diff --git a/.gitignore b/.gitignore index ab56267..00122ce 100644 --- a/.gitignore +++ b/.gitignore @@ -6,3 +6,4 @@ /rpmlint-1.5.tar.xz /rpmlint-1.6.tar.xz /rpmlint-1.7.tar.xz +/rpmlint-1.8.tar.gz diff --git a/rpmlint.config b/rpmlint.config index d434977..cf303d6 100644 --- a/rpmlint.config +++ b/rpmlint.config @@ -40,7 +40,7 @@ setOption("DanglingSymlinkExceptions", ( setOption("ValidLicenses", ( # These are the short names for all of the Fedora approved licenses. # The master list is kept here: http://fedoraproject.org/wiki/Licensing - # Last synced with revision "2.29, 17 March 2015" of that page. + # Last synced with revision "2.30, 11 September 2015" of that page. 'AAL', 'Abstyles', 'Adobe', @@ -90,6 +90,7 @@ setOption("ValidLicenses", ( 'Copyright only', 'CPAL', 'CPL', + 'CRC32', 'Crossword', 'Crystal Stacker', 'Cube', @@ -426,6 +427,25 @@ addFilter("invalid-url .*\.googlecode\.com/.*HTTP Error 404") addFilter("invalid-url .*\.jboss\.org/.*HTTP Error 403") addFilter("invalid-url .*\bitbucket\.org/.*HTTP Error 403") +bad_crypto_warning = \ +'''This application package calls a function to explicitly set crypto ciphers +for SSL/TLS. That may cause the application not to use the system-wide set +cryptographic policy and should be modified in accordance to: +https://fedoraproject.org/wiki/Packaging:CryptoPolicies''' + +call_blacklist = {'crypto-policy-non-compliance-openssl' : + {'f_name' : 'SSL_CTX_set_cipher_list', + 'description' : bad_crypto_warning}, + 'crypto-policy-non-compliance-gnutls-1' : + {'f_name' : 'gnutls_priority_set_direct', + 'description' : bad_crypto_warning}, + 'crypto-policy-non-compliance-gnutls-2' : + {'f_name' : 'gnutls_priority_init', + 'good_param' : 'SYSLOG', + 'description' : bad_crypto_warning} + } +setOption("WarnOnFunction", call_blacklist) + # https://bugzilla.redhat.com/496737, https://bugzilla.redhat.com/646455 for pkg, exe in (("coreutils", "/bin/su"), ("krb5-workstation", "/usr/kerberos/bin/ksu"), diff --git a/rpmlint.spec b/rpmlint.spec index 5bc84c9..1c5757e 100644 --- a/rpmlint.spec +++ b/rpmlint.spec @@ -13,15 +13,14 @@ %endif Name: rpmlint -Version: 1.7 +Version: 1.8 Release: 1%{?dist} Summary: Tool for checking common errors in RPM packages Group: Development/Tools License: GPLv2 URL: http://sourceforge.net/projects/rpmlint/ -Source0: http://downloads.sourceforge.net/project/rpmlint/%{name}-%{version}.tar.xz +Source0: https://github.com/rpm-software-management/rpmlint/archive/rpmlint-%{version}.tar.gz Source1: %{name}.config -Source2: %{name}-CHANGES.package.old Source3: %{name}-etc.config # EL-4 specific config Source4: %{name}.config.el4 @@ -75,10 +74,9 @@ and source packages as well as spec files can be checked. %prep -%setup -q +%setup -q -n %{name}-%{name}-%{version} sed -i -e /MenuCheck/d Config.py cp -p config config.example -install -pm 644 %{SOURCE2} CHANGES.package.old install -pm 644 %{SOURCE3} config @@ -108,7 +106,7 @@ make check PYTHON=%{python} PYTEST=%{pytest} %files -%doc COPYING ChangeLog CHANGES.package.old README config.example +%doc COPYING README config.example %config(noreplace) %{_sysconfdir}/rpmlint/ %if 0%{?fedora} %{_datadir}/bash-completion/ @@ -126,6 +124,11 @@ make check PYTHON=%{python} PYTEST=%{pytest} %{_mandir}/man1/rpmlint.1* %changelog +* Fri Sep 25 2015 Tom Callaway - 1.8-1 +- 1.8 +- add bad crypto warning to config file +- update license list + * Fri Jul 10 2015 Tom Callaway - 1.7-1 - 1.7 - add python conditionals diff --git a/sources b/sources index 3015d6d..6ca12b2 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -0b78c2fa4a98c6f660003a679ad6ea90 rpmlint-1.7.tar.xz +f168dc8e190c25dc1f409abb3ef47b86 rpmlint-1.8.tar.gz