Use SHA512 to store squid passwords when writing out the local auth file. Fixes #6681RELENG_2_3_1

Tried blowfish but squid wouldn't accept it.

2 files changed, 3 insertions, 2 deletions

diff --git a/www/pfSense-pkg-squid/Makefile b/www/pfSense-pkg-squid/Makefile
index 7f93571..79140f9 100644
--- a/www/pfSense-pkg-squid/Makefile
+++ b/www/pfSense-pkg-squid/Makefile
@@ -1,7 +1,7 @@
 # $FreeBSD$
 
 PORTNAME=	pfSense-pkg-squid
-PORTVERSION=	0.4.21
+PORTVERSION=	0.4.22
 CATEGORIES=	www
 MASTER_SITES=	# empty
 DISTFILES=	# empty
diff --git a/www/pfSense-pkg-squid/files/usr/local/pkg/squid.inc b/www/pfSense-pkg-squid/files/usr/local/pkg/squid.inc
index 3d68a9a..dfcd843 100644
--- a/www/pfSense-pkg-squid/files/usr/local/pkg/squid.inc
+++ b/www/pfSense-pkg-squid/files/usr/local/pkg/squid.inc
@@ -1930,7 +1930,8 @@ function squid_resync_users() {
 	$contents = '';
 	if (is_array($users)) {
 		foreach ($users as $user) {
-			$contents .= $user['username'] . ':' . crypt($user['password'], base64_encode($user['password'])) . "\n";
+			/* Store password with SHA512 and a random salt, which allows for longer passwords. */
+			$contents .= $user['username'] . ':' . crypt($user['password'], '$6$rounds=5000$' . bin2hex(openssl_random_pseudo_bytes(16)) . '$') . "\n";
 		}
 	}
 	file_put_contents(SQUID_PASSWD, $contents);