Patch to auparse to handle out of order messages 1 of 3

All, The TODO for 2.5.1 requested * Fix auparse to handle out of order messages The problem was that should a stream of raw auditd logs be processed by auparse(), then if the records that make up a single auditd event were interleaved with each other, auparse() would 'silently' discard event data. Ausearch/Aureport does not have this problem as it handles such interleaved event records. The approach to solve this problem was to take the ausearch/aureport's list of list event record code (lol) and incorporate it into auparse(). The following three patches address this problem. #1 - convert the existing code to change auparse's auparse_state_t (aka struct opaque) event_list_t element 'le' to be a pointer, so the 'lol' code can more seamlessly fit in. #2 - the 'lol' patch itself. Integrate the ausearch/aureport 'lol' code into auparse() and adjust auparse() to deal with maintain an incore list of incomplete events. #3 - modify the standard auparse() test code. Regards Burn Alting