The following Fedora EPEL 8 Security updates need testing:
Age URL
72 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-5b2095e2c2
xpdf-4.06-1.el8
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-cf486df588
opencc-1.0.5-4.el8
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-58d7d41403
java-latest-openjdk-26.0.0.0.32-0.0.1.ea.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
editorconfig-0.12.10-1.el8
nvtop-3.3.1-2.el8
partclone-0.3.44-1.el8
prosody-13.0.4-1.el8
qelectrotech-0.100-1.el8
rpminspect-2.1-1.el8
xorgxrdp-0.10.5-1.el8
xrdp-0.10.5-1.el8
Details about builds:
================================================================================
editorconfig-0.12.10-1.el8 (FEDORA-EPEL-2026-ebd878d450)
Parser for EditorConfig files written in C
--------------------------------------------------------------------------------
Update Information:
v0.12.10
Make path splitting algorithm UNC-aware
Miscellaneous fixes.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 22 2026 Benjamin A. Beasley <[email protected]> - 0.12.10-1
- Update to 0.12.10 (close RHBZ#2401398)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2401398 - editorconfig-0.12.10 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2401398
--------------------------------------------------------------------------------
================================================================================
nvtop-3.3.1-2.el8 (FEDORA-EPEL-2026-2243bd3e9e)
GPU process monitoring for various devices
--------------------------------------------------------------------------------
Update Information:
3.3.1
Fix a regression that would miss-report available device memory of NVIDIA GPUs
Integrate effective/efficiency usage within the GPU utilization metric
3.3.0
New in this release
Target support
Rockchip NPU - @feilongfl
MetaX GPUs - @zhenyu-xu-metax
Enflame GCU - @QShen3
Improvements
More memory reporting in one-shot mode - @mintyleaf
CTRL + L will reset the ncurses interface - @cipri-tom + @claude
GPU and MEM have separate clock fields - @KaeLL
Effective load metric, i.e., the percentage utilization weighted by the ratio
(Current Power / Max Power) - @airvzxf
Fixes
Fix assertion failure on processing the same client ID twice - @Andrew1326
Application desktop metadata install paths and name - @michel-slm
New PPA maintainer - @QuentiumYT
Fixes for Mali GPU - @larunbe
Power draw for Intel Battelmage - @Steve-Tech
Unified memory usage reporting on Nvidia GPUs - @sbhavani
AMDGPU integrated graphics accounts for both VRAM and GTT - @superm1
Misc
Manpage update - @polluks
Fix typos - @oxyzenQ
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 29 2026 Michel Lind <[email protected]> - 3.3.1-2
- Drop upstreamed patches
* Sun Jan 18 2026 Packit <[email protected]> - 3.3.1-1
- Update to 3.3.1
- Resolves rhbz#2430383
* Fri Jan 16 2026 Fedora Release Engineering <[email protected]> -
3.2.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Thu Jul 24 2025 Fedora Release Engineering <[email protected]> -
3.2.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2430383 - nvtop-3.3.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2430383
--------------------------------------------------------------------------------
================================================================================
partclone-0.3.44-1.el8 (FEDORA-EPEL-2026-91965bae9b)
Utility to clone and restore a partition
--------------------------------------------------------------------------------
Update Information:
partclone v0.3.44
Fix --disable-xxhash compile issue
Downgrade gettext requirement to 0.19 for better compatibility
Switch XSL stylesheet back to URL with --nonet
Fix NTFS from 512e/n to 4kn
Fix and support both, static and dynamic builds
partclone v0.3.42
Update docs
Remove libtool generated files
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 28 2026 Robert Scheck <[email protected]> 0.3.44-1
- Upgrade to 0.3.44 (#2433151)
* Fri Jan 23 2026 Robert Scheck <[email protected]> 0.3.42-1
- Upgrade to 0.3.42 (#2430752 #c1)
* Wed Jan 21 2026 Robert Scheck <[email protected]> 0.3.41-1
- Upgrade to 0.3.41 (#2430752)
* Fri Jan 16 2026 Fedora Release Engineering <[email protected]> -
0.3.40-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2433151 - partclone-0.3.44 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2433151
--------------------------------------------------------------------------------
================================================================================
prosody-13.0.4-1.el8 (FEDORA-EPEL-2026-f5a48f49bc)
Flexible communications server for Jabber/XMPP
--------------------------------------------------------------------------------
Update Information:
Prosody 13.0.4
Upstream is pleased to announce a new minor release from their stable branch.
Upstream encourages any deployments using 13.0.3 to upgrade, partly due to a bug
that was introduced into UUID generation in that release. Upstream is not aware
of any direct consequences of this bug, but it may cause compatibility problems
with other software.
Although not strictly bug fixes, upstream sneaked in some configuration-related
improvements to this release which help make configuring Prosody a little easier
and more reliable. Upstream is highlighting them because these changes have a
chance to impact some rare configurations.
The first change is to prevent mod_pubsub from being loaded on a VirtualHost
(easily done if you accidentally add it to your global modules_enabled list).
Loading mod_pubsub on a normal user host can lead to unexpected behaviour. Now
it will log an error and refuse to load if you do that.
The second change is to simplify configuration of archiving in MUCs. Practically
all modern clients now use XEP-0313 to synchronize message history. For
VirtualHosts this is implemented in mod_mam, and for MUC components it is
implemented in mod_muc_mam. From this release, things get much simpler: loading
mod_mam (globally or directly on a MUC component) will automatically load
mod_muc_mam on the MUC component. This means most people (e.g. who have mod_mam
loaded globally on their server) can now remove âmuc_mamâ from
modules_enabled
in their MUC component configuration. It will be loaded automatically.
This last point does mean that if you have mod_mam enabled globally, but do not
want it enabled on your MUCs, you now have to state that explicitly by adding
âmamâ to modules_disabled under the MUCâs Component. Be aware that such a
configuration may lead to missing messages in group chats.
A summary of changes in this release:
Fixes and improvements
mod_s2s: Fix traceback when outgoing s2s queue is full
util.uuid: Fix padding of group 2 of UUIDv7 to use zeroes
Minor changes
core.modulemanager: Fix shell commands on components
mod_s2s: Explicitly prevent sending recursive error replies when queue is full
modulemanager: Allow component modules to specify additional inherited modules
prosodyctl check features: Use modulemanager to calculate modules that will
actually be loaded
prosodyctl check features: change recommendation from mod_muc_mam to mod_mam
prosodyctl check config: Fix traceback when zero modules are enabled
mod_pubsub: Fail early if loaded outside of a component to prevent
misconfiguration
doap: Add XEP-0486
mod_pubsub/commands: Fix listing item numbers along with item names
mod_account_activity: Handle authentication provider returning no user info
mod_mam: Automatically load mod_muc_mam if loaded on a MUC component
mod_muc: Inherit mod_mam if globally loaded
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 29 2026 Robert Scheck <[email protected]> 13.0.4-1
- Upgrade to 13.0.4 (#2432633)
* Sat Jan 17 2026 Fedora Release Engineering <[email protected]> -
13.0.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2432633 - prosody-13.0.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432633
--------------------------------------------------------------------------------
================================================================================
qelectrotech-0.100-1.el8 (FEDORA-EPEL-2026-2f97368019)
An electric diagrams editor
--------------------------------------------------------------------------------
Update Information:
Overview
This release (v0.100) collects a large set of new features, UI and editor
improvements, element and symbol updates, build and packaging fixes, dependency
upgrades, translations, and a broad set of bug fixes and stability improvements.
It is intended as a stable, feature-rich stepping stone toward the next major
workflows for symbol editing, terminal/strip handling and export improvements.
Highlights / Key Features
Terminal Strip / Terminal Strip Editor
New TerminalStripItem type and related editor workflow added.
Support for drawing and displaying terminal bridges and links in the editor.
Full editor support (layout preview, save/load into .qet files) and undo support
for terminal strip operations.
New Example Projects
Several new example projects included, notably photovoltaic (PV) examples to
help users getting started with PV designs.
Improved Export / Print Handling
Export limits adjusted and better handling of QPainter/printing boundaries to
avoid export artefacts and out-of-range errors.
Export dialog updated to allow larger pixel limits where appropriate.
Element & Symbol Additions
New elements and symbols added (including vendor-specific elements and
additional sensors/Arduino components).
Improvements to element import & metadata handling.
Packaging & Multi-arch Support
Updated packaging scripts for AppImage, Flatpak, Snap and macOS deployment.
Improved aarch64/arm64 support.
Detailed Changes
Editor & UX
Better handling for rotation, flip and mirror operations in the element editor:
Primitives and text rotation behavior improved.
Finer rotation increments and predictable text orientation after
flips/rotations.
Wiring and conductor behavior:
More robust creation and movement of wires and conductor bundles.
Improved text attachment and positioning for wires and improved stability while
editing complex conductor networks.
TerminalStrip editor: see Highlights - includes drawing, preview, layout
editing, persistent storage in the project file and undo support.
Element Editor & Symbol Trim/Sort:
Improved trimming/normalization of element metadata.
Better sorting and error handling for element imports (DXF and other formats).
Small UI improvements: About dialog updates, autosave spinbox ranges, improved
tooltips and mouse-hover help for dynamic texts.
New & Updated Elements
New elements added for industrial and automation workflows (including Siemens-
related elements, logic elements, sensors and Arduino components).
Symbol library additions and cleanup; improved defaults for newly added symbols.
Element meta-data cleanup: article numbers, descriptions, and manufacturer
fields were normalized and trimmed on import.
Export / Printing / PDF
Adjusted internal export limits to avoid hitting QPainter size restrictions;
users can now export larger, high-resolution images/prints in more cases.
Better handling of page sizes and printer-related geometry using QRectF
improvements.
PDF export improvements to increase reliability of exported vector content.
Internationalization & Translations
Large translation updates across many languages: German (DE), French (FR), Dutch
(NL, including nl_BE), Swedish (SV), Italian (IT), Polish (PL), Portuguese-BR
(PT-BR), Serbian (SR), Chinese (Simplified) and others.
Fixes and corrections for many UI strings and localized resources.
Bug Fixes (selected)
Fixed crashes and various null pointer access issues discovered by static and
dynamic testing.
Resolved multiple reported bugs that caused build failures on some platforms
(FTBFS fixes for macOS and others).
Fixed issues with automatic conductor/strand numbering in several edge cases
(referenced Bug 293 in the commit logs).
Resolved text/summary headline issues in the German-language summary generator.
Fixes for a number of visually incorrect renderings and layout corner-cases
during element transformation (rotate/flip/mirror).
Fixed issues that affected export sizes and caused export artifacts (referenced
fixes for bug IDs around #329/#330 in commit notes).
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 29 2026 Remi Collet <[email protected]> - 0.100-1
- update to 0.100
- re-license spec file to CECILL-2.1
- report no usable sources tarball
https://github.com/qelectrotech/qelectrotech-source-mirror/issues/418
- open https://bugzilla.redhat.com/2433755
Please build kf5-kcoreaddons for EPEL 10 (and 10.1)
- open https://bugzilla.redhat.com/2433762
Please build kf5-kwidgetsaddons for EPEL-10 (and 10.1)
--------------------------------------------------------------------------------
================================================================================
rpminspect-2.1-1.el8 (FEDORA-EPEL-2026-c0755b5937)
Build deviation analysis and compliance tool
--------------------------------------------------------------------------------
Update Information:
Upgrade to rpminspect-2.1
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 29 2026 Dave Cantrell <[email protected]> - 2.1-
- Upgrade to rpminspect-2.1
--------------------------------------------------------------------------------
================================================================================
xorgxrdp-0.10.5-1.el8 (FEDORA-EPEL-2026-5c626357f7)
Implementation of xrdp backend as Xorg modules
--------------------------------------------------------------------------------
Update Information:
Release notes for xrdp v0.10.5 (2026/01/27)
Security fixes
CVE-2025-68670: Improper bounds checking of domain string length leads to Stack-
based Buffer Overflow
New features
It is now possible to start the xrdp daemon entirely unprivileged from the
service manager (#3599 #3603). If you do this certain restrictions will apply.
See https://github.com/neutrinolabs/xrdp/wiki/Running-the-xrdp-process-as-non-
root for details.
TLS pre-master secrets can now be recorded for packet captures (#3617)
Add a FuseRootReportMaxFree to work around 'no free space' issues with some file
managers (#3639)
Alternate shell names can now be passed to startwm.sh in an environment variable
for more system management control (#3624 #3651)
Updated Xorg paths in sesman.ini to include more recent distros (#3663)
Add Slovenian keyboard (#3668 #3670)
xrdpapi: Add a way to monitor connect/disconnect events (#3693)
Bug fixes
Allow an empty X11 UTF8_STRING to be pasted to the clipboard (#3580 #3582)
Fix a regression introduced in v0.10.x, where it became impossible to connect to
a VNC server which did not support the ExtendedDesktopSize encoding (#3540
#3584)
Fix a regression introduced in v0.10.x related to PAM groups handling (#3594)
Inconsistencies with [MS-RDPBCGR] have been addressed (#3608)
A reference to uninitialised data within the verify_user_pam_userpass.c module
has been fixed (#3638)
Prevent some possible crashes when the RFX encoder is resized (#3590 #3644)
Fixes a regression introduced by GFX development which prevented the JPEG
encoder from working correctly (#3649)
Fixes a regression introduced by #2974 which resulted in the xrdp PID file being
deleted unexpectedly (#3650)
Do not overwrite a VNC port set by the user when not using sesman (#3674)
Fix regression from 0.9.x when freerdp client uses /workarea (#3618 #3676)
Fixes a crash where a resize is attempted with drdynvc disabled (#3672 #3680)
getgrouplist() now compiles on MacOS (#3575)
Various Coverity warnings have been addressed (#3656)
Documentation improvements (#3665)
Internal changes
An unnecessary include of sys/signal.h causing a compile warning on MUSL-C has
been removed (#3679)
Release notes for xorgxrdp v0.10.5 (2026/01/28)
Bug fixes
Fix bug in Chrome pointer detection (#394 #396)
Internal changes
CI: Update FreeBSD xrdp dependency (#398)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 29 2026 Bojan Smojver <[email protected]> - 0.10.5-1
- Update to 0.10.5
* Sat Jan 17 2026 Fedora Release Engineering <[email protected]> -
0.10.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.10.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1908387 - Windows with transparency show whatever is below
https://bugzilla.redhat.com/show_bug.cgi?id=1908387
[ 2 ] Bug #2279775 - xrdp socketdir not cleaned up on package removal
https://bugzilla.redhat.com/show_bug.cgi?id=2279775
[ 3 ] Bug #2322105 - AltGr on Spanish keyboards
https://bugzilla.redhat.com/show_bug.cgi?id=2322105
[ 4 ] Bug #2323097 - Requesting clarification on the License of xrdp rpm.
https://bugzilla.redhat.com/show_bug.cgi?id=2323097
[ 5 ] Bug #2433438 - CVE-2025-68670 xorgxrdp: xrdp: Remote code execution via
unauthenticated stack-based buffer overflow [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2433438
[ 6 ] Bug #2433439 - CVE-2025-68670 xrdp: xrdp: Remote code execution via
unauthenticated stack-based buffer overflow [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2433439
[ 7 ] Bug #2433440 - CVE-2025-68670 xorgxrdp: xrdp: Remote code execution via
unauthenticated stack-based buffer overflow [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2433440
[ 8 ] Bug #2433441 - CVE-2025-68670 xrdp: xrdp: Remote code execution via
unauthenticated stack-based buffer overflow [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2433441
[ 9 ] Bug #2433442 - CVE-2025-68670 xorgxrdp: xrdp: Remote code execution via
unauthenticated stack-based buffer overflow [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2433442
[ 10 ] Bug #2433840 - xorgxrdp-0.10.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2433840
--------------------------------------------------------------------------------
================================================================================
xrdp-0.10.5-1.el8 (FEDORA-EPEL-2026-5c626357f7)
Open source remote desktop protocol (RDP) server
--------------------------------------------------------------------------------
Update Information:
Release notes for xrdp v0.10.5 (2026/01/27)
Security fixes
CVE-2025-68670: Improper bounds checking of domain string length leads to Stack-
based Buffer Overflow
New features
It is now possible to start the xrdp daemon entirely unprivileged from the
service manager (#3599 #3603). If you do this certain restrictions will apply.
See https://github.com/neutrinolabs/xrdp/wiki/Running-the-xrdp-process-as-non-
root for details.
TLS pre-master secrets can now be recorded for packet captures (#3617)
Add a FuseRootReportMaxFree to work around 'no free space' issues with some file
managers (#3639)
Alternate shell names can now be passed to startwm.sh in an environment variable
for more system management control (#3624 #3651)
Updated Xorg paths in sesman.ini to include more recent distros (#3663)
Add Slovenian keyboard (#3668 #3670)
xrdpapi: Add a way to monitor connect/disconnect events (#3693)
Bug fixes
Allow an empty X11 UTF8_STRING to be pasted to the clipboard (#3580 #3582)
Fix a regression introduced in v0.10.x, where it became impossible to connect to
a VNC server which did not support the ExtendedDesktopSize encoding (#3540
#3584)
Fix a regression introduced in v0.10.x related to PAM groups handling (#3594)
Inconsistencies with [MS-RDPBCGR] have been addressed (#3608)
A reference to uninitialised data within the verify_user_pam_userpass.c module
has been fixed (#3638)
Prevent some possible crashes when the RFX encoder is resized (#3590 #3644)
Fixes a regression introduced by GFX development which prevented the JPEG
encoder from working correctly (#3649)
Fixes a regression introduced by #2974 which resulted in the xrdp PID file being
deleted unexpectedly (#3650)
Do not overwrite a VNC port set by the user when not using sesman (#3674)
Fix regression from 0.9.x when freerdp client uses /workarea (#3618 #3676)
Fixes a crash where a resize is attempted with drdynvc disabled (#3672 #3680)
getgrouplist() now compiles on MacOS (#3575)
Various Coverity warnings have been addressed (#3656)
Documentation improvements (#3665)
Internal changes
An unnecessary include of sys/signal.h causing a compile warning on MUSL-C has
been removed (#3679)
Release notes for xorgxrdp v0.10.5 (2026/01/28)
Bug fixes
Fix bug in Chrome pointer detection (#394 #396)
Internal changes
CI: Update FreeBSD xrdp dependency (#398)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 28 2026 Bojan Smojver <[email protected]> - 1:0.10.5-1
- Update to 0.10.5
* Sat Jan 17 2026 Fedora Release Engineering <[email protected]> -
1:0.10.4-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Tue Nov 4 2025 Tom Callaway <[email protected]> - 1:0.10.4-4
- rebuild for new fuse3
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
1:0.10.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1908387 - Windows with transparency show whatever is below
https://bugzilla.redhat.com/show_bug.cgi?id=1908387
[ 2 ] Bug #2279775 - xrdp socketdir not cleaned up on package removal
https://bugzilla.redhat.com/show_bug.cgi?id=2279775
[ 3 ] Bug #2322105 - AltGr on Spanish keyboards
https://bugzilla.redhat.com/show_bug.cgi?id=2322105
[ 4 ] Bug #2323097 - Requesting clarification on the License of xrdp rpm.
https://bugzilla.redhat.com/show_bug.cgi?id=2323097
[ 5 ] Bug #2433438 - CVE-2025-68670 xorgxrdp: xrdp: Remote code execution via
unauthenticated stack-based buffer overflow [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2433438
[ 6 ] Bug #2433439 - CVE-2025-68670 xrdp: xrdp: Remote code execution via
unauthenticated stack-based buffer overflow [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2433439
[ 7 ] Bug #2433440 - CVE-2025-68670 xorgxrdp: xrdp: Remote code execution via
unauthenticated stack-based buffer overflow [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2433440
[ 8 ] Bug #2433441 - CVE-2025-68670 xrdp: xrdp: Remote code execution via
unauthenticated stack-based buffer overflow [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2433441
[ 9 ] Bug #2433442 - CVE-2025-68670 xorgxrdp: xrdp: Remote code execution via
unauthenticated stack-based buffer overflow [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2433442
[ 10 ] Bug #2433840 - xorgxrdp-0.10.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2433840
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://forge.fedoraproject.org/infra/tickets/issues/new
