openSUSE Build Service

Overview Repositories Revisions Requests Users Attributes Meta

File moodle.changes of Package moodle

-------------------------------------------------------------------
Wed Nov 10 17:16:42 CET 2010 - lrupp@suse.de

- update to 1.9.10 (bnc #650155):
  + this update fixes the following security incidents:
  ++ CVE-2010-4207, CVE-2010-4208, CVE-2010-4209: 
     Cross-site scripting (XSS) vulnerability in the Flash 
     component infrastructure
  + Multiple phpCAS library vulnerabilities 
  + Customised HTML Purifier upgraded to 4.2.0 
- upgraded language packs as the new version comes with more and/or
  changed (translated) text

-------------------------------------------------------------------
Thu Jul  8 09:35:20 CEST 2010 - lrupp@suse.de

- update to 1.9.9 (bnc #616186):
  + this update fixes the following security incidents:
  ++ CVE-2010-2228 Persistent Cross Site Scripting vulnerability
     in the MNET access control interface
  ++ CVE-2010-2229 Cross Site Scripting vulnerability in
     blog/index.php
  ++ CVE-2010-2230 KSES Security Filter Bypassing vulnerability
  ++ CVE-2010-2231 Potential Cross Site Scripting vulnerability
     in Quiz reports
  + also 39 minor bugs were fixed.
- upgraded language packs as the new version comes with more and/or
  changed (translated) text

-------------------------------------------------------------------
Mon Mar 29 12:51:48 UTC 2010 - lrupp@suse.de

- update to 1.9.8 (bnc #591850):
  + this update fixes the following security incidents:
  ++  MSA-10-0001  Vulnerability in KSES text cleaning
  ++ MSA-10-0002 XSS vulnerabilty in the phpcas module
  ++ MSA-10-0003 Disclosure of full user names
  ++ MSA-10-0004 Improved access control in course restore
  ++ MSA-10-0005 Incorrect validation of forms data
  ++ MSA-10-0006 SQL injection in Wiki module
  ++ MSA-10-0007 Reflective Cross Site Scripting (XSS) in the Moodle Global Search Engine
  ++ MSA-10-0008 Persistent XSS when using Login-as feature
  ++ MSA-10-0009 Session fixation prevention now turned on by default 
  + also the following bugs were fixed:
  ++ MDL-16658 - New capability moodle/restore:createuser  to control 
    whether a user can create users when restoring a course
  ++ MDL-21174 - Bulk upload of user profile pictures now excludes 
    deleted users
  ++ MDL-20125 - New Section Links block settings
  ++ MDL-21606 - Fix for Chameleon theme not working with Firefox 3.6
  ++ MDL-21343 - Fix for LDAP authentication settings not being shown
  ++ MDL-19392 and MDL-21332 - Fixes for AICC objects
  ++ MDL-21045 - Grade letters, outcomes, grade categories and grade 
    items are now restored regardless of whether users are included 
    in the course backup
  ++ MDL-20122 - SCORM module restore now retains maxgrade, updatefreq, 
    maxattempt, grademethod and options
  ++ MDL-20819 - Fix for statistics generation problem
  ++ MDL-21029 - Global glossary auto linking fix
  ++ MDL-20810 - Hotpot module import questions fix 
- added hint in README.SuSE about upgrade

-------------------------------------------------------------------
Fri Feb  5 14:33:04 CET 2010 - lrupp@suse.de

- update to 1.9.7 (bnc #564364):
  + this update fixes the following security incidents:
  ++ CVE-2009-4297
  ++ CVE-2009-4298
  ++ CVE-2009-4299
  ++ CVE-2009-4300
  ++ CVE-2009-4301
  ++ CVE-2009-4302
  ++ CVE-2009-4303
  ++ CVE-2009-4304
  ++ CVE-2009-4305
  ++ MSA-09-0030 - New detection of insecure Flash player plugins
  + new IMS Common Cartridge import (requires enabling in
    Site Administration > Miscellaneous > Experimental)
  + Workshop module now finally pushes grades into Gradebook
    during Synchronize legacy grades procedure
  + Miscellaneous Workshop module fixes
  + Completely new, more secure password handling. Beside other
    features, Admins will be asked to change their passwords next
    time they log in after upgrading
  + Hashed user passwords are no longer saved in backup files
    containing user data. If a backup is restored to a new site,
    users will be asked to go through the "forgot my password"
    routine the first time they log in.
- removed old, upstreamed patches

-------------------------------------------------------------------
Tue Mar 31 16:01:34 CEST 2009 - lrupp@suse.de

- fix bnc#490087: Moodle File Disclosure Vulnerability
  + moodle-1.9.3-CVE-2009-1171.patch

-------------------------------------------------------------------
Mon Mar 16 15:14:16 CET 2009 - lrupp@suse.de

- fix bnc#475111: moodle XSS, CSRF
  + moodle-1.9.3-CVE-2009-0499.patch
  + moodle-1.9.3-CVE-2009-0500.patch
  + moodle-1.9.3-CVE-2009-0501.patch
  + moodle-1.9.3-CVE-2009-0502.patch

-------------------------------------------------------------------
Mon Jan 19 17:45:31 CET 2009 - lrupp@suse.de

- fix potential possible Remote Code Execution
  (moodle-1.9.3-Remote_Code_Execution.patch) bnc#459039

-------------------------------------------------------------------
Wed Nov 12 10:52:38 CET 2008 - lrupp@suse.de

- php-imap doesn't exist any more in Factory
- update to 1.9.3:
  MSA-08-0020: quiz/questions capabilities lack some risk flags in 
               access.php files
  MSA-08-0021: design deficiency combined with incorrect use of 
               format_string() allowing XSS
  MSA-08-0022: XSS through Wiki page titles
  MSA-08-0023: CSRF in messaging setting
  MSA-08-0024: Overriding of frozen values in Moodle forms
  MSA-08-0025: SQL injection in tags code
  MSA-08-0026: customised HTML Purifier upgraded to 2.1.5 
  + The regression in 1.9.2 that broke images in quiz questions 
    has been fixed. 
  + Fixes for course category edit and add capabilities problems 
  + Fix for Firefox password manager problem 
  + Fix for major groups upgrade problem 
  + Indication for administrators when a site is in Maintenance mode
  + Improved detection of misconfigured dataroot directory 
  + and many more 
    (see http://docs.moodle.org/en/Release_Notes#Moodle_1.9.3)
- updated en, es, et, eu, fa, fi, fr, gl , he, hr, hu, is, it, ja, 
  km, ko, lt, lv, ms, nl, nn, no, pl, pt, ro, ru, sk, sl, so, sq, 
  sv, tr, uk, vi language files
- removed moodle-oss files
- remove obsolete suse_version checks

-------------------------------------------------------------------
Thu Sep 25 22:42:20 CEST 2008 - lars@linux-schulserver.de

- moved to Education base repository

-------------------------------------------------------------------
Mon Jul 21 18:49:18 CEST 2008 - lrupp@suse.de

- update to 1.9.2:
  + MSA-08-0016: Email could be changed in profile 
                 without confirmation
  + MSA-08-0015: accessible profiles of deleted users
  + MSA-08-0014: potential sql injection in events handling code
  + MSA-08-0012: Potential non-persistent XSS when searching for 
                 group members (MSSQL and Oracle only)
  + MSA-08-0010: sql injection in HotPot module 
  + compatibility fixes for MSSQL, Oracle and PostgreSQL
  + improved triggering core events (unfortunately 3rd party code 
    needs to be updated MDL-9983)
  + various spam related improvements (confirmation when changing 
    emails, new lang strings with better help, email self-register 
    off by default)
  + forum subscribe and unsubscribe improvements
  + the simpler quiz report enhancements and bug fixes, from this 
    body of work aimed at 2.0, have been implemented on the 1.9 
    stable branch. 
- updated language files, too
- fix rpmlint file syntax

-------------------------------------------------------------------
Mon Jun  2 13:22:38 CEST 2008 - lrupp@suse.de

- update to 1.9.1 (bugfix release):
  *  Gradebook - bug fixing and performance problems solved
  * Backup/restore bug fixing, improvements and performance
  * Numerous PostgreSQL compatibility fixes
  * Many critical problems fixed in language packs
  * Front page participants list improved
  * Database module - bug fixing and improvements, including 
    additional database template tags
  * Forum module - fixed unread tracking, performance improvements, 
    group modes fixed
  * Resource module - fixed problems with PDF files in IE
  * Quiz module - Improvements to robustness
  * Captcha support added to Email-based self-registration

-------------------------------------------------------------------
Wed Apr  9 23:33:08 CEST 2008 - crrodriguez@suse.de

- moodle does not send scheduled emails nor execute
  cleanup tasks without cron

-------------------------------------------------------------------
Tue Mar 18 14:17:47 CET 2008 - lrupp@suse.de

- fix a bug with the regex_replace modifier that can allow php
  functions to be called in templates (bnc#202591)
  moodle-CVE-2008-1066.patch

-------------------------------------------------------------------
Mon Mar 17 14:14:38 CET 2008 - lrupp@suse.de

- update to 1.9:
  + new/changed features: Gradebook, Outcomes, Events API, 
    Tags support, Notes, Bulk users actions
  + many scalability and performance improvements (overhaul of the 
    Roles implementation, additional code for PHP pre-compilers, 
    improvements in the database access code
  + Active Directory NTLM Single Sign On 
  + New theme settings
  + Oracle Support - Catalyst Ltd, USQ
  + Numerous admin settings fixes and improvements
  For a detailed list, please read 
   http://docs.moodle.org/en/Release_Notes#Moodle_1.9
- added some links to the README.SuSE
- enhanced the rpmlintrc file
- updated language files

-------------------------------------------------------------------
Wed Dec  5 17:31:57 CET 2007 - lrupp@suse.de

- update to 1.8.4:
  + Some crucial performance fixes
  + Many little annoying bugs squashed
  + more on http://docs.moodle.org/en/Release_Notes#Moodle_1.8.3
- updated language files
- enhanced the README.SuSE
- now we support the "normal" installation via browser

-------------------------------------------------------------------
Mon Aug  6 12:49:41 CEST 2007 - lrupp@suse.de

- update to 1.8.2:
  + groups implementation has been cleaned up
  + two XSS security vulnerabilities were fixed
  + more XHTML validation cleanups
  + fixed user upload failure when file contains utf-8 bom
  + more on http://docs.moodle.org/en/Release_Notes#Moodle_1.8.2

-------------------------------------------------------------------
Tue Jun  5 09:40:33 CEST 2007 - lrupp@suse.de

- Require mysql >= 5.0 (for UTF8 Support)
- use fdupes to find duplicate files
- Remove libbz2 from BuildRequires
- Remove triggerpostun

-------------------------------------------------------------------
Sun Apr  1 20:42:53 CEST 2007 - lrupp@suse.de

- Upgrade to 1.8:
  + Accessibility improvements
  + it is now possible to link Moodle sites allowing cross-site 
    roaming, transparent enrolments and remote log viewing.
  + Roles improvements 
- changes in moodle_include.conf:
  + set "safe_mode Off" and 
  + "session.save_handler = files"
  + increased "post_max_size" and "upload_max_filesize" to 16M
  see http://docs.moodle.org/en/Installing_Moodle for more details
- updated language files
- updated moodle-oss
- added php4-ldap php4-imap freetype2 to Requires

-------------------------------------------------------------------
Sun Apr  1 17:43:31 CEST 2007 - lrupp@suse.de

- add libbz2 to BuildRequires for > 1020

-------------------------------------------------------------------
Thu Mar 29 19:22:16 CEST 2007 - dmueller@suse.de

- update BuildRequires

-------------------------------------------------------------------
Wed Feb  7 00:19:35 CET 2007 - lrupp@suse.de

- remove trailing '/' from config
- move moodle to /srv/www/moodle 
- adapt OSS scripts to new locations

-------------------------------------------------------------------
Tue Jan 23 22:32:08 CET 2007 - lrupp@suse.de
- updated moodle to 1.7.1 (bugfix release)
- updated language packs
- fixed requires for SLES9
- added triggerpostun for old config move
- added 'de_du' package

-------------------------------------------------------------------
Tue Dec 19 20:11:34 CET 2006 - lrupp@suse.de

- some enhancements in the moodle-add-user script
- changed default currency to "EUR" instead of "USD" in the database

-------------------------------------------------------------------
Thu Dec  7 23:11:33 CET 2006 - lrupp@suse.de

- Updated ca, en, es, eu, fr, ja, ko, tr and vi language files
- updated setup and plugin script in moodle-oss.tar.bz2

-------------------------------------------------------------------
Fri Nov 17 07:05:22 CET 2006 - lrupp@suse.de

- updated translations
- beautify specfile
- added locale Provides to language packages
- updated database dump and OSS scripts

-------------------------------------------------------------------
Tue Nov 14 15:22:20 CET 2006 - lrupp@suse.de

- upgrade to 1.7:
  + allows user roles now
  + new XML database schema for support of a wider range of 
    databases
  + New admin interface which makes it easier to find settings
  + first Unit testing framework for developers
  + first AJAX features (unstable atm) in course editing
  + many small bugfixes - see:
    http://docs.moodle.org/en/Release_Notes#Moodle_1.7
- updated language files
- rewrite some special OSS scripts

-------------------------------------------------------------------
Sat Nov  4 22:18:27 CET 2006 - lrupp@suse.de

- use admin_flag in apache config ( #216923 )
- some security enhancements:
  + make config not world wide readable
  + set register_globals off
  + use open_basedir restrictions
  + disable Session auto start
- added mod_php4 config for older distributions
- updated language packs
- added Hindi, Croatian, Icelandic, Somali translations
- added en_utf8: en is just a placeholder now

-------------------------------------------------------------------
Sun Oct 15 18:11:02 CEST 2006 - lrupp@suse.de

- new version: 1.6.3
- all patches included upstream

-------------------------------------------------------------------
Fri Oct  6 00:01:54 CEST 2006 - lrupp@suse.de

- updated language files
- added patches:
  + Fixing $tempfiledir path in spellchecker
  + update mdl fields during login only once if 'oncreation' is set
  + don't show backup directory to all users
  + corrected display of best grade if maximum grade != 100
  + If a theme doesn't exist then revert to standardwhite
  + make course upload size limits apply to students only
  + remove linefeeds from textfiles after editing in browser window
  + fix error message when the first lesson is created
  + allow UTF-8 strings to be truncated at character 
	boundaries instead of word boundaries (fix MDL-5378)
  + studentview was not working in hidden courses (MDL-6341)
  + trigger correct upgrade of tables for HotPot v1
  + Fix JavaScript timer problem (endless loop)
  + added missing global to restore teachers correctly (MDL-6084)
  + added eu as toplevel domain in validateurlsyntax.php

-------------------------------------------------------------------
Thu Sep 28 18:50:39 CEST 2006 - lrupp@suse.de

- update to 1.6.2
  * many security fixes in filehandling (upload, backup)
  * bugfixe in localisation packages
  * fixes in Lesson module
  * sessiontimeout setting works now
- added plugins for adding and deleting users via LDAP

-------------------------------------------------------------------
Thu Aug 31 20:40:10 CEST 2006 - lrupp@suse.de

- initial package (1.6.1)

Places

File moodle.changes of Package moodle

Places