 ----
  <li>Security improvements:
    <ul>
    <li>Enabled support for branch target identification (BTI) in both
! 	the kernel and userland.  On hardware that supports this feature, it
! 	helps enforcing control flow integrity by making sure malicious code
  	cannot jump into the middle of a function.
    <li>Enabled support for pointer authentication (PAC) in userland.  On
  	hardware that supports this feature it helps enforcing control flow
! 	integrity by making sure malicious code cannot manipulate a
  	function's return address.
    <li>On the amd64 architecture, enabled support for indirect
  	branch tracking (IBT) in both the kernel and userland.  On hardware
! 	that supports this feature, it helps enforcing control flow integrity
  	by making sure malicious code cannot jump into the middle of a
  	function.
    <li>On the arm64 architecture, enabled support for branch target
  	identification (BTI) in both the kernel and userland.  On hardware
! 	that supports this feature, it helps enforcing control flow integrity
  	by making sure malicious code cannot jump into the middle of a
  	function.
    <li>On the arm64 architecture, enabled support for pointer
  	authentication (PAC) in userland.  On hardware that supports this
! 	feature it helps enforcing control flow integrity by making sure
  	malicious code cannot manipulate a function's return address.
    </ul>
  
***************
*** 964,970 ****
  	<li>Allowed arguments on NOOP.
    </ul>
  
!   <li>Many other changes in various network programms and libraries:
    <ul>
  	<li>Allow libpcap to read files with some additional link-layer type values.
  	<li>Let <a href="https://man.openbsd.org/pcap_fopen_offline.3"
--- 964,970 ----
  	<li>Allowed arguments on NOOP.
    </ul>
  
!   <li>Many other changes in various network programs and libraries:
    <ul>
  	<li>Allow libpcap to read files with some additional link-layer type values.
  	<li>Let <a href="https://man.openbsd.org/pcap_fopen_offline.3"
***************
*** 1040,1046 ****
  
  	  <li>Allow UDP for built-in <a
  		href="https://man.openbsd.org/inetd.8">inetd(8)</a> services on
! 		127.0.0.1. This restriction was added in year 2000 due to IPv6 compatibleand
  		mapped addresses.  Nowadays our kernel does not support these IPv6
  		features and blocks localhost addresses on non-loopback interfaces.
  		Make IPv4 127.0.0.1/8 and IPv6 ::1 behave identically and provide
--- 1040,1046 ----
  
  	  <li>Allow UDP for built-in <a
  		href="https://man.openbsd.org/inetd.8">inetd(8)</a> services on
! 		127.0.0.1. This restriction was added in year 2000 due to IPv6 compatible and
  		mapped addresses.  Nowadays our kernel does not support these IPv6
  		features and blocks localhost addresses on non-loopback interfaces.
  		Make IPv4 127.0.0.1/8 and IPv6 ::1 behave identically and provide