tls: modernize OpenSSL init for the 3.x->4.x transition

Use TLS_client_method() and OpenSSL_version() on OpenSSL 1.1.0+ / LibreSSL
2.7.0+; the deprecated SSLv23/SSLeay init may be removed in OpenSSL 4.0.
Legacy path kept for older OpenSSL.

config.h.in

@@ -109,9 +109,6 @@
 /* Check for setuid */
 #undef SETUID
 
-/* The size of `long', as computed by sizeof. */
-#undef SIZEOF_LONG
-
 /* The size of `long long', as computed by sizeof. */
 #undef SIZEOF_LONG_LONG
 

configure

@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.71 for httrack 3.49.6.
+# Generated by GNU Autoconf 2.71 for httrack 3.49.7.
 #
 # Report bugs to <roche+packaging@httrack.com>.
 #
@@ -647,8 +647,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='httrack'
 PACKAGE_TARNAME='httrack'
-PACKAGE_VERSION='3.49.6'
-PACKAGE_STRING='httrack 3.49.6'
+PACKAGE_VERSION='3.49.7'
+PACKAGE_STRING='httrack 3.49.7'
 PACKAGE_BUGREPORT='roche+packaging@httrack.com'
 PACKAGE_URL='http://www.httrack.com/'
 
@@ -1404,7 +1404,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures httrack 3.49.6 to adapt to many kinds of systems.
+\`configure' configures httrack 3.49.7 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1475,7 +1475,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of httrack 3.49.6:";;
+     short | recursive ) echo "Configuration of httrack 3.49.7:";;
    esac
   cat <<\_ACEOF
 
@@ -1596,7 +1596,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-httrack configure 3.49.6
+httrack configure 3.49.7
 generated by GNU Autoconf 2.71
 
 Copyright (C) 2021 Free Software Foundation, Inc.
@@ -2129,7 +2129,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by httrack $as_me 3.49.6, which was
+It was created by httrack $as_me 3.49.7, which was
 generated by GNU Autoconf 2.71.  Invocation command line was
 
   $ $0$ac_configure_args_raw
@@ -3406,7 +3406,7 @@ fi
 
 # Define the identity of the package.
  PACKAGE='httrack'
- VERSION='3.49.6'
+ VERSION='3.49.7'
 
 
 printf "%s\n" "#define PACKAGE \"$PACKAGE\"" >>confdefs.h
@@ -14988,40 +14988,9 @@ AM_CFLAGS="$AM_CFLAGS $CFLAG_VISIBILITY"
 #*) AC_DEFINE(HTS_PLATFORM, 3, [Default value used]);;
 #esac
 
-### Check size of long and long long.
-# The cast to long int works around a bug in the HP C Compiler
-# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
-# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
-# This bug is HP SR number 8606223364.
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking size of long" >&5
-printf %s "checking size of long... " >&6; }
-if test ${ac_cv_sizeof_long+y}
-then :
-  printf %s "(cached) " >&6
-else $as_nop
-  if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (long))" "ac_cv_sizeof_long"        "$ac_includes_default"
-then :
-
-else $as_nop
-  if test "$ac_cv_type_long" = yes; then
-     { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error 77 "cannot compute sizeof (long)
-See \`config.log' for more details" "$LINENO" 5; }
-   else
-     ac_cv_sizeof_long=0
-   fi
-fi
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_long" >&5
-printf "%s\n" "$ac_cv_sizeof_long" >&6; }
-
-
-
-printf "%s\n" "#define SIZEOF_LONG $ac_cv_sizeof_long" >>confdefs.h
-
-
+### Probe long long size for 64-bit integer support. SIZEOF_LONG is not probed:
+### it varies by architecture and would break Multi-Arch co-installation of
+### libhttrack-dev (Debian #1133728). md5.h uses <stdint.h> instead.
 # The cast to long int works around a bug in the HP C Compiler
 # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
 # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
@@ -16718,7 +16687,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by httrack $as_me 3.49.6, which was
+This file was extended by httrack $as_me 3.49.7, which was
 generated by GNU Autoconf 2.71.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -16787,7 +16756,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config='$ac_cs_config_escaped'
 ac_cs_version="\\
-httrack config.status 3.49.6
+httrack config.status 3.49.7
 configured by $0, generated by GNU Autoconf 2.71,
   with options \\"\$ac_cs_config\\"
 

configure.ac

@@ -1,6 +1,6 @@
 AC_PREREQ([2.71])
 
-AC_INIT([httrack], [3.49.6], [roche+packaging@httrack.com], [httrack], [http://www.httrack.com/])
+AC_INIT([httrack], [3.49.7], [roche+packaging@httrack.com], [httrack], [http://www.httrack.com/])
 AC_COPYRIGHT([
 HTTrack Website Copier, Offline Browser for Windows and Unix
 Copyright (C) 1998-2015 Xavier Roche and other contributors
@@ -114,8 +114,9 @@ AC_SUBST([AM_CFLAGS])
 #*) AC_DEFINE(HTS_PLATFORM, 3, [Default value used]);;
 #esac
 
-### Check size of long and long long.
-AC_CHECK_SIZEOF(long)
+### Probe long long size for 64-bit integer support. SIZEOF_LONG is not probed:
+### it varies by architecture and would break Multi-Arch co-installation of
+### libhttrack-dev (Debian #1133728). md5.h uses <stdint.h> instead.
 AC_CHECK_SIZEOF(long long)
 
 ### check for in_addr_t

debian/changelog

@@ -1,3 +1,11 @@
+httrack (3.49.7-1) unstable; urgency=medium
+
+  * New upstream release.
+  * Make config.h architecture-independent for Multi-Arch: same. closes:#1133728
+  * Fix man page rendering of the -%! security warning. closes:#1061053
+
+ -- Xavier Roche <xavier@debian.org>  Sat, 06 Jun 2026 21:03:05 +0200
+
 httrack (3.49.6-1) unstable; urgency=medium
 
   * Updated to 3.49.6 (3.49-6)

history.txt

@@ -4,6 +4,10 @@ HTTrack Website Copier release history:
 
 This file lists all changes and fixes that have been made for HTTrack
 
+3.49-7
++ Fixed: keep generated config.h architecture-independent (Debian #1133728)
++ Fixed: man page rendered the -%! warning as bogus options (Debian #1061053)
+
 3.49-6
 + Fixed: puny_decode CVE-2017-14062
 

man/httrack.1

@@ -456,10 +456,10 @@ generate transfer rate statistics every minutes (\-\-debug\-ratestats)
 .SS Dangerous options: (do NOT use unless you exactly know what you are doing)
 .IP \-%!
 bypass built\-in security limits aimed to avoid bandwidth abuses (bandwidth, simultaneous connections) (\-\-disable\-security\-limits)
-.IP \-IMPORTANT
-NOTE: DANGEROUS OPTION, ONLY SUITABLE FOR EXPERTS
-.IP \-USE
-IT WITH EXTREME CARE
+.br
+IMPORTANT NOTE: DANGEROUS OPTION, ONLY SUITABLE FOR EXPERTS
+.br
+USE IT WITH EXTREME CARE
 
 .SS Command\-line specific options:
 .IP \-V

src/htsglobal.h

@@ -36,8 +36,8 @@ Please visit our Website: http://www.httrack.com
 #define HTTRACK_GLOBAL_DEFH
 
 // Version (also check external version information)
-#define HTTRACK_VERSION      "3.49-6"
-#define HTTRACK_VERSIONID    "3.49.6"
+#define HTTRACK_VERSION      "3.49-7"
+#define HTTRACK_VERSIONID    "3.49.7"
 #define HTTRACK_AFF_VERSION  "3.x"
 #define HTTRACK_LIB_VERSION  "2.0"
 

src/htslib.c

@@ -5177,25 +5177,34 @@ HTSEXT_API int hts_init(void) {
    */
   if (!openssl_ctx) {
     const char *version;
+    const SSL_METHOD *method;
 
+    /* OpenSSL >= 1.1.0 / LibreSSL >= 2.7.0 auto-init and provide the generic
+       methods. The legacy init and SSLv23/SSLeay calls (deprecated since 1.1.0,
+       likely gone in 4.0) are kept only for older OpenSSL. */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L \
+  || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
     SSL_load_error_strings();
     SSL_library_init();
+    version = SSLeay_version(SSLEAY_VERSION);
+    method = SSLv23_client_method();
+#else
+    version = OpenSSL_version(OPENSSL_VERSION);
+    method = TLS_client_method();
+#endif
 
     // Check CVE-2014-0160.
-    version = SSLeay_version(SSLEAY_VERSION);
     if (ssl_vulnerable(version)) {
-      fprintf(stderr,
-              "SSLeay_version(SSLEAY_VERSION) == '%s'\n", version);
+      fprintf(stderr, "OpenSSL version == '%s'\n", version);
       abortLog("unable to initialize TLS: OpenSSL version seems vulnerable to heartbleed bug (CVE-2014-0160)");
       assertf("OpenSSL version seems vulnerable to heartbleed bug (CVE-2014-0160)" == NULL);
     }
 
     // OpenSSL_add_all_algorithms();
-    openssl_ctx = SSL_CTX_new(SSLv23_client_method());
+    openssl_ctx = SSL_CTX_new(method);
     if (!openssl_ctx) {
-      fprintf(stderr,
-              "fatal: unable to initialize TLS: SSL_CTX_new(SSLv23_client_method)\n");
-      abortLog("unable to initialize TLS: SSL_CTX_new(SSLv23_client_method)");
+      fprintf(stderr, "fatal: unable to initialize TLS: SSL_CTX_new()\n");
+      abortLog("unable to initialize TLS: SSL_CTX_new()");
       assertf("unable to initialize TLS" == NULL);
     }
   }

src/md5.h

@@ -1,21 +1,11 @@
 #ifndef MD5_H
 #define MD5_H
 
-#ifdef _WIN32
-#ifndef SIZEOF_LONG
-#define SIZEOF_LONG 4
-#endif
-#else
-#include "config.h"
-#endif
+#include <stdint.h>
 
-#if SIZEOF_LONG==8
-typedef unsigned int uint32;
-#elif SIZEOF_LONG==4
-typedef unsigned long uint32;
-#else
-#error undefined: SIZEOF_LONG
-#endif
+/* Exact 32-bit type for the MD5 state. uint32_t replaces a SIZEOF_LONG-derived
+   type so config.h stays architecture-independent (Debian #1133728). */
+typedef uint32_t uint32;
 
 struct MD5Context {
   union {