On Mon, Mar 18, 2013 at 5:10 PM, Dave Reisner <[email protected]> wrote: > On Mon, Mar 18, 2013 at 08:18:19PM +0100, Lukas Fleischer wrote: >> Changes since 2.0.1: >> >> * Typeahead suggest for packages. >> * Fix account editing and hijacking vulnerability. >> * Fix account privilege escalation vulnerability. >> * Clear a user's active sessions following account suspension. >> * Several translation fixes/updates. >> * pkgsubmit.php: Parse .AURINFO metadata. >> >> .AURINFO files can now be included in source packages to overwrite >> specific PKGBUILD fields. .AURINFO files are parsed line by line. The >> syntax for each line is "key = value", where key is any of the following >> field names: >> >> * pkgname > > I'll file a proper bug report if it really turns out to be the AUR's > fault (when I get some more time to play), but my 60 second test drive > of this makes me believe that overriding the pkgname fails silently on > the upload if you specify a pkgname which already exists (and which > isn't the package you're uploading).
Quickly tried this on my local setup. Uploaded a source package named "foo", then tried to upload a "bar" source package with pkgname set in .AURINFO to "foo" and received the error message: "You are not allowed to overwrite the foo package." Might be a burp issue or some sort of strange edge case. > > I'm only testing this from burp, so grain of salt and all that... > > d > >> * pkgver >> * pkgdesc >> * url >> * license >> * depend >> >> Multiple "depend" lines can be specified to add multiple dependencies. >> >> You can check the Git log [1] for a complete list of commits. >> >> The official Arch Linux AUR setup [2] has already been upgraded! >> >> [1] https://projects.archlinux.org/aur.git/log/?id=v2.1.0 >> [2] https://aur.archlinux.org/
