Ignore:
Timestamp:
May 2, 2016, 12:09:23 PM (3 years ago)
Author:
jrpelegrina
Message:

Updated to moodle 3.0.3

File:
1 edited

Legend:

Unmodified
Added
Removed
  • moodle/trunk/fuentes/debian/changelog

    r1135 r1331  
    1 moodle (2.8.1-0+lliurex6) xenial; urgency=high
    2 
    3   * update postinst
    4 
    5  -- Raul Rodrigo Segura <raurodse@gmail.com>  Thu, 07 Apr 2016 17:47:26 +0200
    6 
    7 moodle (2.8.1-0+lliurex5) xenial; urgency=high
    8 
    9   * Update depends
    10 
    11  -- Raul Rodrigo Segura <raurodse@gmail.com>  Thu, 07 Apr 2016 16:32:21 +0200
    12 
    13 moodle (2.8.1-0+lliurex4) xenial; urgency=medium
    14 
    15   * Ported code to xenial
    16 
    17  -- M.Angel Juan <m.angel.juan@gmail.com>  Mon, 01 Feb 2016 13:57:53 +0100
    18 
    19 moodle (2.8.1-0+lliurex4) trusty; urgency=medium
    20 
    21   * Include tcpdf, actually is removed in packaging stage
    22 
    23  -- M.Angel Juan <m.angel.juan@gmail.com>  Wed, 25 Nov 2015 11:47:33 +0100
    24 
    25 moodle (2.8.1-0+lliurex3) trusty; urgency=high
    26 
    27   * Apply patch
    28 
    29  -- Raul Rodrigo Segura <raurodse@gmail.com>  Fri, 30 Jan 2015 09:56:32 +0100
    30 
    31 moodle (2.8.1-0+lliurex2) trusty; urgency=high
    32 
    33   * Add Pre-depens with lliurex-preseed-moodle.
    34 
    35  -- Raul Rodrigo Segura <raurodse@gmail.com>  Thu, 29 Jan 2015 17:58:02 +0100
    36 
    37 moodle (2.8.1-0+lliurex1) trusty; urgency=high
    38 
    39   * Fix rules
    40 
    41  -- Raul Rodrigo Segura <raurodse@gmail.com>  Fri, 19 Dec 2014 11:18:07 +0100
    42 
    43 moodle (2.8.1-0+lliurex0) trusty; urgency=medium
    44 
    45   * Initial release
    46 
    47  -- Raul Rodrigo Segura <raurodse@gmail.com>  Thu, 18 Dec 2014 09:49:57 +0100
     1moodle (3.0.3+dfsg-0ubuntu1) xenial; urgency=medium
     2
     3  [ Nishanth Aravamudan ]
     4  * New upstream release, as only 3.0.1+ has PHP7 support
     5    (LP: #1562172).
     6    - https://docs.moodle.org/dev/Moodle_and_PHP7
     7    - https://tracker.moodle.org/browse/MDL-50565
     8    - update d/rules dfsg target.
     9    - remove mdeploy*.php from d/install.
     10    - d/lintian-overrides, d/source/lintian-overrides: update embedded
     11      tinymce, yuilib, jquery versions.
     12    - d/rules: update override_dh_lintian.
     13  * d/control: update to PHP7.0 dependencies.
     14  * d/watch: correct for current releases.
     15
     16  [ Steve Langasek ]
     17  * Also update lintian overrides for binary packages.
     18  * Remove some additional license files.
     19  * Drop some no-longer-applicable lintian overrides.
     20
     21 -- Steve Langasek <steve.langasek@ubuntu.com>  Fri, 01 Apr 2016 22:08:56 -0700
     22
     23moodle (2.7.12+dfsg-1) unstable; urgency=high
     24
     25  * New upstream security release, released Jan 11, 2016.  Note that the
     26    upstream 2.7 branch is supported for security fixes only until May 2017
     27    (LTS).  Security issue fixed:
     28    - (MSA-16-0001) CVE-2016-0724 Two enrolment-related web services don't check
     29      course visibility.  Thanks Salvatore Bonaccorso. Closes: #811344
     30    Other fixes and improvements:
     31    - MDL-49473 - Logs export contains year
     32    - MDL-52194 - Fixed Flowplayer not working with insecure configuration of
     33      request_order
     34    See https://docs.moodle.org/dev/Moodle_2.7.12_release_notes for more
     35    details.
     36  * debian/links, debian/rules: delegate creating symlinks to dh_link, via
     37    debian/links.  This should fix a bug in upgrading: old obsolete symlinks are
     38    kept.
     39  * debian/rules: no longer install bennu/COPYRIGHT.txt, dragmath/COPYRIGHT.html
     40    in usr/share/moodle/lib .
     41  * debian/control: get rid of Breaks/Replaces moodle-book: moodle-book was only
     42    shipped with squeeze (current oldoldstable).
     43  * debian/control: remove Penny Leach <penny /a/ mjollnir 0 org>, Xavier Oswald
     44    <xoswald@d.o> from Uploaders: I haven't seen any activity from them since
     45    more than one year.  Penny, Xavier: you're very much invited to add yourself
     46    again.
     47  * debian/rules: no longer run debhelper in verbose mode.
     48
     49 -- Joost van Baal-Ilić <joostvb@debian.org>  Mon, 18 Jan 2016 08:38:29 +0100
     50
     51moodle (2.7.11+dfsg-2) unstable; urgency=high
     52
     53  * debian/rules: no longer link to content from
     54    /usr/share/php-htmlpurifier/library/, but directly to
     55    /usr/share/php/HTMLPurifier*.  This way, the php-htmlpurifier maintainers
     56    can get rid of the compatibility symlink introduced in Debian Jessie.
     57    Also: not only link to HTMLPurifier.php and HTMLPurifier.safe-includes.php,
     58    but also to HTMLPurifier.autoload.php HTMLPurifier.auto.php
     59    HTMLPurifier.func.php HTMLPurifier.includes.php HTMLPurifier.kses.php and
     60    HTMLPurifier.path.php.  Thanks David Prévot.  Closes: #803175
     61  * debian/po/es.po: update spanish translation. Thanks
     62    Javier Fernández-Sanguino. Closes: #773567
     63  * debian/control: make installation dependencies more flexible by adding
     64    php5-fpm as alternative to libapache2-mod-php5 | php5-cgi. Thanks Detlev
     65    Brodowski. Closes: #807072
     66  * debian/rules: replace obsolete "dh binary-indep --before dh_lintian" and
     67    "dh binary-indep --remaining" by "override_dh_lintian" and "dh_lintian".
     68    Thanks lintian.
     69  * debian/changelog: add CVE ID's to entry moodle (2.7.11+dfsg-1).
     70  * debian/changelog: in entry moodle (2.7.2+dfsg-3), refer to #754565 and
     71    give credit.
     72  * debian/changelog: in entry moodle (2.7.2-2), refer to #736800 and give
     73    credit.
     74
     75 -- Joost van Baal-Ilić <joostvb@debian.org>  Mon, 07 Dec 2015 13:52:32 +0100
     76
     77moodle (2.7.11+dfsg-1) unstable; urgency=high
     78
     79  * New upstream security release, released Nov 9, 2015. Security issues fixed:
     80    - (MSA-15-0039) CVE-2015-5335 CSRF in site registration form: Attacker can
     81      send admin a link to site registration form that will display correct URL
     82      but, if submitted, will register with another hub. It is possible to trick
     83      a site/admin into sending aggregate stats to an arbitrary domain.
     84      Reported by Andrew Davis; Upstream patch:
     85      http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51091
     86    - (MSA-15-0040) CVE-2015-5336 Student XSS in survey: Standard survey module
     87      is vulnerable to XSS attack by students who fill the survey.  Reported by
     88      Hugh Davenport; Upstream patch: MDL-49940
     89    - (MSA-15-0041) CVE-2015-5337 XSS in flash video player: XSS vulnerability
     90      caused by Flowplayer flash video player has been addressed.  Reported by
     91      Andrew Nicols; MDL-48085
     92    - (MSA-15-0042) CVE-2015-5338 CSRF in lesson login form: Password-protected
     93      lesson modules are subject to CSRF vulnerability.  Reported by Ankit
     94      Agarwal; MDL-48109.
     95    - (MSA-15-0043) CVE-2015-5339 Web service core_enrol_get_enrolled_users does
     96      not respect course group mode: Through WS core_enrol_get_enrolled_users it
     97      is possible to retrieve list of course participants who would not be
     98      visible when using web site.  Reported by Daniel Palou; MDL-51861
     99    - (MSA-15-0044) CVE-2015-5340 Capability to view available badges is not
     100      respected: Logged in users who do not have capability 'View available
     101      badges without earning them' can still access the full list of badges.
     102      Capability moodle/badges:viewbadges is not respected.  Reported by Marina
     103      Glancy; MDL-51684
     104    - (MSA-15-0045) CVE-2015-5341 SCORM module allows to bypass access
     105      restrictions based on date: Incorrect and missing handling of availability
     106      dates in mod_scorm let users to view the SCORM contents bypassing the date
     107      restriction.  Reported by Juan Leyva; MDL-50837
     108    - (MSA-15-0046) CVE-2015-5342 Choice module closing date can be bypassed:
     109      Users can mock URL to delete or submit new responses after the choice
     110      module was closed.  Reported by Juan Leyva; MDL-51569
     111    See https://bugzilla.redhat.com/show_bug.cgi?id=1288158 for details.  Thanks
     112    Adam Mariš @ Red Hat.  See also
     113    https://moodle.org/mod/forum/discuss.php?d=322852 , published Nov 9, 2015.
     114    Other Fixes and improvements:
     115    - MDL-51083 - Fixed undesired browser password autofilling in several forms
     116      (majority of forms were fixed in MDL-45772 in previous release)
     117    - MDL-51190 - Fixed MS Edge locking up when viewing embedded PDF
     118    See https://docs.moodle.org/dev/Moodle_2.7.11_release_notes for more
     119    details.
     120  * debian/source/lintian-overrides: add some more incorrectly flagged
     121    javascript files.  See lintian bug 802028 (and 799861).
     122
     123 -- Joost van Baal-Ilić <joostvb@debian.org>  Fri, 04 Dec 2015 15:12:23 +0100
     124
     125moodle (2.7.10+dfsg-1) unstable; urgency=high
     126
     127  * New upstream security release, released Sept 21, 2015.  Security issues
     128    fixed:
     129    - MSA-15-0030: Students can re-attempt answering questions in the lesson,
     130      Reported by Eric Eakin, MDL-50516, CVE-2015-5264
     131    - MSA-15-0031: Teacher in forum can still post to "all participants" and
     132      groups they are not members of, Reported by David Scotson, MDL-50576,
     133      CVE-2015-5272
     134    - MSA-15-0032: Users can delete files uploaded by other users in wiki,
     135      Reported by John Provasnik, MDL-48371, CVE-2015-5265
     136    - MSA-15-0033: Meta course synchronisation enrols suspended students as
     137      managers for a short period of time, Reported by Brian Winstead,
     138      MDL-50744, CVE-2015-5266
     139    - MSA-15-0034: Vulnerability in password recovery mechanism, Reported by
     140      Vincent Herbulot (@us3r777), MDL-50860, CVE-2015-5267
     141    - MSA-15-0035: Rating component does not check separate groups, Reported by
     142      Juan Leyva, MDL-50173, CVE-2015-5268
     143    - MSA-15-0036: XSS in grouping description, Reported by Marina Glancy,
     144      MDL-50709, CVE-2015-5269
     145    See the 21 Sep 2015 post from Marina Glancy at
     146    http://www.openwall.com/lists/oss-security/2015/09/21/1 for more details on
     147    these fixed security issues.  Some other fixes and improvements: MDL-51050
     148    - Forms such as "Create new group" are no longer populated with passwords
     149    and usernames by the browsers; MDL-42670 - Recent activity block no longer
     150    shows student name when assignment blind marking is on. See
     151    https://docs.moodle.org/dev/Moodle_2.7.10_release_notes for more details.
     152    Thanks Salvatore Bonaccorso and Thijs Kinkhorst for forwarding the news.
     153    Closes: #799634
     154  * debian/source/lintian-overrides: add comment/comment.js, some
     155    lib/yuilib/3.15.0/**/*-debug.js and
     156    lib/yuilib/2in3/2.9.0/build/yui2-*/*-debug.js files to list of false
     157    positives "source-is-missing". Bug #799861 reported against lintian.
     158  * debian/copyright: clarify license situation of
     159    lib/pear/HTML/QuickForm/DHTMLRulesTableless.php and
     160    lib/pear/HTML/QuickForm/Renderer/Tableless.php. Thanks
     161    Ondřej Surý and Paul Tagliamonte. Closes: #752615
     162  * debian/control: no longer depend upon libphp-pclzip.  This dependency was
     163    actually no longer needed since 2.7.5+dfsg-3, when phpexcel got removed.
     164    Thanks David Prévot. Closes: #749609
     165  * debian/changelog: fix entry for 2.7.5+dfsg-3 to properly close 746594.
     166    See also https://tracker.moodle.org/browse/MDL-45395 .  Thanks Dan Poltawski
     167    e.a.
     168
     169 -- Joost van Baal-Ilić <joostvb@debian.org>  Mon, 21 Sep 2015 09:52:15 +0200
     170
     171moodle (2.7.9+dfsg-1) unstable; urgency=high
     172
     173  * New upstream security release, released July 6, 2015.  Security issues fixed:
     174    - MSA-15-0026 Possible phishing when redirecting to external site using
     175      referer header, Reported by Totara, MDL-50688, CVE-2015-3272
     176    - MSA-15-0028 Possible XSS through custom text profile fields in Web
     177      Services, Reported by Marina Glancy, MDL-50130, CVE-2015-3274
     178    - MSA-15-0029 Javascript injection in SCORM module, Reported by Martin
     179      Greenaway, MDL-50614, CVE-2015-3275
     180    See http://www.openwall.com/lists/oss-security/2015/07/13/2 for more details
     181    on these fixed security issues.  Some other fixes and improvements:
     182    MDL-50380 - Fixed missing parameter error when editing files in wiki;
     183    MDL-50177 - Upgrading assignments in 2.7/2.8 works even when conditional
     184    access is used; MDL-50275 - Added missing version bump after risk bitmap
     185    change in MDL-49941.  See the Moodle 2.7.9 release notes at
     186    https://docs.moodle.org/dev/Moodle_2.7.9_release_notes for more details.
     187    Thanks Salvatore Bonaccorso. Closes: #792242
     188  * debian/changelog: fix line length: max 80 columns.
     189
     190 -- Joost van Baal-Ilić <joostvb@debian.org>  Thu, 16 Jul 2015 15:44:09 +0200
     191
     192moodle (2.7.8+dfsg-1) unstable; urgency=high
     193
     194  * New upstream security release, released 11 May 2015.  Security issues
     195    fixed:
     196    - MSA-15-0018: Quiz manual-grading is an XSS risk, but does not declare
     197      that, Reported by Hugh Davenport, MDL-49941, CVE-2015-3174
     198    - MSA-15-0019: Possible phishing when redirecting to external site using
     199      referer header, Reported by Dingjie Yang, MDL-49179, CVE-2015-3175
     200    - MSA-15-0020: User fullname disclosure through account confirmation link,
     201      Reported by: Federico Kirschbaum, MDL-50099, CVE-2015-3176
     202    - MSA-15-0022: Potential XSS risk when returning text entered by student
     203      from Web Services, Reported by Eloy Lafuente, MDL-49718, CVE-2015-3178
     204    - MSA-15-0023: Suspended user is able to login when confirming email,
     205      Reported by Marina Glancy, MDL-50090, CVE-2015-3179
     206    - MSA-15-0024: User with suspended enrolment can see sections in the
     207      navigation tree, Reported by Alex Mitin, MDL-49788, CVE-2015-3180
     208    - MSA-15-0025: Capability to manage own files is not respected in Web
     209      Services, Reported by Juan Leyva, MDL-49994, CVE-2015-3181
     210    See http://www.openwall.com/lists/oss-security/2015/05/18/1 for more details
     211    on these fixed security issues.  Some other fixes: MDL-48187 - Fixed problem
     212    with new items automatically marked as extra credit in SWM category in
     213    Gradebook; MDL-42449 - Grade category is preserved when duplicating a
     214    module; MDL-46746, MDL-47003, MDL-47002 - Atto editor HTML cleaning is less
     215    aggressive and more aware of special tags, especially noticeable when
     216    pasting text from Word.  See the Moodle 2.7.8 release notes at
     217    https://docs.moodle.org/dev/Moodle_2.7.8_release_notes for more details.
     218    Thanks Salvatore Bonaccorso.  Closes: #785591
     219  * debian/watch: fix syntax.
     220
     221 -- Joost van Baal-Ilić <joostvb@debian.org>  Fri, 22 May 2015 10:34:59 +0200
     222
     223moodle (2.7.7+dfsg-2) unstable; urgency=high
     224
     225  * debian/install: now installs scripts mdeploy.php and mdeploytest.php.
     226  * debian/install: now installs the directory "availability", thanks Maarten
     227    Horden and Oscar Diaz (Closes: #778422).
     228  * debian/changelog: Add some extra information on issues fixed in entry
     229    moodle (2.7.7+dfsg-1)), thanks Marina Glancy and Thijs Kinkhorst.
     230  * debian/changelog: Add some extra information on CVE-2013-3630 in entry
     231    moodle (2.7.5+dfsg-3), thanks Marina Glancy.
     232
     233 -- Joost van Baal-Ilić <joostvb@debian.org>  Tue, 17 Mar 2015 14:20:39 +0100
     234
     235moodle (2.7.7+dfsg-1) unstable; urgency=high
     236
     237  * New upstream security release, released 10 March 2015.  (Moodle 2.7.6 was
     238    released 9 March 2015).  Issues fixed:
     239    - MSA-15-0010: Personal contacts and number of unread messages can be
     240      revealed, Reported by Barry Oosthuizen, MDL-49204, CVE-2015-2266
     241    - MSA-15-0011: Authentication in mdeploy can be bypassed. Reported by
     242      Frédéric Massart, MDL-49087 CVE-2015-2267
     243    - MSA-15-0012: ReDoS Possible with Convert links to URLs filter. Reported by
     244      Rob, MDL-38466, CVE-2015-2268
     245    - MSA-15-0013: Block title not properly escaped and may cause HTML
     246      injection.  Reported by Gjoko Krstic, MDL-49144, CVE-2015-2269
     247    - MSA-15-0014: Potential information disclosure for the inaccessible
     248      courses.  Reported by Sam Hemelryk, MDL-48804, CVE-2015-2270
     249    - MSA-15-0015: User without proper permission is able to mark the tag as
     250      inappropriate, Reported by Frédéric Massart, MDL-49084, CVE-2015-2271
     251    - MSA-15-0016: Web services token can be created for user with temporary
     252      password.  Reported by Juan Leyva, MDL-48691, CVE-2015-2272
     253    - MSA-15-0017: XSS in quiz statistics report. Reported by Tim Hunt,
     254      MDL-49364, CVE-2015-2273
     255  * debian/changelog: enhance 2.7.2-1 entry: add note on upstream long term
     256    support of this 2.7 branch.
     257  * debian/TODO: add some build instructions.
     258  * debian/control: more strict php-cas dependency: known to break with
     259    1.3.1-4+deb7u1, known to work with 1.3.3-1.
     260
     261 -- Joost van Baal-Ilić <joostvb@debian.org>  Tue, 10 Mar 2015 14:12:49 +0100
     262
     263moodle (2.7.5+dfsg-3) unstable; urgency=high
     264
     265  * debian/README.Debian: add authors and dates, in order to make status more
     266    clear.
     267  * debian/watch: (trying to) get it working again, with revamped moodle.org
     268    website.
     269  * debian/changelog: add even more CVE-numbers to entry 2.7.5+dfsg-1.
     270  * For the record, https://security-tracker.debian.org/tracker/CVE-2013-3630
     271    will not get fixed: it's not a bug: the attack can only get launched by an
     272    administrator, and administrators need to be trusted.  Sites that provide
     273    shared hosting and want to prevent the Moodle admin user from being able to
     274    set executable paths can also use: "$CFG->preventexecpath = true;".  See
     275    also Debian bug #775842 and Moodle issue MDL-41449.
     276  * Fix CVE-2014-4172 and CVE-2014-2054:
     277    - debian/rules, debian/control: don't use CAS client library as shipped with
     278      moodle (unchanged phpCAS 1.3.3, see upstream
     279      auth/cas/CAS/moodle_readme.txt) but php-cas as shipped with Debian
     280      (1.3.3-1 and 1.3.1-4+deb7u1); create symlinks /u/s/m/auth/cas/CAS/CAS.php
     281      -> /usr/share/php/CAS.php and /u/s/m/auth/cas/CAS/CAS ->
     282      /usr/share/php/CAS/.  This fixes CVE-2014-4172.
     283    - debian/rules: remove /u/s/m/lib/phpexcel from binary package.  Remove
     284      lib/phpexcel/PHPExcel/Shared/OLE* from upstream sources.  This fixes both
     285      a license problem and a security problem: Although the PHP license is
     286      generally agreed to be DFSG-free, using it as a license on anything that
     287      isn't PHP itself makes the result non-free.  PHP OLE is licensed under the
     288      PHP license.  Older versions of PHP Excel, such as the one shipped with
     289      moodle, suffer from security problem CVE-2014-2054.  See also Debian Bug
     290      #718585 "RFP: php-excel".  (Closes: #746594)
     291    This closed Debian bug "Multiple security issues"; thanks Moritz
     292    Muehlenhoff, Thijs Kinkhorst and Hubert Chathi (Closes: #775842)
     293
     294 -- Joost van Baal-Ilić <joostvb@debian.org>  Mon, 09 Mar 2015 12:56:41 +0100
     295
     296moodle (2.7.5+dfsg-2) unstable; urgency=high
     297
     298  * debian/README.Debian: add notes on upgrading.
     299  * debian/TODO: added.
     300  * debian/changelog: add CVE-number to previous entry.
     301
     302 -- Joost van Baal-Ilić <joostvb@debian.org>  Tue, 10 Feb 2015 14:27:09 +0000
     303
     304moodle (2.7.5+dfsg-1) unstable; urgency=high
     305
     306  * New upstream security release:
     307     Moodle 2.7.5 release notes, Release date: 2 February, 2015: "A number of
     308     security related issues were resolved." "Here is the
     309     full list of fixed issues in 2.7.5:
     310     https://tracker.moodle.org/issues/?jql=project+%3D+mdl+AND+resolution+%3D+fixed+AND+fixVersion+in+%28%222.7.5%22%29+ORDER+BY+priority+DESC"
     311     Fixes include: "Preauthenticated Local File Disclosure", as reported
     312     by Emiel Florijn, MDL-48980 and MDL-48990, i.e. CVE-2015-1493 (also
     313     aliased as CVE-2015-0246).  See also
     314     https://docs.moodle.org/dev/Moodle_2.7.5_release_notes and
     315     https://moodle.org/mod/forum/discuss.php?d=279956 , published feb 10
     316     2015.
     317
     318  * For the record: Security issues fixed in upstream Moodle 2.7.3 and 2.7.4:
     319     CVE-2015-0218 (see
     320     https://security-tracker.debian.org/tracker/CVE-2015-0218),
     321     CVE-2015-0217, CVE-2015-0216, CVE-2015-0215, CVE-2015-0214, CVE-2015-0213,
     322     CVE-2015-0212, CVE-2015-0211, CVE-2014-9059, CVE-2014-7848, CVE-2014-7847,
     323     CVE-2014-7846, CVE-2014-7845, CVE-2014-7838, CVE-2014-7837, CVE-2014-7836,
     324     CVE-2014-7835, CVE-2014-7834, CVE-2014-7833, CVE-2014-7832, CVE-2014-7831,
     325     CVE-2014-7830, CVE-2014-3617, CVE-2014-3553, CVE-2014-3551, CVE-2014-3548,
     326     CVE-2014-3547, CVE-2014-3546, CVE-2014-3545, CVE-2014-3544, CVE-2014-3543,
     327     CVE-2014-3542, CVE-2014-3541.
     328
     329 -- Joost van Baal-Ilić <joostvb@debian.org>  Mon, 02 Feb 2015 08:38:14 +0000
     330
     331moodle (2.7.2+dfsg-3) experimental; urgency=medium
     332
     333  * Remove lib/tcpdf/include/sRGB.icc from upstream source since it does
     334    not allow modification (usually known as
     335    sRGB_IEC61966-2-1_black_scaled.icc).  FWIW: this file was not installed
     336    by the Moodle 2.6.3 Debian package.  Thanks bastien ROUCARIES, Riley Baird
     337    and Tomasz Muras. Closes: #754565
     338  * Remove lib/flowplayer/flowplayer.audio-3.2.11.swf since sources missing.
     339  * debian/rules: add preliminary target dfsg, with some comments.
     340
     341 -- Joost van Baal-Ilić <joostvb@debian.org>  Fri, 30 Jan 2015 12:48:55 +0000
     342
     343moodle (2.7.2-2) experimental; urgency=medium
     344
     345  * debian/control: remove Thijs Kinkhorst from Uploaders, on his request.
     346    Thanks Thijs!
     347  * debian/source/include-binaries, debian/missing-sources: Added missing
     348    sources for
     349    - the Flowplayer video player from Flowplayer Ltd
     350      (http://flash.flowplayer.org/): flash-release_3_2_18.tar.gz for
     351      flowplayer-3.2.18.swf, flash-release_3_2_16.tar.gz for
     352      lib/flowplayer/flowplayer.controls-3.2.16.swf.
     353      Downloaded from https://github.com/flowplayer/flash/releases.
     354      See also #736800 "Sourceless flash file" and
     355      https://tracker.moodle.org/browse/MDL-44093.  Thanks bastien ROUCARIES,
     356      Robert Bihlmeyer and Thijs Kinkhorst.   Closes: #736800
     357    - filter/tex/mimetex.linux and mimetex.freebsd
     358    NB: flowplayer-3.2.18.swf, flowplayer.controls-3.2.16.swf, mimetex.linux
     359    and mimetex.freebsd are not shipped with the binary Debian package.
     360
     361 -- Joost van Baal-Ilić <joostvb@debian.org>  Mon, 03 Nov 2014 15:03:51 +0100
     362
     363moodle (2.7.2-1) unstable; urgency=medium
     364
     365  * This is a semi-public release.
     366  * New upstream release; new upstream 2.7 branch.  About this branch, upstream
     367    states, at https://docs.moodle.org/dev/Releases#Moodle_2.7 : "Bug fixes for
     368    general core bugs in 2.7.x will end 11 May 2015 (12 months).  Bug fixes for
     369    serious security issues in 2.7.x will end 8 May 2017 (36 months)."
     370  * This upstream release fixes security issues:
     371    - MSA-14-0014 Cross-site request forgery possible in Assignment
     372      [CVE-2014-0213]
     373    - MSA-14-0015 Web service token expiry issue for MoodleMobile
     374      [CVE-2014-0214]
     375    - MSA-14-0016 Anonymous student identity revealed in Assignment
     376      [CVE-2014-0215]
     377    - MSA-14-0017 File access issue in HTML block [CVE-2014-0216]
     378    - MSA-14-0018 Information leak in courses [CVE-2014-0217]
     379    - MSA-14-0019 Reflected XSS in URL downloader repository [CVE-2014-0218]
     380    (See https://docs.moodle.org/dev/Moodle_2.7_release_notes#Security_issues)
     381  * debian/rules: remove extra license file
     382    lib/editor/atto/yui/src/rangy/js/license.txt.
     383  * debian/copyright: add MIT license, for Rangy library for the Atto editor.
     384  * debian/moodle.lintian-overrides: add embedded-php-library
     385    lib/markdown/Markdown.php: we can't use Debian's libmarkdown-php due to
     386    incompatibilities.
     387  * debian/moodle.lintian-overrides: add embedded-php-library
     388    lib/simplepie/library/SimplePie.php: we can't use Debian's libphp-simplepie
     389    due to incompatibilities.
     390  * debian/moodle.lintian-overrides: add embedded-php-library
     391    lib/yuilib/3.15.0/yui/yui-min.js: we can't use Debian's libjs-yui
     392    due to incompatibilities.
     393  * debian/moodle.lintian-overrides, debian/source/lintian-overrides: change
     394    lines like "moodle: embedded-javascript-library
     395    lib/editor/tinymce/tiny_mce/3.5.8/tiny_mce.js" in "moodle source:
     396    source-is-missing
     397    lib/editor/tinymce/tiny_mce/3.5.10/plugins/advimage/langs/en_dlg.js":
     398    Moodle _does_ ship (modified) sources.
     399  * debian/rules, debian/control: don't use TCPDF library as shipped with
     400    moodle (tcpdf_php5 TCPDF 5.9.133 MDL-29283, see
     401    lib/tcpdf/readme_moodle.txt), but php-tcpdf as shipped with
     402    Debian (6.0.048+dfsg-2~bpo70+1 in wheezy-backports, 6.0.093+dfsg-1 in
     403    jessie): create symlink /usr/share/moodle/lib/tcpdf -> /usr/share/php/tcpdf.
     404    NB: the file lib/tcpdf/include/sRGB.icc does not allow modification.
     405  * debian/source/lintian-overrides: Moodle _does_ ship source of files
     406    lib/yuilib/3.15.0/datatype-date-format/lang/datatype-date-format* and other
     407    3.15.0 and 2in3/2.9.0/build files.
     408  * debian/source/lintian-overrides: Moodle _does_ ship source of file
     409    AMFTester.swf in amf/testclient/AMFTester.mxml.
     410  * debian/rules: do not install the Flowplayer video player from Flowplayer
     411    Ltd (http://flash.flowplayer.org/): source is missing.
     412  * debian/docs: remove tags.txt: only relevant for developers.
     413  * debian/control: add myself to uploaders.
     414  * debian/control: checked for policy 3.9.6, no changes necessary.
     415
     416 -- Joost van Baal-Ilić <joostvb@debian.org>  Tue, 28 Oct 2014 09:44:46 +0100
     417
     418moodle (2.6.3-1) unstable; urgency=medium
     419
     420  * New upstream release.
     421
     422 -- Thijs Kinkhorst <thijs@debian.org>  Mon, 12 May 2014 16:10:38 +0200
     423
     424moodle (2.6.2-1) unstable; urgency=medium
     425
     426  * New upstream release.
     427
     428 -- Thijs Kinkhorst <thijs@debian.org>  Wed, 12 Mar 2014 18:17:07 +0100
     429
     430moodle (2.6.1-1) unstable; urgency=low
     431
     432  * New upstream release.
     433  * Do install tcpdf lib, which is now required by core Moodle.
     434
     435 -- Thijs Kinkhorst <thijs@debian.org>  Wed, 12 Feb 2014 15:49:12 +0100
     436
     437moodle (2.5.4-1) unstable; urgency=medium
     438
     439  * New upstream release, fixing security issues:
     440    - MSA-14-0001 Config passwords visibility issue [CVE-2014-0008]
     441    - MSA-14-0002 Group constraints lacking in "login as" [CVE-2014-0009]
     442    - MSA-14-0003 CSRF vulnerability in profile fields [CVE-2014-0010]
     443  * Move /var/lib/moodle directory into package.
     444  * Revert back to bundled yui3. Unfortunately, version in Debian and
     445    of upstream are not compatible (closes: #735312).
     446
     447 -- Thijs Kinkhorst <thijs@debian.org>  Tue, 21 Jan 2014 13:40:52 +0100
     448
     449moodle (2.5.3-3) unstable; urgency=medium
     450
     451  * Drop unused libjs-yui dependency (closes: #730104).
     452  * Replace bundled yui3 with dependency on packaged libjs-yui3-min.
     453  * Add virtual-mysql-{server,client} dependency alternatives
     454    (closes: #732895).
     455  * Change owner of config.php from www-data to root.
     456  * Checked for policy 3.9.5, no changes necessary.
     457
     458 -- Thijs Kinkhorst <thijs@debian.org>  Fri, 03 Jan 2014 11:44:05 +0100
     459
     460moodle (2.5.3-2) unstable; urgency=medium
     461
     462  * Fix syntax error in generated config.php.
     463
     464 -- Thijs Kinkhorst <thijs@debian.org>  Fri, 29 Nov 2013 09:17:29 +0100
     465
     466moodle (2.5.3-1) unstable; urgency=low
     467
     468  * New upstream version: 2.5.3.
     469    - Incorporates CAS security patch.
     470    - Fixes security issues CVE-2013-4522, CVE-2013-4523,
     471      CVE-2013-4524, CVE-2013-4525, CVE-2013-6780.
     472
     473 -- Thijs Kinkhorst <thijs@debian.org>  Fri, 22 Nov 2013 14:09:51 +0100
     474
     475moodle (2.5.2-1) unstable; urgency=medium
     476
     477  * New upstream version: 2.5.2.
     478    - Incorporates S3 security patch.
     479
     480 -- Thijs Kinkhorst <thijs@debian.org>  Mon, 09 Sep 2013 15:22:35 +0200
     481
     482moodle (2.5.1-2) unstable; urgency=low
     483
     484  * Update debconf translation for
     485    Swedish, thanks Martin Bagge (closes: #717323);
     486    Italian, thanks Beatrice Torracca (closes: #717162);
     487    French, thanks Julien Patriarca (closes: #717548);
     488    Czech, thanks Michal Simunek (closes: #717550).
     489  * Add Breaks/Replaces moodle-book; integrated since Moodle 2.3.
     490
     491 -- Thijs Kinkhorst <thijs@debian.org>  Sun, 04 Aug 2013 17:30:38 +0200
     492
     493moodle (2.5.1-1) unstable; urgency=low
     494
     495  * New upstream version: 2.5.1.
     496    - Fixes security issues:
     497      CVE-2013-2242 CVE-2013-2243 CVE-2013-2244 CVE-2013-2245
     498      CVE-2013-2246
     499  * Depend on apache2 instead of obsolete apache2-mpm-prefork.
     500  * Use packaged libphp-phpmailer (closes: #429339), adodb,
     501    HTMLPurifier, PclZip.
     502  * Update debconf translations, thanks Salvatore Merone, Pietro Tollot,
     503    Joe Hansen, Yuri Kozlov, Holger Wansing, Américo Monteiro,
     504    Adriano Rafael Gomes, victory, Michał Kułach.
     505    (closes: #716972, #716986, #717080, #717108, #717278)
     506
     507 -- Thijs Kinkhorst <thijs@debian.org>  Fri, 19 Jul 2013 08:52:46 +0200
     508
     509moodle (2.5-1) unstable; urgency=low
     510
     511  * New upstream version: 2.5.
     512    - Removed problematically licenced JSON code (closes: #692626).
     513    - Fixes security issues:
     514      CVE-2012-3363, CVE-2012-6098, CVE-2012-6099, CVE-2012-6100,
     515      CVE-2012-6101, CVE-2012-6103, CVE-2012-6104, CVE-2012-6105,
     516      CVE-2012-6112, CVE-2013-1829, CVE-2013-1830, CVE-2013-1831,
     517      CVE-2013-1832, CVE-2013-1833, CVE-2013-1834, CVE-2013-1835,
     518      CVE-2013-1836, CVE-2013-2080, CVE-2013-2081, CVE-2013-2082,
     519      CVE-2013-2083 (closes: #702387, #703870).
     520  * FLV player removed, no need to repack source tarball.
     521  * Checked for policy 3.9.4, no changes. Updated to debhelper 8.
     522  * Use xz compression for binary packages.
     523
     524 -- Thijs Kinkhorst <thijs@debian.org>  Fri, 28 Jun 2013 15:35:53 +0200
     525
     526moodle (2.2.7.dfsg-1) unstable; urgency=low
     527
     528  * New upstream version: 2.2.7+ (Build: 20130125)
     529
     530  * Fix possible security issue for curl in 3rd party libraries:
     531    * phpCAS (CVE-2012-5583)
     532    * amazon-s3-php-class (CVE-2012-6087)
     533
     534 -- Tomasz Muras <nexor1984@gmail.com>  Mon, 28 Jan 2013 17:43:26 +0100
     535
     536moodle (2.2.6.dfsg-1) unstable; urgency=low
     537
     538  * New upstream version: 2.2.6 (Build: 20121112)
     539
     540 -- Tomasz Muras <nexor1984@gmail.com>  Thu, 15 Nov 2012 21:50:13 +0100
     541
     542moodle (2.2.3.dfsg-2.6) unstable; urgency=low
     543
     544  * Non-maintainer upload.
     545
     546  * Backport multiple security issues from upstream's MOODLE_22_STABLE
     547    branch.
     548    - MSA-12-0057: MDL-29872 - Access issue through repository
     549      Fixes CVE-2012-5471
     550    - MSA-12-0058: MDL-32785 - Possible form data manipulation issue
     551      Fixes CVE-2012-5472
     552    - MSA-12-0059: MDL-34448 - Information leak in Database activity module
     553      Fixes CVE-2012-5473
     554    - MSA-12-0061: MDL-33791 - Remote code execution through Portfolio API
     555      Fixes CVE-2012-5479
     556    - MSA-12-0062: MDL-35558 - Information leak in Database activity module
     557      Fixes CVE-2012-5480
     558
     559 -- Didier Raboud <odyx@debian.org>  Mon, 12 Nov 2012 10:00:00 +0100
     560
     561moodle (2.2.3.dfsg-2.5) unstable; urgency=low
     562
     563  * Non-maintainer brown-paper bag upload.
     564
     565  * Fix the preinst shell syntax to properly drop the left-over symlink
     566    in favour of the shipped directory. (Closes: #689506 fo real now)
     567
     568 -- Didier Raboud <odyx@debian.org>  Wed, 31 Oct 2012 08:25:55 +0100
     569
     570moodle (2.2.3.dfsg-2.4) unstable; urgency=low
     571
     572  * Non-maintainer upload.
     573
     574  * Drop a left-over symlink in favour of the shipped directory.
     575   (Closes: #689506)
     576
     577 -- Didier Raboud <odyx@debian.org>  Sun, 28 Oct 2012 15:01:09 +0100
     578
     579moodle (2.2.3.dfsg-2.3) unstable; urgency=low
     580
     581  * Non-maintainer upload.
     582
     583  * Backport multiple security issues from upstream's MOODLE_22_STABLE
     584    branch. (Closes: #687924)
     585    - MSA-12-0051: MDL-30792 - File upload size constraint issue
     586      Fixes CVE-2012-4400
     587    - MSA-12-0052: MDL-28207 - Course topics permission issue
     588      Fixes CVE-2012-4401
     589    - MSA-12-0053: MDL-34585 - Blog file access issue
     590      Fixes CVE-2012-4407
     591    - MSA-12-0054: MDL-34519 - Course reset permission issue
     592      Fixes CVE-2012-4408
     593    - MSA-12-0055: MDL-34368 - Web service access token issue
     594      Fixes CVE-2012-4402
     595
     596 -- Didier Raboud <odyx@debian.org>  Fri, 28 Sep 2012 12:52:21 +0200
     597
     598moodle (2.2.3.dfsg-2.2) unstable; urgency=low
     599
     600  * Non-maintainer upload.
     601
     602  * Backport multiple security issues from upstream's MOODLE_22_STABLE
     603    branch. (Closes: #682203)
     604    - MDL-31692 mod_lti - ensure that various mforms are used properly
     605      Fixes CVE-2012-3389
     606    - MDL-33916 Ensure that capabilities are checked for cached user
     607      enrolments
     608      Fixes CVE-2012-3388
     609
     610 -- Didier Raboud <odyx@debian.org>  Mon, 23 Jul 2012 19:13:56 +0200
     611
     612moodle (2.2.3.dfsg-2.1) unstable; urgency=low
     613
     614  * Non-maintainer upload.
     615
     616  * Backport multiple security issues from upstream's MOODLE_22_STABLE
     617    branch (Closes: #682203)
     618    - MDL-33808 - format title on the repository instance screen
     619    - MDL-33808 - incorrect cleaning of repository names
     620      Both patches fix CVE-2012-3393.
     621    - MDL-23254 Authentication : used httpswwwroot as root url during
     622      authentication procedure where $PAGE->https_required() is
     623      specified.
     624      Fix CVE-2012-3394
     625    - MDL-27675 - Feedback module abuses data_submitted
     626      Fix CVE-2012-3395
     627    - MDL-34045 fix invalid idnumber field type in cohort form
     628      Fix CVE-2012-3396
     629    - MDL-33466: Group restriction should hide activity even with 'show
     630      availability' option
     631      Fix CVE-2012-3397
     632
     633 -- Didier Raboud <odyx@debian.org>  Fri, 20 Jul 2012 19:52:07 +0200
     634
     635moodle (2.2.3.dfsg-2) unstable; urgency=low
     636
     637  *  Don't depend on ucf during purge (closes: #678027)
     638
     639 -- Tomasz Muras <nexor1984@gmail.com>  Thu, 21 Jun 2012 17:31:35 +0200
     640
     641moodle (2.2.3.dfsg-1) unstable; urgency=high
     642
     643  *  New upstream version: 2.2.3+ (Build: 20120615)
     644     closes: #674163
     645
     646 -- Tomasz Muras <nexor1984@gmail.com>  Sat, 16 Jun 2012 21:39:12 +0200
     647
     648moodle (2.2.2.dfsg-2) unstable; urgency=low
     649
     650  * Fix path to cron (closes: #669229)
     651
     652 -- Tomasz Muras <nexor1984@gmail.com>  Wed, 18 Apr 2012 19:34:35 +0200
     653
     654moodle (2.2.2.dfsg-1) unstable; urgency=low
     655
     656  * New upstream version: 2.2.2+ (Build: 20120412)
     657    closes: #658865,#664260,#647489,#443949,#441013,#505044,#375290
     658  * Updated Standards-Versions to 3.9.3
     659  * Removing Dan from maintainers (thanks for all your work Dan!)
     660
     661 -- Tomasz Muras <nexor1984@gmail.com>  Sun, 15 Apr 2012 13:50:52 -0400
     662
     663moodle (1.9.9.dfsg2-6) unstable; urgency=high
     664
     665  * Backporting security fixes from Moodle 1.9.17
     666     - MSA-12-00013 DB activtity export does not respect groups
     667         (CVE-2012-1155, closes: #668411)
     668
     669 -- Tomasz Muras <nexor1984@gmail.com>  Thu, 12 Apr 2012 21:55:48 +0100
     670
     671moodle (1.9.9.dfsg2-5.1) unstable; urgency=low
     672
     673  * Non-maintainer upload.
     674  * Fix pending l10n issues. Debconf translations:
     675    - Danish (Joe Hansen).  Closes: #658747
     676    - Dutch; (Jeroen Schot).  Closes: #660243
     677    - Brazilian Portuguese (Adriano Rafael Gomes).  Closes: #668092
     678    - Italian (Beatrice Torracca).  Closes: #668161
     679
     680 -- Christian Perrier <bubulle@debian.org>  Tue, 10 Apr 2012 07:36:58 +0200
     681
     682moodle (1.9.9.dfsg2-5) unstable; urgency=high
     683
     684  * Backporting security fixes from Moodle 1.9.15 and 1.9.16
     685    (closes: #652235)
     686     - MSA-11-0054 Personal information leak
     687     - MSA-11-0045 Potential to masquerade through MNet (CVE-2011-4584)
     688     - MSA-11-0046 Insecure authentication transmission (CVE-2011-4585)
     689     - MSA-11-0047 Possible injection attack in Calendar (CVE-2011-4586)
     690     - MSA-11-0048 Password loss issue (CVE-2011-4587)
     691     - MSA-11-0049 Network restriction ineffective with MNet (CVE-2011-4588)
     692     - MSA-12-0007 Email injection prevention (CVE-2012-0796)
     693     - MSA-12-0006 Additional email address validation (CVE-2012-0795)
     694     - MSA-12-0005 Encryption enhancement (CVE-2012-0794)
     695     - MSA-12-0004 Added profile image security (CVE-2012-0793)
     696     - MSA-12-0003 Added password protection
     697     - MSA-12-0002 Personal information leak, previously MSA-11-0040
     698       (CVE-2011-4308 and CVE-2012-0792)
     699     - MSA-12-0001 Recaptcha transmission consistency issue
     700
     701 -- Tomasz Muras <nexor1984@gmail.com>  Mon, 27 Feb 2012 21:14:48 +0000
     702
     703moodle (1.9.9.dfsg2-4) unstable; urgency=high
     704
     705  * Backporting security fixes from Moodle 1.9.13 and 1.9.14
     706      - MSA-11-0026 Fields in user upload CSV not being escaped (MDL-28360)
     707      - MSA-11-0025 Group names in user upload CSV not being escaped (MDL-28197)
     708      - MSA-11-0024 Recaptcha images were being authenticated
     709          from an older server (MDL-27889) (closes: #638935)
     710      - MSA-11-0020 Continue links in error messages can lead offsite (MDL-27464)
     711      - MSA-11-0038 Database injection protection strengthened (MDL-29033)
     712      - MSA-11-0037 Course section editing injection vulnerability (MDL-28722)
     713      - MSA-11-0036 Messaging refresh vulnerability (MDL-29311)
     714      - MSA-11-0032 MNET SSL validation issue (MDL-29148)
     715      - MSA-11-0031 Forms API constant issue (MDL-23872)
     716  * Make sure that smarty & yui symlinks are correct (closes: 603255,614712)
     717
     718 -- Tomasz Muras <nexor1984@gmail.com>  Fri, 28 Oct 2011 13:29:14 +0100
     719
     720moodle (1.9.9.dfsg2-3) unstable; urgency=high
     721
     722  * Backporting security fixes from Moodle 1.9.11 and 1.9.12
     723      - MSA-11-0002 Cross-site request forgery vulnerability in RSS block (MDL-18839)
     724      - MSA-11-0003 Cross-site scripting vulnerability in tag autocomplete (MDL-25754)
     725      - MSA-11-0008 IMS enterprise enrolment file may disclose sensitive information (MDL-26189)
     726      - MSA-11-0011 Multiple cross-site scripting problems in media filter (MDL-26030)
     727      - MSA-11-0015 Cross Site Scripting through URL encoding (MDL-26966)
     728      - MSA-11-0013 Group/Quiz permissions issue (MDL-25122)
     729
     730 -- Tomasz Muras <nexor1984@gmail.com>  Wed, 18 May 2011 20:57:59 +0100
     731
     732moodle (1.9.9.dfsg2-2.1) unstable; urgency=low
     733
     734  * Non-maintainer upload.
     735  * Fix encoding of Swedish debconf translation.
     736
     737 -- Christian Perrier <bubulle@debian.org>  Tue, 11 Jan 2011 22:03:44 +0100
     738
     739moodle (1.9.9.dfsg2-2) unstable; urgency=low
     740
     741  * Added Romanian translation
     742  * Updated Japanese translation (closes: #596820)
     743  * Backporting security fixes from Moodle 1.9.10 (closes: #601384)
     744     - Updated embedded CAS to 1.1.3
     745     - Added patch for MDL-24523:
     746       clean_text() not filtering text in markdown format
     747     - Added patch for MDL-24810 and upgraded customized HTML Purifier to 4.2.0
     748     - Added patch for MDL-24258:
     749       students can delete their forum posts later than $CFG->maxeditingtime
     750       under certain conditions
     751     - Added patch for MDL-23377:
     752       Can't delete quiz attempts in course without enrolled students
     753
     754 -- Tomasz Muras <nexor1984@gmail.com>  Sat, 30 Oct 2010 12:19:28 +0100
     755
     756moodle (1.9.9.dfsg2-1) unstable; urgency=low
     757
     758  * Enable HTML purifier by default
     759  * Added Janapenese translation (closes: #593808)
     760  * Removed from source swf files without a source code
     761    and added README.source
     762  * Updated bundled HTML purifier library - fix for
     763    CVE-2010-2479 (closes: #593301)
     764
     765 -- Tomasz Muras <nexor1984@gmail.com>  Tue, 24 Aug 2010 20:35:29 +0100
     766
     767moodle (1.9.9.dfsg-1) unstable; urgency=low
     768
     769  [ Jonathan Wiltshire ]
     770  * Debconf templates and debian/control reviewed by the debian-l10n-
     771    english team as part of the Smith review project. Closes: #588871
     772  * Debconf translation updates:
     773     - Russian (closes: #589247)
     774     - Czech (closes: #589265)
     775     - Swedish (closes: #589270)
     776     - French (closes: #589510)
     777     - German (closes: #590120)
     778     - Spanish (closes: #590449)
     779     - Portugese (closes: #590556)
     780
     781  [ Tomasz Muras ]
     782  * New debconf translation - Polish
     783  * Removed .swf files as non-free (closes: #591201)
     784  * Fixed generation of config.php for postgres (thanks Giles Westwood)
     785
     786 -- Tomasz Muras <nexor1984@gmail.com>  Sun, 15 Aug 2010 21:19:10 +0100
     787
     788moodle (1.9.9-2) unstable; urgency=low
     789
     790  * Fixed JS includes for YUI library (closes: #589612)
     791  * Bumped standards version to 3.9.0
     792  * Moved BSD licenses into copyright (fixes lintian warning)
     793  * Setting DM-Upload-Allowed as agreed with Xavier Oswald <xoswald@debian.org>
     794
     795 -- Tomasz Muras <nexor1984@gmail.com>  Thu, 22 Jul 2010 23:23:22 +0100
     796
     797moodle (1.9.9-1) unstable; urgency=low
     798
     799  * Rewritten debian/rules
     800  * Removed unnecessary usr/share/moodle/update-notifier
     801  * New Upstream Version: 1.9.9
     802  * New upstream fixes CVE-2010-1619 (closes: #585425)
     803  * New upstream fixes MSA-10-0011 (closes: #586280)
     804
     805 -- Tomasz Muras <nexor1984@gmail.com>  Wed, 23 Jun 2010 21:00:39 +0100
     806
     807moodle (1.9.8-1) unstable; urgency=low
     808
     809  [Tomasz Muras]
     810  * New Maintainer (closes: #581229, #574969).
     811  * New Upstream Version (closes: #475535).
     812  * Added information about flvplayer to copyright (closes: #526543).
     813  * phpCAS XSS vulnerability fixed in mainstream Moodle 1.9.8 (closes: #574757).
     814  * Several security issues fixed in upstream (closes: #576189).
     815  * Moodle depends on postgresql or MySQL (closes: #551399).
     816  * Re-written to use dbconfig-common (closes: #302205).
     817  * Updated copyright with two new entires (closes: #526543).
     818  * Drop use of wwwconfig (closes: #389502).
     819  * Package is now not creating Apache config automatically (closes: #555672).
     820    It's up to the user to configure the webserver but package provides the
     821    templates.
     822  * Added "allow from localhost" (closes: #551402).
     823  * Asking for wwwroot during the installation (closes: #302207).
     824  * Removing nusoap as it's not necessary for PHP 5 (closes: #529573).
     825
     826  [Xavier Oswald]
     827  * Add myself as uploader.
     828  * Bump Stadards-Version to 3.8.4.
     829  * debian/copyright: update with DEP-5 format proposal.
     830  * Switch to dpkg-source 3.0 (quilt) format
     831
     832  [Francois Marier]
     833  * Bump debhelper compatibility to 7
     834  * Add a watch file
     835  * debian/control (dependencies)
     836    - Depend on libjs-yui instead of yui (renamed after lenny)
     837    - Add dependency on unzip
     838    - Recommend php5-xmlrpc and aspell
     839    - Suggest clamav
     840    - Demoted mimetex to recommended
     841  * Turn 'dbpersist' on by default in the generated config.php
     842  * Include whitespace warning at the end of generated config.php
     843  * Set the path to du, unzip and zip
     844  * Fix a warning with E_STRICT is turned on
     845
     846 -- Xavier Oswald <xoswald@debian.org>  Sun, 20 Jun 2010 16:02:14 +0200
     847
     848moodle (1.8.2.dfsg-4) unstable; urgency=high
     849
     850  * Improve the fix for log URL filtering as suggested by Steffen Joeris
     851    (MSA-09-0007 / CVE-2009-0500)
     852  * Backport upstream fix for calendar export leakage
     853    (MSA-09-0006 / CVE-2009-0501)
     854
     855 -- Francois Marier <francois@debian.org>  Thu, 12 Feb 2009 17:27:07 +1300
     856
     857moodle (1.8.2.dfsg-3) unstable; urgency=high
     858
     859  * Delete unused (but vulnerable) Spellchecker plugin to htmlarea
     860    (MSA-09-0005, CVE-2008-5153)
     861  * Hide images of deleted users (MSA-09-0001)
     862  * Fix user pix disclosure (MSA-09-0002)
     863  * Fix XSS vulnerabilities in HTML blocks (MSA-09-0004)
     864  * Fix XSS vulnerabilities in logs (MSA-09-0007)
     865  * Fix CSRF vulnerability in forum code (MSA-09-0008)
     866
     867 -- Francois Marier <francois@debian.org>  Mon, 02 Feb 2009 19:09:10 +1300
     868
     869moodle (1.8.2.dfsg-2) unstable; urgency=high
     870
     871  [ Dan Poltawski ]
     872  * Patch SQL injection bug in hotpot module (MSA-08-0010)
     873  * Fix XSS bug in logged urls (MDL-11414)
     874  * Fix XSS bug in install script (MSA-08-0004)
     875  * Fix insufficient access control in Login as feature (MSA-08-0003)
     876  * Profiles of deleted users were accessible allowing for spam (MSA-08-0015)
     877  * Deficincy in text cleaning functions allowed for XSS (MSA-08-0021)
     878  * Fix CSRF in messaging settings (MSA-08-0023)
     879  * Fix anonymous group creation and html injection (MDL-11759)
     880  * Fix SQL injection bug in mnet (MDL-9288)
     881  * Fix SQL injection bug in restore (MDL-11857)
     882  * Insufficient cleaning of essay questions (MDL-12079)
     883  * Fix insufficient cleaning of PARAM_HOST (MDL-12793)
     884  * Fix XSS bug in logged urls (MDL-11414)
     885  * Fix uncleaned params in wiki (MDL-14806)
     886
     887  [ Francois Marier ]
     888  * Update html2text to prevent code execution attacks (closes: #508909)
     889
     890 -- Francois Marier <francois@debian.org>  Wed, 17 Dec 2008 13:37:10 +1300
     891
     892moodle (1.8.2.dfsg-1) unstable; urgency=high
     893
     894  * Replace html2text with a GPL alternative (closes: #507947)
     895  * Fix XSS in the wiki module (CVE-2008-5432, closes: #508593)
     896  * Add Dan Poltawski to the uploaders field
     897
     898 -- Francois Marier <francois@debian.org>  Tue, 16 Dec 2008 20:24:27 +1300
     899
     900moodle (1.8.2-2) unstable; urgency=high
     901
     902  * Adopt orphaned package (closes: #494642)
     903  * Acknowledge security NMU (closes: #489533, #432264)
     904  * Add Vcs-* fields to debian/control
     905
     906  Release-critical and security bugs:
     907 
     908  * Depend on smarty instead of using the embedded copy that is shipped
     909    with Moodle (closes: #471158, #488525, #504345)
     910  * Patch security bug in the embedded (and customised) copy of phpmailer
     911    (CVE-2007-3215, closes: #429339, #429190)
     912  * Patch cross-site scripting bug (CVE-2008-3326, closes: #492492)
     913  * Patch snoopy input sanitising (CVE-2008-4796, closes: #504235)
     914  * Upgrade to new LGPL version of domxml-php4-to-php5 (closes: #496069)
     915
     916  Trivial bug fixes:
     917
     918  * Depend on zip (closes: #408995)
     919  * Add mysql-client as an alternative to postgresql-client
     920    (closes: #417554, #469094)
     921  * Recommend php5-ldap (closes: #425839)
     922  * Delete unnecessary script with bashisms (closes: #489634)
     923
     924  Lintian warnings:
     925
     926  * Bump Standards-Version to 3.8.0
     927  * Add homepage field to debian/control
     928  * Remove cvsignore file
     929  * Remove extra license file
     930  * Depend on yui instead of using an embedded copy
     931
     932 -- Francois Marier <francois@debian.org>  Fri, 07 Nov 2008 08:24:28 +1300
     933
     934moodle (1.8.2-1.3) unstable; urgency=high
     935
     936  * Non-maintainer upload by the Security Team.
     937  * Fix broken HTML filtering which could be used to perform XSS attacks,
     938    bypass restrictions or possibly execute arbitrary code
     939    (CVE-2008-1502; Closes: #489533).
     940
     941 -- Nico Golde <nion@debian.org>  Sun, 20 Jul 2008 18:07:55 +0200
     942
     943moodle (1.8.2-1.2ubuntu2) intrepid; urgency=low
     944
     945  * SECURITY UPDATE: arbitrary code execution via multiple vectors.
     946    - Add CVE-2008-1502.dpatch: upstream KSES lib fixes, thanks to Nico Golde.
     947
     948 -- Kees Cook <kees@ubuntu.com>  Wed, 22 Oct 2008 14:01:33 -0700
     949
     950moodle (1.8.2-1.2ubuntu1) intrepid; urgency=low
     951
     952  * Merge from debian unstable, remaining changes:
     953    - Suggest php5-ldap
     954    - Modify Maintainer value to match Debian-Maintainer-Field Spec
     955    - debian/postinst ucf fixes
     956    - drop use of wwwconfig (database code in postinst stolen from mythtv)
     957
     958 -- Oliver Grawert <ogra@ubuntu.com>  Thu, 01 May 2008 02:19:09 +0100
     959
     960moodle (1.8.2-1.2) unstable; urgency=low
     961
     962  * Non-maintainer upload to fix pending l10n issues.
     963  * Debconf translations:
     964    - Japanese. Closes: #413105
     965    - Spanish. Closes: #413779
     966    - German. Closes: #415888
     967    - Dutch. Closes: #425711
     968    - Slovak. Closes: #437511
     969    - Brazilian Portuguese. Closes: #437680
     970    - Finnish. Closes: #468212
     971    - Basque. Closes: #470362
     972    - Galician. Closes: #470430
     973    - Vietnamese. Closes: #470602
     974    - Russian. Closes: #470790
     975  * [Lintian] Fix format of NEWS.Debian
     976  * [Lintian] Move debconf dependency to Pre-Depends as it is used
     977    in the preinst script
     978
     979 -- Christian Perrier <bubulle@debian.org>  Fri, 14 Mar 2008 07:33:53 +0100
     980
     981moodle (1.8.2-1.1) unstable; urgency=low
     982
     983  * Non-maintainer upload from the Zurich BSP
     984  * Added dependency on postgresql-client (Closes: #431589)
     985
     986 -- Tobias Klauser <tklauser@access.unizh.ch>  Sat, 12 Jan 2008 17:04:03 +0100
     987
     988moodle (1.8.2-1ubuntu4) hardy; urgency=low
     989
     990  * debian/postinst: ... except we should explicitly pass --debconf-ok
     991    to ucf, for compatibility with older versions.
     992
     993 -- Steve Langasek <steve.langasek@ubuntu.com>  Fri, 28 Mar 2008 01:16:24 +0000
     994
     995moodle (1.8.2-1ubuntu3) hardy; urgency=low
     996
     997  * debian/postinst: Only call db_stop after ucf has been run in
     998    handle_config(), since ucf itself uses debconf; and drop the
     999    "exec 0<&1" workaround which no longer matters. LP: #203844
     1000
     1001 -- Steve Langasek <steve.langasek@ubuntu.com>  Fri, 28 Mar 2008 00:37:00 +0000
     1002
     1003moodle (1.8.2-1ubuntu2) gutsy; urgency=low
     1004
     1005  * Package changed to avoid use of wwwconfig; borrowed database setup code
     1006    from Ubuntu mythtv package.
     1007
     1008 -- Matt Oquist <moquist@majen.net>  Sat, 28 Jul 2007 16:14:18 +0200
     1009
     1010moodle (1.8.2-1ubuntu1) gutsy; urgency=low
     1011
     1012  * Merge from Debian unstable. Remaining Ubuntu changes:
     1013    - Depends on postgresql-client
     1014    - Suggest php5-ldap
     1015    - Modify Maintainer value to match Debian-Maintainer-Field Spec
     1016
     1017 -- Vincent Legout <bixente44@gmail.com>  Tue, 17 Jul 2007 16:14:18 +0200
     1018
     1019moodle (1.8.2-1) unstable; urgency=low
     1020
     1021  * New upstream release, fixes security bug, closes: #432264
     1022
     1023 -- Isaac Clerencia <isaac@debian.org>  Mon, 09 Jul 2007 00:24:17 +0200
     1024
     1025moodle (1.8.1-1ubuntu1) gutsy; urgency=low
     1026
     1027  * Merge from debian unstable, remaining changes:
     1028    - Depends on postgresql-client
     1029    - Suggest php5-ldap
     1030    - Set apache2 as default in debian/templates
     1031    - Update Maintainer field in debian/control
     1032
     1033 -- Luca Falavigna <dktrkranz@ubuntu.com>  Fri, 15 Jun 2007 23:33:55 +0100
     1034
     1035moodle (1.8.1-1) unstable; urgency=low
     1036
     1037  * New upstream release
     1038  * Add php5-curl | php4-curl dependency for the new network features
     1039  * No longer depend on php4 and apache 1
     1040
     1041 -- Isaac Clerencia <isaac@debian.org>  Fri, 15 Jun 2007 14:12:43 +0200
     1042
     1043moodle (1.7.2-1ubuntu2) gutsy; urgency=low
     1044
     1045  * Switch back to postgresql-client and postgresql (LP: 110054)
     1046  * Suggest php5-ldap (LP: 107713)
     1047
     1048 -- Luca Falavigna <dktrkranz@ubuntu.com>  Sun, 10 Jun 2007 23:56:16 +0200
     1049
     1050moodle (1.7.2-1ubuntu1) gutsy; urgency=low
     1051
     1052  * Merge from Debian unstable. Remaining Ubuntu changes:
     1053    + debian/control:
     1054      - php5 by default.
     1055      - Add postgresql-client-8.1 to Depends.
     1056      - Update Recommends alternate to postgresql-8.1.
     1057    + debian/templates: Ensure the default corresponds to the install-
     1058      time dependencies (apache2).
     1059  * Modify Maintainer value to match Debian-Maintainer-Field Spec
     1060
     1061 -- Arthur Loiret <freacky22527@free.fr>  Sun,  3 Jun 2007 20:53:01 +0200
     1062
     1063moodle (1.7.2-1) unstable; urgency=low
     1064
     1065  * New upstream release
     1066
     1067 -- Isaac Clerencia <isaac@debian.org>  Fri, 01 Jun 2007 12:54:59 +0200
     1068
     1069moodle (1.7.1-1) experimental; urgency=low
     1070
     1071  * New upstream release
     1072
     1073 -- Isaac Clerencia <isaac@debian.org>  Wed, 24 Jan 2007 14:21:34 +0100
     1074
     1075moodle (1.7+20061215-1) experimental; urgency=low
     1076
     1077  * New upstream release
     1078
     1079 -- Isaac Clerencia <isaac@debian.org>  Fri, 15 Dec 2006 13:39:14 +0100
     1080
     1081moodle (1.6.3-2ubuntu1) feisty; urgency=low
     1082
     1083  * Merge from debian unstable, remaining changes:
     1084    - debian/control:
     1085      + php5 by default.
     1086      + Add postgresql-client-8.1 to Depends.
     1087      + Update Recommends alternate to postgresql-8.1.
     1088    - debian/templates: Ensure the default corresponds to the install-
     1089      time dependencies (apache2).
     1090
     1091 -- Kees Cook <kees@ubuntu.com>  Mon, 18 Dec 2006 12:28:27 -0800
     1092
     1093moodle (1.6.3-2) unstable; urgency=high
     1094
     1095  * Urgency high as it fixes a security bug and should enter Etch ASAP
     1096  * Fix security bug in the forum module (discuss.php)
     1097
     1098 -- Isaac Clerencia <isaac@debian.org>  Thu, 14 Dec 2006 14:14:27 +0100
     1099
     1100moodle (1.6.3-1ubuntu1) feisty; urgency=low
     1101
     1102  * Merge from debian unstable.  Remaining Ubuntu changes:
     1103    - debian/control:
     1104      + php5 by default.
     1105      + Add postgresql-client-8.1 to Depends.
     1106      + Update Recommends alternate to postgresql-8.1.
     1107    - debian/templates: Ensure the default corresponds to the install-
     1108      time dependencies (apache2).
     1109
     1110 -- Kees Cook <kees@ubuntu.com>  Wed, 29 Nov 2006 16:08:37 -0800
     1111
     1112moodle (1.6.3-1) unstable; urgency=low
     1113
     1114  * New upstream release
     1115
     1116 -- Isaac Clerencia <isaac@debian.org>  Thu, 19 Oct 2006 11:37:40 +0200
     1117
     1118moodle (1.6.2+20060930-1) unstable; urgency=high
     1119
     1120  * Urgency high because it fixes a critical security hole
     1121  * New upstream release, closes: #390294, critical security hole
     1122  * Notify the user if the selected server isn't installed, select apache2
     1123    by default instead of apache, closes: #389806
     1124  * Add a configuration section for php5 in apache.conf, closes: #387609
     1125
     1126 -- Isaac Clerencia <isaac@debian.org>  Sat, 30 Sep 2006 12:14:29 +0100
     1127
     1128moodle (1.6.2-1ubuntu1.1) edgy; urgency=low
     1129
     1130  * SECURITY UPDATE: SQL injection vulnerability
     1131  * Add '01_sql-injection-fix.dpatch': Correctly escape tag options.
     1132  * References:
     1133    CVE-2006-5219
     1134    http://cvs.moodle.com/blog/index.php?r1=1.18.2.2&r2=1.18.2.3
     1135
     1136 -- Kees Cook <kees@ubuntu.com>  Wed, 11 Oct 2006 15:25:15 -0700
     1137
     1138moodle (1.6.2-1ubuntu1) edgy; urgency=low
     1139
     1140  * Merge from Debian unstable. The following Ubuntu changes remain:
     1141    - debian/control:
     1142      + Apply patch from Ubuntu #59472 to use php5
     1143        (Closes Ubuntu: #59472),
     1144      + Add postgresql-client-8.1 to Depends (Closes Ubuntu: #51813),
     1145      + Update Recommends alternate to postgresql-8.1,
     1146    - debian/templates: Ensure the default corresponds to the install-
     1147      time dependencies (apache2) so we can avoid the mess that was
     1148      worked around in dapper-security.
     1149
     1150 -- Daniel T Chen <crimsun@ubuntu.com>  Sat, 23 Sep 2006 22:26:13 -0400
     1151
     1152moodle (1.6.2-1) unstable; urgency=low
     1153
     1154  * New upstream release, closes: #387177
     1155  * Debconf translation updates/additions:
     1156    * Czech, closes: #371834
     1157    * French, closes: 372713
     1158    * Portuguese, closes: #381194
     1159  * Install config-dist.php in the documentation directory, closes: #386476
     1160
     1161 -- Isaac Clerencia <isaac@debian.org>  Tue, 12 Sep 2006 22:06:34 +0200
     1162
     1163moodle (1.6.1+20060825-1) unstable; urgency=low
     1164
     1165  * New upstream release
     1166  * Moodle neither uses nor plans to use ADODB_Pager, so it's not affected by
     1167    #360396, but include patch for it anyway, just in case somebody decides to
     1168    use it out of the blue
     1169
     1170 -- Isaac Clerencia <isaac@debian.org>  Fri, 25 Aug 2006 08:56:42 +0200
     1171
     1172moodle (1.6-2ubuntu1) edgy; urgency=low
     1173
     1174  [ Ubuntu Merge-o-Matic ]
     1175  * Merge from debian unstable.
     1176
     1177 -- Daniel T Chen <crimsun@ubuntu.com>  Thu,  6 Jul 2006 20:30:30 -0400
     1178
     1179moodle (1.6-2) unstable; urgency=low
     1180
     1181  * Fix two problems in preinst, thanks to Jordi Mallach's workmate
     1182  * Ship cron file in package instead of generating it at postinst
     1183
     1184 -- Isaac Clerencia <isaac@debian.org>  Mon,  3 Jul 2006 10:25:31 +0200
     1185
     1186moodle (1.6-1ubuntu1) edgy; urgency=low
     1187
     1188  * Merge from debian unstable:
     1189    - Use Debian Sid's packaging save in debian/templates where we need
     1190      to make sure the default corresponds to the install-time
     1191      dependencies (apache2) so we can avoid the mess that was worked
     1192      around in dapper-security.
     1193
     1194 -- Daniel T Chen <crimsun@ubuntu.com>  Fri, 30 Jun 2006 19:21:20 +0100
     1195
     1196moodle (1.6-1) unstable; urgency=low
     1197
     1198  * New upstream release, needs newer PHP version, so updated versioned
     1199    dependencies
     1200
     1201 -- Isaac Clerencia <isaac@debian.org>  Mon, 19 Jun 2006 18:21:07 +0200
     1202
     1203moodle (1.5.4-1) unstable; urgency=low
     1204
     1205  * New upstream release
     1206  * Depend on ucf
     1207  * Move debhelper to Build-Depends as it's used in the clean target of
     1208    debian/rules
     1209  * Add colons to debconf template short descriptions
     1210  * Bumped Standard-Versions to 3.7.2, no changes needed
     1211
     1212 -- Isaac Clerencia <isaac@debian.org>  Tue, 30 May 2006 17:48:11 +0200
     1213
     1214moodle (1.5.3+20060206-1) unstable; urgency=low
     1215
     1216  * New package created from 1.5.3+ branch, which includes several bugfixes
     1217  * Allow moodle to be installed using php5 instead of php4, closes: #351298
     1218  * Changed apache | httpd to apache2-mpm-prefork | httpd
     1219
     1220 -- Isaac Clerencia <isaac@debian.org>  Mon,  6 Feb 2006 09:49:09 +0100
     1221
     1222moodle (1.5.3+20060108-2) unstable; urgency=low
     1223
     1224  * Throw cronjob output to /dev/null, closes: #349971
     1225
     1226 -- Isaac Clerencia <isaac@debian.org>  Thu, 26 Jan 2006 13:01:58 +0100
     1227
     1228moodle (1.5.3+20060108-1ubuntu1) dapper; urgency=low
     1229
     1230  * Resynchronise with Debian.
     1231
     1232 -- Daniel T Chen <crimsun@fungus.sh.nu>  Mon, 09 Jan 2006 13:49:39 +0000
     1233
     1234moodle (1.5.3+20060108-1) unstable; urgency=low
     1235
     1236  * New package created from 1.5.3+ branch, which closes: #346509, a
     1237    security bug in the ADODB code included in Moodle
     1238  * Check for /usr/share/moodle/admin/cron.php existence in the cronjob,
     1239    closes: #342304
     1240  * Use php4-cli instead of wget to run the cronjob, closes: #345930
     1241
     1242 -- Isaac Clerencia <isaac@debian.org>  Sun,  8 Jan 2006 17:09:57 +0100
     1243
     1244moodle (1.5.3-1ubuntu1) dapper; urgency=low
     1245
     1246  * Resynchronise with Debian.
     1247
     1248 -- Stephan Hermann <sh@sourcecode.de>  Wed, 28 Dec 2005 18:25:41 +0100
     1249
     1250moodle (1.5.3-1) unstable; urgency=low
     1251
     1252  * New upstream release
     1253
     1254 -- Isaac Clerencia <isaac@debian.org>  Mon, 21 Nov 2005 21:09:21 +0100
     1255
     1256moodle (1.5.2-1ubuntu1) breezy; urgency=low
     1257
     1258  * Resync with debian (security update)
     1259  * changed dependencys to php5
     1260  * changed apache dependency to apache2
     1261  * References
     1262    CAN-2005-2247
     1263
     1264 -- Andrew Mitchell <ajmitch@ubuntu.com>  Thu, 13 Oct 2005 02:00:59 +1300
     1265
     1266moodle (1.5.2-1) unstable; urgency=low
     1267
     1268  * New upstream release
     1269
     1270 -- Isaac Clerencia <isaac@debian.org>  Wed, 20 Jul 2005 15:13:41 +0200
     1271
     1272moodle (1.5.1-1) unstable; urgency=low
     1273
     1274  * New upstream release
     1275
     1276 -- Isaac Clerencia <isaac@debian.org>  Tue, 12 Jul 2005 09:50:59 +0200
     1277
     1278moodle (1.5-1) unstable; urgency=low
     1279
     1280  * New upstream release
     1281  * Added Vietnamese debconf translation, closes: #312961
     1282
     1283 -- Isaac Clerencia <isaac@debian.org>  Wed, 22 Jun 2005 22:18:26 +0200
     1284
     1285moodle (1.4.4.dfsg.1-3) unstable; urgency=high
     1286
     1287  * Urgency high as this upload closes a security bug
     1288  * Remove admin/delete.php on installation, fixes an important security bug
     1289
     1290 -- Isaac Clerencia <isaac@debian.org>  Mon, 30 May 2005 20:45:33 +0200
     1291
     1292moodle (1.4.4.dfsg.1-2) unstable; urgency=low
     1293
     1294  * Use find | xargs instead of rm to remove old sessions, closes: #300266
     1295
     1296 -- Isaac Clerencia <isaac@debian.org>  Fri, 18 Mar 2005 18:47:32 +0100
     1297
     1298moodle (1.4.4.dfsg.1-1) unstable; urgency=high
     1299
     1300  * Urgency high as it closes a release critical bug and fixes some security
     1301  problems
     1302
     1303  * New upstream release
     1304
     1305  * Replaced non-free fonts with free fonts for some languages in the original
     1306  tarball, closes: #298938
     1307
     1308  * Set perms for /etc/moodle/config.php to 640 instead of 644, closes: #297237
     1309
     1310  * Use new option $CFG->respectsessionsettings = true; to clean sessions and
     1311  remove old sessions from /var/lib/moodle/sessions: closes: #295124
     1312
     1313  * Added cs.po debconf template translation, closes: #298208
     1314
     1315  * Remove /var/lib/moodle/ when purging
     1316
     1317 -- Isaac Clerencia <isaac@debian.org>  Thu, 10 Mar 2005 01:02:48 +0100
     1318
     1319moodle (1.4.3-1) unstable; urgency=high
     1320
     1321  * Urgency high as upstream release fixes several security bugs
     1322  * New upstream release
     1323  * Write database creation errors and warn the user about it,
     1324  closes: #285842, #285842
     1325
     1326 -- Isaac Clerencia <isaac@sindominio.net>  Wed, 29 Dec 2004 00:49:52 +0100
     1327
     1328moodle (1.4.2-2) unstable; urgency=low
     1329
     1330  * Create user before creating database in postinst
     1331
     1332 -- Isaac Clerencia <isaac@sindominio.net>  Tue, 23 Nov 2004 10:55:28 +0100
     1333
     1334moodle (1.4.2-1) unstable; urgency=high
     1335
     1336  * New upstream release
     1337  * Urgency high, as this upstream release closes several security bugs
     1338  * Added some extra information to README.Debian, thanks to Kevin Coyner
     1339  * Added apache2 as a choice for autoconfiguration, closes: #275444
     1340
     1341 -- Isaac Clerencia <isaac@sindominio.net>  Wed, 10 Nov 2004 13:18:41 +0100
     1342
     1343moodle (1.4.1-2) unstable; urgency=medium
     1344
     1345  * Urgency medium, as it fixes the "default username" problem, which is a
     1346    www-config bug but affects lots of moodle users
     1347  * Use moodle as default database username, currently uses www-data which
     1348    causes www-config to fail to create the database
     1349  * Enabled Tex math filter and added mimetex in Depends:
     1350  * Removed an extra line from README.Debian
     1351  * Removed debian/overrides/ for lintian
     1352
     1353 -- Isaac Clerencia <isaac@sindominio.net>  Sun, 24 Oct 2004 12:16:39 +0200
     1354
     1355moodle (1.4.1-1) unstable; urgency=low
     1356
     1357  * New upstream release, closes: #270855
     1358  * /var/lib/moodle is now owned by www-data, closes: #258283
     1359  * Added README.Debian with some hints for database setup,
     1360    closes: #272553, #270851
     1361
     1362 -- Isaac Clerencia <isaac@sindominio.net>  Sat,  2 Oct 2004 00:37:53 +0200
     1363
     1364moodle (1.4-1) unstable; urgency=low
     1365
     1366  * New upstream release, closes: #256218, #256219
     1367  * Switched to a file in conf.d instead of an include in http.conf
     1368  * Added DirectoryIndex index.php to apache.conf file, closes: #247554
     1369
     1370 -- Isaac Clerencia <isaac@sindominio.net>  Tue,  7 Sep 2004 22:07:10 +0200
     1371
     1372moodle (1.3.3-1) unstable; urgency=low
     1373
     1374  * New upstream release
     1375
     1376 -- Isaac Clerencia <isaac@sindominio.net>  Mon, 19 Jul 2004 11:28:48 +0200
     1377
     1378moodle (1.3.2-1) unstable; urgency=low
     1379
     1380  * New upstream release
     1381
     1382 -- Isaac Clerencia <isaac@sindominio.net>  Mon, 19 Jul 2004 11:16:45 +0200
     1383
     1384moodle (1.3.1-1) unstable; urgency=low
     1385
     1386  * New upstream release, closes: #252693
     1387  * Added "exec 0<&1" to postinst to fix hang when ucf asks the user
     1388
     1389 -- Isaac Clerencia <isaac@sindominio.net>  Fri,  4 Jun 2004 23:45:37 +0200
     1390
     1391moodle (1.2.1-3) unstable; urgency=low
     1392
     1393  * Added a choice to use apache-perl in addition to apache and apache-ssl
     1394  * Changed back priority to Optional, because no longer depends on php4-gd2
     1395
     1396 -- Isaac Clerencia <isaac@sindominio.net>  Thu, 22 Apr 2004 11:32:40 +0200
     1397
     1398moodle (1.2.1-2) unstable; urgency=low
     1399
     1400  * Changed depends on php4-gd2 to php4-gd, closes: #243717
     1401
     1402 -- Isaac Clerencia <isaac@sindominio.net>  Tue, 20 Apr 2004 23:16:47 +0200
     1403
     1404moodle (1.2.1-1) unstable; urgency=low
     1405
     1406  * New upstream release
     1407  * Added ucf for better handling of config files
     1408  * Changed priority to Extra
     1409
     1410 -- Isaac Clerencia <isaac@sindominio.net>  Tue, 30 Mar 2004 22:01:33 +0200
     1411
     1412moodle (1.1.1-4) unstable; urgency=low
     1413
     1414  * Added French debconf templates translation, closes: #235572
     1415
     1416 -- Isaac Clerencia <isaac@sindominio.net>  Mon,  1 Mar 2004 12:22:03 +0100
     1417
     1418moodle (1.1.1-3) unstable; urgency=low
     1419
     1420  * Fixed debconf stuff by adding POTFILES.in, closes: #233114
     1421    Thanks to Martin Quirson.
     1422  * Fixed bug in config generation that caused passwords including '$'
     1423    broke the autentication
     1424  * Removed moodle prefix from some debian/ files
     1425  * Changed depend on debconf to misc:Depends
     1426  * Updated version for debhelper build-depend to 4.1.13
     1427
     1428 -- Isaac Clerencia <isaac@sindominio.net>  Tue, 17 Feb 2004 23:55:45 +0100
     1429
     1430moodle (1.1.1-2) unstable; urgency=low
     1431
     1432  * Now depends on php4-pgsql or php4-mysql not both
     1433  * Added recommends for postgresql or mysql-serverl
     1434  * Added documentation dir
     1435  * Added wget in Depends: and changed cron.d to use wget
     1436  * Fixed postinst to put the correct protocol in config.php and cron.d/moodle
     1437
     1438 -- Isaac Clerencia <isaac@sindominio.net>  Thu, 27 Nov 2003 23:14:11 +0100
     1439
     1440moodle (1.1.1-1) unstable; urgency=low
     1441
     1442  * Initial Debian Release, closes: #222475
     1443
     1444 -- Isaac Clerencia <isaac@sindominio.net>  Thu, 27 Nov 2003 23:14:11 +0100
     1445
Note: See TracChangeset for help on using the changeset viewer.