From add09e759a53e0153df5806c490fe61f3725aee8 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Tue, 3 Nov 2020 07:10:50 -0500
Subject: [PATCH] import rpmlint-1.10-14.el8

---
 .../rpmlint-1.10-update-crypto-example.patch  | 20 +++++++++++++++++++
 SOURCES/rpmlint.config                        |  7 ++++---
 SPECS/rpmlint.spec                            |  8 +++++++-
 3 files changed, 31 insertions(+), 4 deletions(-)
 create mode 100644 SOURCES/rpmlint-1.10-update-crypto-example.patch

diff --git a/SOURCES/rpmlint-1.10-update-crypto-example.patch b/SOURCES/rpmlint-1.10-update-crypto-example.patch
new file mode 100644
index 0000000..e8c20b1
--- /dev/null
+++ b/SOURCES/rpmlint-1.10-update-crypto-example.patch
@@ -0,0 +1,20 @@
+diff -up rpmlint-rpmlint-1.10/config.orig rpmlint-rpmlint-1.10/config
+--- rpmlint-rpmlint-1.10/config.orig	2017-09-05 08:40:05.000000000 +0200
++++ rpmlint-rpmlint-1.10/config	2020-06-04 15:43:14.135492613 +0200
+@@ -230,7 +230,7 @@ from Config import *
+ #'''This application package calls a function to explicitly set crypto ciphers
+ #for SSL/TLS. That may cause the application not to use the system-wide set
+ #cryptographic policy and should be modified in accordance to:
+-#https://fedoraproject.org/wiki/Packaging:CryptoPolicies'''
++#https://docs.fedoraproject.org/en-US/packaging-guidelines/CryptoPolicies/'''
+ #
+ #call_blacklist = {'crypto-policy-non-compliance-openssl' :
+ #                                     {'f_name' : 'SSL_CTX_set_cipher_list',
+@@ -242,6 +242,7 @@ from Config import *
+ #                                       'description' : bad_crypto_warning},
+ #                  'crypto-policy-non-compliance-gnutls-2' :
+ #                                      {'f_name' : 'gnutls_priority_init',
++#                                       'good_param' : '^@SYSTEM$',
+ #                                       'description' : bad_crypto_warning}
+ #                 }
+ #setOption("WarnOnFunction", call_blacklist)
diff --git a/SOURCES/rpmlint.config b/SOURCES/rpmlint.config
index 11de5bf..485019b 100644
--- a/SOURCES/rpmlint.config
+++ b/SOURCES/rpmlint.config
@@ -450,18 +450,19 @@ bad_crypto_warning = \
 '''This application package calls a function to explicitly set crypto ciphers
 for SSL/TLS. That may cause the application not to use the system-wide set
 cryptographic policy and should be modified in accordance to:
-https://fedoraproject.org/wiki/Packaging:CryptoPolicies'''
+https://docs.fedoraproject.org/en-US/packaging-guidelines/CryptoPolicies/'''
 
 call_blacklist = {'crypto-policy-non-compliance-openssl' :
                                      {'f_name' : 'SSL_CTX_set_cipher_list',
-                                      'good_param' : 'PROFILE=SYSTEM',
+                                      'good_param' : '^PROFILE=SYSTEM$',
                                       'description' : bad_crypto_warning},
                   'crypto-policy-non-compliance-gnutls-1' :
                                       {'f_name' : 'gnutls_priority_set_direct',
+                                       'good_param' : '^@SYSTEM$',
                                        'description' : bad_crypto_warning},
                   'crypto-policy-non-compliance-gnutls-2' :
                                       {'f_name' : 'gnutls_priority_init',
-                                       'good_param' : 'SYSLOG',
+                                       'good_param' : '^@SYSTEM$',
                                        'description' : bad_crypto_warning}
                  }
 setOption("WarnOnFunction", call_blacklist)
diff --git a/SPECS/rpmlint.spec b/SPECS/rpmlint.spec
index f5c4dac..a9ace5a 100644
--- a/SPECS/rpmlint.spec
+++ b/SPECS/rpmlint.spec
@@ -18,7 +18,7 @@
 
 Name:           rpmlint
 Version:        1.10
-Release:        13.2%{?dist}
+Release:        14%{?dist}
 Summary:        Tool for checking common errors in RPM packages
 Group:          Development/Tools
 License:        GPLv2
@@ -39,6 +39,7 @@ Patch1:		rpmlint-1.10-flake-cleanups.patch
 Patch2:		rpmlint-1.10-no_python2.patch
 Patch3:		rpmlint-1.10-fix_test.patch
 Patch4:		rpmlint-1.10-rpm_surrogate_escaped_utf8.patch
+Patch5:		rpmlint-1.10-update-crypto-example.patch
 BuildArch:      noarch
 %if %{with python3}
 %if 0%{?rhel} > 7
@@ -96,6 +97,7 @@ and source packages as well as spec files can be checked.
 %patch2 -p1 -b .no_python2
 %patch3 -p1 -b .fix_test
 %patch4 -p1 -b .rpm_surrogate_escaped_utf8
+%patch5 -p1 -b .update_crypto_example
 sed -i -e /MenuCheck/d Config.py
 cp -p config config.example
 install -pm 644 %{SOURCE3} config
@@ -137,6 +139,10 @@ make check PYTHON=%{python} PYTEST=%{pytest} FLAKE8=%{flake8}
 %{_mandir}/man1/rpmlint.1*
 
 %changelog
+* Thu Jun 04 2020 Michal Domonkos <mdomonko@redhat.com> - 1.10-14
+- Update crypto warnings in config file to reflect current Fedora policy
+  (RHBZ#1797545)
+
 * Fri Jun 14 2019 Thomas Woerner <twoerner@redhat.com> - 1.10.13.2
 - Handle rpm change to return surrogate-escaped utf-8 python strings
   (RHBZ#1693712)