Bug#692626: non-free files in upstream tarball ("The Software shall be used for Good, not Evil")
Anyway, I've filed http://tracker.moodle.org/browse/MDL-36457 so we can replace this code upstream. On Thu, Nov 8, 2012 at 3:38 PM, Martin Dougiamas wrote: > /me watches Debian spiral away into its own navel. > > On Thu, Nov 8, 2012 at 3:04 PM, Ansgar Burchardt wrote: >> Martin Dougiamas writes: >>> Oh come on. "Serious"? That is clearly a joke license. >> >> Yes, it is considered non-free in Debian and also in other >> distributions, see for example the entry for JSON in Fedora's list of >> bad licenses[1]. >> >> [1] <https://fedoraproject.org/wiki/Licensing:Main#Bad_Licenses> >> >> Ansgar > > > > -- > /// Moodle - open-source software for collaborative learning > /// > /// Free software, community, information: http://moodle.org > /// Commercial support and other services: http://moodle.com -- /// Moodle - open-source software for collaborative learning /// /// Free software, community, information: http://moodle.org /// Commercial support and other services: http://moodle.com -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#692626: non-free files in upstream tarball ("The Software shall be used for Good, not Evil")
/me watches Debian spiral away into its own navel. On Thu, Nov 8, 2012 at 3:04 PM, Ansgar Burchardt wrote: > Martin Dougiamas writes: >> Oh come on. "Serious"? That is clearly a joke license. > > Yes, it is considered non-free in Debian and also in other > distributions, see for example the entry for JSON in Fedora's list of > bad licenses[1]. > > [1] <https://fedoraproject.org/wiki/Licensing:Main#Bad_Licenses> > > Ansgar -- /// Moodle - open-source software for collaborative learning /// /// Free software, community, information: http://moodle.org /// Commercial support and other services: http://moodle.com -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#692626: non-free files in upstream tarball ("The Software shall be used for Good, not Evil")
Oh come on. "Serious"? That is clearly a joke license. No-one should touch this until they can legally define exactly what evil is. On Thu, Nov 8, 2012 at 6:12 AM, Ansgar Burchardt wrote: > Package: src:moodle > Version: 2.2.3.dfsg-2.3 > Severity: serious > > The upstream tarball contains files under the non-free JSON license: > > % rgrep -l 'The Software shall be used for Good, not Evil.' . > ./lib/minify/lib/JSMin.php > > Ansgar > -- /// Moodle - open-source software for collaborative learning /// /// Free software, community, information: http://moodle.org /// Commercial support and other services: http://moodle.com -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#581229: Moodle needs to be actively maintained to be included in Squeeze
Thanks for taking this up, Tomek!!! -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#471158: ships embedded copy of smarty with security bug
Actually Moodle doesn't even use smarty (we were going to but we didn't) so this can be completely removed from the code base without any effect. I'll remove it upstream too. Is it still a security problem to have the script there if we don't use it? Cheers, Martin On 16/03/2008, Thijs Kinkhorst <[EMAIL PROTECTED]> wrote: > Package: moodle > Severity: grave > Tags: security patch > > Hi, > > A security issue has been discovered in Smarty which is also shipped as part > of Moodle: > > | The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used > | by Serendipity (S9Y) and other products, allows attackers to call > | arbitrary PHP functions via templates, related to a '0' character in > | a search string. > > Please see the original bug in Smarty here: #469492. The patch is very > straigtforward. > > The right solution here is to not ship Smarty as part of Moodle but make use > of the smarty package that is already in the archive, because the security > team now has to issue multiple DSA's for this single issue which is obviously > problematic. > > Could you please take the following actions: > * To address this bug for lenny and sid, please prepare a version of Moodle > that works with the archive version of smarty; > * For sarge and etch, please prepare updated packages addressing this bug and > #432264, which is also still open in sarge/etch. > > > > thanks, > > Thijs > > -- /// Moodle - open-source software for collaborative learning /// /// Free software, community, information: http://moodle.org /// Commercial support and other services: http://moodle.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#408995: dependency on zip missing
Ah, no problem. In the admin settings, make sure you set the path for 'zip' to be empty. Moodle only uses internal routines if the path is not set. On 30/01/07, Per Olofsson <[EMAIL PROTECTED]> wrote: Martin Dougiamas: > Hmm, no, because we have an internal zip library written in PHP which > we fall back to when command-line zip isn't present. > > If that's not working it's a Moodle bug, not a dependency issue. Right. Anyway, backups didn't work and /var/log/apache2/error.log said: sh: /usr/bin/zip: No such file or directory -- Pelle -- /// Moodle - open-source software for collaborative learning /// /// Free software, community, information: http://moodle.org /// Commercial support and other services: http://moodle.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#408995: dependency on zip missing
Hmm, no, because we have an internal zip library written in PHP which we fall back to when command-line zip isn't present. If that's not working it's a Moodle bug, not a dependency issue. On 30/01/07, Per Olofsson <[EMAIL PROTECTED]> wrote: Package: moodle Version: 1.6.3-2 Severity: important Hi, The moodle package lacks a dependency on zip. If zip is not installed, backups don't work. Installing zip fixes the problem. -- Pelle -- /// Moodle - open-source software for collaborative learning /// /// Free software, community, information: http://moodle.org /// Commercial support and other services: http://moodle.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#361765: moodle: th_utf8 language pack is NOT utf
Hmm, something may have happened downstream.In upstream Moodle 1.5, there is no th_utf8, just "th" and yes, the charset is TIS-620.character set. Moodle 1.6 will migrate ALL database data to UTF8 during the upgrade.http://cvs.sourceforge.net/viewcvs.py/moodle/lang/th_utf8/moodle.php?rev=1.1.1.4&view=auto On 10/04/06, Jeroen Vermeulen <[EMAIL PROTECTED]> wrote: Package: moodleVersion: 1.4.4.dfsg.1-3sarge1Severity: importantThe Thai language pack is installed as th_utf8, but apart from the name,it still seems to be entirely in TIS-620 encoding (which is also reflected by the 'thischarset' setting).AFAICS this is likely to lead to widespread data corruption that is veryhard to correct afterwards. Thai data entered by users or administratorswho have their UI set to "th_utf8" will be stored in TIS-620, whereas the same data entered from a UI set to, say, en_utf8 will be in UTF-8.The two classes of users will not even be able to read each other's(non-ASCII) data.In principle it should be possible to figure out whether most strings in the database are in UTF-8 or not, so it's not unthinkable that a waycan be found to recover from (most of) the resulting data corruption. Ifthat is the case, it is not technically data loss and that's why I'm not submitting this bug as "grave." It should be noted, however, that theupstream developers have been working on this problem for years and lastI heard, had not cracked it yet. It's a really hard problem. -- System Information:Debian Release: 3.1 APT prefers unstable APT policy: (50, 'unstable')Architecture: i386 (i686)Shell: /bin/sh linked to /bin/bashKernel: Linux 2.6.11Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages moodle depends on:ii apache2-mpm-prefork [httpd] 2.0.54-5traditional model for Apache2ii debconf [debconf-2.0]1.4.50 Debian configuration management syii mimetex 1.50-1 LaTeX math expressions to anti-aliii php4 4:4.3.10-16 server-side, HTML-embedded scriptiii php4-gd 4:4.3.10-16 GD module for php4ii php4-mysql 4: 4.3.10-16 MySQL module for php4ii php4-pgsql 3:4.3.10-4 PostgreSQL module for php4ii wget 1.9.1-12retrieves files from the webii wwwconfig-common 0.0.43 Debian web auto configuration-- debconf information excluded-- /// Moodle - open-source software for collaborative learning// Free software, community, information: http://moodle.org/// Commercial support and other services: http://moodle.com
Bug#345930: moodle: upstream suggest cron job should be CLI PHP not a wget process
Yes, great idea.On 04/01/06, Gavin McCullagh <[EMAIL PROTECTED]> wrote: Package: moodleVersion: 1.5.2-1Severity: normalMartÃn Langhoffmentions in the moodle forums:http://moodle.org/mod/forum/discuss.php?d=37006#170884 "One thing that is really important in this case is that you shouldreally run it via cron and php commandline. If you are running themoodle cron via 'wget http://host/moodle/admin/cron.php' then yes, youwill have memory problems. Using wget for the cron.php is only forsmall sites."It would seem that a wget cron job is fine except on big systems. Is there any good reason not to just use the CLI version then? I guess itmeans a dependency on the php4-cli package but it may also remove adependency on wget. Just a suggestion.Gavin-- System Information: Debian Release: 3.1 APT prefers testing APT policy: (500, 'testing')Architecture: i386 (i686)Kernel: Linux 2.6.11-1-686-smpLocale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages moodle depends on:ii apache2-mpm-prefork [httpd] 2.0.54-5traditional model for Apache2ii debconf [debconf-2.0]1.4.30.13 Debian configuration management sy ii mimetex 1.50-1 LaTeX math expressions to anti-aliii php4 4:4.3.10-16 server-side, HTML-embedded scriptiii php4-gd 4:4.3.10-16 GD module for php4 ii php4-pgsql 3:4.3.10-4 PostgreSQL module for php4ii wget 1.9.1-12retrieves files from the webii wwwconfig-common 0.0.43 Debian web auto configuration -- debconf information:* moodle/dbu_name: moodle* moodle/db_server: postgresql* moodle/db_host: localhost* moodle/create_tables:* moodle/webserver: apache2 moodle/notconfigured: moodle/mismatch: * moodle/dba_name: postgres
Bug#338592: CVE assignments for moodle
These are all fixed in 1.5.3. Well, to be exact about the SQL injection we found it was almost impossible to fix completely so we now just recommend correct PHP settings to overcome that problem. It turns out that the particular settings that allowed the SQL injection were actually quite rare. See http://security.moodle.org/ Cheers, Martin Moritz Muehlenhoff wrote: Sorry, I've been to hasty: The redirection vulnerability in jumpto.php is CVE-2005-3649 and the SQL injection vulnerabilities are CVE-2005-3648. Cheers, Moritz -- /// Moodle - open-source software for collaborative learning /// /// Free software, community, information: http://moodle.org /// Commercial support and other services: http://moodle.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#298938: moodle: contains non-free fonts
Hi, Martin. I had not tried this before, but I've tried it just now. The result -> in my system (I use UTF-8), it works correctly with Bepa-Roman.ttf and FreeSans.ttf, but it doesn't work with the font provided in Moodle. Were you using Russian or Ukranian? Only these two languages using the Optima font are the problem now. When using Russian, I couldn't get survey graphs to display properly using VeraSans, FreeSans or Bepa-Roman, but they do work fine with the Optima that they currently include. -- /// Moodle - open-source software for collaborative learning /// /// Free software, community, information: http://moodle.org /// Commercial support and other services: http://moodle.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#298938: moodle: contains non-free fonts
For Moodle 1.5: I've just fixed the Arial fonts in en, cs and sq (now using VeraSans) but I can't find a replacement yet that can replace Optima in ru and uk. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#298938: moodle: contains non-free fonts
Isaac Clerencia wrote: On Friday, 11 de March de 2005 16:12, Martin Dougiamas wrote: For Moodle 1.5: I've just fixed the Arial fonts in en, cs and sq (now using VeraSans) but I can't find a replacement yet that can replace Optima in ru and uk. Hi, Martin. We use Bepa-Roman for that languages in Wesnoth. You can have a look at it at Wesnoth CVS: http://savannah.nongnu.org/cgi-bin/viewcvs/wesnoth/wesnoth/fonts/ Hi! I tried it, but sorry, it doesn't work. Different encoding perhaps. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#298938: moodle: contains non-free fonts
I wouldn't mind fixing the main Moodle distribution in this regard, too. Can you send me some good alternatives? Peter De Wachter wrote: Package: moodle Severity: serious Justification: Policy 2.2.1 Moodle contains two non-free fonts: Arial Narrow in: /usr/share/moodle/lang/cs/fonts/default.ttf /usr/share/moodle/lang/en/fonts/default.ttf /usr/share/moodle/lang/sq/fonts/default.ttf and Optima in: /usr/share/moodle/lang/ru/fonts/default.ttf /usr/share/moodle/lang/uk/fonts/default.ttf These fonts should be removed. To get replacement fonts, you can depend on ttf-bitstream-vera, ttf-freefont, or one of the other free fonts packaged in Debian. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.9 Locale: LANG=nl_BE.UTF-8, LC_CTYPE=nl_BE.UTF-8 (charmap=UTF-8) -- /// Moodle - open-source software for collaborative learning /// /// Free software, community, information: http://moodle.org /// Commercial support and other services: http://moodle.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]