AUR AI Reviewer

Review Results

Version #505 of w_scan_cpp · commit 9ea3339acbcc · status Reviewed

Risk 0/5 · Safe .SRCINFO
Result #19

Comment

The only change in this .SRCINFO hunk is a pkgrel bump from 1 to 2. This is metadata-only and does not alter sources, build steps, dependencies, install scripts, or shipped artifacts. No security-relevant behavior is introduced by this diff alone.

@@ -1,7 +1,7 @@
 pkgbase = w_scan_cpp
 	pkgdesc = A dtv channel scanner based on VDR. Successor of w_scan
 	pkgver = 20260515
-	pkgrel = 1
+	pkgrel = 2
 	url = https://www.gen2vdr.de/wirbel/w_scan_cpp/index2.html
 	arch = x86_64
 	arch = i686
Risk 0/5 · Safe .SRCINFO
Result #20

Comment

The diff is a metadata-only update in .SRCINFO: it changes the SPDX-style license identifier from GPL to GPL-1.0-or-later and swaps a dependency from libjpeg to libjpeg-turbo. There is no evidence here of code execution, network access, privilege escalation, or packaging behavior changes. The source URLs remain HTTPS GitHub tag archives and are unchanged. This looks like a benign metadata correction/modernization rather than a security-relevant modification.

@@ -9,14 +9,14 @@ pkgbase = w_scan_cpp
 	arch = armv6h
 	arch = armv7h
 	arch = aarch64
-	license = GPL
+	license = GPL-1.0-or-later
 	makedepends = git
 	makedepends = pango
 	depends = freetype2
 	depends = fontconfig
 	depends = pugixml
 	depends = librepfunc
-	depends = libjpeg
+	depends = libjpeg-turbo
 	depends = curl
 	source = w_scan_cpp-20260515.tar.gz::https://github.com/wirbel-at-vdr-portal/w_scan_cpp/archive/refs/tags/20260515.tar.gz
 	source = vdr-wirbelscan-2026.05.15.tar.gz::https://github.com/wirbel-at-vdr-portal/wirbelscan-dev/archive/refs/tags/2026.05.15.tar.gz
Risk 0/5 · Safe PKGBUILD
Result #21

Comment

The change only bumps pkgrel from 1 to 2 in PKGBUILD. No source URLs, build commands, install scripts, permissions, dependencies, or packaging logic are modified. This is a metadata-only revision with no security impact visible in the provided diff.

@@ -3,7 +3,7 @@
 
 pkgname=w_scan_cpp
 pkgver=20260515
-pkgrel=1
+pkgrel=2
 
 # These are versions of dependencies used by w_scan_cpp
 _wirbelscan_version=2026.05.15
Risk 0/5 · Safe PKGBUILD
Result #22

Comment

The change is low risk. It only updates the SPDX license identifier from 'GPL' to 'GPL-1.0-or-later', swaps 'libjpeg' for the more specific 'libjpeg-turbo' dependency, and reformats the source/checksum arrays. No new sources, no build-time network behavior, no script execution, and no packaging logic changes are introduced. One source entry still uses git://, but that was pre-existing and unchanged in this diff, so it is not attributable to this change.

@@ -13,18 +13,18 @@ _vdr_gitver=65ca01c6a0d73426c2c15d85df03ffde2a1bf931
 pkgdesc="A dtv channel scanner based on VDR. Successor of w_scan"
 arch=('x86_64' 'i686' 'arm' 'armv6h' 'armv7h' 'aarch64')
 url="https://www.gen2vdr.de/wirbel/w_scan_cpp/index2.html"
-license=('GPL')
-depends=('freetype2' 'fontconfig' 'pugixml' 'librepfunc' 'libjpeg' 'curl')
+license=('GPL-1.0-or-later')
+depends=('freetype2' 'fontconfig' 'pugixml' 'librepfunc' 'libjpeg-turbo' 'curl')
 makedepends=('git' 'pango')
 source=("$pkgname-$pkgver.tar.gz::https://github.com/wirbel-at-vdr-portal/w_scan_cpp/archive/refs/tags/$pkgver.tar.gz"
-        "vdr-wirbelscan-$_wirbelscan_version.tar.gz::https://github.com/wirbel-at-vdr-portal/wirbelscan-dev/archive/refs/tags/$_wirbelscan_version.tar.gz"
-        "git://git.tvdr.de/vdr.git#commit=$_vdr_gitver"
-        "vdr-plugin-satip-wirbel::git+https://github.com/wirbel-at-vdr-portal/vdr-plugin-satip.git#commit=$_satip_gitver"
-       )
+  "vdr-wirbelscan-$_wirbelscan_version.tar.gz::https://github.com/wirbel-at-vdr-portal/wirbelscan-dev/archive/refs/tags/$_wirbelscan_version.tar.gz"
+  "git://git.tvdr.de/vdr.git#commit=$_vdr_gitver"
+  "vdr-plugin-satip-wirbel::git+https://github.com/wirbel-at-vdr-portal/vdr-plugin-satip.git#commit=$_satip_gitver"
+)
 sha256sums=('63a62aa9b793cd5d634886be4930abce367746b57181f62a74ec9546a6800352'
-            '6e4bfb472999e4618b7d015943417024c27fb7baf0d1e11f44f5d9aef2c5495e'
-            '11ec378a3bba5931c5415354d0c55dfd9089dad637db194aa4a845830a207c88'
-            '3b51f4126c0f92b189e0fc5827d458aec562e2c6f47d02f19519e7921ae641df')
+  '6e4bfb472999e4618b7d015943417024c27fb7baf0d1e11f44f5d9aef2c5495e'
+  '11ec378a3bba5931c5415354d0c55dfd9089dad637db194aa4a845830a207c88'
+  '3b51f4126c0f92b189e0fc5827d458aec562e2c6f47d02f19519e7921ae641df')
 
 prepare() {
   cd "$srcdir/$pkgname-$pkgver"
Risk 0/5 · Safe PKGBUILD
Result #23

Comment

The diff only removes a trailing blank line at the end of PKGBUILD and does not alter sources, build steps, install behavior, dependencies, permissions, or any execution paths. No security-relevant impact is present in this hunk.

@@ -51,4 +51,3 @@ package() {
   cd "$srcdir/$pkgname-$pkgver"
   make prefix="$pkgdir/usr" install
 }
-