source: moodle/trunk/fuentes/debian/changelog @ 1347

Last change on this file since 1347 was 1331, checked in by jrpelegrina, 4 years ago

Updated to moodle 3.0.3

File size: 58.6 KB
Line 
1moodle (3.0.3+dfsg-0ubuntu1) xenial; urgency=medium
2
3  [ Nishanth Aravamudan ]
4  * New upstream release, as only 3.0.1+ has PHP7 support
5    (LP: #1562172).
6    - https://docs.moodle.org/dev/Moodle_and_PHP7
7    - https://tracker.moodle.org/browse/MDL-50565
8    - update d/rules dfsg target.
9    - remove mdeploy*.php from d/install.
10    - d/lintian-overrides, d/source/lintian-overrides: update embedded
11      tinymce, yuilib, jquery versions.
12    - d/rules: update override_dh_lintian.
13  * d/control: update to PHP7.0 dependencies.
14  * d/watch: correct for current releases.
15
16  [ Steve Langasek ]
17  * Also update lintian overrides for binary packages.
18  * Remove some additional license files.
19  * Drop some no-longer-applicable lintian overrides.
20
21 -- Steve Langasek <steve.langasek@ubuntu.com>  Fri, 01 Apr 2016 22:08:56 -0700
22
23moodle (2.7.12+dfsg-1) unstable; urgency=high
24
25  * New upstream security release, released Jan 11, 2016.  Note that the
26    upstream 2.7 branch is supported for security fixes only until May 2017
27    (LTS).  Security issue fixed:
28    - (MSA-16-0001) CVE-2016-0724 Two enrolment-related web services don't check
29      course visibility.  Thanks Salvatore Bonaccorso. Closes: #811344
30    Other fixes and improvements:
31    - MDL-49473 - Logs export contains year
32    - MDL-52194 - Fixed Flowplayer not working with insecure configuration of
33      request_order
34    See https://docs.moodle.org/dev/Moodle_2.7.12_release_notes for more
35    details.
36  * debian/links, debian/rules: delegate creating symlinks to dh_link, via
37    debian/links.  This should fix a bug in upgrading: old obsolete symlinks are
38    kept.
39  * debian/rules: no longer install bennu/COPYRIGHT.txt, dragmath/COPYRIGHT.html
40    in usr/share/moodle/lib .
41  * debian/control: get rid of Breaks/Replaces moodle-book: moodle-book was only
42    shipped with squeeze (current oldoldstable).
43  * debian/control: remove Penny Leach <penny /a/ mjollnir 0 org>, Xavier Oswald
44    <xoswald@d.o> from Uploaders: I haven't seen any activity from them since
45    more than one year.  Penny, Xavier: you're very much invited to add yourself
46    again.
47  * debian/rules: no longer run debhelper in verbose mode.
48
49 -- Joost van Baal-Ilić <joostvb@debian.org>  Mon, 18 Jan 2016 08:38:29 +0100
50
51moodle (2.7.11+dfsg-2) unstable; urgency=high
52
53  * debian/rules: no longer link to content from
54    /usr/share/php-htmlpurifier/library/, but directly to
55    /usr/share/php/HTMLPurifier*.  This way, the php-htmlpurifier maintainers
56    can get rid of the compatibility symlink introduced in Debian Jessie.
57    Also: not only link to HTMLPurifier.php and HTMLPurifier.safe-includes.php,
58    but also to HTMLPurifier.autoload.php HTMLPurifier.auto.php
59    HTMLPurifier.func.php HTMLPurifier.includes.php HTMLPurifier.kses.php and
60    HTMLPurifier.path.php.  Thanks David Prévot.  Closes: #803175
61  * debian/po/es.po: update spanish translation. Thanks
62    Javier Fernández-Sanguino. Closes: #773567
63  * debian/control: make installation dependencies more flexible by adding
64    php5-fpm as alternative to libapache2-mod-php5 | php5-cgi. Thanks Detlev
65    Brodowski. Closes: #807072
66  * debian/rules: replace obsolete "dh binary-indep --before dh_lintian" and
67    "dh binary-indep --remaining" by "override_dh_lintian" and "dh_lintian".
68    Thanks lintian.
69  * debian/changelog: add CVE ID's to entry moodle (2.7.11+dfsg-1).
70  * debian/changelog: in entry moodle (2.7.2+dfsg-3), refer to #754565 and
71    give credit.
72  * debian/changelog: in entry moodle (2.7.2-2), refer to #736800 and give
73    credit.
74
75 -- Joost van Baal-Ilić <joostvb@debian.org>  Mon, 07 Dec 2015 13:52:32 +0100
76
77moodle (2.7.11+dfsg-1) unstable; urgency=high
78
79  * New upstream security release, released Nov 9, 2015. Security issues fixed:
80    - (MSA-15-0039) CVE-2015-5335 CSRF in site registration form: Attacker can
81      send admin a link to site registration form that will display correct URL
82      but, if submitted, will register with another hub. It is possible to trick
83      a site/admin into sending aggregate stats to an arbitrary domain.
84      Reported by Andrew Davis; Upstream patch:
85      http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51091
86    - (MSA-15-0040) CVE-2015-5336 Student XSS in survey: Standard survey module
87      is vulnerable to XSS attack by students who fill the survey.  Reported by
88      Hugh Davenport; Upstream patch: MDL-49940
89    - (MSA-15-0041) CVE-2015-5337 XSS in flash video player: XSS vulnerability
90      caused by Flowplayer flash video player has been addressed.  Reported by
91      Andrew Nicols; MDL-48085
92    - (MSA-15-0042) CVE-2015-5338 CSRF in lesson login form: Password-protected
93      lesson modules are subject to CSRF vulnerability.  Reported by Ankit
94      Agarwal; MDL-48109.
95    - (MSA-15-0043) CVE-2015-5339 Web service core_enrol_get_enrolled_users does
96      not respect course group mode: Through WS core_enrol_get_enrolled_users it
97      is possible to retrieve list of course participants who would not be
98      visible when using web site.  Reported by Daniel Palou; MDL-51861
99    - (MSA-15-0044) CVE-2015-5340 Capability to view available badges is not
100      respected: Logged in users who do not have capability 'View available
101      badges without earning them' can still access the full list of badges.
102      Capability moodle/badges:viewbadges is not respected.  Reported by Marina
103      Glancy; MDL-51684
104    - (MSA-15-0045) CVE-2015-5341 SCORM module allows to bypass access
105      restrictions based on date: Incorrect and missing handling of availability
106      dates in mod_scorm let users to view the SCORM contents bypassing the date
107      restriction.  Reported by Juan Leyva; MDL-50837
108    - (MSA-15-0046) CVE-2015-5342 Choice module closing date can be bypassed:
109      Users can mock URL to delete or submit new responses after the choice
110      module was closed.  Reported by Juan Leyva; MDL-51569
111    See https://bugzilla.redhat.com/show_bug.cgi?id=1288158 for details.  Thanks
112    Adam Mariš @ Red Hat.  See also
113    https://moodle.org/mod/forum/discuss.php?d=322852 , published Nov 9, 2015.
114    Other Fixes and improvements:
115    - MDL-51083 - Fixed undesired browser password autofilling in several forms
116      (majority of forms were fixed in MDL-45772 in previous release)
117    - MDL-51190 - Fixed MS Edge locking up when viewing embedded PDF
118    See https://docs.moodle.org/dev/Moodle_2.7.11_release_notes for more
119    details.
120  * debian/source/lintian-overrides: add some more incorrectly flagged
121    javascript files.  See lintian bug 802028 (and 799861).
122
123 -- Joost van Baal-Ilić <joostvb@debian.org>  Fri, 04 Dec 2015 15:12:23 +0100
124
125moodle (2.7.10+dfsg-1) unstable; urgency=high
126
127  * New upstream security release, released Sept 21, 2015.  Security issues
128    fixed:
129    - MSA-15-0030: Students can re-attempt answering questions in the lesson,
130      Reported by Eric Eakin, MDL-50516, CVE-2015-5264
131    - MSA-15-0031: Teacher in forum can still post to "all participants" and
132      groups they are not members of, Reported by David Scotson, MDL-50576,
133      CVE-2015-5272
134    - MSA-15-0032: Users can delete files uploaded by other users in wiki,
135      Reported by John Provasnik, MDL-48371, CVE-2015-5265
136    - MSA-15-0033: Meta course synchronisation enrols suspended students as
137      managers for a short period of time, Reported by Brian Winstead,
138      MDL-50744, CVE-2015-5266
139    - MSA-15-0034: Vulnerability in password recovery mechanism, Reported by
140      Vincent Herbulot (@us3r777), MDL-50860, CVE-2015-5267
141    - MSA-15-0035: Rating component does not check separate groups, Reported by
142      Juan Leyva, MDL-50173, CVE-2015-5268
143    - MSA-15-0036: XSS in grouping description, Reported by Marina Glancy,
144      MDL-50709, CVE-2015-5269
145    See the 21 Sep 2015 post from Marina Glancy at
146    http://www.openwall.com/lists/oss-security/2015/09/21/1 for more details on
147    these fixed security issues.  Some other fixes and improvements: MDL-51050
148    - Forms such as "Create new group" are no longer populated with passwords
149    and usernames by the browsers; MDL-42670 - Recent activity block no longer
150    shows student name when assignment blind marking is on. See
151    https://docs.moodle.org/dev/Moodle_2.7.10_release_notes for more details.
152    Thanks Salvatore Bonaccorso and Thijs Kinkhorst for forwarding the news.
153    Closes: #799634
154  * debian/source/lintian-overrides: add comment/comment.js, some
155    lib/yuilib/3.15.0/**/*-debug.js and
156    lib/yuilib/2in3/2.9.0/build/yui2-*/*-debug.js files to list of false
157    positives "source-is-missing". Bug #799861 reported against lintian.
158  * debian/copyright: clarify license situation of
159    lib/pear/HTML/QuickForm/DHTMLRulesTableless.php and
160    lib/pear/HTML/QuickForm/Renderer/Tableless.php. Thanks
161    Ondřej Surý and Paul Tagliamonte. Closes: #752615
162  * debian/control: no longer depend upon libphp-pclzip.  This dependency was
163    actually no longer needed since 2.7.5+dfsg-3, when phpexcel got removed.
164    Thanks David Prévot. Closes: #749609
165  * debian/changelog: fix entry for 2.7.5+dfsg-3 to properly close 746594.
166    See also https://tracker.moodle.org/browse/MDL-45395 .  Thanks Dan Poltawski
167    e.a.
168
169 -- Joost van Baal-Ilić <joostvb@debian.org>  Mon, 21 Sep 2015 09:52:15 +0200
170
171moodle (2.7.9+dfsg-1) unstable; urgency=high
172
173  * New upstream security release, released July 6, 2015.  Security issues fixed:
174    - MSA-15-0026 Possible phishing when redirecting to external site using
175      referer header, Reported by Totara, MDL-50688, CVE-2015-3272
176    - MSA-15-0028 Possible XSS through custom text profile fields in Web
177      Services, Reported by Marina Glancy, MDL-50130, CVE-2015-3274
178    - MSA-15-0029 Javascript injection in SCORM module, Reported by Martin
179      Greenaway, MDL-50614, CVE-2015-3275
180    See http://www.openwall.com/lists/oss-security/2015/07/13/2 for more details
181    on these fixed security issues.  Some other fixes and improvements:
182    MDL-50380 - Fixed missing parameter error when editing files in wiki;
183    MDL-50177 - Upgrading assignments in 2.7/2.8 works even when conditional
184    access is used; MDL-50275 - Added missing version bump after risk bitmap
185    change in MDL-49941.  See the Moodle 2.7.9 release notes at
186    https://docs.moodle.org/dev/Moodle_2.7.9_release_notes for more details.
187    Thanks Salvatore Bonaccorso. Closes: #792242
188  * debian/changelog: fix line length: max 80 columns.
189
190 -- Joost van Baal-Ilić <joostvb@debian.org>  Thu, 16 Jul 2015 15:44:09 +0200
191
192moodle (2.7.8+dfsg-1) unstable; urgency=high
193
194  * New upstream security release, released 11 May 2015.  Security issues
195    fixed:
196    - MSA-15-0018: Quiz manual-grading is an XSS risk, but does not declare
197      that, Reported by Hugh Davenport, MDL-49941, CVE-2015-3174
198    - MSA-15-0019: Possible phishing when redirecting to external site using
199      referer header, Reported by Dingjie Yang, MDL-49179, CVE-2015-3175
200    - MSA-15-0020: User fullname disclosure through account confirmation link,
201      Reported by: Federico Kirschbaum, MDL-50099, CVE-2015-3176
202    - MSA-15-0022: Potential XSS risk when returning text entered by student
203      from Web Services, Reported by Eloy Lafuente, MDL-49718, CVE-2015-3178
204    - MSA-15-0023: Suspended user is able to login when confirming email,
205      Reported by Marina Glancy, MDL-50090, CVE-2015-3179
206    - MSA-15-0024: User with suspended enrolment can see sections in the
207      navigation tree, Reported by Alex Mitin, MDL-49788, CVE-2015-3180
208    - MSA-15-0025: Capability to manage own files is not respected in Web
209      Services, Reported by Juan Leyva, MDL-49994, CVE-2015-3181
210    See http://www.openwall.com/lists/oss-security/2015/05/18/1 for more details
211    on these fixed security issues.  Some other fixes: MDL-48187 - Fixed problem
212    with new items automatically marked as extra credit in SWM category in
213    Gradebook; MDL-42449 - Grade category is preserved when duplicating a
214    module; MDL-46746, MDL-47003, MDL-47002 - Atto editor HTML cleaning is less
215    aggressive and more aware of special tags, especially noticeable when
216    pasting text from Word.  See the Moodle 2.7.8 release notes at
217    https://docs.moodle.org/dev/Moodle_2.7.8_release_notes for more details.
218    Thanks Salvatore Bonaccorso.  Closes: #785591
219  * debian/watch: fix syntax.
220
221 -- Joost van Baal-Ilić <joostvb@debian.org>  Fri, 22 May 2015 10:34:59 +0200
222
223moodle (2.7.7+dfsg-2) unstable; urgency=high
224
225  * debian/install: now installs scripts mdeploy.php and mdeploytest.php.
226  * debian/install: now installs the directory "availability", thanks Maarten
227    Horden and Oscar Diaz (Closes: #778422).
228  * debian/changelog: Add some extra information on issues fixed in entry
229    moodle (2.7.7+dfsg-1)), thanks Marina Glancy and Thijs Kinkhorst.
230  * debian/changelog: Add some extra information on CVE-2013-3630 in entry
231    moodle (2.7.5+dfsg-3), thanks Marina Glancy.
232
233 -- Joost van Baal-Ilić <joostvb@debian.org>  Tue, 17 Mar 2015 14:20:39 +0100
234
235moodle (2.7.7+dfsg-1) unstable; urgency=high
236
237  * New upstream security release, released 10 March 2015.  (Moodle 2.7.6 was
238    released 9 March 2015).  Issues fixed:
239    - MSA-15-0010: Personal contacts and number of unread messages can be
240      revealed, Reported by Barry Oosthuizen, MDL-49204, CVE-2015-2266
241    - MSA-15-0011: Authentication in mdeploy can be bypassed. Reported by
242      Frédéric Massart, MDL-49087 CVE-2015-2267
243    - MSA-15-0012: ReDoS Possible with Convert links to URLs filter. Reported by
244      Rob, MDL-38466, CVE-2015-2268
245    - MSA-15-0013: Block title not properly escaped and may cause HTML
246      injection.  Reported by Gjoko Krstic, MDL-49144, CVE-2015-2269
247    - MSA-15-0014: Potential information disclosure for the inaccessible
248      courses.  Reported by Sam Hemelryk, MDL-48804, CVE-2015-2270
249    - MSA-15-0015: User without proper permission is able to mark the tag as
250      inappropriate, Reported by Frédéric Massart, MDL-49084, CVE-2015-2271
251    - MSA-15-0016: Web services token can be created for user with temporary
252      password.  Reported by Juan Leyva, MDL-48691, CVE-2015-2272
253    - MSA-15-0017: XSS in quiz statistics report. Reported by Tim Hunt,
254      MDL-49364, CVE-2015-2273
255  * debian/changelog: enhance 2.7.2-1 entry: add note on upstream long term
256    support of this 2.7 branch.
257  * debian/TODO: add some build instructions.
258  * debian/control: more strict php-cas dependency: known to break with
259    1.3.1-4+deb7u1, known to work with 1.3.3-1.
260
261 -- Joost van Baal-Ilić <joostvb@debian.org>  Tue, 10 Mar 2015 14:12:49 +0100
262
263moodle (2.7.5+dfsg-3) unstable; urgency=high
264
265  * debian/README.Debian: add authors and dates, in order to make status more
266    clear.
267  * debian/watch: (trying to) get it working again, with revamped moodle.org
268    website.
269  * debian/changelog: add even more CVE-numbers to entry 2.7.5+dfsg-1.
270  * For the record, https://security-tracker.debian.org/tracker/CVE-2013-3630
271    will not get fixed: it's not a bug: the attack can only get launched by an
272    administrator, and administrators need to be trusted.  Sites that provide
273    shared hosting and want to prevent the Moodle admin user from being able to
274    set executable paths can also use: "$CFG->preventexecpath = true;".  See
275    also Debian bug #775842 and Moodle issue MDL-41449.
276  * Fix CVE-2014-4172 and CVE-2014-2054:
277    - debian/rules, debian/control: don't use CAS client library as shipped with
278      moodle (unchanged phpCAS 1.3.3, see upstream
279      auth/cas/CAS/moodle_readme.txt) but php-cas as shipped with Debian
280      (1.3.3-1 and 1.3.1-4+deb7u1); create symlinks /u/s/m/auth/cas/CAS/CAS.php
281      -> /usr/share/php/CAS.php and /u/s/m/auth/cas/CAS/CAS ->
282      /usr/share/php/CAS/.  This fixes CVE-2014-4172.
283    - debian/rules: remove /u/s/m/lib/phpexcel from binary package.  Remove
284      lib/phpexcel/PHPExcel/Shared/OLE* from upstream sources.  This fixes both
285      a license problem and a security problem: Although the PHP license is
286      generally agreed to be DFSG-free, using it as a license on anything that
287      isn't PHP itself makes the result non-free.  PHP OLE is licensed under the
288      PHP license.  Older versions of PHP Excel, such as the one shipped with
289      moodle, suffer from security problem CVE-2014-2054.  See also Debian Bug
290      #718585 "RFP: php-excel".  (Closes: #746594)
291    This closed Debian bug "Multiple security issues"; thanks Moritz
292    Muehlenhoff, Thijs Kinkhorst and Hubert Chathi (Closes: #775842)
293
294 -- Joost van Baal-Ilić <joostvb@debian.org>  Mon, 09 Mar 2015 12:56:41 +0100
295
296moodle (2.7.5+dfsg-2) unstable; urgency=high
297
298  * debian/README.Debian: add notes on upgrading.
299  * debian/TODO: added.
300  * debian/changelog: add CVE-number to previous entry.
301
302 -- Joost van Baal-Ilić <joostvb@debian.org>  Tue, 10 Feb 2015 14:27:09 +0000
303
304moodle (2.7.5+dfsg-1) unstable; urgency=high
305
306  * New upstream security release:
307     Moodle 2.7.5 release notes, Release date: 2 February, 2015: "A number of
308     security related issues were resolved." "Here is the
309     full list of fixed issues in 2.7.5:
310     https://tracker.moodle.org/issues/?jql=project+%3D+mdl+AND+resolution+%3D+fixed+AND+fixVersion+in+%28%222.7.5%22%29+ORDER+BY+priority+DESC"
311     Fixes include: "Preauthenticated Local File Disclosure", as reported
312     by Emiel Florijn, MDL-48980 and MDL-48990, i.e. CVE-2015-1493 (also
313     aliased as CVE-2015-0246).  See also
314     https://docs.moodle.org/dev/Moodle_2.7.5_release_notes and
315     https://moodle.org/mod/forum/discuss.php?d=279956 , published feb 10
316     2015.
317
318  * For the record: Security issues fixed in upstream Moodle 2.7.3 and 2.7.4:
319     CVE-2015-0218 (see
320     https://security-tracker.debian.org/tracker/CVE-2015-0218),
321     CVE-2015-0217, CVE-2015-0216, CVE-2015-0215, CVE-2015-0214, CVE-2015-0213,
322     CVE-2015-0212, CVE-2015-0211, CVE-2014-9059, CVE-2014-7848, CVE-2014-7847,
323     CVE-2014-7846, CVE-2014-7845, CVE-2014-7838, CVE-2014-7837, CVE-2014-7836,
324     CVE-2014-7835, CVE-2014-7834, CVE-2014-7833, CVE-2014-7832, CVE-2014-7831,
325     CVE-2014-7830, CVE-2014-3617, CVE-2014-3553, CVE-2014-3551, CVE-2014-3548,
326     CVE-2014-3547, CVE-2014-3546, CVE-2014-3545, CVE-2014-3544, CVE-2014-3543,
327     CVE-2014-3542, CVE-2014-3541.
328
329 -- Joost van Baal-Ilić <joostvb@debian.org>  Mon, 02 Feb 2015 08:38:14 +0000
330
331moodle (2.7.2+dfsg-3) experimental; urgency=medium
332
333  * Remove lib/tcpdf/include/sRGB.icc from upstream source since it does
334    not allow modification (usually known as
335    sRGB_IEC61966-2-1_black_scaled.icc).  FWIW: this file was not installed
336    by the Moodle 2.6.3 Debian package.  Thanks bastien ROUCARIES, Riley Baird
337    and Tomasz Muras. Closes: #754565
338  * Remove lib/flowplayer/flowplayer.audio-3.2.11.swf since sources missing.
339  * debian/rules: add preliminary target dfsg, with some comments.
340
341 -- Joost van Baal-Ilić <joostvb@debian.org>  Fri, 30 Jan 2015 12:48:55 +0000
342
343moodle (2.7.2-2) experimental; urgency=medium
344
345  * debian/control: remove Thijs Kinkhorst from Uploaders, on his request.
346    Thanks Thijs!
347  * debian/source/include-binaries, debian/missing-sources: Added missing
348    sources for
349    - the Flowplayer video player from Flowplayer Ltd
350      (http://flash.flowplayer.org/): flash-release_3_2_18.tar.gz for
351      flowplayer-3.2.18.swf, flash-release_3_2_16.tar.gz for
352      lib/flowplayer/flowplayer.controls-3.2.16.swf.
353      Downloaded from https://github.com/flowplayer/flash/releases.
354      See also #736800 "Sourceless flash file" and
355      https://tracker.moodle.org/browse/MDL-44093.  Thanks bastien ROUCARIES,
356      Robert Bihlmeyer and Thijs Kinkhorst.   Closes: #736800
357    - filter/tex/mimetex.linux and mimetex.freebsd
358    NB: flowplayer-3.2.18.swf, flowplayer.controls-3.2.16.swf, mimetex.linux
359    and mimetex.freebsd are not shipped with the binary Debian package.
360
361 -- Joost van Baal-Ilić <joostvb@debian.org>  Mon, 03 Nov 2014 15:03:51 +0100
362
363moodle (2.7.2-1) unstable; urgency=medium
364
365  * This is a semi-public release.
366  * New upstream release; new upstream 2.7 branch.  About this branch, upstream
367    states, at https://docs.moodle.org/dev/Releases#Moodle_2.7 : "Bug fixes for
368    general core bugs in 2.7.x will end 11 May 2015 (12 months).  Bug fixes for
369    serious security issues in 2.7.x will end 8 May 2017 (36 months)."
370  * This upstream release fixes security issues:
371    - MSA-14-0014 Cross-site request forgery possible in Assignment
372      [CVE-2014-0213]
373    - MSA-14-0015 Web service token expiry issue for MoodleMobile
374      [CVE-2014-0214]
375    - MSA-14-0016 Anonymous student identity revealed in Assignment
376      [CVE-2014-0215]
377    - MSA-14-0017 File access issue in HTML block [CVE-2014-0216]
378    - MSA-14-0018 Information leak in courses [CVE-2014-0217]
379    - MSA-14-0019 Reflected XSS in URL downloader repository [CVE-2014-0218]
380    (See https://docs.moodle.org/dev/Moodle_2.7_release_notes#Security_issues)
381  * debian/rules: remove extra license file
382    lib/editor/atto/yui/src/rangy/js/license.txt.
383  * debian/copyright: add MIT license, for Rangy library for the Atto editor.
384  * debian/moodle.lintian-overrides: add embedded-php-library
385    lib/markdown/Markdown.php: we can't use Debian's libmarkdown-php due to
386    incompatibilities.
387  * debian/moodle.lintian-overrides: add embedded-php-library
388    lib/simplepie/library/SimplePie.php: we can't use Debian's libphp-simplepie
389    due to incompatibilities.
390  * debian/moodle.lintian-overrides: add embedded-php-library
391    lib/yuilib/3.15.0/yui/yui-min.js: we can't use Debian's libjs-yui
392    due to incompatibilities.
393  * debian/moodle.lintian-overrides, debian/source/lintian-overrides: change
394    lines like "moodle: embedded-javascript-library
395    lib/editor/tinymce/tiny_mce/3.5.8/tiny_mce.js" in "moodle source:
396    source-is-missing
397    lib/editor/tinymce/tiny_mce/3.5.10/plugins/advimage/langs/en_dlg.js":
398    Moodle _does_ ship (modified) sources.
399  * debian/rules, debian/control: don't use TCPDF library as shipped with
400    moodle (tcpdf_php5 TCPDF 5.9.133 MDL-29283, see
401    lib/tcpdf/readme_moodle.txt), but php-tcpdf as shipped with
402    Debian (6.0.048+dfsg-2~bpo70+1 in wheezy-backports, 6.0.093+dfsg-1 in
403    jessie): create symlink /usr/share/moodle/lib/tcpdf -> /usr/share/php/tcpdf.
404    NB: the file lib/tcpdf/include/sRGB.icc does not allow modification.
405  * debian/source/lintian-overrides: Moodle _does_ ship source of files
406    lib/yuilib/3.15.0/datatype-date-format/lang/datatype-date-format* and other
407    3.15.0 and 2in3/2.9.0/build files.
408  * debian/source/lintian-overrides: Moodle _does_ ship source of file
409    AMFTester.swf in amf/testclient/AMFTester.mxml.
410  * debian/rules: do not install the Flowplayer video player from Flowplayer
411    Ltd (http://flash.flowplayer.org/): source is missing.
412  * debian/docs: remove tags.txt: only relevant for developers.
413  * debian/control: add myself to uploaders.
414  * debian/control: checked for policy 3.9.6, no changes necessary.
415
416 -- Joost van Baal-Ilić <joostvb@debian.org>  Tue, 28 Oct 2014 09:44:46 +0100
417
418moodle (2.6.3-1) unstable; urgency=medium
419
420  * New upstream release.
421
422 -- Thijs Kinkhorst <thijs@debian.org>  Mon, 12 May 2014 16:10:38 +0200
423
424moodle (2.6.2-1) unstable; urgency=medium
425
426  * New upstream release.
427
428 -- Thijs Kinkhorst <thijs@debian.org>  Wed, 12 Mar 2014 18:17:07 +0100
429
430moodle (2.6.1-1) unstable; urgency=low
431
432  * New upstream release.
433  * Do install tcpdf lib, which is now required by core Moodle.
434
435 -- Thijs Kinkhorst <thijs@debian.org>  Wed, 12 Feb 2014 15:49:12 +0100
436
437moodle (2.5.4-1) unstable; urgency=medium
438
439  * New upstream release, fixing security issues:
440    - MSA-14-0001 Config passwords visibility issue [CVE-2014-0008]
441    - MSA-14-0002 Group constraints lacking in "login as" [CVE-2014-0009]
442    - MSA-14-0003 CSRF vulnerability in profile fields [CVE-2014-0010]
443  * Move /var/lib/moodle directory into package.
444  * Revert back to bundled yui3. Unfortunately, version in Debian and
445    of upstream are not compatible (closes: #735312).
446
447 -- Thijs Kinkhorst <thijs@debian.org>  Tue, 21 Jan 2014 13:40:52 +0100
448
449moodle (2.5.3-3) unstable; urgency=medium
450
451  * Drop unused libjs-yui dependency (closes: #730104).
452  * Replace bundled yui3 with dependency on packaged libjs-yui3-min.
453  * Add virtual-mysql-{server,client} dependency alternatives
454    (closes: #732895).
455  * Change owner of config.php from www-data to root.
456  * Checked for policy 3.9.5, no changes necessary.
457
458 -- Thijs Kinkhorst <thijs@debian.org>  Fri, 03 Jan 2014 11:44:05 +0100
459
460moodle (2.5.3-2) unstable; urgency=medium
461
462  * Fix syntax error in generated config.php.
463
464 -- Thijs Kinkhorst <thijs@debian.org>  Fri, 29 Nov 2013 09:17:29 +0100
465
466moodle (2.5.3-1) unstable; urgency=low
467
468  * New upstream version: 2.5.3.
469    - Incorporates CAS security patch.
470    - Fixes security issues CVE-2013-4522, CVE-2013-4523,
471      CVE-2013-4524, CVE-2013-4525, CVE-2013-6780.
472
473 -- Thijs Kinkhorst <thijs@debian.org>  Fri, 22 Nov 2013 14:09:51 +0100
474
475moodle (2.5.2-1) unstable; urgency=medium
476
477  * New upstream version: 2.5.2.
478    - Incorporates S3 security patch.
479
480 -- Thijs Kinkhorst <thijs@debian.org>  Mon, 09 Sep 2013 15:22:35 +0200
481
482moodle (2.5.1-2) unstable; urgency=low
483
484  * Update debconf translation for
485    Swedish, thanks Martin Bagge (closes: #717323);
486    Italian, thanks Beatrice Torracca (closes: #717162);
487    French, thanks Julien Patriarca (closes: #717548);
488    Czech, thanks Michal Simunek (closes: #717550).
489  * Add Breaks/Replaces moodle-book; integrated since Moodle 2.3.
490
491 -- Thijs Kinkhorst <thijs@debian.org>  Sun, 04 Aug 2013 17:30:38 +0200
492
493moodle (2.5.1-1) unstable; urgency=low
494
495  * New upstream version: 2.5.1.
496    - Fixes security issues:
497      CVE-2013-2242 CVE-2013-2243 CVE-2013-2244 CVE-2013-2245
498      CVE-2013-2246
499  * Depend on apache2 instead of obsolete apache2-mpm-prefork.
500  * Use packaged libphp-phpmailer (closes: #429339), adodb,
501    HTMLPurifier, PclZip.
502  * Update debconf translations, thanks Salvatore Merone, Pietro Tollot,
503    Joe Hansen, Yuri Kozlov, Holger Wansing, Américo Monteiro,
504    Adriano Rafael Gomes, victory, Michał Kułach.
505    (closes: #716972, #716986, #717080, #717108, #717278)
506
507 -- Thijs Kinkhorst <thijs@debian.org>  Fri, 19 Jul 2013 08:52:46 +0200
508
509moodle (2.5-1) unstable; urgency=low
510
511  * New upstream version: 2.5.
512    - Removed problematically licenced JSON code (closes: #692626).
513    - Fixes security issues:
514      CVE-2012-3363, CVE-2012-6098, CVE-2012-6099, CVE-2012-6100,
515      CVE-2012-6101, CVE-2012-6103, CVE-2012-6104, CVE-2012-6105,
516      CVE-2012-6112, CVE-2013-1829, CVE-2013-1830, CVE-2013-1831,
517      CVE-2013-1832, CVE-2013-1833, CVE-2013-1834, CVE-2013-1835,
518      CVE-2013-1836, CVE-2013-2080, CVE-2013-2081, CVE-2013-2082,
519      CVE-2013-2083 (closes: #702387, #703870).
520  * FLV player removed, no need to repack source tarball.
521  * Checked for policy 3.9.4, no changes. Updated to debhelper 8.
522  * Use xz compression for binary packages.
523
524 -- Thijs Kinkhorst <thijs@debian.org>  Fri, 28 Jun 2013 15:35:53 +0200
525
526moodle (2.2.7.dfsg-1) unstable; urgency=low
527
528  * New upstream version: 2.2.7+ (Build: 20130125)
529
530  * Fix possible security issue for curl in 3rd party libraries:
531    * phpCAS (CVE-2012-5583)
532    * amazon-s3-php-class (CVE-2012-6087)
533
534 -- Tomasz Muras <nexor1984@gmail.com>  Mon, 28 Jan 2013 17:43:26 +0100
535
536moodle (2.2.6.dfsg-1) unstable; urgency=low
537
538  * New upstream version: 2.2.6 (Build: 20121112)
539
540 -- Tomasz Muras <nexor1984@gmail.com>  Thu, 15 Nov 2012 21:50:13 +0100
541
542moodle (2.2.3.dfsg-2.6) unstable; urgency=low
543
544  * Non-maintainer upload.
545
546  * Backport multiple security issues from upstream's MOODLE_22_STABLE
547    branch.
548    - MSA-12-0057: MDL-29872 - Access issue through repository
549      Fixes CVE-2012-5471
550    - MSA-12-0058: MDL-32785 - Possible form data manipulation issue
551      Fixes CVE-2012-5472
552    - MSA-12-0059: MDL-34448 - Information leak in Database activity module
553      Fixes CVE-2012-5473
554    - MSA-12-0061: MDL-33791 - Remote code execution through Portfolio API
555      Fixes CVE-2012-5479
556    - MSA-12-0062: MDL-35558 - Information leak in Database activity module
557      Fixes CVE-2012-5480
558
559 -- Didier Raboud <odyx@debian.org>  Mon, 12 Nov 2012 10:00:00 +0100
560
561moodle (2.2.3.dfsg-2.5) unstable; urgency=low
562
563  * Non-maintainer brown-paper bag upload.
564
565  * Fix the preinst shell syntax to properly drop the left-over symlink
566    in favour of the shipped directory. (Closes: #689506 fo real now)
567
568 -- Didier Raboud <odyx@debian.org>  Wed, 31 Oct 2012 08:25:55 +0100
569
570moodle (2.2.3.dfsg-2.4) unstable; urgency=low
571
572  * Non-maintainer upload.
573
574  * Drop a left-over symlink in favour of the shipped directory.
575   (Closes: #689506)
576
577 -- Didier Raboud <odyx@debian.org>  Sun, 28 Oct 2012 15:01:09 +0100
578
579moodle (2.2.3.dfsg-2.3) unstable; urgency=low
580
581  * Non-maintainer upload.
582
583  * Backport multiple security issues from upstream's MOODLE_22_STABLE
584    branch. (Closes: #687924)
585    - MSA-12-0051: MDL-30792 - File upload size constraint issue
586      Fixes CVE-2012-4400
587    - MSA-12-0052: MDL-28207 - Course topics permission issue
588      Fixes CVE-2012-4401
589    - MSA-12-0053: MDL-34585 - Blog file access issue
590      Fixes CVE-2012-4407
591    - MSA-12-0054: MDL-34519 - Course reset permission issue
592      Fixes CVE-2012-4408
593    - MSA-12-0055: MDL-34368 - Web service access token issue
594      Fixes CVE-2012-4402
595
596 -- Didier Raboud <odyx@debian.org>  Fri, 28 Sep 2012 12:52:21 +0200
597
598moodle (2.2.3.dfsg-2.2) unstable; urgency=low
599
600  * Non-maintainer upload.
601
602  * Backport multiple security issues from upstream's MOODLE_22_STABLE
603    branch. (Closes: #682203)
604    - MDL-31692 mod_lti - ensure that various mforms are used properly
605      Fixes CVE-2012-3389
606    - MDL-33916 Ensure that capabilities are checked for cached user
607      enrolments
608      Fixes CVE-2012-3388
609
610 -- Didier Raboud <odyx@debian.org>  Mon, 23 Jul 2012 19:13:56 +0200
611
612moodle (2.2.3.dfsg-2.1) unstable; urgency=low
613
614  * Non-maintainer upload.
615
616  * Backport multiple security issues from upstream's MOODLE_22_STABLE
617    branch (Closes: #682203)
618    - MDL-33808 - format title on the repository instance screen
619    - MDL-33808 - incorrect cleaning of repository names
620      Both patches fix CVE-2012-3393.
621    - MDL-23254 Authentication : used httpswwwroot as root url during
622      authentication procedure where $PAGE->https_required() is
623      specified.
624      Fix CVE-2012-3394
625    - MDL-27675 - Feedback module abuses data_submitted
626      Fix CVE-2012-3395
627    - MDL-34045 fix invalid idnumber field type in cohort form
628      Fix CVE-2012-3396
629    - MDL-33466: Group restriction should hide activity even with 'show
630      availability' option
631      Fix CVE-2012-3397
632
633 -- Didier Raboud <odyx@debian.org>  Fri, 20 Jul 2012 19:52:07 +0200
634
635moodle (2.2.3.dfsg-2) unstable; urgency=low
636
637  *  Don't depend on ucf during purge (closes: #678027)
638
639 -- Tomasz Muras <nexor1984@gmail.com>  Thu, 21 Jun 2012 17:31:35 +0200
640
641moodle (2.2.3.dfsg-1) unstable; urgency=high
642
643  *  New upstream version: 2.2.3+ (Build: 20120615)
644     closes: #674163
645
646 -- Tomasz Muras <nexor1984@gmail.com>  Sat, 16 Jun 2012 21:39:12 +0200
647
648moodle (2.2.2.dfsg-2) unstable; urgency=low
649
650  * Fix path to cron (closes: #669229)
651
652 -- Tomasz Muras <nexor1984@gmail.com>  Wed, 18 Apr 2012 19:34:35 +0200
653
654moodle (2.2.2.dfsg-1) unstable; urgency=low
655
656  * New upstream version: 2.2.2+ (Build: 20120412)
657    closes: #658865,#664260,#647489,#443949,#441013,#505044,#375290
658  * Updated Standards-Versions to 3.9.3
659  * Removing Dan from maintainers (thanks for all your work Dan!)
660
661 -- Tomasz Muras <nexor1984@gmail.com>  Sun, 15 Apr 2012 13:50:52 -0400
662
663moodle (1.9.9.dfsg2-6) unstable; urgency=high
664
665  * Backporting security fixes from Moodle 1.9.17
666     - MSA-12-00013 DB activtity export does not respect groups
667         (CVE-2012-1155, closes: #668411)
668
669 -- Tomasz Muras <nexor1984@gmail.com>  Thu, 12 Apr 2012 21:55:48 +0100
670
671moodle (1.9.9.dfsg2-5.1) unstable; urgency=low
672
673  * Non-maintainer upload.
674  * Fix pending l10n issues. Debconf translations:
675    - Danish (Joe Hansen).  Closes: #658747
676    - Dutch; (Jeroen Schot).  Closes: #660243
677    - Brazilian Portuguese (Adriano Rafael Gomes).  Closes: #668092
678    - Italian (Beatrice Torracca).  Closes: #668161
679
680 -- Christian Perrier <bubulle@debian.org>  Tue, 10 Apr 2012 07:36:58 +0200
681
682moodle (1.9.9.dfsg2-5) unstable; urgency=high
683
684  * Backporting security fixes from Moodle 1.9.15 and 1.9.16
685    (closes: #652235)
686     - MSA-11-0054 Personal information leak
687     - MSA-11-0045 Potential to masquerade through MNet (CVE-2011-4584)
688     - MSA-11-0046 Insecure authentication transmission (CVE-2011-4585)
689     - MSA-11-0047 Possible injection attack in Calendar (CVE-2011-4586)
690     - MSA-11-0048 Password loss issue (CVE-2011-4587)
691     - MSA-11-0049 Network restriction ineffective with MNet (CVE-2011-4588)
692     - MSA-12-0007 Email injection prevention (CVE-2012-0796)
693     - MSA-12-0006 Additional email address validation (CVE-2012-0795)
694     - MSA-12-0005 Encryption enhancement (CVE-2012-0794)
695     - MSA-12-0004 Added profile image security (CVE-2012-0793)
696     - MSA-12-0003 Added password protection
697     - MSA-12-0002 Personal information leak, previously MSA-11-0040
698       (CVE-2011-4308 and CVE-2012-0792)
699     - MSA-12-0001 Recaptcha transmission consistency issue
700
701 -- Tomasz Muras <nexor1984@gmail.com>  Mon, 27 Feb 2012 21:14:48 +0000
702
703moodle (1.9.9.dfsg2-4) unstable; urgency=high
704
705  * Backporting security fixes from Moodle 1.9.13 and 1.9.14
706      - MSA-11-0026 Fields in user upload CSV not being escaped (MDL-28360)
707      - MSA-11-0025 Group names in user upload CSV not being escaped (MDL-28197)
708      - MSA-11-0024 Recaptcha images were being authenticated
709          from an older server (MDL-27889) (closes: #638935)
710      - MSA-11-0020 Continue links in error messages can lead offsite (MDL-27464)
711      - MSA-11-0038 Database injection protection strengthened (MDL-29033)
712      - MSA-11-0037 Course section editing injection vulnerability (MDL-28722)
713      - MSA-11-0036 Messaging refresh vulnerability (MDL-29311)
714      - MSA-11-0032 MNET SSL validation issue (MDL-29148)
715      - MSA-11-0031 Forms API constant issue (MDL-23872)
716  * Make sure that smarty & yui symlinks are correct (closes: 603255,614712)
717
718 -- Tomasz Muras <nexor1984@gmail.com>  Fri, 28 Oct 2011 13:29:14 +0100
719
720moodle (1.9.9.dfsg2-3) unstable; urgency=high
721
722  * Backporting security fixes from Moodle 1.9.11 and 1.9.12
723      - MSA-11-0002 Cross-site request forgery vulnerability in RSS block (MDL-18839)
724      - MSA-11-0003 Cross-site scripting vulnerability in tag autocomplete (MDL-25754)
725      - MSA-11-0008 IMS enterprise enrolment file may disclose sensitive information (MDL-26189)
726      - MSA-11-0011 Multiple cross-site scripting problems in media filter (MDL-26030)
727      - MSA-11-0015 Cross Site Scripting through URL encoding (MDL-26966)
728      - MSA-11-0013 Group/Quiz permissions issue (MDL-25122)
729
730 -- Tomasz Muras <nexor1984@gmail.com>  Wed, 18 May 2011 20:57:59 +0100
731
732moodle (1.9.9.dfsg2-2.1) unstable; urgency=low
733
734  * Non-maintainer upload.
735  * Fix encoding of Swedish debconf translation.
736
737 -- Christian Perrier <bubulle@debian.org>  Tue, 11 Jan 2011 22:03:44 +0100
738
739moodle (1.9.9.dfsg2-2) unstable; urgency=low
740
741  * Added Romanian translation
742  * Updated Japanese translation (closes: #596820)
743  * Backporting security fixes from Moodle 1.9.10 (closes: #601384)
744     - Updated embedded CAS to 1.1.3
745     - Added patch for MDL-24523:
746       clean_text() not filtering text in markdown format
747     - Added patch for MDL-24810 and upgraded customized HTML Purifier to 4.2.0
748     - Added patch for MDL-24258:
749       students can delete their forum posts later than $CFG->maxeditingtime
750       under certain conditions
751     - Added patch for MDL-23377:
752       Can't delete quiz attempts in course without enrolled students
753
754 -- Tomasz Muras <nexor1984@gmail.com>  Sat, 30 Oct 2010 12:19:28 +0100
755
756moodle (1.9.9.dfsg2-1) unstable; urgency=low
757
758  * Enable HTML purifier by default
759  * Added Janapenese translation (closes: #593808)
760  * Removed from source swf files without a source code
761    and added README.source
762  * Updated bundled HTML purifier library - fix for
763    CVE-2010-2479 (closes: #593301)
764
765 -- Tomasz Muras <nexor1984@gmail.com>  Tue, 24 Aug 2010 20:35:29 +0100
766
767moodle (1.9.9.dfsg-1) unstable; urgency=low
768
769  [ Jonathan Wiltshire ]
770  * Debconf templates and debian/control reviewed by the debian-l10n-
771    english team as part of the Smith review project. Closes: #588871
772  * Debconf translation updates:
773     - Russian (closes: #589247)
774     - Czech (closes: #589265)
775     - Swedish (closes: #589270)
776     - French (closes: #589510)
777     - German (closes: #590120)
778     - Spanish (closes: #590449)
779     - Portugese (closes: #590556)
780
781  [ Tomasz Muras ]
782  * New debconf translation - Polish
783  * Removed .swf files as non-free (closes: #591201)
784  * Fixed generation of config.php for postgres (thanks Giles Westwood)
785
786 -- Tomasz Muras <nexor1984@gmail.com>  Sun, 15 Aug 2010 21:19:10 +0100
787
788moodle (1.9.9-2) unstable; urgency=low
789
790  * Fixed JS includes for YUI library (closes: #589612)
791  * Bumped standards version to 3.9.0
792  * Moved BSD licenses into copyright (fixes lintian warning)
793  * Setting DM-Upload-Allowed as agreed with Xavier Oswald <xoswald@debian.org>
794
795 -- Tomasz Muras <nexor1984@gmail.com>  Thu, 22 Jul 2010 23:23:22 +0100
796
797moodle (1.9.9-1) unstable; urgency=low
798
799  * Rewritten debian/rules
800  * Removed unnecessary usr/share/moodle/update-notifier
801  * New Upstream Version: 1.9.9
802  * New upstream fixes CVE-2010-1619 (closes: #585425)
803  * New upstream fixes MSA-10-0011 (closes: #586280)
804
805 -- Tomasz Muras <nexor1984@gmail.com>  Wed, 23 Jun 2010 21:00:39 +0100
806
807moodle (1.9.8-1) unstable; urgency=low
808
809  [Tomasz Muras]
810  * New Maintainer (closes: #581229, #574969).
811  * New Upstream Version (closes: #475535).
812  * Added information about flvplayer to copyright (closes: #526543).
813  * phpCAS XSS vulnerability fixed in mainstream Moodle 1.9.8 (closes: #574757).
814  * Several security issues fixed in upstream (closes: #576189).
815  * Moodle depends on postgresql or MySQL (closes: #551399).
816  * Re-written to use dbconfig-common (closes: #302205).
817  * Updated copyright with two new entires (closes: #526543).
818  * Drop use of wwwconfig (closes: #389502).
819  * Package is now not creating Apache config automatically (closes: #555672).
820    It's up to the user to configure the webserver but package provides the
821    templates.
822  * Added "allow from localhost" (closes: #551402).
823  * Asking for wwwroot during the installation (closes: #302207).
824  * Removing nusoap as it's not necessary for PHP 5 (closes: #529573).
825
826  [Xavier Oswald]
827  * Add myself as uploader.
828  * Bump Stadards-Version to 3.8.4.
829  * debian/copyright: update with DEP-5 format proposal.
830  * Switch to dpkg-source 3.0 (quilt) format
831
832  [Francois Marier]
833  * Bump debhelper compatibility to 7
834  * Add a watch file
835  * debian/control (dependencies)
836    - Depend on libjs-yui instead of yui (renamed after lenny)
837    - Add dependency on unzip
838    - Recommend php5-xmlrpc and aspell
839    - Suggest clamav
840    - Demoted mimetex to recommended
841  * Turn 'dbpersist' on by default in the generated config.php
842  * Include whitespace warning at the end of generated config.php
843  * Set the path to du, unzip and zip
844  * Fix a warning with E_STRICT is turned on
845
846 -- Xavier Oswald <xoswald@debian.org>  Sun, 20 Jun 2010 16:02:14 +0200
847
848moodle (1.8.2.dfsg-4) unstable; urgency=high
849
850  * Improve the fix for log URL filtering as suggested by Steffen Joeris
851    (MSA-09-0007 / CVE-2009-0500)
852  * Backport upstream fix for calendar export leakage
853    (MSA-09-0006 / CVE-2009-0501)
854
855 -- Francois Marier <francois@debian.org>  Thu, 12 Feb 2009 17:27:07 +1300
856
857moodle (1.8.2.dfsg-3) unstable; urgency=high
858
859  * Delete unused (but vulnerable) Spellchecker plugin to htmlarea
860    (MSA-09-0005, CVE-2008-5153)
861  * Hide images of deleted users (MSA-09-0001)
862  * Fix user pix disclosure (MSA-09-0002)
863  * Fix XSS vulnerabilities in HTML blocks (MSA-09-0004)
864  * Fix XSS vulnerabilities in logs (MSA-09-0007)
865  * Fix CSRF vulnerability in forum code (MSA-09-0008)
866
867 -- Francois Marier <francois@debian.org>  Mon, 02 Feb 2009 19:09:10 +1300
868
869moodle (1.8.2.dfsg-2) unstable; urgency=high
870
871  [ Dan Poltawski ]
872  * Patch SQL injection bug in hotpot module (MSA-08-0010)
873  * Fix XSS bug in logged urls (MDL-11414)
874  * Fix XSS bug in install script (MSA-08-0004)
875  * Fix insufficient access control in Login as feature (MSA-08-0003)
876  * Profiles of deleted users were accessible allowing for spam (MSA-08-0015)
877  * Deficincy in text cleaning functions allowed for XSS (MSA-08-0021)
878  * Fix CSRF in messaging settings (MSA-08-0023)
879  * Fix anonymous group creation and html injection (MDL-11759)
880  * Fix SQL injection bug in mnet (MDL-9288)
881  * Fix SQL injection bug in restore (MDL-11857)
882  * Insufficient cleaning of essay questions (MDL-12079)
883  * Fix insufficient cleaning of PARAM_HOST (MDL-12793)
884  * Fix XSS bug in logged urls (MDL-11414)
885  * Fix uncleaned params in wiki (MDL-14806)
886
887  [ Francois Marier ]
888  * Update html2text to prevent code execution attacks (closes: #508909)
889
890 -- Francois Marier <francois@debian.org>  Wed, 17 Dec 2008 13:37:10 +1300
891
892moodle (1.8.2.dfsg-1) unstable; urgency=high
893
894  * Replace html2text with a GPL alternative (closes: #507947)
895  * Fix XSS in the wiki module (CVE-2008-5432, closes: #508593)
896  * Add Dan Poltawski to the uploaders field
897
898 -- Francois Marier <francois@debian.org>  Tue, 16 Dec 2008 20:24:27 +1300
899
900moodle (1.8.2-2) unstable; urgency=high
901
902  * Adopt orphaned package (closes: #494642)
903  * Acknowledge security NMU (closes: #489533, #432264)
904  * Add Vcs-* fields to debian/control
905
906  Release-critical and security bugs:
907 
908  * Depend on smarty instead of using the embedded copy that is shipped
909    with Moodle (closes: #471158, #488525, #504345)
910  * Patch security bug in the embedded (and customised) copy of phpmailer
911    (CVE-2007-3215, closes: #429339, #429190)
912  * Patch cross-site scripting bug (CVE-2008-3326, closes: #492492)
913  * Patch snoopy input sanitising (CVE-2008-4796, closes: #504235)
914  * Upgrade to new LGPL version of domxml-php4-to-php5 (closes: #496069)
915
916  Trivial bug fixes:
917
918  * Depend on zip (closes: #408995)
919  * Add mysql-client as an alternative to postgresql-client
920    (closes: #417554, #469094)
921  * Recommend php5-ldap (closes: #425839)
922  * Delete unnecessary script with bashisms (closes: #489634)
923
924  Lintian warnings:
925
926  * Bump Standards-Version to 3.8.0
927  * Add homepage field to debian/control
928  * Remove cvsignore file
929  * Remove extra license file
930  * Depend on yui instead of using an embedded copy
931
932 -- Francois Marier <francois@debian.org>  Fri, 07 Nov 2008 08:24:28 +1300
933
934moodle (1.8.2-1.3) unstable; urgency=high
935
936  * Non-maintainer upload by the Security Team.
937  * Fix broken HTML filtering which could be used to perform XSS attacks,
938    bypass restrictions or possibly execute arbitrary code
939    (CVE-2008-1502; Closes: #489533).
940
941 -- Nico Golde <nion@debian.org>  Sun, 20 Jul 2008 18:07:55 +0200
942
943moodle (1.8.2-1.2ubuntu2) intrepid; urgency=low
944
945  * SECURITY UPDATE: arbitrary code execution via multiple vectors.
946    - Add CVE-2008-1502.dpatch: upstream KSES lib fixes, thanks to Nico Golde.
947
948 -- Kees Cook <kees@ubuntu.com>  Wed, 22 Oct 2008 14:01:33 -0700
949
950moodle (1.8.2-1.2ubuntu1) intrepid; urgency=low
951
952  * Merge from debian unstable, remaining changes:
953    - Suggest php5-ldap
954    - Modify Maintainer value to match Debian-Maintainer-Field Spec
955    - debian/postinst ucf fixes
956    - drop use of wwwconfig (database code in postinst stolen from mythtv)
957
958 -- Oliver Grawert <ogra@ubuntu.com>  Thu, 01 May 2008 02:19:09 +0100
959
960moodle (1.8.2-1.2) unstable; urgency=low
961
962  * Non-maintainer upload to fix pending l10n issues.
963  * Debconf translations:
964    - Japanese. Closes: #413105
965    - Spanish. Closes: #413779
966    - German. Closes: #415888
967    - Dutch. Closes: #425711
968    - Slovak. Closes: #437511
969    - Brazilian Portuguese. Closes: #437680
970    - Finnish. Closes: #468212
971    - Basque. Closes: #470362
972    - Galician. Closes: #470430
973    - Vietnamese. Closes: #470602
974    - Russian. Closes: #470790
975  * [Lintian] Fix format of NEWS.Debian
976  * [Lintian] Move debconf dependency to Pre-Depends as it is used
977    in the preinst script
978
979 -- Christian Perrier <bubulle@debian.org>  Fri, 14 Mar 2008 07:33:53 +0100
980
981moodle (1.8.2-1.1) unstable; urgency=low
982
983  * Non-maintainer upload from the Zurich BSP
984  * Added dependency on postgresql-client (Closes: #431589)
985
986 -- Tobias Klauser <tklauser@access.unizh.ch>  Sat, 12 Jan 2008 17:04:03 +0100
987
988moodle (1.8.2-1ubuntu4) hardy; urgency=low
989
990  * debian/postinst: ... except we should explicitly pass --debconf-ok
991    to ucf, for compatibility with older versions.
992
993 -- Steve Langasek <steve.langasek@ubuntu.com>  Fri, 28 Mar 2008 01:16:24 +0000
994
995moodle (1.8.2-1ubuntu3) hardy; urgency=low
996
997  * debian/postinst: Only call db_stop after ucf has been run in
998    handle_config(), since ucf itself uses debconf; and drop the
999    "exec 0<&1" workaround which no longer matters. LP: #203844
1000
1001 -- Steve Langasek <steve.langasek@ubuntu.com>  Fri, 28 Mar 2008 00:37:00 +0000
1002
1003moodle (1.8.2-1ubuntu2) gutsy; urgency=low
1004
1005  * Package changed to avoid use of wwwconfig; borrowed database setup code
1006    from Ubuntu mythtv package.
1007
1008 -- Matt Oquist <moquist@majen.net>  Sat, 28 Jul 2007 16:14:18 +0200
1009
1010moodle (1.8.2-1ubuntu1) gutsy; urgency=low
1011
1012  * Merge from Debian unstable. Remaining Ubuntu changes:
1013    - Depends on postgresql-client
1014    - Suggest php5-ldap
1015    - Modify Maintainer value to match Debian-Maintainer-Field Spec
1016
1017 -- Vincent Legout <bixente44@gmail.com>  Tue, 17 Jul 2007 16:14:18 +0200
1018
1019moodle (1.8.2-1) unstable; urgency=low
1020
1021  * New upstream release, fixes security bug, closes: #432264
1022
1023 -- Isaac Clerencia <isaac@debian.org>  Mon, 09 Jul 2007 00:24:17 +0200
1024
1025moodle (1.8.1-1ubuntu1) gutsy; urgency=low
1026
1027  * Merge from debian unstable, remaining changes:
1028    - Depends on postgresql-client
1029    - Suggest php5-ldap
1030    - Set apache2 as default in debian/templates
1031    - Update Maintainer field in debian/control
1032
1033 -- Luca Falavigna <dktrkranz@ubuntu.com>  Fri, 15 Jun 2007 23:33:55 +0100
1034
1035moodle (1.8.1-1) unstable; urgency=low
1036
1037  * New upstream release
1038  * Add php5-curl | php4-curl dependency for the new network features
1039  * No longer depend on php4 and apache 1
1040
1041 -- Isaac Clerencia <isaac@debian.org>  Fri, 15 Jun 2007 14:12:43 +0200
1042
1043moodle (1.7.2-1ubuntu2) gutsy; urgency=low
1044
1045  * Switch back to postgresql-client and postgresql (LP: 110054)
1046  * Suggest php5-ldap (LP: 107713)
1047
1048 -- Luca Falavigna <dktrkranz@ubuntu.com>  Sun, 10 Jun 2007 23:56:16 +0200
1049
1050moodle (1.7.2-1ubuntu1) gutsy; urgency=low
1051
1052  * Merge from Debian unstable. Remaining Ubuntu changes:
1053    + debian/control:
1054      - php5 by default.
1055      - Add postgresql-client-8.1 to Depends.
1056      - Update Recommends alternate to postgresql-8.1.
1057    + debian/templates: Ensure the default corresponds to the install-
1058      time dependencies (apache2).
1059  * Modify Maintainer value to match Debian-Maintainer-Field Spec
1060
1061 -- Arthur Loiret <freacky22527@free.fr>  Sun,  3 Jun 2007 20:53:01 +0200
1062
1063moodle (1.7.2-1) unstable; urgency=low
1064
1065  * New upstream release
1066
1067 -- Isaac Clerencia <isaac@debian.org>  Fri, 01 Jun 2007 12:54:59 +0200
1068
1069moodle (1.7.1-1) experimental; urgency=low
1070
1071  * New upstream release
1072
1073 -- Isaac Clerencia <isaac@debian.org>  Wed, 24 Jan 2007 14:21:34 +0100
1074
1075moodle (1.7+20061215-1) experimental; urgency=low
1076
1077  * New upstream release
1078
1079 -- Isaac Clerencia <isaac@debian.org>  Fri, 15 Dec 2006 13:39:14 +0100
1080
1081moodle (1.6.3-2ubuntu1) feisty; urgency=low
1082
1083  * Merge from debian unstable, remaining changes:
1084    - debian/control:
1085      + php5 by default.
1086      + Add postgresql-client-8.1 to Depends.
1087      + Update Recommends alternate to postgresql-8.1.
1088    - debian/templates: Ensure the default corresponds to the install-
1089      time dependencies (apache2).
1090
1091 -- Kees Cook <kees@ubuntu.com>  Mon, 18 Dec 2006 12:28:27 -0800
1092
1093moodle (1.6.3-2) unstable; urgency=high
1094
1095  * Urgency high as it fixes a security bug and should enter Etch ASAP
1096  * Fix security bug in the forum module (discuss.php)
1097
1098 -- Isaac Clerencia <isaac@debian.org>  Thu, 14 Dec 2006 14:14:27 +0100
1099
1100moodle (1.6.3-1ubuntu1) feisty; urgency=low
1101
1102  * Merge from debian unstable.  Remaining Ubuntu changes:
1103    - debian/control:
1104      + php5 by default.
1105      + Add postgresql-client-8.1 to Depends.
1106      + Update Recommends alternate to postgresql-8.1.
1107    - debian/templates: Ensure the default corresponds to the install-
1108      time dependencies (apache2).
1109
1110 -- Kees Cook <kees@ubuntu.com>  Wed, 29 Nov 2006 16:08:37 -0800
1111
1112moodle (1.6.3-1) unstable; urgency=low
1113
1114  * New upstream release
1115
1116 -- Isaac Clerencia <isaac@debian.org>  Thu, 19 Oct 2006 11:37:40 +0200
1117
1118moodle (1.6.2+20060930-1) unstable; urgency=high
1119
1120  * Urgency high because it fixes a critical security hole
1121  * New upstream release, closes: #390294, critical security hole
1122  * Notify the user if the selected server isn't installed, select apache2
1123    by default instead of apache, closes: #389806
1124  * Add a configuration section for php5 in apache.conf, closes: #387609
1125
1126 -- Isaac Clerencia <isaac@debian.org>  Sat, 30 Sep 2006 12:14:29 +0100
1127
1128moodle (1.6.2-1ubuntu1.1) edgy; urgency=low
1129
1130  * SECURITY UPDATE: SQL injection vulnerability
1131  * Add '01_sql-injection-fix.dpatch': Correctly escape tag options.
1132  * References:
1133    CVE-2006-5219
1134    http://cvs.moodle.com/blog/index.php?r1=1.18.2.2&r2=1.18.2.3
1135
1136 -- Kees Cook <kees@ubuntu.com>  Wed, 11 Oct 2006 15:25:15 -0700
1137
1138moodle (1.6.2-1ubuntu1) edgy; urgency=low
1139
1140  * Merge from Debian unstable. The following Ubuntu changes remain:
1141    - debian/control:
1142      + Apply patch from Ubuntu #59472 to use php5
1143        (Closes Ubuntu: #59472),
1144      + Add postgresql-client-8.1 to Depends (Closes Ubuntu: #51813),
1145      + Update Recommends alternate to postgresql-8.1,
1146    - debian/templates: Ensure the default corresponds to the install-
1147      time dependencies (apache2) so we can avoid the mess that was
1148      worked around in dapper-security.
1149
1150 -- Daniel T Chen <crimsun@ubuntu.com>  Sat, 23 Sep 2006 22:26:13 -0400
1151
1152moodle (1.6.2-1) unstable; urgency=low
1153
1154  * New upstream release, closes: #387177
1155  * Debconf translation updates/additions:
1156    * Czech, closes: #371834
1157    * French, closes: 372713
1158    * Portuguese, closes: #381194
1159  * Install config-dist.php in the documentation directory, closes: #386476
1160
1161 -- Isaac Clerencia <isaac@debian.org>  Tue, 12 Sep 2006 22:06:34 +0200
1162
1163moodle (1.6.1+20060825-1) unstable; urgency=low
1164
1165  * New upstream release
1166  * Moodle neither uses nor plans to use ADODB_Pager, so it's not affected by
1167    #360396, but include patch for it anyway, just in case somebody decides to
1168    use it out of the blue
1169
1170 -- Isaac Clerencia <isaac@debian.org>  Fri, 25 Aug 2006 08:56:42 +0200
1171
1172moodle (1.6-2ubuntu1) edgy; urgency=low
1173
1174  [ Ubuntu Merge-o-Matic ]
1175  * Merge from debian unstable.
1176
1177 -- Daniel T Chen <crimsun@ubuntu.com>  Thu,  6 Jul 2006 20:30:30 -0400
1178
1179moodle (1.6-2) unstable; urgency=low
1180
1181  * Fix two problems in preinst, thanks to Jordi Mallach's workmate
1182  * Ship cron file in package instead of generating it at postinst
1183
1184 -- Isaac Clerencia <isaac@debian.org>  Mon,  3 Jul 2006 10:25:31 +0200
1185
1186moodle (1.6-1ubuntu1) edgy; urgency=low
1187
1188  * Merge from debian unstable:
1189    - Use Debian Sid's packaging save in debian/templates where we need
1190      to make sure the default corresponds to the install-time
1191      dependencies (apache2) so we can avoid the mess that was worked
1192      around in dapper-security.
1193
1194 -- Daniel T Chen <crimsun@ubuntu.com>  Fri, 30 Jun 2006 19:21:20 +0100
1195
1196moodle (1.6-1) unstable; urgency=low
1197
1198  * New upstream release, needs newer PHP version, so updated versioned
1199    dependencies
1200
1201 -- Isaac Clerencia <isaac@debian.org>  Mon, 19 Jun 2006 18:21:07 +0200
1202
1203moodle (1.5.4-1) unstable; urgency=low
1204
1205  * New upstream release
1206  * Depend on ucf
1207  * Move debhelper to Build-Depends as it's used in the clean target of
1208    debian/rules
1209  * Add colons to debconf template short descriptions
1210  * Bumped Standard-Versions to 3.7.2, no changes needed
1211
1212 -- Isaac Clerencia <isaac@debian.org>  Tue, 30 May 2006 17:48:11 +0200
1213
1214moodle (1.5.3+20060206-1) unstable; urgency=low
1215
1216  * New package created from 1.5.3+ branch, which includes several bugfixes
1217  * Allow moodle to be installed using php5 instead of php4, closes: #351298
1218  * Changed apache | httpd to apache2-mpm-prefork | httpd
1219
1220 -- Isaac Clerencia <isaac@debian.org>  Mon,  6 Feb 2006 09:49:09 +0100
1221
1222moodle (1.5.3+20060108-2) unstable; urgency=low
1223
1224  * Throw cronjob output to /dev/null, closes: #349971
1225
1226 -- Isaac Clerencia <isaac@debian.org>  Thu, 26 Jan 2006 13:01:58 +0100
1227
1228moodle (1.5.3+20060108-1ubuntu1) dapper; urgency=low
1229
1230  * Resynchronise with Debian.
1231
1232 -- Daniel T Chen <crimsun@fungus.sh.nu>  Mon, 09 Jan 2006 13:49:39 +0000
1233
1234moodle (1.5.3+20060108-1) unstable; urgency=low
1235
1236  * New package created from 1.5.3+ branch, which closes: #346509, a
1237    security bug in the ADODB code included in Moodle
1238  * Check for /usr/share/moodle/admin/cron.php existence in the cronjob,
1239    closes: #342304
1240  * Use php4-cli instead of wget to run the cronjob, closes: #345930
1241
1242 -- Isaac Clerencia <isaac@debian.org>  Sun,  8 Jan 2006 17:09:57 +0100
1243
1244moodle (1.5.3-1ubuntu1) dapper; urgency=low
1245
1246  * Resynchronise with Debian.
1247
1248 -- Stephan Hermann <sh@sourcecode.de>  Wed, 28 Dec 2005 18:25:41 +0100
1249
1250moodle (1.5.3-1) unstable; urgency=low
1251
1252  * New upstream release
1253
1254 -- Isaac Clerencia <isaac@debian.org>  Mon, 21 Nov 2005 21:09:21 +0100
1255
1256moodle (1.5.2-1ubuntu1) breezy; urgency=low
1257
1258  * Resync with debian (security update)
1259  * changed dependencys to php5
1260  * changed apache dependency to apache2
1261  * References
1262    CAN-2005-2247
1263
1264 -- Andrew Mitchell <ajmitch@ubuntu.com>  Thu, 13 Oct 2005 02:00:59 +1300
1265
1266moodle (1.5.2-1) unstable; urgency=low
1267
1268  * New upstream release
1269
1270 -- Isaac Clerencia <isaac@debian.org>  Wed, 20 Jul 2005 15:13:41 +0200
1271
1272moodle (1.5.1-1) unstable; urgency=low
1273
1274  * New upstream release
1275
1276 -- Isaac Clerencia <isaac@debian.org>  Tue, 12 Jul 2005 09:50:59 +0200
1277
1278moodle (1.5-1) unstable; urgency=low
1279
1280  * New upstream release
1281  * Added Vietnamese debconf translation, closes: #312961
1282
1283 -- Isaac Clerencia <isaac@debian.org>  Wed, 22 Jun 2005 22:18:26 +0200
1284
1285moodle (1.4.4.dfsg.1-3) unstable; urgency=high
1286
1287  * Urgency high as this upload closes a security bug
1288  * Remove admin/delete.php on installation, fixes an important security bug
1289
1290 -- Isaac Clerencia <isaac@debian.org>  Mon, 30 May 2005 20:45:33 +0200
1291
1292moodle (1.4.4.dfsg.1-2) unstable; urgency=low
1293
1294  * Use find | xargs instead of rm to remove old sessions, closes: #300266
1295
1296 -- Isaac Clerencia <isaac@debian.org>  Fri, 18 Mar 2005 18:47:32 +0100
1297
1298moodle (1.4.4.dfsg.1-1) unstable; urgency=high
1299
1300  * Urgency high as it closes a release critical bug and fixes some security
1301  problems
1302
1303  * New upstream release
1304
1305  * Replaced non-free fonts with free fonts for some languages in the original
1306  tarball, closes: #298938
1307
1308  * Set perms for /etc/moodle/config.php to 640 instead of 644, closes: #297237
1309
1310  * Use new option $CFG->respectsessionsettings = true; to clean sessions and
1311  remove old sessions from /var/lib/moodle/sessions: closes: #295124
1312
1313  * Added cs.po debconf template translation, closes: #298208
1314
1315  * Remove /var/lib/moodle/ when purging
1316
1317 -- Isaac Clerencia <isaac@debian.org>  Thu, 10 Mar 2005 01:02:48 +0100
1318
1319moodle (1.4.3-1) unstable; urgency=high
1320
1321  * Urgency high as upstream release fixes several security bugs
1322  * New upstream release
1323  * Write database creation errors and warn the user about it,
1324  closes: #285842, #285842
1325
1326 -- Isaac Clerencia <isaac@sindominio.net>  Wed, 29 Dec 2004 00:49:52 +0100
1327
1328moodle (1.4.2-2) unstable; urgency=low
1329
1330  * Create user before creating database in postinst
1331
1332 -- Isaac Clerencia <isaac@sindominio.net>  Tue, 23 Nov 2004 10:55:28 +0100
1333
1334moodle (1.4.2-1) unstable; urgency=high
1335
1336  * New upstream release
1337  * Urgency high, as this upstream release closes several security bugs
1338  * Added some extra information to README.Debian, thanks to Kevin Coyner
1339  * Added apache2 as a choice for autoconfiguration, closes: #275444
1340
1341 -- Isaac Clerencia <isaac@sindominio.net>  Wed, 10 Nov 2004 13:18:41 +0100
1342
1343moodle (1.4.1-2) unstable; urgency=medium
1344
1345  * Urgency medium, as it fixes the "default username" problem, which is a
1346    www-config bug but affects lots of moodle users
1347  * Use moodle as default database username, currently uses www-data which
1348    causes www-config to fail to create the database
1349  * Enabled Tex math filter and added mimetex in Depends:
1350  * Removed an extra line from README.Debian
1351  * Removed debian/overrides/ for lintian
1352
1353 -- Isaac Clerencia <isaac@sindominio.net>  Sun, 24 Oct 2004 12:16:39 +0200
1354
1355moodle (1.4.1-1) unstable; urgency=low
1356
1357  * New upstream release, closes: #270855
1358  * /var/lib/moodle is now owned by www-data, closes: #258283
1359  * Added README.Debian with some hints for database setup,
1360    closes: #272553, #270851
1361
1362 -- Isaac Clerencia <isaac@sindominio.net>  Sat,  2 Oct 2004 00:37:53 +0200
1363
1364moodle (1.4-1) unstable; urgency=low
1365
1366  * New upstream release, closes: #256218, #256219
1367  * Switched to a file in conf.d instead of an include in http.conf
1368  * Added DirectoryIndex index.php to apache.conf file, closes: #247554
1369
1370 -- Isaac Clerencia <isaac@sindominio.net>  Tue,  7 Sep 2004 22:07:10 +0200
1371
1372moodle (1.3.3-1) unstable; urgency=low
1373
1374  * New upstream release
1375
1376 -- Isaac Clerencia <isaac@sindominio.net>  Mon, 19 Jul 2004 11:28:48 +0200
1377
1378moodle (1.3.2-1) unstable; urgency=low
1379
1380  * New upstream release
1381
1382 -- Isaac Clerencia <isaac@sindominio.net>  Mon, 19 Jul 2004 11:16:45 +0200
1383
1384moodle (1.3.1-1) unstable; urgency=low
1385
1386  * New upstream release, closes: #252693
1387  * Added "exec 0<&1" to postinst to fix hang when ucf asks the user
1388
1389 -- Isaac Clerencia <isaac@sindominio.net>  Fri,  4 Jun 2004 23:45:37 +0200
1390
1391moodle (1.2.1-3) unstable; urgency=low
1392
1393  * Added a choice to use apache-perl in addition to apache and apache-ssl
1394  * Changed back priority to Optional, because no longer depends on php4-gd2
1395
1396 -- Isaac Clerencia <isaac@sindominio.net>  Thu, 22 Apr 2004 11:32:40 +0200
1397
1398moodle (1.2.1-2) unstable; urgency=low
1399
1400  * Changed depends on php4-gd2 to php4-gd, closes: #243717
1401
1402 -- Isaac Clerencia <isaac@sindominio.net>  Tue, 20 Apr 2004 23:16:47 +0200
1403
1404moodle (1.2.1-1) unstable; urgency=low
1405
1406  * New upstream release
1407  * Added ucf for better handling of config files
1408  * Changed priority to Extra
1409
1410 -- Isaac Clerencia <isaac@sindominio.net>  Tue, 30 Mar 2004 22:01:33 +0200
1411
1412moodle (1.1.1-4) unstable; urgency=low
1413
1414  * Added French debconf templates translation, closes: #235572
1415
1416 -- Isaac Clerencia <isaac@sindominio.net>  Mon,  1 Mar 2004 12:22:03 +0100
1417
1418moodle (1.1.1-3) unstable; urgency=low
1419
1420  * Fixed debconf stuff by adding POTFILES.in, closes: #233114
1421    Thanks to Martin Quirson.
1422  * Fixed bug in config generation that caused passwords including '$'
1423    broke the autentication
1424  * Removed moodle prefix from some debian/ files
1425  * Changed depend on debconf to misc:Depends
1426  * Updated version for debhelper build-depend to 4.1.13
1427
1428 -- Isaac Clerencia <isaac@sindominio.net>  Tue, 17 Feb 2004 23:55:45 +0100
1429
1430moodle (1.1.1-2) unstable; urgency=low
1431
1432  * Now depends on php4-pgsql or php4-mysql not both
1433  * Added recommends for postgresql or mysql-serverl
1434  * Added documentation dir
1435  * Added wget in Depends: and changed cron.d to use wget
1436  * Fixed postinst to put the correct protocol in config.php and cron.d/moodle
1437
1438 -- Isaac Clerencia <isaac@sindominio.net>  Thu, 27 Nov 2003 23:14:11 +0100
1439
1440moodle (1.1.1-1) unstable; urgency=low
1441
1442  * Initial Debian Release, closes: #222475
1443
1444 -- Isaac Clerencia <isaac@sindominio.net>  Thu, 27 Nov 2003 23:14:11 +0100
1445
Note: See TracBrowser for help on using the repository browser.