2009
gallery (1.5.10.dfsg-1) unstable; urgency=low
* New upstream release (Closes: #538700) + Incorporate NMUs (Thanks to Nico Golde, i18n/l10n teams) * Remove jars from source (Closes: #528114) * debian/rules: + Remove DH_COMPAT * debian/gallery.lintian.override + Override PHP license lintian error (code is dual licensed under GPL and PHP) * debian/control: + Update to Standards-Version 3.8.2 + Utilize ${misc:Depends} + Bump versioned Build-Depends on debhelper * l10n updates: + Update Swedish translation of debconf templates (Thanks to Martin Bagge. Closes: #504332) + Update Vietnamese translation of debconf templates (Thanks to Clytie Siddall. Closes: #513355) + Update Spanish translation of debconf templates (Thanks to Thanks to Francisco Javier Cuadrado. Closes: #533139) * Update watch file (Closes: #450132) * Fix syntax error in setup/write.inc (Thanks to Eloy A. Paris. Closes: #501235) * Package is now lintian clean!
-- Michael C. Schultheiss <schultmc@debian.org> Sun, 20 Sep 2009 17:01:18 +0000
2008
gallery (1.5.9-1.2) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Fix insecure usage of superglobal $_REQUEST by first cleaning
it up and then merging $_GET and $_POST into it to it to prevent
interfering values set by malicious cookies when register_globals is on
(No CVE id yet; Closes: #506824).
-- Nico Golde <nion@debian.org> Sun, 30 Nov 2008 11:12:34 +0100
gallery (1.5.9-1.1) unstable; urgency=low
* Non-maintainer upload.
* Fix pending l10n issues. Debconf translations:
- Brazilian Portuguese. Closes: #495127
- Arabic. Closes: #503084
- Traditional Chinese. Closes: #503167
- Russian. Closes: #503445
- Basque. Closes: #503448
- Czech. Closes: #503586
- Italian. Closes: #503649
-- Christian Perrier <bubulle@debian.org> Mon, 27 Oct 2008 20:43:59 +0100
gallery (1.5.9-1) unstable; urgency=high
* Urgency high due to release critical bug * New upstream release (Closes: #499185)
-- Michael C. Schultheiss <schultmc@debian.org> Tue, 16 Sep 2008 21:09:59 +0000
gallery (1.5.8-1) unstable; urgency=high
* Urgency high due to release critical bug * New upstream release (Closes: #493891)
-- Michael C. Schultheiss <schultmc@debian.org> Tue, 05 Aug 2008 19:11:16 +0000
gallery (1.5.7-2) unstable; urgency=high
* Urgency high due to release critical bug
* debian/copyright:
+ Clarify copyright and license for gallery
+ Update license for classes/XML_HTMLSax3/ (Closes: #433141)
-- Michael C. Schultheiss <schultmc@debian.org> Wed, 16 Jan 2008 07:11:18 +0000
2007
gallery (1.5.7-1) unstable; urgency=low
* New upstream release (Closes: #438509) * Incorporate NMU * Add Portuguese debconf translation (Closes: #433123) * Simplify web server dependencies (Closes: #418946)
-- Michael C. Schultheiss <schultmc@debian.org> Sun, 09 Sep 2007 22:08:20 +0000
gallery (1.5.5-pl1-1.1) unstable; urgency=high
* Non-maintainer upload during BSP * Fix unconditional use of debconf in postrm (Closes: #416747) * Include Spanish debconf translation (Closes: #423703)
-- Steffen Joeris <white@debian.org> Fri, 18 May 2007 21:48:30 +1000
gallery (1.5.5-pl1-1) unstable; urgency=high
* New upstream release (Closes: #398862) * debian/postrm: Make conditional call to debconf (Closes: #416747) Urgency high since this is an RC bug. * debian/apache.conf: Don't disallow access to .default files (Closes: #404944)
-- Michael C. Schultheiss <schultmc@debian.org> Fri, 30 Mar 2007 16:12:33 +0000
gallery (1.5.4-3) unstable; urgency=low
* l10n updates:
+ Update French translation of debconf templates (Thanks to
Christian Perrier. Closes: #386809)
+ Update Dutch translation of debconf templates (Thanks to
Kurt De Bree. Closes: #389785)
+ Update German translation of debconf templates (Thanks to
Erik Schanze. Closes: #399267)
+ Update Japanese translation of debconf templates (Thanks to
Hideki Yamane. Closes: #400157)
-- Michael C. Schultheiss <schultmc@debian.org> Sun, 14 Jan 2007 18:46:18 +0000
2006
gallery (1.5.4-2) unstable; urgency=low
* apache.conf: Move FilesMatch block within Directory block to limit its
scope (Closes: #385193)
* debian/control: Bump standards version, switch debhelper from
B-D-I to B-D
-- Michael C. Schultheiss <schultmc@debian.org> Tue, 29 Aug 2006 18:40:28 +0000
gallery (1.5.4-1) unstable; urgency=low
* New upstream release (Closes: #383202) * apache.conf: Add FilesMatch block to disallow certain file extensions from being served up (Thanks to Sebastien Couret. Closes: #377718)
-- Michael C. Schultheiss <schultmc@debian.org> Tue, 15 Aug 2006 16:44:00 +0000
gallery (1.5.3-2) unstable; urgency=low
* Album permissions fix (Closes: #316651, #367644) * apache.conf: Disable /gallery alias (Closes: #310310) * README.Debian - mention possible need to update php's memory_limit (Closes: #318456) - Mention how to enable /gallery alias
-- Michael C. Schultheiss <schultmc@debian.org> Fri, 26 May 2006 02:00:17 +0000
gallery (1.5.3-1) unstable; urgency=high
* New upstream release (Closes: #361758) + Urgency high due to input sanitization security issue
-- Michael C. Schultheiss <schultmc@debian.org> Fri, 14 Apr 2006 00:40:27 +0000
gallery (1.5.2-pl2-1) unstable; urgency=high
* New upstream release (Closes: #351946) + Urgency high due to potential dataloss with gallery 1.5.2's zip download component
-- Michael C. Schultheiss <schultmc@debian.org> Wed, 8 Feb 2006 21:00:27 +0000
gallery (1.5.2-1) unstable; urgency=low
* New upstream release (Closes: #349030) * debian/rules: Bump debhelper compatibility version * debian/control: Bump standards version (no changes needed)
-- Michael C. Schultheiss <schultmc@debian.org> Fri, 20 Jan 2006 17:54:52 +0000
2005
gallery (1.5.1-1) unstable; urgency=low
* New upstream release (Closes: #329669) * debian/control: Add debconf-2.0 to debconf dependency possibilities (Closes: #331831) * debian/post{inst,rm}: Add db_stop and reorder to prevent hanging (Thanks to Bharat Mediratta. Closes: #222244, #307294) * l10n updates: + Add Brazillian Portuguese translation of debconf templates (Thanks to Guilherme de S. Pastore. Closes: #307240) + Add Czech translation of debconf templates (Thanks to Miroslav Kure. Closes: #310252) + Add Vietnamese translation of debconf templates (Thanks to Clytie Siddall. Closes: #311767) + Add Arabic translation of debconf templates (Thanks to Mohammed Adnène Trojett. Closes: #320763) + Add Swedish translation of debconf templates (Thanks to Daniel Nylander. Closes: #330535)
-- Michael C. Schultheiss <schultmc@debian.org> Wed, 12 Oct 2005 02:54:44 +0000
gallery (1.5-2) unstable; urgency=high
* SECURITY:
+ Fix privilege escalation in Postnuke integration.
References: CAN-2005-2596
+ Fix XSS issue in EXIF tag handling (Closes: #325285)
+ Fix two file exposure bugs in stats module.
-- Michael C. Schultheiss <schultmc@debian.org> Sat, 27 Aug 2005 17:21:56 +0000
gallery (1.5-1) unstable; urgency=low
* New upstream release (Closes: #304649) + Slideshow button fixed for albums that only contain subalbums (Closes: #265873) * Tweak secure.sh (Thanks to John v/d Kamp. Closes: #302934)
-- Michael C. Schultheiss <schultmc@debian.org> Thu, 14 Apr 2005 18:34:45 +0000
gallery (1.4.4-pl6-1) unstable; urgency=high
* New upstream release - urgency high due to XSS security
fixes (Closes: #294138)
+ References: CAN-2005-0219, CAN-2005-0220
-- Michael C. Schultheiss <schultmc@debian.org> Tue, 8 Feb 2005 03:41:00 +0000
gallery (1.4.4-pl5-1) unstable; urgency=high
* New upstream release - urgency high due to XSS security
fixes (Closes: #292351)
* debian/control: Add php5 packages to php dependency
possibilities (Closes: #290367)
* write.inc: Give full path to secure.sh
-- Michael C. Schultheiss <schultmc@debian.org> Wed, 26 Jan 2005 14:28:11 +0000
gallery (1.4.4-pl4-7) unstable; urgency=low
* secure.sh: chown config.php and htaccess to root:root so they're
unwritable in secure mode (Closes: #286914, #286916)
* confirm.inc: Update error message when htaccess and config.php are
unwritable (Prompt user to run configure.sh)
-- Michael C. Schultheiss <schultmc@debian.org> Sat, 08 Jan 2005 17:46:24 +0000
2004
gallery (1.4.4-pl4-6) unstable; urgency=low
* postinst: Check for existence of /etc/$webserver/conf.d before
trying to symlink /etc/$webserver/conf.d/gallery to
/etc/gallery/apache.conf (Closes: #285399)
-- Michael C. Schultheiss <schultmc@debian.org> Wed, 15 Dec 2004 19:47:29 +0000
gallery (1.4.4-pl4-5) unstable; urgency=high
* links: Reinstate setup symlink that was erroneously removed in
1.4.4-pl4-3 (Closes: #281326) Urgency high due to functionality
problems with 1.4.4-pl4-3 and 1.4.4-pl4-4.
-- Michael C. Schultheiss <schultmc@debian.org> Mon, 15 Nov 2004 13:42:02 +0000
gallery (1.4.4-pl4-4) unstable; urgency=low
* Version.php: $gallery->version = '1.4.4-pl4-debian4';
(Bump debian version - forgot to do so for 1.4.4-pl4-3)
-- Michael C. Schultheiss <schultmc@debian.org> Sat, 13 Nov 2004 16:57:54 +0000
gallery (1.4.4-pl4-3) unstable; urgency=low
* links, debian/rules: Stop creating unnecessary
symlinks (Closes: #281044)
* configure.sh: Update echo'd strings to reflect current
information (Closes: #280848)
* Update README.Debian
-- Michael C. Schultheiss <schultmc@debian.org> Sat, 13 Nov 2004 16:30:11 +0000
gallery (1.4.4-pl4-2) unstable; urgency=high
* Actually include ja.po (forgot in 1.4.4-pl4-1). Still urgency high
since this version is being uploaded shortly after 1.4.4-pl4-1 which
fixes XSS issues.
-- Michael C. Schultheiss <schultmc@debian.org> Wed, 3 Nov 2004 16:27:27 -0500
gallery (1.4.4-pl4-1) unstable; urgency=high
* New upstream release (urgency high due to XSS security fixes).
Upstream version 1.4.4-pl3 was never packaged due to functionality
problems discovered upstream shortly after that version was
released.
* Add japanese translation of Debconf templates
(Thanks to Hideki Yamane. Closes: #276810)
-- Michael C. Schultheiss <schultmc@debian.org> Wed, 3 Nov 2004 15:46:21 -0500
gallery (1.4.4-pl2-2) unstable; urgency=low
* debian/control: remove Suggests: netpbm-nonfree (Closes: #271681) * setup/: Replace include(dirname(dirname(__FILE__)) . "/foo.php"); with include(GALLERY_BASE . "/foo.php"); in several files (Closes: #271762)
-- Michael C. Schultheiss <schultmc@debian.org> Wed, 15 Sep 2004 04:30:05 +0000
gallery (1.4.4-pl2-1) unstable; urgency=high
* New upstream release (Closes: #268195) - urgency high due to functionality problems with 1.4.4-pl1-1
-- Michael C. Schultheiss <schultmc@debian.org> Thu, 26 Aug 2004 15:07:56 +0000
gallery (1.4.4-pl1-1) unstable; urgency=low
* This release is dedicated to Susan J. Schultheiss - Happy Birthday Mom! * New upstream release (Closes: #267847) * postrm: Clean up on purge regardless of debconf presence (Closes: #248353)
-- Michael C. Schultheiss <schultmc@debian.org> Tue, 24 Aug 2004 17:31:49 +0000
gallery (1.4.4-1) unstable; urgency=low
* New upstream release (Closes: #262175) * Add german translation of Debconf templates (Thanks to Erik Schanze. Closes: #253044) * Update README.Debian, remove configure.sh and album format Debconf questions (Closes: #261440, #261444)
-- Michael C. Schultheiss <schultmc@debian.org> Fri, 30 Jul 2004 02:38:51 +0000
gallery (1.4.3-pl2-1) unstable; urgency=high
* New upstream release
* SECURITY: Fix major security issue with init.php which allowed anybody
to login as any user (including admin) with no password, by emulating
that Gallery was embedded
-- Michael C. Schultheiss <schultmc@debian.org> Tue, 1 Jun 2004 18:22:02 +0000
gallery (1.4.3-pl1-2) unstable; urgency=low
* This release is dedicated in memory of Chisako Uyehara
* gallery.config: Move webserver debconf question out of
if block (Closes: #249824)
* l10n updates:
+ Add Catalan translation of debconf templates (Thanks to
Aleix Badia i Bosch. Closes: #248711)
+ Add Dutch translation of debconf templates (Thanks to
Luk Claes. Closes: #251398)
-- Michael C. Schultheiss <schultmc@debian.org> Fri, 28 May 2004 18:07:45 +0000
gallery (1.4.3-pl1-1) unstable; urgency=low
* New upstream release (Closes: #247717) * debian/postrm: Don't attempt to remove /etc/apache/conf.d if it's empty (Closes: #247187) * debian/control: Depend on debconf (>= 0.2.26) (clear up Lintian warning)
-- Michael C. Schultheiss <schultmc@debian.org> Thu, 6 May 2004 15:45:47 +0000
gallery (1.4.3-1) unstable; urgency=low
* New upstream release (Closes: #244905) * Change ownership of /usr/share/gallery/docs/images/step2setup.gif to root:root (Closes: #244515) * debian/control: + move libapache2-mod-php4 to end of php dependencies + Remove wwwconfig-common from dependencies * Make postinst and postrm more robust (Closes: #168550, #244403)
-- Michael C. Schultheiss <schultmc@debian.org> Tue, 20 Apr 2004 15:58:19 +0000
gallery (1.4.2-2) unstable; urgency=low
* debian/control: add libapache2-mod-php4 to php dependency
possibility (Closes: #240757)
* debian/README.Debian: upstream README is not compresses - reference
uncompressed README (Closes: #235027)
-- Michael C. Schultheiss <schultmc@debian.org> Mon, 29 Mar 2004 03:55:57 +0000
gallery (1.4.2-1) unstable; urgency=low
* New upstream release (Closes: #232410)
-- Michael C. Schultheiss <schultmc@debian.org> Thu, 12 Feb 2004 21:22:56 +0000
gallery (1.4.1-5) unstable; urgency=low
* Fix GALLERY_BASEDIR paths in setup/check_mail.php,
setup/diagnostics.php, setup/phpinfo.php and
setup/session_test.php. setup/backup_albums.php was not updated
since it is supposed to be manually moved to /usr/share/gallery/ by
the admin. (Closes: #228620)
* util.php: Update validate_email regexp to allow + in e-mail
addresses (Closes: #229398)
-- Michael C. Schultheiss <schultmc@debian.org> Mon, 2 Feb 2004 18:44:11 +0000
gallery (1.4.1-4) unstable; urgency=high
* SECURITY: Fix remote access vulnerability in init.php and
setup/init.php (Closes: #229611)
* Tone down the configure.sh nagging (Closes: #228423)
-- Michael C. Schultheiss <schultmc@debian.org> Sun, 25 Jan 2004 11:37:46 -0500
2003
gallery (1.4.1-3) unstable; urgency=low
* Version.php: $gallery->version = '1.4.1-debian3';
(Bump debian version - forgot to do so for 1.4.1-2)
-- Michael C. Schultheiss <schultmc@debian.org> Wed, 10 Dec 2003 11:09:41 -0500
gallery (1.4.1-2) unstable; urgency=low
* debian/gallery.templates:
+ Remove first person, add missing periods (Thanks to
Christian Perrier - Closes: #223312)
+ Clean up wording
* debian/po/fr.po: Update French translation of debconf templates
(Thanks to Christian Perrier.)
* debian/rules: Add binary-arch (Thanks to
Santiago Vila - Closes: #223235)
* util.php: Fix skin screenshot URL generator (Closes: #223339)
-- Michael C. Schultheiss <schultmc@debian.org> Wed, 10 Dec 2003 10:49:48 -0500
gallery (1.4.1-1) unstable; urgency=low
* New upstream release (Closes: #223031) * Ask whether to update httpd.conf (Closes: #153955, #221694)
-- Michael C. Schultheiss <schultmc@debian.org> Fri, 05 Dec 2003 20:10:45 -0500
gallery (1.4-4) unstable; urgency=high
* This release is dedicated in memory of David E. Schultheiss.
* SECURITY: Fix remote access vulnerability in
setup/index.php (Closes: #215597)
-- Michael C. Schultheiss <schultmc@debian.org> Mon, 20 Oct 2003 10:14:18 -0500
gallery (1.4-3) unstable; urgency=low
* Fix minor typo in debconf templates
(Thanks to Christian Perrier. Closes: #213241)
* debian/control: Recommend libjpeg-progs
(Thanks to Jochen Stiepel. Closes: #212724)
-- Michael C. Schultheiss <schultmc@debian.org> Mon, 29 Sep 2003 19:02:21 +0000
gallery (1.4-2) unstable; urgency=low
* util.php: Fix image rotation problem (Upstream fix released as 1.4-pl1) * debian/rules: Fix lintian warnings
-- Michael C. Schultheiss <schultmc@debian.org> Sat, 13 Sep 2003 21:12:05 -0500
gallery (1.4-1) unstable; urgency=low
* New upstream release (Closes: #210617) + From upstream changelog: 2003-07-28 Joan McGalliard <gallery@joanhenge.plus.com> 1.3.5-cvs-b56 * Gallery is now multilanguage. Administrators and users will have access to languages as provided in language packs. (Closes: #174935) * debian/control: + Add apache2 to apache depends possibility (Closes: #205386) + Update Standards version (no changes necessary)
-- Michael C. Schultheiss <schultmc@debian.org> Fri, 12 Sep 2003 11:42:54 -0500
gallery (1.3.4-3) unstable; urgency=high
* SECURITY: Fix XSS security hole in the search code, caused by a typo
in search.php
-- Michael C. Schultheiss <schultmc@debian.org> Mon, 28 Jul 2003 22:57:31 +0000
gallery (1.3.4-2) unstable; urgency=low
* Switch to gettext-based debconf templates, add French translation of
debconf templates (Thanks to Christian Perrier. Closes: #200116)
* debian/control:
+ Bump debhelper version in Build-Depends-Indep
+ Update Standards version (no changes necessary)
* setup/backup_albums.php: Fix paths of tar and gzip, default to tgz
backups (Thanks to Olivier Berger. Closes: #201535)
* setup/check_imagemagick.php: Fix path of config.php (Closes: #184906)
-- Michael C. Schultheiss <schultmc@debian.org> Wed, 16 Jul 2003 18:07:19 -0500
gallery (1.3.4-1) unstable; urgency=low
* New upstream release (Closes: #197919) + From upstream changelog: 2003-05-23 Beckett Madden-Woods <beckett@beckettmw.com> 1.3.4-cvs-b36 * Added "jpeg" to acceptable image tag list (alongside "jpg"). (Closes: #193929) * debian/control: + Recommend imagemagick (Closes: #175303) + Depend on php4 | php4-cgi (Closes: #179326) + Depend on debconf + update Standards version * Add debconf prompts about upgrade procedure and album format change (Closes: #179770)
-- Michael C. Schultheiss <schultmc@debian.org> Wed, 18 Jun 2003 11:45:58 -0500
gallery (1.3.3-4) unstable; urgency=low
* New maintainer (Closes: #174566, #188355) * debian/control: Change maintainer address, update Policy
-- Michael C. Schultheiss <schultmc@debian.org> Thu, 10 Apr 2003 12:20:38 -0500
gallery (1.3.3-3) unstable; urgency=low
* Reset the urgency to low.
-- Steve Kemp <skx@debian.org> Fri, 31 Jan 2003 21:40:14 +0000
gallery (1.3.3-2) unstable; urgency=high
* New maintainer (fixes #174566)
-- Steve Kemp <skx@debian.org> Fri, 31 Jan 2003 21:35:14 +0000
2002
gallery (1.3.3-1) unstable; urgency=high
* New upstream version
* SECURITY: fixes accidental re-introduction of cross site scripting
vulnerability
* change wording of README.Debian to clarify login username/password
(thanks Jameson C. Burt)
-- Adam Lazur <zal@debian.org> Sat, 28 Dec 2002 15:40:34 -0500
gallery (1.3.2-1) unstable; urgency=low
* New upstream version
-- Adam Lazur <zal@debian.org> Sun, 15 Dec 2002 22:30:42 -0500
gallery (1.3.1-3) unstable; urgency=high
* Really fix path issues with setup (closes: #158064)
-- Adam Lazur <zal@debian.org> Mon, 26 Aug 2002 20:14:27 -0400
gallery (1.3.1-2) unstable; urgency=high
* Fix path for required files in setup/write.inc (closes: #158064)
-- Adam Lazur <zal@debian.org> Sat, 24 Aug 2002 15:51:26 -0400
gallery (1.3.1-1) unstable; urgency=low
* New upstream version
-- Adam Lazur <zal@debian.org> Mon, 5 Aug 2002 10:39:37 -0400
gallery (1.3-3) unstable; urgency=high
* SECURITY: add GALLERY_BASEDIR fix to captionator.php as well
-- Adam Lazur <zal@debian.org> Thu, 1 Aug 2002 09:17:18 -0400
gallery (1.3-2) unstable; urgency=high
* SECURITY: fix from upstream CVS to stop remote command execution by
passing $GALLERY_BASEDIR var.
-- Adam Lazur <zal@debian.org> Wed, 31 Jul 2002 11:03:28 -0400
gallery (1.3-1) unstable; urgency=low
* New upstream version (closes: #149310) * Show Album Tree - turn this on in the config wizard and the albums page will show all of the nested albums. * View All Comments - the album owner can now view all comments in each album. * The Slideshow - You can now view an entire album as a smooth transitioning slide show. - submitted by Jacob Redding * The Captionator - edit many captions at once * Thumbnail wrapper customization - You can now easily manage the look of the thumbnail images on the album pages and the main Gallery page. * bug fixes and UI cleanup. * preserve exif information at all times (closes: #125748)
-- Adam Lazur <zal@debian.org> Sun, 9 Jun 2002 23:02:42 -0400
gallery (1.2.5-6) unstable; urgency=high
* add apache-perl to apache depends possibility (closes: #140750) * add a Recommends for jhead (closes: #140801) * integrate upstream patch (and fix) for photo delete bug (closes: #141355) * move unzip to Recommends
-- Adam Lazur <zal@debian.org> Wed, 10 Apr 2002 22:27:11 -0400
gallery (1.2.5-5) unstable; urgency=high
* delete photos by name instead of by id to avoid stale submission bug which
may result in the wrong photo being deleted (closes: #135457)
-- Adam Lazur <zal@debian.org> Mon, 18 Mar 2002 22:04:02 -0500
2001
gallery (1.2.5-4) unstable; urgency=low
* add links for customizations in html_wrap dir to point to /etc/gallery
-- Adam Lazur <zal@debian.org> Wed, 19 Dec 2001 14:58:52 -0500
gallery (1.2.5-3) unstable; urgency=medium
* Remove failure for not finding ppmtogif if netpbm-nonfree is not installed
(closes: bug#125756)
-- Adam Lazur <zal@debian.org> Wed, 19 Dec 2001 00:01:48 -0500
gallery (1.2.5-2) unstable; urgency=low
* Fix typo in netpbm-nonfree in Suggests field * Add lintian override for directory perms on /var/lib/gallery/setup * make it arch all instead of arch any (doh)
-- Adam Lazur <zal@debian.org> Thu, 13 Dec 2001 11:04:02 -0500
gallery (1.2.5-1) unstable; urgency=low
* Initial Release (closes: bug#120205)
-- Adam Lazur <zal@debian.org> Mon, 10 Dec 2001 14:10:11 -0500