Add EN-14:10 and EN-14:11.

svn path=/head/; revision=45862

share/security/advisories/FreeBSD-EN-14:10.tzdata.asc

@@ -0,0 +1,175 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-14:10.tzdata                                         Errata Notice
+                                                          The FreeBSD Project
+
+Topic:		Time zone data file update
+
+Category:       contrib
+Module:         zoneinfo
+Announced:      2014-10-22
+Affects:        All supported versions of FreeBSD prior to FreeBSD 10.1-BETA1
+Corrected:      2014-08-29 13:41:21 UTC (stable/10, 10.1-PRERELEASE)
+                2014-10-21 23:52:25 UTC (releng/10.0, 10.0-RELEASE-p11)
+                2014-08-29 13:27:49 UTC (stable/9, 9.3-STABLE)
+                2014-10-21 23:50:46 UTC (releng/9.3, 9.3-RELEASE-p4)
+                2014-10-21 23:52:25 UTC (releng/9.2, 9.2-RELEASE-p14)
+                2014-10-21 23:52:25 UTC (releng/9.1, 9.1-RELEASE-p21)
+                2014-08-29 13:26:11 UTC (stable/8, 8.4-STABLE)
+                2014-10-21 23:52:25 UTC (releng/8.4, 8.4-RELEASE-p18)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:http://security.freebsd.org/>.
+
+I.   Background
+
+The tzsetup(8) program allows the user to specify the default local
+timezone.  Based on the selected timezone, tzsetup(8) copies one of the
+files from /usr/share/zoneinfo to /etc/localtime.  This file actually
+controls the conversion.
+
+II.  Problem Description
+
+Several changes in Daylight Savings Time happened after previous
+FreeBSD releases were released that would affect many people who
+live in different countries.  Because of these changes, the data in
+the zoneinfo files need to be updated, and if the local timezone on
+the running system is affected, tzsetup(8) needs to be run so the
+/etc/localtime is updated.
+
+III. Impact
+
+An incorrect time will be displayed on a system configured to use one
+of the affected timezones if the /usr/share/zoneinfo and /etc/localtime
+files are not updated, and all applications on the system that rely on
+the system time, such as cron(8) and syslog(8), will be affected.
+
+IV.  Workaround
+
+The system administrator can install an updated timezone database from
+the misc/zoneinfo port and run tzsetup(8) to get the timezone database
+corrected.
+
+Applications that store and display times in Coordinated Universal Time
+(UTC) are not affected.
+
+V.   Solution
+
+Please note that some third party software, for instance PHP, Ruby,
+Java and Perl, may be using different zoneinfo data source, in such
+cases these software has to be updated separately.  For software
+packages that is installed via package collection, they can be
+upgraded by doing a `pkg upgrade'.
+
+Following the instructions in this Errata Notice will update all of
+the zoneinfo files to be the same as what was released with FreeBSD
+release.
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+2) To update your present system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 8.4]
+# fetch http://security.FreeBSD.org/patches/EN-14:10/tzdata-8.4.patch
+# fetch http://security.FreeBSD.org/patches/EN-14:10/tzdata-8.4.patch.asc
+# gpg --verify tzdata-8.4.patch.asc
+
+[FreeBSD 9.1]
+# fetch http://security.FreeBSD.org/patches/EN-14:10/tzdata-9.1.patch
+# fetch http://security.FreeBSD.org/patches/EN-14:10/tzdata-9.1.patch.asc
+# gpg --verify tzdata-9.1.patch.asc
+
+[FreeBSD 9.2]
+# fetch http://security.FreeBSD.org/patches/EN-14:10/tzdata-9.2.patch
+# fetch http://security.FreeBSD.org/patches/EN-14:10/tzdata-9.2.patch.asc
+# gpg --verify tzdata-9.2.patch.asc
+
+[FreeBSD 9.3]
+# fetch http://security.FreeBSD.org/patches/EN-14:10/tzdata-9.3.patch
+# fetch http://security.FreeBSD.org/patches/EN-14:10/tzdata-9.3.patch.asc
+# gpg --verify tzdata-9.3.patch.asc
+
+[FreeBSD 10.0]
+# fetch http://security.FreeBSD.org/patches/EN-14:10/tzdata-10.0.patch
+# fetch http://security.FreeBSD.org/patches/EN-14:10/tzdata-10.0.patch.asc
+# gpg --verify tzdata-10.0.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart all the affected applications and daemons, or reboot the system.
+
+3) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/8/                                                         r270814
+releng/8.4/                                                       r273439
+stable/9/                                                         r270815
+releng/9.1/                                                       r273439
+releng/9.2/                                                       r273439
+releng/9.3/                                                       r273438
+stable/10/                                                        r270817
+releng/10.0/                                                      r273439
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:http://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+The latest revision of this Errata Notice is available at
+http://security.FreeBSD.org/advisories/FreeBSD-EN-14:10.tzdata.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0
+
+iQIcBAEBCgAGBQJUSA5BAAoJEO1n7NZdz2rnUusP/ijQW4Dsn4R9rMta1e7ZokhN
+YR02tSR+CHUYM/ks0AB8s6NYt6VfK7EAeMiIZqM+EK1Sg8RWfG1NsOJ/JR4K9aSk
+gbkqDUbJ/ACBz8MkKQegpI4wXJIYd5DipajJncN+960HJ2qu7gY7NSQGTjbfvA//
+MIbNLgxpmVDr3BHFYGYW4Y1dBqIWzrjaBX8aURmqOP6KOZ+x2Y0UeNmjCGifQTqv
+2yv2Fw8GnPNQpQu5rlPgL9uLn2YVAsCrhz8CXSvf10gEij1fM+COAqbXhxBMEEjs
+ZOfUWqtCPL4p/fToiQVsq7g6SzmukxUDbH+kAo4jbZhixGmscPo83sklt3u7++vZ
+nNV0ascp0hFN+prDPGZ1nVlAhQtUYOY1RX1fQ1d7yWJhVfy+zJUAbglL6C06+oUr
+QX4YLaS2oD4VqCTqM+cGJEgvF8z4CUGy2wPkRsPxWFslmqAewTpOrcOB+xlFDCjo
+Rymp1zbusduRm2PAFOaQigtRG7JjW448Q5NkZR+TY5ZlmQLdO55o+x1Sm1FxOGUW
+o/tFWH5wzmKidGQq2cSG2fXe4lAbo7kPkc+9cCCrF0OQldjbU27fQXQUROmHHZhE
+mJdBBAH4SOX3nGVsZM79zIwTw3rXcekv0hdPoCkHxJySJZO9bDLpTdEip3hLM4Xq
+i++VVywJAeUJ752xLXc0
+=hb2R
+-----END PGP SIGNATURE-----

share/security/advisories/FreeBSD-EN-14:11.crypt.asc

@@ -0,0 +1,136 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-14:11.crypt                                          Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          crypt(3) default hashing algorithm
+
+Category:       core
+Module:         libcrypt
+Announced:      2014-10-22
+Affects:        FreeBSD 9.3 and FreeBSD 10.0-STABLE after 2014-05-11 and 
+                before 2014-10-16.
+Corrected:      2014-10-13 15:56:47 UTC (stable/10, 10.1-PRERELEASE)
+                2014-10-16 21:39:04 UTC (releng/10.1, 10.1-RC3)
+                2014-10-16 21:39:04 UTC (releng/10.1, 10.1-RC2-p2)
+                2014-10-16 21:39:04 UTC (releng/10.1, 10.1-RC1-p2)
+                2014-10-16 21:39:04 UTC (releng/10.1, 10.1-BETA3-p2)
+                2014-10-21 21:09:54 UTC (stable/9, 9.3-STABLE)
+                2014-10-21 23:50:46 UTC (releng/9.3, 9.3-RELEASE-p4)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:http://security.freebsd.org/>.
+
+I.   Background
+
+The crypt(3) function performs password hashing.  Different algorithms
+of varying strength are available, with older, weaker algorithms being
+retained for compatibility.
+
+The crypt(3) function was originally based on the DES encryption
+algorithm and generated a 13-character hash from an eight-character
+password (longer passwords were truncated) and a two-character salt.
+
+II.  Problem Description
+
+In recent FreeBSD releases, the default algorithm for crypt(3) was
+changed to SHA-512, which generates a much longer hash than the
+traditional DES-based algorithm.
+
+III. Impact
+
+Many applications assume that crypt(3) always returns a traditional DES
+hash, and blindly copy it into a short buffer without bounds checks. This
+may lead to a variety of undesirable results including, at worst, crashing
+the application.
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+2) To update your present system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/EN-14:11/crypt.patch
+# fetch http://security.FreeBSD.org/patches/EN-14:11/crypt.patch.asc
+# gpg --verify crypt.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart all deamons using the library, or reboot the system.
+
+3) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/9/                                                         r273425
+releng/9.3/                                                       r273438
+stable/10/                                                        r273043
+releng/10.1/                                                      r273187
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:http://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+The latest revision of this Errata Notice is available at
+http://security.FreeBSD.org/advisories/FreeBSD-EN-14:11.crypt.asc
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0
+
+iQIcBAEBCgAGBQJUSAvTAAoJEO1n7NZdz2rnOnsP/0a4Cz7DAc9aW7Ia1aLnGBbZ
+HDBF7t+LjVj94PnXxhUWWxGgN5KAsYg1TaXw2b68KyrQYQK/X9mG6Qlu8MWjngaL
+fH3bKPV+h2Fog8Y7nEW0QmW5sd863Uo5NxNyDcXU0m4frk7yo+i6yBHlBq07eWGv
+6fqDjLiP8+kLLCkDtu+s4e9NfJcc8XMRxCzEseLVorDU/5eZWUx5Mb5NkJWt6vLf
+jrPclEEVZrrfsf5zt6MN6ZmwYi85RcW/TwksCT5UzYQeoZlr3BtTsFMqEs8ZYulJ
+1kUcml4yV8IstaWm1bq8QMM76zfUHe/OzLbwTcynZofBPSWS4DF1f+GpzHW7z11w
+/bNGLFWdXm+mbLjv6GCi/rpplIuTUgdTCUr0yC9iyox9e1a1Ukl6B63PA/nnwzas
+OFAKZppMiP8S4/RtyueeBJx+ZASNn+ZPTjiiiV92VxYzIreLYDbClzMFjVqd95Wc
+Yt1AYvfeRAPmTLNEGhGbgOKZBX6ZdCZDqQIctvnT/LjmJQ3evSxz+wVge1UnYMit
+do71bHIWLrRPZlyyh/bNHT2pXxj2Sdw49rbiJqE7VeJnbo1qlAv5jjxaKF8rs+WZ
+hFINgZaoVQ2HdHXgj/dvnKi/D7QrfVBomyRMrYq8YmoniRhu1uqbT2LN8QjMhOnA
+MfV6XkrYkUgh3Z74uRyu
+=psMc
+-----END PGP SIGNATURE-----

share/security/patches/EN-14:10/tzdata-10.0.patch.asc

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0
+
+iQIcBAABCgAGBQJUSAvvAAoJEO1n7NZdz2rnfe8QALSjc05DvFakUm6W/mokr3Hj
+NjGnf0aFWBE0Ulhqk6thSD52tFy6MIIRfJPggkfnGRWHw0H1kENSoN6CggiLguZH
+RoelDHF8+I1xMODMY3SGfhvyx0fCpPsGRYAYNc1wbvCHVA1lGhDrjz2nkK9m10E6
+FwPzXbnZZDDFoYCmMi5CmL7oz5+lt8hpFEM0+8bCLfVTUocpBKG9NdzhFUdH8R8T
+G0ZriGHpWZdj2jXS2IvxR0/lQQz0O1eQvXkNgRJ5PsKI8ezTvVKbqhPc00mfb9Lg
+wvvmtDK+yZJg+ZQaGD/TQ7mwlHaJb1xw7VJ6oJe7EvSwFm9zVctzgnEu/cVnL0gM
+C+wd1QN4NVWSJkoYebwiMzx3EGxV4ZQzsgJ4Tae1t+rjiBbAiTAs4C79pAHaJFy/
+dzGE7fuJI405x8xp5rF4bXH7zqUfhCWmwv/0/E6z4/o03X+6c2N5gq4G5SIbdbbk
+xJgRKY6Cl1i5NRQ4HiOGJir0ERc7LOM/PsWzMu/7AKmb1h+zThLbSfaa/tvJjykP
+qulwHxhH4APzsWywOIJ8PPNv/NUpZzwjRK/O/cWY6q2VwmGagG6XSyJLQNXr3iF4
+X/bgBjVAE08n5iPnOKzxBOvg9sSXbFIU7Ye5KhHXXC6oXvX63oQRwo8Ktq0TFwUb
+FRr5Iopugto41CXm3LlK
+=60q6
+-----END PGP SIGNATURE-----

share/security/patches/EN-14:10/tzdata-8.4.patch.asc

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0
+
+iQIcBAABCgAGBQJUSAvvAAoJEO1n7NZdz2rnKXgP+wVQpglJNlMutur9WVH3PNuD
+E1peFzy4QuoB6fQL4e4E56kA3sIobbCvQhtvB8EaCp94TR0mbgffNJMeigajvx0H
+3NSBOqQfIhxlDV3BNSBLUi0y/mT1DMArQ/yQYb7JAVNjMadN7HtCQY+9yTDbK/HM
+eMdGSi8FvoPFMitEz5/Fl353FxSYlKM7LvoD6NqN+pOJXEeImtBK6Z3H1aInzE32
++5XsbtIrI6e/eXksJ8+qGS8uhATMmJgtJbCmXlZ4gNMZtEI4b/k6071O3oaQn0lu
+hwl8Lhug+2VSNcKMuFSGJKd7uItPctp/JuTr5v9X1ZQ7Gn1UCSwheHeLu3sobYqj
+y7UU62K3i6N+6lS6W0O6s5DssKNMSg8O2Vdy1PlLvJ9WOwIsFEpOZm1diqIXH1eG
+bOzpqMdD65FMveP/VdP5tckuStaCOV4nAyHgS6SpIJlBlwnZ5/X4lj8bFfeIB8lK
+9YRQeBzsaugZaokkLsK0CUQwIFJKSW2AO5bIyVbIdz0IY+7i+2iYxFXySHOCNVDA
+w0c0PwayMghB47PhuSimTMJ2ZqZszpvqVwZgNXE+F4adYI8uk8V2XSn85+WF266H
+xlKhMbvMhzaakzt5bvKyOqchN80Z+Ujq1z6B4w98hOBqrKp0b1VY+2h/JY4PMneR
+m15yDvMNwDiMCixH3HhX
+=IuOM
+-----END PGP SIGNATURE-----

share/security/patches/EN-14:10/tzdata-9.1.patch.asc

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0
+
+iQIcBAABCgAGBQJUSAvvAAoJEO1n7NZdz2rnhPcQAJh1SxccCYksDoDd4fBCj5JM
+DUX/bxwH6oqIn+9UzxTzngGH+KVWIayrQc7ZIVC1nCxYtJeRqJnZmtYnNGMTX9Fz
+q1w6aHQRvAUq7F+wtnx76yjprtuDdVqC9EX+7xBwrQ3c6M7hYW8tpyjLQKlDhLBs
+QZjHr+tW374GcbzFQGNKNTbJhMc5UVWun9Jbnp6bGdy+HffKWUVurHFLG9/5a0yD
+gBYe+rJ9v9Pz2qoEgvi4Y6HBoWoRckXYhALAWph0tEavIkXqtFKp0xLWjdhtkuz2
+RWANzTDj9/Qzjy0l8szrnvTk6XXx3vfdx+/7jWkkaf0Zc4nV++DXNPntsauLNZ9n
++P6LBBR97dfMxdgGfxevZaUWpfLUtz964mPWRDby9nSYdL06kc1fvvQSfzlxUqE3
+s6XwtANM7xqk0pOuHkweSWsQfjkSMPf4VGVfzUttgz9ngHUSuBJupSSBzVrO5mgi
+rzj15EczENCYOz8/F9c5KqZXC6NUsxLqptLkGiK1prIRryDhrSbETqmoy2qa1dnA
+4o0OtQa/1MOQ0wayonRCDHDeQ4s1pXOCoVwMmDC2htA8rjHh3w2WJvkL94AhEvHU
+xFhVErpAOC6HHq4WeE/sQRReaiy+HLLDKgqbjENkaOrrLsv0fgGVjnSTbbDsA/l3
+I/QgH47lbgTmzLd/SRTQ
+=4OzE
+-----END PGP SIGNATURE-----

share/security/patches/EN-14:10/tzdata-9.2.patch.asc

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0
+
+iQIcBAABCgAGBQJUSAvvAAoJEO1n7NZdz2rnOrsP/iIC10PbWVJpD5FPbXlTD2m4
+Dt7HYAY2kDlnfXF8Ktc0Va355PZQ1qq4b6tZcnLo+GU0I9kya4lzAUX6S12g6rvq
+IjvNaFaVau35evkALUwACbaDkbLKycQUYEkq0Gbv8Y4ig7GZyiMSgxFm0e3EpvJh
+GEAAOeWP7RIczvZdBRNi/QCpZvXdP5+aAwk7virMg8rg0FDZOT5XlPjiipJT154E
+LXRjkuWNmkfIDDLMGw9opDJW74o7KJKMvvbGZj7bYiSVGpaLydHBGh5yPKBerkDF
+j9FAa+zG3t0TWQWxrQh2qi12imYuUTLuuYkpGoy7c/iSIIi5OUSTF5AVT5kR2/fI
+sk+5ZyI8w9ZzI0a4Fz93ZUgKg/ZAGqsp6wXrC7Yg6uCpAwPjhC79R5MPh7dFW0dA
+cS85w8FJYtpoeqHGSjlce0QY/HDJCa447mxcXFYFc/9sTwCwmylp1nYHHfORaAqb
+RVMQNz9El6geLb8yu5uWnVESmOU1xyDn/NDWS2Z++WQ/RZcGAeyxdcgvzyF1VH4c
+74aQJo8MAu+3N6I2H8gvLehlI+HcxnO+cGxZxF6pVgLOVHhh5nbOssuWevueEARl
+EGppkg3ZKHam108V85yCPCqcQarlXABx2lTJ+PFfB4oOy8yhvZXIYyT4e8KbsM7W
+ruW/yTtbyc7PzJsJLDar
+=kS5c
+-----END PGP SIGNATURE-----

share/security/patches/EN-14:10/tzdata-9.3.patch.asc

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0
+
+iQIcBAABCgAGBQJUSAvvAAoJEO1n7NZdz2rnfZkQAKjQ6zxpCfgo7y2ShUg5cDxa
+k5n/Tu98JZZpHQH5qezvKbK7x9DzVtnPSGsNEQ4HPd5el50WUFrUxdyOyVZres+z
+TgzqdK5gtl+Dr8Nn0JSXkLtFIg1vfVZ7yD0HkVKz38fXWfRFUZXBrVccoCjvz75G
+LWxAWweJU6vJRbwzjj0N/kqMMR860m0bJFj65ho7GrfYo+yePtokZRvTB2uxGt68
+5jJ5E5hhtZFAJ3qPhhzWgKyCpiQzTz4Hs0SBpFvcJHldMQA91QZONhZ3z6a9I/li
+pwkzNI9XPrWc1M7UPQ+S0JR0Vy29dUyzHb5faWZpbAFCdOSWg+GIZBAYquSlippk
+m1iCTrDPvplB1C5eq/DzUxlFzLnaPXdE3yl1oPczubizn+3sMAjyDiIbGBRQjkA8
+gXwOPXSHGvEQXtPXxcSchqHZ78ESYmOA+D4R+MjE6jTsYPIldWe7KwxLb/IoqVrs
++kQb3Uq9y2x4490kUQoUpZesQQnCAjqyxC0litqXh6fcrCsAqjC++nQvj1CNoAMI
+H3TUf/2bLFNzCXGVSxOegionAfcMGPjoftndDd04SDRqtz+fa2xEWXu4IFXG4yN1
+dkWCmA3RwNYWfRQSs0kv3y1JRM7zSIoYuEuSvDh2u5pEZitvj8H0srfSMGgkB25R
+ipRayIKVyQz8JsgJW7CJ
+=5jVZ
+-----END PGP SIGNATURE-----

share/security/patches/EN-14:11/crypt.patch

@@ -0,0 +1,49 @@
+Index: lib/libcrypt/crypt.c
+===================================================================
+--- lib/libcrypt/crypt.c	(revision 273303)
++++ lib/libcrypt/crypt.c	(working copy)
+@@ -37,8 +37,13 @@ __FBSDID("$FreeBSD$");
+ #include "crypt.h"
+ 
+ /*
+- * List of supported crypt(3) formats.  The first element in the list will
+- * be the default.
++ * List of supported crypt(3) formats.
++ *
++ * The default algorithm is the last entry in the list (second-to-last
++ * array element since the last is a sentinel).  The reason for placing
++ * the default last rather than first is that DES needs to be at the
++ * bottom for the algorithm guessing logic in crypt(3) to work correctly,
++ * and it needs to be the default for backward compatibility.
+  */
+ static const struct crypt_format {
+ 	const char *const name;
+@@ -45,10 +50,6 @@ static const struct crypt_format {
+ 	char *(*const func)(const char *, const char *);
+ 	const char *const magic;
+ } crypt_formats[] = {
+-	/* default format */
+-	{ "sha512",	crypt_sha512,		"$6$"	},
+-
+-	/* other supported formats */
+ 	{ "md5",	crypt_md5,		"$1$"	},
+ #ifdef HAS_BLOWFISH
+ 	{ "blf",	crypt_blowfish,		"$2"	},
+@@ -55,6 +56,7 @@ static const struct crypt_format {
+ #endif
+ 	{ "nth",	crypt_nthash,		"$3$"	},
+ 	{ "sha256",	crypt_sha256,		"$5$"	},
++	{ "sha512",	crypt_sha512,		"$6$"	},
+ #ifdef HAS_DES
+ 	{ "des",	crypt_des,		"_"	},
+ #endif
+@@ -63,7 +65,8 @@ static const struct crypt_format {
+ 	{ NULL,		NULL,			NULL	}
+ };
+ 
+-static const struct crypt_format *crypt_format = &crypt_formats[0];
++static const struct crypt_format *crypt_format =
++    &crypt_formats[(sizeof crypt_formats / sizeof *crypt_formats) - 2];
+ 
+ #define DES_SALT_ALPHABET \
+ 	"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"

share/security/patches/EN-14:11/crypt.patch.asc

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0
+
+iQIcBAABCgAGBQJUSAvwAAoJEO1n7NZdz2rnXxEQAN87akSxveo/Ohhz6czcmNBn
+H/gspITDaJTBfA2+HqQd/A19QvQCJIkhVe500dOFryLFufB3GCF2Ia37ZypLmUnR
+rsL3tkqxZYTtfLw/oLgqGBuh40weas5Nma7bLHoMO0GaZR3Y3b8aQbDA2Hw6xSWo
+v+aQUXEUv6kKi4CZ2K7YbsJElYzG4hoAGPZqiDcBP/085ioDLcdC9gunFhAa+EG+
+kwz98ApeU7LYfiq0gKc7kWSr3xyfuIpeeLf/178RWJE+CZvYrWleLv1l8r/icMpg
+vNd/uI3+8pL75r+Hjd9OeF3gVUWtB77W+/3riMlgW3itDhMIJ2o2FIdvBaJ0HnAU
+pxGqT/hRMVVbPTNAHbCHfiklrsMq8f42IHxHO8abuibzpfocnGlk3QKR1hsEcTX9
+m7Nrvit/UM9LfMQJ8+MGjoZ2u5ScIYU50nTMmNzzF4wNsmNQu1mJRoXfZR+a4ymp
+4OqeT312nptqI2Zx+LlUrMNlt/DljFgsDJVGcbnqUgLiHPZwObXknsxKXQVxG2U3
+cm4OsdKUW6BZ9diE+pUvoMKdxcZe05pkUWasPjoU9JTmMhj+M0yWUDt1nYCH2O4N
+4NiJUpexTJFz4chfjlDW8xYzJVCvF6SgBM9wHKfUu7DqjTZVeqaP4YhCf81KXQnU
+VjEnx6R751JYkFBWR3BN
+=J2RG
+-----END PGP SIGNATURE-----

share/xml/notices.xml

@@ -7,6 +7,22 @@
   <year>
     <name>2014</name>
 
+    <month>
+      <name>10</name>
+
+      <day>
+	<name>22</name>
+
+	<notice>
+	  <name>FreeBSD-EN-14:11.crypt</name>
+	</notice>
+
+	<notice>
+	  <name>FreeBSD-EN-14:10.tzdata</name>
+	</notice>
+      </day>
+    </month>
+
     <month>
       <name>7</name>