From b3fa55f70c19fc2cbbcae07ed3425d5f605f28df Mon Sep 17 00:00:00 2001
From: Tom Callaway <spot@fedoraproject.org>
Date: Sun, 29 Oct 2017 12:29:04 -0400
Subject: [PATCH] fix SSL_CTX_set_cipher_list waiver, use raw strings in config
 file to silence python3 deprecation warnings

---
 rpmlint.config | 21 +++++++++++----------
 rpmlint.spec   |  6 +++++-
 2 files changed, 16 insertions(+), 11 deletions(-)

diff --git a/rpmlint.config b/rpmlint.config
index f11d533..2b135e1 100644
--- a/rpmlint.config
+++ b/rpmlint.config
@@ -16,7 +16,7 @@ setOption("DefaultPythonVersion", sys.version[:3])
 setOption("KernelModuleRPMsOK", False)
 setOption("MaxLineLength", 80)
 setOption("NetworkEnabled", True)
-setOption("ReleaseExtension", '\.(fc|rhe?l|el)\d+(?=\.|$)')
+setOption("ReleaseExtension", r'\.(fc|rhe?l|el)\d+(?=\.|$)')
 setOption("UseDebugSource", True)
 setOption("UseDefaultRunlevels", False)
 setOption("UseEpoch", False)
@@ -337,7 +337,7 @@ setOption("ValidLicenses", (
 setOption('SystemLibPaths', ('/lib', '/lib64', '/usr/lib', '/usr/lib64'))
 
 # Add systemd dir to ignored path for UsrLibBinaryException
-setOption('UsrLibBinaryException', '^/usr/lib/(perl|python|menu|pkgconfig|systemd|lib[^/]+\.(so|l?a)$)')
+setOption('UsrLibBinaryException', r'^/usr/lib/(perl|python|menu|pkgconfig|systemd|lib[^/]+\.(so|l?a)$)')
 
 # Get standard users and groups from the setup package's uidgid file
 setOption('StandardUsers', [])
@@ -402,9 +402,9 @@ addFilter("explicit-lib-dependency (liberation-fonts|libertas-.*-firmware|libvir
 addFilter("explicit-lib-dependency (python-.*lib.*|python2-.*lib.*|python3-.*lib.*)$")
 addFilter("filename-too-long-for-joliet")
 addFilter("symlink-should-be-")
-addFilter("dangling-\S*symlink /usr/share/doc/HTML/\S+/common .+/common$")
-addFilter("hidden-file-or-dir .*/man5/\.k5login\.5[^/]+$")
-addFilter("blender.+ (wrong-script-interpreter|non-executable-script) .+/blender/.+\.py.*BPY.*")
+addFilter(r"dangling-\S*symlink /usr/share/doc/HTML/\S+/common .+/common$")
+addFilter(r"hidden-file-or-dir .*/man5/\.k5login\.5[^/]+$")
+addFilter(r"blender.+ (wrong-script-interpreter|non-executable-script) .+/blender/.+\.py.*BPY.*")
 # Fedora 12 and newer no longer need a buildroot defined, to have the buildroot cleaned at the beginning
 # of %install, and do not need to define a %clean section unless the default is invalid.
 addFilter("no-cleaning-of-buildroot")
@@ -419,7 +419,7 @@ addFilter("non-ghost-in-var-lock")
 addFilter("non-ghost-in-var-run")
 # Someone thought it was a good idea to make .desktop files executable. They were wrong.
 # Nevertheless, I do not yet control the universe, so we squelch the error here.
-addFilter("script-without-shebang .*\.desktop$")
+addFilter(r"script-without-shebang .*\.desktop$")
 # Some files in /etc/ are not meant to be modified by the sysadmin
 addFilter("non-conffile-in-etc /etc/rpm/.*$")
 addFilter("non-conffile-in-etc /etc/rc.d/init.d/.*$")
@@ -429,10 +429,10 @@ addFilter("broken-syntax-in-scriptlet-requires")
 # Contains passwords
 addFilter("non-readable /etc/ovirt-engine/isouploader.conf")
 # Ignore webservers which are just broken.
-addFilter("invalid-url .*\.googlecode\.com/.*HTTP Error 404")
-addFilter("invalid-url .*\.jboss\.org/.*HTTP Error 403")
-addFilter("invalid-url .*bitbucket\.org/.*HTTP Error 403")
-addFilter("invalid-url .*github\.com/.*HTTP Error 403")
+addFilter(r"invalid-url .*\.googlecode\.com/.*HTTP Error 404")
+addFilter(r"invalid-url .*\.jboss\.org/.*HTTP Error 403")
+addFilter(r"invalid-url .*bitbucket\.org/.*HTTP Error 403")
+addFilter(r"invalid-url .*github\.com/.*HTTP Error 403")
 # Don't care about long descriptions on debuginfo packages
 # They automatically include the package name and are always
 # quite long.
@@ -446,6 +446,7 @@ https://fedoraproject.org/wiki/Packaging:CryptoPolicies'''
 
 call_blacklist = {'crypto-policy-non-compliance-openssl' :
                                      {'f_name' : 'SSL_CTX_set_cipher_list',
+                                      'good_param' : 'PROFILE=SYSTEM',
                                       'description' : bad_crypto_warning},
                   'crypto-policy-non-compliance-gnutls-1' :
                                       {'f_name' : 'gnutls_priority_set_direct',
diff --git a/rpmlint.spec b/rpmlint.spec
index ad1e49c..84e7444 100644
--- a/rpmlint.spec
+++ b/rpmlint.spec
@@ -16,7 +16,7 @@
 
 Name:           rpmlint
 Version:        1.10
-Release:        3%{?dist}
+Release:        4%{?dist}
 Summary:        Tool for checking common errors in RPM packages
 Group:          Development/Tools
 License:        GPLv2
@@ -127,6 +127,10 @@ make check PYTHON=%{python} PYTEST=%{pytest} FLAKE8=%{flake8}
 %{_mandir}/man1/rpmlint.1*
 
 %changelog
+* Sun Oct 29 2017 Tom Callaway <spot@fedoraproject.org> - 1.10-4
+- fix SSL_CTX_set_cipher_list waiver
+- use raw strings in config file to silence python3 deprecation warnings
+
 * Mon Sep 11 2017 Tom Callaway <spot@fedoraproject.org> - 1.10-3
 - use correct config file option for debugsource