On 2026/02/12 15:53, Sebastian Reitenbach wrote: > Hi Stuart, > > thanks for addressing this issue, I nearly forgot about it again. > > For my main use-case (directory enumeration, WAY faster than dirb), it still > works fine. > More seldomly I use it to enumerate other HTTP fields, but I haven't tested > that. > > Wfuzz is still maintained upstream, even a newer subminer version exists, but > it doesn't > address the cgi problem.
Barely - one commit (plus the pseudo-commit because it was a PR merge) since 2020, and what they have can't work on python 3.12/newer. > Do you intend to upstream the patch? otherwise I'm happy to attempt to do so. I wasn't going to but feel free to try! the older patch to externals/moduleman/loader.py (fixing 3.12) already came from a PR (from 2024 and ignored). externals/reqresp/Response.py can be upstreamed as-is, it will work on much older Python 3.x too. helpers/file_func.py can't go upstream directly, it would need some fallbacks for their "run from source dir without installing" code, and for older Python. > OK sebastia@ thanks. > Sebastian > > > > On Thu, Feb 12, 2026 at 12:14 PM Stuart Henderson <[email protected]> > wrote: > > - replace "cgi" from standard library, for this use the header parser > from email.message is a usable alternative. unbreaks with py3.13 > - replace pkg_resources, will be removed in setuptools sometime > > ok? > > (alternatively: is this still useful to have?) > > Index: Makefile > =================================================================== > RCS file: /cvs/ports/security/wfuzz/Makefile,v > diff -u -p -r1.10 Makefile > --- Makefile 17 Jun 2025 12:52:34 -0000 1.10 > +++ Makefile 12 Feb 2026 11:09:12 -0000 > @@ -2,7 +2,7 @@ COMMENT = web fuzzer > > MODPY_DISTV = 3.1.0 > DISTNAME = wfuzz-${MODPY_DISTV} > -REVISION = 6 > +REVISION = 7 > > CATEGORIES = security www > > @@ -13,16 +13,16 @@ MAINTAINER = Sebastian Reitenbach <sebas > # GPLv2 > PERMIT_PACKAGE = Yes > > -MODPY_PI = Yes > +MODPY_PI = Yes > > -MODULES = lang/python > +MODULES = lang/python > MODPY_PYBUILD = setuptools > > -RUN_DEPENDS = devel/py-parsing \ > - devel/py-six \ > - net/py-curl \ > - textproc/py-chardet > +RUN_DEPENDS = devel/py-parsing \ > + devel/py-six \ > + net/py-curl \ > + textproc/py-chardet > > -BUILD_DEPENDS = ${RUN_DEPENDS} > +#BUILD_DEPENDS = ${RUN_DEPENDS} > > .include <bsd.port.mk> > Index: patches/patch-src_wfuzz_externals_reqresp_Response_py > =================================================================== > RCS file: patches/patch-src_wfuzz_externals_reqresp_Response_py > diff -N patches/patch-src_wfuzz_externals_reqresp_Response_py > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ patches/patch-src_wfuzz_externals_reqresp_Response_py 12 Feb > 2026 11:09:12 -0000 > @@ -0,0 +1,22 @@ > +suggested replacement for removed API: > +https://peps.python.org/pep-0594/#cgi > + > +Index: src/wfuzz/externals/reqresp/Response.py > +--- src/wfuzz/externals/reqresp/Response.py.orig > ++++ src/wfuzz/externals/reqresp/Response.py > +@@ -1,5 +1,5 @@ > + import re > +-import cgi > ++from email.message import Message > + > + from io import BytesIO > + import gzip > +@@ -22,7 +22,7 @@ def get_encoding_from_headers(headers): > + if not content_type: > + return None > + > +- content_type, params = cgi.parse_header(content_type) > ++ content_type, params = Message(content_type) > + > + if "charset" in params: > + return params["charset"].strip("'\"") > Index: patches/patch-src_wfuzz_helpers_file_func_py > =================================================================== > RCS file: patches/patch-src_wfuzz_helpers_file_func_py > diff -N patches/patch-src_wfuzz_helpers_file_func_py > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ patches/patch-src_wfuzz_helpers_file_func_py 12 Feb 2026 > 11:09:12 -0000 > @@ -0,0 +1,32 @@ > +pkg_resources will go away > + > +Index: src/wfuzz/helpers/file_func.py > +--- src/wfuzz/helpers/file_func.py.orig > ++++ src/wfuzz/helpers/file_func.py > +@@ -1,7 +1,6 @@ > + import os > + import sys > + import re > +-import pkg_resources > + > + from chardet.universaldetector import UniversalDetector > + import chardet > +@@ -10,15 +9,9 @@ from ..exception import FuzzExceptInternalError > + > + > + def get_filter_help_file(): > +- FILTER_HELP_FILE = "advanced.rst" > +- FILTER_HELP_DEV_FILE = "../../../docs/user/advanced.rst" > +- > +- filter_help_text = None > +- try: > +- fname = pkg_resources.resource_filename("wfuzz", > FILTER_HELP_FILE) > +- filter_help_text = open(fname).read() > +- except IOError: > +- filter_help_text = open(get_path(FILTER_HELP_DEV_FILE)).read() > ++ ref = importlib_resources.files('wfuzz') / 'advanced.rst' > ++ with importlib_resources.as_file(ref) as path: > ++ filter_help_text = open(path).read() > + > + return filter_help_text > + >
