Hi Stuart, thanks for addressing this issue, I nearly forgot about it again.
For my main use-case (directory enumeration, WAY faster than dirb), it still works fine. More seldomly I use it to enumerate other HTTP fields, but I haven't tested that. Wfuzz is still maintained upstream, even a newer subminer version exists, but it doesn't address the cgi problem. Do you intend to upstream the patch? otherwise I'm happy to attempt to do so. OK sebastia@ Sebastian On Thu, Feb 12, 2026 at 12:14 PM Stuart Henderson <[email protected]> wrote: > - replace "cgi" from standard library, for this use the header parser > from email.message is a usable alternative. unbreaks with py3.13 > - replace pkg_resources, will be removed in setuptools sometime > > ok? > > (alternatively: is this still useful to have?) > > Index: Makefile > =================================================================== > RCS file: /cvs/ports/security/wfuzz/Makefile,v > diff -u -p -r1.10 Makefile > --- Makefile 17 Jun 2025 12:52:34 -0000 1.10 > +++ Makefile 12 Feb 2026 11:09:12 -0000 > @@ -2,7 +2,7 @@ COMMENT = web fuzzer > > MODPY_DISTV = 3.1.0 > DISTNAME = wfuzz-${MODPY_DISTV} > -REVISION = 6 > +REVISION = 7 > > CATEGORIES = security www > > @@ -13,16 +13,16 @@ MAINTAINER = Sebastian Reitenbach <sebas > # GPLv2 > PERMIT_PACKAGE = Yes > > -MODPY_PI = Yes > +MODPY_PI = Yes > > -MODULES = lang/python > +MODULES = lang/python > MODPY_PYBUILD = setuptools > > -RUN_DEPENDS = devel/py-parsing \ > - devel/py-six \ > - net/py-curl \ > - textproc/py-chardet > +RUN_DEPENDS = devel/py-parsing \ > + devel/py-six \ > + net/py-curl \ > + textproc/py-chardet > > -BUILD_DEPENDS = ${RUN_DEPENDS} > +#BUILD_DEPENDS = ${RUN_DEPENDS} > > .include <bsd.port.mk> > Index: patches/patch-src_wfuzz_externals_reqresp_Response_py > =================================================================== > RCS file: patches/patch-src_wfuzz_externals_reqresp_Response_py > diff -N patches/patch-src_wfuzz_externals_reqresp_Response_py > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ patches/patch-src_wfuzz_externals_reqresp_Response_py 12 Feb > 2026 11:09:12 -0000 > @@ -0,0 +1,22 @@ > +suggested replacement for removed API: > +https://peps.python.org/pep-0594/#cgi > + > +Index: src/wfuzz/externals/reqresp/Response.py > +--- src/wfuzz/externals/reqresp/Response.py.orig > ++++ src/wfuzz/externals/reqresp/Response.py > +@@ -1,5 +1,5 @@ > + import re > +-import cgi > ++from email.message import Message > + > + from io import BytesIO > + import gzip > +@@ -22,7 +22,7 @@ def get_encoding_from_headers(headers): > + if not content_type: > + return None > + > +- content_type, params = cgi.parse_header(content_type) > ++ content_type, params = Message(content_type) > + > + if "charset" in params: > + return params["charset"].strip("'\"") > Index: patches/patch-src_wfuzz_helpers_file_func_py > =================================================================== > RCS file: patches/patch-src_wfuzz_helpers_file_func_py > diff -N patches/patch-src_wfuzz_helpers_file_func_py > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ patches/patch-src_wfuzz_helpers_file_func_py 12 Feb 2026 > 11:09:12 -0000 > @@ -0,0 +1,32 @@ > +pkg_resources will go away > + > +Index: src/wfuzz/helpers/file_func.py > +--- src/wfuzz/helpers/file_func.py.orig > ++++ src/wfuzz/helpers/file_func.py > +@@ -1,7 +1,6 @@ > + import os > + import sys > + import re > +-import pkg_resources > + > + from chardet.universaldetector import UniversalDetector > + import chardet > +@@ -10,15 +9,9 @@ from ..exception import FuzzExceptInternalError > + > + > + def get_filter_help_file(): > +- FILTER_HELP_FILE = "advanced.rst" > +- FILTER_HELP_DEV_FILE = "../../../docs/user/advanced.rst" > +- > +- filter_help_text = None > +- try: > +- fname = pkg_resources.resource_filename("wfuzz", > FILTER_HELP_FILE) > +- filter_help_text = open(fname).read() > +- except IOError: > +- filter_help_text = open(get_path(FILTER_HELP_DEV_FILE)).read() > ++ ref = importlib_resources.files('wfuzz') / 'advanced.rst' > ++ with importlib_resources.as_file(ref) as path: > ++ filter_help_text = open(path).read() > + > + return filter_help_text > + >
