Updated to 3.49.7

New upstream release for the Multi-Arch config.h fix (Debian #1133728) and
the man page rendering fix (Debian #1061053).

config.h.in

@@ -109,9 +109,6 @@
 /* Check for setuid */
 #undef SETUID
 
-/* The size of `long', as computed by sizeof. */
-#undef SIZEOF_LONG
-
 /* The size of `long long', as computed by sizeof. */
 #undef SIZEOF_LONG_LONG
 

configure

@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.71 for httrack 3.49.5.
+# Generated by GNU Autoconf 2.71 for httrack 3.49.7.
 #
 # Report bugs to <roche+packaging@httrack.com>.
 #
@@ -647,8 +647,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='httrack'
 PACKAGE_TARNAME='httrack'
-PACKAGE_VERSION='3.49.5'
-PACKAGE_STRING='httrack 3.49.5'
+PACKAGE_VERSION='3.49.7'
+PACKAGE_STRING='httrack 3.49.7'
 PACKAGE_BUGREPORT='roche+packaging@httrack.com'
 PACKAGE_URL='http://www.httrack.com/'
 
@@ -1404,7 +1404,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures httrack 3.49.5 to adapt to many kinds of systems.
+\`configure' configures httrack 3.49.7 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1475,7 +1475,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of httrack 3.49.5:";;
+     short | recursive ) echo "Configuration of httrack 3.49.7:";;
    esac
   cat <<\_ACEOF
 
@@ -1596,7 +1596,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-httrack configure 3.49.5
+httrack configure 3.49.7
 generated by GNU Autoconf 2.71
 
 Copyright (C) 2021 Free Software Foundation, Inc.
@@ -2129,7 +2129,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by httrack $as_me 3.49.5, which was
+It was created by httrack $as_me 3.49.7, which was
 generated by GNU Autoconf 2.71.  Invocation command line was
 
   $ $0$ac_configure_args_raw
@@ -3406,7 +3406,7 @@ fi
 
 # Define the identity of the package.
  PACKAGE='httrack'
- VERSION='3.49.5'
+ VERSION='3.49.7'
 
 
 printf "%s\n" "#define PACKAGE \"$PACKAGE\"" >>confdefs.h
@@ -14988,40 +14988,9 @@ AM_CFLAGS="$AM_CFLAGS $CFLAG_VISIBILITY"
 #*) AC_DEFINE(HTS_PLATFORM, 3, [Default value used]);;
 #esac
 
-### Check size of long and long long.
-# The cast to long int works around a bug in the HP C Compiler
-# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
-# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
-# This bug is HP SR number 8606223364.
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking size of long" >&5
-printf %s "checking size of long... " >&6; }
-if test ${ac_cv_sizeof_long+y}
-then :
-  printf %s "(cached) " >&6
-else $as_nop
-  if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (long))" "ac_cv_sizeof_long"        "$ac_includes_default"
-then :
-
-else $as_nop
-  if test "$ac_cv_type_long" = yes; then
-     { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error 77 "cannot compute sizeof (long)
-See \`config.log' for more details" "$LINENO" 5; }
-   else
-     ac_cv_sizeof_long=0
-   fi
-fi
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_long" >&5
-printf "%s\n" "$ac_cv_sizeof_long" >&6; }
-
-
-
-printf "%s\n" "#define SIZEOF_LONG $ac_cv_sizeof_long" >>confdefs.h
-
-
+### Probe long long size for 64-bit integer support. SIZEOF_LONG is not probed:
+### it varies by architecture and would break Multi-Arch co-installation of
+### libhttrack-dev (Debian #1133728). md5.h uses <stdint.h> instead.
 # The cast to long int works around a bug in the HP C Compiler
 # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
 # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
@@ -16718,7 +16687,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by httrack $as_me 3.49.5, which was
+This file was extended by httrack $as_me 3.49.7, which was
 generated by GNU Autoconf 2.71.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -16787,7 +16756,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config='$ac_cs_config_escaped'
 ac_cs_version="\\
-httrack config.status 3.49.5
+httrack config.status 3.49.7
 configured by $0, generated by GNU Autoconf 2.71,
   with options \\"\$ac_cs_config\\"
 

configure.ac

@@ -1,6 +1,6 @@
 AC_PREREQ([2.71])
 
-AC_INIT([httrack], [3.49.5], [roche+packaging@httrack.com], [httrack], [http://www.httrack.com/])
+AC_INIT([httrack], [3.49.7], [roche+packaging@httrack.com], [httrack], [http://www.httrack.com/])
 AC_COPYRIGHT([
 HTTrack Website Copier, Offline Browser for Windows and Unix
 Copyright (C) 1998-2015 Xavier Roche and other contributors
@@ -114,8 +114,9 @@ AC_SUBST([AM_CFLAGS])
 #*) AC_DEFINE(HTS_PLATFORM, 3, [Default value used]);;
 #esac
 
-### Check size of long and long long.
-AC_CHECK_SIZEOF(long)
+### Probe long long size for 64-bit integer support. SIZEOF_LONG is not probed:
+### it varies by architecture and would break Multi-Arch co-installation of
+### libhttrack-dev (Debian #1133728). md5.h uses <stdint.h> instead.
 AC_CHECK_SIZEOF(long long)
 
 ### check for in_addr_t

debian/changelog

@@ -1,3 +1,18 @@
+httrack (3.49.7-1) unstable; urgency=medium
+
+  * New upstream release.
+  * Make config.h architecture-independent for Multi-Arch: same. closes:#1133728
+  * Fix man page rendering of the -%! security warning. closes:#1061053
+
+ -- Xavier Roche <xavier@debian.org>  Sat, 06 Jun 2026 21:03:05 +0200
+
+httrack (3.49.6-1) unstable; urgency=medium
+
+  * Updated to 3.49.6 (3.49-6)
+    Fixed CVE-2017-14062
+
+ -- Xavier Roche <roche@proliant.localnet>  Tue, 11 Mar 2025 19:43:39 +0100
+
 httrack (3.49.5-1) unstable; urgency=medium
 
   * Updated to 3.49.5 (3.49-5)

history.txt

@@ -4,6 +4,13 @@ HTTrack Website Copier release history:
 
 This file lists all changes and fixes that have been made for HTTrack
 
+3.49-7
++ Fixed: keep generated config.h architecture-independent (Debian #1133728)
++ Fixed: man page rendered the -%! warning as bogus options (Debian #1061053)
+
+3.49-6
++ Fixed: puny_decode CVE-2017-14062
+
 3.49-5
 + Fixed: MiniZip CVE-2023-45853
 + Lintian fixes, multiple build fixes

ltmain.sh

@@ -31,7 +31,7 @@
 
 PROGRAM=libtool
 PACKAGE=libtool
-VERSION="2.4.7 Debian-2.4.7-5"
+VERSION="2.4.7 Debian-2.4.7-7~deb12u1"
 package_revision=2.4.7
 
 
@@ -572,27 +572,15 @@ func_require_term_colors ()
 # ---------------------
 # Append VALUE onto the existing contents of VAR.
 
-  # We should try to minimise forks, especially on Windows where they are
-  # unreasonably slow, so skip the feature probes when bash or zsh are
-  # being used:
-  if test set = "${BASH_VERSION+set}${ZSH_VERSION+set}"; then
-    : ${_G_HAVE_ARITH_OP="yes"}
-    : ${_G_HAVE_XSI_OPS="yes"}
-    # The += operator was introduced in bash 3.1
-    case $BASH_VERSION in
-      [12].* | 3.0 | 3.0*) ;;
-      *)
-        : ${_G_HAVE_PLUSEQ_OP="yes"}
-        ;;
-    esac
-  fi
-
   # _G_HAVE_PLUSEQ_OP
   # Can be empty, in which case the shell is probed, "yes" if += is
   # useable or anything else if it does not work.
-  test -z "$_G_HAVE_PLUSEQ_OP" \
-    && (eval 'x=a; x+=" b"; test "a b" = "$x"') 2>/dev/null \
-    && _G_HAVE_PLUSEQ_OP=yes
+  if test -z "$_G_HAVE_PLUSEQ_OP" &&  \
+      __PLUSEQ_TEST="a" &&  \
+      __PLUSEQ_TEST+=" b" 2>/dev/null &&  \
+      test "a b" = "$__PLUSEQ_TEST"; then
+    _G_HAVE_PLUSEQ_OP=yes
+  fi
 
 if test yes = "$_G_HAVE_PLUSEQ_OP"
 then
@@ -2308,7 +2296,7 @@ include the following information:
        compiler:       $LTCC
        compiler flags: $LTCFLAGS
        linker:         $LD (gnu? $with_gnu_ld)
-       version:        $progname $scriptversion Debian-2.4.7-5
+       version:        $progname $scriptversion Debian-2.4.7-7~deb12u1
        automake:       `($AUTOMAKE --version) 2>/dev/null |$SED 1q`
        autoconf:       `($AUTOCONF --version) 2>/dev/null |$SED 1q`
 

man/httrack.1

@@ -456,10 +456,10 @@ generate transfer rate statistics every minutes (\-\-debug\-ratestats)
 .SS Dangerous options: (do NOT use unless you exactly know what you are doing)
 .IP \-%!
 bypass built\-in security limits aimed to avoid bandwidth abuses (bandwidth, simultaneous connections) (\-\-disable\-security\-limits)
-.IP \-IMPORTANT
-NOTE: DANGEROUS OPTION, ONLY SUITABLE FOR EXPERTS
-.IP \-USE
-IT WITH EXTREME CARE
+.br
+IMPORTANT NOTE: DANGEROUS OPTION, ONLY SUITABLE FOR EXPERTS
+.br
+USE IT WITH EXTREME CARE
 
 .SS Command\-line specific options:
 .IP \-V

missing

@@ -0,0 +1,215 @@
+#! /bin/sh
+# Common wrapper for a few potentially missing GNU programs.
+
+scriptversion=2018-03-07.03; # UTC
+
+# Copyright (C) 1996-2021 Free Software Foundation, Inc.
+# Originally written by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+if test $# -eq 0; then
+  echo 1>&2 "Try '$0 --help' for more information"
+  exit 1
+fi
+
+case $1 in
+
+  --is-lightweight)
+    # Used by our autoconf macros to check whether the available missing
+    # script is modern enough.
+    exit 0
+    ;;
+
+  --run)
+    # Back-compat with the calling convention used by older automake.
+    shift
+    ;;
+
+  -h|--h|--he|--hel|--help)
+    echo "\
+$0 [OPTION]... PROGRAM [ARGUMENT]...
+
+Run 'PROGRAM [ARGUMENT]...', returning a proper advice when this fails due
+to PROGRAM being missing or too old.
+
+Options:
+  -h, --help      display this help and exit
+  -v, --version   output version information and exit
+
+Supported PROGRAM values:
+  aclocal   autoconf  autoheader   autom4te  automake  makeinfo
+  bison     yacc      flex         lex       help2man
+
+Version suffixes to PROGRAM as well as the prefixes 'gnu-', 'gnu', and
+'g' are ignored when checking the name.
+
+Send bug reports to <bug-automake@gnu.org>."
+    exit $?
+    ;;
+
+  -v|--v|--ve|--ver|--vers|--versi|--versio|--version)
+    echo "missing $scriptversion (GNU Automake)"
+    exit $?
+    ;;
+
+  -*)
+    echo 1>&2 "$0: unknown '$1' option"
+    echo 1>&2 "Try '$0 --help' for more information"
+    exit 1
+    ;;
+
+esac
+
+# Run the given program, remember its exit status.
+"$@"; st=$?
+
+# If it succeeded, we are done.
+test $st -eq 0 && exit 0
+
+# Also exit now if we it failed (or wasn't found), and '--version' was
+# passed; such an option is passed most likely to detect whether the
+# program is present and works.
+case $2 in --version|--help) exit $st;; esac
+
+# Exit code 63 means version mismatch.  This often happens when the user
+# tries to use an ancient version of a tool on a file that requires a
+# minimum version.
+if test $st -eq 63; then
+  msg="probably too old"
+elif test $st -eq 127; then
+  # Program was missing.
+  msg="missing on your system"
+else
+  # Program was found and executed, but failed.  Give up.
+  exit $st
+fi
+
+perl_URL=https://www.perl.org/
+flex_URL=https://github.com/westes/flex
+gnu_software_URL=https://www.gnu.org/software
+
+program_details ()
+{
+  case $1 in
+    aclocal|automake)
+      echo "The '$1' program is part of the GNU Automake package:"
+      echo "<$gnu_software_URL/automake>"
+      echo "It also requires GNU Autoconf, GNU m4 and Perl in order to run:"
+      echo "<$gnu_software_URL/autoconf>"
+      echo "<$gnu_software_URL/m4/>"
+      echo "<$perl_URL>"
+      ;;
+    autoconf|autom4te|autoheader)
+      echo "The '$1' program is part of the GNU Autoconf package:"
+      echo "<$gnu_software_URL/autoconf/>"
+      echo "It also requires GNU m4 and Perl in order to run:"
+      echo "<$gnu_software_URL/m4/>"
+      echo "<$perl_URL>"
+      ;;
+  esac
+}
+
+give_advice ()
+{
+  # Normalize program name to check for.
+  normalized_program=`echo "$1" | sed '
+    s/^gnu-//; t
+    s/^gnu//; t
+    s/^g//; t'`
+
+  printf '%s\n' "'$1' is $msg."
+
+  configure_deps="'configure.ac' or m4 files included by 'configure.ac'"
+  case $normalized_program in
+    autoconf*)
+      echo "You should only need it if you modified 'configure.ac',"
+      echo "or m4 files included by it."
+      program_details 'autoconf'
+      ;;
+    autoheader*)
+      echo "You should only need it if you modified 'acconfig.h' or"
+      echo "$configure_deps."
+      program_details 'autoheader'
+      ;;
+    automake*)
+      echo "You should only need it if you modified 'Makefile.am' or"
+      echo "$configure_deps."
+      program_details 'automake'
+      ;;
+    aclocal*)
+      echo "You should only need it if you modified 'acinclude.m4' or"
+      echo "$configure_deps."
+      program_details 'aclocal'
+      ;;
+   autom4te*)
+      echo "You might have modified some maintainer files that require"
+      echo "the 'autom4te' program to be rebuilt."
+      program_details 'autom4te'
+      ;;
+    bison*|yacc*)
+      echo "You should only need it if you modified a '.y' file."
+      echo "You may want to install the GNU Bison package:"
+      echo "<$gnu_software_URL/bison/>"
+      ;;
+    lex*|flex*)
+      echo "You should only need it if you modified a '.l' file."
+      echo "You may want to install the Fast Lexical Analyzer package:"
+      echo "<$flex_URL>"
+      ;;
+    help2man*)
+      echo "You should only need it if you modified a dependency" \
+           "of a man page."
+      echo "You may want to install the GNU Help2man package:"
+      echo "<$gnu_software_URL/help2man/>"
+    ;;
+    makeinfo*)
+      echo "You should only need it if you modified a '.texi' file, or"
+      echo "any other file indirectly affecting the aspect of the manual."
+      echo "You might want to install the Texinfo package:"
+      echo "<$gnu_software_URL/texinfo/>"
+      echo "The spurious makeinfo call might also be the consequence of"
+      echo "using a buggy 'make' (AIX, DU, IRIX), in which case you might"
+      echo "want to install GNU make:"
+      echo "<$gnu_software_URL/make/>"
+      ;;
+    *)
+      echo "You might have modified some files without having the proper"
+      echo "tools for further handling them.  Check the 'README' file, it"
+      echo "often tells you about the needed prerequisites for installing"
+      echo "this package.  You may also peek at any GNU archive site, in"
+      echo "case some other package contains this missing '$1' program."
+      ;;
+  esac
+}
+
+give_advice "$1" | sed -e '1s/^/WARNING: /' \
+                       -e '2,$s/^/         /' >&2
+
+# Propagate the correct exit status (expected to be 127 for a program
+# not found, 63 for a program that failed due to version mismatch).
+exit $st
+
+# Local variables:
+# eval: (add-hook 'before-save-hook 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC0"
+# time-stamp-end: "; # UTC"
+# End:

src/htsglobal.h

@@ -36,8 +36,8 @@ Please visit our Website: http://www.httrack.com
 #define HTTRACK_GLOBAL_DEFH
 
 // Version (also check external version information)
-#define HTTRACK_VERSION      "3.49-5"
-#define HTTRACK_VERSIONID    "3.49.5"
+#define HTTRACK_VERSION      "3.49-7"
+#define HTTRACK_VERSIONID    "3.49.7"
 #define HTTRACK_AFF_VERSION  "3.x"
 #define HTTRACK_LIB_VERSION  "2.0"
 

src/md5.h

@@ -1,21 +1,11 @@
 #ifndef MD5_H
 #define MD5_H
 
-#ifdef _WIN32
-#ifndef SIZEOF_LONG
-#define SIZEOF_LONG 4
-#endif
-#else
-#include "config.h"
-#endif
+#include <stdint.h>
 
-#if SIZEOF_LONG==8
-typedef unsigned int uint32;
-#elif SIZEOF_LONG==4
-typedef unsigned long uint32;
-#else
-#error undefined: SIZEOF_LONG
-#endif
+/* Exact 32-bit type for the MD5 state. uint32_t replaces a SIZEOF_LONG-derived
+   type so config.h stays architecture-independent (Debian #1133728). */
+typedef uint32_t uint32;
 
 struct MD5Context {
   union {

src/punycode.c

@@ -31,9 +31,9 @@ enum { base = 36, tmin = 1, tmax = 26, skew = 38, damp = 700,
 /* point (for use in representing integers) in the range 0 to */
 /* base-1, or base if cp is does not represent a value.       */
 
-static punycode_uint decode_digit(punycode_uint cp) {
-  return cp - 48 < 10 ? cp - 22 : cp - 65 < 26 ? cp - 65 : cp - 97 <
-    26 ? cp - 97 : base;
+static unsigned decode_digit(int cp) {
+  return (unsigned) (cp - 48 < 10 ? cp - 22 : cp - 65 < 26 ? cp - 65 : cp - 97 <
+    26 ? cp - 97 : base);
 }
 
 /* encode_digit(d,flag) returns the basic code point whose value      */