Based on patch provided by Zafer Aydogan via private mail.
This update to 2.6.1 contains all patches from the Debian package:
- various bug fixes
- uploading under the temporary name `weex.tmp' with the RenameOK option
- support for FTP proxy server that requires challenge/response
- The i386 RPM was compiled on RedHat 9
- You should be able to "rpmbuild --rebuild" the SRPM on older RedHat releases
or other RPM based distros.
pkgsrc changes:
* project now on sourceforge
* no need patch to fix localedir (patch-ac)
* need msgfmt to build
* need gettext-lib
* add DESTDIR support
"A vulnerability in Weex can be exploited by malicious users to cause a DoS
(Denial of Service) or to compromise a vulnerable system.
The vulnerability is caused due to a format string error in the "log_flush()"
function when flushing an error log entry that contains format string
specifiers to disk. This may be exploited to execute arbitrary code on a
user's system via a directory name containing format string specifiers.
Successful exploitation requires that the attacker is able to create
directories within the user's Weex home directory."
http://secunia.com/advisories/17028/
Patch from FreeBSD PR ports/86833.
task of remotely maintaining a web page or other FTP archive. With weex,
the maintainer of a web site or archive that must be administered through
FTP interaction can largely ignore that process.
Provided by Hiramatsu Yoshifumi in pkg/13090
