--- ./lib/fsm.c.orig	2010-06-04 13:47:57.000000000 +0000
+++ ./lib/fsm.c	2010-06-04 13:48:07.000000000 +0000
@@ -1323,6 +1323,21 @@ static const char * rpmteTypeString(rpmt
     }
 }
 
+static void removeSBITS(const char *path)
+{
+    struct stat stb;
+    if (lstat(path, &stb) == 0 && S_ISREG(stb.st_mode)) {
+	if ((stb.st_mode & 06000) != 0) {
+	    (void) chmod(path, stb.st_mode & 0777);
+	}
+#if WITH_CAP
+	if (stb.st_mode & (S_IXUSR|S_IXGRP|S_IXOTH)) {
+	    (void) cap_set_file(path, NULL);
+	}
+#endif
+    }
+}
+
 #define	IS_DEV_LOG(_x)	\
 	((_x) != NULL && strlen(_x) >= (sizeof("/dev/log")-1) && \
 	rstreqn((_x), "/dev/log", sizeof("/dev/log")-1) && \
@@ -2027,11 +2042,8 @@ if (!(fsm->mapFlags & CPIO_ALL_HARDLINKS
 	break;
 
     case FSM_UNLINK:
-	if (fsm->mapFlags & CPIO_SBIT_CHECK) {
-	    struct stat stb;
-	    if (lstat(fsm->path, &stb) == 0 && S_ISREG(stb.st_mode) && (stb.st_mode & 06000) != 0)
-		chmod(fsm->path, stb.st_mode & 0777);
-	}
+	if (fsm->mapFlags & CPIO_SBIT_CHECK)
+	    removeSBITS(fsm->path);
 	rc = unlink(fsm->path);
 	if (_fsm_debug && (stage & FSM_SYSCALL))
 	    rpmlog(RPMLOG_DEBUG, " %8s (%s) %s\n", cur,
@@ -2040,6 +2052,8 @@ if (!(fsm->mapFlags & CPIO_ALL_HARDLINKS
 	    rc = (errno == ENOENT ? CPIOERR_ENOENT : CPIOERR_UNLINK_FAILED);
 	break;
     case FSM_RENAME:
+	if (fsm->mapFlags & CPIO_SBIT_CHECK)
+	    removeSBITS(fsm->path);
 	rc = rename(fsm->opath, fsm->path);
 #if defined(ETXTBSY) && defined(__HPUX__)
 	if (rc && errno == ETXTBSY) {