Removed patch-g10_mainproc.c mostly because this patch was related to

the 1.0.4 release and because the problem was later fixed in 1.0.5 (and
later versions).  Here is a quote from the NEWS file about this issue:

--cut--
* WARNING: The semantics of --verify have changed to address a
problem with detached signature detection. --verify now ignores signed
material given on stdin unless this is requested by using a "-" as the
name for the file with the signed material.  Please check all your
detached signature handling applications and make sure that they don't
pipe the signed material to stdin without using a filename together with
"-" on the the command line.
--cut--

The patch introduce a problem in the way verifying a signature returned
a value of 2 instead of 0 (when the signature was properly verified).
The symptom showed itself in mutt for example.

This problem was found by Anders Arnholm <anders@arnholm.nu>

markus@ asked me to commit this.

security/gnupg/patches/patch-g10_mainproc.c

@@ -1,97 +0,0 @@
-From ftp://ftp.gnupg.org/pub/gcrypt/gnupg/gnupg-1.0.4.security-patch1.diff
-
-Hi!
-
-It has been pointed out that there is another bug in the signature
-verification code of GnuPG.
-
-         * This can easily lead to false positives *
-
-All versions of GnuPG released before today are vulnerable!
-
-To check a detached singature you normally do this:
-
-  gpg --verify foo.sig foo.txt
-
-The problem here is that someone may replace foo.sig with a standard
-signature containing some arbitrary signed text and its signature,
-and then modify foo.txt - GnuPG does not detect this - Ooops.
-
-The solution for this problem ist not easy and needs a change in the
-semantics of the --verify command: It will not any longer be
-possible to do this:
-
-  gpg --verify foo.sig <foo.txt
-  
-Instead you have to use this
-
-  gpg --verify foo.sig - <foo.txt
-  
-The difference here is that gpg sees 2 files on the command lines
-and thereby knows that it should check a detached signature.  We
-really need this information and there is no way to avoid that
-change, sorry.  You should make sure that you never use the first
-form, because this will lead to false positives when foo.sig is not
-a detached signature - gnupg does detect the other case and warns
-you, but this is not sufficient.  If you use GnuPG from other
-applications, please change it.
-
-What to do:
-
-  1. Apply the attached patch to GnuPG 1.0.4
-
-  2. Check all programs which are designed to verify detached
-     signatures, that they don't use the vulnerable way of passing
-     data to GnuPG.
-
-Currently we are reviewing some other minor bug fixes and
-it might take some time to release a fixed version.
-
-I apologize for this bug and have to thank Rene Puls for finding it.
-
-
-  Werner
-
-
-p.s.
-I'd really appreciate if some volunteers can write more regression
-tests; especially those for bugs of this kind.
-Apply the patch using "patch -p1" while in the top directory of the
-GnuPG source.  The patch is against the 1.0.4 release.
-
-
---- g10/mainproc.c.orig	Mon Oct 16 19:12:30 2000
-+++ g10/mainproc.c	Sat Dec 23 14:44:29 2000
-@@ -1296,6 +1296,10 @@ proc_tree( CTX c, KBNODE node )
- 		return;
- 	    }
- 	}
-+	else if ( c->signed_data ) {
-+		log_error (_("not a detached signature\n") );
-+		return;
-+	}
- 
- 	for( n1 = node; (n1 = find_next_kbnode(n1, PKT_SIGNATURE )); )
- 	    check_sig_and_print( c, n1 );
-@@ -1307,6 +1311,10 @@ proc_tree( CTX c, KBNODE node )
-             log_error("cleartext signature without data\n" );
-             return;
-         }
-+	else if ( c->signed_data ) {
-+		log_error (_("not a detached signature\n") );
-+		return;
-+	}
- 	
- 	for( n1 = node; (n1 = find_next_kbnode(n1, PKT_SIGNATURE )); )
- 	    check_sig_and_print( c, n1 );
-@@ -1364,6 +1372,10 @@ proc_tree( CTX c, KBNODE node )
- 		log_error("can't hash datafile: %s\n", g10_errstr(rc));
- 		return;
- 	    }
-+	}
-+	else if ( c->signed_data ) {
-+		log_error (_("not a detached signature\n") );
-+		return;
- 	}
- 	else
- 	    log_info(_("old style (PGP 2.x) signature\n"));