--- /dev/null
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Fri, 13 Apr 2012 10:16:51 +0000 (+0300)
+Subject: Raise file conflicts on differing permissions (user, group, mode)
+X-Git-Tag: rpm-4.11.0-alpha~426
+X-Git-Url: http://rpm.org/gitweb?p=rpm.git;a=commitdiff_plain;h=cf1095648194104a81a58abead05974a5bfa3b9a
+
+Raise file conflicts on differing permissions (user, group, mode)
+
+- Two files (or directories) cannot be correctly shared if their
+ permissions differ, even if the content is identical: either
+ file will end up having wrong permissions, depending on installation
+ order. This means a package can among other things silently
+ eg relax permissions of eg security sensitive directory (accidentally
+ or intentionallY).
+- We now require exact match of user, group and entire file mode
+ (previously only the file type part of mode was tested)
+---
+
+diff --git a/lib/rpmfi.c b/lib/rpmfi.c
+index 42c07db..e6e1fb3 100644
+--- a/lib/rpmfi.c
++++ b/lib/rpmfi.c
+@@ -542,13 +542,20 @@ rpmFileTypes rpmfiWhatis(rpm_mode_t mode)
+
+ int rpmfiCompareIndex(rpmfi afi, int aix, rpmfi bfi, int bix)
+ {
+- rpmFileTypes awhat = rpmfiWhatis(rpmfiFModeIndex(afi, aix));
+- rpmFileTypes bwhat = rpmfiWhatis(rpmfiFModeIndex(bfi, bix));
++ mode_t amode = rpmfiFModeIndex(afi, aix);
++ mode_t bmode = rpmfiFModeIndex(bfi, bix);
++ rpmFileTypes awhat = rpmfiWhatis(amode);
++ rpmFileTypes bwhat = rpmfiWhatis(bmode);
+
+ if ((rpmfiFFlagsIndex(afi, aix) & RPMFILE_GHOST) ||
+ (rpmfiFFlagsIndex(bfi, bix) & RPMFILE_GHOST)) return 0;
+
+- if (awhat != bwhat) return 1;
++ if (amode != bmode) return 1;
++
++ if (!rstreq(rpmfiFUserIndex(afi, aix), rpmfiFUserIndex(bfi, bix)))
++ return 1;
++ if (!rstreq(rpmfiFGroupIndex(afi, aix), rpmfiFGroupIndex(bfi, bix)))
++ return 1;
+
+ if (awhat == LINK) {
+ const char * alink = rpmfiFLinkIndex(afi, aix);
git://git.onelab.eu / infrastructure.git / blobdiff