{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":4340318,"defaultBranch":"master","name":"freeipa","ownerLogin":"freeipa","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2012-05-15T20:34:40.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/10979201?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1718016328.0","currentOid":""},"activityList":{"items":[{"before":"2670338710e23f54412642fb4cbd9e743e5da0e9","after":"16a8aa02e6c547ee986490eb091652e0a1f51bf2","ref":"refs/heads/ipa-4-9","pushedAt":"2024-06-12T20:45:47.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"Add iparepltopoconf objectclass to topology permissions\n\nThe domain and ca objects were unreadable which caused\nthe conneciton lines between nodes in the UI to not be\nvisible.\n\nAlso add a manual ACI to allow reading the min/max\ndomain level.\n\nFixes: https://pagure.io/freeipa/issue/9594\n\nSigned-off-by: Rob Crittenden <rcritten@redhat.com>\nReviewed-By: Michal Polovka <mpolovka@redhat.com>","shortMessageHtmlLink":"Add iparepltopoconf objectclass to topology permissions"}},{"before":"b27ba6aaa9c25bdb5ca194b574f57541628c2d9e","after":"bbe5e18166f06cc2c9d89522221d0cd7562330b4","ref":"refs/heads/ipa-4-10","pushedAt":"2024-06-12T20:45:12.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"Add iparepltopoconf objectclass to topology permissions\n\nThe domain and ca objects were unreadable which caused\nthe conneciton lines between nodes in the UI to not be\nvisible.\n\nAlso add a manual ACI to allow reading the min/max\ndomain level.\n\nFixes: https://pagure.io/freeipa/issue/9594\n\nSigned-off-by: Rob Crittenden <rcritten@redhat.com>\nReviewed-By: Michal Polovka <mpolovka@redhat.com>","shortMessageHtmlLink":"Add iparepltopoconf objectclass to topology permissions"}},{"before":"02f175471d9bef97b7b7e68694ab8913cd5e0a2a","after":"15dde65451e26470fe928540a4e1e31546f55f49","ref":"refs/heads/ipa-4-11","pushedAt":"2024-06-12T20:44:35.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"Add iparepltopoconf objectclass to topology permissions\n\nThe domain and ca objects were unreadable which caused\nthe conneciton lines between nodes in the UI to not be\nvisible.\n\nAlso add a manual ACI to allow reading the min/max\ndomain level.\n\nFixes: https://pagure.io/freeipa/issue/9594\n\nSigned-off-by: Rob Crittenden <rcritten@redhat.com>\nReviewed-By: Michal Polovka <mpolovka@redhat.com>","shortMessageHtmlLink":"Add iparepltopoconf objectclass to topology permissions"}},{"before":"584d0cecbcb99a09b09d5698fc906b4849a7234c","after":"ebccaac3cf8a5688739d76426924469d5b4df6b1","ref":"refs/heads/ipa-4-12","pushedAt":"2024-06-12T20:43:54.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"Add iparepltopoconf objectclass to topology permissions\n\nThe domain and ca objects were unreadable which caused\nthe conneciton lines between nodes in the UI to not be\nvisible.\n\nAlso add a manual ACI to allow reading the min/max\ndomain level.\n\nFixes: https://pagure.io/freeipa/issue/9594\n\nSigned-off-by: Rob Crittenden <rcritten@redhat.com>\nReviewed-By: Michal Polovka <mpolovka@redhat.com>","shortMessageHtmlLink":"Add iparepltopoconf objectclass to topology permissions"}},{"before":"dfd4492efd47d45bcac4ee1d32d21cae91142df8","after":"6b26a4ebd4c9d935fa283d85ff177249d530e703","ref":"refs/heads/master","pushedAt":"2024-06-12T15:09:26.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"Add iparepltopoconf objectclass to topology permissions\n\nThe domain and ca objects were unreadable which caused\nthe conneciton lines between nodes in the UI to not be\nvisible.\n\nAlso add a manual ACI to allow reading the min/max\ndomain level.\n\nFixes: https://pagure.io/freeipa/issue/9594\n\nSigned-off-by: Rob Crittenden <rcritten@redhat.com>\nReviewed-By: Michal Polovka <mpolovka@redhat.com>","shortMessageHtmlLink":"Add iparepltopoconf objectclass to topology permissions"}},{"before":"5b3735b09df0bc44ebaa59c5d8d1f3893b8dc33f","after":"584d0cecbcb99a09b09d5698fc906b4849a7234c","ref":"refs/heads/ipa-4-12","pushedAt":"2024-06-10T18:59:45.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"Use a unique task name for each backend in ipa-backup\n\nThe name used to be \"export_%Y_%m_%d_%H_%M_%S\" so if the tasks\nwere added within the same second the second backend would fail.\n\nAdd the backend name to the task name to ensure uniqueness.\nexport_{backend}_%Y_%m_%d_%H_%M_%S\n\nFixes: https://pagure.io/freeipa/issue/9584\n\nSigned-off-by: Rob Crittenden <rcritten@redhat.com>\nReviewed-By: Mark Reynolds <mreynolds@redhat.com>","shortMessageHtmlLink":"Use a unique task name for each backend in ipa-backup"}},{"before":"a84db9a254f8955151e84bc0c8c438f0e06c9e27","after":"34b6754b0232a8f261d5c196afd63fa523e42333","ref":"refs/heads/ipa-4-6","pushedAt":"2024-06-10T10:54:03.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"kdb: apply combinatorial logic for ticket flags\n\nThe initial design for ticket flags was implementing this logic:\n* If a ticket policy is defined for the principal entry, use flags from\n  this policy if they are set. Otherwise, use default ticket flags.\n* If no ticket policy is defined for the principal entry, but there is a\n  global one, use flags from the global ticket policy if they are set.\n  Otherwise, use default ticket flags.\n* If no policy (principal nor global) is defined, use default ticket\n  flags.\n\nHowever, this logic was broken by a1165ffb which introduced creation of\na principal-level ticket policy in case the ticket flag set is modified.\nThis was typically the case for the -allow_tix flag, which was set\nvirtually by the KDB driver when a user was locked until they initialize\ntheir password on first kinit pre-authentication.\n\nThis was causing multiple issues, which are mitigated by the new\napproach:\n\nNow flags from each level are combined together. There flags like\n+requires_preauth which are set systematically by the KDB diver, as\nwell as -allow_tix which is set based on the value of \"nsAccountLock\".\nThis commit also adds the implicit -allow_svr ticket flag for user\nprincipals to protect users against Kerberoast-type attacks. None of\nthese flags are stored in the LDAP database, they are hard-coded in the\nKDB driver.\n\nIn addition to these \"virtual\" ticket flags, flags from both global and\nprincipal ticket policies are applied (if these policies exist).\n\nPrincipal ticket policies are not supported for hosts and services, but\nthis is only an HTTP API limitation. The \"krbTicketPolicyAux\" object\nclass is supported for all account types. This is required for ticket\nflags like +ok_to_auth_as_delegate. Such flags can be set using \"ipa\nhost-mod\" and \"ipa serivce-mod\", or using kadmin's \"modprinc\".\n\nIt is possible to ignore flags from the global ticket policy or default\nflags like -allow_svr for a user principal by setting the\n\"final_user_tkt_flags\" string attribute to \"true\" in kadmin. In this\ncase, any ticket flag can be configured in the principal ticket policy,\nexcept requires_preauth and allow_tix.\n\nWhen in IPA setup mode (using the \"ipa-setup-override-restrictions\" KDB\nargument), all the system described above is disabled and ticket flags\nare written in the principal ticket policy as they are provided. This is\nrequired to initialize the Kerberos LDAP container during IPA server\ninstallation.\n\nThis fixes CVE-2024-3183\n\nSigned-off-by: Julien Rische <jrische@redhat.com>","shortMessageHtmlLink":"kdb: apply combinatorial logic for ticket flags"}},{"before":"f6345f3df167ba4a94cf5dbd456691113070e6bc","after":"bee088ec90e3e406580bc539e798b4ee7d3d8398","ref":"refs/heads/ipa-4-8","pushedAt":"2024-06-10T10:53:30.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"kdb: apply combinatorial logic for ticket flags\n\nThe initial design for ticket flags was implementing this logic:\n* If a ticket policy is defined for the principal entry, use flags from\n  this policy if they are set. Otherwise, use default ticket flags.\n* If no ticket policy is defined for the principal entry, but there is a\n  global one, use flags from the global ticket policy if they are set.\n  Otherwise, use default ticket flags.\n* If no policy (principal nor global) is defined, use default ticket\n  flags.\n\nHowever, this logic was broken by a1165ffb which introduced creation of\na principal-level ticket policy in case the ticket flag set is modified.\nThis was typically the case for the -allow_tix flag, which was set\nvirtually by the KDB driver when a user was locked until they initialize\ntheir password on first kinit pre-authentication.\n\nThis was causing multiple issues, which are mitigated by the new\napproach:\n\nNow flags from each level are combined together. There flags like\n+requires_preauth which are set systematically by the KDB diver, as\nwell as -allow_tix which is set based on the value of \"nsAccountLock\".\nThis commit also adds the implicit -allow_svr ticket flag for user\nprincipals to protect users against Kerberoast-type attacks. None of\nthese flags are stored in the LDAP database, they are hard-coded in the\nKDB driver.\n\nIn addition to these \"virtual\" ticket flags, flags from both global and\nprincipal ticket policies are applied (if these policies exist).\n\nPrincipal ticket policies are not supported for hosts and services, but\nthis is only an HTTP API limitation. The \"krbTicketPolicyAux\" object\nclass is supported for all account types. This is required for ticket\nflags like +ok_to_auth_as_delegate. Such flags can be set using \"ipa\nhost-mod\" and \"ipa serivce-mod\", or using kadmin's \"modprinc\".\n\nIt is possible to ignore flags from the global ticket policy or default\nflags like -allow_svr for a user principal by setting the\n\"final_user_tkt_flags\" string attribute to \"true\" in kadmin. In this\ncase, any ticket flag can be configured in the principal ticket policy,\nexcept requires_preauth and allow_tix.\n\nWhen in IPA setup mode (using the \"ipa-setup-override-restrictions\" KDB\nargument), all the system described above is disabled and ticket flags\nare written in the principal ticket policy as they are provided. This is\nrequired to initialize the Kerberos LDAP container during IPA server\ninstallation.\n\nThis fixes CVE-2024-3183\n\nSigned-off-by: Julien Rische <jrische@redhat.com>","shortMessageHtmlLink":"kdb: apply combinatorial logic for ticket flags"}},{"before":"89f69678e5b8b83323df9d62e02d0da137fcc93d","after":"2670338710e23f54412642fb4cbd9e743e5da0e9","ref":"refs/heads/ipa-4-9","pushedAt":"2024-06-10T10:52:55.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"kdb: apply combinatorial logic for ticket flags\n\nThe initial design for ticket flags was implementing this logic:\n* If a ticket policy is defined for the principal entry, use flags from\n  this policy if they are set. Otherwise, use default ticket flags.\n* If no ticket policy is defined for the principal entry, but there is a\n  global one, use flags from the global ticket policy if they are set.\n  Otherwise, use default ticket flags.\n* If no policy (principal nor global) is defined, use default ticket\n  flags.\n\nHowever, this logic was broken by a1165ffb which introduced creation of\na principal-level ticket policy in case the ticket flag set is modified.\nThis was typically the case for the -allow_tix flag, which was set\nvirtually by the KDB driver when a user was locked until they initialize\ntheir password on first kinit pre-authentication.\n\nThis was causing multiple issues, which are mitigated by the new\napproach:\n\nNow flags from each level are combined together. There flags like\n+requires_preauth which are set systematically by the KDB diver, as\nwell as -allow_tix which is set based on the value of \"nsAccountLock\".\nThis commit also adds the implicit -allow_svr ticket flag for user\nprincipals to protect users against Kerberoast-type attacks. None of\nthese flags are stored in the LDAP database, they are hard-coded in the\nKDB driver.\n\nIn addition to these \"virtual\" ticket flags, flags from both global and\nprincipal ticket policies are applied (if these policies exist).\n\nPrincipal ticket policies are not supported for hosts and services, but\nthis is only an HTTP API limitation. The \"krbTicketPolicyAux\" object\nclass is supported for all account types. This is required for ticket\nflags like +ok_to_auth_as_delegate. Such flags can be set using \"ipa\nhost-mod\" and \"ipa serivce-mod\", or using kadmin's \"modprinc\".\n\nIt is possible to ignore flags from the global ticket policy or default\nflags like -allow_svr for a user principal by setting the\n\"final_user_tkt_flags\" string attribute to \"true\" in kadmin. In this\ncase, any ticket flag can be configured in the principal ticket policy,\nexcept requires_preauth and allow_tix.\n\nWhen in IPA setup mode (using the \"ipa-setup-override-restrictions\" KDB\nargument), all the system described above is disabled and ticket flags\nare written in the principal ticket policy as they are provided. This is\nrequired to initialize the Kerberos LDAP container during IPA server\ninstallation.\n\nThis fixes CVE-2024-3183\n\nSigned-off-by: Julien Rische <jrische@redhat.com>","shortMessageHtmlLink":"kdb: apply combinatorial logic for ticket flags"}},{"before":"65bea69358b07fdd54d4f890a3752548200dd5bd","after":"dfd4492efd47d45bcac4ee1d32d21cae91142df8","ref":"refs/heads/master","pushedAt":"2024-06-10T10:51:33.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"kdb: apply combinatorial logic for ticket flags\n\nThe initial design for ticket flags was implementing this logic:\n* If a ticket policy is defined for the principal entry, use flags from\n  this policy if they are set. Otherwise, use default ticket flags.\n* If no ticket policy is defined for the principal entry, but there is a\n  global one, use flags from the global ticket policy if they are set.\n  Otherwise, use default ticket flags.\n* If no policy (principal nor global) is defined, use default ticket\n  flags.\n\nHowever, this logic was broken by a1165ffb which introduced creation of\na principal-level ticket policy in case the ticket flag set is modified.\nThis was typically the case for the -allow_tix flag, which was set\nvirtually by the KDB driver when a user was locked until they initialize\ntheir password on first kinit pre-authentication.\n\nThis was causing multiple issues, which are mitigated by the new\napproach:\n\nNow flags from each level are combined together. There flags like\n+requires_preauth which are set systematically by the KDB diver, as\nwell as -allow_tix which is set based on the value of \"nsAccountLock\".\nThis commit also adds the implicit -allow_svr ticket flag for user\nprincipals to protect users against Kerberoast-type attacks. None of\nthese flags are stored in the LDAP database, they are hard-coded in the\nKDB driver.\n\nIn addition to these \"virtual\" ticket flags, flags from both global and\nprincipal ticket policies are applied (if these policies exist).\n\nPrincipal ticket policies are not supported for hosts and services, but\nthis is only an HTTP API limitation. The \"krbTicketPolicyAux\" object\nclass is supported for all account types. This is required for ticket\nflags like +ok_to_auth_as_delegate. Such flags can be set using \"ipa\nhost-mod\" and \"ipa serivce-mod\", or using kadmin's \"modprinc\".\n\nIt is possible to ignore flags from the global ticket policy or default\nflags like -allow_svr for a user principal by setting the\n\"final_user_tkt_flags\" string attribute to \"true\" in kadmin. In this\ncase, any ticket flag can be configured in the principal ticket policy,\nexcept requires_preauth and allow_tix.\n\nWhen in IPA setup mode (using the \"ipa-setup-override-restrictions\" KDB\nargument), all the system described above is disabled and ticket flags\nare written in the principal ticket policy as they are provided. This is\nrequired to initialize the Kerberos LDAP container during IPA server\ninstallation.\n\nThis fixes CVE-2024-3183\n\nSigned-off-by: Julien Rische <jrische@redhat.com>","shortMessageHtmlLink":"kdb: apply combinatorial logic for ticket flags"}},{"before":"e6750bfb3bf705aacbedaefc73d30f3ccd6cfe5e","after":"02f175471d9bef97b7b7e68694ab8913cd5e0a2a","ref":"refs/heads/ipa-4-11","pushedAt":"2024-06-10T10:50:41.000Z","pushType":"push","commitsCount":3,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"Bump minor version number\n\nSigned-off-by: Antonio Torres <antorres@redhat.com>","shortMessageHtmlLink":"Bump minor version number"}},{"before":"ea375937861375f9052c17fe1ded2cdd2caad288","after":"5b3735b09df0bc44ebaa59c5d8d1f3893b8dc33f","ref":"refs/heads/ipa-4-12","pushedAt":"2024-06-10T10:47:09.000Z","pushType":"push","commitsCount":3,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"Bump minor version number\n\nSigned-off-by: Antonio Torres <antorres@redhat.com>","shortMessageHtmlLink":"Bump minor version number"}},{"before":null,"after":"1664042ffa0d299c123cdb4572a16ea907c5e7f9","ref":"refs/heads/ipa-4-12-CVE-2024-2698-and-CVE-2024-3183","pushedAt":"2024-06-10T10:45:28.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"Become IPA 4.12.1","shortMessageHtmlLink":"Become IPA 4.12.1"}},{"before":null,"after":"66fd76a9f36213cb4e2bb41bf44653f15af26d6c","ref":"refs/heads/ipa-4-11-CVE-2024-2698-and-CVE-2024-3183","pushedAt":"2024-06-10T10:45:01.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"Become IPA 4.11.2","shortMessageHtmlLink":"Become IPA 4.11.2"}},{"before":"3f3ac4f148650ad27d65e2648e3b89eb756e6b6c","after":"65bea69358b07fdd54d4f890a3752548200dd5bd","ref":"refs/heads/master","pushedAt":"2024-06-06T19:10:38.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"Use a unique task name for each backend in ipa-backup\n\nThe name used to be \"export_%Y_%m_%d_%H_%M_%S\" so if the tasks\nwere added within the same second the second backend would fail.\n\nAdd the backend name to the task name to ensure uniqueness.\nexport_{backend}_%Y_%m_%d_%H_%M_%S\n\nFixes: https://pagure.io/freeipa/issue/9584\n\nSigned-off-by: Rob Crittenden <rcritten@redhat.com>\nReviewed-By: Mark Reynolds <mreynolds@redhat.com>","shortMessageHtmlLink":"Use a unique task name for each backend in ipa-backup"}},{"before":"6bfdd2e794225f954559a5ee29c6c46b13d97c34","after":"89f69678e5b8b83323df9d62e02d0da137fcc93d","ref":"refs/heads/ipa-4-9","pushedAt":"2024-05-28T15:08:53.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"ipa-replica-manage list-ruvs: display FQDN in the output\n\nThe behavior of ipa-replica-manage list-ruv was modified with\nthe commit 544652a and now displays host short names instead\nof FQDN:port.\nFix the regular expression in order to return the FQDN:port again.\n\nFixes: https://pagure.io/freeipa/issue/9598\n\nSigned-off-by: Florence Blanc-Renaud <flo@redhat.com>\nReviewed-By: Alexander Bokovoy <abbra@users.noreply.github.com>","shortMessageHtmlLink":"ipa-replica-manage list-ruvs: display FQDN in the output"}},{"before":"a479144332b70640de108c8db791909016d470fc","after":"b27ba6aaa9c25bdb5ca194b574f57541628c2d9e","ref":"refs/heads/ipa-4-10","pushedAt":"2024-05-28T15:07:53.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"ipa-replica-manage list-ruvs: display FQDN in the output\n\nThe behavior of ipa-replica-manage list-ruv was modified with\nthe commit 544652a and now displays host short names instead\nof FQDN:port.\nFix the regular expression in order to return the FQDN:port again.\n\nFixes: https://pagure.io/freeipa/issue/9598\n\nSigned-off-by: Florence Blanc-Renaud <flo@redhat.com>\nReviewed-By: Alexander Bokovoy <abbra@users.noreply.github.com>","shortMessageHtmlLink":"ipa-replica-manage list-ruvs: display FQDN in the output"}},{"before":"85a2cb779f1599a1d9a4ae02e3306bba9b81fbcd","after":"e6750bfb3bf705aacbedaefc73d30f3ccd6cfe5e","ref":"refs/heads/ipa-4-11","pushedAt":"2024-05-28T15:06:46.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"ipa-replica-manage list-ruvs: display FQDN in the output\n\nThe behavior of ipa-replica-manage list-ruv was modified with\nthe commit 544652a and now displays host short names instead\nof FQDN:port.\nFix the regular expression in order to return the FQDN:port again.\n\nFixes: https://pagure.io/freeipa/issue/9598\n\nSigned-off-by: Florence Blanc-Renaud <flo@redhat.com>\nReviewed-By: Alexander Bokovoy <abbra@users.noreply.github.com>","shortMessageHtmlLink":"ipa-replica-manage list-ruvs: display FQDN in the output"}},{"before":"407408e9a83d2ba09cf4229672cb1cac61f30876","after":"ea375937861375f9052c17fe1ded2cdd2caad288","ref":"refs/heads/ipa-4-12","pushedAt":"2024-05-28T14:27:13.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"Back to git snapshots\n\nSigned-off-by: Antonio Torres <antorres@redhat.com>","shortMessageHtmlLink":"Back to git snapshots"}},{"before":"c250b1a7e45fd17317bd7b505368149e76091855","after":"407408e9a83d2ba09cf4229672cb1cac61f30876","ref":"refs/heads/ipa-4-12","pushedAt":"2024-05-28T14:21:04.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"Become IPA 4.12.0","shortMessageHtmlLink":"Become IPA 4.12.0"}},{"before":"c250b1a7e45fd17317bd7b505368149e76091855","after":"3f3ac4f148650ad27d65e2648e3b89eb756e6b6c","ref":"refs/heads/master","pushedAt":"2024-05-28T14:19:08.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"Bump to IPA 4.13\n\nSigned-off-by: Antonio Torres <antorres@redhat.com>","shortMessageHtmlLink":"Bump to IPA 4.13"}},{"before":null,"after":"c250b1a7e45fd17317bd7b505368149e76091855","ref":"refs/heads/ipa-4-12","pushedAt":"2024-05-28T14:17:47.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"Update list of contributors\n\nSigned-off-by: Antonio Torres <antorres@redhat.com>","shortMessageHtmlLink":"Update list of contributors"}},{"before":"b3789876b89ef663d91f7da2618dd9ce47add394","after":"c250b1a7e45fd17317bd7b505368149e76091855","ref":"refs/heads/master","pushedAt":"2024-05-28T14:13:51.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"Update list of contributors\n\nSigned-off-by: Antonio Torres <antorres@redhat.com>","shortMessageHtmlLink":"Update list of contributors"}},{"before":"69c6a817ce84a9c2bd111158bec4b10850dba544","after":"b3789876b89ef663d91f7da2618dd9ce47add394","ref":"refs/heads/master","pushedAt":"2024-05-28T14:12:40.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"Update translations to FreeIPA master state\n\nSigned-off-by: Antonio Torres <antorres@redhat.com>","shortMessageHtmlLink":"Update translations to FreeIPA master state"}},{"before":"ea93ef9a087ce0a504382e3689e5ee9f1809c082","after":"6bfdd2e794225f954559a5ee29c6c46b13d97c34","ref":"refs/heads/ipa-4-9","pushedAt":"2024-05-28T13:05:28.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"console: for public errors only print a final one\n\nBy default, interactive console prints full traceback in case of an\nerror. This looks weird in the console when LDAP errors pop up.\nInstead, process PublicError exceptions as if they are final ones and\nonly print their message.\n\nAs a result, calls like api.Command.user_show('unknown') would\nresult in a concise message:\n\n  >>> api.Command.user_show('unknown')\n  IPA public error exception: NotFound: unknown: user not found\n  >>>\n\nrather than a two-screen long traceback.\n\nFixes: https://pagure.io/freeipa/issue/9590\n\nSigned-off-by: Alexander Bokovoy <abokovoy@redhat.com>\nReviewed-By: Rob Crittenden <rcritten@redhat.com>","shortMessageHtmlLink":"console: for public errors only print a final one"}},{"before":"5f5c6542882752daf253b2aa2630c5a2a56fd6e9","after":"a479144332b70640de108c8db791909016d470fc","ref":"refs/heads/ipa-4-10","pushedAt":"2024-05-28T13:03:57.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"console: for public errors only print a final one\n\nBy default, interactive console prints full traceback in case of an\nerror. This looks weird in the console when LDAP errors pop up.\nInstead, process PublicError exceptions as if they are final ones and\nonly print their message.\n\nAs a result, calls like api.Command.user_show('unknown') would\nresult in a concise message:\n\n  >>> api.Command.user_show('unknown')\n  IPA public error exception: NotFound: unknown: user not found\n  >>>\n\nrather than a two-screen long traceback.\n\nFixes: https://pagure.io/freeipa/issue/9590\n\nSigned-off-by: Alexander Bokovoy <abokovoy@redhat.com>\nReviewed-By: Rob Crittenden <rcritten@redhat.com>","shortMessageHtmlLink":"console: for public errors only print a final one"}},{"before":"2e75f569903a8b029ab468657f70e4802002f844","after":"85a2cb779f1599a1d9a4ae02e3306bba9b81fbcd","ref":"refs/heads/ipa-4-11","pushedAt":"2024-05-28T12:59:48.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"console: for public errors only print a final one\n\nBy default, interactive console prints full traceback in case of an\nerror. This looks weird in the console when LDAP errors pop up.\nInstead, process PublicError exceptions as if they are final ones and\nonly print their message.\n\nAs a result, calls like api.Command.user_show('unknown') would\nresult in a concise message:\n\n  >>> api.Command.user_show('unknown')\n  IPA public error exception: NotFound: unknown: user not found\n  >>>\n\nrather than a two-screen long traceback.\n\nFixes: https://pagure.io/freeipa/issue/9590\n\nSigned-off-by: Alexander Bokovoy <abokovoy@redhat.com>\nReviewed-By: Rob Crittenden <rcritten@redhat.com>","shortMessageHtmlLink":"console: for public errors only print a final one"}},{"before":"1223016ef29aef4009a0d976af0d0b2bca871013","after":"69c6a817ce84a9c2bd111158bec4b10850dba544","ref":"refs/heads/master","pushedAt":"2024-05-28T12:40:07.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"ipa-replica-manage list-ruvs: display FQDN in the output\n\nThe behavior of ipa-replica-manage list-ruv was modified with\nthe commit 544652a and now displays host short names instead\nof FQDN:port.\nFix the regular expression in order to return the FQDN:port again.\n\nFixes: https://pagure.io/freeipa/issue/9598\n\nSigned-off-by: Florence Blanc-Renaud <flo@redhat.com>\nReviewed-By: Alexander Bokovoy <abbra@users.noreply.github.com>","shortMessageHtmlLink":"ipa-replica-manage list-ruvs: display FQDN in the output"}},{"before":"536812080502baa51818d9a33ea6533675800b30","after":"1223016ef29aef4009a0d976af0d0b2bca871013","ref":"refs/heads/master","pushedAt":"2024-05-28T09:14:57.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"console: for public errors only print a final one\n\nBy default, interactive console prints full traceback in case of an\nerror. This looks weird in the console when LDAP errors pop up.\nInstead, process PublicError exceptions as if they are final ones and\nonly print their message.\n\nAs a result, calls like api.Command.user_show('unknown') would\nresult in a concise message:\n\n  >>> api.Command.user_show('unknown')\n  IPA public error exception: NotFound: unknown: user not found\n  >>>\n\nrather than a two-screen long traceback.\n\nFixes: https://pagure.io/freeipa/issue/9590\n\nSigned-off-by: Alexander Bokovoy <abokovoy@redhat.com>\nReviewed-By: Rob Crittenden <rcritten@redhat.com>","shortMessageHtmlLink":"console: for public errors only print a final one"}},{"before":"84eed2a67fb515f4d5d0af3479c077bf5b788d56","after":"536812080502baa51818d9a33ea6533675800b30","ref":"refs/heads/master","pushedAt":"2024-05-23T19:12:50.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"custodia: do not use deprecated jwcrypto wrappers\n\njwcrypto has turned JWK object into a dict-like structure in 2020 and\nmarked data wrappers as deprecated. The only exception for direct\nfoo['bar'] access is a key ID -- some keys might have no 'kid' property,\nthus it is best to use jwk.get('kid') instead for those.\n\nFixes: https://pagure.io/freeipa/issue/9597\n\nSigned-off-by: Alexander Bokovoy <abokovoy@redhat.com>\nReviewed-By: Rob Crittenden <rcritten@redhat.com>","shortMessageHtmlLink":"custodia: do not use deprecated jwcrypto wrappers"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEY70ViQA","startCursor":null,"endCursor":null}},"title":"Activity · freeipa/freeipa"}