===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/75.html,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -r1.34 -r1.35
--- www/75.html	2024/03/31 21:47:37	1.34
+++ www/75.html	2024/03/31 22:31:43	1.35
@@ -420,24 +420,40 @@
 
 <li>Security improvements:
   <ul>
+  <li>Introduce pinsyscalls(2): The kernel and <a
+	href="https://man.openbsd.org/ld.so.1">ld.so(1)</a> register the
+	precise entry location of every system call used by a program, as
+	described in the new ELF section .openbsd.syscalls inside ld.so and
+	libc.so. ld.so uses the new syscall <a
+	href="https://man.openbsd.org/pinsyscalls.2">pinsyscalls(2)</a> to
+	tell the kernel the precise entry location of system calls in
+	libc.so.<br>
+      Attempting to use a different system call entry instruction to
+	perform a non-corresponding system call operation will fail and the
+	process will be terminated with signal SIGABRT.
+  <li>Removed support for <a
+	href="https://man.openbsd.org/syscall.2">syscall(2)</a>, the
+	"indirection system call," a dangerous alternative entry point for all
+	system calls.<br>
+      Together with <a
+	href="https://man.openbsd.org/pinsyscalls.2">pinsyscalls(2)</a> this
+	change makes it ipmpossible to perform system call through any other
+	way than the libc system cann wrapper functions.<br<
+      Users of syscall(2), such as Perl and the Go programming
+	languange were converted to use the libc functions.
   <li>Added <a href="https://man.openbsd.org/pledge.2">pledge(2)</a>
 	stdio before parsing pfkey messages to <a
 	href="https://man.openbsd.org/ipsecctl.8">ipsecctl(8)</a> -m and -s.
-  <li>Tightened <a href="https://man.openbsd.org/pax.1">pax(1)</a> <a
-	href="https://man.openbsd.org/pledge.2">pledge(2)</a> in List and
-	Append modes.
-  <li>Created __OpenBSD versions of llvm cxa guard implementation using
-	futex() with the correct number of arguments and without using <a
+  <li>Tightened the <a
+	href="https://man.openbsd.org/pledge.2">pledge(2)</a> in <a
+	href="https://man.openbsd.org/pax.1">pax(1)</a> in List and Append
+	modes.
+  <li>Created __OpenBSD versions of llvm cxa guard implementation
+	using <a href="https://man.openbsd.org/futex.2">futex(2)</a> with the
+	correct number of arguments and without using <a
 	href="https://man.openbsd.org/syscall.2">syscall(2)</a>.
-  <li>Removed support for <a
-	href="https://man.openbsd.org/syscall.2">syscall(2)</a>, the
-	"indirection system call," a dangerous alternative entry point for all
-	system calls and incompatible with the precision system call entry
-	point scheme a.k.a. <a href="https://man.openbsd.org/pinsyscalls.2">pinsyscalls(2)</a>
-
-  <li>Enable BTI and PAC again on arm64.
-  <li><a style="color:red;" href="https://man.openbsd.org/pinsyscalls.2">pinsyscalls(2)</a>
-
+  <li>Improvements in Pointer Authentication (PAC) and Branch Target
+	Identification (BTI) on arm64.
   </ul>
 
 <li>Changes in the network stack:
@@ -516,7 +532,12 @@
 
   <li>In <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>,
   <ul>
-  <li>...
+    <li>Rewrite the internal message passing mechanism to use a new
+	memory-safe API.
+    <li>Rewrite most protocol parsers to use the new memory-safe API.
+	Convert the UPDATE parser, all of RTR, as well as both the MRT dump
+	code in bgpd and the parser in bgpctl.
+    <li>Improve RTR logging, error handling and version negotiation.
   </ul>
 
   <li><a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> saw these and more changes: