turnkey-matomo-18.0 (1) turnkey; urgency=low

  * Install latest Matomo stable - v4.15.1.

  * Update Matomo cron job to current recommendations (every 5 mins) and
    disable web cron.

  * Include GeoIP dependencies, DB and monthly cron job (for free GeoIP DB).

  * Tweak/improve Matomo specific inithooks, inc fstrings and don't overwrite
    trusted localhost.

  * Ensure MariaDB 'max_allowed_packet=256M' is set properly (and stays set).

  * DEV: Move PHP memory_limit bump to Makefile (no change for end user).

  * Debian default PHP updated to v8.2 - closes #1874.

  * Ensure hashfile includes URL to public key - closes #1864.

  * Include webmin-logviewer module by default - closes #1866.

  * Upgraded base distribution to Debian 12.x/Bookworm.

  * Configuration console (confconsole):
    - Support for DNS-01 Let's Encrypt challenges.
      [ Oleh Dmytrychenko <dmytrychenko.oleh@gmail.com> github: @NitrogenUA ]
    - Support for getting Let's Encrypt cert via IPv6 - closes #1785.
    - Refactor network interface code to ensure that it works as expected and
      supports more possible network config (e.g. hotplug interfaces & wifi).
    - Show error message rather than stacktrace when window resized to
      incompatable resolution - closes  #1609.
      [ Stefan Davis <stefan@turnkeylinux.org> ]
    - Bugfix exception when quitting configuration of mail relay.
      [ Oleh Dmytrychenko <dmytrychenko.oleh@gmail.com> github: @NitrogenUA ]
    - Improve code quality: implement typing, fstrings and make (mostly) PEP8
      compliant.
      [Stefan Davis <stefan@turnkeylinux.org> & Jeremy Davis

  * Firstboot Initialization (inithooks):
    - Refactor start up (now hooks into getty process, rather than having it's
      own service).
      [ Stefan Davis <stefan@turnkeylinux.org> ]
    - Refactor firstboot.d/01ipconfig (and 09hostname) to ensure that hostname
      is included in dhcp info when set via inithooks.
    - Package turnkey-make-ssl-cert script (from common overlay - now packaged
      as turnkey-ssl). Refactor relevant scripts to leverage turnkey-ssl.
    - Refactor run script - use bashisms and general tidying.
    - Show blacklisted password characters more nicely.
    - Misc packaging changes/improvements.
    - Support returning output from MySQL - i.e. support 'SELECT'. (Only
      applies to apps that include MySQL/MariaDB).

  * Web management console (webmin):
    - Upgraded webmin to v2.0.21.
    - Removed stunnel reverse proxy (Webmin hosted directly now).
    - Ensure that Webmin uses HTTPS with default cert
      (/etc/ssl/private/cert.pem).
    - Disabled Webmin Let's Encrypt (for now).

  * Web shell (shellinabox):
    - Completely removed in v18.0 (Webmin now has a proper interactive shell).

  * Backup (tklbam):
    - Ported dependencies to Debian Bookworm; otherwise unchanged.

  * Security hardening & improvements:
    - Generate and use new TurnKey Bookworm keys.
    - Automate (and require) default pinning for packages from Debian
      backports. Also support non-free backports.

  * IPv6 support:
    - Adminer (only on LAMP based apps) listen on IPv6.
    - Nginx/NodeJS (NodeJS based apps only) listen on IPv6.

  * Misc bugfixes & feature implementations:
    - Remove rsyslog package (systemd journal now all that's needed).
    - Include zstd compression support.
    - Enable new non-free-firmware apt repo by default.
    - Improve turnkey-artisan so that it works reliably in cron jobs (only
      Laravel based LAMP apps).

  * Set mod_evasive log location - makes debugging easier.
    [ Jeremy Davis <jeremy@turnkeylinux.org> ]

  * Include and enable mod_evasive and mod_security2 by default in Apache.
    [ Stefan Davis <Stefan@turnkeylinux.org> ]

  * Use MariaDB (MySQL replacement) v10.11.3 (from debian repos).

 -- Jeremy Davis <jeremy@turnkeylinux.org>  Sun, 19 Nov 2023 22:28:32 +0000

turnkey-matomo-17.1 (1) turnkey; urgency=low

  * Updated all Debian packages to latest.
    [ autopatched by buildtasks ]

  * Patched bugfix release. Closes #1734.
    [ autopatched by buildtasks ]

 -- Jeremy Davis <jeremy@turnkeylinux.org>  Wed, 22 Feb 2023 21:40:51 +0000

turnkey-matomo-17.0 (1) turnkey; urgency=low

  * Install latest Matomo package from upstream repo - 4.13.3.

  * Note: Please refer to turnkey-core's 17.0 changelog for changes common to all
    appliances. Here we only describe changes specific to this appliance

 -- Jeremy Davis <jeremy@turnkeylinux.org>  Wed, 22 Feb 2023 18:43:02 +0000

turnkey-matomo-16.1 (1) turnkey; urgency=low

  * Install latest Matomo package from upstream repo - 3.14.1.

  * Note: Please refer to turnkey-core's 16.1 changelog for changes common to all
    appliances. Here we only describe changes specific to this appliance

 -- Stefan Davis <stefan@turnkeylinux>  Tue, 02 Mar 2021 08:43:43 +1100

turnkey-matomo-16.0 (1) turnkey; urgency=low

  * Install latest Matomo package from upstream repo - 3.13.3.

  * Explcitly disable TLS<1.2 (i.e. SSLv3, TLSv1, TLSv1.1). (v15.x
    TurnKey releases supported TLS 1.2, but could fallback as low as TLSv1).

  * Update SSL/TLS cyphers to provide "Intermediate" browser/client support
    (suitable for "General-purpose servers with a variety of clients,
    recommended for almost all systems"). As provided by Mozilla via
    https://ssl-config.mozilla.org/.

  * Updated all relevant Debian packages to Buster/10 versions; including
    PHP 7.3.

  * Updated version of mysqltuner script - now installed as per upstream
    recommendation.

  * Note: Please refer to turnkey-core's changelog for changes common to all
    appliances. Here we only describe changes specific to this appliance

 -- Stefan Davis <stefan@turnkeylinux>  Thu, 06 May 2020 16:45:09 +1000

turnkey-matomo-15.1 (1) turnkey; urgency=low

  * Install latest Matomo pacakge from upstream repo (3.6.1).

  * Rebuild to resolve inadvertent removal of mariadb during sec-updates
    - part of #1246.

 -- Jeremy Davis <jeremy@turnkeylinux.org>  Thu, 22 Nov 2018 11:21:05 +1100

turnkey-matomo-15.0 (1) turnkey; urgency=low

  * Updated Matomo to latest stable from matomo debian repo.

  * Piwik renamed Matomo

  * Install Adminer directly from stretch/main repo

  * Provide "adminer" root-like user for Adminer MySQL access

  * Replace MySQL with MariaDB (drop-in MySQL replacement)

  * Updated version of mysqltuner script

  * Includes PHP7.0 (installed from Debian repos)

  * Updated PHP default settings

  * Remove phpsh (no longer maintained)

  * Note: Please refer to turnkey-core's changelog for changes common to all
    appliances. Here we only describe changes specific to this appliance

 -- Stefan Davis <stefan@turnkeylinux.org>  Tue, 28 Aug 2018 10:29:28 +1000

turnkey-piwik-14.2 (1) turnkey; urgency=low

  * Piwik:
    - Latest upstream version of Piwik.

  * Updated Adminer to 4.2.5

  * Installed security updates.

  * Note: Please refer to turnkey-core's changelog for changes common to all
    appliances. Here we only describe changes specific to this appliance.

 -- Anton Pyrogovskyi <anton@turnkeylinux.org>  Sun, 26 Mar 2017 15:52:45 +0200

turnkey-piwik-14.1 (1) turnkey; urgency=low

  * Piwik:
    - Latest upstream version of Piwik.
    - Now using upstream .deb package.

  * Note: Please refer to turnkey-core's changelog for changes common to all
    appliances. Here we only describe changes specific to this appliance.

 -- Anton Pyrogovskyi <anton@turnkeylinux.org>  Thu, 31 Dec 2015 11:03:24 +0100

turnkey-piwik-14.0 (1) turnkey; urgency=low

  * Piwik:
    - Latest upstream version of Piwik.
    - Increased the PHP memory limit for Piwik to 512 MB.
    - Improved inithooks.

  * Replaced PHPMyAdmin with Adminer

  * Hardened default SSL settings

  * Note: Please refer to turnkey-core's changelog for changes common to all
    appliances. Here we only describe changes specific to this appliance.

 -- Anton Pyrogovskyi <q@dae.pp.ua>  Sat, 20 Jun 2015 23:30:03 +0300

turnkey-piwik-13.0 (1) turnkey; urgency=low

  * Piwik:

    - Latest upstream version of Piwik.
    - Improved inithooks editing Piwik configuration [#122].

  * PHPMyAdmin:

    - Configured to allow users preferences stored in database.
    - Specified blowfish_secret and regeneration on firstboot (security).

  * Replaced PHPMyAdmin with Adminer

  * Hardened default SSL settings

  * Note: Please refer to turnkey-core's changelog for changes common to all
    appliances. Here we only describe changes specific to this appliance.

 -- Alon Swartz <alon@turnkeylinux.org>  Fri, 11 Oct 2013 10:50:44 +0300

turnkey-piwik-12.1 (1) turnkey; urgency=low

  * Latest upstream source version of Piwik.

  * Added phpsh (interative shell for PHP) and php5-cli (generically useful).

  * Note: Please refer to turnkey-core's changelog for changes common to all
    appliances. Here we only describe changes specific to this appliance.

 -- Alon Swartz <alon@turnkeylinux.org>  Fri, 05 Apr 2013 08:00:00 +0200

turnkey-piwik-12.0 (1) turnkey; urgency=low

  * Initial public release of TurnKey Piwik.

  * Set Piwik admin password, email and domain on firstboot (convenience, 
    security).

  * Regenerates all secrets during installation / firstboot (security).

  * Includes hourly cronjob for auto-archiving Piwik reports, useful for
    medium to high traffic sites (not enabled by default.)

  * MySQL related:

    - Set MySQL root password on firstboot (convenience, security).
    - Force MySQL to use Unicode/UTF8.
    - Includes PhpMyAdmin (listening on port 12322 - uses SSL).

  * SSL support out of the box.

  * Includes php-xcache PHP opcode cacher / optimizer (performance).

  * Includes postfix MTA (bound to localhost) for sending of email (e.g.
    password recovery). Also includes webmin postfix module for convenience.

  * Major component versions

    piwik           1.8.2 (upstream archive)
    apache2         2.2.16-6+squeeze7
    mysql-server    5.1.63-0+squeeze1
    phpmyadmin      4:3.3.7-7

  * Note: Please refer to turnkey-core's changelog for changes common to all
    appliances. Here we only describe changes specific to this appliance.

 -- Alon Swartz <alon@turnkeylinux.org>  Wed, 01 Aug 2012 08:00:00 +0200

