Packages changed:
  apparmor
  cockpit-podman (25 -> 26)
  rdma-core
  sudo (1.9.5p1 -> 1.9.5p2)

=== Details ===

==== apparmor ====
Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils python3-apparmor

- add apache-extra-profile-include-if-exists.diff: make <apache2.d>
  include in apache extra profile optional to avoid problems with empty
  profile directory (boo#1178527)

==== cockpit-podman ====
Version update (25 -> 26)

- new version 26
  https://github.com/cockpit-project/cockpit-podman/releases/tag/26

==== rdma-core ====
Subpackages: libefa1 libibverbs libibverbs1 libmlx4-1 libmlx5-1 librdmacm1

- Add srp_daemon-Fix-systemd-dependency.patch to make sure srp_daemon
  is loaded at boot if enabled (bsc#1180196)

==== sudo ====
Version update (1.9.5p1 -> 1.9.5p2)

- Update to 1.9.5.p2
  * When invoked as sudoedit, the same set of command line
    options are now accepted as for sudo -e. The -H and -P
    options are now rejected for sudoedit and sudo -e which
    matches the sudo 1.7 behavior. This is part of the fix for
    CVE-2021-3156.
  * Fixed a potential buffer overflow when unescaping backslashes
    in the command's arguments. Normally, sudo escapes special
    characters when running a command via a shell (sudo -s or
    sudo -i). However, it was also possible to run sudoedit with
    the -s or -i flags in which case no escaping had actually
    been done, making a buffer overflow possible.
    This fixes CVE-2021-3156. (bsc#1181090)
  * Fixed sudo's setprogname(3) emulation on systems that don't
    provide it.
  * Fixed a problem with the sudoers log server client where a
    partial write to the server could result the sudo process
    consuming large amounts of CPU time due to a cycle in the
    buffer queue. Bug #954.
  * Added a missing dependency on libsudo_util in libsudo_eventlog.
    Fixes a link error when building sudo statically.
  * The user's KRB5CCNAME environment variable is now preserved
    when performing PAM authentication. This fixes GSSAPI
    authentication when the user has a non-default ccache.