File safesymlinks.diff of Package rpm.26688
--- ./lib/fsm.c.orig	2018-06-15 11:15:50.320133057 +0000
+++ ./lib/fsm.c	2018-06-15 11:15:56.240118124 +0000
@@ -653,7 +653,7 @@ static int fsmUtime(const char *path, mo
     return rc;
 }
 
-static int fsmVerify(const char *path, rpmfi fi, const struct stat *fsb)
+static int fsmVerify(const char *path, rpmfi fi)
 {
     int rc;
     int saveerrno = errno;
@@ -684,7 +684,7 @@ static int fsmVerify(const char *path, r
             if (rc) return rc;
             errno = saveerrno;
 	    /* Only permit directory symlinks by target owner and root */
-            if (S_ISDIR(dsb.st_mode) && (luid == 0 || luid == fsb->st_uid))
+            if (S_ISDIR(dsb.st_mode) && (luid == 0 || luid == dsb.st_uid))
 		    return 0;
         }
     } else if (S_ISLNK(mode)) {
@@ -928,7 +928,7 @@ int rpmPackageFilesInstall(rpmts ts, rpm
 	    }
 	    /* Assume file does't exist when tmp suffix is in use */
 	    if (!suffix) {
-		rc = fsmVerify(fpath, fi, &sb);
+		rc = fsmVerify(fpath, fi);
 	    } else {
 		rc = (action == FA_TOUCH) ? 0 : RPMERR_ENOENT;
 	    }
--- ./lib/verify.c.orig	2018-06-15 11:16:03.904098773 +0000
+++ ./lib/verify.c	2018-06-15 11:23:42.842941766 +0000
@@ -98,11 +98,8 @@ rpmVerifyAttrs rpmfilesVerify(rpmfiles f
 	struct stat dsb;
 	/* ...if it actually points to a directory  */
 	if (stat(fn, &dsb) == 0 && S_ISDIR(dsb.st_mode)) {
-	    uid_t fuid;
 	    /* ...and is by a legit user, to match fsmVerify() behavior */
-	    if (sb.st_uid == 0 ||
-			(rpmugUid(rpmfilesFUser(fi, ix), &fuid) == 0 &&
-			 sb.st_uid == fuid)) {
+	    if (sb.st_uid == 0 || sb.st_uid == dsb.st_uid) {
 		sb = dsb; /* struct assignment */
 	    }
 	}