Merging upstream version 2.4.59.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 17 insertions, 13 deletions

diff --git a/support/htpasswd.c b/support/htpasswd.c
index 660a27c..c576532 100644
--- a/support/htpasswd.c
+++ b/support/htpasswd.c
@@ -98,28 +98,32 @@ static int mkrecord(struct passwd_ctx *ctx, char *user)
 static void usage(void)
 {
     apr_file_printf(errfile, "Usage:" NL
-        "\thtpasswd [-cimBdpsDv] [-C cost] passwordfile username" NL
-        "\thtpasswd -b[cmBdpsDv] [-C cost] passwordfile username password" NL
+        "\thtpasswd [-cimB25dpsDv] [-C cost] [-r rounds] passwordfile username" NL
+        "\thtpasswd -b[cmB25dpsDv] [-C cost] [-r rounds] passwordfile username password" NL
         NL
-        "\thtpasswd -n[imBdps] [-C cost] username" NL
-        "\thtpasswd -nb[mBdps] [-C cost] username password" NL
+        "\thtpasswd -n[imB25dps] [-C cost] [-r rounds] username" NL
+        "\thtpasswd -nb[mB25dps] [-C cost] [-r rounds] username password" NL
         " -c  Create a new file." NL
         " -n  Don't update file; display results on stdout." NL
         " -b  Use the password from the command line rather than prompting "
             "for it." NL
         " -i  Read password from stdin without verification (for script usage)." NL
-        " -m  Force MD5 encryption of the password (default)." NL
-        " -B  Force bcrypt encryption of the password (very secure)." NL
+        " -m  Force MD5 hashing of the password (default)." NL
+        " -2  Force SHA-256 hashing of the password (secure)." NL
+        " -5  Force SHA-512 hashing of the password (secure)." NL
+        " -B  Force bcrypt hashing of the password (very secure)." NL
         " -C  Set the computing time used for the bcrypt algorithm" NL
-        "     (higher is more secure but slower, default: %d, valid: 4 to 31)." NL
-        " -d  Force CRYPT encryption of the password (8 chars max, insecure)." NL
-        " -s  Force SHA encryption of the password (insecure)." NL
-        " -p  Do not encrypt the password (plaintext, insecure)." NL
+        "     (higher is more secure but slower, default: %d, valid: 4 to 17)." NL
+        " -r  Set the number of rounds used for the SHA-256, SHA-512 algorithms" NL
+        "     (higher is more secure but slower, default: 5000)." NL
+        " -d  Force CRYPT hashing of the password (8 chars max, insecure)." NL
+        " -s  Force SHA-1 hashing of the password (insecure)." NL
+        " -p  Do not hash the password (plaintext, insecure)." NL
         " -D  Delete the specified user." NL
         " -v  Verify password for the specified user." NL
         "On other systems than Windows and NetWare the '-p' flag will "
             "probably not work." NL
-        "The SHA algorithm does not use a salt and is less secure than the "
+        "The SHA-1 algorithm does not use a salt and is less secure than the "
             "MD5 algorithm." NL,
         BCRYPT_DEFAULT_COST
     );
@@ -178,7 +182,7 @@ static void check_args(int argc, const char *const argv[],
     if (rv != APR_SUCCESS)
         exit(ERR_SYNTAX);
 
-    while ((rv = apr_getopt(state, "cnmspdBbDiC:v", &opt, &opt_arg)) == APR_SUCCESS) {
+    while ((rv = apr_getopt(state, "cnmspdBbDi25C:r:v", &opt, &opt_arg)) == APR_SUCCESS) {
         switch (opt) {
         case 'c':
             *mask |= APHTP_NEWFILE;
@@ -351,7 +355,7 @@ int main(int argc, const char * const argv[])
         }
         else {
             /*
-             * Error out if -c was omitted for this non-existant file.
+             * Error out if -c was omitted for this non-existent file.
              */
             if (!(mask & APHTP_NEWFILE)) {
                 apr_file_printf(errfile,