[aur-dev] AUR 2.1.0 released
Dave Reisner
d at falconindy.com
Mon Mar 18 18:10:09 EDT 2013
On Mar 18, 2013 5:40 PM, "canyonknight" <canyonknight at gmail.com> wrote:
>
> On Mon, Mar 18, 2013 at 5:10 PM, Dave Reisner <d at falconindy.com> wrote:
> > On Mon, Mar 18, 2013 at 08:18:19PM +0100, Lukas Fleischer wrote:
> >> Changes since 2.0.1:
> >>
> >> * Typeahead suggest for packages.
> >> * Fix account editing and hijacking vulnerability.
> >> * Fix account privilege escalation vulnerability.
> >> * Clear a user's active sessions following account suspension.
> >> * Several translation fixes/updates.
> >> * pkgsubmit.php: Parse .AURINFO metadata.
> >>
> >> .AURINFO files can now be included in source packages to overwrite
> >> specific PKGBUILD fields. .AURINFO files are parsed line by line. The
> >> syntax for each line is "key = value", where key is any of the
following
> >> field names:
> >>
> >> * pkgname
> >
> > I'll file a proper bug report if it really turns out to be the AUR's
> > fault (when I get some more time to play), but my 60 second test drive
> > of this makes me believe that overriding the pkgname fails silently on
> > the upload if you specify a pkgname which already exists (and which
> > isn't the package you're uploading).
>
> Quickly tried this on my local setup. Uploaded a source package named
> "foo", then tried to upload a "bar" source package with pkgname set in
> .AURINFO to "foo" and received the error message: "You are not allowed
> to overwrite the foo package." Might be a burp issue or some sort of
> strange edge case.
No worries I'll dig into this more on my own time then.
>
> >
> > I'm only testing this from burp, so grain of salt and all that...
> >
> > d
> >
> >> * pkgver
> >> * pkgdesc
> >> * url
> >> * license
> >> * depend
> >>
> >> Multiple "depend" lines can be specified to add multiple dependencies.
> >>
> >> You can check the Git log [1] for a complete list of commits.
> >>
> >> The official Arch Linux AUR setup [2] has already been upgraded!
> >>
> >> [1] https://projects.archlinux.org/aur.git/log/?id=v2.1.0
> >> [2] https://aur.archlinux.org/
More information about the aur-dev
mailing list