From aaf488560198e612d724bf3edd62456c7469b7fe Mon Sep 17 00:00:00 2001 From: Panu Matilainen Date: Jun 03 2010 08:18:21 +0000 Subject: - also strip POSIX file capabilities from hardlinks on upgrade/erase (#598775) --- diff --git a/rpm-4.8.0-fsm-sbits.patch b/rpm-4.8.0-fsm-sbits.patch index e1a7ab6..26c382a 100644 --- a/rpm-4.8.0-fsm-sbits.patch +++ b/rpm-4.8.0-fsm-sbits.patch @@ -1,24 +1,29 @@ diff -up rpm-4.8.0/lib/fsm.c.fsm-sbits rpm-4.8.0/lib/fsm.c --- rpm-4.8.0/lib/fsm.c.fsm-sbits 2009-12-07 16:36:49.000000000 +0200 -+++ rpm-4.8.0/lib/fsm.c 2010-06-02 09:25:52.000000000 +0300 -@@ -1320,6 +1320,16 @@ static const char * rpmteTypeString(rpmt ++++ rpm-4.8.0/lib/fsm.c 2010-06-03 11:14:53.000000000 +0300 +@@ -1320,6 +1320,21 @@ static const char * rpmteTypeString(rpmt } } +static void removeSBITS(const char *path) +{ + struct stat stb; -+ if (lstat(path, &stb) == 0) { -+ if (S_ISREG(stb.st_mode) && (stb.st_mode & 06000) != 0) { ++ if (lstat(path, &stb) == 0 && S_ISREG(stb.st_mode)) { ++ if ((stb.st_mode & 06000) != 0) { + (void) chmod(path, stb.st_mode & 0777); + } ++#if WITH_CAP ++ if (stb.st_mode & (S_IXUSR|S_IXGRP|S_IXOTH)) { ++ (void) cap_set_file(path, NULL); ++ } ++#endif + } +} + #define IS_DEV_LOG(_x) \ ((_x) != NULL && strlen(_x) >= (sizeof("/dev/log")-1) && \ rstreqn((_x), "/dev/log", sizeof("/dev/log")-1) && \ -@@ -2024,11 +2034,8 @@ if (!(fsm->mapFlags & CPIO_ALL_HARDLINKS +@@ -2024,11 +2039,8 @@ if (!(fsm->mapFlags & CPIO_ALL_HARDLINKS break; case FSM_UNLINK: @@ -32,7 +37,7 @@ diff -up rpm-4.8.0/lib/fsm.c.fsm-sbits rpm-4.8.0/lib/fsm.c rc = unlink(fsm->path); if (_fsm_debug && (stage & FSM_SYSCALL)) rpmlog(RPMLOG_DEBUG, " %8s (%s) %s\n", cur, -@@ -2037,6 +2044,8 @@ if (!(fsm->mapFlags & CPIO_ALL_HARDLINKS +@@ -2037,6 +2049,8 @@ if (!(fsm->mapFlags & CPIO_ALL_HARDLINKS rc = (errno == ENOENT ? CPIOERR_ENOENT : CPIOERR_UNLINK_FAILED); break; case FSM_RENAME: diff --git a/rpm.spec b/rpm.spec index 700fe6b..a7a03c4 100644 --- a/rpm.spec +++ b/rpm.spec @@ -21,7 +21,7 @@ Summary: The RPM package management system Name: rpm Version: %{rpmver} -Release: 18%{?dist} +Release: 19%{?dist} Group: System Environment/Base Url: http://www.rpm.org/ Source0: http://rpm.org/releases/testing/%{name}-%{srcver}.tar.bz2 @@ -430,6 +430,9 @@ exit 0 %doc doc/librpm/html/* %changelog +* Thu Jun 03 2010 Panu Matilainen - 4.8.0-19 +- also strip POSIX file capabilities from hardlinks on upgrade/erase (#598775) + * Wed Jun 02 2010 Panu Matilainen - 4.8.0-18 - remove s-bits on upgrade too (#598775)