This commit was manufactured by cvs2git to create branch

'custom_WFB_v9_6_0_P1'.

CHANGES

@@ -1,3 +1,6 @@
+        --- 9.6.0-P1 released ---
+
+2522.	[security]	Handle -1 from DSA_do_verify() and EVP_verify().
 
 	--- 9.6.0 released ---
 

lib/dns/api

@@ -1,3 +1,3 @@
 LIBINTERFACE = 50
-LIBREVISION = 2
+LIBREVISION = 3
 LIBAGE = 0

lib/dns/openssldsa_link.c

@@ -29,7 +29,7 @@
  * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: openssldsa_link.c,v 1.13 2008/04/01 23:47:10 tbox Exp $ */
+/* $Id: openssldsa_link.c,v 1.13.126.1 2008/12/24 00:20:14 marka Exp $ */
 
 #ifdef OPENSSL
 #ifndef USE_EVP
@@ -277,7 +277,7 @@ openssldsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
 	status = DSA_do_verify(digest, ISC_SHA1_DIGESTLENGTH, dsasig, dsa);
 #endif
 	DSA_SIG_free(dsasig);
-	if (status == 0)
+	if (status != 1)
 		return (dst__openssl_toresult(DST_R_VERIFYFAILURE));
 
 	return (ISC_R_SUCCESS);

lib/dns/opensslrsa_link.c

@@ -17,7 +17,7 @@
 
 /*
  * Principal Author: Brian Wellington
- * $Id: opensslrsa_link.c,v 1.20 2008/09/24 02:46:22 marka Exp $
+ * $Id: opensslrsa_link.c,v 1.20.56.1 2008/12/24 00:20:14 marka Exp $
  */
 #ifdef OPENSSL
 #ifndef USE_EVP
@@ -325,7 +325,7 @@ opensslrsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
 	status = RSA_verify(type, digest, digestlen, sig->base,
 			    RSA_size(rsa), rsa);
 #endif
-	if (status == 0)
+	if (status != 1)
 		return (dst__openssl_toresult(DST_R_VERIFYFAILURE));
 
 	return (ISC_R_SUCCESS);

version

@@ -1,4 +1,4 @@
-# $Id: version,v 1.43.12.2 2008/12/21 22:21:57 marka Exp $
+# $Id: version,v 1.43.12.2.2.1 2008/12/24 00:20:14 marka Exp $
 # 
 # This file must follow /bin/sh rules.  It is imported directly via
 # configure.
@@ -6,5 +6,5 @@
 MAJORVER=9
 MINORVER=6
 PATCHVER=0
-RELEASETYPE=
-RELEASEVER=
+RELEASETYPE=-P
+RELEASEVER=1