=== modified file 'debian/changelog'
--- old/debian/changelog	2009-03-19 04:18:21 +0000
+++ new/debian/changelog	2009-03-20 15:55:07 +0000
@@ -1,3 +1,17 @@
+apparmor (2.3+1289-0ubuntu10) jaunty; urgency=low
+
+  * utils/SubDomain.pm:
+    - teach utils about rearranged syslog audit messages (LP: #340183)
+      from upstream commit
+      https://forgesvn1.novell.com/viewsvn/apparmor?view=rev&revision=1393
+    - fix corruption of profiles, from upstream commit
+      https://forgesvn1.novell.com/viewsvn/apparmor?view=rev&revision=1354
+    - don't ask about networking events over and over again, from upstream commit
+      https://forgesvn1.novell.com/viewsvn/apparmor?view=rev&revision=1296
+    - use apparmor logdir instead of /tmp to write debugging log
+
+ -- Steve Beattie <sbeattie@ubuntu.com>  Thu, 19 Mar 2009 03:05:07 -0700
+
 apparmor (2.3+1289-0ubuntu9) jaunty; urgency=low
 
   [ Kees Cook ]

=== modified file 'utils/SubDomain.pm'
--- old/utils/SubDomain.pm	2009-03-12 17:33:05 +0000
+++ new/utils/SubDomain.pm	2009-03-19 21:06:18 +0000
@@ -233,6 +233,7 @@
 
 sub debug ($) {
     my $message = shift;
+    chomp($message);
 
     print DEBUG "$message\n" if $DEBUGGING;
 }
@@ -265,7 +266,7 @@
     # set things up to log extra info if they want...
     if ($ENV{LOGPROF_DEBUG}) {
         $DEBUGGING = 1;
-        open(DEBUG, ">/tmp/logprof_debug_$$.log");
+        open(DEBUG, ">/var/log/apparmor/logprof_debug_$$.log");
         my $oldfd = select(DEBUG);
         $| = 1;
         select($oldfd);
@@ -2398,7 +2399,7 @@
 our $logmark;
 our $seenmark;
 my $RE_LOG_v2_0_syslog = qr/SubDomain/;
-my $RE_LOG_v2_1_syslog = qr/kernel:\s+(\[[\d\.\s]+\]\s+)?audit\([\d\.\:]+\):\s+type=150[1-6]/;
+my $RE_LOG_v2_1_syslog = qr/kernel:\s+(\[[\d\.\s]+\]\s+)?(audit\([\d\.\:]+\):\s+)?type=150[1-6]/;
 my $RE_LOG_v2_0_audit  =
     qr/type=(APPARMOR|UNKNOWN\[1500\]) msg=audit\([\d\.\:]+\):/;
 my $RE_LOG_v2_1_audit  =
@@ -2414,6 +2415,7 @@
     # AA event message format we recognize
     do {
         $next_log_entry = <$LOG>;
+        $DEBUGGING && debug "prefetch_next_log_entry: next_log_entry = " . ($next_log_entry ? $next_log_entry : "empty");
     } until (!$next_log_entry || $next_log_entry =~ m{
         $RE_LOG_v2_0_syslog |
         $RE_LOG_v2_0_audit  |
@@ -2715,6 +2717,7 @@
         }
     }
     return if ( $sdmode =~ /UNKNOWN|AUDIT|STATUS|ERROR/ );
+    return if ($e->{operation} =~ /profile_set/);
 
     my ($profile, $hat);
     ($profile, $hat) = split /\/\//, $e->{profile};
@@ -2873,8 +2876,11 @@
     while ($_ = get_next_log_entry()) {
         chomp;
 
+	$DEBUGGING && debug "read_log: $_";
+
         $seenmark = 1 if /$logmark/;
 
+	$DEBUGGING && debug "read_log: seenmark = $seenmark";
         next unless $seenmark;
 
         my $last_match = ""; # v_2_0 syslog record parsing requires
@@ -5161,15 +5167,15 @@
                 $profile_data->{$profile}{$hat}{$allow}{netdomain}{rule} = { };
             }
 
-            if ( $network =~ /\s+(\S+)\s*,\s*(#.*)?$/ ) {
-		my $fam = $1;
-                $profile_data->{$profile}{$hat}{$allow}{netdomain}{rule}{$fam} = 1;
-		$profile_data->{$profile}{$hat}{$allow}{netdomain}{audit}{$fam} = $audit;
-            } elsif ($network =~ /\s+(\S+)\s+(\S+)\s*,\s*(#.*)?$/ ) {
+            if ($network =~ /\s+(\S+)\s+(\S+)\s*,\s*(#.*)?$/ ) {
 		my $fam = $1;
 		my $type = $2;
                 $profile_data->{$profile}{$hat}{$allow}{netdomain}{rule}{$fam}{$type} = 1;
                 $profile_data->{$profile}{$hat}{$allow}{netdomain}{audit}{$fam}{$type} = $audit;
+            } elsif ( $network =~ /\s+(\S+)\s*,\s*(#.*)?$/ ) {
+		my $fam = $1;
+                $profile_data->{$profile}{$hat}{$allow}{netdomain}{rule}{$fam} = 1;
+		$profile_data->{$profile}{$hat}{$allow}{netdomain}{audit}{$fam} = $audit;
             } else {
                 $profile_data->{$profile}{$hat}{$allow}{netdomain}{rule}{all} = 1;
                 $profile_data->{$profile}{$hat}{$allow}{netdomain}{audit}{all} = 1;
@@ -5981,7 +5987,7 @@
 sub netrules_access_check ($$$) {
     my ($netrules, $family, $sock_type) = @_;
     return 0 if ( not defined $netrules );
-    my %netrules        = %$netrules;;
+    my %netrules        = %$netrules;
     my $all_net         = defined $netrules{rule}{all};
     my $all_net_family  = defined $netrules{rule}{$family} && $netrules{rule}{$family} == 1;
     my $net_family_sock = defined $netrules{rule}{$family} &&
@@ -6522,6 +6528,8 @@
     my $event = LibAppArmor::parse_record($msg);
     my ($rmask, $dmask);
 
+    $DEBUGGING && debug("parse_event: $msg");
+
     $ev{'resource'}   = LibAppArmor::aa_log_record::swig_info_get($event);
     $ev{'active_hat'} = LibAppArmor::aa_log_record::swig_active_hat_get($event);
     $ev{'sdmode'}     = LibAppArmor::aa_log_record::swig_event_get($event);
@@ -6577,7 +6585,7 @@
 
     # remove null responses
     for (keys(%ev)) {
-        if ( ! $ev{$_} || $ev{$_} !~ /\w+/)  { delete($ev{$_}); }
+        if ( ! $ev{$_} || $ev{$_} !~ /[\/\w]+/)  { delete($ev{$_}); }
     }
 
     if ( $ev{'sdmode'} ) {