秋のbash祭り
皆さんどうお過ごしでしょうか。

パッチがいろいろと出てていつ出たのか、
何に対してのパッチなのか分からなくなってきました。。。
（結局bashがらみはいくつあるんだろう・・・）

今回は「sudo」を題材に
CentOSとUbuntuでやってみました。

＠だんなさん
有難う御座いました！

CentOS
RPMコマンドだと

# rpm -q --info sudo
Name        : sudo                         Relocations: (not relocatable)
Version     : 1.8.6p3                           Vendor: CentOS
Release     : 12.el6                        Build Date: 2013年11月22日 21時51分14秒
Install Date: 2013年12月02日 22時55分48秒      Build Host: c6b9.bsys.dev.centos.org
Group       : Applications/System           Source RPM: sudo-1.8.6p3-12.el6.src.rpm
Size        : 2465716                          License: ISC
Signature   : RSA/SHA1, 2013年11月25日 04時33分33秒, Key ID 0946fca2c105b9de
Packager    : CentOS BuildSystem <http://bugs.centos.org>
URL         : http://www.courtesan.com/sudo/
Summary     : Allows restricted root access for specified users
Description :
Sudo (superuser do) allows a system administrator to give certain
users (or groups of users) the ability to run some (or all) commands
as root while logging all commands and arguments. Sudo operates on a
per-command basis.  It is not a replacement for the shell.  Features
include: the ability to restrict what commands a user may run on a
per-host basis, copious logging of each command (providing a clear
audit trail of who did what), a configurable timeout of the sudo
command, and the ability to use the same configuration file (sudoers)
on many different machines.

yumコマンドだと
（「-v」つけないと詳細が出ない。）

# yum info sudo -v
Loading "downloadonly" plugin
Loading "fastestmirror" plugin
Config time: 0.019
Yum Version: 3.2.29
Setting up Package Sacks
Loading mirror speeds from cached hostfile
 * base: ftp.riken.jp
 * epel: ftp.riken.jp
 * extras: ftp.riken.jp
 * updates: ftp.riken.jp
pkgsack time: 0.214
rpmdb time: 0.000
Installed Packages
Name        : sudo
Arch        : x86_64
Version     : 1.8.6p3
Release     : 12.el6
Size        : 2.4 M
Repo        : installed
From repo   : anaconda-CentOS-201311272149.x86_64
Committer   : Daniel Kopecek <dkopecek@redhat.com>
Committime  : Mon Oct  7 21:00:00 2013
Buildtime   : Fri Nov 22 21:51:14 2013
Install time: Mon Dec  2 22:55:48 2013
Installed by: System <unset>
Changed by  : System <unset>
Summary     : Allows restricted root access for specified users
URL         : http://www.courtesan.com/sudo/
License     : ISC
Description : Sudo (superuser do) allows a system administrator to give certain
            : users (or groups of users) the ability to run some (or all) commands
            : as root while logging all commands and arguments. Sudo operates on a
            : per-command basis.  It is not a replacement for the shell.  Features
            : include: the ability to restrict what commands a user may run on a
            : per-host basis, copious logging of each command (providing a clear
            : audit trail of who did what), a configurable timeout of the sudo
            : command, and the ability to use the same configuration file (sudoers)
            : on many different machines.

Debian/Ubuntu
aptコマンドだと

# apt show sudo
Package: sudo
Priority: important
Section: admin
Installed-Size: 1528
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Original-Maintainer: Bdale Garbee <bdale@gag.com>
Architecture: amd64
Version: 1.8.9p5-1ubuntu1
Replaces: sudo-ldap
Depends: libc6 (>= 2.15), libpam0g (>= 0.99.7.1), libselinux1 (>= 1.32), libpam-modules
Conflicts: sudo-ldap
Filename: pool/main/s/sudo/sudo_1.8.9p5-1ubuntu1_amd64.deb
Size: 341730
MD5sum: 622df6b43c28072fd1a47ed7fcbd28f2
SHA1: 354128caa875166b2af198be64a529e64ed8b081
SHA256: ac15a9810ca1b92aa5d515e542d4df5f7655e19923c47ba6d76f3ec2b2f736da
Description-ja: 特定のユーザに制限されたスーパユーザ権限を供与
 sudo は、システム管理者が制限された root 権限をユーザに与え、root としての
 活動を記録するために設計されたプログラムです。基本的な哲学としては、できる だけ少ない権限を与えつつも、ユーザが作業を実行できるようにすることです。
 .
 このバージョンは、他の共有ライブラリとの依存性が最低限に留められています。 sudoers に LDAP のサポートが必要な場合は、代わりに
 sudo-ldap パッケージを 使ってください。
Description-md5: acd82d558698567df941afe9b1ac35df
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Origin: Ubuntu
Supported: 5y
Task: minimal

dpkgコマンドなら

# dpkg -s sudo
Package: sudo
Status: install ok installed
Priority: optional
Section: admin
Installed-Size: 1528
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Architecture: amd64
Version: 1.8.9p5-1ubuntu1
Replaces: sudo-ldap
Depends: libc6 (>= 2.15), libpam0g (>= 0.99.7.1), libselinux1 (>= 1.32), libpam-modules
Conflicts: sudo-ldap
Conffiles:
 /etc/sudoers.d/README 8d3cf36d1713f40a0ddc38e1b21a51b6
 /etc/init.d/sudo 69497d0565055f626ee2bc84f818ce0f
 /etc/sudoers e8e73f16ed73309df7574c12fbcc0af7
 /etc/pam.d/sudo 665a6dead44ff792cfad6b0faa10a621
Description: Provide limited super user privileges to specific users
 Sudo is a program designed to allow a sysadmin to give limited root
 privileges to users and log root activity.  The basic philosophy is to give
 as few privileges as possible but still allow people to get their work done.
 .
 This version is built with minimal shared library dependencies, use the
 sudo-ldap package instead if you need LDAP support for sudoers.
Original-Maintainer: Bdale Garbee <bdale@gag.com>

ビルドとか公開された日時、Changelogを調べるには
CentOS系だと

# rpm -q --changelog sudo |more
* Thu Jul 31 2014 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-15
- RHEL-6.6 erratum
  - SSSD: dropped the ipahostnameshort patch, as it is not
    needed. rhbz#1033703 is a configuration issue.
  Related: rhbz#1033703

* Wed Jul 30 2014 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-14
- RHEL-6.6 erratum
  - SSSD: fixed netgroup filter patch
  - SSSD: dropped serparate patch for #1006463, the fix is now part
    of the netgroup filter patch
  Resolves: rhbz#1006463
  Resolves: rhbz#1083064

* Mon May 19 2014 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-13
- RHEL-6.6 erratum
  - don't retry authentication when ctrl-c pressed
  - fix double-quote processing in Defaults options
  - fix sesh login shell argv[0]
  - handle the "(none)" hostname correctly
  - SSSD: fix ipa_hostname handling
  - SSSD: fix sudoUser netgroup specification filtering
  - SSSD: list correct user when -U <user> -l specified
  - SSSD: show rule names on long listing (-ll)
  Resolves: rhbz#1065415
  Resolves: rhbz#1078338
  Resolves: rhbz#1052940
  Resolves: rhbz#1083064

Debian/Ubuntu系だと

# apt-get changelog sudo
Get:1 Changelog for sudo (http://changelogs.ubuntu.com/changelogs/pool/main/s/sudo/sudo_1.8.9p5-1ubuntu1/changelog) [59.3 kB]
Fetched 59.3 kB in 1s (38.0 kB/s)
sudo (1.8.9p5-1ubuntu1) trusty; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - debian/rules:
      + compile with --without-lecture --with-tty-tickets --enable-admin-flag
      + install man/man8/sudo_root.8 in both flavours
      + install apport hooks
    - debian/sudoers:
      + also grant admin group sudo access
    - debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs:
      + add usr/share/apport/package-hooks
    - debian/sudo.pam:
      + Use pam_env to read /etc/environment and /etc/default/locale
        environment files. Reading ~/.pam_environment is not permitted due to
        security reasons.
    - debian/control:
      + dh-autoreconf dependency fixes missing-build-dependency-for-dh_-command
    - Remaining patches:
      + keep_home_by_default.patch: Keep HOME in the default environment
      + actually-use-buildflags: Pass LDFLAGS everywhere
      + add_probe_interfaces_setting.diff: option to disable network inf probe
  * add_probe_interfaces_setting.diff: fix to not modify NEWS file.

 -- Chris J Arges <chris.j.arges@ubuntu.com>  Mon, 10 Feb 2014 12:21:53 -0600

sudo (1.8.9p5-1) unstable; urgency=low

  * new upstream release, closes: #735328

 -- Bdale Garbee <bdale@gag.com>  Tue, 04 Feb 2014 11:46:19 -0700

とやるらしい。

ほかにも

# apt-cache policy sudo
sudo:
  Installed: 1.8.9p5-1ubuntu1
  Candidate: 1.8.9p5-1ubuntu1
  Version table:
 *** 1.8.9p5-1ubuntu1 0
        500 http://jp.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
        100 /var/lib/dpkg/status

なんかもある

# apt-get -s upgrade

とするか
もしくは、

# apt-get install apt-listchanges

とかするとそのときにいろいろ分かる。