Merged r37215--a few slight improvements to CHANGELOG text for 7.70

CHANGELOG

@@ -2,9 +2,12 @@
 
 Nmap 7.70 [2018-03-20]
 
-o [Windows] Updated the bundled Npcap from 0.93 to 0.99-r2, with many
+o [Windows] We made a ton of improvements to our Npcap Windows packet
-  stability fixes and installation improvements, as well as fixes to
+  capturing library (https://nmap.org/npcap/) for greater performance and
-  raw 802.11 frame capture. See https://nmap.org/npcap/changelog
+  stability, as well as smoother installer and better 802.11 raw frame
+  capturing support. Nmap 7.70 updates the bundled Npcap from version 0.93 to
+  0.99-r2, including all these changes from the last seven Npcap releases:
+  https://nmap.org/npcap/changelog
 
 o Integrated all of your service/version detection fingerprints submitted from
   March 2017 to August 2017 (728 of them). The signature count went up 1.02%
@@ -27,13 +30,12 @@ o Added the --resolve-all option to resolve and scan all IP addresses of a
 
 o [NSE][SECURITY] Nmap developer nnposter found a security flaw (directory
   traversal vulnerability) in the way the non-default http-fetch script
-  sanitized URLs. If a user manualy ran this NSE script with against a
+  sanitized URLs. If a user manualy ran this NSE script against a malicious
-  malicious web server, the server could potentially (depending on NSE
+  web server, the server could potentially (depending on NSE arguments used)
-  arguments used) cause files to be saved outside the intended destination
+  cause files to be saved outside the intended destination directory. Existing
-  directory. Existing files couldn't be overwritten.  We fixed http-fetch,
+  files couldn't be overwritten.  We fixed http-fetch, audited our other
-  audited our other scripts to ensure they didn't make this mistake, and we
+  scripts to ensure they didn't make this mistake, and updated the httpspider
-  updated the httpspider library API to protect against this by
+  library API to protect against this by default. [nnposter, Daniel Miller]
-  default. [nnposter, Daniel Miller]
 
 o [NSE] Added 9 NSE scripts, from 8 authors, bringing the total up to 588!
   They are all listed at https://nmap.org/nsedoc/, and the summaries are
@@ -108,17 +110,15 @@ o [NSE][GH#1129] Changed url.absolute() behavior with respect to dot and
 o Removed deprecated and undocumented aliases for several long options that
   used underscores instead of hyphens, such as --max_retries. [Daniel Miller]
 
-o Improved service scan's treatment of soft matches in two ways. First
+o Improved service scan's treatment of soft matches in two ways. First of all,
-  of all, any probes that could result in a full match with the soft
+  any probes that could result in a full match with the soft matched service
-  matched service will now be sent, regardless of rarity.  This
+  will now be sent, regardless of rarity.  This improves the chances of
-  improves the chances of matching unusual services on non-standard
+  matching unusual services on non-standard ports.  Second, probes are now
-  ports.  Second, probes are now skipped if they don't contain any
+  skipped if they don't contain any signatures for the soft matched service.
-  signatures for the soft matched service.  Previously the probes
+  Previously the probes would still be run as long as the target port number
-  would still be run as long as the target port number matched the
+  matched the probe's specification.  Together, these changes should make
-  probe's specification.  Together, these changes should make
+  service/version detection faster and more accurate.  For more details on how
-  service/version detection faster and more accurate.  For more
+  it works, see https://nmap.org/book/vscan.html. [Daniel Miller]
-  details on how it works, see
-  https://nmap.org/book/vscan.html. [Daniel Miller]
 
 o --version-all now turns off the soft match optimization, ensuring that all
   probes really are sent, even if there aren't any existing match lines for