-
Notifications
You must be signed in to change notification settings - Fork 49
/
changelog
262 lines (175 loc) · 10 KB
/
changelog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
turnkey-openvpn-18.1 (1) turnkey; urgency=low
* v18.1 rebuild - includes latest Debian & TurnKey packages.
* Update/fix TLS config - closes #1996.
[Stefan Davis <[email protected]>]
* Configuration console (confconsole) - v2.1.6+2+ge808780:
- Fix password quoting in mail relay plugin - support SASL
passwords including spaces - closes #1994.
- Bugfix broken DNS-01 Let's Encrypt challenge - closes #1876 & #1895.
Fixed in v2.1.5 - already included in some appliances.
- Let's Encrypt/Dehydrated - bugfix cron failure - closes #1962.
- General dehydrated-wrapper code cleanup - now passes shellcheck.
* Web management console (webmin):
- Include webmin-logviewer module by default - closes #1866.
- Replace webmin-shell with webmin-xterm module by default - closes #1904.
* Reduce log noise by creating ntpsec log dir - closes #1952.
-- Jeremy Davis <[email protected]> Mon, 18 Nov 2024 06:14:22 +0000
turnkey-openvpn-18.0 (1) turnkey; urgency=low
* Install OpenVPN from Debian repos - v2.6.3.
[Anton Pyrogovskyi <[email protected]>]
* Helper scripts updated to match upstream changes from easy-rsa.
[Anton Pyrogovskyi <[email protected]>]
* Helper script renamed: 'openvpn-revoke' -> 'openvpn-removeclient' - to
make it's intention clearer (and consistent with Wireguard appliance)
- closes #1347.
[Anton Pyrogovskyi <[email protected]>]
* Landing page notes updated to match changes.
[Anton Pyrogovskyi <[email protected]>]
* lighttpd config updated to match upstream changes.
[Anton Pyrogovskyi <[email protected]>]
* Shell scripts linted.
[Anton Pyrogovskyi <[email protected]>]
* Confconsole: bugfix broken DNS-01 Let's Encrypt challenge- closes #1876 &
#1895.
[Jeremy Davis <[email protected]>]
* Ensure hashfile includes URL to public key - closes #1864.
* Include webmin-logviewer module by default - closes #1866.
* Upgraded base distribution to Debian 12.x/Bookworm.
* Configuration console (confconsole):
- Support for DNS-01 Let's Encrypt challenges.
[ Oleh Dmytrychenko <[email protected]> github: @NitrogenUA ]
- Support for getting Let's Encrypt cert via IPv6 - closes #1785.
- Refactor network interface code to ensure that it works as expected and
supports more possible network config (e.g. hotplug interfaces & wifi).
- Show error message rather than stacktrace when window resized to
incompatable resolution - closes #1609.
[ Stefan Davis <[email protected]> ]
- Bugfix exception when quitting configuration of mail relay.
[ Oleh Dmytrychenko <[email protected]> github: @NitrogenUA ]
- Improve code quality: implement typing, fstrings and make (mostly) PEP8
compliant.
[Stefan Davis <[email protected]> & Jeremy Davis
* Firstboot Initialization (inithooks):
- Refactor start up (now hooks into getty process, rather than having it's
own service).
[ Stefan Davis <[email protected]> ]
- Refactor firstboot.d/01ipconfig (and 09hostname) to ensure that hostname
is included in dhcp info when set via inithooks.
- Package turnkey-make-ssl-cert script (from common overlay - now packaged
as turnkey-ssl). Refactor relevant scripts to leverage turnkey-ssl.
- Refactor run script - use bashisms and general tidying.
- Show blacklisted password characters more nicely.
- Misc packaging changes/improvements.
- Support returning output from MySQL - i.e. support 'SELECT'. (Only
applies to apps that include MySQL/MariaDB).
* Web management console (webmin):
- Upgraded webmin to v2.105.
- Replace webmin-shell with webmin-xterm module by default - closes #1904.
- Removed stunnel reverse proxy (Webmin hosted directly now).
- Ensure that Webmin uses HTTPS with default cert
(/etc/ssl/private/cert.pem).
- Disabled Webmin Let's Encrypt (for now).
* Web shell (shellinabox):
- Completely removed in v18.0 (Webmin now has a proper interactive shell).
* Backup (tklbam):
- Ported dependencies to Debian Bookworm; otherwise unchanged.
* Security hardening & improvements:
- Generate and use new TurnKey Bookworm keys.
- Automate (and require) default pinning for packages from Debian
backports. Also support non-free backports.
* IPv6 support:
- Adminer (only on LAMP based apps) listen on IPv6.
- Nginx/NodeJS (NodeJS based apps only) listen on IPv6.
* Misc bugfixes & feature implementations:
- Remove rsyslog package (systemd journal now all that's needed).
- Include zstd compression support.
- Enable new non-free-firmware apt repo by default.
- Improve turnkey-artisan so that it works reliably in cron jobs (only
Laravel based LAMP apps).
-- Jeremy Davis <[email protected]> Wed, 13 Mar 2024 07:28:18 +0000
turnkey-openvpn-17.1 (1) turnkey; urgency=low
* Updated all Debian packages to latest.
[ autopatched by buildtasks ]
* Patched bugfix release. Closes #1734.
[ autopatched by buildtasks ]
-- Jeremy Davis <[email protected]> Fri, 11 Nov 2022 02:00:46 +0000
turnkey-openvpn-17.0 (1) turnkey; urgency=low
* Updated all relevant Debian packages to Bullseye/11 versions
* Close #1522 (set timezone in inithook)
* Close #1328 (initfence not working on aws)
* Note: Please refer to turnkey-core's 17.0 changelog for changes common to all
appliances. Here we only describe changes specific to this appliance.
-- Stefan Davis <[email protected]> Wed, 20 Jul 2022 03:01:51 +0000
turnkey-openvpn-16.1 (1) turnkey; urgency=low
* Rebuilt against latest Debian Buster
* Note: Please refer to turnkey-core's 16.1 changelog for changes common to all
appliances. Here we only describe changes specific to this appliance.
-- Stefan Davis <[email protected]> Mon, 26 Apr 2021 17:14:11 +1000
turnkey-openvpn-16.0 (1) turnkey; urgency=low
* Latest Debian Buster package version of OpenVPN and other components.
* Note: Please refer to turnkey-core's changelog for changes common to all
appliances. Here we only describe changes specific to this appliance.
-- Stefan Davis <stefan@turnkeylinux> Mon, 12 Oct 2020 17:50:31 +1100
turnkey-openvpn-15.2 (1) turnkey; urgency=low
* Add Confconsole convienence scripts - closes #992.
[ Zhenya Hvorostian ]
-- Jeremy Davis <[email protected]> Fri, 22 Mar 2019 09:55:54 +1100
turnkey-openvpn-15.1 (1) turnkey; urgency=low
* extend default_crl_days to 1095 (i.e. CRL expiry = 3 years) - closes #1291
* Update openvpn-addclient script to current standards, include
'remote-cert-tls server' & 'auth-nocache' - closes #1264.
[ https://github.com/AlejandroBOFH ]
* Refacter openvpn-addclient script to accept '--no-authcache' as an
optional argument so 'auth-nocache' is optional rather than being forced.
-- Jeremy Davis <[email protected]> Thu, 07 Feb 2019 15:32:15 +1100
turnkey-openvpn-15.0 (1) turnkey; urgency=low
* Latest Debian Stretch package version of OpenVPN and other components.
* Workaround EasyRSA bug by providing symlink - see further discussion:
https://github.com/turnkeylinux-apps/openvpn/pull/22#discussion_r221468138
- closes #1200.
[ Stefan Davis & Anton Pyrogovskyi ]
* Create /dev/net/tun device when running within a container - via addition
of openvpn-tun.service - closes #1011.
[ Anton Pyrogovskyi & Jeremy Davis ]
* Note: Please refer to turnkey-core's changelog for changes common to all
appliances. Here we only describe changes specific to this appliance.
-- Stefan Davis <[email protected]> Mon, 24 Sep 2018 00:52:47 +1000
turnkey-openvpn-14.2 (1) turnkey; urgency=low
* Support encrypted private key (optional).
- Thanks to @JelteF (Jelte Fennema on GitHub) for initial PR.
* Fix addclient private subnet problem [#772].
- Thanks to @swamilad (on GitHub) for reporting issue & posting workaround.
* Fix OpenVPN trademark compliance (updated readme & logo) [#774].
* Fix /etc/cron.hourly/openvpn-profiles-delexpired cronjob [#800].
- Thanks to @ainkinen (Antti-Jussi Inkinen on GitHub) for reporting issue &
providing PR.
* Installed security updates.
* Note: Please refer to turnkey-core's changelog for changes common to all
appliances. Here we only describe changes specific to this appliance.
-- Jeremy Davis <[email protected]> Wed, 03 May 2017 10:50:18 +1000
turnkey-openvpn-14.1 (1) turnkey; urgency=low
* Fix LigHTTPd bug in 15regen-sllcert (#512).
* Note: Please refer to turnkey-core's changelog for changes common to all
appliances. Here we only describe changes specific to this appliance.
-- Jeremy Davis <[email protected]> Thu, 18 Feb 2016 15:19:03 +1100
turnkey-openvpn-14.0 (1) turnkey; urgency=low
* Latest Debian Jessie package version of OpenVPN and other components.
* Easy-RSA installed from Debian repos:
- Now packaged separately to openVPN
* Hardened default lighttpd SSL settings
* Note: Please refer to turnkey-core's changelog for changes common to all
appliances. Here we only describe changes specific to this appliance.
-- Jeremy Davis <[email protected]> Mon, 08 Jun 2015 19:32:46 +1000
turnkey-openvpn-13.0 (1) turnkey; urgency=low
* Initial public release of TurnKey OpenVPN.
* OpenVPN related:
- Inithook supporting server, gateway, client profiles (convenience).
- Custom openvpn-addclient script generating client profile (convenience).
- Expiring obfuscated profile download urls with QR code (convenience, security).
- Supports SSL/TLS certificates for auth and key exchange (security).
- Configured to drop privilages (security).
- Configured to run in chroot jail dedicated to CRL (security).
- Configured to use TLS-Auth HMAC verification (security).
* Note: Please refer to turnkey-core's changelog for changes common to all
appliances. Here we only describe changes specific to this appliance.
-- Alon Swartz <[email protected]> Wed, 28 Aug 2013 17:58:06 +0300