Fixed PIN authentication bypass #50
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
5 tasks
Due to some previous card operation the key may be unlocked (and ready to sign) even though the PIN was not verified in some new session object. This change enforces the PIN verification independant from the PIN's vefification status.
Before this change, a PIN verification may be bypassed, for example, in the following use case:
sudo sc_auth pair -h 7B9E7F52F0309C57CF4C252A5D30B917880DE46F -u username
sudo sc_auth unpair -h 7B9E7F52F0309C57CF4C252A5D30B917880DE46F -u username
sudo sc_auth pair -h 7B9E7F52F0309C57CF4C252A5D30B917880DE46F -u username
In the above workflow, the PIN is only requested in the first pairing, but not in the second call. Even more severe, passing an empty PIN to the Login screen would unlock the screen, since this only checks the PIN verification status ("verified in a previous session") and then uses the unlocked key to sign the login challenge.
With this change, OpenSC now enforces a logout of the PIN if the session is deleted. Some cards, however, are not capable of explicitly logging out, so we additionally keep track of the authentication state to enforce the PIN verification in software even though the key would technically be already unlocked.
this is now covered by the core library OpenSC/OpenSC@868f76f
kraj
pushed a commit
to YoeDistro/meta-openembedded
that referenced
this pull request
Jan 6, 2024
* All patches dropped because fixed in the new version. 0001-pkcs11-tool-Fix-private-key-import.patch -> https://github.com/OpenSC/OpenSC/blob/0.24.0/src/tools/pkcs11-tool.c#L3710 0002-pkcs11-tool-Log-more-information-on-OpenSSL-errors.patch -> https://github.com/OpenSC/OpenSC/blob/0.24.0/src/tools/pkcs11-tool.c#L3686 CVE-2023-2977.patch -> OpenSC/OpenSC@81944d1 * Fix -> ERROR: opensc-0.24.0-r0 do_package_qa: QA Issue: non -dev/-dbg/nativesdk- package opensc contains symlink .so '/usr/lib/onepin-opensc-pkcs11.so' [dev-so] Changelog: * CVE-2023-40660: Fix Potential PIN bypass (#2806, frankmorgner/OpenSCToken#50, #2807) * CVE-2023-40661: Important dynamic analyzers reports * CVE-2023-4535: Out-of-bounds read in MyEID driver handling encryption using symmetric keys (f1993dc4) * Fix compatibility of EAC with OpenSSL 3.0 (#2674) * Enable `use_file_cache` by default (#2501) * Use custom libctx with OpenSSL >= 3.0 (#2712, #2715) * Fix record-based files (#2604) * Fix several race conditions (#2735) * Run tests under Valgrind (#2756) * Test signing of data bigger than 512 bytes (#2789) * Update to OpenPACE 1.1.3 (#2796) * Implement logout for some of the card drivers (#2807) * Fix wrong popup position of opensc-notify (#2901) * Fixed various issues reported by OSS-Fuzz and Coverity regarding card drivers, PKCS#11 and PKCS#15 init * Check card presence state in `C_GetSessionInfo` (#2740) * Remove `onepin-opensc-pkcs11` module (#2681) * Do not use colons in the token info label (#2760) * Present profile objects in all slots with the CKA_TOKEN attribute to resolve issues with NSS (#2928, #2924) * Use secure memory for PUK (#2906) * Don't logout to preserve concurrent access from different processes (#2907) * Add more examples to manual page (#2936) * Present profile objects in all virtual slots (#2928) * Provide CKA_TOKEN attribute for profile objects (#2924) * Improve --slot parameter documentation (#2951) * Honor cache offsets when writing file cache (#2858) * Prevent needless amount of PIN prompts from pkcs15init layer (#2916) * Propagate CKA_EXTRACTABLE and SC_PKCS15_PRKEY_ACCESS_SENSITIVE from and back to PKCS#11 (#2936) * Fix for private keys that do not need a PIN (#2722) * Unbreak decipher when the first null byte of PKCS#1.5 padding is missing (#2939) * Fix RSA key import with OpenSSL 3.0 (#2656) * Add support for attribute filtering when listing objects (#2687) * Add support for `--private` flag when writing certificates (#2768) * Add support for non-AEAD ciphers to the test mode (#2780) * Show CKA_SIGN attribute for secret keys (#2862) * Do not attempt to read CKA_ALWAYS_AUTHENTICATE on secret keys (#2864, #2913) * Show Sign/VerifyRecover attributes (#2888) * Add option to import generic keys (#2955) * Generate 2k RSA keys by default (b53fc5cd) * Disable autostart on Linux by default (#2680) * Add support for IDPrime MD 830, 930 and 940 (#2666) * Add support for SafeNet eToken 5110 token (#2812) * Process index even without keyrefmap and use correct label for second PIN (#2878) * Add support for Gemalto IDPrime 940C (#2941) * Change of PIN requires verification of the PIN (#2759) * Fix incorrect CMAC computation for subkeys (#2759, issue #2734) * Use true random number for mutual authentication for SM (#2766) * Add verification of data coming from the token in the secure messaging mode (#2772) * Avoid success when using unsupported digest and fix data length for RAW ECDSA signatures (#2845) * Fix select data command (#2753, issue #2752) * Unbreak ed/curve25519 support (#2892) * Add support for Slovenian eID card (eOI) (#2646) * Add support for IDEMIA (Oberthur) tokens (#2483) * Add support for Swissbit iShield FIDO2 Authenticator (#2671) * Implement PIV secure messaging (#2053) * Add support for Slovak eID cards (#2672) * Support ECDSA with off-card hashing (#2642) * Fix WRAP operation when using T0 (#2695) * Identify changes on the card and enable `use_file_cache` (#2798) * Workaround for unwrapping using 2K RSA key (#2921) * Add support for `opensc-tool --serial` (#2675) * Fix unwrapping of 4096 keys with handling reader limits (#2682) * Indicate supported hashes and MGF1s (#2827) Signed-off-by: alperak <[email protected]> Signed-off-by: Khem Raj <[email protected]>
kraj
pushed a commit
to YoeDistro/meta-openembedded
that referenced
this pull request
Jan 8, 2024
* All patches dropped because fixed in the new version. 0001-pkcs11-tool-Fix-private-key-import.patch -> https://github.com/OpenSC/OpenSC/blob/0.24.0/src/tools/pkcs11-tool.c#L3710 0002-pkcs11-tool-Log-more-information-on-OpenSSL-errors.patch -> https://github.com/OpenSC/OpenSC/blob/0.24.0/src/tools/pkcs11-tool.c#L3686 CVE-2023-2977.patch -> OpenSC/OpenSC@81944d1 * Fix -> ERROR: opensc-0.24.0-r0 do_package_qa: QA Issue: non -dev/-dbg/nativesdk- package opensc contains symlink .so '/usr/lib/onepin-opensc-pkcs11.so' [dev-so] Changelog: * CVE-2023-40660: Fix Potential PIN bypass (#2806, frankmorgner/OpenSCToken#50, #2807) * CVE-2023-40661: Important dynamic analyzers reports * CVE-2023-4535: Out-of-bounds read in MyEID driver handling encryption using symmetric keys (f1993dc4) * Fix compatibility of EAC with OpenSSL 3.0 (#2674) * Enable `use_file_cache` by default (#2501) * Use custom libctx with OpenSSL >= 3.0 (#2712, #2715) * Fix record-based files (#2604) * Fix several race conditions (#2735) * Run tests under Valgrind (#2756) * Test signing of data bigger than 512 bytes (#2789) * Update to OpenPACE 1.1.3 (#2796) * Implement logout for some of the card drivers (#2807) * Fix wrong popup position of opensc-notify (#2901) * Fixed various issues reported by OSS-Fuzz and Coverity regarding card drivers, PKCS#11 and PKCS#15 init * Check card presence state in `C_GetSessionInfo` (#2740) * Remove `onepin-opensc-pkcs11` module (#2681) * Do not use colons in the token info label (#2760) * Present profile objects in all slots with the CKA_TOKEN attribute to resolve issues with NSS (#2928, #2924) * Use secure memory for PUK (#2906) * Don't logout to preserve concurrent access from different processes (#2907) * Add more examples to manual page (#2936) * Present profile objects in all virtual slots (#2928) * Provide CKA_TOKEN attribute for profile objects (#2924) * Improve --slot parameter documentation (#2951) * Honor cache offsets when writing file cache (#2858) * Prevent needless amount of PIN prompts from pkcs15init layer (#2916) * Propagate CKA_EXTRACTABLE and SC_PKCS15_PRKEY_ACCESS_SENSITIVE from and back to PKCS#11 (#2936) * Fix for private keys that do not need a PIN (#2722) * Unbreak decipher when the first null byte of PKCS#1.5 padding is missing (#2939) * Fix RSA key import with OpenSSL 3.0 (#2656) * Add support for attribute filtering when listing objects (#2687) * Add support for `--private` flag when writing certificates (#2768) * Add support for non-AEAD ciphers to the test mode (#2780) * Show CKA_SIGN attribute for secret keys (#2862) * Do not attempt to read CKA_ALWAYS_AUTHENTICATE on secret keys (#2864, #2913) * Show Sign/VerifyRecover attributes (#2888) * Add option to import generic keys (#2955) * Generate 2k RSA keys by default (b53fc5cd) * Disable autostart on Linux by default (#2680) * Add support for IDPrime MD 830, 930 and 940 (#2666) * Add support for SafeNet eToken 5110 token (#2812) * Process index even without keyrefmap and use correct label for second PIN (#2878) * Add support for Gemalto IDPrime 940C (#2941) * Change of PIN requires verification of the PIN (#2759) * Fix incorrect CMAC computation for subkeys (#2759, issue #2734) * Use true random number for mutual authentication for SM (#2766) * Add verification of data coming from the token in the secure messaging mode (#2772) * Avoid success when using unsupported digest and fix data length for RAW ECDSA signatures (#2845) * Fix select data command (#2753, issue #2752) * Unbreak ed/curve25519 support (#2892) * Add support for Slovenian eID card (eOI) (#2646) * Add support for IDEMIA (Oberthur) tokens (#2483) * Add support for Swissbit iShield FIDO2 Authenticator (#2671) * Implement PIV secure messaging (#2053) * Add support for Slovak eID cards (#2672) * Support ECDSA with off-card hashing (#2642) * Fix WRAP operation when using T0 (#2695) * Identify changes on the card and enable `use_file_cache` (#2798) * Workaround for unwrapping using 2K RSA key (#2921) * Add support for `opensc-tool --serial` (#2675) * Fix unwrapping of 4096 keys with handling reader limits (#2682) * Indicate supported hashes and MGF1s (#2827) Signed-off-by: alperak <[email protected]> Signed-off-by: Khem Raj <[email protected]>
kraj
pushed a commit
to YoeDistro/meta-openembedded
that referenced
this pull request
Jan 9, 2024
* All patches dropped because fixed in the new version. 0001-pkcs11-tool-Fix-private-key-import.patch -> https://github.com/OpenSC/OpenSC/blob/0.24.0/src/tools/pkcs11-tool.c#L3710 0002-pkcs11-tool-Log-more-information-on-OpenSSL-errors.patch -> https://github.com/OpenSC/OpenSC/blob/0.24.0/src/tools/pkcs11-tool.c#L3686 CVE-2023-2977.patch -> OpenSC/OpenSC@81944d1 * Fix -> ERROR: opensc-0.24.0-r0 do_package_qa: QA Issue: non -dev/-dbg/nativesdk- package opensc contains symlink .so '/usr/lib/onepin-opensc-pkcs11.so' [dev-so] Changelog: * CVE-2023-40660: Fix Potential PIN bypass (#2806, frankmorgner/OpenSCToken#50, #2807) * CVE-2023-40661: Important dynamic analyzers reports * CVE-2023-4535: Out-of-bounds read in MyEID driver handling encryption using symmetric keys (f1993dc4) * Fix compatibility of EAC with OpenSSL 3.0 (#2674) * Enable `use_file_cache` by default (#2501) * Use custom libctx with OpenSSL >= 3.0 (#2712, #2715) * Fix record-based files (#2604) * Fix several race conditions (#2735) * Run tests under Valgrind (#2756) * Test signing of data bigger than 512 bytes (#2789) * Update to OpenPACE 1.1.3 (#2796) * Implement logout for some of the card drivers (#2807) * Fix wrong popup position of opensc-notify (#2901) * Fixed various issues reported by OSS-Fuzz and Coverity regarding card drivers, PKCS#11 and PKCS#15 init * Check card presence state in `C_GetSessionInfo` (#2740) * Remove `onepin-opensc-pkcs11` module (#2681) * Do not use colons in the token info label (#2760) * Present profile objects in all slots with the CKA_TOKEN attribute to resolve issues with NSS (#2928, #2924) * Use secure memory for PUK (#2906) * Don't logout to preserve concurrent access from different processes (#2907) * Add more examples to manual page (#2936) * Present profile objects in all virtual slots (#2928) * Provide CKA_TOKEN attribute for profile objects (#2924) * Improve --slot parameter documentation (#2951) * Honor cache offsets when writing file cache (#2858) * Prevent needless amount of PIN prompts from pkcs15init layer (#2916) * Propagate CKA_EXTRACTABLE and SC_PKCS15_PRKEY_ACCESS_SENSITIVE from and back to PKCS#11 (#2936) * Fix for private keys that do not need a PIN (#2722) * Unbreak decipher when the first null byte of PKCS#1.5 padding is missing (#2939) * Fix RSA key import with OpenSSL 3.0 (#2656) * Add support for attribute filtering when listing objects (#2687) * Add support for `--private` flag when writing certificates (#2768) * Add support for non-AEAD ciphers to the test mode (#2780) * Show CKA_SIGN attribute for secret keys (#2862) * Do not attempt to read CKA_ALWAYS_AUTHENTICATE on secret keys (#2864, #2913) * Show Sign/VerifyRecover attributes (#2888) * Add option to import generic keys (#2955) * Generate 2k RSA keys by default (b53fc5cd) * Disable autostart on Linux by default (#2680) * Add support for IDPrime MD 830, 930 and 940 (#2666) * Add support for SafeNet eToken 5110 token (#2812) * Process index even without keyrefmap and use correct label for second PIN (#2878) * Add support for Gemalto IDPrime 940C (#2941) * Change of PIN requires verification of the PIN (#2759) * Fix incorrect CMAC computation for subkeys (#2759, issue #2734) * Use true random number for mutual authentication for SM (#2766) * Add verification of data coming from the token in the secure messaging mode (#2772) * Avoid success when using unsupported digest and fix data length for RAW ECDSA signatures (#2845) * Fix select data command (#2753, issue #2752) * Unbreak ed/curve25519 support (#2892) * Add support for Slovenian eID card (eOI) (#2646) * Add support for IDEMIA (Oberthur) tokens (#2483) * Add support for Swissbit iShield FIDO2 Authenticator (#2671) * Implement PIV secure messaging (#2053) * Add support for Slovak eID cards (#2672) * Support ECDSA with off-card hashing (#2642) * Fix WRAP operation when using T0 (#2695) * Identify changes on the card and enable `use_file_cache` (#2798) * Workaround for unwrapping using 2K RSA key (#2921) * Add support for `opensc-tool --serial` (#2675) * Fix unwrapping of 4096 keys with handling reader limits (#2682) * Indicate supported hashes and MGF1s (#2827) Signed-off-by: alperak <[email protected]> Signed-off-by: Khem Raj <[email protected]>
kraj
pushed a commit
to YoeDistro/meta-openembedded
that referenced
this pull request
Jan 9, 2024
* All patches dropped because fixed in the new version. 0001-pkcs11-tool-Fix-private-key-import.patch -> https://github.com/OpenSC/OpenSC/blob/0.24.0/src/tools/pkcs11-tool.c#L3710 0002-pkcs11-tool-Log-more-information-on-OpenSSL-errors.patch -> https://github.com/OpenSC/OpenSC/blob/0.24.0/src/tools/pkcs11-tool.c#L3686 CVE-2023-2977.patch -> OpenSC/OpenSC@81944d1 * Fix -> ERROR: opensc-0.24.0-r0 do_package_qa: QA Issue: non -dev/-dbg/nativesdk- package opensc contains symlink .so '/usr/lib/onepin-opensc-pkcs11.so' [dev-so] Changelog: * CVE-2023-40660: Fix Potential PIN bypass (#2806, frankmorgner/OpenSCToken#50, #2807) * CVE-2023-40661: Important dynamic analyzers reports * CVE-2023-4535: Out-of-bounds read in MyEID driver handling encryption using symmetric keys (f1993dc4) * Fix compatibility of EAC with OpenSSL 3.0 (#2674) * Enable `use_file_cache` by default (#2501) * Use custom libctx with OpenSSL >= 3.0 (#2712, #2715) * Fix record-based files (#2604) * Fix several race conditions (#2735) * Run tests under Valgrind (#2756) * Test signing of data bigger than 512 bytes (#2789) * Update to OpenPACE 1.1.3 (#2796) * Implement logout for some of the card drivers (#2807) * Fix wrong popup position of opensc-notify (#2901) * Fixed various issues reported by OSS-Fuzz and Coverity regarding card drivers, PKCS#11 and PKCS#15 init * Check card presence state in `C_GetSessionInfo` (#2740) * Remove `onepin-opensc-pkcs11` module (#2681) * Do not use colons in the token info label (#2760) * Present profile objects in all slots with the CKA_TOKEN attribute to resolve issues with NSS (#2928, #2924) * Use secure memory for PUK (#2906) * Don't logout to preserve concurrent access from different processes (#2907) * Add more examples to manual page (#2936) * Present profile objects in all virtual slots (#2928) * Provide CKA_TOKEN attribute for profile objects (#2924) * Improve --slot parameter documentation (#2951) * Honor cache offsets when writing file cache (#2858) * Prevent needless amount of PIN prompts from pkcs15init layer (#2916) * Propagate CKA_EXTRACTABLE and SC_PKCS15_PRKEY_ACCESS_SENSITIVE from and back to PKCS#11 (#2936) * Fix for private keys that do not need a PIN (#2722) * Unbreak decipher when the first null byte of PKCS#1.5 padding is missing (#2939) * Fix RSA key import with OpenSSL 3.0 (#2656) * Add support for attribute filtering when listing objects (#2687) * Add support for `--private` flag when writing certificates (#2768) * Add support for non-AEAD ciphers to the test mode (#2780) * Show CKA_SIGN attribute for secret keys (#2862) * Do not attempt to read CKA_ALWAYS_AUTHENTICATE on secret keys (#2864, #2913) * Show Sign/VerifyRecover attributes (#2888) * Add option to import generic keys (#2955) * Generate 2k RSA keys by default (b53fc5cd) * Disable autostart on Linux by default (#2680) * Add support for IDPrime MD 830, 930 and 940 (#2666) * Add support for SafeNet eToken 5110 token (#2812) * Process index even without keyrefmap and use correct label for second PIN (#2878) * Add support for Gemalto IDPrime 940C (#2941) * Change of PIN requires verification of the PIN (#2759) * Fix incorrect CMAC computation for subkeys (#2759, issue #2734) * Use true random number for mutual authentication for SM (#2766) * Add verification of data coming from the token in the secure messaging mode (#2772) * Avoid success when using unsupported digest and fix data length for RAW ECDSA signatures (#2845) * Fix select data command (#2753, issue #2752) * Unbreak ed/curve25519 support (#2892) * Add support for Slovenian eID card (eOI) (#2646) * Add support for IDEMIA (Oberthur) tokens (#2483) * Add support for Swissbit iShield FIDO2 Authenticator (#2671) * Implement PIV secure messaging (#2053) * Add support for Slovak eID cards (#2672) * Support ECDSA with off-card hashing (#2642) * Fix WRAP operation when using T0 (#2695) * Identify changes on the card and enable `use_file_cache` (#2798) * Workaround for unwrapping using 2K RSA key (#2921) * Add support for `opensc-tool --serial` (#2675) * Fix unwrapping of 4096 keys with handling reader limits (#2682) * Indicate supported hashes and MGF1s (#2827) Signed-off-by: alperak <[email protected]> Signed-off-by: Khem Raj <[email protected]>
daregit
pushed a commit
to daregit/yocto-combined
that referenced
this pull request
May 22, 2024
* All patches dropped because fixed in the new version. 0001-pkcs11-tool-Fix-private-key-import.patch -> https://github.com/OpenSC/OpenSC/blob/0.24.0/src/tools/pkcs11-tool.c#L3710 0002-pkcs11-tool-Log-more-information-on-OpenSSL-errors.patch -> https://github.com/OpenSC/OpenSC/blob/0.24.0/src/tools/pkcs11-tool.c#L3686 CVE-2023-2977.patch -> OpenSC/OpenSC@81944d1 * Fix -> ERROR: opensc-0.24.0-r0 do_package_qa: QA Issue: non -dev/-dbg/nativesdk- package opensc contains symlink .so '/usr/lib/onepin-opensc-pkcs11.so' [dev-so] Changelog: * CVE-2023-40660: Fix Potential PIN bypass (#2806, frankmorgner/OpenSCToken#50, #2807) * CVE-2023-40661: Important dynamic analyzers reports * CVE-2023-4535: Out-of-bounds read in MyEID driver handling encryption using symmetric keys (f1993dc4) * Fix compatibility of EAC with OpenSSL 3.0 (#2674) * Enable `use_file_cache` by default (#2501) * Use custom libctx with OpenSSL >= 3.0 (#2712, #2715) * Fix record-based files (#2604) * Fix several race conditions (#2735) * Run tests under Valgrind (#2756) * Test signing of data bigger than 512 bytes (#2789) * Update to OpenPACE 1.1.3 (#2796) * Implement logout for some of the card drivers (#2807) * Fix wrong popup position of opensc-notify (#2901) * Fixed various issues reported by OSS-Fuzz and Coverity regarding card drivers, PKCS#11 and PKCS#15 init * Check card presence state in `C_GetSessionInfo` (#2740) * Remove `onepin-opensc-pkcs11` module (#2681) * Do not use colons in the token info label (#2760) * Present profile objects in all slots with the CKA_TOKEN attribute to resolve issues with NSS (#2928, #2924) * Use secure memory for PUK (#2906) * Don't logout to preserve concurrent access from different processes (#2907) * Add more examples to manual page (#2936) * Present profile objects in all virtual slots (#2928) * Provide CKA_TOKEN attribute for profile objects (#2924) * Improve --slot parameter documentation (#2951) * Honor cache offsets when writing file cache (#2858) * Prevent needless amount of PIN prompts from pkcs15init layer (#2916) * Propagate CKA_EXTRACTABLE and SC_PKCS15_PRKEY_ACCESS_SENSITIVE from and back to PKCS#11 (#2936) * Fix for private keys that do not need a PIN (#2722) * Unbreak decipher when the first null byte of PKCS#1.5 padding is missing (#2939) * Fix RSA key import with OpenSSL 3.0 (#2656) * Add support for attribute filtering when listing objects (#2687) * Add support for `--private` flag when writing certificates (#2768) * Add support for non-AEAD ciphers to the test mode (#2780) * Show CKA_SIGN attribute for secret keys (#2862) * Do not attempt to read CKA_ALWAYS_AUTHENTICATE on secret keys (#2864, #2913) * Show Sign/VerifyRecover attributes (#2888) * Add option to import generic keys (#2955) * Generate 2k RSA keys by default (b53fc5cd) * Disable autostart on Linux by default (#2680) * Add support for IDPrime MD 830, 930 and 940 (#2666) * Add support for SafeNet eToken 5110 token (#2812) * Process index even without keyrefmap and use correct label for second PIN (#2878) * Add support for Gemalto IDPrime 940C (#2941) * Change of PIN requires verification of the PIN (#2759) * Fix incorrect CMAC computation for subkeys (#2759, issue #2734) * Use true random number for mutual authentication for SM (#2766) * Add verification of data coming from the token in the secure messaging mode (#2772) * Avoid success when using unsupported digest and fix data length for RAW ECDSA signatures (#2845) * Fix select data command (#2753, issue #2752) * Unbreak ed/curve25519 support (#2892) * Add support for Slovenian eID card (eOI) (#2646) * Add support for IDEMIA (Oberthur) tokens (#2483) * Add support for Swissbit iShield FIDO2 Authenticator (#2671) * Implement PIV secure messaging (#2053) * Add support for Slovak eID cards (#2672) * Support ECDSA with off-card hashing (#2642) * Fix WRAP operation when using T0 (#2695) * Identify changes on the card and enable `use_file_cache` (#2798) * Workaround for unwrapping using 2K RSA key (#2921) * Add support for `opensc-tool --serial` (#2675) * Fix unwrapping of 4096 keys with handling reader limits (#2682) * Indicate supported hashes and MGF1s (#2827) Signed-off-by: alperak <[email protected]> Signed-off-by: Khem Raj <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See c58257c for a detailed description