diff --git a/winsup/doc/ChangeLog b/winsup/doc/ChangeLog
index 4ccd7d328..e814ffbb8 100644
--- a/winsup/doc/ChangeLog
+++ b/winsup/doc/ChangeLog
@@ -1,3 +1,9 @@
+2014-10-27  Corinna Vinschen  <corinna@vinschen.de>
+
+	* highlights.xml: Rearrange itemizedlist markup slightly.
+	* new-features.xml (ov-new1.7.33): Add setfacl -b option.
+	* utils.xml (setfacl): Ditto.
+
 2014-10-24  Luke Kendall  <luke.kendall@cisra.canon.com.au>
 
 	* ntsec.xml: More language and typo fixes.
diff --git a/winsup/doc/highlights.xml b/winsup/doc/highlights.xml
index 5de789a8c..76eb3fb1c 100644
--- a/winsup/doc/highlights.xml
+++ b/winsup/doc/highlights.xml
@@ -245,8 +245,9 @@ support for cloning address space between processes and several
 features actively undermine a reliable <literal>fork</literal>
 implementation. Three issues are especially prevalent:</para>
 
-<para><itemizedlist>
-<listitem>DLL base address collisions. Unlike *nix shared
+<itemizedlist mark="bullet">
+
+<listitem><para>DLL base address collisions. Unlike *nix shared
 libraries, which use "position-independent code", Windows shared
 libraries assume a fixed base address. Whenever the hard-wired
 address ranges of two DLLs collide (which occurs quite often), the
@@ -259,18 +260,18 @@ statically-linked dlls (dependencies known at compile time) are
 resolved before <literal>cygwin1.dll</literal> initializes and
 cannot be fixed afterward. This problem can only be solved by
 removing the base address conflicts which cause the problem,
-usually using the <literal>rebaseall</literal> tool.</listitem>
+usually using the <literal>rebaseall</literal> tool.</para></listitem>
 
-<listitem>Address space layout randomization (ASLR). Starting with
+<listitem><para>Address space layout randomization (ASLR). Starting with
 Vista, Windows implements ASLR, which means that thread stacks,
 heap, memory-mapped files, and statically-linked dlls are placed
 at different (random) locations in each process. This behaviour
 interferes with a proper <literal>fork</literal>, and if an
 unmovable object (process heap or system dll) ends up at the wrong
 location, Cygwin can do nothing to compensate (though it will
-retry a few times automatically).</listitem>
+retry a few times automatically).</para></listitem>
 
-<listitem>DLL injection by
+<listitem><para>DLL injection by
 <ulink url="http://cygwin.com/faq/faq.html#faq.using.bloda">
 BLODA</ulink>. Badly-behaved applications which
 inject dlls into other processes often manage to clobber important
@@ -279,7 +280,9 @@ collisions which rebasing cannot fix. The only way to resolve this
 problem is to remove (usually uninstall) the offending app.  See
 <xref linkend="cygwinenv-implemented-options"></xref> for the
 <literal>detect_bloda</literal> option, which may be able to identify the
-BLODA.</listitem></itemizedlist></para>
+BLODA.</para></listitem>
+
+</itemizedlist>
 
 <para>In summary, current Windows implementations make it
 impossible to implement a perfectly reliable fork, and occasional
diff --git a/winsup/doc/new-features.xml b/winsup/doc/new-features.xml
index f3a49815c..9ac630c04 100644
--- a/winsup/doc/new-features.xml
+++ b/winsup/doc/new-features.xml
@@ -15,6 +15,11 @@ without having to create /etc/passwd and /etc/group files.  Introduce
 /etc/nsswitch.conf file to configure passwd/group handling.
 </para>
 
+<listitem><para>
+Add -b/--remove-all option to setfacl to reduce the ACL to only the entries
+representing POSIX permission bits.
+</para></listitem>
+
 <para>
 For bordercase which require to use /etc/passwd and /etc/group files,
 change mkpasswd/mkgroup to generate passwd/group entries compatible with
diff --git a/winsup/doc/utils.xml b/winsup/doc/utils.xml
index acbda53d8..7c90d726e 100644
--- a/winsup/doc/utils.xml
+++ b/winsup/doc/utils.xml
@@ -1683,11 +1683,13 @@ Example: regtool.exe get '\user\software\Microsoft\Clock\iFormat'
     <title>setfacl</title>
 
     <screen>
-Usage: setfacl [-r] (-f ACL_FILE | -s acl_entries) FILE...
-       setfacl [-r] ([-d acl_entries] [-m acl_entries]) FILE...
+Usage: setfacl [-r] {-f ACL_FILE | -s acl_entries} FILE...
+       setfacl [-r] {-b|[-d acl_entries] [-m acl_entries]} FILE...
+
 
 Modify file and directory access control lists (ACLs)
 
+  -b, --remove-all remove all extended ACL entries
   -d, --delete     delete one or more specified ACL entries
   -f, --file       set ACL entries for FILE to ACL entries read
                    from a ACL_FILE
@@ -1699,7 +1701,7 @@ Modify file and directory access control lists (ACLs)
   -h, --help       output usage information and exit
   -V, --version    output version information and exit
 
-At least one of (-d, -f, -m, -s) must be specified
+At least one of (-b, -d, -f, -m, -s) must be specified
 </screen>
 
     <para> For each file given as parameter, <command>setfacl</command> will
@@ -1733,6 +1735,9 @@ At least one of (-d, -f, -m, -s) must be specified
 
     <para> The following options are supported: </para>
 
+    <para> <literal>-b</literal> Remove all extended ACL entries.  The base
+      ACL entries of the owner, group and others are retained.</para>
+
     <para> <literal>-d</literal> Delete one or more specified entries from the
       file's ACL. The owner, group and others entries must not be deleted.
       Acl_entries to be deleted should be specified without permissions, as in