gallery (1.5.4-3) unstable; urgency=low * l10n updates: + Update French translation of debconf templates (Thanks to Christian Perrier. Closes: #386809) + Update Dutch translation of debconf templates (Thanks to Kurt De Bree. Closes: #389785) + Update German translation of debconf templates (Thanks to Erik Schanze. Closes: #399267) + Update Japanese translation of debconf templates (Thanks to Hideki Yamane. Closes: #400157) -- Michael C. Schultheiss Sun, 14 Jan 2007 18:46:18 +0000 gallery (1.5.4-2) unstable; urgency=low * apache.conf: Move FilesMatch block within Directory block to limit its scope (Closes: #385193) * debian/control: Bump standards version, switch debhelper from B-D-I to B-D -- Michael C. Schultheiss Tue, 29 Aug 2006 18:40:28 +0000 gallery (1.5.4-1) unstable; urgency=low * New upstream release (Closes: #383202) * apache.conf: Add FilesMatch block to disallow certain file extensions from being served up (Thanks to Sebastien Couret. Closes: #377718) -- Michael C. Schultheiss Tue, 15 Aug 2006 16:44:00 +0000 gallery (1.5.3-2) unstable; urgency=low * Album permissions fix (Closes: #316651, #367644) * apache.conf: Disable /gallery alias (Closes: #310310) * README.Debian - mention possible need to update php's memory_limit (Closes: #318456) - Mention how to enable /gallery alias -- Michael C. Schultheiss Fri, 26 May 2006 02:00:17 +0000 gallery (1.5.3-1) unstable; urgency=high * New upstream release (Closes: #361758) + Urgency high due to input sanitization security issue -- Michael C. Schultheiss Fri, 14 Apr 2006 00:40:27 +0000 gallery (1.5.2-pl2-1) unstable; urgency=high * New upstream release (Closes: #351946) + Urgency high due to potential dataloss with gallery 1.5.2's zip download component -- Michael C. Schultheiss Wed, 8 Feb 2006 21:00:27 +0000 gallery (1.5.2-1) unstable; urgency=low * New upstream release (Closes: #349030) * debian/rules: Bump debhelper compatibility version * debian/control: Bump standards version (no changes needed) -- Michael C. Schultheiss Fri, 20 Jan 2006 17:54:52 +0000 gallery (1.5.1-1) unstable; urgency=low * New upstream release (Closes: #329669) * debian/control: Add debconf-2.0 to debconf dependency possibilities (Closes: #331831) * debian/post{inst,rm}: Add db_stop and reorder to prevent hanging (Thanks to Bharat Mediratta. Closes: #222244, #307294) * l10n updates: + Add Brazillian Portuguese translation of debconf templates (Thanks to Guilherme de S. Pastore. Closes: #307240) + Add Czech translation of debconf templates (Thanks to Miroslav Kure. Closes: #310252) + Add Vietnamese translation of debconf templates (Thanks to Clytie Siddall. Closes: #311767) + Add Arabic translation of debconf templates (Thanks to Mohammed Adnène Trojett. Closes: #320763) + Add Swedish translation of debconf templates (Thanks to Daniel Nylander. Closes: #330535) -- Michael C. Schultheiss Wed, 12 Oct 2005 02:54:44 +0000 gallery (1.5-2) unstable; urgency=high * SECURITY: + Fix privilege escalation in Postnuke integration. References: CAN-2005-2596 + Fix XSS issue in EXIF tag handling (Closes: #325285) + Fix two file exposure bugs in stats module. -- Michael C. Schultheiss Sat, 27 Aug 2005 17:21:56 +0000 gallery (1.5-1) unstable; urgency=low * New upstream release (Closes: #304649) + Slideshow button fixed for albums that only contain subalbums (Closes: #265873) * Tweak secure.sh (Thanks to John v/d Kamp. Closes: #302934) -- Michael C. Schultheiss Thu, 14 Apr 2005 18:34:45 +0000 gallery (1.4.4-pl6-1) unstable; urgency=high * New upstream release - urgency high due to XSS security fixes (Closes: #294138) + References: CAN-2005-0219, CAN-2005-0220 -- Michael C. Schultheiss Tue, 8 Feb 2005 03:41:00 +0000 gallery (1.4.4-pl5-1) unstable; urgency=high * New upstream release - urgency high due to XSS security fixes (Closes: #292351) * debian/control: Add php5 packages to php dependency possibilities (Closes: #290367) * write.inc: Give full path to secure.sh -- Michael C. Schultheiss Wed, 26 Jan 2005 14:28:11 +0000 gallery (1.4.4-pl4-7) unstable; urgency=low * secure.sh: chown config.php and htaccess to root:root so they're unwritable in secure mode (Closes: #286914, #286916) * confirm.inc: Update error message when htaccess and config.php are unwritable (Prompt user to run configure.sh) -- Michael C. Schultheiss Sat, 08 Jan 2005 17:46:24 +0000 gallery (1.4.4-pl4-6) unstable; urgency=low * postinst: Check for existence of /etc/$webserver/conf.d before trying to symlink /etc/$webserver/conf.d/gallery to /etc/gallery/apache.conf (Closes: #285399) -- Michael C. Schultheiss Wed, 15 Dec 2004 19:47:29 +0000 gallery (1.4.4-pl4-5) unstable; urgency=high * links: Reinstate setup symlink that was erroneously removed in 1.4.4-pl4-3 (Closes: #281326) Urgency high due to functionality problems with 1.4.4-pl4-3 and 1.4.4-pl4-4. -- Michael C. Schultheiss Mon, 15 Nov 2004 13:42:02 +0000 gallery (1.4.4-pl4-4) unstable; urgency=low * Version.php: $gallery->version = '1.4.4-pl4-debian4'; (Bump debian version - forgot to do so for 1.4.4-pl4-3) -- Michael C. Schultheiss Sat, 13 Nov 2004 16:57:54 +0000 gallery (1.4.4-pl4-3) unstable; urgency=low * links, debian/rules: Stop creating unnecessary symlinks (Closes: #281044) * configure.sh: Update echo'd strings to reflect current information (Closes: #280848) * Update README.Debian -- Michael C. Schultheiss Sat, 13 Nov 2004 16:30:11 +0000 gallery (1.4.4-pl4-2) unstable; urgency=high * Actually include ja.po (forgot in 1.4.4-pl4-1). Still urgency high since this version is being uploaded shortly after 1.4.4-pl4-1 which fixes XSS issues. -- Michael C. Schultheiss Wed, 3 Nov 2004 16:27:27 -0500 gallery (1.4.4-pl4-1) unstable; urgency=high * New upstream release (urgency high due to XSS security fixes). Upstream version 1.4.4-pl3 was never packaged due to functionality problems discovered upstream shortly after that version was released. * Add japanese translation of Debconf templates (Thanks to Hideki Yamane. Closes: #276810) -- Michael C. Schultheiss Wed, 3 Nov 2004 15:46:21 -0500 gallery (1.4.4-pl2-2) unstable; urgency=low * debian/control: remove Suggests: netpbm-nonfree (Closes: #271681) * setup/: Replace include(dirname(dirname(__FILE__)) . "/foo.php"); with include(GALLERY_BASE . "/foo.php"); in several files (Closes: #271762) -- Michael C. Schultheiss Wed, 15 Sep 2004 04:30:05 +0000 gallery (1.4.4-pl2-1) unstable; urgency=high * New upstream release (Closes: #268195) - urgency high due to functionality problems with 1.4.4-pl1-1 -- Michael C. Schultheiss Thu, 26 Aug 2004 15:07:56 +0000 gallery (1.4.4-pl1-1) unstable; urgency=low * This release is dedicated to Susan J. Schultheiss - Happy Birthday Mom! * New upstream release (Closes: #267847) * postrm: Clean up on purge regardless of debconf presence (Closes: #248353) -- Michael C. Schultheiss Tue, 24 Aug 2004 17:31:49 +0000 gallery (1.4.4-1) unstable; urgency=low * New upstream release (Closes: #262175) * Add german translation of Debconf templates (Thanks to Erik Schanze. Closes: #253044) * Update README.Debian, remove configure.sh and album format Debconf questions (Closes: #261440, #261444) -- Michael C. Schultheiss Fri, 30 Jul 2004 02:38:51 +0000 gallery (1.4.3-pl2-1) unstable; urgency=high * New upstream release * SECURITY: Fix major security issue with init.php which allowed anybody to login as any user (including admin) with no password, by emulating that Gallery was embedded -- Michael C. Schultheiss Tue, 1 Jun 2004 18:22:02 +0000 gallery (1.4.3-pl1-2) unstable; urgency=low * This release is dedicated in memory of Chisako Uyehara * gallery.config: Move webserver debconf question out of if block (Closes: #249824) * l10n updates: + Add Catalan translation of debconf templates (Thanks to Aleix Badia i Bosch. Closes: #248711) + Add Dutch translation of debconf templates (Thanks to Luk Claes. Closes: #251398) -- Michael C. Schultheiss Fri, 28 May 2004 18:07:45 +0000 gallery (1.4.3-pl1-1) unstable; urgency=low * New upstream release (Closes: #247717) * debian/postrm: Don't attempt to remove /etc/apache/conf.d if it's empty (Closes: #247187) * debian/control: Depend on debconf (>= 0.2.26) (clear up Lintian warning) -- Michael C. Schultheiss Thu, 6 May 2004 15:45:47 +0000 gallery (1.4.3-1) unstable; urgency=low * New upstream release (Closes: #244905) * Change ownership of /usr/share/gallery/docs/images/step2setup.gif to root:root (Closes: #244515) * debian/control: + move libapache2-mod-php4 to end of php dependencies + Remove wwwconfig-common from dependencies * Make postinst and postrm more robust (Closes: #168550, #244403) -- Michael C. Schultheiss Tue, 20 Apr 2004 15:58:19 +0000 gallery (1.4.2-2) unstable; urgency=low * debian/control: add libapache2-mod-php4 to php dependency possibility (Closes: #240757) * debian/README.Debian: upstream README is not compresses - reference uncompressed README (Closes: #235027) -- Michael C. Schultheiss Mon, 29 Mar 2004 03:55:57 +0000 gallery (1.4.2-1) unstable; urgency=low * New upstream release (Closes: #232410) -- Michael C. Schultheiss Thu, 12 Feb 2004 21:22:56 +0000 gallery (1.4.1-5) unstable; urgency=low * Fix GALLERY_BASEDIR paths in setup/check_mail.php, setup/diagnostics.php, setup/phpinfo.php and setup/session_test.php. setup/backup_albums.php was not updated since it is supposed to be manually moved to /usr/share/gallery/ by the admin. (Closes: #228620) * util.php: Update validate_email regexp to allow + in e-mail addresses (Closes: #229398) -- Michael C. Schultheiss Mon, 2 Feb 2004 18:44:11 +0000 gallery (1.4.1-4) unstable; urgency=high * SECURITY: Fix remote access vulnerability in init.php and setup/init.php (Closes: #229611) * Tone down the configure.sh nagging (Closes: #228423) -- Michael C. Schultheiss Sun, 25 Jan 2004 11:37:46 -0500 gallery (1.4.1-3) unstable; urgency=low * Version.php: $gallery->version = '1.4.1-debian3'; (Bump debian version - forgot to do so for 1.4.1-2) -- Michael C. Schultheiss Wed, 10 Dec 2003 11:09:41 -0500 gallery (1.4.1-2) unstable; urgency=low * debian/gallery.templates: + Remove first person, add missing periods (Thanks to Christian Perrier - Closes: #223312) + Clean up wording * debian/po/fr.po: Update French translation of debconf templates (Thanks to Christian Perrier.) * debian/rules: Add binary-arch (Thanks to Santiago Vila - Closes: #223235) * util.php: Fix skin screenshot URL generator (Closes: #223339) -- Michael C. Schultheiss Wed, 10 Dec 2003 10:49:48 -0500 gallery (1.4.1-1) unstable; urgency=low * New upstream release (Closes: #223031) * Ask whether to update httpd.conf (Closes: #153955, #221694) -- Michael C. Schultheiss Fri, 05 Dec 2003 20:10:45 -0500 gallery (1.4-4) unstable; urgency=high * This release is dedicated in memory of David E. Schultheiss. * SECURITY: Fix remote access vulnerability in setup/index.php (Closes: #215597) -- Michael C. Schultheiss Mon, 20 Oct 2003 10:14:18 -0500 gallery (1.4-3) unstable; urgency=low * Fix minor typo in debconf templates (Thanks to Christian Perrier. Closes: #213241) * debian/control: Recommend libjpeg-progs (Thanks to Jochen Stiepel. Closes: #212724) -- Michael C. Schultheiss Mon, 29 Sep 2003 19:02:21 +0000 gallery (1.4-2) unstable; urgency=low * util.php: Fix image rotation problem (Upstream fix released as 1.4-pl1) * debian/rules: Fix lintian warnings -- Michael C. Schultheiss Sat, 13 Sep 2003 21:12:05 -0500 gallery (1.4-1) unstable; urgency=low * New upstream release (Closes: #210617) + From upstream changelog: 2003-07-28 Joan McGalliard 1.3.5-cvs-b56 * Gallery is now multilanguage. Administrators and users will have access to languages as provided in language packs. (Closes: #174935) * debian/control: + Add apache2 to apache depends possibility (Closes: #205386) + Update Standards version (no changes necessary) -- Michael C. Schultheiss Fri, 12 Sep 2003 11:42:54 -0500 gallery (1.3.4-3) unstable; urgency=high * SECURITY: Fix XSS security hole in the search code, caused by a typo in search.php -- Michael C. Schultheiss Mon, 28 Jul 2003 22:57:31 +0000 gallery (1.3.4-2) unstable; urgency=low * Switch to gettext-based debconf templates, add French translation of debconf templates (Thanks to Christian Perrier. Closes: #200116) * debian/control: + Bump debhelper version in Build-Depends-Indep + Update Standards version (no changes necessary) * setup/backup_albums.php: Fix paths of tar and gzip, default to tgz backups (Thanks to Olivier Berger. Closes: #201535) * setup/check_imagemagick.php: Fix path of config.php (Closes: #184906) -- Michael C. Schultheiss Wed, 16 Jul 2003 18:07:19 -0500 gallery (1.3.4-1) unstable; urgency=low * New upstream release (Closes: #197919) + From upstream changelog: 2003-05-23 Beckett Madden-Woods 1.3.4-cvs-b36 * Added "jpeg" to acceptable image tag list (alongside "jpg"). (Closes: #193929) * debian/control: + Recommend imagemagick (Closes: #175303) + Depend on php4 | php4-cgi (Closes: #179326) + Depend on debconf + update Standards version * Add debconf prompts about upgrade procedure and album format change (Closes: #179770) -- Michael C. Schultheiss Wed, 18 Jun 2003 11:45:58 -0500 gallery (1.3.3-4) unstable; urgency=low * New maintainer (Closes: #174566, #188355) * debian/control: Change maintainer address, update Policy -- Michael C. Schultheiss Thu, 10 Apr 2003 12:20:38 -0500 gallery (1.3.3-3) unstable; urgency=low * Reset the urgency to low. -- Steve Kemp Fri, 31 Jan 2003 21:40:14 +0000 gallery (1.3.3-2) unstable; urgency=high * New maintainer (fixes #174566) -- Steve Kemp Fri, 31 Jan 2003 21:35:14 +0000 gallery (1.3.3-1) unstable; urgency=high * New upstream version * SECURITY: fixes accidental re-introduction of cross site scripting vulnerability * change wording of README.Debian to clarify login username/password (thanks Jameson C. Burt) -- Adam Lazur Sat, 28 Dec 2002 15:40:34 -0500 gallery (1.3.2-1) unstable; urgency=low * New upstream version -- Adam Lazur Sun, 15 Dec 2002 22:30:42 -0500 gallery (1.3.1-3) unstable; urgency=high * Really fix path issues with setup (closes: #158064) -- Adam Lazur Mon, 26 Aug 2002 20:14:27 -0400 gallery (1.3.1-2) unstable; urgency=high * Fix path for required files in setup/write.inc (closes: #158064) -- Adam Lazur Sat, 24 Aug 2002 15:51:26 -0400 gallery (1.3.1-1) unstable; urgency=low * New upstream version -- Adam Lazur Mon, 5 Aug 2002 10:39:37 -0400 gallery (1.3-3) unstable; urgency=high * SECURITY: add GALLERY_BASEDIR fix to captionator.php as well -- Adam Lazur Thu, 1 Aug 2002 09:17:18 -0400 gallery (1.3-2) unstable; urgency=high * SECURITY: fix from upstream CVS to stop remote command execution by passing $GALLERY_BASEDIR var. -- Adam Lazur Wed, 31 Jul 2002 11:03:28 -0400 gallery (1.3-1) unstable; urgency=low * New upstream version (closes: #149310) * Show Album Tree - turn this on in the config wizard and the albums page will show all of the nested albums. * View All Comments - the album owner can now view all comments in each album. * The Slideshow - You can now view an entire album as a smooth transitioning slide show. - submitted by Jacob Redding * The Captionator - edit many captions at once * Thumbnail wrapper customization - You can now easily manage the look of the thumbnail images on the album pages and the main Gallery page. * bug fixes and UI cleanup. * preserve exif information at all times (closes: #125748) -- Adam Lazur Sun, 9 Jun 2002 23:02:42 -0400 gallery (1.2.5-6) unstable; urgency=high * add apache-perl to apache depends possibility (closes: #140750) * add a Recommends for jhead (closes: #140801) * integrate upstream patch (and fix) for photo delete bug (closes: #141355) * move unzip to Recommends -- Adam Lazur Wed, 10 Apr 2002 22:27:11 -0400 gallery (1.2.5-5) unstable; urgency=high * delete photos by name instead of by id to avoid stale submission bug which may result in the wrong photo being deleted (closes: #135457) -- Adam Lazur Mon, 18 Mar 2002 22:04:02 -0500 gallery (1.2.5-4) unstable; urgency=low * add links for customizations in html_wrap dir to point to /etc/gallery -- Adam Lazur Wed, 19 Dec 2001 14:58:52 -0500 gallery (1.2.5-3) unstable; urgency=medium * Remove failure for not finding ppmtogif if netpbm-nonfree is not installed (closes: bug#125756) -- Adam Lazur Wed, 19 Dec 2001 00:01:48 -0500 gallery (1.2.5-2) unstable; urgency=low * Fix typo in netpbm-nonfree in Suggests field * Add lintian override for directory perms on /var/lib/gallery/setup * make it arch all instead of arch any (doh) -- Adam Lazur Thu, 13 Dec 2001 11:04:02 -0500 gallery (1.2.5-1) unstable; urgency=low * Initial Release (closes: bug#120205) -- Adam Lazur Mon, 10 Dec 2001 14:10:11 -0500