Comprobar el changelog de un paquete instalado (o a instalar) (RPM|YUM)

El registro de cambios​ (changelog) contiene un listado de cambios, nuevas funcionalidades, solución de bugs y vulnerabilidades, etc. aplicadas a un determinado paquete. A través de rpm podemos consultar el changelog de un paquete, para ello se utiliza la opción de query -q y --changelog. Ejemplo:

$ rpm -q --changelog kernel | more
* Sun Nov 10 2013 Rafael Aquini <aquini@redhat.com> [2.6.32-431.el6]
- [md] Disabling of TRIM on RAID5 for RHEL6.5 was too aggressive (Jes Sorensen) [1028426]

* Tue Nov 05 2013 Rafael Aquini <aquini@redhat.com> [2.6.32-430.el6]
- [x86] Revert "efi: be more paranoid about available space when creating variables" (Rafael Aquini) [1012370 1023173]
- [x86] Revert "efivars: firmware bug workarounds should be in platform code" (Rafael Aquini) [1012370 1023173]
- [x86] Revert "efi: Export efi_query_variable_store() for efivars.ko" (Rafael Aquini) [1012370 1023173]
- [x86] Revert "efi: Check max_size only if it is non-zero" (Rafael Aquini) [1012370 1023173]
- [x86] Revert "efi: Distinguish between "remaining space" and actually used space" (Rafael Aquini) [1012370 1023173]
- [x86] Revert "efi: Implement efi_no_storage_paranoia parameter" (Rafael Aquini) [1012370 1023173]
- [x86] Revert "Modify UEFI anti-bricking code" (Rafael Aquini) [1012370 1023173]
- [x86] Revert "efi: Fix dummy variable buffer allocation" (Rafael Aquini) [1012370 1023173]

* Sat Nov 02 2013 Rafael Aquini <aquini@redhat.com> [2.6.32-429.el6]
- [fs] revert xfs: prevent deadlock trying to cover an active log (Eric Sandeen) [1014867]

* Wed Oct 30 2013 Rafael Aquini <aquini@redhat.com> [2.6.32-428.el6]
- [fs] Revert "vfs: allow umount to handle mountpoints without revalidating them" (Rafael Aquini) [1024607]
- [fs] Revert "vfs: massage umount_lookup_last() a bit to reduce nesting" (Rafael Aquini) [1024607]
- [fs] Revert "vfs: rename user_path_umountat() to user_path_mountpoint_at()" (Rafael Aquini) [1024607]
- [fs] Revert "vfs: introduce kern_path_mountpoint()" (Rafael Aquini) [1024607]
- [fs] Revert "autofs4: fix device ioctl mount lookup" (Rafael Aquini) [1024607]
[...]

Si queremos consultarlo para un paquete que todavía no hemos instalado, lo podemos hacer con yum, utilizando el añadido yum-plugin-changelog:

# yum install yum-plugin-changelog
[...]
---> Package yum-plugin-changelog.noarch 0:1.1.31-45.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================================================================================================================================================================================================================================
 Package                                                                          Arch                                                               Version                                                                   Repository                                                                      Size
====================================================================================================================================================================================================================================================================================================================
Installing:
 yum-plugin-changelog                                                             noarch                                                             1.1.31-45.el7                                                             rhel-7-server-rpms                                                              33 k

Transaction Summary
====================================================================================================================================================================================================================================================================================================================
Install  1 Package

Total download size: 33 k
Installed size: 40 k
[...]
Transaction test succeeded
Running transaction
  Installing : yum-plugin-changelog-1.1.31-45.el7.noarch                                                                                                                                                                                                                                                        1/1 
  Verifying  : yum-plugin-changelog-1.1.31-45.el7.noarch                                                                                                                                                                                                                                                        1/1 

Installed:
  yum-plugin-changelog.noarch 0:1.1.31-45.el7                                                                                                                                                                                                                                                                       
Complete!

Una vez, instalado, la sintaxis es la siguiente:

[root@ingsaltojc ~]# yum changelog openssh
Loaded plugins: changelog, langpacks, product-id, search-disabled-repos, subscription-manager

Listing all changelogs

==================== Installed Packages ====================
openssh-6.6.1p1-22.el7.x86_64            installed
* Fri Sep 25 14:00:00 2015 Jakub Jelen <jjelen@redhat.com> 6.6.1p1-22 + 0.9.3-9
- Use the correct constant for glob limits (#1160377)

* Thu Sep 24 14:00:00 2015 Jakub Jelen <jjelen@redhat.com> 6.6.1p1-21 + 0.9.3-9
- Extend memory limit for remote glob in sftp acc. to stat limit (#1160377)

* Thu Sep 24 14:00:00 2015 Jakub Jelen <jjelen@redhat.com> 6.6.1p1-20 + 0.9.3-9
- Fix vulnerabilities published with openssh-7.0 (#1265807)
 - Privilege separation weakness related to PAM support
 - Use-after-free bug related to PAM support

* Thu Sep 24 14:00:00 2015 Jakub Jelen <jjelen@redhat.com> 6.6.1p1-19 + 0.9.3-9
- Increase limit of files for glob match in sftp to 8192 (#1160377)

* Tue Aug 18 14:00:00 2015 Jakub Jelen <jjelen@redhat.com> 6.6.1p1-18 + 0.9.3-9
- Add GSSAPIKexAlgorithms option for server and client application (#1253062)

* Wed Jul 29 14:00:00 2015 Jakub Jelen <jjelen@redhat.com> 6.6.1p1-17 + 0.9.3-9
- Security fixes released with openssh-6.9 (CVE-2015-5352) (#1247864)
 - XSECURITY restrictions bypass under certain conditions in ssh(1) (#1238231)
 - weakness of agent locking (ssh-add -x) to password guessing (#1238238)

* Mon Jul 27 14:00:00 2015 Jakub Jelen <jjelen@redhat.com> 6.6.1p1-16 + 0.9.3-9
- only query each keyboard-interactive device once (CVE-2015-5600) (#1245971)

También se pueden establecer filtros de búsqueda, como un rango de fechas concreto. Ejemplos extraídos de la página man:

# yum changelog 2008-Jan yum\*
Listing changelogs since: 2008-01-18
yum-versionlock-1.1.11-1.fc8.noarch installed
* Wed Jan 30 17:00:00 2008 Tim Lauridsen <timlau@fedoraproject.org>
- mark as 1.1.11

changelog stats. 33 pkgs, 12 source pkgs, 1 changelog

# yum update ktechlab --changelog
Loading "changelog" plugin
Setting up Update Process
Setting up repositories
[..]
Resolving Dependencies
[...]
Changes in packages about to be updated:

ktechlab - 0.3-6.i386
* Wed Nov 22 23:00:00 2006 Chitlesh Goorah - 0.3-6
- Rebuilt due to new gpsim-devel release