!38 [sync] PR-34: Move temporary files from /var/run to /run to delete warning in installing

From: @openeuler-sync-bot 
Reviewed-by: @HuaxinLuGitee 
Signed-off-by: @HuaxinLuGitee

backport-Fix-NULL-pointer-deref-on-memory-allocation-failure.patch

@@ -0,0 +1,46 @@
+From 91bb8c995f977d289077e6a6dceff74f4aed60b6 Mon Sep 17 00:00:00 2001
+From: Arthur de Jong <arthur@arthurdejong.org>
+Date: Tue, 27 Aug 2024 21:20:29 +0200
+Subject: [PATCH] Fix NULL pointer deref on memory allocation failure
+
+This fixes a NULL pointer dereference when a call to malloc() failed.
+
+Closes https://github.com/arthurdejong/nss-pam-ldapd/issues/70
+---
+ nslcd/passwd.c | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/nslcd/passwd.c b/nslcd/passwd.c
+index a4e2678..59b21d0 100644
+--- a/nslcd/passwd.c
++++ b/nslcd/passwd.c
+@@ -5,7 +5,7 @@
+ 
+    Copyright (C) 1997-2005 Luke Howard
+    Copyright (C) 2006 West Consulting
+-   Copyright (C) 2006-2017 Arthur de Jong
++   Copyright (C) 2006-2024 Arthur de Jong
+ 
+    This library is free software; you can redistribute it and/or
+    modify it under the terms of the GNU Lesser General Public
+@@ -293,8 +293,16 @@ char *dn2uid(MYLDAP_SESSION *session, const char *dn, char *buf, size_t buflen)
+   /* see if we have a cached entry */
+   pthread_mutex_lock(&dn2uid_cache_mutex);
+   if (dn2uid_cache == NULL)
++  {
+     dn2uid_cache = dict_new();
+-  if ((dn2uid_cache != NULL) && ((cacheentry = dict_get(dn2uid_cache, dn)) != NULL))
++    if (dn2uid_cache == NULL)
++    {
++      log_log(LOG_ERR, "dict_new() failed to allocate memory");
++      pthread_mutex_unlock(&dn2uid_cache_mutex);
++      return NULL;
++    }
++  }
++  if ((cacheentry = dict_get(dn2uid_cache, dn)) != NULL)
+   {
+     if ((cacheentry->uid != NULL) && (strlen(cacheentry->uid) < buflen))
+     {
+-- 
+2.33.0
+

backport-Fix-memory-leak-in-config-parsing.patch

@@ -0,0 +1,29 @@
+From 9a353ac7f84a2b6485dd1bb1b272cb8405bd4e9e Mon Sep 17 00:00:00 2001
+From: Arthur de Jong <arthur@arthurdejong.org>
+Date: Tue, 27 Aug 2024 21:39:21 +0200
+Subject: [PATCH] Fix memory leak in config parsing
+
+This fixes a one-time memory leak in reading the base configuration
+option.
+---
+ nslcd/cfg.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/nslcd/cfg.c b/nslcd/cfg.c
+index 86917d5..6e56161 100644
+--- a/nslcd/cfg.c
++++ b/nslcd/cfg.c
+@@ -685,7 +685,10 @@ static void handle_base(const char *filename, int lnr,
+ #endif /* not HAVE_LDAP_DOMAIN2DN */
+   }
+   if (strcasecmp(value, "\"\"") == 0)
++  {
++    free(value);
+     value = "";
++  }
+   /* find the spot in the list of bases */
+   for (i = 0; i < NSS_LDAP_CONFIG_MAX_BASES; i++)
+     if (bases[i] == NULL)
+-- 
+2.33.0
+

backport-Fix-off-by-one-error-in-closing-file-descriptors.patch

@@ -0,0 +1,27 @@
+From 1c9b021e78dc67b9cdca5f9ad10cbde08418ee28 Mon Sep 17 00:00:00 2001
+From: Arthur de Jong <arthur@arthurdejong.org>
+Date: Mon, 10 Oct 2022 23:15:06 +0200
+Subject: [PATCH] Fix off-by one error in closing file descriptors
+
+This could leave file descriptor 3 open from the parent process starting
+nslcd.
+---
+ nslcd/daemonize.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/nslcd/daemonize.c b/nslcd/daemonize.c
+index d11d358..be3b386 100644
+--- a/nslcd/daemonize.c
++++ b/nslcd/daemonize.c
+@@ -50,7 +50,7 @@ void daemonize_closefds(void)
+      hope we closed enough */
+   if (i < 0)
+     i = 32;
+-  for (; i > 3; i--)
++  for (; i > 2; i--)
+     close(i);
+ }
+ 
+-- 
+2.27.0
+

nslcd.service

@@ -5,7 +5,7 @@ Documentation=man:nslcd(8) man:nslcd.conf(5)
 
 [Service]
 Type=forking
-PIDFile=/var/run/nslcd/nslcd.pid
+PIDFile=/run/nslcd/nslcd.pid
 ExecStart=/usr/sbin/nslcd
 RestartSec=10s
 Restart=on-failure

nslcd.tmpfiles

@@ -1,2 +1,2 @@
-# nslcd needs a directory in /var/run to store its pid file and socket
+# nslcd needs a directory in /run to store its pid file and socket
-d /var/run/nslcd 0775 nslcd root
+d /run/nslcd 0775 nslcd root

nss-pam-ldapd.spec

@@ -2,7 +2,7 @@
 
 Name:           nss-pam-ldapd
 Version:        0.9.12
-Release:        1
+Release:        6
 Summary:        NSS and PAM libraries for name lookups and authentication using LDAP
 License:        LGPLv2+
 URL:            http://arthurdejong.org/nss-pam-ldapd/
@@ -13,6 +13,9 @@ Source4:        nslcd.service
 
 Patch0:      0001-Disable-pylint-tests.patch
 Patch1:      0002-Watch-for-uint32_t-overflows.patch
+Patch2:      backport-Fix-off-by-one-error-in-closing-file-descriptors.patch
+Patch3:      backport-Fix-memory-leak-in-config-parsing.patch
+Patch4:      backport-Fix-NULL-pointer-deref-on-memory-allocation-failure.patch
 
 BuildRequires:  gcc, openldap-devel, krb5-devel, autoconf, automake, pam-devel, systemd-units
 %{?systemd_requires}
@@ -64,7 +67,7 @@ ln -s libnss_ldap.so.2 $RPM_BUILD_ROOT/%{_lib}/libnss_ldap.so
 sed -i -e 's,^uid.*,uid nslcd,g' -e 's,^gid.*,gid ldap,g' \
 $RPM_BUILD_ROOT/%{_sysconfdir}/nslcd.conf
 touch -r nslcd.conf $RPM_BUILD_ROOT/%{_sysconfdir}/nslcd.conf
-mkdir -p -m 0755 $RPM_BUILD_ROOT/var/run/nslcd
+mkdir -p -m 0755 $RPM_BUILD_ROOT/run/nslcd
 mkdir -p -m 0755 $RPM_BUILD_ROOT/%{_tmpfilesdir}
 install -p -m 0644 %{SOURCE3} $RPM_BUILD_ROOT/%{_tmpfilesdir}/%{name}.conf
 
@@ -93,13 +96,43 @@ getent passwd nslcd > /dev/null || \
 /%{_lib}/security/pam_ldap.so
 %attr(0600,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/nslcd.conf
 %attr(0644,root,root) %config(noreplace) %{_tmpfilesdir}/%{name}.conf
-%{_unitdir}/nslcd.service
+%config(noreplace) %{_unitdir}/nslcd.service
-%attr(0775,nslcd,root) /var/run/nslcd
+%attr(0775,nslcd,root) /run/nslcd
 
 %files help
 %{_mandir}/*/*
 
 %changelog
+* Wed Mar 5 2025 yixiangzhike <yixiangzhike007@163.com> - 0.9.12-6
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:Move temporary files from /var/run to /run to delete warning in installing
+
+* Thu Oct 24 2024 yixiangzhike <yixiangzhike007@163.com> - 0.9.12-5
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:Fix NULL pointer deref on memory allocation failure
+
+* Wed Oct 09 2024 yixiangzhike <yixiangzhike007@163.com> - 0.9.12-4
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:fix memory leak in config parsing
+
+* Wed May 08 2024 lifeifei <lifeifei@kylinos.cn> - 0.9.12-3
+- Type:requirement
+- CVE:NA
+- SUG:NA
+- DESC:add noreplace to /usr/lib/systemd/system/nslcd.service
+
+* Wed Oct 19 2022 yixiangzhike <yixiangzhike007@163.com> - 0.9.12-2
+- Type:bugfix
+- ID:NA
+- SUG:restart
+- DESC:fix off-by one error in closing file descriptors
+
 * Mon Feb 21 2022 yixiangzhike <yixiangzhike007@163.com> - 0.9.12-1
 - Type:bugfix
 - ID:NA