[aur-dev] AUR 2.1.0 released
Dave Reisner
d at falconindy.com
Mon Mar 18 17:10:09 EDT 2013
On Mon, Mar 18, 2013 at 08:18:19PM +0100, Lukas Fleischer wrote:
> Changes since 2.0.1:
>
> * Typeahead suggest for packages.
> * Fix account editing and hijacking vulnerability.
> * Fix account privilege escalation vulnerability.
> * Clear a user's active sessions following account suspension.
> * Several translation fixes/updates.
> * pkgsubmit.php: Parse .AURINFO metadata.
>
> .AURINFO files can now be included in source packages to overwrite
> specific PKGBUILD fields. .AURINFO files are parsed line by line. The
> syntax for each line is "key = value", where key is any of the following
> field names:
>
> * pkgname
I'll file a proper bug report if it really turns out to be the AUR's
fault (when I get some more time to play), but my 60 second test drive
of this makes me believe that overriding the pkgname fails silently on
the upload if you specify a pkgname which already exists (and which
isn't the package you're uploading).
I'm only testing this from burp, so grain of salt and all that...
d
> * pkgver
> * pkgdesc
> * url
> * license
> * depend
>
> Multiple "depend" lines can be specified to add multiple dependencies.
>
> You can check the Git log [1] for a complete list of commits.
>
> The official Arch Linux AUR setup [2] has already been upgraded!
>
> [1] https://projects.archlinux.org/aur.git/log/?id=v2.1.0
> [2] https://aur.archlinux.org/
More information about the aur-dev
mailing list