turnkey-core-18.1 (1) turnkey; urgency=low

  * v18.1 rebuild - includes latest Debian & TurnKey packages.

  * Configuration console (confconsole) - v2.1.6:

    - Bugfix broken DNS-01 Let's Encrypt challenge - closes #1876 & #1895.
      Fixed in v2.1.5 - already included in some appliances.
    - Let's Encrypt/Dehydrated - bugfix cron failure - closes #1962.
    - General dehydrated-wrapper code cleanup - now passes shellcheck.

  * Ensure hashfile includes URL to public key - closes #1864.

  * Web management console (webmin):

    - Include webmin-logviewer module by default - closes #1866.
    - Upgraded webmin to v2.105.
    - Replace webmin-shell with webmin-xterm module by default - closes #1904.

  * Reduce log noise by creating ntpsec log dir - closes #1952.

 -- Jeremy Davis <jeremy@turnkeylinux.org>  Fri, 05 Jul 2024 00:13:46 +0000

turnkey-core-18.0 (1) turnkey; urgency=low

  * Upgraded base distribution to Debian 12.x/Bullseye.

  * Configuration console (confconsole):

    - Support for DNS-01 Let's Encrypt challenges.
    [ Oleh Dmytrychenko <dmytrychenko.oleh@gmail.com> github: @NitrogenUA ]
    - Support for getting Let's Encrypt cert via IPv6 - closes #1785.
    - Refactor network interface code to ensure that it works as expected and
      supports more possible network config (e.g. hotplug interfaces & wifi).
    - Show error message rather than stacktrace when window resized to
      incompatable resolution - closes  #1609.
    [ Stefan Davis <stefan@turnkeylinux.org> ]
    - Bugfix exception when quitting configuration of mail relay.
    [ Oleh Dmytrychenko <dmytrychenko.oleh@gmail.com> github: @NitrogenUA ]
    - Improve code quality: implement typing, fstrings and make (mostly) PEP8
      compliant.
    [ Stefan Davis <stefan@turnkeylinux.org> & Jeremy Davis ]

  * Firstboot Initialization (inithooks):

    - Refactor start up (now hooks into getty process, rather than having it's
      own service).
    [ Stefan Davis <stefan@turnkeylinux.org> ]
    - Refactor firstboot.d/01ipconfig (and 09hostname) to ensure that hostname
      is included in dhcp info when set via inithooks.
    - Package turnkey-make-ssl-cert script (from common overlay - now packaged
      as turnkey-ssl). Refactor relevant scripts to leverage turnkey-ssl.
    - Refactor run script - use bashisms and general tidying.
    - Show blacklisted password characters more nicely.
    - Misc packaging changes/improvements.
    - Support returning output from MySQL - i.e. support 'SELECT'. (Only
      applies to apps that include MySQL/MariaDB).

  * Web management console (webmin):

    - Upgraded webmin to v2.102.
    - Removed stunnel reverse proxy (Webmin hosted directly now).
    - Ensure that Webmin uses HTTPS with default cert
      (/etc/ssl/private/cert.pem).
    - Disabled Webmin Let's Encrypt (for now).

  * Web shell (shellinabox):

    - Completely removed in v18.0 (Webmin now has a proper interactive shell).

  * Backup (tklbam):

    - Ported dependencies to Debian Bookworm; otherwise unchanged.

  * Security hardening & improvements:

    - Generate and use new TurnKey Bookworm keys.
    - Automate (and require) default pinning for packages from Debian
      backports. Also support non-free backports.

  * IPv6 support (where not noted elsewhere):
    - Adminer (only on LAMP based apps) listen on IPv6.
    - Nginx/NodeJS (NodeJS based apps only) listen on IPv6.

  * Misc bugfixes & feature implementations:

    - Remove rsyslog package (systemd journal now all that's needed).
    - Include zstd compression support.
    - Enable new non-free-firmware apt repo by default.
    - Improve turnkey-artisan so that it works reliably in cron jobs (only
      Laravel based LAMP apps).

 -- Jeremy Davis <jeremy@turnkeylinux.org>  Mon, 28 Aug 2023 04:49:46 +0000

turnkey-core-17.1 (1) turnkey; urgency=low

  * Updated all Debian packages to latest.
    [ autopatched by buildtasks ]

  * Patched bugfix release. Closes #1734.
    [ autopatched by buildtasks ]

 -- Jeremy Davis <jeremy@turnkeylinux.org>  Tue, 12 May 2022 01:41:55 +0000

turnkey-core-17.0 (1) turnkey; urgency=low

  * Upgraded base distribution to Debian 11.1/Bullseye.

  * Configuration console (confconsole):

    - Minor packaging changes for Debian Bullseye.
    - Fix warnings on Confconsole when upgrading to Python3.9 - resolved by
      swapping identity check for equality check - closes #1634.
    - Remove dhparams generation - part of #1653.
    - Move Secupdates_adv_conf.py (confconsole plugin) from "common" into
      confconsole package. Should have no end user impact.
    - Bugfix & improvments to Let's Encrypt plugin:
      - Fix cert not being used on stand-alone Tomcat appliance - closes #1712.
      - Update to support changed systemd output (fixes stunnel not restarted
        on Bullseye).
    - Improvements in Keyboard setting plugin - not sure if this is enough to
      fix it, but it should at least be closer. Related to #1695.
    - General code and documentation improvements.

  * Firstboot Initialization (inithooks):

    - Minor packaging changes for Debian Bullseye.
    - Bugfix typo in firstboot.d/15regen-sslcert.
    - Update the init-fence default html.
    - Update simplehttpd.py cyphers.
    - Remove dhparams generation - part of #1653.
    - Code refactor to provide inithook_lib.
    [ Stefan Davis ]

  * Web management console (webmin):

    - Upgraded webmin to v1.990.
    - Bugfix, refactor and improve TKLBAM Webmin module. Closes #178, #190,
      #288, #1065, #1260 & #1680.
    [ Jeremy Davis ]
    - Include webmin-firewall6 (firewall UI for IPv6) by default.
    [ Richard van Dijk ]
    - Update individual Webmin stunnel config to support IPv6 - part of #1658.
    [ Richard van Dijk ]

  * Web shell (shellinabox):

    - Update individual Webshell stunnel config to support IPv6 - part of
      #1658.
    [ Richard van Dijk ]

  * Backup (tklbam):

    - Change default NTPSERVER to one that also supports IPv6 - part of #1658.
    [ Richard van Dijk ]
    - Build specific py2 dependencies previously provided by Debian for
      Bullseye base (TKLBAM still py2). Ideally it should be updated to py3
      (or rewritten) but we don't want to block v17.0 release any further.
    - No longer include live* related packages (e.g. di-live, live-tools, etc)
      in TKLBAM default package list (pkgs only in ISO and uninstalled on
      install). Closes #1681.

  * Security hardening & improvements:

    - Generate and use new TurnKey Bullseye keys.
    - Provide predefined dh_params (via 'turnkey-make-ssl-cert' where
      relevant) as per RFC7919 - part of #1653.
    - Enable TLS by default for use with Postfix.
    - Servers which include Apache|LigHHTTPd|Nginx now have HSTS and OCSP
      stapling configuration (not fully enabled by default - as requires valid
      SSL/TLS cert).

  * Misc bugfixes & feature implementations:

    - Remove redundant autologin, singleuser_shell & ssh_emptypw scripts from
      default common overlay.
    - Cleanup/tweak MOTD.
    - Update vim default conf path (for new version of vim in Bullseye).
    - Move Nginx & LigHTTPd apps from FastCGI to PHP-FPM (apps with
      Nginx/LigHTTPd only) - closes #1589.

 -- Jeremy Davis <jeremy@turnkeylinux.org>  Thu, 07 Apr 2022 06:27:15 +0000

turnkey-core-16.1 (1) turnkey; urgency=low

  * Upgraded base distribution to Debian 10.8/Buster.

  * Configuration console (confconsole):

    - Improvements to networking robustness and error reporting - allow setting
      up of previously unconfigured or even to some extent misconfigured
      networking - closes #1457.
    [ Stefan Davis & Jeremy Davis ]
    - Catch socket.gaierror in Mail Relaying - closes #1472.
    [ Stefan Davis ]
    - Fixed Confconsole stacktrace - closes #1478.
    [ Stefan Davis ]
    - Support copy/paste in Confconsole - closes #1545.
    - Option to change default auto secupdates issue resolution - closes
      #1536.
    - Include confconsole plugin to allow configuration of confconsole
      autostart - closes #1561.
    - Fix Let's Encrypt staging server URL in config - closes #1497.
    - (Apps with MySQL/MariaDB only) Confconsole perf and info schema install
      option - closes #1429.

  * Firstboot Initialization (inithooks):

    - Add option to turnkey-init to launch full confconsole when finished.
    - Improve customization re password complexity and blacklisted chars.
    - Improve help text and remove buggy code causing issues in LXC
      containers - closes #1451.
    - Only launch Confconsole at end of run on non-headless builds.
    - Provide systemd service file for turnkey-init-fence.

  * Web management console (webmin):

    - Updated Webmin to v1.970.
    - Improved service to make more robust (particularly within LXC) - closes
      #1480.
    - Set iptables-legacy as default so webmin-firewall works as expected -
      closes #1488.
    - (Apps with MySQL/MariaDB/webmin-mysql only) Default MySQL user 'adminer'
      (when 'webmin-mysql' module installed) - closes #1529.

  * Hub Domains client (hubdns):

    - Fixed server DNS mapping not updated on IP change - closes #1508.

  * Misc bugfixes & feature implementations:

    - Add alert for RUN_FIRSTBOOT in MOTD - closes #1129.
    - Fix MOTD/turnkey-sysinfo if no network interfaces discovered - closes
      #1461.
    - Make root:root & 755 ownership/permissions of /usr/local default -
      closes #1440.
    - Improve 'stunnel4@.service' systemd service template to resolve issues -
      closes #1513.
    - Provide (optional) 'eth1' interface configured as "hotplug" - closes
      #1492.
    - (LAMP/LAPP based apps) Only install composer on apps that explicitly
      use it, or where it makes sense (e.g. LAMP & LAPP will include it) -
      closes #1563.
    - (Apps with Composer only) Provide turnkey-composer wrapper script so
      it's easy to not run composer as root - closes #1539.
    - (Apps with Composer only) Automatically clear Composer cache and
      shallow clone composer installed deps - closes #1541.
    - (Apps with PHP only) Remove deprecated opcache.fast_shutdown option from
      config - closes #1538.
    - (Apps with Adminer only) Give grant privileges to adminer MySQL/MariaDB
      user- closes #1496.

 -- Jeremy Davis <jeremy@turnkeylinux.org>  Fri, 12 Feb 2021 15:12:49 +1100

turnkey-core-16.0 (1) turnkey; urgency=low

  * Upgraded base distribution to Debian 10.3/Buster.

  * TurnKey Backup and Migration (tklbam):

    - Fix paths with spaces not working in overrides - closes #1403.
    [ Stefan Davis ]
    - Package and dependencies rebuilt against Debian 10.3/Buster.
    [ Jeremy Davis ]

  * Configuration console (confconsole):

    - Migrate code to python3, use default Debian dialog & python3-dialog
      packages (no longer packaging our own forks).
    - LE plugin: Completely refactor add-water.
    - Networking: Add warning when changing ip inside an ssh session.
    [ Stefan Davis ]
    - No longer run as separate service (launched at first boot by inithooks).
    - LE plugin: Improve Dehydrated cron job - closes #912.
    - LE plugin: Backup domains.txt if it exists so can be manually restored
      if desired. Part of #1365.
    - LE plugin: Ensure that ACME v2 API endpoint is used everywhere. Part of
      #1365.
    - DH params plugin: New plugin for v16.0; update/improve Diffie-Hellman
      parameters bit size. Closes #575. Part of #1432.
    - Mail relay plugin: Allow unauthenticated SMTP relay. Closes #844.
    - Mail relay plugin: Refactoring, improved error handling. Closes #1434.
    [ Jeremy Davis ]
    - All plugins updated to python3 and update python-dialog/dialog usage.
    - Hostname plugin: Do some validation and bugfix implementation. Closes
      #845.
    [ Stefan Davis & Jeremy Davis ]

  * Firstboot Initialization (inithooks):

    - Migrate code to python3.
    [ Stefan Davis ]
    - Migrate TLS/SSL inithooks from common/overlay into inithooks package.
    - Leverage (refactored/extended) turnkey-make-ssl-cert script to also
      generate Diffie-Hellman parameters. Part of #1432.
    - Option to launch full Confconsole on completion (defaults to minimal).
    - Fix error message when password complexity = 4 in dialog_wrapper
      (previous message was misleading).
    - Add support for blacklisted characters when setting password via
      dialog_wrapper.
    [ Jeremy Davis ]

  * Web management console (webmin):

    - Upgraded webmin to v1.941
    - Developed improved systemd webmin.service file.
    - Individual Webmin stunnel config - easier to disable/enable Webmin &
      Webshell independently.
    [ Jeremy Davis ]

  * Web shell (shellinabox):

    - Individual Webshell stunnel config - easier to disable/enable Webmin &
      Webshell independently.
    [ Jeremy Davis ]

  * Installer (di-live):

    - Migrate code to python3.
    - Update Debian Installer source components (from Debian d-i source).
      Closes #412.
    - Leverage Debian Live Tools for running live and installing (no longer
      requires casper and busybox-initramfs).
    - Other major refactoring.
    [ Jeremy Davis ]

  * Live environment:

    - Leverage Debian default live environment (casper and alternate busybox
      package no longer required; built on default Debian packages; live-tools
      & live-boot). Closes #942.
    [ Jeremy Davis ]

  * Miscellaneous:

    - ssh-server: Relax SSH config slightly to reduce issues with fail2ban -
      closes #1398.
    - hubtools: Fix hub-list-backups - closes #1173.
    - turnkey-make-ssl-cert: support (re)generation of Diffie-Hellman
      parameters. Part of #1432.

 -- Jeremy Davis <jeremy@turnkeylinux.org>  Tue, 07 Apr 2020 18:44:24 +1000

turnkey-core-15.0 (1) turnkey; urgency=low

  * Upgraded base distribution to Debian 9.4/Stretch.

  * TurnKey Backup and Migration (tklbam):

    - package and dependencies are now reproducible (security)
      [ Chris Lamb ]
    - backup update fix - new dependency for Stretch; gnupg (closes #962)
      [ Ken Robinson ]
    - restore update fix - ensure patches are applied to tklbam-squid source
      code (TurnKey squid fork) (closes #970)
      [ Ken Robinson (troubleshooting) & Chris Lamb (fix) ]

  * Installer (di-live):

    - package is now reproducible (security)
      [ Chris Lamb ]
    - fix di-live failing to install from live system (closes #1041)
      [ Stefan Davis ]

  * Live environment (casper):

    - package is now reproducible (security)
      [ Chris Lamb ]
    - update to support overlayFS (default layering filesystem in stretch)
      [ Stefan Davis ]

  * Configuration console (confconsole):

    - general:
      - package is now reproducible (security)
        [ Chris Lamb ]

    - Networking:
      - fix for static IP not sticking (since upgrade to stretch base)
        (closes #952)

    - Let's Encrypt plugin:
      - install 'dehydrated' (ACME client) from Debian main repo (previously
        installed from jessie-backports)
      - significant refactoring of plugin
      - support for multiple domains (closes #843)
      - fix for updated ACME ToS; including dynamically discovered latest ToS;
        inc dialog display of url for current ToS (closes #976)
      - update dialog and readme for Debian Stretch (closes #1061)
        [ Stefan Davis ]

  * Firstboot Initialization (inithooks):

    - Updates for headless builds especially LXC/Proxmox & Xen:
      - include specific inithooks-lxc.service file - initialization systemd
        service that works reliably inside an LXC container (and doesn't effect
        other builds) (closes #1071)
      - include specific inithooks-xen.service file - initialization systemd
        service that works reliably with the Xen console (and doesn't effect
        other builds)
      - force non-interactive dpkg-reconfigure of openssh-server (closes #1085)
      - updated initfence index page to note that webshell not available
        (closes #1087)
      - fix edge case bug where turnkey-sudoadmin would incorrectly adjust
        services.txt (closes #1124)

  * Web management console (webmin):

    - upgraded webmin to v1.881
    - package is reproducible (no changes required) (security)
    - resolve stretch related install problem (closes #920)
      [ Ken Robinson ]
    - new default theme, uses upstream default; 'Authentic' (closes #781)
    - TurnKey theme customizations; TurnKey logos, default to show TKLBAM
      module on login
    - remove webmin-file (java based filemanager) module (closes #965)
    - remove webmin-texteditor module (upstream)
    - include webmin-fail2ban module
    - add convenience symlinks to useful Webmin logs (in /var/log/webmin)
    - reconfigure webmin-raid & webmin-lvm modules during build (workaround
      for #1091)

  * TurnKey AMQ (tklamq) - only applies to Hub builds:

    - python-carrot deprecated, move to dependency on python-kombu

  * Web shell (shellinabox):

    - install v2.20 direct from Debian main repo (no longer maintaining our
      own fork) (closes #918)
    - version from Debian displays ncurses dialog properly (closes #317)
    - white on black default webshell (aka shellinabox) theme (closes #1060)

  * Security hardening:
    [ John Carver ]

    - default config mods for:
      - postfix
      - ssh
      - kernel sysctl variables
        - inc easy option to override (via /etc/sysctl.conf)

  * Optimized builds (buildtasks):

    - VM builds (OVA & VMDK):
      - include open-vm-tools-dkms & linux-headers-amd64 in base builds (closes
        #1001)
        [ Stefan Davis ]

  * Miscellaneous:

    - update to support overlayFS (default layering filesystem in stretch)
    - default to systemd init system for all builds
    - use traditional network interface names, e.g. 'eth0' (disable stretch
      default of "Predictable Network Interface Names")
    - 'dpkg-vendor --query Vendor' now returns 'TurnKey` (closes #196)
    - include fail2ban in all appliances (closes #630 & #991)
      - MVP uses default Debian conf, protects SSH only
    - use http://deb.debian.org as Debian url in sources.list - as
      recommended by Debian (closes #927)
    - upstream fix for MOTD not being updated dynamically (closes #1024)
      [ Stefan Davis ]

 -- Jeremy Davis <jeremy@turnkeylinux.org>  Tue, 19 Jun 2018 12:35:59 +1000

turnkey-core-14.2 (1) turnkey; urgency=low

  * Upgraded base distribution to Debian Jessie 8.7.

  * Webmin (web based administration):

    - Update to 1.831 (includes fix for [#493]).

  * Confconsole (configuration console - console based admin):

    - significant refactoring to support "Advanced" plugins [#369].
    - Included new plugins:

      - Region Config >> Locales/Keyboard/Tzdata [#14, #38, #746, 
        #770, #771].
      - Proxy Settings >> Apt proxy [#203].
      - System Settings >> Set hostname [#180, #450, #765, #795].
      - Mail relay - SMTP email relay config [#482].
      - Let's Encrypt SSL certs (via Dehydrated) [#546, #766, #767].

        - includes install of dehydrated (from jessie-backports).

  * Inithooks (firstboot initialization):

      - make secalerts more robust [#532].
      - password complexity requirements explicitly stated [#556].

  * di-live (TurnKey installer):

      - resolved LVM install bug [#782].
      - di-live - reordered install options so install to LVM is 
        default [#791].

  * TKLBAM (backup and migration tool):

      - various bugfixes and improvements.

  * miscellaneous:

      - tweaked turnkey-make-ssl-cert for improved code styling and
        functionality.
      - fixed Monit configuration [#603].
      - update default apt URLs to httpredir.debian.org [#742].
      - removed core package from all builds (except core) [#762].
      - improved default vim-tiny config [#763].

 -- Jeremy Davis <jeremy@turnkeylinux.org>  Wed, 29 Mar 2017 12:41:10 +1100

turnkey-core-14.1 (1) turnkey; urgency=low

  * Installed all Debian security updates.

  * Installed updated packages from TurnKey repo
    - Webmin - Update to 1.780 [#496].
    - Webmin - Install new HTML5 file manager.
    - Confconsole - now handles bridged LXC net config.
    - Inithooks - email regex now less demanding [#155].
    - Inithooks - ssh message on root login attempt (under sudoadmin)
      to a TKL EC2 instance like Debian does [#541].
    - Inithooks - improved container fence firstboot console output [#570].

  * turnkey-make-ssl-cert now leaks the least amount of info possible 
    [#572].

 -- Jeremy Davis <jeremy@turnkeylinux.org>  Thu, 25 Feb 2016 00:28:44 +1100

turnkey-core-14.0 (1) turnkey; urgency=low

  * Upgraded base distribution to Debian Jessie 8.1.

  * TurnKey Backup and Migration (tklbam):

    - No longer requires TurnKey Hub or even a network connection.
    - Ability to force a profile.
    - Increased robustness of MySQL backup/restore.
    - Improved logging (output in realtime, exceptions, rotation).
    - Usability improvements (more verbose, self-documenting).
    - Improved --debug behavior.
    - Multiple bugfixes and improvements
      https://github.com/turnkeylinux/tklbam/blob/master/docs/RelNotes-1.4.txt

  * Web management console (webmin):

    - Upgraded webmin to 1.760.
    - Served behind stunnel4 for improved SSL.

  * Web shell (shellinabox):

    - Served behind stunnel4 for improved SSL.
    - Bugfix: only one line displayed on mobile device (i.e. ipad).

  * Initialization hooks (inithooks):

    - Kernel upgrade on firstboot will trigger a reboot.
    - TurnKey initialization fence HTTPS encryption warning explanation.
    - Improved SSH key regeneration.
    - Added system notifications and critical security alerts hook.
    - Added turnkey-sudoadmin (configure system to use sudo admin user).
    - Added hostname configuration hook.
    - Added autogrow filesystem hook.
    - Added IP configuration hook.
    - Added support for systemd.

  * Configuration console (confconsole):

    - Added support for systemd.

  * Installer (di-live):

    - Updated to support Debian 8.0, version bump to 0.9.5.
    - Upgraded partitioner with latest d-i upstream code.
    - Removed alignment tags which are not interpreted by debconf.
    - Updated build-depends and recommends.
    - Added support for systemd.

  * Miscellaneous

    - monit: added cpu/ram/swap/disk alerts.
    - systemd: set as default init system.
    - ssl/ssh: lots of security improvements.
    - openssh-server: configured to permit root login with password.
    - vim-tiny: set as alternative for vim instead of symlink.
    - sources.list: updated cdn.debian.net to http.debian.net.
    - udhcpc: added support for /32 IPv4 subnets.
    - bashrc: added missing aliases for color terms.
    - iso-hybrid: ISO images are pre-processed for USB flash booting.
    - gfxboot: updated to support newer syslinux version.
    - busybox-initramfs: custom built enabling initramfs support.

 -- Alon Swartz <alon@turnkeylinux.org>  Thu, 27 Aug 2015 18:32:27 +0300

turnkey-core-13.0 (1) turnkey; urgency=low

  * Upgraded base distribution to Debian Wheezy 7.2.

  * TurnKey Backup and Migration (tklbam):

    - Added PostgreSQL database support.
    - Added MySQL support for views and triggers.
    - Added --raw-upload and --dump options to backup.
    - Added --raw-download and --simulate options to restore.
    - Added "inspect" state to hooks mechanism.
    - Multiple backup and restore bugfixes and improvements.
      https://github.com/turnkeylinux/tklbam/blob/master/docs/RelNotes-1.3.txt

  * Web management console (webmin):

    - Upgraded webmin to 1.630.
    - New version includes new BSDfdisk modules.

  * Bugfixes and tweaks:

    - busybox-initramfs: custom built enabling initramfs support.
    - resolvconf: set resolver timeout to 1 second (useful when offline).

 -- Alon Swartz <alon@turnkeylinux.org>  Thu, 10 Oct 2013 13:56:25 +0300

turnkey-core-12.1 (1) turnkey; urgency=low

  * Upgraded base distribution to Debian Squeeze 6.0.7.

  * Available in both 32-bit (i386) and 64-bit (amd64) architectures.

  * TurnKey Backup and Migration (tklbam):

    - Fixed MySQL deserialization code (duplicated last element in row if > 1MB).
    - Fixed keypacket AES cipher initialization required as of python-crypto 2.6.
    - Added jitter to tklbam-backup cron job.
    - Refactored to use pycurl-wrapper's new API class.

  * TurnKey Configuration Console (confconsole):

    - Fixed multiple network interface support (LP#1045320).
    - Added support for --usage (no advanced menu options).
    - Replaced kbd recommendation with console-tools | console-utilities.

  * TurnKey Initialization Hooks (inithooks):

    - Implemented turnkey-init-fence for headless deployments.
    - Re-implemented turnkey-init in Python.
    - Display confconsole usage as last screen of turnkey-init.
    - Improved hooks sub-execution and handling of CTRL-C.
    - Imported common hooks from overlay into package.
    - Limit paragraph width for better UX.
    - Replaced kbd dependency with console-tools | console-utilities.

  * Web management console (webmin):

    - Upgraded webmin to 1.620.
    - New version includes new ISCSI modules and a gray theme.

  * Web shell (shellinabox):

    - Support new keycodes (dash, underscore) used by firefox 15+ (LP#1104164).
    - Install available options as is without renaming or enabling.
    - Enable default options (white-on-black, color) postinst.
    - Fixed broken packaging of stray option styling files.
    - Fixed colors to support dialog interfaces.

  * TurnKey Python Library (turnkey-pylib):

    - Multiple improvements to Parallelize and Command modules.
    - Added 20 new modules.

  * Bugfixes and tweaks:

    - packages: added curl (generically useful).
    - packages: acpi-support-base (handle acpi events - LP#101194).

    - apt: replaced auto-apt-archive with Debian's CDN mirror network.
    - apt: updated trusted.gpg.d/$release to $distro.
    - apt: removed ubuntu trusted key.

    - bash: improved bashrc whitespace support (LP#932388).
    - bash: added useful git aliases (see ~/.bashrc.d/git).

    - di-live: updated architecture config and bootloader depends.
    - di-live: replaced kbd recommendation with console-tools | console-utilities.

    - busybox-initramfs: custom built enabling initramfs support.
    - casper: updated path_id execution per udev changes.

    - sshd: disabled dns checks (if resolution fails will prevent logins).
    - motd: tweaked configuration to support upcoming Wheezy release.
    - pycurl-wrapper: added timeout support, created new API class.
    - hubdns: increased jitter, refactored to use pycurl-wrapper's API class.

  * Latest versions of all packages will be installed during build.

 -- Alon Swartz <alon@turnkeylinux.org>  Wed, 03 Apr 2013 08:00:00 +0200

turnkey-core-12.0 (1) turnkey; urgency=low

  * Upgraded base distribution to Debian Squeeze 6.0.5.

    - Support for dependency based boot sequence (insserv).
    - Default ISO Kernel 2.6-686 (TKL Core Lenny was 486).

  * TKLBAM (backup and migration):

    - Upgraded to latest version of TKLBAM (see changelog for details, below
      are some of the highlights).
    - Added embedded squid download cache support.
    - Added backup resume functionality.
    - Added support for multipart parallel uploads to S3.
    - Upgraded duplicity and python-boto.
    - Multipart parallel S3 uploads.
    - Fixed root cause of MySQL max packet issue (bugfix).

  * Installer (di-live):

    - Upgraded di-live to latest version compatible with Squeeze.
    - Misc bugfixes and tweaks.

  * Boot (bootsplash and grub):

    - Upgraded bootsplash generation to be compatible with Squeeze.
    - Removed bootsplash unused panel options and extraneous files.
    - Tweaked grub default timeouts (hidden_timeout=0, timeout=3).

  * Locale:

    - Set default locale to en_US.UTF-8 (was en_GB).
    - Updated locale configuration for compatibility with Squeeze.
    - Includes localepurge (pre-configured and initialized).

  * Web management console (webmin):

    - Upgraded webmin to 1.590 and default theme.
    - Disabled inline webmin upgrades (managed by APT).
    - Moved history logging to /var/webmin (incorrect use of /etc).

  * Web shell (shellinabox):

    - Upgraded shellinabox to 2.14.

  * Bugfixes and tweaks:

    - Fixed LSB compatibility (di-live, inithooks, confconsole) [LP#700399].
    - Added support for spaces in bashrc promptpath [LP#932388].
    - Replaced APT trusted.db with trusted.gpg.d/$distro.
    - Added bashmarks (super useful bash bookmarking).

    - Removal of log files generated during build.

    - inithooks: Improved headless deployment (REDIRECT_OUTPUT directive).
    - etckeeper: Uninitialization post build and firstboot (turnkey-init).
    - resolvconf: Removed upstart hack (not relevant on Squeeze).
    - confconsole: Miscellaneous bugfixes and refactoring.
    - install-security-updates: Wrapper script for convenience.

 -- Alon Swartz <alon@turnkeylinux.org>  Wed, 01 Aug 2012 08:00:00 +0200

turnkey-core-11.3 (1) turnkey; urgency=low

  * Installed security updates.
  * Enabled etckeeper garbage collection by default.
  * Upgraded to latest inithooks version (adhoc re-initialization via turnkey-init)

 -- Alon Swartz <alon@turnkeylinux.org>  Mon, 05 Dec 2011 10:48:44 +0000

turnkey-core-11.2 (1) turnkey; urgency=low

  * Installed security updates.
  * Added HubDNS package and firstboot configuration.

 -- Alon Swartz <alon@turnkeylinux.org>  Fri, 15 Jul 2011 07:47:08 +0000

turnkey-core-11.1 (1) turnkey; urgency=low

  * Upgraded base distribution to Ubuntu 10.04.1 LTS.

  * No more chimeras (mixing of packages from Debian/ubuntu).

  * Installer (di-live):

    - Added LVM support, with guided partitioning supported in di-live,
      and webmin module for convenience.
    - Guided partitioning of root volume will default to 90% of volume
      group to support LVM snapshots out of the box.
    - Moved appliance secret regeneration, configuration, setting of
      passwords to inithooks to run on firstboot.
    - Installation media will be ejected and a message displayed to
      remove media after successful installation.
    - Warning messages will be logged instead of inline (caused a bad
      user experience).
    - Upgraded di-live to latest version compatible with Lucid.

  * Initialization Hooks (inithooks):

    - Setting of passwords and configuration is now done on firstboot.
    - Application specific configuration (passwords, email, domain) is
      now supported putting an end to default settings.
    - This supports all build targets such as VM builds, and most run
      in live-mode (convenience, consistent user-experience).
    - Includes auto-apt-archive to configure the closest APT package
      archive, determined via the TurnKey Hub GeoIP service.
    - All relevant inithooks can be preseeded, refer to:
      https://www.turnkeylinux.org/docs/inithooks
          
  * Configuration Console (confconsole):

    - /etc/confconsole/usage.txt has been replaced with services.txt
    - The usage screen is now updated dynamically for simpler management
      and customization.

  * Updated bootsplash menu:

    - Install to hard disk - default, moved to first option.
    - Live system -> Try without installing (Live CD demo mode).
    - Removed Boot from first hard disk.

  * Display system info in motd, as well non-persistent mode warning (motd).

  * NTP configured with recommended pool servers and to cope with large time
    drifts.

  * Setting of LANG in /etc/default/locale.

  * Packages:

    - Includes TKLBAM (TurnKey Backup and Migration) + new Webmin module.
    - Includes etckeeper initialized on firstboot (using git-core).
    - Includes logrotate for automatic log rotation.

    - Configured APT to not install recommends by default.

    - Upgraded webmin to 1.520 and default theme.
    - Upgraded shellinabox to 2.10, set default theme to white-on-black.

    - Customized bashrc and bashrc.d scripts.
    - Includes bash-completion (very useful addition for cli).
    - Includes iproute (ipv6 provisoning).
    - Includes acpid (support hypervisor reboot/power down signals).
    - Replaces host with bind9-host (deprecated).
    - Replaces sysklogd and klogd with rsyslog (inline with Ubuntu).

    - Grub2 (grub-pc) pre-configuration (verbose, timeout, console).

 -- Alon Swartz <alon@turnkeylinux.org>  Sun, 19 Dec 2010 15:01:05 +0200

turnkey-core-2009.10 (2) hardy; urgency=low

  * Installed all security updates (see manifest for package versions).

  * Install security updates on firstboot (except when running live).

  * Trick webmin into not checking for upgrades (managed by apt).

  * Included latest version of inithooks and updated scripts.

  * Included wget as per common request.

 -- Alon Swartz <alon@turnkeylinux.org>  Mon, 29 Mar 2010 09:02:11 +0200

turnkey-core-2009.10 (1) hardy; urgency=low

  * Upgraded base distribution to Ubuntu 8.04.3 LTS.

  * Added shell-in-a-box to provide web shell access (listening on port
    12320 - uses SSL).

  * Added inithooks to execute firstboot/everyboot scripts, for example
    regenerating cryptographic keys on live boot:
    
    - SSH keys.
    - Default SSL certificate (used by Webmin, Apache, Lighttpd).

  * Upgraded Webmin to 1.490 and default theme.

    - Disabled Webmin scheduled updates (managed by APT)

  * New versions of confconsole and di-live include many improvements and
    bugfixes (see their respective release notes for details).

  * Implemented APT pinning downgrade workaround (LP#315175).
  * Added a few generically useful packages (unzip: LP#356099, ethtool).
  * Added IPv6 configuration to /etc/hosts.

 -- Alon Swartz <alon@turnkeylinux.org>  Tue, 29 Sep 2009 15:39:41 +0200

turnkey-core-2009.02 (1) hardy; urgency=low

  * initial public release of the TurnKey Linux "core": it's the basic
    appliance on top of which all TurnKey Linux appliances are now built.

  * upgraded base distribution to Ubuntu 8.04.2 LTS

  * added many generically useful webmin modules:
  
    - network
        - firewall configuration (with example configuration)
        - network configuration

    - system
        - configure time, date and timezone
        - configure users and groups
        - manage software packages
        - change passwords
        - system logs

    - tools
        - text editor
        - shell commands
        - simple file upload/download
        - file manager (needs support for Java in browser)
        - custom commands

  * changed webmin port from 10000 to 12321 (more distinct, easier to type)

  * regenerate cryptographic keys during installation
    
    - SSH keys 
    - default SSL certificate (used by webmin, Apache, lighttpd)

  * configured sshd to permit an empty password in demo/live mode

  * improved package management configuration

    - enabled Ubuntu's Universe component by default (convenience)
    - cron-apt configured to:

        - correctly handle modified conffiles when auto-upgrading (won't hang)
        - only auto-upgrade packages from the security components
        - update the cache for all components 
        - share sources with other interfaces to apt (e.g., apt-get)
        - log to syslog instead of mailing root

  * new versions of confconsole and di-live include many improvements and
    bugfixes (see their respective release notes for details)

  * changed default console font to improve readability of console dialogs
  * added a few generically useful packages (iptables, ntp, nano)
  * updated /etc/network/interfaces to support multiple network interface cards
  * replaced metalog with sysklogd/klogd
  * optimized footprint (rebuilt from bare essentials)
  * added the release package that holds this changelog

 -- Alon Swartz <alon@turnkeylinux.org>  Thu, 29 Jan 2009 14:31:46 +0200
