Status of previously infected wine-nine package

BadKarma · 2026-06-14 14:49:35

Hello everyone,

Following the recent attack on the AUR, I decided to reinstall everything from scratch for good measure, and I'm in the process of reinstalling my applications.
I've noticed that to run some Windows programs, I'm in need of the "wine-nine" package (https://aur.archlinux.org/packages/wine-nine), which was one of the many targets of the recent attack.

I've read the PKGBUILD, and from what I gathered, everything seems to have been reverted back to before the attack. However, on the AUR page I still read "Last Updated: 2026-06-11 21:34 (UTC)" which was the day of the attack.
Is there a way to confirm that this package is safe to install via the AUR?

Thanks in advance

loqs · 2026-06-14 15:38:29

I thought wine-nine was dropped to AUR because it added no extra support with the current mesa from the official repositories?

seth · 2026-06-14 18:19:03

Unrelated to whether the package makes any sense at all ("idk, idc")

Look at the PKGBUILD (the local one, on your disk!) and git log.
At least https://aur.archlinux.org/cgit/aur.git/ … =wine-nine has none of the patterns of the recent attacks, it runs a bootstrap script, meson and ninja which are common for builds.
The last patch from march 2026 against the previous version from 2019 is https://aur.archlinux.org/cgit/aur.git/ … a3e11f9a56 and doesn't change the source repository or anything drastic about the installation steps.

Any number on some webservice is insignificant compared to the sources and data on your disk and there've been previous posts highlighting that these things can actually fall apart.
So completely forget about what the webpage says and inspect your local clone.

Arch Linux

#1 2026-06-14 14:49:35

Status of previously infected wine-nine package

#2 2026-06-14 15:38:29

Re: Status of previously infected wine-nine package

#3 2026-06-14 18:19:03

Re: Status of previously infected wine-nine package

Board footer