Use dnf updateinfo to read update changelogs

Cover image background excerpted from photo by Fotis Fotopoulos on Unsplash

This article will explore how to check the changelogs for the Fedora Linux operating system using the command line and dnf updateinfo. Instead of showing the commands running on a real Fedora Linux install, this article will demo running the dnf commands in toolbox.

Introduction

If you have used any type of computer recently (be it a desktop, laptop or even a smartphone), you most likely have had to deal with software updates. You might have an opinion about them. They might be a “necessary evil”, something that always breaks your setup and makes you waste hours fixing the new problems that appeared, or you might even like them.

No matter your opinion, there are reasons to update your software: mainly bug fixes, especially security-related bug fixes. After all, you most likely don’t want someone getting your private data by exploiting a bug that happens because of a interaction between the code of your web browser and the code that renders text on your screen.

If you manage your software updates in a manual or semi-manual fashion (in comparison to letting the operating system auto-update your software), one feature you should be aware of is “changelogs”.

A changelog is, as the name hints, a big list of changes between two releases of the same software. The changelog content can vary a lot. It may depend on the team, the type of software, its importance, and the number of changes. It can range from a very simple “several small bugs were fixed in this release”-type message, to a list of links to the bugs fixed on a issue tracker with a small description, to a big and detailed list of changes or elaborate blog posts.

Now, how do you check the changelogs for the updates?

If you use Fedora Workstation the easy way to see the changelog with a GUI is with Gnome Software. Select the name of the package or name of the software on the updates page and the changelog is displayed. You could also try your favorite GUI package manager, which will most likely show it to you as well. But how does one do the same thing via CLI?

How to use dnf updateinfo

Start by creating a Fedora 34 toolbox called updateinfo-demo:

toolbox create --distro fedora --release f34 updateinfo-demo

Now, enter the toolbox:

toolbox enter updateinfo-demo

The commands from here on can also be used on a normal Fedora install.

First, check the updates available:

$ dnf check-update
audit-libs.x86_64                   3.0.3-1.fc34              updates
ca-certificates.noarch              2021.2.50-1.0.fc34        updates
coreutils.x86_64                    8.32-30.fc34              updates
coreutils-common.x86_64             8.32-30.fc34              updates
curl.x86_64                         7.76.1-7.fc34             updates
dnf.noarch                          4.8.0-1.fc34              updates
dnf-data.noarch                     4.8.0-1.fc34              updates
expat.x86_64                        2.4.1-1.fc34              updates
file-libs.x86_64                    5.39-6.fc34               updates
glibc.x86_64                        2.33-20.fc34              updates
glibc-common.x86_64                 2.33-20.fc34              updates
glibc-minimal-langpack.x86_64       2.33-20.fc34              updates
krb5-libs.x86_64                    1.19.1-14.fc34            updates
libcomps.x86_64                     0.1.17-1.fc34             updates
libcurl.x86_64                      7.76.1-7.fc34             updates
libdnf.x86_64                       0.63.1-1.fc34             updates
libeconf.x86_64                     0.4.0-1.fc34              updates
libedit.x86_64                      3.1-38.20210714cvs.fc34   updates
libgcrypt.x86_64                    1.9.3-3.fc34              updates
libidn2.x86_64                      2.3.2-1.fc34              updates
libmodulemd.x86_64                  2.13.0-1.fc34             updates
librepo.x86_64                      1.14.1-1.fc34             updates
libsss_idmap.x86_64                 2.5.2-1.fc34              updates
libsss_nss_idmap.x86_64             2.5.2-1.fc34              updates
libuser.x86_64                      0.63-4.fc34               updates
libxcrypt.x86_64                    4.4.23-1.fc34             updates
nano.x86_64                         5.8-3.fc34                updates
nano-default-editor.noarch          5.8-3.fc34                updates
nettle.x86_64                       3.7.3-1.fc34              updates
openldap.x86_64                     2.4.57-5.fc34             updates
pam.x86_64                          1.5.1-6.fc34              updates
python-setuptools-wheel.noarch      53.0.0-2.fc34             updates
python-unversioned-command.noarch   3.9.6-2.fc34              updates
python3.x86_64                      3.9.6-2.fc34              updates
python3-dnf.noarch                  4.8.0-1.fc34              updates
python3-hawkey.x86_64               0.63.1-1.fc34             updates
python3-libcomps.x86_64             0.1.17-1.fc34             updates
python3-libdnf.x86_64               0.63.1-1.fc34             updates
python3-libs.x86_64                 3.9.6-2.fc34              updates
python3-setuptools.noarch           53.0.0-2.fc34             updates
sssd-client.x86_64                  2.5.2-1.fc34              updates
systemd.x86_64                      248.6-1.fc34              updates
systemd-libs.x86_64                 248.6-1.fc34              updates
systemd-networkd.x86_64             248.6-1.fc34              updates
systemd-pam.x86_64                  248.6-1.fc34              updates
systemd-rpm-macros.noarch           248.6-1.fc34              updates
vim-minimal.x86_64                  2:8.2.3182-1.fc34         updates
xkeyboard-config.noarch             2.33-1.fc34               updates
yum.noarch                          4.8.0-1.fc34              updates

OK, so run your first dnf updateinfo command:

$ dnf updateinfo
Updates Information Summary: available
     5 Security notice(s)
         4 Moderate Security notice(s)
         1 Low Security notice(s)
    11 Bugfix notice(s)
     8 Enhancement notice(s)
     3 other notice(s)

This is the summary of updates. As you can see there are security updates, bugfix updates, enhancement updates and some which are not specified.

Look at the list of updates and which types they belong to:

$ dnf updateinfo list
FEDORA-2021-e4866762d8 enhancement   audit-libs-3.0.3-1.fc34.x86_64
FEDORA-2021-1f32e18471 bugfix        ca-certificates-2021.2.50-1.0.fc34.noarch
FEDORA-2021-b09e010a46 bugfix        coreutils-8.32-30.fc34.x86_64
FEDORA-2021-b09e010a46 bugfix        coreutils-common-8.32-30.fc34.x86_64
FEDORA-2021-83fdddca0f Moderate/Sec. curl-7.76.1-7.fc34.x86_64
FEDORA-2021-3b74285c43 bugfix        dnf-4.8.0-1.fc34.noarch
FEDORA-2021-3b74285c43 bugfix        dnf-data-4.8.0-1.fc34.noarch
FEDORA-2021-523ee0a81e enhancement   expat-2.4.1-1.fc34.x86_64
FEDORA-2021-07625b9c81 unknown       file-libs-5.39-6.fc34.x86_64
FEDORA-2021-e14e86e40e Moderate/Sec. glibc-2.33-20.fc34.x86_64
FEDORA-2021-e14e86e40e Moderate/Sec. glibc-common-2.33-20.fc34.x86_64
FEDORA-2021-e14e86e40e Moderate/Sec. glibc-minimal-langpack-2.33-20.fc34.x86_64
FEDORA-2021-8b25e4642f Low/Sec.      krb5-libs-1.19.1-14.fc34.x86_64
FEDORA-2021-3b74285c43 bugfix        libcomps-0.1.17-1.fc34.x86_64
FEDORA-2021-83fdddca0f Moderate/Sec. libcurl-7.76.1-7.fc34.x86_64
FEDORA-2021-3b74285c43 bugfix        libdnf-0.63.1-1.fc34.x86_64
FEDORA-2021-ca22b882a5 enhancement   libeconf-0.4.0-1.fc34.x86_64
FEDORA-2021-f9c139edd8 bugfix        libedit-3.1-38.20210714cvs.fc34.x86_64
FEDORA-2021-31fdc84207 Moderate/Sec. libgcrypt-1.9.3-3.fc34.x86_64
FEDORA-2021-bc56cf7c1f enhancement   libidn2-2.3.2-1.fc34.x86_64
FEDORA-2021-da2ec14d7f bugfix        libmodulemd-2.13.0-1.fc34.x86_64
FEDORA-2021-3b74285c43 bugfix        librepo-1.14.1-1.fc34.x86_64
FEDORA-2021-1db6330a22 unknown       libsss_idmap-2.5.2-1.fc34.x86_64
FEDORA-2021-1db6330a22 unknown       libsss_nss_idmap-2.5.2-1.fc34.x86_64
FEDORA-2021-8226c82fe9 bugfix        libuser-0.63-4.fc34.x86_64
FEDORA-2021-e6916d6758 bugfix        libxcrypt-4.4.22-2.fc34.x86_64
FEDORA-2021-fed4036fd9 bugfix        libxcrypt-4.4.23-1.fc34.x86_64
FEDORA-2021-3122d2b8d2 unknown       nano-5.8-3.fc34.x86_64
FEDORA-2021-3122d2b8d2 unknown       nano-default-editor-5.8-3.fc34.noarch
FEDORA-2021-d1fc0b9d32 Moderate/Sec. nettle-3.7.3-1.fc34.x86_64
FEDORA-2021-97949d7a4e bugfix        openldap-2.4.57-5.fc34.x86_64
FEDORA-2021-e6916d6758 bugfix        pam-1.5.1-6.fc34.x86_64
FEDORA-2021-07931f7f08 bugfix        python-setuptools-wheel-53.0.0-2.fc34.noarch
FEDORA-2021-2056ce89d9 enhancement   python-unversioned-command-3.9.6-1.fc34.noarch
FEDORA-2021-d613e00b72 enhancement   python-unversioned-command-3.9.6-2.fc34.noarch
FEDORA-2021-2056ce89d9 enhancement   python3-3.9.6-1.fc34.x86_64
FEDORA-2021-d613e00b72 enhancement   python3-3.9.6-2.fc34.x86_64
FEDORA-2021-3b74285c43 bugfix        python3-dnf-4.8.0-1.fc34.noarch
FEDORA-2021-3b74285c43 bugfix        python3-hawkey-0.63.1-1.fc34.x86_64
FEDORA-2021-3b74285c43 bugfix        python3-libcomps-0.1.17-1.fc34.x86_64
FEDORA-2021-3b74285c43 bugfix        python3-libdnf-0.63.1-1.fc34.x86_64
FEDORA-2021-2056ce89d9 enhancement   python3-libs-3.9.6-1.fc34.x86_64
FEDORA-2021-d613e00b72 enhancement   python3-libs-3.9.6-2.fc34.x86_64
FEDORA-2021-07931f7f08 bugfix        python3-setuptools-53.0.0-2.fc34.noarch
FEDORA-2021-1db6330a22 unknown       sssd-client-2.5.2-1.fc34.x86_64
FEDORA-2021-3141f0eff1 bugfix        systemd-248.6-1.fc34.x86_64
FEDORA-2021-3141f0eff1 bugfix        systemd-libs-248.6-1.fc34.x86_64
FEDORA-2021-3141f0eff1 bugfix        systemd-networkd-248.6-1.fc34.x86_64
FEDORA-2021-3141f0eff1 bugfix        systemd-pam-248.6-1.fc34.x86_64
FEDORA-2021-3141f0eff1 bugfix        systemd-rpm-macros-248.6-1.fc34.noarch
FEDORA-2021-b8b1f6e54f enhancement   vim-minimal-2:8.2.3182-1.fc34.x86_64
FEDORA-2021-67645ae09f enhancement   xkeyboard-config-2.33-1.fc34.noarch
FEDORA-2021-3b74285c43 bugfix        yum-4.8.0-1.fc34.noarch

The output is in three columns. These show the ID for an update, the type of the update, and the package to which it refers.

If you want to see the Bodhi page for a specific update, just add the id to the end of this URL:
https://bodhi.fedoraproject.org/updates/.

For example, https://bodhi.fedoraproject.org/updates/FEDORA-2021-3141f0eff1 for systemd-248.6-1.fc34.x86_64 or https://bodhi.fedoraproject.org/updates/FEDORA-2021-b09e010a46 for coreutils-8.32-30.fc34.x86_64.

The next command will list the actual changelog.

dnf updateinfo info

The output from this command is quite long. So only a few interesting excerpts are provided below.

Start with a small one:

===============================================================================
  ca-certificates-2021.2.50-1.0.fc34
===============================================================================
  Update ID: FEDORA-2021-1f32e18471
       Type: bugfix
    Updated: 2021-06-18 22:08:02
Description: Update the ca-certificates list to the lastest upstream list.
   Severity: Low

Notice how this info has the update ID, type, updated time, description and severity. Very simple and easy to understand.

Now look at the systemd update which, in addition to the previous items, has some bugs associated with it in Red Hat Bugzilla, a more elaborate description, and a different severity.

===============================================================================
  systemd-248.6-1.fc34
===============================================================================
  Update ID: FEDORA-2021-3141f0eff1
       Type: bugfix
    Updated: 2021-07-24 22:00:30
       Bugs: 1963428 - if keyfile >= 1024*4096-1 service "systemd-cryptsetup@<partition name>" can't start
           : 1965815 - 50-udev-default.rules references group "sgx" which does not exist
           : 1975564 - systemd-cryptenroll SIGABRT when adding recovery key - buffer overflow
           : 1984651 - systemd[1]: Assertion 'a <= b' failed at src/libsystemd/sd-event/sd-event.c:2903, function sleep_between(). Aborting.
Description: - Create 'sgx' group (and also use soft-static uids for input and render, see https://pagure.io/setup/c/df3194a7295c2ca3cfa923981b046f4bd2754825 and https://pagure.io/packaging-committee/issue/1078 (#1965815)
           : - Various bugfixes (#1963428, #1975564)
           : - Fix for a regression introduced in the previous release with sd-event abort (#1984651)
           : 
           : No need to log out or reboot.
   Severity: Moderate

Next look at a curl update. This has a security update with several CVEs associated with it. Each CVE has its respective Red Hat Bugzilla bug.

===============================================================================
  curl-7.76.1-7.fc34
===============================================================================
  Update ID: FEDORA-2021-83fdddca0f
       Type: security
    Updated: 2021-07-22 22:03:07
       Bugs: 1984325 - CVE-2021-22922 curl: wrong content via metalink is not being discarded [fedora-all]
           : 1984326 - CVE-2021-22923 curl: Metalink download sends credentials [fedora-all]
           : 1984327 - CVE-2021-22924 curl: bad connection reuse due to flawed path name checks [fedora-all]
           : 1984328 - CVE-2021-22925 curl: Incorrect fix for CVE-2021-22898 TELNET stack contents disclosure [fedora-all]
Description: - fix TELNET stack contents disclosure again (CVE-2021-22925)
           : - fix bad connection reuse due to flawed path name checks (CVE-2021-22924)
           : - disable metalink support to fix the following vulnerabilities
           :     CVE-2021-22923 - metalink download sends credentials
           :     CVE-2021-22922 - wrong content via metalink not discarded
   Severity: Moderate

This item shows a simple enhancement update.

===============================================================================
  python3-docs-3.9.6-1.fc34 python3.9-3.9.6-1.fc34
===============================================================================
  Update ID: FEDORA-2021-2056ce89d9
       Type: enhancement
    Updated: 2021-07-08 22:00:53
Description: Update of Python 3.9 and python3-docs to latest release 3.9.6
   Severity: None

Finally an “unknown” type update.

===============================================================================
  file-5.39-6.fc34
===============================================================================
  Update ID: FEDORA-2021-07625b9c81
       Type: unknown
    Updated: 2021-06-11 22:16:57
       Bugs: 1963895 - Wrong detection of python bytecode mimetypes
Description: do not classify python bytecode files as text (#1963895)
   Severity: None

Conclusion

So, in what situation does dnf updateinfo become handy?

Well, you could use it if you prefer managing updates fully via the CLI, or if you are unable to successfully use the GUI tools at a specific moment.

In which case is checking the changelog useful?

Say you manage the updates yourself, sometimes you might not consider it ideal to stop what you are doing to update your system. Instead of simply installing the updates, you check the changelogs. This allows you to figure out whether you should prioritize your updates (maybe there’s a important security fix?) or whether to postpone a bit longer (no important fix, “I will do it later when I’m not doing anything important”).

For System Administrators

9 Comments

  1. Bruno

    Nice article. Also “dnf updateinfo info vim systemd …” will give you info about vim and systemd or whatever specific package name you give in parameter.

    • Ah, I decided to take a look at the man page again to confirm it and apparently you are right.
      The updateinfo command can also take a “SPEC” as a parameter, and those generally match the package name (or the main package name in case the package is split).

      So, yeah, you can get the changelog for only a specific package by passing its name as well.
      Thanks for the new info!

  2. hammerhead corvette

    So happy to see this post, We NEED more bits like this for the community. DNF is powerful and intricate at the same time. Would love more on GroupUpdate, history, and others.
    Thanks for the post.

    • Thanks for the kind words!

      I mostly did this post because Gnome Software tends to crash a bit on my machine and I needed a different way of seeing the update changelogs, so I searched around and found dnf updateinfo.

      I don’t know much about dnf though, I only used to do the basic operations of install, update, remove, autoremove, and sometimes something more advanced like marking packages as user installed or removing that mark.

      I do think I checked out dnf history once and apparently you can see all the packages changed in a transaction and even undo some of those transactions.

      I could try writing more articles on dnf, the problem really would be that I migrated from Fedora Workstation to Fedora Silverblue in the short time between when I proposed this article and when I wrote it, so it would be a bit harder if things can’t be done from toolbox.

  3. Darvond

    I’ve also been exploring the DNF command reference, and one thing I want to highlight are some of the subcommands such as using a tree to list out the dependencies in that manner. (I was recently looking for a way to dust off a desktop entirely while keeping a few utility programs.)

    The thing that tends to mess me up more often than not is the syntax order.

  4. Ben

    I have been looking for something like this for so long, thanks so much. Wondering if there’s a way to tell DNF only to update packages with CVE (e.g. security fixes).

    • Actually, you can! Just run “dnf update –security”.

      I didn’t know about that, but after some reading and testing, it works.

      You can also choose only bug fixes with “–bugfix”, or only enhancements with “–enhancement”, you might even combine multiple of them together.

      I actually proposed a new article based on your comment, so I might write something more in-depth in the future.

      • Marcus

        It would be nice with a cheat sheet with the most useful commands! 🙂

  5. Are we left in a toolbox?

    And if so
    a) how do we get out
    b) how do we remove the toolbox if only created to follow your useful blog?

Comments are Closed

The opinions expressed on this website are those of each author, not of the author's employer or of Red Hat. Fedora Magazine aspires to publish all content under a Creative Commons license but may not be able to do so in all cases. You are responsible for ensuring that you have the necessary permission to reuse any work on this site. The Fedora logo is a trademark of Red Hat, Inc. Terms and Conditions