Author: Charlie_Smotherman
Revision Date: 2010-08-02 13:40:45 UTC

* Added debian/gallery2.preinst to move /etc/gallery2/apache.conf and to a
  temp location for upgrades.
* debian/postinst move /etc/gallery2/apache.conf back into place to
  complete upgrade.

Author: Charlie_Smotherman
Revision Date: 2010-08-02 13:40:45 UTC

* Added debian/gallery2.preinst to move /etc/gallery2/apache.conf and to a
  temp location for upgrades.
* debian/postinst move /etc/gallery2/apache.conf back into place to
  complete upgrade.

Author: Charlie_Smotherman
Revision Date: 2010-08-02 13:40:45 UTC

* Added debian/gallery2.preinst to move /etc/gallery2/apache.conf and to a
  temp location for upgrades.
* debian/postinst move /etc/gallery2/apache.conf back into place to
  complete upgrade.

Author: Charlie_Smotherman
Revision Date: 2010-08-02 13:40:45 UTC

* Added debian/gallery2.preinst to move /etc/gallery2/apache.conf and to a
  temp location for upgrades.
* debian/postinst move /etc/gallery2/apache.conf back into place to
  complete upgrade.

Author: Charlie_Smotherman
Revision Date: 2010-08-02 13:40:45 UTC

* Added debian/gallery2.preinst to move /etc/gallery2/apache.conf and to a
  temp location for upgrades.
* debian/postinst move /etc/gallery2/apache.conf back into place to
  complete upgrade.

Author: Charlie_Smotherman
Revision Date: 2010-08-02 13:40:45 UTC

* Added debian/gallery2.preinst to move /etc/gallery2/apache.conf and to a
  temp location for upgrades.
* debian/postinst move /etc/gallery2/apache.conf back into place to
  complete upgrade.

Author: Charlie_Smotherman
Revision Date: 2010-08-02 13:40:45 UTC

* Added debian/gallery2.preinst to move /etc/gallery2/apache.conf and to a
  temp location for upgrades.
* debian/postinst move /etc/gallery2/apache.conf back into place to
  complete upgrade.

Author: Charlie_Smotherman
Revision Date: 2010-08-02 13:40:45 UTC

* Added debian/gallery2.preinst to move /etc/gallery2/apache.conf and to a
  temp location for upgrades.
* debian/postinst move /etc/gallery2/apache.conf back into place to
  complete upgrade.

Author: Charlie_Smotherman
Revision Date: 2010-08-02 13:40:45 UTC

* Added debian/gallery2.preinst to move /etc/gallery2/apache.conf and to a
  temp location for upgrades.
* debian/postinst move /etc/gallery2/apache.conf back into place to
  complete upgrade.

Author: Charlie_Smotherman
Revision Date: 2010-08-02 13:40:45 UTC

* Added debian/gallery2.preinst to move /etc/gallery2/apache.conf and to a
  temp location for upgrades.
* debian/postinst move /etc/gallery2/apache.conf back into place to
  complete upgrade.

Author: Charlie_Smotherman
Revision Date: 2010-08-03 21:39:35 UTC

Closing the bug I negelected to close in the last log entry. (LP: #578137)

Author: Charlie_Smotherman
Revision Date: 2010-08-02 13:40:45 UTC

* Added debian/gallery2.preinst to move /etc/gallery2/apache.conf and to a
  temp location for upgrades.
* debian/postinst move /etc/gallery2/apache.conf back into place to
  complete upgrade.

Author: Chuck Short
Revision Date: 2010-04-07 08:56:15 UTC

debian/control: Don't suggest mysql-server-5.0.

Author: William Grant
Revision Date: 2008-06-25 13:47:58 UTC

* SECURITY UPDATE: multiple cross-site scripting, information disclosure,
  and restriction bypass vulnerabilities (LP: #242671), and arbitrary code
  execution (LP: #202422)
  - lib/smarty/plugins/modifier.regex_replace.php: Don't look past a NULL in
    the search string. Fixes possible arbitrary code execution. Patch from
    smarty upstream.
  - modules/core/ItemAdd.inc: Flatten the contents of ZIP archives if they
    are being uploaded by a user without subalbum privileges. Patch from
    upstream svn.
  - modules/core/classes/GalleryUrlGenerator.class,
    modules/rewrite/classes/parsers/modrewrite/ModRewriteUrlGenerator:
    Properly remove illegal characters from URLs. Patch from upstream svn.
  - modules/core/classes/Gallery{Embed,PhpVm}.class: More thoroughly verify
    that the remote address isn't being spoofed. Patch from upstream svn.
  - modules/password/PasswordOption.inc: Only allow password protection of
    items already password protected or albums, as single items cannot
    reliably be password protected. Patch from upstream svn.
  - modules/albumselect/Callbacks.inc: Add session permissions to keys for
    the album list cache, to avoid hidden album disclosure. Patch from
    upstream svn.
  - */MANIFEST: Drop modified files to please the browser-based installer.
  - References:
    + CVE-2008-1066
    + CVE-2008-2720
    + CVE-2008-2721
    + CVE-2008-2722
    + CVE-2008-2723
    + CVE-2008-2724

Author: Charlie_Smotherman
Revision Date: 2008-02-05 11:01:59 UTC

The symbolic link for /usr/share/gallery2/lib/smarty is not created
correctly in debian/postinst. Applied patch supplied by Dan Lenski that
creates the smarty symbolic link correctly. (LP: #269079).

Author: Charlie_Smotherman
Revision Date: 2008-02-05 11:01:59 UTC

The symbolic link for /usr/share/gallery2/lib/smarty is not created
correctly in debian/postinst. Applied patch supplied by Dan Lenski that
creates the smarty symbolic link correctly. (LP: #269079).

Author: Michael Schultheiss
Revision Date: 2008-09-18 19:43:30 UTC

* Urgency high due to security fixes (CVE-2008-3662)
* New upstream release (Closes: #499408)
* Use system adodb rather than embedded copy
  (Thanks to Jan Wagner. Closes: #471160)
  + debian/control: Add Depends on libphp-adodb

Author: William Grant
Revision Date: 2008-06-25 13:47:58 UTC

* SECURITY UPDATE: multiple cross-site scripting, information disclosure,
  and restriction bypass vulnerabilities (LP: #242671), and arbitrary code
  execution (LP: #202422)
  - lib/smarty/plugins/modifier.regex_replace.php: Don't look past a NULL in
    the search string. Fixes possible arbitrary code execution. Patch from
    smarty upstream.
  - modules/core/ItemAdd.inc: Flatten the contents of ZIP archives if they
    are being uploaded by a user without subalbum privileges. Patch from
    upstream svn.
  - modules/core/classes/GalleryUrlGenerator.class,
    modules/rewrite/classes/parsers/modrewrite/ModRewriteUrlGenerator:
    Properly remove illegal characters from URLs. Patch from upstream svn.
  - modules/core/classes/Gallery{Embed,PhpVm}.class: More thoroughly verify
    that the remote address isn't being spoofed. Patch from upstream svn.
  - modules/password/PasswordOption.inc: Only allow password protection of
    items already password protected or albums, as single items cannot
    reliably be password protected. Patch from upstream svn.
  - modules/albumselect/Callbacks.inc: Add session permissions to keys for
    the album list cache, to avoid hidden album disclosure. Patch from
    upstream svn.
  - */MANIFEST: Drop modified files to please the browser-based installer.
  - References:
    + CVE-2008-1066
    + CVE-2008-2720
    + CVE-2008-2721
    + CVE-2008-2722
    + CVE-2008-2723
    + CVE-2008-2724

Author: Michael Schultheiss
Revision Date: 2007-12-24 05:36:33 UTC

* New upstream release (Urgency high due to security fixes.
  Closes: #457644)
* debian/control:
  + Update Standards-Version (No changes needed)
  + Add Homepage field, remove Homepage from Description
* debian/rules: No longer set DH_COMPAT (use debian/compat instead)

Author: Michael Schultheiss
Revision Date: 2007-06-13 16:38:45 UTC

* Urgency high due to RC bug.
* debian/gallery2.postrm: Add conditional block around mysql-dropdb.sh
  sourcing. (Thanks to Matthew Johnson. Closes: #416749)
* Add Spanish translation of debconf templates. (Thanks to Rudy Godoy.
  Closes: #423680)

Author: Michael Schultheiss
Revision Date: 2007-03-01 15:01:13 UTC

* l10n updates (Thanks to Christian Perrier for coordinating this
  update):
  + debian/gallery.templates: Update per recommendations from
    Helge Kreutzmann and Christian Perrier. Closes: #401459
  + Update Basque translation of debconf templates (Thanks to
    Piarres Beobide. Closes: #412410)
  + Update Czech translation of debconf templates (Thanks to
    Miroslav Kure. Closes: #412556)
  + Update French translation of debconf templates (Thanks to
    Steve Petruzzello. Closes: #412906)
  + Add Galician translation of debconf templates (Thanks to
    Jacobo Tarrio. Closes: #412363)
  + Add German translation of debconf templates (Thanks to
    Helge Kreutzmann. Closes: #401460, #412396)
  + Add Japanese translation of debconf templates (Thanks to
    Kenshi Muto. Closes: #412505)
  + Update Portuguese translation of debconf templates (Thanks to
    Rui Branco. Closes: #412395)
  + Add Russian translation of debconf templates (Thanks to
    Yuri Kozlov. Closes: #412552)
  + Update Swedish translation of debconf templates (Thanks to
    Daniel Nylander. Closes: #412390)

Author: Michael Schultheiss
Revision Date: 2006-04-16 16:42:35 UTC

* New upstream release (Closes: #362936)
  + Bugfixes for Postgres7 (Closes: #359000, #362152)

Author: StefanPotyra
Revision Date: 2007-01-07 06:53:48 UTC

* SECURITY UPDATE: Fix a PHP local inclusion exploit.
  - add sane initialization of $stepOrder array in both
    install/index.php and upgrade/index.php.
  - Closes: lp#35528.
* Update MANIFEST file to match checksums of both changed files.
* References
  http://gallery.menalto.com/2.0.4_and_2.1_rc_2a_update
  CVE-2006-1219

Author: StefanPotyra
Revision Date: 2007-01-07 06:53:48 UTC

* SECURITY UPDATE: Fix a PHP local inclusion exploit.
  - add sane initialization of $stepOrder array in both
    install/index.php and upgrade/index.php.
  - Closes: lp#35528.
* Update MANIFEST file to match checksums of both changed files.
* References
  http://gallery.menalto.com/2.0.4_and_2.1_rc_2a_update
  CVE-2006-1219

Author: Michael Schultheiss
Revision Date: 2005-11-29 15:50:12 UTC

* New upstream release (Closes: #341270)
  + Urgency high due to security issues
    - Fixes security flaw in zipcart that could allow remote
      visitors to view sensitive files on your webserver
    - fixes an XSS issue in add-from-web
    - Obscures the naming of the install.log file