Description

Summary

Debian versions can start with an epoch, which Debian policy describes as an unsigned integer. Right now our validator only accepts a single digit there, so any version like 100:2.0.1 gets rejected. That’s blocking us from re-publishing a few upstream packages.

Steps to Reproduce

1. Import a Debian package whose version begins with a multi-digit epoch, e.g. 100:2.0.1.
2. During ParseControlFile, the check in modules/packages/debian/metadata.go fails because versionPattern allows only [0-9]:.

Expected Behavior

Versions with any valid unsigned epoch (including multi-digit values) should pass validation.

Actual Behavior

The parser throws package version is invalid, stopping packages with epochs greater than 9.

Environment

• gitea: current main
• module: modules/packages/debian/metadata.go

Example of repo with such packages:
https://gist.github.com/sebastianwebber/2c1e9c7df97e05479f22a0d13c00aeca#install-buildah-ubuntu-2004md

apt-get install -y --download-only buildah=100:1.22.3-2 ls -lrt /var/cache/apt/archives/ total 8592 -rw-r--r-- 1 root root 7276300 May 24 2022 buildah_100%3a1.22.3-2_amd64.deb -rw-r----- 1 root root 0 Aug 26 2022 lock -rw-r--r-- 1 root root 297820 Mar 13 2023 python3-protobuf_3.6.1.3-2ubuntu5.2_amd64.deb -rw-r--r-- 1 root root 120376 Oct 14 2023 libgpgme11_1.13.1-7ubuntu2.2_amd64.deb -rw-r--r-- 1 root root 20720 Dec 14 2023 libyajl2_2.1.0-3ubuntu0.20.04.1_amd64.deb -rw-r--r-- 1 root root 26016 Feb 15 2024 uidmap_1%3a4.8.1-1ubuntu5.20.04.5_amd64.deb -rw-r--r-- 1 root root 732520 Aug 15 08:03 criu_4.1.1-3_amd64.deb -rw-r--r-- 1 root root 251844 Aug 15 08:04 crun_100%3a1.2-2_amd64.deb -rw-r--r-- 1 root root 52372 Oct 18 14:34 containers-common_100%3a1-22_all.deb drwx------ 1 _apt root 4096 Oct 18 14:34 partial 

%3a -> :

Gitea Version

1.24.3

Can you reproduce the bug on the Gitea demo site?

Yes

Log Gist

No response

Screenshots

No response

Git Version

2.49.1

Operating System

Alpine 3.22.0

How are you running Gitea?

Helm chart deployment.

Database

PostgreSQL