[arch-projects] AUR 1.4.0
Version 1.4.0 of the AUR has been released! This is probably the most exciting version since we launched the AUR. Thanks to all the hard-working contributors who made this one possible, especially eliott, tardo, louipc, xilon, and thralas. Thanks also to our tireless translation team who cleans up after the messes we make! And finally, thanks to git-- I'm not sure we would have had such an amazing release without it. I've taken some time to come around on it, but it's an awesome tool. The full changelog is attached from 1.3.1 to 1.4.0. Or you can go look at the whole thing yourself at: http://projects.archlinux.org/git/?p=aur.git;a=shortlog As usual, report all problems here. - P commit 22fcea238f0ede3def934c1d8b32935025f22d3c Author: Paul Mattal <paul@mattal.com> Date: Tue Oct 2 07:33:53 2007 -0400 Tweak to version strings patch. Rather than rely in any way on config.inc, which is expected to be edited by the user and to persist across versions without change, the version string definition is stored in version.inc and included from aur.inc. commit 881b921eb30f5a28226e8b25ef194c4254cb09d5 Author: tardo <tardo@nagi-fanboi.net> Date: Sat Sep 29 22:45:30 2007 -0400 Fixed version strings. Added AUR_VERSION to config file, so now we should only need to change one location. KISS ftw. Signed-off-by: tardo <tardo@nagi-fanboi.net> commit 6e49512b4e4a05398ede8e2280edec0a516c253f Author: Paul Mattal <paul@mattal.com> Date: Sun Sep 30 13:06:44 2007 -0400 Italian: 20070930 patch from Giovanni Scafora commit 03a44d4900e225e5fc5b16192d8de8ec9fb8fa3d Author: tardo <tardo@nagi-fanboi.net> Date: Sat Sep 29 23:00:46 2007 -0400 Logout now redirects instead of displaying a page. Thanks to Alex for the heads-up. Signed-off-by: tardo <tardo@nagi-fanboi.net> commit 01911dce952765e0e29b7ff2eeda03fd45b774a4 Author: Paul Mattal <paul@mattal.com> Date: Sat Sep 29 14:23:48 2007 -0400 changed version string to 1.4.0 on front page commit 659cace81e123426b1204d7a1296747ae6afb43f Author: Paul Mattal <paul@mattal.com> Date: Fri Sep 28 22:15:47 2007 -0400 Center the "Go back to search results" on the package detail page. commit 95cca1996f4e98e8c9a511c9906a3c1e8e82af91 Author: Loui Chang <louipc.ist@gmail.com> Date: Thu Sep 27 20:38:13 2007 -0400 nitpick: change buttons border to solid and convert web/html/css/containers.css to unix format Signed-off-by: Loui Chang <louipc.ist@gmail.com> commit 2b794c635fe598efb7e4d6f5876e0a991b3d6e2f Author: Paul Mattal <paul@mattal.com> Date: Thu Sep 27 09:18:25 2007 -0400 Changed homepage box title to "AUR Home" to match patch from tardo. commit de365c6e0c853c60f1a713b39a6b190a3bd40900 Author: tardo <tardo@nagi-fanboi.net> Date: Tue Sep 25 21:30:33 2007 -0400 Links to official packages now point back to AL site. Previously if the package was not in community or unsupported, the link didn't point anywhere. Now it uses http://archlinux.org/packages/search/$pkgname. If there's a better way, someone needs to let me know. As far as I know, there's no sure way to link directly to a package without knowing the pkgid. Signed-off-by: tardo <tardo@nagi-fanboi.net> commit b4946839ea26c4ccabd914da4213561be9b1cf22 Author: tardo <tardo@nagi-fanboi.net> Date: Tue Sep 25 21:15:34 2007 -0400 Messages run across colspan=3 now. Using colspan=2 seemed to make the text wrap. Signed-off-by: tardo <tardo@nagi-fanboi.net> commit 2e1230589dcc5c1bb19a2460193cc1de0fb73d34 Author: tardo <tardo@nagi-fanboi.net> Date: Tue Sep 25 21:06:08 2007 -0400 Box titles now align to the left. Might be me, but aligning to the right just looked messed up. Signed-off-by: tardo <tardo@nagi-fanboi.net> commit 10f6a7c40160f21f74254238e51c58eff9e61be7 Author: Loui Chang <louipc.ist@gmail.com> Date: Thu Sep 27 00:09:43 2007 -0400 nitpick: Changed "AUR-Home" button to "AUR Home" Signed-off-by: Loui Chang <louipc.ist@gmail.com> commit d2134f7637279592b11e4c0f778445bd347b0804 Merge: e8ae65a... d1c9422... Author: Loui Chang <louipc.ist@gmail.com> Date: Thu Sep 27 00:06:56 2007 -0400 Merge commit 'origin/testing' Yeah I actually want to work from testing. Conflicts: web/lib/pkgfuncs.inc Signed-off-by: Loui Chang <louipc.ist@gmail.com> commit e8ae65abf62e2d85d4baf406fb651e2aa5814d3b Author: Loui Chang <louipc.ist@gmail.com> Date: Thu Sep 27 00:04:47 2007 -0400 I forgot to change AUR_db* usage to constants. Fixed now. Signed-off-by: Loui Chang <louipc.ist@gmail.com> commit c764f078f10061c016228fb079dc7302af52f60c Author: Loui Chang <louipc.ist@gmail.com> Date: Wed Sep 26 23:57:51 2007 -0400 Made some things in config.inc.proto that should be constants constants Signed-off-by: Loui Chang <louipc.ist@gmail.com> commit 5546779ad0ce7105770280c93e664a7edefbf573 Author: Loui Chang <louipc.ist@gmail.com> Date: Wed Sep 26 23:31:30 2007 -0400 Changed web/README.txt to refer to offical git repo Signed-off-by: Loui Chang <louipc.ist@gmail.com> commit 830c8c6f557717745988f6e0daddc8fcb496f088 Author: Loui Chang <louipc.ist@gmail.com> Date: Wed Sep 26 23:29:50 2007 -0400 Added the beginnings of an AUTHORS file Signed-off-by: Loui Chang <louipc.ist@gmail.com> commit d1c9422095b9981f608b75f0b78e412983ba7aff Author: Paul Mattal <paul@mattal.com> Date: Wed Sep 26 08:19:34 2007 -0400 italian_20070926.diff patch from Giovanni Scafora commit b76faddb10fb53266e4f934a58edf30ba7935025 Merge: 1769285... 7c7685c... Author: tardo <tardo@nagi-fanboi.net> Date: Tue Sep 25 18:40:48 2007 -0400 Merge branch 'testing' of git://git.mattal.com/aur into test Fixed regressions. commit 1769285c36f333cc06be91332984686f64a74b88 Merge: 9cba393... 47855f9... Author: tardo <tardo@nagi-fanboi.net> Date: Tue Sep 25 17:32:39 2007 -0400 Merge branch 'master' of git://git.mattal.com/aur commit 7c7685ce82f1779f6f991533df7f5e6d6ac8fe21 Author: Paul Mattal <pjmattal@brahms.out.elys.com> Date: Tue Sep 25 10:44:04 2007 -0400 AUR Italian Translation patch 20070925 from Giovanni Scafora commit 47855f993a3b98956d0fc5c402e7f8439fdbeec9 Author: Paul Mattal <paul@mattal.com> Date: Tue Sep 25 10:19:12 2007 -0400 Regression to front page "Flagged as safe by me" language Developers should be treated the same as TUs commit cb7cec5028316bc235574258bb73af8f9f643bef Author: Paul Mattal <paul@mattal.com> Date: Tue Sep 25 10:19:12 2007 -0400 Regression to front page "Flagged as safe by me" language Developers should be treated the same as TUs commit 220708c4ca12a581e175236606401ea0beae9a40 Merge: c5907e3... 4e4f272... Author: Paul Mattal <paul@mattal.com> Date: Tue Sep 25 07:00:55 2007 -0400 Merge commit 'eliott/master' into testing commit 4e4f2728c1c4e4bf030b579dc41b530b06166271 Author: eliott <eliott@cactuswax.net> Date: Mon Sep 24 09:23:41 2007 -0700 Phrakture requested fonts to be more similar to main arch site. Added css to make it similar. commit aebdd21b58046f647c7c500dde5152ba774303ab Author: eliott <eliott@cactuswax.net> Date: Mon Sep 24 07:57:35 2007 -0700 More changes to page styles. commit c5907e3845c1eeb0a80f4226dfac2fa9d27d52ba Merge: 8d11961... 10f3445... Author: Paul Mattal <paul@mattal.com> Date: Sat Sep 22 22:52:02 2007 -0400 Merge commit 'eliott/master' into testing commit 9cba3937d0847d1065b3da7322ffe7ea22108319 Author: tardo <tardo@nagi-fanboi.net> Date: Sat Sep 22 18:30:28 2007 -0400 Cosmetic: Show flagged out of date on package page. Add a simple warning under "Tarball :: Files :: PKGBUILD" if package is out of date. Signed-off-by: tardo <tardo@nagi-fanboi.net> commit 4548b0d08b592180bd4cd66ec127d0069f27c792 Author: tardo <tardo@nagi-fanboi.net> Date: Sat Sep 22 18:08:14 2007 -0400 Notify by email when package is flagged out of date. FS 3231. In addition to the above, it does not notify if the user that flags package out of date is the same as the owner of the package. The body of the email could use work as well I suppose. Signed-off-by: tardo <tardo@nagi-fanboi.net> commit adafc112f6f14a5ab7249a622da5d74a8f52a3ed Author: tardo <tardo@nagi-fanboi.net> Date: Sat Sep 22 17:14:14 2007 -0400 Add link to TU's homepage in "Flagged safe by". FS 4138. Simple feature request. Not sure what purpose it serves. Signed-off-by: tardo <tardo@nagi-fanboi.net> commit 61ddbc18e7836a3b2e334b23ea637a2a0eea9006 Author: tardo <tardo@nagi-fanboi.net> Date: Sat Sep 22 17:09:26 2007 -0400 Reverse dependency lookup. FS 4556, 5269. Ugly hack, could use beautification. Also includes english translation addition. If url sources are too long, page could ugly... Signed-off-by: tardo <tardo@nagi-fanboi.net> commit 6a39da70fb9cfd6050deb1016fe0183157d8fb46 Author: tardo <tardo@nagi-fanboi.net> Date: Sat Sep 22 17:01:40 2007 -0400 Incomplete comment patch. FS 7968, 5128, 7383. Properly parse comments from database. Thanks to Thralas for input. Signed-off-by: tardo <tardo@nagi-fanboi.net> commit ac8291a5dcbfe9edf53d627be1139fe52708d4ce Author: eliott <eliott@cactuswax.net> Date: Sat Sep 22 12:09:00 2007 -0700 Changes to bring the main arch site theme to the aur. commit 8d11961ee75c5372d3cfd104ee83242127fcffa5 Author: Paul Mattal <pjmattal@pedantic.in.mattal.com> Date: Sat Sep 22 08:06:20 2007 -0400 Added Italian language patch 20070921 from Giovanni Scafora commit 988ecc442c44ae73320244f2d9b5f4f4b7e1723e Author: pjmattal <pjmattal> Date: Fri Sep 21 12:59:19 2007 +0000 committed Eliott's README patch commit 452d6b1245f26b1c46e715077e9bcc593f66ed9e Author: pjmattal <pjmattal> Date: Thu Sep 20 21:46:43 2007 +0000 patch from eliott to convert all <? to <?php commit 0b92839bee80fc2ba6ea67be1e48d176c0d242bc Author: swiergot <swiergot> Date: Thu Sep 20 15:33:04 2007 +0000 - Applied a patch from Loui to fix session removal. - Replaced all occurences of mysql_escape_string() with mysql_real_escape_string(). commit 10f3445394f3994673b296a0e68a1caefade35e6 Author: eliott <eliott@cactuswax.net> Date: Wed Aug 15 21:01:54 2007 -0700 Convert <? to <?php commit 14df0d4b8d95f4c0240c0bd98c6ce9b74706e3ca Author: swiergot <swiergot> Date: Thu Aug 16 00:25:04 2007 +0000 - Applied a patch from Loui to fix session removal. - Replaced all occurences of mysql_escape_string() with mysql_real_escape_string(). commit fe84915465ac941356f50cc07925e3fd42615955 Author: pjmattal <pjmattal> Date: Thu Aug 16 00:24:43 2007 +0000 added language for version 1.3.1 commit 1e9b3e2db08a02a877e06c00a9320e6493bbaf80 Author: pjmattal <pjmattal> Date: Thu Aug 16 00:24:37 2007 +0000 committed old schema change from old version commit ac0f6b855e271c7a676cde008f172e26c68c630d Author: pjmattal <pjmattal> Date: Thu Aug 16 00:24:35 2007 +0000 Added XSS patches from Joerie de Gram. commit 77deb2bd910e85faaff21344b64dab9338b6f8ae Author: pjmattal <pjmattal> Date: Thu Aug 16 00:24:33 2007 +0000 added GPL2 as our license this was an agreeable action to Simo, Jason, and Paul we are the remaining principal authors
As usual, report all problems here.
The 'Flagged as safe' language string is missing in several language files, including EN, which causes the untranslated text (exactly the same, as it's english) to be displayed red and bold. PT, CA, and ES are incomplete as well (some are lacking more than this single string). Two-line patch at http://ius.student.utwente.nl/cgi-bin/gitweb.cgi?p=aur/.git;a=commitdiff;h=c... Joerie
Joerie de Gram wrote:
As usual, report all problems here.
The 'Flagged as safe' language string is missing in several language files, including EN, which causes the untranslated text (exactly the same, as it's english) to be displayed red and bold.
PT, CA, and ES are incomplete as well (some are lacking more than this single string).
Two-line patch at http://ius.student.utwente.nl/cgi-bin/gitweb.cgi?p=aur/.git;a=commitdiff;h=c...
Thanks. I've cherrypicked this onto the stable branch. We'll release 1.4.1 in a day or so once these sorts of big things shake out. Merging to starting for 1.5.0 in testing. I think we'll plan to do 1.5.0 in about a month, so the merge window will be 2-3 weeks with 1-2 weeks for testing/regressions/translations. - P
Paul Mattal wrote:
Joerie de Gram wrote:
As usual, report all problems here.
The 'Flagged as safe' language string is missing in several language files, including EN, which causes the untranslated text (exactly the same, as it's english) to be displayed red and bold.
PT, CA, and ES are incomplete as well (some are lacking more than this single string).
Two-line patch at http://ius.student.utwente.nl/cgi-bin/gitweb.cgi?p=aur/.git;a=commitdiff;h=c...
Thanks. I've cherrypicked this onto the stable branch. We'll release 1.4.1 in a day or so once these sorts of big things shake out.
Merging to starting for 1.5.0 in testing. I think we'll plan to do 1.5.0 in about a month, so the merge window will be 2-3 weeks with 1-2 weeks for testing/regressions/translations.
- P
_______________________________________________ arch-projects mailing list arch-projects@archlinux.org http://archlinux.org/mailman/listinfo/arch-projects
what's the plan for 1.5.0? any goals? - tardo
On 10/2/07, tardo <tardo@nagi-fanboi.net> wrote:
what's the plan for 1.5.0? any goals?
I have a few goals. Right now I'm working on account creation/editing. There are a few issues: - a user can willy-nilly change his or her username. (should this be allowed?) - usernames can be ridiculous "hsmnbn3# sd789^# " for example - password can be blank - in fact username can also be blank but that username has already been assigned in the official AUR. Those are the issues I'm going to address with compatibility for old (bad) usernames, etc. I think I'd put a check to prompt a user with a bad username to change it when the go in to edit their account. (And maybe even on login) Also I'd like to move presentation code out of the lib functions and into templates.
Loui wrote:
On 10/2/07, tardo <tardo@nagi-fanboi.net> wrote:
what's the plan for 1.5.0? any goals?
I have a few goals. Right now I'm working on account creation/editing.
There are a few issues: - a user can willy-nilly change his or her username. (should this be allowed?) - usernames can be ridiculous "hsmnbn3# sd789^# " for example - password can be blank - in fact username can also be blank but that username has already been assigned in the official AUR.
Those are the issues I'm going to address with compatibility for old (bad) usernames, etc.
I think I'd put a check to prompt a user with a bad username to change it when the go in to edit their account. (And maybe even on login)
Also I'd like to move presentation code out of the lib functions and into templates.
_______________________________________________ arch-projects mailing list arch-projects@archlinux.org http://archlinux.org/mailman/listinfo/arch-projects
Hmm, in that case, I'll try and refactor code from packages.php into two different files. My goals: - Separate code from package.php into pkgsearch.php and pkgdetails.php - pkgsearch will have everything that current package.php has. -- you can search for packages, adopt/flag/disown/vote/notify multiple packages - pkgdetails will be strictly for the package details, including comments - the problem with this is that current programs depend on this, but hopefully an rpc is being worked on - Work on the login timeout issue. I want to eliminate the need for a timeout altogether, as I don't see the point of it. - pkgsubmit process should include the submitter in notify list - package owners shouldn't be allowed to vote. - delete multiple comments at once Dunno if i'll get all this done in 2-3 weeks, but i'll try :x - tardo
On 10/2/07, tardo <tardo@nagi-fanboi.net> wrote:
Hmm, in that case, I'll try and refactor code from packages.php into two different files.
Keep the package details in packages.php for compatibility, for links to packages to still work for example.
Loui wrote:
On 10/2/07, tardo <tardo@nagi-fanboi.net> wrote:
Hmm, in that case, I'll try and refactor code from packages.php into two different files.
Keep the package details in packages.php for compatibility, for links to packages to still work for example.
_______________________________________________ arch-projects mailing list arch-projects@archlinux.org http://archlinux.org/mailman/listinfo/arch-projects
Well packages.php will remain for backwards-compatibility, but I plan to make the changes site-wide so AUR doesn't depend on it at all. I'll update you guys as I progress. - tardo
On 10/3/07, tardo <tardo@nagi-fanboi.net> wrote:
Well packages.php will remain for backwards-compatibility, but I plan to make the changes site-wide so AUR doesn't depend on it at all. I'll update you guys as I progress.
I mean there's no need to keep any search functionality in packages.php, just make that the details page. eg packages.php?ID=9999 doDetails doesn't make a difference either. Currently if it's set to something 'anything' then it will show package details.
On 10/2/07, Loui <louipc.ist@gmail.com> wrote:
I have a few goals. Right now I'm working on account creation/editing.
There are a few issues: - a user can willy-nilly change his or her username. (should this be allowed?) - usernames can be ridiculous "hsmnbn3# sd789^# " for example - password can be blank - in fact username can also be blank but that username has already been assigned in the official AUR.
Those are the issues I'm going to address with compatibility for old (bad) usernames, etc.
I think I'd put a check to prompt a user with a bad username to change it when the go in to edit their account. (And maybe even on login)
I've done this part. If a user with a bad username tries to edit his/her account they'll be told that their username is invalid and to change it. I decided to continue to allow users to change their username whenever they please for now. Please fetch and let me know what you think. Cheers. http://louipc.dontexist.org/cgi-bin/gitweb.cgi?p=aur/.git;a=commit;h=b73d600...
2007/10/3, Paul Mattal <paul@mattal.com>:
Version 1.4.0 of the AUR has been released!
As usual, report all problems here.
sergej's patch for moving "Add comment" button above is not applied. Please move that button to the "Actions" block. -- Roman Kyrylych (Роман Кирилич)
2007/10/3, Paul Mattal <paul@mattal.com>:
As usual, report all problems here.
Found a bug in parser. See http://aur.archlinux.org/packages/cheese/cheese/PKGBUILD and how depends are parsed on http://aur.archlinux.org/packages.php?do_Details=1&ID=11879 Can't we use parsepkgbuild from namcap2? See http://projects.archlinux.org/git/?p=namcap.git;a=blob;f=parsepkgbuild;h=68a... This way PKGBUILD is parsed by bash and resulting output is much easier to parse with PHP or Python. -- Roman Kyrylych (Роман Кирилич)
2007/10/3, Roman Kyrylych <roman.kyrylych@gmail.com>:
2007/10/3, Paul Mattal <paul@mattal.com>:
As usual, report all problems here.
Found a bug in parser. See http://aur.archlinux.org/packages/cheese/cheese/PKGBUILD and how depends are parsed on http://aur.archlinux.org/packages.php?do_Details=1&ID=11879
Can't we use parsepkgbuild from namcap2? See http://projects.archlinux.org/git/?p=namcap.git;a=blob;f=parsepkgbuild;h=68a... This way PKGBUILD is parsed by bash and resulting output is much easier to parse with PHP or Python.
Moreover, the > and < are not converted to > and < in output. -- Roman Kyrylych (Роман Кирилич)
2007/10/3, Roman Kyrylych <roman.kyrylych@gmail.com>:
2007/10/3, Roman Kyrylych <roman.kyrylych@gmail.com>:
2007/10/3, Paul Mattal <paul@mattal.com>:
As usual, report all problems here.
Found a bug in parser. See http://aur.archlinux.org/packages/cheese/cheese/PKGBUILD and how depends are parsed on http://aur.archlinux.org/packages.php?do_Details=1&ID=11879
Can't we use parsepkgbuild from namcap2? See http://projects.archlinux.org/git/?p=namcap.git;a=blob;f=parsepkgbuild;h=68a... This way PKGBUILD is parsed by bash and resulting output is much easier to parse with PHP or Python.
Moreover, the > and < are not converted to > and < in output.
Just to make it more clear what I was trying to say. I was talking about the other bug: the page contains <a href='http://archlinux.org/packages/search/glib2'>glib2>=2.12.0</a><br />
= should be >= instead
-- Roman Kyrylych (Роман Кирилич)
On 10/3/07, Roman Kyrylych <roman.kyrylych@gmail.com> wrote:
Found a bug in parser. See http://aur.archlinux.org/packages/cheese/cheese/PKGBUILD and how depends are parsed on http://aur.archlinux.org/packages.php?do_Details=1&ID=11879
Partial patch in my git repo [1] I've rewritten the code which concats PKGBUILD variables spanning multiple lines to one line. However, it'll need some fine tuning - it currently counts opening and closing braces in order to determine which parts of the PKGBUILD resemble arrays. Any braces used in, e.g. the description might break it, so it'll need to be modified to ignore braces enclosed within single or double quotes. Joerie [1]: http://tinyurl.com/3yjjda
Roman Kyrylych wrote:
2007/10/3, Paul Mattal <paul@mattal.com>:
As usual, report all problems here.
Found a bug in parser. See http://aur.archlinux.org/packages/cheese/cheese/PKGBUILD and how depends are parsed on http://aur.archlinux.org/packages.php?do_Details=1&ID=11879
Can't we use parsepkgbuild from namcap2? See http://projects.archlinux.org/git/?p=namcap.git;a=blob;f=parsepkgbuild;h=68a... This way PKGBUILD is parsed by bash and resulting output is much easier to parse with PHP or Python.
At least the last time we looked into parsing PKGBUILDs with bash, we decided we couldn't do this for unsupported, since the provenance of the bash script is completely unknown. An attacker could write evil bash, simply create an account, upload it, and he's run arbitrary bash on the server. This is why we intentionally did not parse PKGBUILDs using bash, though I really really wanted to. I do, in fact, parse them with bash in the tupkgupdate script, but those are only trusted PKGBUILDs checked into cvs. - P
2007/10/4, Paul Mattal <paul@mattal.com>:
Roman Kyrylych wrote:
2007/10/3, Paul Mattal <paul@mattal.com>:
As usual, report all problems here.
Found a bug in parser. See http://aur.archlinux.org/packages/cheese/cheese/PKGBUILD and how depends are parsed on http://aur.archlinux.org/packages.php?do_Details=1&ID=11879
Can't we use parsepkgbuild from namcap2? See http://projects.archlinux.org/git/?p=namcap.git;a=blob;f=parsepkgbuild;h=68a... This way PKGBUILD is parsed by bash and resulting output is much easier to parse with PHP or Python.
At least the last time we looked into parsing PKGBUILDs with bash, we decided we couldn't do this for unsupported, since the provenance of the bash script is completely unknown. An attacker could write evil bash, simply create an account, upload it, and he's run arbitrary bash on the server.
This is why we intentionally did not parse PKGBUILDs using bash, though I really really wanted to. I do, in fact, parse them with bash in the tupkgupdate script, but those are only trusted PKGBUILDs checked into cvs.
hmm, probably, you're right, but doesn't " --noprofile --norc -r" avoids this? -- Roman Kyrylych (Роман Кирилич)
participants (5)
-
Joerie de Gram
-
Loui
-
Paul Mattal
-
Roman Kyrylych
-
tardo