systemadmin.es > Distribuciones > Changelog de un paquete en RHEL, CentOS y derivados

Changelog de un paquete en RHEL, CentOS y derivados

Tal como hemos podido comprobar recientemente con el bug de openssl CVE-2014-0160, es importante poder ver los changelogs de los paquetes.

Si el paquete lo tenemos instalado, únicamente necesitamos indicar las opciónes -q (query) y –changelog y lo obtendremos:

# rpm -q --changelog openssl 
* Tue Jan 28 2014 Tomas Mraz <tmraz@redhat.com> 0.9.8e-27.1
- replace expired GlobalSign Root CA certificate in ca-bundle.crt

* Mon Feb 25 2013 Tomas Mraz <tmraz@redhat.com> 0.9.8e-27
- fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589)
- fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052)
- enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB
  environment variable is set (fixes CVE-2012-4929 #857051)
- use __secure_getenv() everywhere instead of getenv() (#839735)
(...)

En el caso que no este instalado, deberemos indicar la opción -p y la ruta al paquete:

# rpm -qp --changelog httpd-2.2.3-45.el5.centos.1.i386.rpm 
* Thu May 05 2011 Johnny Hughes <johnny@centos.org> - 2.2.3 -45.1.centos
- Rolled in CentOS Branding

* Sat Apr 16 2011 Joe Orton <jorton@redhat.com> - 2.2.3-45.1
- mod_ssl: fix handling of incomplete lines w/rev. proxy (#694158)

* Mon Dec 06 2010 Joe Orton <jorton@redhat.com> - 2.2.3-45
- ab: fail gracefully for OOM allocating stats structures (#645845)
- init script: use $STOP_DELAY as delay before SIGKILL of parent (#644223)
- mod_dav: don't delete the existing resource if a PUT fails (#572910)
(...)

Por lo tanto, mediante dicha opción y yumdownloader, podemos bajar la última versión del repositorio y consultar el changelog antes de aplicarlo:

# yumdownloader nginx
(...)
nginx-0.8.55-3.el5.i386.rpm                           | 391 kB     00:00
# rpm -qp --changelog nginx-0.8.55-3.el5.i386.rpm 
* Fri Feb 22 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.8.55-3
- make sure nginx directories are not world readable (#913734, #913736)

* Sat Mar 17 2012 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.8.55-2
- patch for CVE-2012-1180

* Mon Aug 29 2011 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.8.55-1
- Update to legacy stable 0.8.55
- fix bug #717078

(...)

One comment to “Changelog de un paquete en RHEL, CentOS y derivados”

  1. Si tienes instalado yum-plugin-changelog, no hace falta bajar el paquete con yumdownloader para ver el changelog:

    [root@server ~] # rpm -qi yum-plugin-changelog
    Name        : yum-plugin-changelog         Relocations: (not relocatable)
    ...
    Summary     : Yum plugin for viewing package changelogs before/after updating
    Description :
    This plugin adds a command line option to allow viewing package changelog
    deltas before or after updating packages
    
    
    [root@server ~] # yum changelog all ruby | head -30
    Loaded plugins: changelog, downloadonly, fastestmirror, presto
    ...
    Listing all changelogs
    
    ==================== Available Packages ====================
    ruby-1.8.7.352-13.el6.x86_64             updates
    * Fri Nov 22 09:00:00 2013 Vít Ondruch  - 1.8.7.352-13
    - Workaround build issues against OpenSSL with enabled ECC curves.
    - Make DRb compatible with OpenSSL 1.0.1.
      * ruby-1.9.3-p222-generate-1024-bits-RSA-key-instead-of-512-bits.patch
    - Fix CVE-2013-4164 Heap Overflow in Floating Point Parsing
      * ruby-1.9.3-p484-CVE-2013-4164-ignore-too-long-fraction-part-which-does-not-affect-the-result.patch
      - Resolves: rhbz#1033500
    
    * Mon Jul  8 09:00:00 2013 Vít Ondruch  - 1.8.7.352-12
    - Fix regression introduced by CVE-2013-4073
      https://bugs.ruby-lang.org/issues/8575
      * ruby-2.0.0-p255-Fix-SSL-client-connection-crash-for-SAN-marked-critical.patch
      - Related: rhbz#979301
    
    * Fri Jun 28 09:00:00 2013 Vít Ondruch  - 1.8.7.352-11
    - hostname check bypassing vulnerability in SSL client.
      * ruby-1.8.7-p374-CVE-2013-4073-fix-hostname-verification.patch
      - Resolves: rhbz#979301
    
    * Fri Mar  1 09:00:00 2013 Vít Ondruch  - 1.8.7.352-10
    - $SAFE escaping vulnerability about Exception#to_s / NameError#to_s
    

Deja un comentario:

XHTML - Tags permitidos:<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>