On Mar 18, 2013 5:40 PM, "canyonknight" <[email protected]> wrote: > > On Mon, Mar 18, 2013 at 5:10 PM, Dave Reisner <[email protected]> wrote: > > On Mon, Mar 18, 2013 at 08:18:19PM +0100, Lukas Fleischer wrote: > >> Changes since 2.0.1: > >> > >> * Typeahead suggest for packages. > >> * Fix account editing and hijacking vulnerability. > >> * Fix account privilege escalation vulnerability. > >> * Clear a user's active sessions following account suspension. > >> * Several translation fixes/updates. > >> * pkgsubmit.php: Parse .AURINFO metadata. > >> > >> .AURINFO files can now be included in source packages to overwrite > >> specific PKGBUILD fields. .AURINFO files are parsed line by line. The > >> syntax for each line is "key = value", where key is any of the following > >> field names: > >> > >> * pkgname > > > > I'll file a proper bug report if it really turns out to be the AUR's > > fault (when I get some more time to play), but my 60 second test drive > > of this makes me believe that overriding the pkgname fails silently on > > the upload if you specify a pkgname which already exists (and which > > isn't the package you're uploading). > > Quickly tried this on my local setup. Uploaded a source package named > "foo", then tried to upload a "bar" source package with pkgname set in > .AURINFO to "foo" and received the error message: "You are not allowed > to overwrite the foo package." Might be a burp issue or some sort of > strange edge case.
No worries I'll dig into this more on my own time then. > > > > > I'm only testing this from burp, so grain of salt and all that... > > > > d > > > >> * pkgver > >> * pkgdesc > >> * url > >> * license > >> * depend > >> > >> Multiple "depend" lines can be specified to add multiple dependencies. > >> > >> You can check the Git log [1] for a complete list of commits. > >> > >> The official Arch Linux AUR setup [2] has already been upgraded! > >> > >> [1] https://projects.archlinux.org/aur.git/log/?id=v2.1.0 > >> [2] https://aur.archlinux.org/
