Inform CVEs fixed by livepatch

SUSE / libpulp

libpulp enables live patching in user space applications.

GNU Lesser General Public License v2.1

55 stars 11 forks source link

Inform CVEs fixed by livepatch #143

Closed giulianobelinassi closed 2 years ago

giulianobelinassi commented 2 years ago

There must be a way to describe which CVEs are fixed by a livepatch. One way of doing this is to add an extra ELF section to the .so file containing all CVEs fixed by it.

susematz commented 2 years ago

Another way is to have that simply as part of the changelog of the RPM package that contained the livepatch .so file (which is advisable anyway). Either way I think one point was that the ulp tool should have a subcommand that can concisely show which CVEs are fixed by a livepatch, it would either consult that special section or the rpm changelog. (But look at what the klp command can do for inspiration, I'm not 100% sure myself).

giulianobelinassi commented 2 years ago

Done. Libpulp now have a .ulp.comments section, and ulp patches looks for interesting labels there.