Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
DISCONTINUED:openSUSE:11.1:Update
moodle
moodle.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File moodle.changes of Package moodle
------------------------------------------------------------------- Wed Nov 10 17:16:42 CET 2010 - lrupp@suse.de - update to 1.9.10 (bnc #650155): + this update fixes the following security incidents: ++ CVE-2010-4207, CVE-2010-4208, CVE-2010-4209: Cross-site scripting (XSS) vulnerability in the Flash component infrastructure + Multiple phpCAS library vulnerabilities + Customised HTML Purifier upgraded to 4.2.0 - upgraded language packs as the new version comes with more and/or changed (translated) text ------------------------------------------------------------------- Thu Jul 8 09:35:20 CEST 2010 - lrupp@suse.de - update to 1.9.9 (bnc #616186): + this update fixes the following security incidents: ++ CVE-2010-2228 Persistent Cross Site Scripting vulnerability in the MNET access control interface ++ CVE-2010-2229 Cross Site Scripting vulnerability in blog/index.php ++ CVE-2010-2230 KSES Security Filter Bypassing vulnerability ++ CVE-2010-2231 Potential Cross Site Scripting vulnerability in Quiz reports + also 39 minor bugs were fixed. - upgraded language packs as the new version comes with more and/or changed (translated) text ------------------------------------------------------------------- Mon Mar 29 12:51:48 UTC 2010 - lrupp@suse.de - update to 1.9.8 (bnc #591850): + this update fixes the following security incidents: ++ MSA-10-0001 Vulnerability in KSES text cleaning ++ MSA-10-0002 XSS vulnerabilty in the phpcas module ++ MSA-10-0003 Disclosure of full user names ++ MSA-10-0004 Improved access control in course restore ++ MSA-10-0005 Incorrect validation of forms data ++ MSA-10-0006 SQL injection in Wiki module ++ MSA-10-0007 Reflective Cross Site Scripting (XSS) in the Moodle Global Search Engine ++ MSA-10-0008 Persistent XSS when using Login-as feature ++ MSA-10-0009 Session fixation prevention now turned on by default + also the following bugs were fixed: ++ MDL-16658 - New capability moodle/restore:createuser to control whether a user can create users when restoring a course ++ MDL-21174 - Bulk upload of user profile pictures now excludes deleted users ++ MDL-20125 - New Section Links block settings ++ MDL-21606 - Fix for Chameleon theme not working with Firefox 3.6 ++ MDL-21343 - Fix for LDAP authentication settings not being shown ++ MDL-19392 and MDL-21332 - Fixes for AICC objects ++ MDL-21045 - Grade letters, outcomes, grade categories and grade items are now restored regardless of whether users are included in the course backup ++ MDL-20122 - SCORM module restore now retains maxgrade, updatefreq, maxattempt, grademethod and options ++ MDL-20819 - Fix for statistics generation problem ++ MDL-21029 - Global glossary auto linking fix ++ MDL-20810 - Hotpot module import questions fix - added hint in README.SuSE about upgrade ------------------------------------------------------------------- Fri Feb 5 14:33:04 CET 2010 - lrupp@suse.de - update to 1.9.7 (bnc #564364): + this update fixes the following security incidents: ++ CVE-2009-4297 ++ CVE-2009-4298 ++ CVE-2009-4299 ++ CVE-2009-4300 ++ CVE-2009-4301 ++ CVE-2009-4302 ++ CVE-2009-4303 ++ CVE-2009-4304 ++ CVE-2009-4305 ++ MSA-09-0030 - New detection of insecure Flash player plugins + new IMS Common Cartridge import (requires enabling in Site Administration > Miscellaneous > Experimental) + Workshop module now finally pushes grades into Gradebook during Synchronize legacy grades procedure + Miscellaneous Workshop module fixes + Completely new, more secure password handling. Beside other features, Admins will be asked to change their passwords next time they log in after upgrading + Hashed user passwords are no longer saved in backup files containing user data. If a backup is restored to a new site, users will be asked to go through the "forgot my password" routine the first time they log in. - removed old, upstreamed patches ------------------------------------------------------------------- Tue Mar 31 16:01:34 CEST 2009 - lrupp@suse.de - fix bnc#490087: Moodle File Disclosure Vulnerability + moodle-1.9.3-CVE-2009-1171.patch ------------------------------------------------------------------- Mon Mar 16 15:14:16 CET 2009 - lrupp@suse.de - fix bnc#475111: moodle XSS, CSRF + moodle-1.9.3-CVE-2009-0499.patch + moodle-1.9.3-CVE-2009-0500.patch + moodle-1.9.3-CVE-2009-0501.patch + moodle-1.9.3-CVE-2009-0502.patch ------------------------------------------------------------------- Mon Jan 19 17:45:31 CET 2009 - lrupp@suse.de - fix potential possible Remote Code Execution (moodle-1.9.3-Remote_Code_Execution.patch) bnc#459039 ------------------------------------------------------------------- Wed Nov 12 10:52:38 CET 2008 - lrupp@suse.de - php-imap doesn't exist any more in Factory - update to 1.9.3: MSA-08-0020: quiz/questions capabilities lack some risk flags in access.php files MSA-08-0021: design deficiency combined with incorrect use of format_string() allowing XSS MSA-08-0022: XSS through Wiki page titles MSA-08-0023: CSRF in messaging setting MSA-08-0024: Overriding of frozen values in Moodle forms MSA-08-0025: SQL injection in tags code MSA-08-0026: customised HTML Purifier upgraded to 2.1.5 + The regression in 1.9.2 that broke images in quiz questions has been fixed. + Fixes for course category edit and add capabilities problems + Fix for Firefox password manager problem + Fix for major groups upgrade problem + Indication for administrators when a site is in Maintenance mode + Improved detection of misconfigured dataroot directory + and many more (see http://docs.moodle.org/en/Release_Notes#Moodle_1.9.3) - updated en, es, et, eu, fa, fi, fr, gl , he, hr, hu, is, it, ja, km, ko, lt, lv, ms, nl, nn, no, pl, pt, ro, ru, sk, sl, so, sq, sv, tr, uk, vi language files - removed moodle-oss files - remove obsolete suse_version checks ------------------------------------------------------------------- Thu Sep 25 22:42:20 CEST 2008 - lars@linux-schulserver.de - moved to Education base repository ------------------------------------------------------------------- Mon Jul 21 18:49:18 CEST 2008 - lrupp@suse.de - update to 1.9.2: + MSA-08-0016: Email could be changed in profile without confirmation + MSA-08-0015: accessible profiles of deleted users + MSA-08-0014: potential sql injection in events handling code + MSA-08-0012: Potential non-persistent XSS when searching for group members (MSSQL and Oracle only) + MSA-08-0010: sql injection in HotPot module + compatibility fixes for MSSQL, Oracle and PostgreSQL + improved triggering core events (unfortunately 3rd party code needs to be updated MDL-9983) + various spam related improvements (confirmation when changing emails, new lang strings with better help, email self-register off by default) + forum subscribe and unsubscribe improvements + the simpler quiz report enhancements and bug fixes, from this body of work aimed at 2.0, have been implemented on the 1.9 stable branch. - updated language files, too - fix rpmlint file syntax ------------------------------------------------------------------- Mon Jun 2 13:22:38 CEST 2008 - lrupp@suse.de - update to 1.9.1 (bugfix release): * Gradebook - bug fixing and performance problems solved * Backup/restore bug fixing, improvements and performance * Numerous PostgreSQL compatibility fixes * Many critical problems fixed in language packs * Front page participants list improved * Database module - bug fixing and improvements, including additional database template tags * Forum module - fixed unread tracking, performance improvements, group modes fixed * Resource module - fixed problems with PDF files in IE * Quiz module - Improvements to robustness * Captcha support added to Email-based self-registration ------------------------------------------------------------------- Wed Apr 9 23:33:08 CEST 2008 - crrodriguez@suse.de - moodle does not send scheduled emails nor execute cleanup tasks without cron ------------------------------------------------------------------- Tue Mar 18 14:17:47 CET 2008 - lrupp@suse.de - fix a bug with the regex_replace modifier that can allow php functions to be called in templates (bnc#202591) moodle-CVE-2008-1066.patch ------------------------------------------------------------------- Mon Mar 17 14:14:38 CET 2008 - lrupp@suse.de - update to 1.9: + new/changed features: Gradebook, Outcomes, Events API, Tags support, Notes, Bulk users actions + many scalability and performance improvements (overhaul of the Roles implementation, additional code for PHP pre-compilers, improvements in the database access code + Active Directory NTLM Single Sign On + New theme settings + Oracle Support - Catalyst Ltd, USQ + Numerous admin settings fixes and improvements For a detailed list, please read http://docs.moodle.org/en/Release_Notes#Moodle_1.9 - added some links to the README.SuSE - enhanced the rpmlintrc file - updated language files ------------------------------------------------------------------- Wed Dec 5 17:31:57 CET 2007 - lrupp@suse.de - update to 1.8.4: + Some crucial performance fixes + Many little annoying bugs squashed + more on http://docs.moodle.org/en/Release_Notes#Moodle_1.8.3 - updated language files - enhanced the README.SuSE - now we support the "normal" installation via browser ------------------------------------------------------------------- Mon Aug 6 12:49:41 CEST 2007 - lrupp@suse.de - update to 1.8.2: + groups implementation has been cleaned up + two XSS security vulnerabilities were fixed + more XHTML validation cleanups + fixed user upload failure when file contains utf-8 bom + more on http://docs.moodle.org/en/Release_Notes#Moodle_1.8.2 ------------------------------------------------------------------- Tue Jun 5 09:40:33 CEST 2007 - lrupp@suse.de - Require mysql >= 5.0 (for UTF8 Support) - use fdupes to find duplicate files - Remove libbz2 from BuildRequires - Remove triggerpostun ------------------------------------------------------------------- Sun Apr 1 20:42:53 CEST 2007 - lrupp@suse.de - Upgrade to 1.8: + Accessibility improvements + it is now possible to link Moodle sites allowing cross-site roaming, transparent enrolments and remote log viewing. + Roles improvements - changes in moodle_include.conf: + set "safe_mode Off" and + "session.save_handler = files" + increased "post_max_size" and "upload_max_filesize" to 16M see http://docs.moodle.org/en/Installing_Moodle for more details - updated language files - updated moodle-oss - added php4-ldap php4-imap freetype2 to Requires ------------------------------------------------------------------- Sun Apr 1 17:43:31 CEST 2007 - lrupp@suse.de - add libbz2 to BuildRequires for > 1020 ------------------------------------------------------------------- Thu Mar 29 19:22:16 CEST 2007 - dmueller@suse.de - update BuildRequires ------------------------------------------------------------------- Wed Feb 7 00:19:35 CET 2007 - lrupp@suse.de - remove trailing '/' from config - move moodle to /srv/www/moodle - adapt OSS scripts to new locations ------------------------------------------------------------------- Tue Jan 23 22:32:08 CET 2007 - lrupp@suse.de - updated moodle to 1.7.1 (bugfix release) - updated language packs - fixed requires for SLES9 - added triggerpostun for old config move - added 'de_du' package ------------------------------------------------------------------- Tue Dec 19 20:11:34 CET 2006 - lrupp@suse.de - some enhancements in the moodle-add-user script - changed default currency to "EUR" instead of "USD" in the database ------------------------------------------------------------------- Thu Dec 7 23:11:33 CET 2006 - lrupp@suse.de - Updated ca, en, es, eu, fr, ja, ko, tr and vi language files - updated setup and plugin script in moodle-oss.tar.bz2 ------------------------------------------------------------------- Fri Nov 17 07:05:22 CET 2006 - lrupp@suse.de - updated translations - beautify specfile - added locale Provides to language packages - updated database dump and OSS scripts ------------------------------------------------------------------- Tue Nov 14 15:22:20 CET 2006 - lrupp@suse.de - upgrade to 1.7: + allows user roles now + new XML database schema for support of a wider range of databases + New admin interface which makes it easier to find settings + first Unit testing framework for developers + first AJAX features (unstable atm) in course editing + many small bugfixes - see: http://docs.moodle.org/en/Release_Notes#Moodle_1.7 - updated language files - rewrite some special OSS scripts ------------------------------------------------------------------- Sat Nov 4 22:18:27 CET 2006 - lrupp@suse.de - use admin_flag in apache config ( #216923 ) - some security enhancements: + make config not world wide readable + set register_globals off + use open_basedir restrictions + disable Session auto start - added mod_php4 config for older distributions - updated language packs - added Hindi, Croatian, Icelandic, Somali translations - added en_utf8: en is just a placeholder now ------------------------------------------------------------------- Sun Oct 15 18:11:02 CEST 2006 - lrupp@suse.de - new version: 1.6.3 - all patches included upstream ------------------------------------------------------------------- Fri Oct 6 00:01:54 CEST 2006 - lrupp@suse.de - updated language files - added patches: + Fixing $tempfiledir path in spellchecker + update mdl fields during login only once if 'oncreation' is set + don't show backup directory to all users + corrected display of best grade if maximum grade != 100 + If a theme doesn't exist then revert to standardwhite + make course upload size limits apply to students only + remove linefeeds from textfiles after editing in browser window + fix error message when the first lesson is created + allow UTF-8 strings to be truncated at character boundaries instead of word boundaries (fix MDL-5378) + studentview was not working in hidden courses (MDL-6341) + trigger correct upgrade of tables for HotPot v1 + Fix JavaScript timer problem (endless loop) + added missing global to restore teachers correctly (MDL-6084) + added eu as toplevel domain in validateurlsyntax.php ------------------------------------------------------------------- Thu Sep 28 18:50:39 CEST 2006 - lrupp@suse.de - update to 1.6.2 * many security fixes in filehandling (upload, backup) * bugfixe in localisation packages * fixes in Lesson module * sessiontimeout setting works now - added plugins for adding and deleting users via LDAP ------------------------------------------------------------------- Thu Aug 31 20:40:10 CEST 2006 - lrupp@suse.de - initial package (1.6.1)
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor