Accepting request 560030 from home:cboltz

- add 32-bit-no-uid.diff to fix handling of log events without ouid on
  32 bit systems

OBS-URL: https://build.opensuse.org/request/show/560030
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=195

32-bit-no-uid.diff

@@ -0,0 +1,13 @@
+diff --git a/utils/apparmor/logparser.py b/utils/apparmor/logparser.py
+index 0e74c3f5..5738bb10 100644
+--- a/utils/apparmor/logparser.py
++++ b/utils/apparmor/logparser.py
+@@ -118,7 +118,7 @@ class ReadLog:
+         ev['protocol'] = event.net_protocol
+         ev['sock_type'] = event.net_sock_type
+ 
+-        if event.ouid != 18446744073709551615:  # 2^64 - 1
++        if event.ouid != 18446744073709551615 and event.ouid != 4294967295:  # 2^64 - 1 and 2^32 - 1
+             ev['fsuid'] = event.fsuid
+             ev['ouid'] = event.ouid
+ 

apparmor.changes

@@ -12,6 +12,8 @@ Mon Dec 25 15:27:03 UTC 2017 - suse-beta@cboltz.de
   - read_inactive_profile-exactly-once.patch
   - utils-fix-sorted-save_profiles-regression.diff
 - lessopen profile: change all 'rix' rules to 'mrix'
+- add 32-bit-no-uid.diff to fix handling of log events without ouid on
+  32 bit systems
 
 -------------------------------------------------------------------
 Tue Nov 30 10:30:33 UTC 2017 - suse-beta@cboltz.de

apparmor.spec

@@ -64,6 +64,9 @@ Patch5:         ruby-2_0-mkmf-destdir.patch
 # bug 906858 - confine lessopen.sh (submitted upstream 2014-12-21)
 Patch7:         apparmor-lessopen-profile.patch
 
+# logparser.py: ignore ouid if it's 2^32 - 1 which means no ouid given in a log event on 32 bit systems (submitted upstream 2017-12-26)
+Patch8:         32-bit-no-uid.diff
+
 PreReq:         sed
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %define apparmor_bin_prefix /lib/apparmor
@@ -351,6 +354,7 @@ SubDomain.
 %patch2
 %patch5 -p1
 %patch7
+%patch8 -p1
 
 %build
 export SUSE_ASNEEDED=0