- really fix symlink attacks on rpm install [bnc#943457]

OBS-URL: https://build.opensuse.org/package/show/Base:System/rpm?expand=0&rev=469

safesymlinks.diff

@@ -0,0 +1,44 @@
+--- ./lib/fsm.c.orig	2018-06-15 11:15:50.320133057 +0000
++++ ./lib/fsm.c	2018-06-15 11:15:56.240118124 +0000
+@@ -653,7 +653,7 @@ static int fsmUtime(const char *path, mo
+     return rc;
+ }
+ 
+-static int fsmVerify(const char *path, rpmfi fi, const struct stat *fsb)
++static int fsmVerify(const char *path, rpmfi fi)
+ {
+     int rc;
+     int saveerrno = errno;
+@@ -684,7 +684,7 @@ static int fsmVerify(const char *path, r
+             if (rc) return rc;
+             errno = saveerrno;
+ 	    /* Only permit directory symlinks by target owner and root */
+-            if (S_ISDIR(dsb.st_mode) && (luid == 0 || luid == fsb->st_uid))
++            if (S_ISDIR(dsb.st_mode) && (luid == 0 || luid == dsb.st_uid))
+ 		    return 0;
+         }
+     } else if (S_ISLNK(mode)) {
+@@ -928,7 +928,7 @@ int rpmPackageFilesInstall(rpmts ts, rpm
+ 	    }
+ 	    /* Assume file does't exist when tmp suffix is in use */
+ 	    if (!suffix) {
+-		rc = fsmVerify(fpath, fi, &sb);
++		rc = fsmVerify(fpath, fi);
+ 	    } else {
+ 		rc = (action == FA_TOUCH) ? 0 : RPMERR_ENOENT;
+ 	    }
+--- ./lib/verify.c.orig	2018-06-15 11:16:03.904098773 +0000
++++ ./lib/verify.c	2018-06-15 11:23:42.842941766 +0000
+@@ -98,11 +98,8 @@ rpmVerifyAttrs rpmfilesVerify(rpmfiles f
+ 	struct stat dsb;
+ 	/* ...if it actually points to a directory  */
+ 	if (stat(fn, &dsb) == 0 && S_ISDIR(dsb.st_mode)) {
+-	    uid_t fuid;
+ 	    /* ...and is by a legit user, to match fsmVerify() behavior */
+-	    if (sb.st_uid == 0 ||
+-			(rpmugUid(rpmfilesFUser(fi, ix), &fuid) == 0 &&
+-			 sb.st_uid == fuid)) {
++	    if (sb.st_uid == 0 || sb.st_uid == dsb.st_uid) {
+ 		sb = dsb; /* struct assignment */
+ 	    }
+ 	}