File gnupg-notdash-escape.patch of Package gpg2.42184

commit 947ea3c411f0c14ba002612bb4ab500fba105570
Author: Werner Koch <wk@gnupg.org>
Date:   Mon Dec 29 18:37:08 2025 +0100

    gpg: Deprecate the option --not-dash-escaped.
    
    * g10/options.h (COMPAT_ALLOW_NOT_DASH_ESCAPED): new.
    * g10/gpg.c (compatibility_flags): Add "allow-not-dash-escaped".
    (main): Print a deprecation warning.
    * g10/armor.c (parse_header_line): Ignore the NotDashEscaped header.
    
    * tests/openpgp/clearsig.scm (vectors): Remove test case.
    --
    
    GnuPG-bug-id: 7901

Index: gnupg-2.2.27/doc/gpg.texi
===================================================================
--- gnupg-2.2.27.orig/doc/gpg.texi
+++ gnupg-2.2.27/doc/gpg.texi
@@ -3187,16 +3187,6 @@ be tried.  @option{--no-throw-keyids} di
 is essentially the same as using @option{--hidden-recipient} for all
 recipients.
 
-@item --not-dash-escaped
-@opindex not-dash-escaped
-This option changes the behavior of cleartext signatures
-so that they can be used for patch files. You should not
-send such an armored file via email because all spaces
-and line endings are hashed too. You can not use this
-option for data which has 5 dashes at the beginning of a
-line, patch files don't have this. A special armor header
-line tells GnuPG about this cleartext signature option.
-
 @item --escape-from-lines
 @itemx --no-escape-from-lines
 @opindex escape-from-lines
@@ -3650,6 +3640,18 @@ For internal purposes @command{@gpgname}
 files; They all live in the current home directory (@pxref{option
 --homedir}).  Only the @command{@gpgname} program may modify these files.
 
+@item --not-dash-escaped
+@opindex not-dash-escaped
+This option is deprecated since version 2.5.15 and has actually been
+obsolete for many more years.  The verification code in gpg also
+ignores this special mode unless a compatibility flag has been used.
+This option was used to change the behavior of cleartext signatures so
+that they can be used for patch files. You should not send such an
+armored file via email because all spaces and line endings are hashed
+too. You can not use this option for data which has 5 dashes at the
+beginning of a line, patch files don't have this. A special armor
+header line tells GnuPG about this cleartext signature option.
+
 
 @table @file
   @item ~/.gnupg
Index: gnupg-2.2.27/g10/armor.c
===================================================================
--- gnupg-2.2.27.orig/g10/armor.c
+++ gnupg-2.2.27/g10/armor.c
@@ -479,7 +479,9 @@ parse_header_line( armor_filter_context_
       {
 	if( (hashes=parse_hash_header( line )) )
 	  afx->hashes |= hashes;
-	else if( strlen(line) > 15 && !memcmp( line, "NotDashEscaped:", 15 ) )
+	else if ((opt.compat_flags & COMPAT_ALLOW_NOT_DASH_ESCAPED)
+                 && strlen (line) > 15
+                 && !memcmp( line, "NotDashEscaped:", 15 ) )
 	  afx->not_dash_escaped = 1;
 	else
 	  {
Index: gnupg-2.2.27/g10/gpg.c
===================================================================
--- gnupg-2.2.27.orig/g10/gpg.c
+++ gnupg-2.2.27/g10/gpg.c
@@ -967,6 +967,7 @@ static struct debug_flags_s debug_flags
 /* The list of compatibility flags.  */
 static struct compatibility_flags_s compatibility_flags [] =
   {
+    { COMPAT_ALLOW_NOT_DASH_ESCAPED, "allow-not-dash-escaped" },
     { 0, NULL }
   };
 
@@ -3708,6 +3709,9 @@ main (int argc, char **argv)
     }
 
 
+    if (opt.not_dash_escaped)
+      log_info (_("WARNING: \"%s\" is a deprecated option\n"),
+                "--not-dash-escaped");
     if (opt.set_filesize)
 	log_info(_("Note: %s is not for normal use!\n"), "--set-filesize");
     if( opt.batch )
Index: gnupg-2.2.27/g10/options.h
===================================================================
--- gnupg-2.2.27.orig/g10/options.h
+++ gnupg-2.2.27/g10/options.h
@@ -336,7 +336,7 @@ EXTERN_UNLESS_MAIN_MODULE int memory_sta
 
 /* Compatibility flags */
 /* #define COMPAT_FOO   1 */
-
+#define COMPAT_ALLOW_NOT_DASH_ESCAPED 32 /* Handle NotDashEscaped header.  */
 
 /* Compliance test macors.  */
 #define GNUPG   (opt.compliance==CO_GNUPG || opt.compliance==CO_DE_VS)
Index: gnupg-2.2.27/tests/openpgp/clearsig.scm
===================================================================
--- gnupg-2.2.27.orig/tests/openpgp/clearsig.scm
+++ gnupg-2.2.27/tests/openpgp/clearsig.scm
@@ -78,21 +78,7 @@ there is a blank line after this
     ;; I think this file will be constructed wrong (gpg 0.9.3) but it
     ;; should verify okay anyway.
     ("this is a sig test
- " #f ())
-
-    ;; check our special diff mode
-    ("--- mainproc.c	Tue Jun 27 09:28:11 2000
-+++ mainproc.c~ Thu Jun  8 22:50:25 2000
-@@ -1190,16 +1190,13 @@
-		md_enable( c->mfx.md, n1->pkt->pkt.signature->digest_algo);
-	    }
-	    /* ask for file and hash it */
--	    if( c->sigs_only ) {
-+	    if( c->sigs_only )
-		rc = hash_datafiles( c->mfx.md, NULL,
-				     c->signed_data, c->sigfilename,
-			n1? (n1->pkt->pkt.onepass_sig->sig_class == 0x01):0 );
-" #t (--not-dash-escaped))))
+ " #f ())))
 
 (let ((counter (make-counter)))
   (for-each-p'