File gnupg-notdash-escape.patch of Package gpg2.42517

commit 947ea3c411f0c14ba002612bb4ab500fba105570
Author: Werner Koch <wk@gnupg.org>
Date:   Mon Dec 29 18:37:08 2025 +0100

    gpg: Deprecate the option --not-dash-escaped.
    
    * g10/options.h (COMPAT_ALLOW_NOT_DASH_ESCAPED): new.
    * g10/gpg.c (compatibility_flags): Add "allow-not-dash-escaped".
    (main): Print a deprecation warning.
    * g10/armor.c (parse_header_line): Ignore the NotDashEscaped header.
    
    * tests/openpgp/clearsig.scm (vectors): Remove test case.
    --
    
    GnuPG-bug-id: 7901

Index: gnupg-2.0.24/doc/gpg.texi
===================================================================
--- gnupg-2.0.24.orig/doc/gpg.texi
+++ gnupg-2.0.24/doc/gpg.texi
@@ -2698,16 +2698,6 @@ be tried.  @option{--no-throw-keyids} di
 is essentially the same as using @option{--hidden-recipient} for all
 recipients.
 
-@item --not-dash-escaped
-@opindex not-dash-escaped
-This option changes the behavior of cleartext signatures
-so that they can be used for patch files. You should not
-send such an armored file via email because all spaces
-and line endings are hashed too. You can not use this
-option for data which has 5 dashes at the beginning of a
-line, patch files don't have this. A special armor header
-line tells GnuPG about this cleartext signature option.
-
 @item --escape-from-lines
 @itemx --no-escape-from-lines
 @opindex escape-from-lines
@@ -3060,6 +3050,17 @@ it. These options are deprecated. Use @o
 [no-]show-policy-url} and/or @option{--verify-options
 [no-]show-policy-url} instead.
 
+@item --not-dash-escaped
+@opindex not-dash-escaped
+This option is deprecated since version 2.5.15 and has actually been
+obsolete for many more years.  The verification code in gpg also
+ignores this special mode unless a compatibility flag has been used.
+This option was used to change the behavior of cleartext signatures so
+that they can be used for patch files. You should not send such an
+armored file via email because all spaces and line endings are hashed
+too. You can not use this option for data which has 5 dashes at the
+beginning of a line, patch files don't have this. A special armor
+header line tells GnuPG about this cleartext signature option.
 
 @end table
 
@@ -3197,6 +3198,7 @@ Operation is further controlled by a few
 @end table
 
 
+
 @c *******************************************
 @c ***************            ****************
 @c ***************  EXAMPLES  ****************
Index: gnupg-2.0.24/g10/armor.c
===================================================================
--- gnupg-2.0.24.orig/g10/armor.c
+++ gnupg-2.0.24/g10/armor.c
@@ -435,7 +435,9 @@ parse_header_line( armor_filter_context_
       {
 	if( (hashes=parse_hash_header( line )) )
 	  afx->hashes |= hashes;
-	else if( strlen(line) > 15 && !memcmp( line, "NotDashEscaped:", 15 ) )
+	else if ((opt.compat_flags & COMPAT_ALLOW_NOT_DASH_ESCAPED)
+                 && strlen (line) > 15
+                 && !memcmp( line, "NotDashEscaped:", 15 ) )
 	  afx->not_dash_escaped = 1;
 	else
 	  {
Index: gnupg-2.0.24/g10/gpg.c
===================================================================
--- gnupg-2.0.24.orig/g10/gpg.c
+++ gnupg-2.0.24/g10/gpg.c
@@ -772,6 +772,7 @@ static ARGPARSE_OPTS opts[] = {
 /* The list of compatibility flags.  */
 static struct compatibility_flags_s compatibility_flags [] =
   {
+    { COMPAT_ALLOW_NOT_DASH_ESCAPED, "allow-not-dash-escaped" },
     { 0, NULL }
   };
 
@@ -3102,6 +3103,7 @@ main (int argc, char **argv)
 		 "--require-secmem");
 	g10_exit(2);
       }
+      
 
     set_debug (debug_level);
     if (opt.verbose) /* Print the compatibility flags.  */
@@ -3391,6 +3393,9 @@ main (int argc, char **argv)
 	set_cmd (&cmd, aListKeys);
       }
 
+    if (opt.not_dash_escaped)
+      log_info (_("WARNING: \"%s\" is a deprecated option\n"),
+          "--not-dash-  escaped");
 
     if( opt.verbose > 1 )
 	set_packet_list_mode(1);
Index: gnupg-2.0.24/g10/options.h
===================================================================
--- gnupg-2.0.24.orig/g10/options.h
+++ gnupg-2.0.24/g10/options.h
@@ -306,6 +306,8 @@ struct {
 EXTERN_UNLESS_MAIN_MODULE int memory_debug_mode;
 EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode;
 
+#define COMPAT_ALLOW_NOT_DASH_ESCAPED 32 /* Handle NotDashEscaped header.  */
+
 
 /* Compliance test macors.  */
 #define GNUPG   (opt.compliance==CO_GNUPG)
Index: gnupg-2.0.24/tests/openpgp/clearsig.test
===================================================================
--- gnupg-2.0.24.orig/tests/openpgp/clearsig.test
+++ gnupg-2.0.24/tests/openpgp/clearsig.test
@@ -88,23 +88,3 @@ echo_n " " >>y
 echo "$usrpass1" | $GPG --passphrase-fd 0 --clearsign -o x --yes y
 $GPG --verify x
 
-
-# ======================================
-# check our special diff mode
-# ======================================
-cat >y <<EOF
---- mainproc.c	Tue Jun 27 09:28:11 2000
-+++ mainproc.c~ Thu Jun  8 22:50:25 2000
-@@ -1190,16 +1190,13 @@
-		md_enable( c->mfx.md, n1->pkt->pkt.signature->digest_algo);
-	    }
-	    /* ask for file and hash it */
--	    if( c->sigs_only ) {
-+	    if( c->sigs_only )   
-		rc = hash_datafiles( c->mfx.md, NULL,
-				     c->signed_data, c->sigfilename,
-			n1? (n1->pkt->pkt.onepass_sig->sig_class == 0x01):0 );
-EOF
-echo "$usrpass1" | $GPG --passphrase-fd 0 \
-				   --not-dash-escaped --clearsign -o x --yes y
-$GPG --verify x