Overview

File gnupg-notdash-escape.patch of Package gpg2.42185

commit 947ea3c411f0c14ba002612bb4ab500fba105570
Author: Werner Koch <wk@gnupg.org>
Date:   Mon Dec 29 18:37:08 2025 +0100

    gpg: Deprecate the option --not-dash-escaped.
    
    * g10/options.h (COMPAT_ALLOW_NOT_DASH_ESCAPED): new.
    * g10/gpg.c (compatibility_flags): Add "allow-not-dash-escaped".
    (main): Print a deprecation warning.
    * g10/armor.c (parse_header_line): Ignore the NotDashEscaped header.
    
    * tests/openpgp/clearsig.scm (vectors): Remove test case.
    --
    
    GnuPG-bug-id: 7901

Index: gnupg-2.4.4/doc/gpg.texi
===================================================================
--- gnupg-2.4.4.orig/doc/gpg.texi
+++ gnupg-2.4.4/doc/gpg.texi
@@ -3480,16 +3480,6 @@ be tried.  @option{--no-throw-keyids} di
 is essentially the same as using @option{--hidden-recipient} for all
 recipients.
 
-@item --not-dash-escaped
-@opindex not-dash-escaped
-This option changes the behavior of cleartext signatures
-so that they can be used for patch files. You should not
-send such an armored file via email because all spaces
-and line endings are hashed too. You can not use this
-option for data which has 5 dashes at the beginning of a
-line, patch files don't have this. A special armor header
-line tells GnuPG about this cleartext signature option.
-
 @item --escape-from-lines
 @itemx --no-escape-from-lines
 @opindex escape-from-lines
@@ -3949,6 +3939,18 @@ This option is deprecated and has no mor
 @item --aead-algo @var{name}
 This option is deprecated and has no more effect since version 2.3.9.
 
+@item --not-dash-escaped
+@opindex not-dash-escaped
+This option is deprecated since version 2.5.15 and has actually been
+obsolete for many more years.  The verification code in gpg also
+ignores this special mode unless a compatibility flag has been used.
+This option was used to change the behavior of cleartext signatures so
+that they can be used for patch files. You should not send such an
+armored file via email because all spaces and line endings are hashed
+too. You can not use this option for data which has 5 dashes at the
+beginning of a line, patch files don't have this. A special armor
+header line tells GnuPG about this cleartext signature option.
+
 
 @end table
 
Index: gnupg-2.4.4/g10/armor.c
===================================================================
--- gnupg-2.4.4.orig/g10/armor.c
+++ gnupg-2.4.4/g10/armor.c
@@ -502,7 +502,9 @@ parse_header_line( armor_filter_context_
       {
 	if( (hashes=parse_hash_header( line )) )
 	  afx->hashes |= hashes;
-	else if( strlen(line) > 15 && !memcmp( line, "NotDashEscaped:", 15 ) )
+	else if ((opt.compat_flags & COMPAT_ALLOW_NOT_DASH_ESCAPED)
+                 && strlen (line) > 15
+                 && !memcmp( line, "NotDashEscaped:", 15 ) )
 	  afx->not_dash_escaped = 1;
 	else
 	  {
Index: gnupg-2.4.4/g10/gpg.c
===================================================================
--- gnupg-2.4.4.orig/g10/gpg.c
+++ gnupg-2.4.4/g10/gpg.c
@@ -1032,7 +1032,8 @@ static struct debug_flags_s debug_flags
 /* The list of compatibility flags.  */
 static struct compatibility_flags_s compatibility_flags [] =
   {
-    { 0, NULL }
+    { 0, NULL },
+    { COMPAT_ALLOW_NOT_DASH_ESCAPED, "allow-not-dash-escaped" }
   };
 
 
@@ -3862,6 +3863,11 @@ main (int argc, char **argv)
         comopt.keyboxd_program = NULL;
       }
 
+    if (opt.not_dash_escaped)
+      log_info (_("WARNING: \"%s\" is a deprecated option\n"),
+                "--not-dash-escaped");
+
+
     if (comopt.no_autostart)
       opt.autostart = 0;
 
Index: gnupg-2.4.4/g10/options.h
===================================================================
--- gnupg-2.4.4.orig/g10/options.h
+++ gnupg-2.4.4/g10/options.h
@@ -375,7 +375,7 @@ EXTERN_UNLESS_MAIN_MODULE int memory_sta
 
 /* Compatibility flags */
 /* #define COMPAT_FOO   1 */
-
+#define COMPAT_ALLOW_NOT_DASH_ESCAPED 32 /* Handle NotDashEscaped header.  */
 
 /* Compliance test macors.  */
 #define GNUPG   (opt.compliance==CO_GNUPG || opt.compliance==CO_DE_VS)
Index: gnupg-2.4.4/tests/openpgp/clearsig.scm
===================================================================
--- gnupg-2.4.4.orig/tests/openpgp/clearsig.scm
+++ gnupg-2.4.4/tests/openpgp/clearsig.scm
@@ -78,21 +78,7 @@ there is a blank line after this
     ;; I think this file will be constructed wrong (gpg 0.9.3) but it
     ;; should verify okay anyway.
     ("this is a sig test
- " #f ())
-
-    ;; check our special diff mode
-    ("--- mainproc.c	Tue Jun 27 09:28:11 2000
-+++ mainproc.c~ Thu Jun  8 22:50:25 2000
-@@ -1190,16 +1190,13 @@
-		md_enable( c->mfx.md, n1->pkt->pkt.signature->digest_algo);
-	    }
-	    /* ask for file and hash it */
--	    if( c->sigs_only ) {
-+	    if( c->sigs_only )
-		rc = hash_datafiles( c->mfx.md, NULL,
-				     c->signed_data, c->sigfilename,
-			n1? (n1->pkt->pkt.onepass_sig->sig_class == 0x01):0 );
-" #t (--not-dash-escaped))))
+ " #f ())))
 
 (let ((counter (make-counter)))
   (for-each-p'
openSUSE Build Service is sponsored by
Places