On Mar 18, 2013 5:40 PM, "canyonknight" <canyonknight@gmail.com> wrote:
On Mon, Mar 18, 2013 at 5:10 PM, Dave Reisner <d@falconindy.com> wrote:
On Mon, Mar 18, 2013 at 08:18:19PM +0100, Lukas Fleischer wrote:
Changes since 2.0.1:
* Typeahead suggest for packages. * Fix account editing and hijacking vulnerability. * Fix account privilege escalation vulnerability. * Clear a user's active sessions following account suspension. * Several translation fixes/updates. * pkgsubmit.php: Parse .AURINFO metadata.
.AURINFO files can now be included in source packages to overwrite specific PKGBUILD fields. .AURINFO files are parsed line by line. The syntax for each line is "key = value", where key is any of the
following
field names:
* pkgname
I'll file a proper bug report if it really turns out to be the AUR's fault (when I get some more time to play), but my 60 second test drive of this makes me believe that overriding the pkgname fails silently on the upload if you specify a pkgname which already exists (and which isn't the package you're uploading).
Quickly tried this on my local setup. Uploaded a source package named "foo", then tried to upload a "bar" source package with pkgname set in .AURINFO to "foo" and received the error message: "You are not allowed to overwrite the foo package." Might be a burp issue or some sort of strange edge case.
No worries I'll dig into this more on my own time then.
I'm only testing this from burp, so grain of salt and all that...
d
* pkgver * pkgdesc * url * license * depend
Multiple "depend" lines can be specified to add multiple dependencies.
You can check the Git log [1] for a complete list of commits.
The official Arch Linux AUR setup [2] has already been upgraded!
[1] https://projects.archlinux.org/aur.git/log/?id=v2.1.0 [2] https://aur.archlinux.org/