source: moodle/trunk/fuentes/debian/changelog @ 1355

Last change on this file since 1355 was 1355, checked in by jrpelegrina, 4 years ago

Updated changelog

File size: 58.8 KB
Line 
1moodle (3.0.3+dfsg-0ubuntu1+lliurex1) xenial; urgency=medium
2
3  * Fix postinst to php7.0
4  * Fix depends (php-zip)
5  * Applied a patch
6
7 -- Juan Ramon Pelegrina <juapesai@hotmail.com>  Mon, 02 May 2016 16:09:34 +0200
8
9moodle (3.0.3+dfsg-0ubuntu1) xenial; urgency=medium
10
11  [ Nishanth Aravamudan ]
12  * New upstream release, as only 3.0.1+ has PHP7 support
13    (LP: #1562172).
14    - https://docs.moodle.org/dev/Moodle_and_PHP7
15    - https://tracker.moodle.org/browse/MDL-50565
16    - update d/rules dfsg target.
17    - remove mdeploy*.php from d/install.
18    - d/lintian-overrides, d/source/lintian-overrides: update embedded
19      tinymce, yuilib, jquery versions.
20    - d/rules: update override_dh_lintian.
21  * d/control: update to PHP7.0 dependencies.
22  * d/watch: correct for current releases.
23
24  [ Steve Langasek ]
25  * Also update lintian overrides for binary packages.
26  * Remove some additional license files.
27  * Drop some no-longer-applicable lintian overrides.
28
29 -- Steve Langasek <steve.langasek@ubuntu.com>  Fri, 01 Apr 2016 22:08:56 -0700
30
31moodle (2.7.12+dfsg-1) unstable; urgency=high
32
33  * New upstream security release, released Jan 11, 2016.  Note that the
34    upstream 2.7 branch is supported for security fixes only until May 2017
35    (LTS).  Security issue fixed:
36    - (MSA-16-0001) CVE-2016-0724 Two enrolment-related web services don't check
37      course visibility.  Thanks Salvatore Bonaccorso. Closes: #811344
38    Other fixes and improvements:
39    - MDL-49473 - Logs export contains year
40    - MDL-52194 - Fixed Flowplayer not working with insecure configuration of
41      request_order
42    See https://docs.moodle.org/dev/Moodle_2.7.12_release_notes for more
43    details.
44  * debian/links, debian/rules: delegate creating symlinks to dh_link, via
45    debian/links.  This should fix a bug in upgrading: old obsolete symlinks are
46    kept.
47  * debian/rules: no longer install bennu/COPYRIGHT.txt, dragmath/COPYRIGHT.html
48    in usr/share/moodle/lib .
49  * debian/control: get rid of Breaks/Replaces moodle-book: moodle-book was only
50    shipped with squeeze (current oldoldstable).
51  * debian/control: remove Penny Leach <penny /a/ mjollnir 0 org>, Xavier Oswald
52    <xoswald@d.o> from Uploaders: I haven't seen any activity from them since
53    more than one year.  Penny, Xavier: you're very much invited to add yourself
54    again.
55  * debian/rules: no longer run debhelper in verbose mode.
56
57 -- Joost van Baal-Ilić <joostvb@debian.org>  Mon, 18 Jan 2016 08:38:29 +0100
58
59moodle (2.7.11+dfsg-2) unstable; urgency=high
60
61  * debian/rules: no longer link to content from
62    /usr/share/php-htmlpurifier/library/, but directly to
63    /usr/share/php/HTMLPurifier*.  This way, the php-htmlpurifier maintainers
64    can get rid of the compatibility symlink introduced in Debian Jessie.
65    Also: not only link to HTMLPurifier.php and HTMLPurifier.safe-includes.php,
66    but also to HTMLPurifier.autoload.php HTMLPurifier.auto.php
67    HTMLPurifier.func.php HTMLPurifier.includes.php HTMLPurifier.kses.php and
68    HTMLPurifier.path.php.  Thanks David Prévot.  Closes: #803175
69  * debian/po/es.po: update spanish translation. Thanks
70    Javier Fernández-Sanguino. Closes: #773567
71  * debian/control: make installation dependencies more flexible by adding
72    php5-fpm as alternative to libapache2-mod-php5 | php5-cgi. Thanks Detlev
73    Brodowski. Closes: #807072
74  * debian/rules: replace obsolete "dh binary-indep --before dh_lintian" and
75    "dh binary-indep --remaining" by "override_dh_lintian" and "dh_lintian".
76    Thanks lintian.
77  * debian/changelog: add CVE ID's to entry moodle (2.7.11+dfsg-1).
78  * debian/changelog: in entry moodle (2.7.2+dfsg-3), refer to #754565 and
79    give credit.
80  * debian/changelog: in entry moodle (2.7.2-2), refer to #736800 and give
81    credit.
82
83 -- Joost van Baal-Ilić <joostvb@debian.org>  Mon, 07 Dec 2015 13:52:32 +0100
84
85moodle (2.7.11+dfsg-1) unstable; urgency=high
86
87  * New upstream security release, released Nov 9, 2015. Security issues fixed:
88    - (MSA-15-0039) CVE-2015-5335 CSRF in site registration form: Attacker can
89      send admin a link to site registration form that will display correct URL
90      but, if submitted, will register with another hub. It is possible to trick
91      a site/admin into sending aggregate stats to an arbitrary domain.
92      Reported by Andrew Davis; Upstream patch:
93      http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51091
94    - (MSA-15-0040) CVE-2015-5336 Student XSS in survey: Standard survey module
95      is vulnerable to XSS attack by students who fill the survey.  Reported by
96      Hugh Davenport; Upstream patch: MDL-49940
97    - (MSA-15-0041) CVE-2015-5337 XSS in flash video player: XSS vulnerability
98      caused by Flowplayer flash video player has been addressed.  Reported by
99      Andrew Nicols; MDL-48085
100    - (MSA-15-0042) CVE-2015-5338 CSRF in lesson login form: Password-protected
101      lesson modules are subject to CSRF vulnerability.  Reported by Ankit
102      Agarwal; MDL-48109.
103    - (MSA-15-0043) CVE-2015-5339 Web service core_enrol_get_enrolled_users does
104      not respect course group mode: Through WS core_enrol_get_enrolled_users it
105      is possible to retrieve list of course participants who would not be
106      visible when using web site.  Reported by Daniel Palou; MDL-51861
107    - (MSA-15-0044) CVE-2015-5340 Capability to view available badges is not
108      respected: Logged in users who do not have capability 'View available
109      badges without earning them' can still access the full list of badges.
110      Capability moodle/badges:viewbadges is not respected.  Reported by Marina
111      Glancy; MDL-51684
112    - (MSA-15-0045) CVE-2015-5341 SCORM module allows to bypass access
113      restrictions based on date: Incorrect and missing handling of availability
114      dates in mod_scorm let users to view the SCORM contents bypassing the date
115      restriction.  Reported by Juan Leyva; MDL-50837
116    - (MSA-15-0046) CVE-2015-5342 Choice module closing date can be bypassed:
117      Users can mock URL to delete or submit new responses after the choice
118      module was closed.  Reported by Juan Leyva; MDL-51569
119    See https://bugzilla.redhat.com/show_bug.cgi?id=1288158 for details.  Thanks
120    Adam Mariš @ Red Hat.  See also
121    https://moodle.org/mod/forum/discuss.php?d=322852 , published Nov 9, 2015.
122    Other Fixes and improvements:
123    - MDL-51083 - Fixed undesired browser password autofilling in several forms
124      (majority of forms were fixed in MDL-45772 in previous release)
125    - MDL-51190 - Fixed MS Edge locking up when viewing embedded PDF
126    See https://docs.moodle.org/dev/Moodle_2.7.11_release_notes for more
127    details.
128  * debian/source/lintian-overrides: add some more incorrectly flagged
129    javascript files.  See lintian bug 802028 (and 799861).
130
131 -- Joost van Baal-Ilić <joostvb@debian.org>  Fri, 04 Dec 2015 15:12:23 +0100
132
133moodle (2.7.10+dfsg-1) unstable; urgency=high
134
135  * New upstream security release, released Sept 21, 2015.  Security issues
136    fixed:
137    - MSA-15-0030: Students can re-attempt answering questions in the lesson,
138      Reported by Eric Eakin, MDL-50516, CVE-2015-5264
139    - MSA-15-0031: Teacher in forum can still post to "all participants" and
140      groups they are not members of, Reported by David Scotson, MDL-50576,
141      CVE-2015-5272
142    - MSA-15-0032: Users can delete files uploaded by other users in wiki,
143      Reported by John Provasnik, MDL-48371, CVE-2015-5265
144    - MSA-15-0033: Meta course synchronisation enrols suspended students as
145      managers for a short period of time, Reported by Brian Winstead,
146      MDL-50744, CVE-2015-5266
147    - MSA-15-0034: Vulnerability in password recovery mechanism, Reported by
148      Vincent Herbulot (@us3r777), MDL-50860, CVE-2015-5267
149    - MSA-15-0035: Rating component does not check separate groups, Reported by
150      Juan Leyva, MDL-50173, CVE-2015-5268
151    - MSA-15-0036: XSS in grouping description, Reported by Marina Glancy,
152      MDL-50709, CVE-2015-5269
153    See the 21 Sep 2015 post from Marina Glancy at
154    http://www.openwall.com/lists/oss-security/2015/09/21/1 for more details on
155    these fixed security issues.  Some other fixes and improvements: MDL-51050
156    - Forms such as "Create new group" are no longer populated with passwords
157    and usernames by the browsers; MDL-42670 - Recent activity block no longer
158    shows student name when assignment blind marking is on. See
159    https://docs.moodle.org/dev/Moodle_2.7.10_release_notes for more details.
160    Thanks Salvatore Bonaccorso and Thijs Kinkhorst for forwarding the news.
161    Closes: #799634
162  * debian/source/lintian-overrides: add comment/comment.js, some
163    lib/yuilib/3.15.0/**/*-debug.js and
164    lib/yuilib/2in3/2.9.0/build/yui2-*/*-debug.js files to list of false
165    positives "source-is-missing". Bug #799861 reported against lintian.
166  * debian/copyright: clarify license situation of
167    lib/pear/HTML/QuickForm/DHTMLRulesTableless.php and
168    lib/pear/HTML/QuickForm/Renderer/Tableless.php. Thanks
169    Ondřej Surý and Paul Tagliamonte. Closes: #752615
170  * debian/control: no longer depend upon libphp-pclzip.  This dependency was
171    actually no longer needed since 2.7.5+dfsg-3, when phpexcel got removed.
172    Thanks David Prévot. Closes: #749609
173  * debian/changelog: fix entry for 2.7.5+dfsg-3 to properly close 746594.
174    See also https://tracker.moodle.org/browse/MDL-45395 .  Thanks Dan Poltawski
175    e.a.
176
177 -- Joost van Baal-Ilić <joostvb@debian.org>  Mon, 21 Sep 2015 09:52:15 +0200
178
179moodle (2.7.9+dfsg-1) unstable; urgency=high
180
181  * New upstream security release, released July 6, 2015.  Security issues fixed:
182    - MSA-15-0026 Possible phishing when redirecting to external site using
183      referer header, Reported by Totara, MDL-50688, CVE-2015-3272
184    - MSA-15-0028 Possible XSS through custom text profile fields in Web
185      Services, Reported by Marina Glancy, MDL-50130, CVE-2015-3274
186    - MSA-15-0029 Javascript injection in SCORM module, Reported by Martin
187      Greenaway, MDL-50614, CVE-2015-3275
188    See http://www.openwall.com/lists/oss-security/2015/07/13/2 for more details
189    on these fixed security issues.  Some other fixes and improvements:
190    MDL-50380 - Fixed missing parameter error when editing files in wiki;
191    MDL-50177 - Upgrading assignments in 2.7/2.8 works even when conditional
192    access is used; MDL-50275 - Added missing version bump after risk bitmap
193    change in MDL-49941.  See the Moodle 2.7.9 release notes at
194    https://docs.moodle.org/dev/Moodle_2.7.9_release_notes for more details.
195    Thanks Salvatore Bonaccorso. Closes: #792242
196  * debian/changelog: fix line length: max 80 columns.
197
198 -- Joost van Baal-Ilić <joostvb@debian.org>  Thu, 16 Jul 2015 15:44:09 +0200
199
200moodle (2.7.8+dfsg-1) unstable; urgency=high
201
202  * New upstream security release, released 11 May 2015.  Security issues
203    fixed:
204    - MSA-15-0018: Quiz manual-grading is an XSS risk, but does not declare
205      that, Reported by Hugh Davenport, MDL-49941, CVE-2015-3174
206    - MSA-15-0019: Possible phishing when redirecting to external site using
207      referer header, Reported by Dingjie Yang, MDL-49179, CVE-2015-3175
208    - MSA-15-0020: User fullname disclosure through account confirmation link,
209      Reported by: Federico Kirschbaum, MDL-50099, CVE-2015-3176
210    - MSA-15-0022: Potential XSS risk when returning text entered by student
211      from Web Services, Reported by Eloy Lafuente, MDL-49718, CVE-2015-3178
212    - MSA-15-0023: Suspended user is able to login when confirming email,
213      Reported by Marina Glancy, MDL-50090, CVE-2015-3179
214    - MSA-15-0024: User with suspended enrolment can see sections in the
215      navigation tree, Reported by Alex Mitin, MDL-49788, CVE-2015-3180
216    - MSA-15-0025: Capability to manage own files is not respected in Web
217      Services, Reported by Juan Leyva, MDL-49994, CVE-2015-3181
218    See http://www.openwall.com/lists/oss-security/2015/05/18/1 for more details
219    on these fixed security issues.  Some other fixes: MDL-48187 - Fixed problem
220    with new items automatically marked as extra credit in SWM category in
221    Gradebook; MDL-42449 - Grade category is preserved when duplicating a
222    module; MDL-46746, MDL-47003, MDL-47002 - Atto editor HTML cleaning is less
223    aggressive and more aware of special tags, especially noticeable when
224    pasting text from Word.  See the Moodle 2.7.8 release notes at
225    https://docs.moodle.org/dev/Moodle_2.7.8_release_notes for more details.
226    Thanks Salvatore Bonaccorso.  Closes: #785591
227  * debian/watch: fix syntax.
228
229 -- Joost van Baal-Ilić <joostvb@debian.org>  Fri, 22 May 2015 10:34:59 +0200
230
231moodle (2.7.7+dfsg-2) unstable; urgency=high
232
233  * debian/install: now installs scripts mdeploy.php and mdeploytest.php.
234  * debian/install: now installs the directory "availability", thanks Maarten
235    Horden and Oscar Diaz (Closes: #778422).
236  * debian/changelog: Add some extra information on issues fixed in entry
237    moodle (2.7.7+dfsg-1)), thanks Marina Glancy and Thijs Kinkhorst.
238  * debian/changelog: Add some extra information on CVE-2013-3630 in entry
239    moodle (2.7.5+dfsg-3), thanks Marina Glancy.
240
241 -- Joost van Baal-Ilić <joostvb@debian.org>  Tue, 17 Mar 2015 14:20:39 +0100
242
243moodle (2.7.7+dfsg-1) unstable; urgency=high
244
245  * New upstream security release, released 10 March 2015.  (Moodle 2.7.6 was
246    released 9 March 2015).  Issues fixed:
247    - MSA-15-0010: Personal contacts and number of unread messages can be
248      revealed, Reported by Barry Oosthuizen, MDL-49204, CVE-2015-2266
249    - MSA-15-0011: Authentication in mdeploy can be bypassed. Reported by
250      Frédéric Massart, MDL-49087 CVE-2015-2267
251    - MSA-15-0012: ReDoS Possible with Convert links to URLs filter. Reported by
252      Rob, MDL-38466, CVE-2015-2268
253    - MSA-15-0013: Block title not properly escaped and may cause HTML
254      injection.  Reported by Gjoko Krstic, MDL-49144, CVE-2015-2269
255    - MSA-15-0014: Potential information disclosure for the inaccessible
256      courses.  Reported by Sam Hemelryk, MDL-48804, CVE-2015-2270
257    - MSA-15-0015: User without proper permission is able to mark the tag as
258      inappropriate, Reported by Frédéric Massart, MDL-49084, CVE-2015-2271
259    - MSA-15-0016: Web services token can be created for user with temporary
260      password.  Reported by Juan Leyva, MDL-48691, CVE-2015-2272
261    - MSA-15-0017: XSS in quiz statistics report. Reported by Tim Hunt,
262      MDL-49364, CVE-2015-2273
263  * debian/changelog: enhance 2.7.2-1 entry: add note on upstream long term
264    support of this 2.7 branch.
265  * debian/TODO: add some build instructions.
266  * debian/control: more strict php-cas dependency: known to break with
267    1.3.1-4+deb7u1, known to work with 1.3.3-1.
268
269 -- Joost van Baal-Ilić <joostvb@debian.org>  Tue, 10 Mar 2015 14:12:49 +0100
270
271moodle (2.7.5+dfsg-3) unstable; urgency=high
272
273  * debian/README.Debian: add authors and dates, in order to make status more
274    clear.
275  * debian/watch: (trying to) get it working again, with revamped moodle.org
276    website.
277  * debian/changelog: add even more CVE-numbers to entry 2.7.5+dfsg-1.
278  * For the record, https://security-tracker.debian.org/tracker/CVE-2013-3630
279    will not get fixed: it's not a bug: the attack can only get launched by an
280    administrator, and administrators need to be trusted.  Sites that provide
281    shared hosting and want to prevent the Moodle admin user from being able to
282    set executable paths can also use: "$CFG->preventexecpath = true;".  See
283    also Debian bug #775842 and Moodle issue MDL-41449.
284  * Fix CVE-2014-4172 and CVE-2014-2054:
285    - debian/rules, debian/control: don't use CAS client library as shipped with
286      moodle (unchanged phpCAS 1.3.3, see upstream
287      auth/cas/CAS/moodle_readme.txt) but php-cas as shipped with Debian
288      (1.3.3-1 and 1.3.1-4+deb7u1); create symlinks /u/s/m/auth/cas/CAS/CAS.php
289      -> /usr/share/php/CAS.php and /u/s/m/auth/cas/CAS/CAS ->
290      /usr/share/php/CAS/.  This fixes CVE-2014-4172.
291    - debian/rules: remove /u/s/m/lib/phpexcel from binary package.  Remove
292      lib/phpexcel/PHPExcel/Shared/OLE* from upstream sources.  This fixes both
293      a license problem and a security problem: Although the PHP license is
294      generally agreed to be DFSG-free, using it as a license on anything that
295      isn't PHP itself makes the result non-free.  PHP OLE is licensed under the
296      PHP license.  Older versions of PHP Excel, such as the one shipped with
297      moodle, suffer from security problem CVE-2014-2054.  See also Debian Bug
298      #718585 "RFP: php-excel".  (Closes: #746594)
299    This closed Debian bug "Multiple security issues"; thanks Moritz
300    Muehlenhoff, Thijs Kinkhorst and Hubert Chathi (Closes: #775842)
301
302 -- Joost van Baal-Ilić <joostvb@debian.org>  Mon, 09 Mar 2015 12:56:41 +0100
303
304moodle (2.7.5+dfsg-2) unstable; urgency=high
305
306  * debian/README.Debian: add notes on upgrading.
307  * debian/TODO: added.
308  * debian/changelog: add CVE-number to previous entry.
309
310 -- Joost van Baal-Ilić <joostvb@debian.org>  Tue, 10 Feb 2015 14:27:09 +0000
311
312moodle (2.7.5+dfsg-1) unstable; urgency=high
313
314  * New upstream security release:
315     Moodle 2.7.5 release notes, Release date: 2 February, 2015: "A number of
316     security related issues were resolved." "Here is the
317     full list of fixed issues in 2.7.5:
318     https://tracker.moodle.org/issues/?jql=project+%3D+mdl+AND+resolution+%3D+fixed+AND+fixVersion+in+%28%222.7.5%22%29+ORDER+BY+priority+DESC"
319     Fixes include: "Preauthenticated Local File Disclosure", as reported
320     by Emiel Florijn, MDL-48980 and MDL-48990, i.e. CVE-2015-1493 (also
321     aliased as CVE-2015-0246).  See also
322     https://docs.moodle.org/dev/Moodle_2.7.5_release_notes and
323     https://moodle.org/mod/forum/discuss.php?d=279956 , published feb 10
324     2015.
325
326  * For the record: Security issues fixed in upstream Moodle 2.7.3 and 2.7.4:
327     CVE-2015-0218 (see
328     https://security-tracker.debian.org/tracker/CVE-2015-0218),
329     CVE-2015-0217, CVE-2015-0216, CVE-2015-0215, CVE-2015-0214, CVE-2015-0213,
330     CVE-2015-0212, CVE-2015-0211, CVE-2014-9059, CVE-2014-7848, CVE-2014-7847,
331     CVE-2014-7846, CVE-2014-7845, CVE-2014-7838, CVE-2014-7837, CVE-2014-7836,
332     CVE-2014-7835, CVE-2014-7834, CVE-2014-7833, CVE-2014-7832, CVE-2014-7831,
333     CVE-2014-7830, CVE-2014-3617, CVE-2014-3553, CVE-2014-3551, CVE-2014-3548,
334     CVE-2014-3547, CVE-2014-3546, CVE-2014-3545, CVE-2014-3544, CVE-2014-3543,
335     CVE-2014-3542, CVE-2014-3541.
336
337 -- Joost van Baal-Ilić <joostvb@debian.org>  Mon, 02 Feb 2015 08:38:14 +0000
338
339moodle (2.7.2+dfsg-3) experimental; urgency=medium
340
341  * Remove lib/tcpdf/include/sRGB.icc from upstream source since it does
342    not allow modification (usually known as
343    sRGB_IEC61966-2-1_black_scaled.icc).  FWIW: this file was not installed
344    by the Moodle 2.6.3 Debian package.  Thanks bastien ROUCARIES, Riley Baird
345    and Tomasz Muras. Closes: #754565
346  * Remove lib/flowplayer/flowplayer.audio-3.2.11.swf since sources missing.
347  * debian/rules: add preliminary target dfsg, with some comments.
348
349 -- Joost van Baal-Ilić <joostvb@debian.org>  Fri, 30 Jan 2015 12:48:55 +0000
350
351moodle (2.7.2-2) experimental; urgency=medium
352
353  * debian/control: remove Thijs Kinkhorst from Uploaders, on his request.
354    Thanks Thijs!
355  * debian/source/include-binaries, debian/missing-sources: Added missing
356    sources for
357    - the Flowplayer video player from Flowplayer Ltd
358      (http://flash.flowplayer.org/): flash-release_3_2_18.tar.gz for
359      flowplayer-3.2.18.swf, flash-release_3_2_16.tar.gz for
360      lib/flowplayer/flowplayer.controls-3.2.16.swf.
361      Downloaded from https://github.com/flowplayer/flash/releases.
362      See also #736800 "Sourceless flash file" and
363      https://tracker.moodle.org/browse/MDL-44093.  Thanks bastien ROUCARIES,
364      Robert Bihlmeyer and Thijs Kinkhorst.   Closes: #736800
365    - filter/tex/mimetex.linux and mimetex.freebsd
366    NB: flowplayer-3.2.18.swf, flowplayer.controls-3.2.16.swf, mimetex.linux
367    and mimetex.freebsd are not shipped with the binary Debian package.
368
369 -- Joost van Baal-Ilić <joostvb@debian.org>  Mon, 03 Nov 2014 15:03:51 +0100
370
371moodle (2.7.2-1) unstable; urgency=medium
372
373  * This is a semi-public release.
374  * New upstream release; new upstream 2.7 branch.  About this branch, upstream
375    states, at https://docs.moodle.org/dev/Releases#Moodle_2.7 : "Bug fixes for
376    general core bugs in 2.7.x will end 11 May 2015 (12 months).  Bug fixes for
377    serious security issues in 2.7.x will end 8 May 2017 (36 months)."
378  * This upstream release fixes security issues:
379    - MSA-14-0014 Cross-site request forgery possible in Assignment
380      [CVE-2014-0213]
381    - MSA-14-0015 Web service token expiry issue for MoodleMobile
382      [CVE-2014-0214]
383    - MSA-14-0016 Anonymous student identity revealed in Assignment
384      [CVE-2014-0215]
385    - MSA-14-0017 File access issue in HTML block [CVE-2014-0216]
386    - MSA-14-0018 Information leak in courses [CVE-2014-0217]
387    - MSA-14-0019 Reflected XSS in URL downloader repository [CVE-2014-0218]
388    (See https://docs.moodle.org/dev/Moodle_2.7_release_notes#Security_issues)
389  * debian/rules: remove extra license file
390    lib/editor/atto/yui/src/rangy/js/license.txt.
391  * debian/copyright: add MIT license, for Rangy library for the Atto editor.
392  * debian/moodle.lintian-overrides: add embedded-php-library
393    lib/markdown/Markdown.php: we can't use Debian's libmarkdown-php due to
394    incompatibilities.
395  * debian/moodle.lintian-overrides: add embedded-php-library
396    lib/simplepie/library/SimplePie.php: we can't use Debian's libphp-simplepie
397    due to incompatibilities.
398  * debian/moodle.lintian-overrides: add embedded-php-library
399    lib/yuilib/3.15.0/yui/yui-min.js: we can't use Debian's libjs-yui
400    due to incompatibilities.
401  * debian/moodle.lintian-overrides, debian/source/lintian-overrides: change
402    lines like "moodle: embedded-javascript-library
403    lib/editor/tinymce/tiny_mce/3.5.8/tiny_mce.js" in "moodle source:
404    source-is-missing
405    lib/editor/tinymce/tiny_mce/3.5.10/plugins/advimage/langs/en_dlg.js":
406    Moodle _does_ ship (modified) sources.
407  * debian/rules, debian/control: don't use TCPDF library as shipped with
408    moodle (tcpdf_php5 TCPDF 5.9.133 MDL-29283, see
409    lib/tcpdf/readme_moodle.txt), but php-tcpdf as shipped with
410    Debian (6.0.048+dfsg-2~bpo70+1 in wheezy-backports, 6.0.093+dfsg-1 in
411    jessie): create symlink /usr/share/moodle/lib/tcpdf -> /usr/share/php/tcpdf.
412    NB: the file lib/tcpdf/include/sRGB.icc does not allow modification.
413  * debian/source/lintian-overrides: Moodle _does_ ship source of files
414    lib/yuilib/3.15.0/datatype-date-format/lang/datatype-date-format* and other
415    3.15.0 and 2in3/2.9.0/build files.
416  * debian/source/lintian-overrides: Moodle _does_ ship source of file
417    AMFTester.swf in amf/testclient/AMFTester.mxml.
418  * debian/rules: do not install the Flowplayer video player from Flowplayer
419    Ltd (http://flash.flowplayer.org/): source is missing.
420  * debian/docs: remove tags.txt: only relevant for developers.
421  * debian/control: add myself to uploaders.
422  * debian/control: checked for policy 3.9.6, no changes necessary.
423
424 -- Joost van Baal-Ilić <joostvb@debian.org>  Tue, 28 Oct 2014 09:44:46 +0100
425
426moodle (2.6.3-1) unstable; urgency=medium
427
428  * New upstream release.
429
430 -- Thijs Kinkhorst <thijs@debian.org>  Mon, 12 May 2014 16:10:38 +0200
431
432moodle (2.6.2-1) unstable; urgency=medium
433
434  * New upstream release.
435
436 -- Thijs Kinkhorst <thijs@debian.org>  Wed, 12 Mar 2014 18:17:07 +0100
437
438moodle (2.6.1-1) unstable; urgency=low
439
440  * New upstream release.
441  * Do install tcpdf lib, which is now required by core Moodle.
442
443 -- Thijs Kinkhorst <thijs@debian.org>  Wed, 12 Feb 2014 15:49:12 +0100
444
445moodle (2.5.4-1) unstable; urgency=medium
446
447  * New upstream release, fixing security issues:
448    - MSA-14-0001 Config passwords visibility issue [CVE-2014-0008]
449    - MSA-14-0002 Group constraints lacking in "login as" [CVE-2014-0009]
450    - MSA-14-0003 CSRF vulnerability in profile fields [CVE-2014-0010]
451  * Move /var/lib/moodle directory into package.
452  * Revert back to bundled yui3. Unfortunately, version in Debian and
453    of upstream are not compatible (closes: #735312).
454
455 -- Thijs Kinkhorst <thijs@debian.org>  Tue, 21 Jan 2014 13:40:52 +0100
456
457moodle (2.5.3-3) unstable; urgency=medium
458
459  * Drop unused libjs-yui dependency (closes: #730104).
460  * Replace bundled yui3 with dependency on packaged libjs-yui3-min.
461  * Add virtual-mysql-{server,client} dependency alternatives
462    (closes: #732895).
463  * Change owner of config.php from www-data to root.
464  * Checked for policy 3.9.5, no changes necessary.
465
466 -- Thijs Kinkhorst <thijs@debian.org>  Fri, 03 Jan 2014 11:44:05 +0100
467
468moodle (2.5.3-2) unstable; urgency=medium
469
470  * Fix syntax error in generated config.php.
471
472 -- Thijs Kinkhorst <thijs@debian.org>  Fri, 29 Nov 2013 09:17:29 +0100
473
474moodle (2.5.3-1) unstable; urgency=low
475
476  * New upstream version: 2.5.3.
477    - Incorporates CAS security patch.
478    - Fixes security issues CVE-2013-4522, CVE-2013-4523,
479      CVE-2013-4524, CVE-2013-4525, CVE-2013-6780.
480
481 -- Thijs Kinkhorst <thijs@debian.org>  Fri, 22 Nov 2013 14:09:51 +0100
482
483moodle (2.5.2-1) unstable; urgency=medium
484
485  * New upstream version: 2.5.2.
486    - Incorporates S3 security patch.
487
488 -- Thijs Kinkhorst <thijs@debian.org>  Mon, 09 Sep 2013 15:22:35 +0200
489
490moodle (2.5.1-2) unstable; urgency=low
491
492  * Update debconf translation for
493    Swedish, thanks Martin Bagge (closes: #717323);
494    Italian, thanks Beatrice Torracca (closes: #717162);
495    French, thanks Julien Patriarca (closes: #717548);
496    Czech, thanks Michal Simunek (closes: #717550).
497  * Add Breaks/Replaces moodle-book; integrated since Moodle 2.3.
498
499 -- Thijs Kinkhorst <thijs@debian.org>  Sun, 04 Aug 2013 17:30:38 +0200
500
501moodle (2.5.1-1) unstable; urgency=low
502
503  * New upstream version: 2.5.1.
504    - Fixes security issues:
505      CVE-2013-2242 CVE-2013-2243 CVE-2013-2244 CVE-2013-2245
506      CVE-2013-2246
507  * Depend on apache2 instead of obsolete apache2-mpm-prefork.
508  * Use packaged libphp-phpmailer (closes: #429339), adodb,
509    HTMLPurifier, PclZip.
510  * Update debconf translations, thanks Salvatore Merone, Pietro Tollot,
511    Joe Hansen, Yuri Kozlov, Holger Wansing, Américo Monteiro,
512    Adriano Rafael Gomes, victory, Michał Kułach.
513    (closes: #716972, #716986, #717080, #717108, #717278)
514
515 -- Thijs Kinkhorst <thijs@debian.org>  Fri, 19 Jul 2013 08:52:46 +0200
516
517moodle (2.5-1) unstable; urgency=low
518
519  * New upstream version: 2.5.
520    - Removed problematically licenced JSON code (closes: #692626).
521    - Fixes security issues:
522      CVE-2012-3363, CVE-2012-6098, CVE-2012-6099, CVE-2012-6100,
523      CVE-2012-6101, CVE-2012-6103, CVE-2012-6104, CVE-2012-6105,
524      CVE-2012-6112, CVE-2013-1829, CVE-2013-1830, CVE-2013-1831,
525      CVE-2013-1832, CVE-2013-1833, CVE-2013-1834, CVE-2013-1835,
526      CVE-2013-1836, CVE-2013-2080, CVE-2013-2081, CVE-2013-2082,
527      CVE-2013-2083 (closes: #702387, #703870).
528  * FLV player removed, no need to repack source tarball.
529  * Checked for policy 3.9.4, no changes. Updated to debhelper 8.
530  * Use xz compression for binary packages.
531
532 -- Thijs Kinkhorst <thijs@debian.org>  Fri, 28 Jun 2013 15:35:53 +0200
533
534moodle (2.2.7.dfsg-1) unstable; urgency=low
535
536  * New upstream version: 2.2.7+ (Build: 20130125)
537
538  * Fix possible security issue for curl in 3rd party libraries:
539    * phpCAS (CVE-2012-5583)
540    * amazon-s3-php-class (CVE-2012-6087)
541
542 -- Tomasz Muras <nexor1984@gmail.com>  Mon, 28 Jan 2013 17:43:26 +0100
543
544moodle (2.2.6.dfsg-1) unstable; urgency=low
545
546  * New upstream version: 2.2.6 (Build: 20121112)
547
548 -- Tomasz Muras <nexor1984@gmail.com>  Thu, 15 Nov 2012 21:50:13 +0100
549
550moodle (2.2.3.dfsg-2.6) unstable; urgency=low
551
552  * Non-maintainer upload.
553
554  * Backport multiple security issues from upstream's MOODLE_22_STABLE
555    branch.
556    - MSA-12-0057: MDL-29872 - Access issue through repository
557      Fixes CVE-2012-5471
558    - MSA-12-0058: MDL-32785 - Possible form data manipulation issue
559      Fixes CVE-2012-5472
560    - MSA-12-0059: MDL-34448 - Information leak in Database activity module
561      Fixes CVE-2012-5473
562    - MSA-12-0061: MDL-33791 - Remote code execution through Portfolio API
563      Fixes CVE-2012-5479
564    - MSA-12-0062: MDL-35558 - Information leak in Database activity module
565      Fixes CVE-2012-5480
566
567 -- Didier Raboud <odyx@debian.org>  Mon, 12 Nov 2012 10:00:00 +0100
568
569moodle (2.2.3.dfsg-2.5) unstable; urgency=low
570
571  * Non-maintainer brown-paper bag upload.
572
573  * Fix the preinst shell syntax to properly drop the left-over symlink
574    in favour of the shipped directory. (Closes: #689506 fo real now)
575
576 -- Didier Raboud <odyx@debian.org>  Wed, 31 Oct 2012 08:25:55 +0100
577
578moodle (2.2.3.dfsg-2.4) unstable; urgency=low
579
580  * Non-maintainer upload.
581
582  * Drop a left-over symlink in favour of the shipped directory.
583   (Closes: #689506)
584
585 -- Didier Raboud <odyx@debian.org>  Sun, 28 Oct 2012 15:01:09 +0100
586
587moodle (2.2.3.dfsg-2.3) unstable; urgency=low
588
589  * Non-maintainer upload.
590
591  * Backport multiple security issues from upstream's MOODLE_22_STABLE
592    branch. (Closes: #687924)
593    - MSA-12-0051: MDL-30792 - File upload size constraint issue
594      Fixes CVE-2012-4400
595    - MSA-12-0052: MDL-28207 - Course topics permission issue
596      Fixes CVE-2012-4401
597    - MSA-12-0053: MDL-34585 - Blog file access issue
598      Fixes CVE-2012-4407
599    - MSA-12-0054: MDL-34519 - Course reset permission issue
600      Fixes CVE-2012-4408
601    - MSA-12-0055: MDL-34368 - Web service access token issue
602      Fixes CVE-2012-4402
603
604 -- Didier Raboud <odyx@debian.org>  Fri, 28 Sep 2012 12:52:21 +0200
605
606moodle (2.2.3.dfsg-2.2) unstable; urgency=low
607
608  * Non-maintainer upload.
609
610  * Backport multiple security issues from upstream's MOODLE_22_STABLE
611    branch. (Closes: #682203)
612    - MDL-31692 mod_lti - ensure that various mforms are used properly
613      Fixes CVE-2012-3389
614    - MDL-33916 Ensure that capabilities are checked for cached user
615      enrolments
616      Fixes CVE-2012-3388
617
618 -- Didier Raboud <odyx@debian.org>  Mon, 23 Jul 2012 19:13:56 +0200
619
620moodle (2.2.3.dfsg-2.1) unstable; urgency=low
621
622  * Non-maintainer upload.
623
624  * Backport multiple security issues from upstream's MOODLE_22_STABLE
625    branch (Closes: #682203)
626    - MDL-33808 - format title on the repository instance screen
627    - MDL-33808 - incorrect cleaning of repository names
628      Both patches fix CVE-2012-3393.
629    - MDL-23254 Authentication : used httpswwwroot as root url during
630      authentication procedure where $PAGE->https_required() is
631      specified.
632      Fix CVE-2012-3394
633    - MDL-27675 - Feedback module abuses data_submitted
634      Fix CVE-2012-3395
635    - MDL-34045 fix invalid idnumber field type in cohort form
636      Fix CVE-2012-3396
637    - MDL-33466: Group restriction should hide activity even with 'show
638      availability' option
639      Fix CVE-2012-3397
640
641 -- Didier Raboud <odyx@debian.org>  Fri, 20 Jul 2012 19:52:07 +0200
642
643moodle (2.2.3.dfsg-2) unstable; urgency=low
644
645  *  Don't depend on ucf during purge (closes: #678027)
646
647 -- Tomasz Muras <nexor1984@gmail.com>  Thu, 21 Jun 2012 17:31:35 +0200
648
649moodle (2.2.3.dfsg-1) unstable; urgency=high
650
651  *  New upstream version: 2.2.3+ (Build: 20120615)
652     closes: #674163
653
654 -- Tomasz Muras <nexor1984@gmail.com>  Sat, 16 Jun 2012 21:39:12 +0200
655
656moodle (2.2.2.dfsg-2) unstable; urgency=low
657
658  * Fix path to cron (closes: #669229)
659
660 -- Tomasz Muras <nexor1984@gmail.com>  Wed, 18 Apr 2012 19:34:35 +0200
661
662moodle (2.2.2.dfsg-1) unstable; urgency=low
663
664  * New upstream version: 2.2.2+ (Build: 20120412)
665    closes: #658865,#664260,#647489,#443949,#441013,#505044,#375290
666  * Updated Standards-Versions to 3.9.3
667  * Removing Dan from maintainers (thanks for all your work Dan!)
668
669 -- Tomasz Muras <nexor1984@gmail.com>  Sun, 15 Apr 2012 13:50:52 -0400
670
671moodle (1.9.9.dfsg2-6) unstable; urgency=high
672
673  * Backporting security fixes from Moodle 1.9.17
674     - MSA-12-00013 DB activtity export does not respect groups
675         (CVE-2012-1155, closes: #668411)
676
677 -- Tomasz Muras <nexor1984@gmail.com>  Thu, 12 Apr 2012 21:55:48 +0100
678
679moodle (1.9.9.dfsg2-5.1) unstable; urgency=low
680
681  * Non-maintainer upload.
682  * Fix pending l10n issues. Debconf translations:
683    - Danish (Joe Hansen).  Closes: #658747
684    - Dutch; (Jeroen Schot).  Closes: #660243
685    - Brazilian Portuguese (Adriano Rafael Gomes).  Closes: #668092
686    - Italian (Beatrice Torracca).  Closes: #668161
687
688 -- Christian Perrier <bubulle@debian.org>  Tue, 10 Apr 2012 07:36:58 +0200
689
690moodle (1.9.9.dfsg2-5) unstable; urgency=high
691
692  * Backporting security fixes from Moodle 1.9.15 and 1.9.16
693    (closes: #652235)
694     - MSA-11-0054 Personal information leak
695     - MSA-11-0045 Potential to masquerade through MNet (CVE-2011-4584)
696     - MSA-11-0046 Insecure authentication transmission (CVE-2011-4585)
697     - MSA-11-0047 Possible injection attack in Calendar (CVE-2011-4586)
698     - MSA-11-0048 Password loss issue (CVE-2011-4587)
699     - MSA-11-0049 Network restriction ineffective with MNet (CVE-2011-4588)
700     - MSA-12-0007 Email injection prevention (CVE-2012-0796)
701     - MSA-12-0006 Additional email address validation (CVE-2012-0795)
702     - MSA-12-0005 Encryption enhancement (CVE-2012-0794)
703     - MSA-12-0004 Added profile image security (CVE-2012-0793)
704     - MSA-12-0003 Added password protection
705     - MSA-12-0002 Personal information leak, previously MSA-11-0040
706       (CVE-2011-4308 and CVE-2012-0792)
707     - MSA-12-0001 Recaptcha transmission consistency issue
708
709 -- Tomasz Muras <nexor1984@gmail.com>  Mon, 27 Feb 2012 21:14:48 +0000
710
711moodle (1.9.9.dfsg2-4) unstable; urgency=high
712
713  * Backporting security fixes from Moodle 1.9.13 and 1.9.14
714      - MSA-11-0026 Fields in user upload CSV not being escaped (MDL-28360)
715      - MSA-11-0025 Group names in user upload CSV not being escaped (MDL-28197)
716      - MSA-11-0024 Recaptcha images were being authenticated
717          from an older server (MDL-27889) (closes: #638935)
718      - MSA-11-0020 Continue links in error messages can lead offsite (MDL-27464)
719      - MSA-11-0038 Database injection protection strengthened (MDL-29033)
720      - MSA-11-0037 Course section editing injection vulnerability (MDL-28722)
721      - MSA-11-0036 Messaging refresh vulnerability (MDL-29311)
722      - MSA-11-0032 MNET SSL validation issue (MDL-29148)
723      - MSA-11-0031 Forms API constant issue (MDL-23872)
724  * Make sure that smarty & yui symlinks are correct (closes: 603255,614712)
725
726 -- Tomasz Muras <nexor1984@gmail.com>  Fri, 28 Oct 2011 13:29:14 +0100
727
728moodle (1.9.9.dfsg2-3) unstable; urgency=high
729
730  * Backporting security fixes from Moodle 1.9.11 and 1.9.12
731      - MSA-11-0002 Cross-site request forgery vulnerability in RSS block (MDL-18839)
732      - MSA-11-0003 Cross-site scripting vulnerability in tag autocomplete (MDL-25754)
733      - MSA-11-0008 IMS enterprise enrolment file may disclose sensitive information (MDL-26189)
734      - MSA-11-0011 Multiple cross-site scripting problems in media filter (MDL-26030)
735      - MSA-11-0015 Cross Site Scripting through URL encoding (MDL-26966)
736      - MSA-11-0013 Group/Quiz permissions issue (MDL-25122)
737
738 -- Tomasz Muras <nexor1984@gmail.com>  Wed, 18 May 2011 20:57:59 +0100
739
740moodle (1.9.9.dfsg2-2.1) unstable; urgency=low
741
742  * Non-maintainer upload.
743  * Fix encoding of Swedish debconf translation.
744
745 -- Christian Perrier <bubulle@debian.org>  Tue, 11 Jan 2011 22:03:44 +0100
746
747moodle (1.9.9.dfsg2-2) unstable; urgency=low
748
749  * Added Romanian translation
750  * Updated Japanese translation (closes: #596820)
751  * Backporting security fixes from Moodle 1.9.10 (closes: #601384)
752     - Updated embedded CAS to 1.1.3
753     - Added patch for MDL-24523:
754       clean_text() not filtering text in markdown format
755     - Added patch for MDL-24810 and upgraded customized HTML Purifier to 4.2.0
756     - Added patch for MDL-24258:
757       students can delete their forum posts later than $CFG->maxeditingtime
758       under certain conditions
759     - Added patch for MDL-23377:
760       Can't delete quiz attempts in course without enrolled students
761
762 -- Tomasz Muras <nexor1984@gmail.com>  Sat, 30 Oct 2010 12:19:28 +0100
763
764moodle (1.9.9.dfsg2-1) unstable; urgency=low
765
766  * Enable HTML purifier by default
767  * Added Janapenese translation (closes: #593808)
768  * Removed from source swf files without a source code
769    and added README.source
770  * Updated bundled HTML purifier library - fix for
771    CVE-2010-2479 (closes: #593301)
772
773 -- Tomasz Muras <nexor1984@gmail.com>  Tue, 24 Aug 2010 20:35:29 +0100
774
775moodle (1.9.9.dfsg-1) unstable; urgency=low
776
777  [ Jonathan Wiltshire ]
778  * Debconf templates and debian/control reviewed by the debian-l10n-
779    english team as part of the Smith review project. Closes: #588871
780  * Debconf translation updates:
781     - Russian (closes: #589247)
782     - Czech (closes: #589265)
783     - Swedish (closes: #589270)
784     - French (closes: #589510)
785     - German (closes: #590120)
786     - Spanish (closes: #590449)
787     - Portugese (closes: #590556)
788
789  [ Tomasz Muras ]
790  * New debconf translation - Polish
791  * Removed .swf files as non-free (closes: #591201)
792  * Fixed generation of config.php for postgres (thanks Giles Westwood)
793
794 -- Tomasz Muras <nexor1984@gmail.com>  Sun, 15 Aug 2010 21:19:10 +0100
795
796moodle (1.9.9-2) unstable; urgency=low
797
798  * Fixed JS includes for YUI library (closes: #589612)
799  * Bumped standards version to 3.9.0
800  * Moved BSD licenses into copyright (fixes lintian warning)
801  * Setting DM-Upload-Allowed as agreed with Xavier Oswald <xoswald@debian.org>
802
803 -- Tomasz Muras <nexor1984@gmail.com>  Thu, 22 Jul 2010 23:23:22 +0100
804
805moodle (1.9.9-1) unstable; urgency=low
806
807  * Rewritten debian/rules
808  * Removed unnecessary usr/share/moodle/update-notifier
809  * New Upstream Version: 1.9.9
810  * New upstream fixes CVE-2010-1619 (closes: #585425)
811  * New upstream fixes MSA-10-0011 (closes: #586280)
812
813 -- Tomasz Muras <nexor1984@gmail.com>  Wed, 23 Jun 2010 21:00:39 +0100
814
815moodle (1.9.8-1) unstable; urgency=low
816
817  [Tomasz Muras]
818  * New Maintainer (closes: #581229, #574969).
819  * New Upstream Version (closes: #475535).
820  * Added information about flvplayer to copyright (closes: #526543).
821  * phpCAS XSS vulnerability fixed in mainstream Moodle 1.9.8 (closes: #574757).
822  * Several security issues fixed in upstream (closes: #576189).
823  * Moodle depends on postgresql or MySQL (closes: #551399).
824  * Re-written to use dbconfig-common (closes: #302205).
825  * Updated copyright with two new entires (closes: #526543).
826  * Drop use of wwwconfig (closes: #389502).
827  * Package is now not creating Apache config automatically (closes: #555672).
828    It's up to the user to configure the webserver but package provides the
829    templates.
830  * Added "allow from localhost" (closes: #551402).
831  * Asking for wwwroot during the installation (closes: #302207).
832  * Removing nusoap as it's not necessary for PHP 5 (closes: #529573).
833
834  [Xavier Oswald]
835  * Add myself as uploader.
836  * Bump Stadards-Version to 3.8.4.
837  * debian/copyright: update with DEP-5 format proposal.
838  * Switch to dpkg-source 3.0 (quilt) format
839
840  [Francois Marier]
841  * Bump debhelper compatibility to 7
842  * Add a watch file
843  * debian/control (dependencies)
844    - Depend on libjs-yui instead of yui (renamed after lenny)
845    - Add dependency on unzip
846    - Recommend php5-xmlrpc and aspell
847    - Suggest clamav
848    - Demoted mimetex to recommended
849  * Turn 'dbpersist' on by default in the generated config.php
850  * Include whitespace warning at the end of generated config.php
851  * Set the path to du, unzip and zip
852  * Fix a warning with E_STRICT is turned on
853
854 -- Xavier Oswald <xoswald@debian.org>  Sun, 20 Jun 2010 16:02:14 +0200
855
856moodle (1.8.2.dfsg-4) unstable; urgency=high
857
858  * Improve the fix for log URL filtering as suggested by Steffen Joeris
859    (MSA-09-0007 / CVE-2009-0500)
860  * Backport upstream fix for calendar export leakage
861    (MSA-09-0006 / CVE-2009-0501)
862
863 -- Francois Marier <francois@debian.org>  Thu, 12 Feb 2009 17:27:07 +1300
864
865moodle (1.8.2.dfsg-3) unstable; urgency=high
866
867  * Delete unused (but vulnerable) Spellchecker plugin to htmlarea
868    (MSA-09-0005, CVE-2008-5153)
869  * Hide images of deleted users (MSA-09-0001)
870  * Fix user pix disclosure (MSA-09-0002)
871  * Fix XSS vulnerabilities in HTML blocks (MSA-09-0004)
872  * Fix XSS vulnerabilities in logs (MSA-09-0007)
873  * Fix CSRF vulnerability in forum code (MSA-09-0008)
874
875 -- Francois Marier <francois@debian.org>  Mon, 02 Feb 2009 19:09:10 +1300
876
877moodle (1.8.2.dfsg-2) unstable; urgency=high
878
879  [ Dan Poltawski ]
880  * Patch SQL injection bug in hotpot module (MSA-08-0010)
881  * Fix XSS bug in logged urls (MDL-11414)
882  * Fix XSS bug in install script (MSA-08-0004)
883  * Fix insufficient access control in Login as feature (MSA-08-0003)
884  * Profiles of deleted users were accessible allowing for spam (MSA-08-0015)
885  * Deficincy in text cleaning functions allowed for XSS (MSA-08-0021)
886  * Fix CSRF in messaging settings (MSA-08-0023)
887  * Fix anonymous group creation and html injection (MDL-11759)
888  * Fix SQL injection bug in mnet (MDL-9288)
889  * Fix SQL injection bug in restore (MDL-11857)
890  * Insufficient cleaning of essay questions (MDL-12079)
891  * Fix insufficient cleaning of PARAM_HOST (MDL-12793)
892  * Fix XSS bug in logged urls (MDL-11414)
893  * Fix uncleaned params in wiki (MDL-14806)
894
895  [ Francois Marier ]
896  * Update html2text to prevent code execution attacks (closes: #508909)
897
898 -- Francois Marier <francois@debian.org>  Wed, 17 Dec 2008 13:37:10 +1300
899
900moodle (1.8.2.dfsg-1) unstable; urgency=high
901
902  * Replace html2text with a GPL alternative (closes: #507947)
903  * Fix XSS in the wiki module (CVE-2008-5432, closes: #508593)
904  * Add Dan Poltawski to the uploaders field
905
906 -- Francois Marier <francois@debian.org>  Tue, 16 Dec 2008 20:24:27 +1300
907
908moodle (1.8.2-2) unstable; urgency=high
909
910  * Adopt orphaned package (closes: #494642)
911  * Acknowledge security NMU (closes: #489533, #432264)
912  * Add Vcs-* fields to debian/control
913
914  Release-critical and security bugs:
915 
916  * Depend on smarty instead of using the embedded copy that is shipped
917    with Moodle (closes: #471158, #488525, #504345)
918  * Patch security bug in the embedded (and customised) copy of phpmailer
919    (CVE-2007-3215, closes: #429339, #429190)
920  * Patch cross-site scripting bug (CVE-2008-3326, closes: #492492)
921  * Patch snoopy input sanitising (CVE-2008-4796, closes: #504235)
922  * Upgrade to new LGPL version of domxml-php4-to-php5 (closes: #496069)
923
924  Trivial bug fixes:
925
926  * Depend on zip (closes: #408995)
927  * Add mysql-client as an alternative to postgresql-client
928    (closes: #417554, #469094)
929  * Recommend php5-ldap (closes: #425839)
930  * Delete unnecessary script with bashisms (closes: #489634)
931
932  Lintian warnings:
933
934  * Bump Standards-Version to 3.8.0
935  * Add homepage field to debian/control
936  * Remove cvsignore file
937  * Remove extra license file
938  * Depend on yui instead of using an embedded copy
939
940 -- Francois Marier <francois@debian.org>  Fri, 07 Nov 2008 08:24:28 +1300
941
942moodle (1.8.2-1.3) unstable; urgency=high
943
944  * Non-maintainer upload by the Security Team.
945  * Fix broken HTML filtering which could be used to perform XSS attacks,
946    bypass restrictions or possibly execute arbitrary code
947    (CVE-2008-1502; Closes: #489533).
948
949 -- Nico Golde <nion@debian.org>  Sun, 20 Jul 2008 18:07:55 +0200
950
951moodle (1.8.2-1.2ubuntu2) intrepid; urgency=low
952
953  * SECURITY UPDATE: arbitrary code execution via multiple vectors.
954    - Add CVE-2008-1502.dpatch: upstream KSES lib fixes, thanks to Nico Golde.
955
956 -- Kees Cook <kees@ubuntu.com>  Wed, 22 Oct 2008 14:01:33 -0700
957
958moodle (1.8.2-1.2ubuntu1) intrepid; urgency=low
959
960  * Merge from debian unstable, remaining changes:
961    - Suggest php5-ldap
962    - Modify Maintainer value to match Debian-Maintainer-Field Spec
963    - debian/postinst ucf fixes
964    - drop use of wwwconfig (database code in postinst stolen from mythtv)
965
966 -- Oliver Grawert <ogra@ubuntu.com>  Thu, 01 May 2008 02:19:09 +0100
967
968moodle (1.8.2-1.2) unstable; urgency=low
969
970  * Non-maintainer upload to fix pending l10n issues.
971  * Debconf translations:
972    - Japanese. Closes: #413105
973    - Spanish. Closes: #413779
974    - German. Closes: #415888
975    - Dutch. Closes: #425711
976    - Slovak. Closes: #437511
977    - Brazilian Portuguese. Closes: #437680
978    - Finnish. Closes: #468212
979    - Basque. Closes: #470362
980    - Galician. Closes: #470430
981    - Vietnamese. Closes: #470602
982    - Russian. Closes: #470790
983  * [Lintian] Fix format of NEWS.Debian
984  * [Lintian] Move debconf dependency to Pre-Depends as it is used
985    in the preinst script
986
987 -- Christian Perrier <bubulle@debian.org>  Fri, 14 Mar 2008 07:33:53 +0100
988
989moodle (1.8.2-1.1) unstable; urgency=low
990
991  * Non-maintainer upload from the Zurich BSP
992  * Added dependency on postgresql-client (Closes: #431589)
993
994 -- Tobias Klauser <tklauser@access.unizh.ch>  Sat, 12 Jan 2008 17:04:03 +0100
995
996moodle (1.8.2-1ubuntu4) hardy; urgency=low
997
998  * debian/postinst: ... except we should explicitly pass --debconf-ok
999    to ucf, for compatibility with older versions.
1000
1001 -- Steve Langasek <steve.langasek@ubuntu.com>  Fri, 28 Mar 2008 01:16:24 +0000
1002
1003moodle (1.8.2-1ubuntu3) hardy; urgency=low
1004
1005  * debian/postinst: Only call db_stop after ucf has been run in
1006    handle_config(), since ucf itself uses debconf; and drop the
1007    "exec 0<&1" workaround which no longer matters. LP: #203844
1008
1009 -- Steve Langasek <steve.langasek@ubuntu.com>  Fri, 28 Mar 2008 00:37:00 +0000
1010
1011moodle (1.8.2-1ubuntu2) gutsy; urgency=low
1012
1013  * Package changed to avoid use of wwwconfig; borrowed database setup code
1014    from Ubuntu mythtv package.
1015
1016 -- Matt Oquist <moquist@majen.net>  Sat, 28 Jul 2007 16:14:18 +0200
1017
1018moodle (1.8.2-1ubuntu1) gutsy; urgency=low
1019
1020  * Merge from Debian unstable. Remaining Ubuntu changes:
1021    - Depends on postgresql-client
1022    - Suggest php5-ldap
1023    - Modify Maintainer value to match Debian-Maintainer-Field Spec
1024
1025 -- Vincent Legout <bixente44@gmail.com>  Tue, 17 Jul 2007 16:14:18 +0200
1026
1027moodle (1.8.2-1) unstable; urgency=low
1028
1029  * New upstream release, fixes security bug, closes: #432264
1030
1031 -- Isaac Clerencia <isaac@debian.org>  Mon, 09 Jul 2007 00:24:17 +0200
1032
1033moodle (1.8.1-1ubuntu1) gutsy; urgency=low
1034
1035  * Merge from debian unstable, remaining changes:
1036    - Depends on postgresql-client
1037    - Suggest php5-ldap
1038    - Set apache2 as default in debian/templates
1039    - Update Maintainer field in debian/control
1040
1041 -- Luca Falavigna <dktrkranz@ubuntu.com>  Fri, 15 Jun 2007 23:33:55 +0100
1042
1043moodle (1.8.1-1) unstable; urgency=low
1044
1045  * New upstream release
1046  * Add php5-curl | php4-curl dependency for the new network features
1047  * No longer depend on php4 and apache 1
1048
1049 -- Isaac Clerencia <isaac@debian.org>  Fri, 15 Jun 2007 14:12:43 +0200
1050
1051moodle (1.7.2-1ubuntu2) gutsy; urgency=low
1052
1053  * Switch back to postgresql-client and postgresql (LP: 110054)
1054  * Suggest php5-ldap (LP: 107713)
1055
1056 -- Luca Falavigna <dktrkranz@ubuntu.com>  Sun, 10 Jun 2007 23:56:16 +0200
1057
1058moodle (1.7.2-1ubuntu1) gutsy; urgency=low
1059
1060  * Merge from Debian unstable. Remaining Ubuntu changes:
1061    + debian/control:
1062      - php5 by default.
1063      - Add postgresql-client-8.1 to Depends.
1064      - Update Recommends alternate to postgresql-8.1.
1065    + debian/templates: Ensure the default corresponds to the install-
1066      time dependencies (apache2).
1067  * Modify Maintainer value to match Debian-Maintainer-Field Spec
1068
1069 -- Arthur Loiret <freacky22527@free.fr>  Sun,  3 Jun 2007 20:53:01 +0200
1070
1071moodle (1.7.2-1) unstable; urgency=low
1072
1073  * New upstream release
1074
1075 -- Isaac Clerencia <isaac@debian.org>  Fri, 01 Jun 2007 12:54:59 +0200
1076
1077moodle (1.7.1-1) experimental; urgency=low
1078
1079  * New upstream release
1080
1081 -- Isaac Clerencia <isaac@debian.org>  Wed, 24 Jan 2007 14:21:34 +0100
1082
1083moodle (1.7+20061215-1) experimental; urgency=low
1084
1085  * New upstream release
1086
1087 -- Isaac Clerencia <isaac@debian.org>  Fri, 15 Dec 2006 13:39:14 +0100
1088
1089moodle (1.6.3-2ubuntu1) feisty; urgency=low
1090
1091  * Merge from debian unstable, remaining changes:
1092    - debian/control:
1093      + php5 by default.
1094      + Add postgresql-client-8.1 to Depends.
1095      + Update Recommends alternate to postgresql-8.1.
1096    - debian/templates: Ensure the default corresponds to the install-
1097      time dependencies (apache2).
1098
1099 -- Kees Cook <kees@ubuntu.com>  Mon, 18 Dec 2006 12:28:27 -0800
1100
1101moodle (1.6.3-2) unstable; urgency=high
1102
1103  * Urgency high as it fixes a security bug and should enter Etch ASAP
1104  * Fix security bug in the forum module (discuss.php)
1105
1106 -- Isaac Clerencia <isaac@debian.org>  Thu, 14 Dec 2006 14:14:27 +0100
1107
1108moodle (1.6.3-1ubuntu1) feisty; urgency=low
1109
1110  * Merge from debian unstable.  Remaining Ubuntu changes:
1111    - debian/control:
1112      + php5 by default.
1113      + Add postgresql-client-8.1 to Depends.
1114      + Update Recommends alternate to postgresql-8.1.
1115    - debian/templates: Ensure the default corresponds to the install-
1116      time dependencies (apache2).
1117
1118 -- Kees Cook <kees@ubuntu.com>  Wed, 29 Nov 2006 16:08:37 -0800
1119
1120moodle (1.6.3-1) unstable; urgency=low
1121
1122  * New upstream release
1123
1124 -- Isaac Clerencia <isaac@debian.org>  Thu, 19 Oct 2006 11:37:40 +0200
1125
1126moodle (1.6.2+20060930-1) unstable; urgency=high
1127
1128  * Urgency high because it fixes a critical security hole
1129  * New upstream release, closes: #390294, critical security hole
1130  * Notify the user if the selected server isn't installed, select apache2
1131    by default instead of apache, closes: #389806
1132  * Add a configuration section for php5 in apache.conf, closes: #387609
1133
1134 -- Isaac Clerencia <isaac@debian.org>  Sat, 30 Sep 2006 12:14:29 +0100
1135
1136moodle (1.6.2-1ubuntu1.1) edgy; urgency=low
1137
1138  * SECURITY UPDATE: SQL injection vulnerability
1139  * Add '01_sql-injection-fix.dpatch': Correctly escape tag options.
1140  * References:
1141    CVE-2006-5219
1142    http://cvs.moodle.com/blog/index.php?r1=1.18.2.2&r2=1.18.2.3
1143
1144 -- Kees Cook <kees@ubuntu.com>  Wed, 11 Oct 2006 15:25:15 -0700
1145
1146moodle (1.6.2-1ubuntu1) edgy; urgency=low
1147
1148  * Merge from Debian unstable. The following Ubuntu changes remain:
1149    - debian/control:
1150      + Apply patch from Ubuntu #59472 to use php5
1151        (Closes Ubuntu: #59472),
1152      + Add postgresql-client-8.1 to Depends (Closes Ubuntu: #51813),
1153      + Update Recommends alternate to postgresql-8.1,
1154    - debian/templates: Ensure the default corresponds to the install-
1155      time dependencies (apache2) so we can avoid the mess that was
1156      worked around in dapper-security.
1157
1158 -- Daniel T Chen <crimsun@ubuntu.com>  Sat, 23 Sep 2006 22:26:13 -0400
1159
1160moodle (1.6.2-1) unstable; urgency=low
1161
1162  * New upstream release, closes: #387177
1163  * Debconf translation updates/additions:
1164    * Czech, closes: #371834
1165    * French, closes: 372713
1166    * Portuguese, closes: #381194
1167  * Install config-dist.php in the documentation directory, closes: #386476
1168
1169 -- Isaac Clerencia <isaac@debian.org>  Tue, 12 Sep 2006 22:06:34 +0200
1170
1171moodle (1.6.1+20060825-1) unstable; urgency=low
1172
1173  * New upstream release
1174  * Moodle neither uses nor plans to use ADODB_Pager, so it's not affected by
1175    #360396, but include patch for it anyway, just in case somebody decides to
1176    use it out of the blue
1177
1178 -- Isaac Clerencia <isaac@debian.org>  Fri, 25 Aug 2006 08:56:42 +0200
1179
1180moodle (1.6-2ubuntu1) edgy; urgency=low
1181
1182  [ Ubuntu Merge-o-Matic ]
1183  * Merge from debian unstable.
1184
1185 -- Daniel T Chen <crimsun@ubuntu.com>  Thu,  6 Jul 2006 20:30:30 -0400
1186
1187moodle (1.6-2) unstable; urgency=low
1188
1189  * Fix two problems in preinst, thanks to Jordi Mallach's workmate
1190  * Ship cron file in package instead of generating it at postinst
1191
1192 -- Isaac Clerencia <isaac@debian.org>  Mon,  3 Jul 2006 10:25:31 +0200
1193
1194moodle (1.6-1ubuntu1) edgy; urgency=low
1195
1196  * Merge from debian unstable:
1197    - Use Debian Sid's packaging save in debian/templates where we need
1198      to make sure the default corresponds to the install-time
1199      dependencies (apache2) so we can avoid the mess that was worked
1200      around in dapper-security.
1201
1202 -- Daniel T Chen <crimsun@ubuntu.com>  Fri, 30 Jun 2006 19:21:20 +0100
1203
1204moodle (1.6-1) unstable; urgency=low
1205
1206  * New upstream release, needs newer PHP version, so updated versioned
1207    dependencies
1208
1209 -- Isaac Clerencia <isaac@debian.org>  Mon, 19 Jun 2006 18:21:07 +0200
1210
1211moodle (1.5.4-1) unstable; urgency=low
1212
1213  * New upstream release
1214  * Depend on ucf
1215  * Move debhelper to Build-Depends as it's used in the clean target of
1216    debian/rules
1217  * Add colons to debconf template short descriptions
1218  * Bumped Standard-Versions to 3.7.2, no changes needed
1219
1220 -- Isaac Clerencia <isaac@debian.org>  Tue, 30 May 2006 17:48:11 +0200
1221
1222moodle (1.5.3+20060206-1) unstable; urgency=low
1223
1224  * New package created from 1.5.3+ branch, which includes several bugfixes
1225  * Allow moodle to be installed using php5 instead of php4, closes: #351298
1226  * Changed apache | httpd to apache2-mpm-prefork | httpd
1227
1228 -- Isaac Clerencia <isaac@debian.org>  Mon,  6 Feb 2006 09:49:09 +0100
1229
1230moodle (1.5.3+20060108-2) unstable; urgency=low
1231
1232  * Throw cronjob output to /dev/null, closes: #349971
1233
1234 -- Isaac Clerencia <isaac@debian.org>  Thu, 26 Jan 2006 13:01:58 +0100
1235
1236moodle (1.5.3+20060108-1ubuntu1) dapper; urgency=low
1237
1238  * Resynchronise with Debian.
1239
1240 -- Daniel T Chen <crimsun@fungus.sh.nu>  Mon, 09 Jan 2006 13:49:39 +0000
1241
1242moodle (1.5.3+20060108-1) unstable; urgency=low
1243
1244  * New package created from 1.5.3+ branch, which closes: #346509, a
1245    security bug in the ADODB code included in Moodle
1246  * Check for /usr/share/moodle/admin/cron.php existence in the cronjob,
1247    closes: #342304
1248  * Use php4-cli instead of wget to run the cronjob, closes: #345930
1249
1250 -- Isaac Clerencia <isaac@debian.org>  Sun,  8 Jan 2006 17:09:57 +0100
1251
1252moodle (1.5.3-1ubuntu1) dapper; urgency=low
1253
1254  * Resynchronise with Debian.
1255
1256 -- Stephan Hermann <sh@sourcecode.de>  Wed, 28 Dec 2005 18:25:41 +0100
1257
1258moodle (1.5.3-1) unstable; urgency=low
1259
1260  * New upstream release
1261
1262 -- Isaac Clerencia <isaac@debian.org>  Mon, 21 Nov 2005 21:09:21 +0100
1263
1264moodle (1.5.2-1ubuntu1) breezy; urgency=low
1265
1266  * Resync with debian (security update)
1267  * changed dependencys to php5
1268  * changed apache dependency to apache2
1269  * References
1270    CAN-2005-2247
1271
1272 -- Andrew Mitchell <ajmitch@ubuntu.com>  Thu, 13 Oct 2005 02:00:59 +1300
1273
1274moodle (1.5.2-1) unstable; urgency=low
1275
1276  * New upstream release
1277
1278 -- Isaac Clerencia <isaac@debian.org>  Wed, 20 Jul 2005 15:13:41 +0200
1279
1280moodle (1.5.1-1) unstable; urgency=low
1281
1282  * New upstream release
1283
1284 -- Isaac Clerencia <isaac@debian.org>  Tue, 12 Jul 2005 09:50:59 +0200
1285
1286moodle (1.5-1) unstable; urgency=low
1287
1288  * New upstream release
1289  * Added Vietnamese debconf translation, closes: #312961
1290
1291 -- Isaac Clerencia <isaac@debian.org>  Wed, 22 Jun 2005 22:18:26 +0200
1292
1293moodle (1.4.4.dfsg.1-3) unstable; urgency=high
1294
1295  * Urgency high as this upload closes a security bug
1296  * Remove admin/delete.php on installation, fixes an important security bug
1297
1298 -- Isaac Clerencia <isaac@debian.org>  Mon, 30 May 2005 20:45:33 +0200
1299
1300moodle (1.4.4.dfsg.1-2) unstable; urgency=low
1301
1302  * Use find | xargs instead of rm to remove old sessions, closes: #300266
1303
1304 -- Isaac Clerencia <isaac@debian.org>  Fri, 18 Mar 2005 18:47:32 +0100
1305
1306moodle (1.4.4.dfsg.1-1) unstable; urgency=high
1307
1308  * Urgency high as it closes a release critical bug and fixes some security
1309  problems
1310
1311  * New upstream release
1312
1313  * Replaced non-free fonts with free fonts for some languages in the original
1314  tarball, closes: #298938
1315
1316  * Set perms for /etc/moodle/config.php to 640 instead of 644, closes: #297237
1317
1318  * Use new option $CFG->respectsessionsettings = true; to clean sessions and
1319  remove old sessions from /var/lib/moodle/sessions: closes: #295124
1320
1321  * Added cs.po debconf template translation, closes: #298208
1322
1323  * Remove /var/lib/moodle/ when purging
1324
1325 -- Isaac Clerencia <isaac@debian.org>  Thu, 10 Mar 2005 01:02:48 +0100
1326
1327moodle (1.4.3-1) unstable; urgency=high
1328
1329  * Urgency high as upstream release fixes several security bugs
1330  * New upstream release
1331  * Write database creation errors and warn the user about it,
1332  closes: #285842, #285842
1333
1334 -- Isaac Clerencia <isaac@sindominio.net>  Wed, 29 Dec 2004 00:49:52 +0100
1335
1336moodle (1.4.2-2) unstable; urgency=low
1337
1338  * Create user before creating database in postinst
1339
1340 -- Isaac Clerencia <isaac@sindominio.net>  Tue, 23 Nov 2004 10:55:28 +0100
1341
1342moodle (1.4.2-1) unstable; urgency=high
1343
1344  * New upstream release
1345  * Urgency high, as this upstream release closes several security bugs
1346  * Added some extra information to README.Debian, thanks to Kevin Coyner
1347  * Added apache2 as a choice for autoconfiguration, closes: #275444
1348
1349 -- Isaac Clerencia <isaac@sindominio.net>  Wed, 10 Nov 2004 13:18:41 +0100
1350
1351moodle (1.4.1-2) unstable; urgency=medium
1352
1353  * Urgency medium, as it fixes the "default username" problem, which is a
1354    www-config bug but affects lots of moodle users
1355  * Use moodle as default database username, currently uses www-data which
1356    causes www-config to fail to create the database
1357  * Enabled Tex math filter and added mimetex in Depends:
1358  * Removed an extra line from README.Debian
1359  * Removed debian/overrides/ for lintian
1360
1361 -- Isaac Clerencia <isaac@sindominio.net>  Sun, 24 Oct 2004 12:16:39 +0200
1362
1363moodle (1.4.1-1) unstable; urgency=low
1364
1365  * New upstream release, closes: #270855
1366  * /var/lib/moodle is now owned by www-data, closes: #258283
1367  * Added README.Debian with some hints for database setup,
1368    closes: #272553, #270851
1369
1370 -- Isaac Clerencia <isaac@sindominio.net>  Sat,  2 Oct 2004 00:37:53 +0200
1371
1372moodle (1.4-1) unstable; urgency=low
1373
1374  * New upstream release, closes: #256218, #256219
1375  * Switched to a file in conf.d instead of an include in http.conf
1376  * Added DirectoryIndex index.php to apache.conf file, closes: #247554
1377
1378 -- Isaac Clerencia <isaac@sindominio.net>  Tue,  7 Sep 2004 22:07:10 +0200
1379
1380moodle (1.3.3-1) unstable; urgency=low
1381
1382  * New upstream release
1383
1384 -- Isaac Clerencia <isaac@sindominio.net>  Mon, 19 Jul 2004 11:28:48 +0200
1385
1386moodle (1.3.2-1) unstable; urgency=low
1387
1388  * New upstream release
1389
1390 -- Isaac Clerencia <isaac@sindominio.net>  Mon, 19 Jul 2004 11:16:45 +0200
1391
1392moodle (1.3.1-1) unstable; urgency=low
1393
1394  * New upstream release, closes: #252693
1395  * Added "exec 0<&1" to postinst to fix hang when ucf asks the user
1396
1397 -- Isaac Clerencia <isaac@sindominio.net>  Fri,  4 Jun 2004 23:45:37 +0200
1398
1399moodle (1.2.1-3) unstable; urgency=low
1400
1401  * Added a choice to use apache-perl in addition to apache and apache-ssl
1402  * Changed back priority to Optional, because no longer depends on php4-gd2
1403
1404 -- Isaac Clerencia <isaac@sindominio.net>  Thu, 22 Apr 2004 11:32:40 +0200
1405
1406moodle (1.2.1-2) unstable; urgency=low
1407
1408  * Changed depends on php4-gd2 to php4-gd, closes: #243717
1409
1410 -- Isaac Clerencia <isaac@sindominio.net>  Tue, 20 Apr 2004 23:16:47 +0200
1411
1412moodle (1.2.1-1) unstable; urgency=low
1413
1414  * New upstream release
1415  * Added ucf for better handling of config files
1416  * Changed priority to Extra
1417
1418 -- Isaac Clerencia <isaac@sindominio.net>  Tue, 30 Mar 2004 22:01:33 +0200
1419
1420moodle (1.1.1-4) unstable; urgency=low
1421
1422  * Added French debconf templates translation, closes: #235572
1423
1424 -- Isaac Clerencia <isaac@sindominio.net>  Mon,  1 Mar 2004 12:22:03 +0100
1425
1426moodle (1.1.1-3) unstable; urgency=low
1427
1428  * Fixed debconf stuff by adding POTFILES.in, closes: #233114
1429    Thanks to Martin Quirson.
1430  * Fixed bug in config generation that caused passwords including '$'
1431    broke the autentication
1432  * Removed moodle prefix from some debian/ files
1433  * Changed depend on debconf to misc:Depends
1434  * Updated version for debhelper build-depend to 4.1.13
1435
1436 -- Isaac Clerencia <isaac@sindominio.net>  Tue, 17 Feb 2004 23:55:45 +0100
1437
1438moodle (1.1.1-2) unstable; urgency=low
1439
1440  * Now depends on php4-pgsql or php4-mysql not both
1441  * Added recommends for postgresql or mysql-serverl
1442  * Added documentation dir
1443  * Added wget in Depends: and changed cron.d to use wget
1444  * Fixed postinst to put the correct protocol in config.php and cron.d/moodle
1445
1446 -- Isaac Clerencia <isaac@sindominio.net>  Thu, 27 Nov 2003 23:14:11 +0100
1447
1448moodle (1.1.1-1) unstable; urgency=low
1449
1450  * Initial Debian Release, closes: #222475
1451
1452 -- Isaac Clerencia <isaac@sindominio.net>  Thu, 27 Nov 2003 23:14:11 +0100
1453
Note: See TracBrowser for help on using the repository browser.