136 lines
4.8 KiB
Diff
136 lines
4.8 KiB
Diff
commit 947ea3c411f0c14ba002612bb4ab500fba105570
|
|
Author: Werner Koch <wk@gnupg.org>
|
|
Date: Mon Dec 29 18:37:08 2025 +0100
|
|
|
|
gpg: Deprecate the option --not-dash-escaped.
|
|
|
|
* g10/options.h (COMPAT_ALLOW_NOT_DASH_ESCAPED): new.
|
|
* g10/gpg.c (compatibility_flags): Add "allow-not-dash-escaped".
|
|
(main): Print a deprecation warning.
|
|
* g10/armor.c (parse_header_line): Ignore the NotDashEscaped header.
|
|
|
|
* tests/openpgp/clearsig.scm (vectors): Remove test case.
|
|
--
|
|
|
|
GnuPG-bug-id: 7901
|
|
|
|
Index: gnupg-2.4.4/doc/gpg.texi
|
|
===================================================================
|
|
--- gnupg-2.4.4.orig/doc/gpg.texi
|
|
+++ gnupg-2.4.4/doc/gpg.texi
|
|
@@ -3480,16 +3480,6 @@ be tried. @option{--no-throw-keyids} di
|
|
is essentially the same as using @option{--hidden-recipient} for all
|
|
recipients.
|
|
|
|
-@item --not-dash-escaped
|
|
-@opindex not-dash-escaped
|
|
-This option changes the behavior of cleartext signatures
|
|
-so that they can be used for patch files. You should not
|
|
-send such an armored file via email because all spaces
|
|
-and line endings are hashed too. You can not use this
|
|
-option for data which has 5 dashes at the beginning of a
|
|
-line, patch files don't have this. A special armor header
|
|
-line tells GnuPG about this cleartext signature option.
|
|
-
|
|
@item --escape-from-lines
|
|
@itemx --no-escape-from-lines
|
|
@opindex escape-from-lines
|
|
@@ -3949,6 +3939,18 @@ This option is deprecated and has no mor
|
|
@item --aead-algo @var{name}
|
|
This option is deprecated and has no more effect since version 2.3.9.
|
|
|
|
+@item --not-dash-escaped
|
|
+@opindex not-dash-escaped
|
|
+This option is deprecated since version 2.5.15 and has actually been
|
|
+obsolete for many more years. The verification code in gpg also
|
|
+ignores this special mode unless a compatibility flag has been used.
|
|
+This option was used to change the behavior of cleartext signatures so
|
|
+that they can be used for patch files. You should not send such an
|
|
+armored file via email because all spaces and line endings are hashed
|
|
+too. You can not use this option for data which has 5 dashes at the
|
|
+beginning of a line, patch files don't have this. A special armor
|
|
+header line tells GnuPG about this cleartext signature option.
|
|
+
|
|
|
|
@end table
|
|
|
|
Index: gnupg-2.4.4/g10/armor.c
|
|
===================================================================
|
|
--- gnupg-2.4.4.orig/g10/armor.c
|
|
+++ gnupg-2.4.4/g10/armor.c
|
|
@@ -502,7 +502,9 @@ parse_header_line( armor_filter_context_
|
|
{
|
|
if( (hashes=parse_hash_header( line )) )
|
|
afx->hashes |= hashes;
|
|
- else if( strlen(line) > 15 && !memcmp( line, "NotDashEscaped:", 15 ) )
|
|
+ else if ((opt.compat_flags & COMPAT_ALLOW_NOT_DASH_ESCAPED)
|
|
+ && strlen (line) > 15
|
|
+ && !memcmp( line, "NotDashEscaped:", 15 ) )
|
|
afx->not_dash_escaped = 1;
|
|
else
|
|
{
|
|
Index: gnupg-2.4.4/g10/gpg.c
|
|
===================================================================
|
|
--- gnupg-2.4.4.orig/g10/gpg.c
|
|
+++ gnupg-2.4.4/g10/gpg.c
|
|
@@ -1032,6 +1032,7 @@ static struct debug_flags_s debug_flags
|
|
/* The list of compatibility flags. */
|
|
static struct compatibility_flags_s compatibility_flags [] =
|
|
{
|
|
+ { COMPAT_ALLOW_NOT_DASH_ESCAPED, "allow-not-dash-escaped" },
|
|
{ 0, NULL }
|
|
};
|
|
|
|
@@ -3862,6 +3863,11 @@ main (int argc, char **argv)
|
|
comopt.keyboxd_program = NULL;
|
|
}
|
|
|
|
+ if (opt.not_dash_escaped)
|
|
+ log_info (_("WARNING: \"%s\" is a deprecated option\n"),
|
|
+ "--not-dash-escaped");
|
|
+
|
|
+
|
|
if (comopt.no_autostart)
|
|
opt.autostart = 0;
|
|
|
|
Index: gnupg-2.4.4/g10/options.h
|
|
===================================================================
|
|
--- gnupg-2.4.4.orig/g10/options.h
|
|
+++ gnupg-2.4.4/g10/options.h
|
|
@@ -375,7 +375,7 @@ EXTERN_UNLESS_MAIN_MODULE int memory_sta
|
|
|
|
/* Compatibility flags */
|
|
/* #define COMPAT_FOO 1 */
|
|
-
|
|
+#define COMPAT_ALLOW_NOT_DASH_ESCAPED 32 /* Handle NotDashEscaped header. */
|
|
|
|
/* Compliance test macors. */
|
|
#define GNUPG (opt.compliance==CO_GNUPG || opt.compliance==CO_DE_VS)
|
|
Index: gnupg-2.4.4/tests/openpgp/clearsig.scm
|
|
===================================================================
|
|
--- gnupg-2.4.4.orig/tests/openpgp/clearsig.scm
|
|
+++ gnupg-2.4.4/tests/openpgp/clearsig.scm
|
|
@@ -78,21 +78,7 @@ there is a blank line after this
|
|
;; I think this file will be constructed wrong (gpg 0.9.3) but it
|
|
;; should verify okay anyway.
|
|
("this is a sig test
|
|
- " #f ())
|
|
-
|
|
- ;; check our special diff mode
|
|
- ("--- mainproc.c Tue Jun 27 09:28:11 2000
|
|
-+++ mainproc.c~ Thu Jun 8 22:50:25 2000
|
|
-@@ -1190,16 +1190,13 @@
|
|
- md_enable( c->mfx.md, n1->pkt->pkt.signature->digest_algo);
|
|
- }
|
|
- /* ask for file and hash it */
|
|
-- if( c->sigs_only ) {
|
|
-+ if( c->sigs_only )
|
|
- rc = hash_datafiles( c->mfx.md, NULL,
|
|
- c->signed_data, c->sigfilename,
|
|
- n1? (n1->pkt->pkt.onepass_sig->sig_class == 0x01):0 );
|
|
-" #t (--not-dash-escaped))))
|
|
+ " #f ())))
|
|
|
|
(let ((counter (make-counter)))
|
|
(for-each-p'
|