[EPEL-devel] Fedora EPEL 9 updates-testing report

updates Sat, 31 Jan 2026 09:31:06 -0800

The following Fedora EPEL 9 Security updates need testing:
 Age  URL
  72  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-9a55de96db   
xpdf-4.06-1.el9
   4  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-0e3aa1d4ee   
rust-sequoia-keystore-server-0.2.0-5.el9 rust-sequoia-sq-1.3.1-9.el9
   3  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-f542ecf2f3   
yarnpkg-1.22.22-16.el9
   3  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-a6d429d59c   
java-latest-openjdk-26.0.0.0.32-0.0.1.ea.el9
   2  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-f9b1069f42   
python-python-multipart-0.0.20-2.el9



The following builds have been pushed to Fedora EPEL 9 updates-testing

    chromium-144.0.7559.109-1.el9
    composer-2.9.5-1.el9
    dns-root-data-2026260100-2.el9
    editorconfig-0.12.10-1.el9
    libva-nvidia-driver-0.0.15-1.el9
    nvtop-3.3.1-2.el9
    partclone-0.3.44-1.el9
    prosody-13.0.4-1.el9
    qelectrotech-0.100-1.el9
    rpminspect-2.1-1.el9
    rust-fb_procfs0.7-0.7.1-6.el9
    tomcat-native-1.3.5-1.el9
    xorgxrdp-0.10.5-1.el9
    xrdp-0.10.5-1.el9
    xrootd-s3-http-0.6.3-1.el9

Details about builds:


================================================================================
 chromium-144.0.7559.109-1.el9 (FEDORA-EPEL-2026-365332b759)
 A WebKit (Blink) powered web browser that Google doesn't want you to use
--------------------------------------------------------------------------------
Update Information:

Update to 144.0.7559.109
  * CVE-2026-1504: Inappropriate implementation in Background Fetch API
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 28 2026 Than Ngo <[email protected]> - 144.0.7559.109-1
- Update to 144.0.7559.109
  * CVE-2026-1504: Inappropriate implementation in Background Fetch API
--------------------------------------------------------------------------------


================================================================================
 composer-2.9.5-1.el9 (FEDORA-EPEL-2026-f51464fc5e)
 Dependency Manager for PHP
--------------------------------------------------------------------------------
Update Information:

Version 2.9.5 - 2026-01-29
Added support for new pie download-url-methods (#12727)
Fixed detection of 7z when installed as 7za on some linux systems (#12731)
Fixed warning because of the symfony/process CVE, 2.9.4 had a workaround already
Version 2.9.4 -  2026-01-22
Added active plugins to the diagnose command output (#12706)
Fixed HTTP/3 causing issues with proxies (#12699)
Fixed show command regression with long descriptions containing unicode
characters (#12704)
Fixed regression handling invalid unicode sequences in output (#12707)
Fixed git rev-list usages to support older pre-2.33 git versions (#12705)
Fixed issue handling paths with = in them on Windows (#12726)
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jan 29 2026 Remi Collet <[email protected]> - 2.9.5-1
- update to 2.9.5
* Thu Jan 22 2026 Remi Collet <[email protected]> - 2.9.4-1
- update to 2.9.4
--------------------------------------------------------------------------------


================================================================================
 dns-root-data-2026260100-2.el9 (FEDORA-EPEL-2026-33868e4df3)
 DNS root hints and DNSSEC trust anchor
--------------------------------------------------------------------------------
Update Information:

Switch to python based tools for own Fedora implemented implementation, without
relying on perl packages. Use Python to extract keys instead.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 27 2026 Petr MenÅ¡Ãk <[email protected]> - 2026260100-2
- Add separate utils subpackage
* Tue Jan 27 2026 Petr MenÅ¡Ãk <[email protected]> - 2026260100-1
- Switch to python based tool by Paul Hoffman
* Mon Oct 20 2025 Petr MenÅ¡Ãk <[email protected]> - 2025080400-2
- Ignore specific versions of sources.
* Mon Oct 20 2025 Petr MenÅ¡Ãk <[email protected]> - 2025080400-1
- Initial version after review
--------------------------------------------------------------------------------


================================================================================
 editorconfig-0.12.10-1.el9 (FEDORA-EPEL-2026-55289e429f)
 Parser for EditorConfig files written in C
--------------------------------------------------------------------------------
Update Information:

v0.12.10
Make path splitting algorithm UNC-aware
Miscellaneous fixes.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jan 22 2026 Benjamin A. Beasley <[email protected]> - 0.12.10-1
- Update to 0.12.10 (close RHBZ#2401398)
* Fri Jan 16 2026 Fedora Release Engineering <[email protected]> - 
0.12.9-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Wed Jul 23 2025 Fedora Release Engineering <[email protected]> - 
0.12.9-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Thu Jan 16 2025 Fedora Release Engineering <[email protected]> - 
0.12.9-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Wed Jul 17 2024 Fedora Release Engineering <[email protected]> - 
0.12.9-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2401398 - editorconfig-0.12.10 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2401398
--------------------------------------------------------------------------------


================================================================================
 libva-nvidia-driver-0.0.15-1.el9 (FEDORA-EPEL-2026-48ef96e169)
 A VA-API implemention using NVIDIA's NVDEC
--------------------------------------------------------------------------------
Update Information:

Update to 0.0.15.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jan 30 2026 Simone Caronni <[email protected]> - 0.0.15-1
- Update to 0.0.15
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2435250 - libva-nvidia-driver-0.0.15 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2435250
--------------------------------------------------------------------------------


================================================================================
 nvtop-3.3.1-2.el9 (FEDORA-EPEL-2026-469e4e7107)
 GPU process monitoring for various devices
--------------------------------------------------------------------------------
Update Information:

3.3.1
Fix a regression that would miss-report available device memory of NVIDIA GPUs
Integrate effective/efficiency usage within the GPU utilization metric
3.3.0
New in this release
Target support
Rockchip NPU - @feilongfl
MetaX GPUs - @zhenyu-xu-metax
Enflame GCU - @QShen3
Improvements
More memory reporting in one-shot mode - @mintyleaf
CTRL + L will reset the ncurses interface - @cipri-tom + @claude
GPU and MEM have separate clock fields - @KaeLL
Effective load metric, i.e., the percentage utilization weighted by the ratio
(Current Power / Max Power) - @airvzxf
Fixes
Fix assertion failure on processing the same client ID twice - @Andrew1326
Application desktop metadata install paths and name - @michel-slm
New PPA maintainer - @QuentiumYT
Fixes for Mali GPU - @larunbe
Power draw for Intel Battelmage - @Steve-Tech
Unified memory usage reporting on Nvidia GPUs - @sbhavani
AMDGPU integrated graphics accounts for both VRAM and GTT - @superm1
Misc
Manpage update - @polluks
Fix typos - @oxyzenQ
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jan 29 2026 Michel Lind <[email protected]> - 3.3.1-2
- Drop upstreamed patches
* Sun Jan 18 2026 Packit <[email protected]> - 3.3.1-1
- Update to 3.3.1
- Resolves rhbz#2430383
* Fri Jan 16 2026 Fedora Release Engineering <[email protected]> - 
3.2.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Thu Jul 24 2025 Fedora Release Engineering <[email protected]> - 
3.2.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun Apr  6 2025 Michel Lind <[email protected]> - 3.2.0-4
- Number patches for EL8
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2430383 - nvtop-3.3.1 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2430383
--------------------------------------------------------------------------------


================================================================================
 partclone-0.3.44-1.el9 (FEDORA-EPEL-2026-a6b8a3a83f)
 Utility to clone and restore a partition
--------------------------------------------------------------------------------
Update Information:

partclone v0.3.44
Fix --disable-xxhash compile issue
Downgrade gettext requirement to 0.19 for better compatibility
Switch XSL stylesheet back to URL with --nonet
Fix NTFS from 512e/n to 4kn
Fix and support both, static and dynamic builds
partclone v0.3.42
Update docs
Remove libtool generated files
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 28 2026 Robert Scheck <[email protected]> 0.3.44-1
- Upgrade to 0.3.44 (#2433151)
* Fri Jan 23 2026 Robert Scheck <[email protected]> 0.3.42-1
- Upgrade to 0.3.42 (#2430752 #c1)
* Wed Jan 21 2026 Robert Scheck <[email protected]> 0.3.41-1
- Upgrade to 0.3.41 (#2430752)
* Fri Jan 16 2026 Fedora Release Engineering <[email protected]> - 
0.3.40-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2433151 - partclone-0.3.44 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2433151
--------------------------------------------------------------------------------


================================================================================
 prosody-13.0.4-1.el9 (FEDORA-EPEL-2026-ec363be715)
 Flexible communications server for Jabber/XMPP
--------------------------------------------------------------------------------
Update Information:

Prosody 13.0.4
Upstream is pleased to announce a new minor release from their stable branch.
Upstream encourages any deployments using 13.0.3 to upgrade, partly due to a bug
that was introduced into UUID generation in that release. Upstream is not aware
of any direct consequences of this bug, but it may cause compatibility problems
with other software.
Although not strictly bug fixes, upstream sneaked in some configuration-related
improvements to this release which help make configuring Prosody a little easier
and more reliable. Upstream is highlighting them because these changes have a
chance to impact some rare configurations.
The first change is to prevent mod_pubsub from being loaded on a VirtualHost
(easily done if you accidentally add it to your global modules_enabled list).
Loading mod_pubsub on a normal user host can lead to unexpected behaviour. Now
it will log an error and refuse to load if you do that.
The second change is to simplify configuration of archiving in MUCs. Practically
all modern clients now use XEP-0313 to synchronize message history. For
VirtualHosts this is implemented in mod_mam, and for MUC components it is
implemented in mod_muc_mam. From this release, things get much simpler: loading
mod_mam (globally or directly on a MUC component) will automatically load
mod_muc_mam on the MUC component. This means most people (e.g. who have mod_mam
loaded globally on their server) can now remove âmuc_mamâ from 
modules_enabled
in their MUC component configuration. It will be loaded automatically.
This last point does mean that if you have mod_mam enabled globally, but do not
want it enabled on your MUCs, you now have to state that explicitly by adding
âmamâ to modules_disabled under the MUCâs Component. Be aware that such a
configuration may lead to missing messages in group chats.
A summary of changes in this release:
Fixes and improvements
mod_s2s: Fix traceback when outgoing s2s queue is full
util.uuid: Fix padding of group 2 of UUIDv7 to use zeroes
Minor changes
core.modulemanager: Fix shell commands on components
mod_s2s: Explicitly prevent sending recursive error replies when queue is full
modulemanager: Allow component modules to specify additional inherited modules
prosodyctl check features: Use modulemanager to calculate modules that will
actually be loaded
prosodyctl check features: change recommendation from mod_muc_mam to mod_mam
prosodyctl check config: Fix traceback when zero modules are enabled
mod_pubsub: Fail early if loaded outside of a component to prevent
misconfiguration
doap: Add XEP-0486
mod_pubsub/commands: Fix listing item numbers along with item names
mod_account_activity: Handle authentication provider returning no user info
mod_mam: Automatically load mod_muc_mam if loaded on a MUC component
mod_muc: Inherit mod_mam if globally loaded
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jan 29 2026 Robert Scheck <[email protected]> 13.0.4-1
- Upgrade to 13.0.4 (#2432633)
* Sat Jan 17 2026 Fedora Release Engineering <[email protected]> - 
13.0.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2432633 - prosody-13.0.4 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2432633
--------------------------------------------------------------------------------


================================================================================
 qelectrotech-0.100-1.el9 (FEDORA-EPEL-2026-89b89f70cc)
 An electric diagrams editor
--------------------------------------------------------------------------------
Update Information:

Overview
This release (v0.100) collects a large set of new features, UI and editor
improvements, element and symbol updates, build and packaging fixes, dependency
upgrades, translations, and a broad set of bug fixes and stability improvements.
It is intended as a stable, feature-rich stepping stone toward the next major
workflows for symbol editing, terminal/strip handling and export improvements.
Highlights / Key Features
Terminal Strip / Terminal Strip Editor
New TerminalStripItem type and related editor workflow added.
Support for drawing and displaying terminal bridges and links in the editor.
Full editor support (layout preview, save/load into .qet files) and undo support
for terminal strip operations.
New Example Projects
Several new example projects included, notably photovoltaic (PV) examples to
help users getting started with PV designs.
Improved Export / Print Handling
Export limits adjusted and better handling of QPainter/printing boundaries to
avoid export artefacts and out-of-range errors.
Export dialog updated to allow larger pixel limits where appropriate.
Element & Symbol Additions
New elements and symbols added (including vendor-specific elements and
additional sensors/Arduino components).
Improvements to element import & metadata handling.
Packaging & Multi-arch Support
Updated packaging scripts for AppImage, Flatpak, Snap and macOS deployment.
Improved aarch64/arm64 support.
Detailed Changes
Editor & UX
Better handling for rotation, flip and mirror operations in the element editor:
Primitives and text rotation behavior improved.
Finer rotation increments and predictable text orientation after
flips/rotations.
Wiring and conductor behavior:
More robust creation and movement of wires and conductor bundles.
Improved text attachment and positioning for wires and improved stability while
editing complex conductor networks.
TerminalStrip editor: see Highlights - includes drawing, preview, layout
editing, persistent storage in the project file and undo support.
Element Editor & Symbol Trim/Sort:
Improved trimming/normalization of element metadata.
Better sorting and error handling for element imports (DXF and other formats).
Small UI improvements: About dialog updates, autosave spinbox ranges, improved
tooltips and mouse-hover help for dynamic texts.
New & Updated Elements
New elements added for industrial and automation workflows (including Siemens-
related elements, logic elements, sensors and Arduino components).
Symbol library additions and cleanup; improved defaults for newly added symbols.
Element meta-data cleanup: article numbers, descriptions, and manufacturer
fields were normalized and trimmed on import.
Export / Printing / PDF
Adjusted internal export limits to avoid hitting QPainter size restrictions;
users can now export larger, high-resolution images/prints in more cases.
Better handling of page sizes and printer-related geometry using QRectF
improvements.
PDF export improvements to increase reliability of exported vector content.
Internationalization & Translations
Large translation updates across many languages: German (DE), French (FR), Dutch
(NL, including nl_BE), Swedish (SV), Italian (IT), Polish (PL), Portuguese-BR
(PT-BR), Serbian (SR), Chinese (Simplified) and others.
Fixes and corrections for many UI strings and localized resources.
Bug Fixes (selected)
Fixed crashes and various null pointer access issues discovered by static and
dynamic testing.
Resolved multiple reported bugs that caused build failures on some platforms
(FTBFS fixes for macOS and others).
Fixed issues with automatic conductor/strand numbering in several edge cases
(referenced Bug 293 in the commit logs).
Resolved text/summary headline issues in the German-language summary generator.
Fixes for a number of visually incorrect renderings and layout corner-cases
during element transformation (rotate/flip/mirror).
Fixed issues that affected export sizes and caused export artifacts (referenced
fixes for bug IDs around #329/#330 in commit notes).
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jan 29 2026 Remi Collet <[email protected]> - 0.100-1
- update to 0.100
- re-license spec file to CECILL-2.1
- report no usable sources tarball
  https://github.com/qelectrotech/qelectrotech-source-mirror/issues/418
- open https://bugzilla.redhat.com/2433755
  Please build kf5-kcoreaddons for EPEL 10 (and 10.1)
- open https://bugzilla.redhat.com/2433762
  Please build kf5-kwidgetsaddons for EPEL-10 (and 10.1)
--------------------------------------------------------------------------------


================================================================================
 rpminspect-2.1-1.el9 (FEDORA-EPEL-2026-ecaccdc662)
 Build deviation analysis and compliance tool
--------------------------------------------------------------------------------
Update Information:

Upgrade to rpminspect-2.1
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jan 29 2026 Dave Cantrell <[email protected]> - 2.1-
- Upgrade to rpminspect-2.1
--------------------------------------------------------------------------------


================================================================================
 rust-fb_procfs0.7-0.7.1-6.el9 (FEDORA-EPEL-2026-fdc2259bae)
 For reading procfs
--------------------------------------------------------------------------------
Update Information:

Bump nix dependency to v0.30.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jan 29 2026 Fabio Valentini <[email protected]> - 0.7.1-6
- Bump nix dependency to v0.30
* Sat Jan 17 2026 Fedora Release Engineering <[email protected]> - 
0.7.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> - 
0.7.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> - 
0.7.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Fri Jul 19 2024 Fedora Release Engineering <[email protected]> - 
0.7.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 tomcat-native-1.3.5-1.el9 (FEDORA-EPEL-2026-0676a5a7e1)
 Tomcat native library
--------------------------------------------------------------------------------
Update Information:

Update to latest version
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jan 30 2026 Coty Sutherland <[email protected]> - 1:1.3.5-1
- Update to 1.3.5
--------------------------------------------------------------------------------


================================================================================
 xorgxrdp-0.10.5-1.el9 (FEDORA-EPEL-2026-d12ea63356)
 Implementation of xrdp backend as Xorg modules
--------------------------------------------------------------------------------
Update Information:

Release notes for xrdp v0.10.5 (2026/01/27)
Security fixes
CVE-2025-68670: Improper bounds checking of domain string length leads to Stack-
based Buffer Overflow
New features
It is now possible to start the xrdp daemon entirely unprivileged from the
service manager (#3599 #3603). If you do this certain restrictions will apply.
See https://github.com/neutrinolabs/xrdp/wiki/Running-the-xrdp-process-as-non-
root for details.
TLS pre-master secrets can now be recorded for packet captures (#3617)
Add a FuseRootReportMaxFree to work around 'no free space' issues with some file
managers (#3639)
Alternate shell names can now be passed to startwm.sh in an environment variable
for more system management control (#3624 #3651)
Updated Xorg paths in sesman.ini to include more recent distros (#3663)
Add Slovenian keyboard (#3668 #3670)
xrdpapi: Add a way to monitor connect/disconnect events (#3693)
Bug fixes
Allow an empty X11 UTF8_STRING to be pasted to the clipboard (#3580 #3582)
Fix a regression introduced in v0.10.x, where it became impossible to connect to
a VNC server which did not support the ExtendedDesktopSize encoding (#3540
#3584)
Fix a regression introduced in v0.10.x related to PAM groups handling (#3594)
Inconsistencies with [MS-RDPBCGR] have been addressed (#3608)
A reference to uninitialised data within the verify_user_pam_userpass.c module
has been fixed (#3638)
Prevent some possible crashes when the RFX encoder is resized (#3590 #3644)
Fixes a regression introduced by GFX development which prevented the JPEG
encoder from working correctly (#3649)
Fixes a regression introduced by #2974 which resulted in the xrdp PID file being
deleted unexpectedly (#3650)
Do not overwrite a VNC port set by the user when not using sesman (#3674)
Fix regression from 0.9.x when freerdp client uses /workarea (#3618 #3676)
Fixes a crash where a resize is attempted with drdynvc disabled (#3672 #3680)
getgrouplist() now compiles on MacOS (#3575)
Various Coverity warnings have been addressed (#3656)
Documentation improvements (#3665)
Internal changes
An unnecessary include of sys/signal.h causing a compile warning on MUSL-C has
been removed (#3679)
Release notes for xorgxrdp v0.10.5 (2026/01/28)
Bug fixes
Fix bug in Chrome pointer detection (#394 #396)
Internal changes
CI: Update FreeBSD xrdp dependency (#398)
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jan 29 2026 Bojan Smojver <[email protected]> - 0.10.5-1
- Update to 0.10.5
* Sat Jan 17 2026 Fedora Release Engineering <[email protected]> - 
0.10.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> - 
0.10.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1908387 - Windows with transparency show whatever is below
        https://bugzilla.redhat.com/show_bug.cgi?id=1908387
  [ 2 ] Bug #2279775 - xrdp socketdir not cleaned up on package removal
        https://bugzilla.redhat.com/show_bug.cgi?id=2279775
  [ 3 ] Bug #2322105 - AltGr on Spanish keyboards
        https://bugzilla.redhat.com/show_bug.cgi?id=2322105
  [ 4 ] Bug #2323097 - Requesting clarification on the License of xrdp rpm.
        https://bugzilla.redhat.com/show_bug.cgi?id=2323097
  [ 5 ] Bug #2433438 - CVE-2025-68670 xorgxrdp: xrdp: Remote code execution via 
unauthenticated stack-based buffer overflow [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2433438
  [ 6 ] Bug #2433439 - CVE-2025-68670 xrdp: xrdp: Remote code execution via 
unauthenticated stack-based buffer overflow [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2433439
  [ 7 ] Bug #2433440 - CVE-2025-68670 xorgxrdp: xrdp: Remote code execution via 
unauthenticated stack-based buffer overflow [epel-9]
        https://bugzilla.redhat.com/show_bug.cgi?id=2433440
  [ 8 ] Bug #2433441 - CVE-2025-68670 xrdp: xrdp: Remote code execution via 
unauthenticated stack-based buffer overflow [epel-9]
        https://bugzilla.redhat.com/show_bug.cgi?id=2433441
  [ 9 ] Bug #2433442 - CVE-2025-68670 xorgxrdp: xrdp: Remote code execution via 
unauthenticated stack-based buffer overflow [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2433442
  [ 10 ] Bug #2433840 - xorgxrdp-0.10.5 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2433840
--------------------------------------------------------------------------------


================================================================================
 xrdp-0.10.5-1.el9 (FEDORA-EPEL-2026-d12ea63356)
 Open source remote desktop protocol (RDP) server
--------------------------------------------------------------------------------
Update Information:

Release notes for xrdp v0.10.5 (2026/01/27)
Security fixes
CVE-2025-68670: Improper bounds checking of domain string length leads to Stack-
based Buffer Overflow
New features
It is now possible to start the xrdp daemon entirely unprivileged from the
service manager (#3599 #3603). If you do this certain restrictions will apply.
See https://github.com/neutrinolabs/xrdp/wiki/Running-the-xrdp-process-as-non-
root for details.
TLS pre-master secrets can now be recorded for packet captures (#3617)
Add a FuseRootReportMaxFree to work around 'no free space' issues with some file
managers (#3639)
Alternate shell names can now be passed to startwm.sh in an environment variable
for more system management control (#3624 #3651)
Updated Xorg paths in sesman.ini to include more recent distros (#3663)
Add Slovenian keyboard (#3668 #3670)
xrdpapi: Add a way to monitor connect/disconnect events (#3693)
Bug fixes
Allow an empty X11 UTF8_STRING to be pasted to the clipboard (#3580 #3582)
Fix a regression introduced in v0.10.x, where it became impossible to connect to
a VNC server which did not support the ExtendedDesktopSize encoding (#3540
#3584)
Fix a regression introduced in v0.10.x related to PAM groups handling (#3594)
Inconsistencies with [MS-RDPBCGR] have been addressed (#3608)
A reference to uninitialised data within the verify_user_pam_userpass.c module
has been fixed (#3638)
Prevent some possible crashes when the RFX encoder is resized (#3590 #3644)
Fixes a regression introduced by GFX development which prevented the JPEG
encoder from working correctly (#3649)
Fixes a regression introduced by #2974 which resulted in the xrdp PID file being
deleted unexpectedly (#3650)
Do not overwrite a VNC port set by the user when not using sesman (#3674)
Fix regression from 0.9.x when freerdp client uses /workarea (#3618 #3676)
Fixes a crash where a resize is attempted with drdynvc disabled (#3672 #3680)
getgrouplist() now compiles on MacOS (#3575)
Various Coverity warnings have been addressed (#3656)
Documentation improvements (#3665)
Internal changes
An unnecessary include of sys/signal.h causing a compile warning on MUSL-C has
been removed (#3679)
Release notes for xorgxrdp v0.10.5 (2026/01/28)
Bug fixes
Fix bug in Chrome pointer detection (#394 #396)
Internal changes
CI: Update FreeBSD xrdp dependency (#398)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 28 2026 Bojan Smojver <[email protected]> - 1:0.10.5-1
- Update to 0.10.5
* Sat Jan 17 2026 Fedora Release Engineering <[email protected]> - 
1:0.10.4-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Tue Nov  4 2025 Tom Callaway <[email protected]> - 1:0.10.4-4
- rebuild for new fuse3
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> - 
1:0.10.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1908387 - Windows with transparency show whatever is below
        https://bugzilla.redhat.com/show_bug.cgi?id=1908387
  [ 2 ] Bug #2279775 - xrdp socketdir not cleaned up on package removal
        https://bugzilla.redhat.com/show_bug.cgi?id=2279775
  [ 3 ] Bug #2322105 - AltGr on Spanish keyboards
        https://bugzilla.redhat.com/show_bug.cgi?id=2322105
  [ 4 ] Bug #2323097 - Requesting clarification on the License of xrdp rpm.
        https://bugzilla.redhat.com/show_bug.cgi?id=2323097
  [ 5 ] Bug #2433438 - CVE-2025-68670 xorgxrdp: xrdp: Remote code execution via 
unauthenticated stack-based buffer overflow [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2433438
  [ 6 ] Bug #2433439 - CVE-2025-68670 xrdp: xrdp: Remote code execution via 
unauthenticated stack-based buffer overflow [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2433439
  [ 7 ] Bug #2433440 - CVE-2025-68670 xorgxrdp: xrdp: Remote code execution via 
unauthenticated stack-based buffer overflow [epel-9]
        https://bugzilla.redhat.com/show_bug.cgi?id=2433440
  [ 8 ] Bug #2433441 - CVE-2025-68670 xrdp: xrdp: Remote code execution via 
unauthenticated stack-based buffer overflow [epel-9]
        https://bugzilla.redhat.com/show_bug.cgi?id=2433441
  [ 9 ] Bug #2433442 - CVE-2025-68670 xorgxrdp: xrdp: Remote code execution via 
unauthenticated stack-based buffer overflow [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2433442
  [ 10 ] Bug #2433840 - xorgxrdp-0.10.5 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2433840
--------------------------------------------------------------------------------


================================================================================
 xrootd-s3-http-0.6.3-1.el9 (FEDORA-EPEL-2026-964850c630)
 S3/HTTP/Globus filesystem plugins for XRootD
--------------------------------------------------------------------------------
Update Information:

XRootD S3 http 0.6.3
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 28 2026 Mattias Ellert <[email protected]> - 0.6.3-1
- Update to version 0.6.3
- Drop patches accepted upstream
* Tue Jan 20 2026 Mattias Ellert <[email protected]> - 0.6.1-1
- Update to version 0.6.1
* Sat Jan 17 2026 Fedora Release Engineering <[email protected]> - 
0.6.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------

-- 
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://forge.fedoraproject.org/infra/tickets/issues/new

[EPEL-devel] Fedora EPEL 9 updates-testing report

Reply via email to