Random Image
![[G2]](/themes/gmc/images/badge_g2_16.png){kind=icon}
Improve performanceGallery 1.4.4-pl1 is now Available!
Gallery v1.4.4-pl1 is an update to Gallery 1.4.4 to resolve several issues found after the release. Most of these issues are fairly minor, and the one security issue fixed in this release requires a fairly unusual Gallery configuration and a bit of effort to exploit (Read more to see if you are vulnerable). This is still a recommended upgrade due to the bug fixes, but if you want to keep your Gallery secure without a full upgrade, a small patch to fix that issue is available separately.
Download 1.4.4-pl1 from the Gallery Download Page
Read more for instructions on applying the security patch and the full list of resolved issues.Am I vulnerable?
Chances are pretty good that you are not vulnerable to this security problem. The only way it can affect you is if:
•the Attacker has upload rights to an album (either via EVERYBODY, or other rights)
•your Gallery temp directory is located inside the webroot. (Unusual, but not that out of the ordinary)
•URL wrappers are enabled
•Gallery is in debug/devMode or PHP is set to always display error messages
This probably doesn't sound like your system, but in the rare situation that it does, just follow the instructions below, or download the entire update, to patch the hole!
Patch Instructions
This will only work on systems with the "patch" command. This should be most Linux and Unix machines. After downloading the patch "gallery-1.4.4-to-1.4.4-sr1.diff" and copying it to inside of your Gallery installation, you can apply it by running:
Resolved Issues
• Fix: Several small fixes. Body text direction in poll_results, CSS file location from subdirs (tools), No files/All files in setup, stray binary char in setup, return to Gallery url in find_orphans, recursive slideshow in albums with no photos (only albums)
• Fix: Make doubly-sure that we're setting mambo session vars when embedded, to prevent the 'No info' error.
• Fix: Added a setup option for "slowPhotoCount". The accurate photo count on the Gallery index page was a much requested change, however it proved to be so slow on some machines/Galleries that this will disable it unless explicitly enabled by the user during setup. (Galleries with vast numbers of albums or images could take as long as 30 seconds to load the index, by user reports)
• Fix: Navigation bar width was dependant on whether images were resized or not... this caused albums where resize_size was off to have the table width set to 0.
• Fix: Extra-long filename prevention in save_photos.php, as well as verifying that the uploaded file is a valid image format before leaving to the temp directory
• Fix: If 'shutterfly' is set, but not checked, unset it during the album upgrade. This caused shutterfly to appear even though it wasn't really enabled.
• Fix: Print fatal error message instead of obscure PHP error when userDB fails to init before we try and use it.
• Fix: numAccessibleItems was incorrectly checking isHiddenRecurse() for albums. It needed to just be isHidden()
• Fix: Prevent foreach() error from being displayed when previewing watermark previews.
• Fix: Logging into Gallery as a non-admin and then trying to reset the admin password failed. The logged in user was used and the resetadmin file was ignored
• Fix: Extract HTTP_POST_FILES in phpBB2's modules.php
• Fix: Correct the check_exec function which was being a little too liberal in its regex for exec. (shell_exec was incorrectly labeled as 'exec')
• Fix: Don't display clickable dimensions for movies
• Fix: Stack the custom fields on top of each other - users were really displeased by the side-by-side view
• Change: edit_appearance needs to properly handle the empty variable without issuing any PHP notices/warnings (Thanks for finding the issue, Tim)
• Fix: Disabling ALL print services in edit_appearance (album properties) did not work.
• Fix: The admin options on root albums were displaying inside the Mambo UI.
• Fix: view_comments would display albums without read permissions (user could not see anything except highlight image and album title)
Download 1.4.4-pl1 from the Gallery Download Page
Read more for instructions on applying the security patch and the full list of resolved issues.Am I vulnerable?
Chances are pretty good that you are not vulnerable to this security problem. The only way it can affect you is if:
•the Attacker has upload rights to an album (either via EVERYBODY, or other rights)
•your Gallery temp directory is located inside the webroot. (Unusual, but not that out of the ordinary)
•URL wrappers are enabled
•Gallery is in debug/devMode or PHP is set to always display error messages
This probably doesn't sound like your system, but in the rare situation that it does, just follow the instructions below, or download the entire update, to patch the hole!
Patch Instructions
This will only work on systems with the "patch" command. This should be most Linux and Unix machines. After downloading the patch "gallery-1.4.4-to-1.4.4-sr1.diff" and copying it to inside of your Gallery installation, you can apply it by running:
patch -p0 < gallery-1.4.4-to-1.4.4-sr1.diff
Resolved Issues
• Fix: Several small fixes. Body text direction in poll_results, CSS file location from subdirs (tools), No files/All files in setup, stray binary char in setup, return to Gallery url in find_orphans, recursive slideshow in albums with no photos (only albums)
• Fix: Make doubly-sure that we're setting mambo session vars when embedded, to prevent the 'No info' error.
• Fix: Added a setup option for "slowPhotoCount". The accurate photo count on the Gallery index page was a much requested change, however it proved to be so slow on some machines/Galleries that this will disable it unless explicitly enabled by the user during setup. (Galleries with vast numbers of albums or images could take as long as 30 seconds to load the index, by user reports)
• Fix: Navigation bar width was dependant on whether images were resized or not... this caused albums where resize_size was off to have the table width set to 0.
• Fix: Extra-long filename prevention in save_photos.php, as well as verifying that the uploaded file is a valid image format before leaving to the temp directory
• Fix: If 'shutterfly' is set, but not checked, unset it during the album upgrade. This caused shutterfly to appear even though it wasn't really enabled.
• Fix: Print fatal error message instead of obscure PHP error when userDB fails to init before we try and use it.
• Fix: numAccessibleItems was incorrectly checking isHiddenRecurse() for albums. It needed to just be isHidden()
• Fix: Prevent foreach() error from being displayed when previewing watermark previews.
• Fix: Logging into Gallery as a non-admin and then trying to reset the admin password failed. The logged in user was used and the resetadmin file was ignored
• Fix: Extract HTTP_POST_FILES in phpBB2's modules.php
• Fix: Correct the check_exec function which was being a little too liberal in its regex for exec. (shell_exec was incorrectly labeled as 'exec')
• Fix: Don't display clickable dimensions for movies
• Fix: Stack the custom fields on top of each other - users were really displeased by the side-by-side view
• Change: edit_appearance needs to properly handle the empty variable without issuing any PHP notices/warnings (Thanks for finding the issue, Tim)
• Fix: Disabling ALL print services in edit_appearance (album properties) did not work.
• Fix: The admin options on root albums were displaying inside the Mambo UI.
• Fix: view_comments would display albums without read permissions (user could not see anything except highlight image and album title)
good
I got this message, and really dont know if the patch worked for me?<br />
<br />
Thanxx<br />
Bjorn<br />
<br />
------------------------------------------<br />
Hmm... Looks like a unified diff to me...<br />
The text leading up to this was:<br />
--------------------------<br />
|--- save_photos.php.old Fri Aug 20 19:47:30 2004<br />
|+++ save_photos.php Fri Aug 20 19:47:36 2004<br />
--------------------------<br />
Patching file save_photos.php using Plan A...<br />
Hunk #1 failed at 148.<br />
1 out of 1 hunks failed--saving rejects to save_photos.php.rej<br />
Hmm... The next patch looks like a unified diff to me...<br />
The text leading up to this was:<br />
--------------------------<br />
|--- Version.php 21 Aug 2004 02:18:01 -0000 1.972.2.62<br />
|+++ Version.php 21 Aug 2004 02:43:25 -0000<br />
--------------------------<br />
Patching file Version.php using Plan A...<br />
Hunk #1 failed at 31.<br />
1 out of 1 hunks failed--saving rejects to Version.php.rej<br />
Hmm... The next patch looks like a unified diff to me...<br />
The text leading up to this was:<br />
--------------------------<br />
|--- ChangeLog.old Fri Aug 20 19:52:32 2004<br />
|+++ ChangeLog Fri Aug 20 19:50:59 2004<br />
--------------------------<br />
Patching file ChangeLog using Plan A...<br />
Hunk #1 succeeded at 1 with fuzz 2.<br />
Hmm... Ignoring the trailing garbage.<br />
done<br />
------------------------------------------
[dmd@eco ~/3e.org/docs/gallery]$ patch -p0 < /tmp/gallery-1.4.4-to-1.4.4-sr1.diff <br />
patching file save_photos.php<br />
Hunk #1 FAILED at 148.<br />
1 out of 1 hunk FAILED -- saving rejects to file save_photos.php.rej<br />
patching file Version.php<br />
patching file ChangeLog
Please report any problems in the discussion forums, in the bug tracker, or to us on IRC. Thanks.
Please report any problems in the discussion forums, in the bug tracker, or to us on IRC. Thanks.
Version 1.4.4-pl1-1 of the Debian gallery package was uploaded on Tuesday, August 24, 2004 and should be available in Debian unstable after the archive run completes in the afternoon (EST) of Tuesday, August 24, 2004.
What the? I extracted pl1 overtop my current 1.4.4 installation and my background color is now changed. I haven't checked any settings (yet, will do it after I post this), but I hope doing this hasn't erased anything I may have specially changed!
This is a know bug that was reported onthe bug tracker on sourceforge and was fixed. There should be a -pl2 which will resolve this. copy your .css files ove the .css.default files and that should hold you over. Please report any further issues in the forums or on the bug tracker.
FYI, it went from DARK grey to LIGHT green. I don't see what caused this to change? Can someone fill me in, thanks.
ck, alrighty, thank you.
HELLO!!