Bug #85040 for GnuPG: $gnupg->verify() fails if signature has OpenPGP notation subpacket

forwarding from http://bugs.debian.org/706742 Version: 0.19-1 Some signatures that i wish to verify have an OpenPGP Notation subpacket in them. You can create these signatures with: echo test > test.txt gpg --sig-notation test@example.net=abc123 --detach-sign --armor test.txt and then you can verify them with: gpg --status-fd 1 --verify test.txt.asc test.txt which produces status-fd output like the following: [GNUPG:] SIG_ID ader2rZR418urkx2zsi3l7YwtvM 2013-05-04 1367652205 [GNUPG:] GOODSIG A52401B11BFDFA5C Daniel Kahn Gillmor <dkg@fifthhorseman.net> [GNUPG:] NOTATION_NAME test@example.net [GNUPG:] NOTATION_DATA abc123 [GNUPG:] VALIDSIG EB9691287A7ADDE3757D911EA52401B11BFDFA5C 2013-05-04 1367652205 0 4 0 1 10 00 0EE5BE979282D80B9F7540F1CCD2ED94D21739E9 [GNUPG:] TRUST_ULTIMATE however, using verify() from perl's GnuPG module causes a crash because it was not expecting NOTATION_NAME or NOTATION_DATA: protocol error: expected VALIDSIG at /usr/share/perl5/GnuPG.pm line 159 GnuPG::abort_gnupg('GnuPG=HASH(0x1285c00)', 'protocol error: expected VALIDSIG') called at /usr/share/perl5/GnuPG.pm line 669 GnuPG::check_sig('GnuPG=HASH(0x1285c00)') called at /usr/share/perl5/GnuPG.pm line 707 GnuPG::verify('GnuPG=HASH(0x1285c00)', 'signature', 'test.txt.asc', 'file', 'test.txt') called at ./vfy.pl line 15 --dkg -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.8-trunk-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libgnupg-perl depends on: ii gnupg 1.4.12-7.1 ii perl 5.14.2-21