Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PyPi Packages containing an Epoch can cause a 500 internal server error #21707

Closed
Racer159 opened this issue Nov 7, 2022 · 2 comments
Closed

Comments

@Racer159
Copy link
Contributor

Racer159 commented Nov 7, 2022

Description

Python does not fully follow semantic versioning and has an optional epoch segment (([1-9][0-9]*!)? (note the !) in front of its versions. Providing a package with a version with an epoch results in a 500 error on upload and a 500 error on subsequent requests to /admin/packages as well.

Note: I did not actually run this on try.gitea.io because it breaks the /admin/packages route for all users (at least when tested locally and in the chart), and I wasn't able to remove it via the API. If desired I can run this against that instance though.

Gitea Version

1.17.3

Can you reproduce the bug on the Gitea demo site?

Yes

Log Gist

https://gist.github.com/Racer159/cbe5bfb6df438cee59400695ec6ce89b

Screenshots

image
image

Git Version

2.38.0

Operating System

popOS 22.04

How are you running Gitea?

For testing locally off of the main branch, in production using the official chart version 6.0.3 (app version 1.17.3)

Database

SQLite

@Racer159
Copy link
Contributor Author

Racer159 commented Nov 7, 2022

Linking to this as well since the test case package can be made in the same way, just substitute 2022.9.24+r159.1 for 1!2.1.0 (or similar):

#21683

lunny pushed a commit that referenced this issue Nov 8, 2022
…es (#21708)

This addresses #21707 and adds a second package test case for a
non-semver compatible version (this might be overkill though since you
could also edit the old package version to have an epoch in front and
see the error, this just seemed more flexible for the future).

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
@lunny lunny added this to the 1.17.4 milestone Nov 8, 2022
@lunny
Copy link
Member

lunny commented Nov 8, 2022

closed by #21708

@lunny lunny closed this as completed Nov 8, 2022
Racer159 added a commit to Racer159/gitea that referenced this issue Nov 9, 2022
…es (go-gitea#21708)

Backport (go-gitea#21708)

This addresses go-gitea#21707 and adds a second package test case for a
non-semver compatible version (this might be overkill though since you
could also edit the old package version to have an epoch in front and
see the error, this just seemed more flexible for the future).

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Racer159 added a commit to Racer159/gitea that referenced this issue Nov 9, 2022
…es (go-gitea#21708)

Backport (go-gitea#21708)

This addresses go-gitea#21707 and adds a second package test case for a
non-semver compatible version (this might be overkill though since you
could also edit the old package version to have an epoch in front and
see the error, this just seemed more flexible for the future).

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
lunny pushed a commit that referenced this issue Nov 9, 2022
…es (#21708) (#21730)

Backport (#21708)

This addresses #21707 and adds a second package test case for a
non-semver compatible version (this might be overkill though since you
could also edit the old package version to have an epoch in front and
see the error, this just seemed more flexible for the future).

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
lunny pushed a commit that referenced this issue Nov 9, 2022
…es (#21708) (#21729)

Backport (#21708)

This addresses #21707 and adds a second package test case for a
non-semver compatible version (this might be overkill though since you
could also edit the old package version to have an epoch in front and
see the error, this just seemed more flexible for the future).

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
@go-gitea go-gitea locked and limited conversation to collaborators May 3, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

3 participants