From c4fa8b75c2c4083491b231fc5c174d501c077410 Mon Sep 17 00:00:00 2001
From: Evan Hunt <each@isc.org>
Date: Wed, 20 Jul 2016 14:28:15 -0700
Subject: [PATCH] [master] deleted keys not correctly excluded

4415.	[bug]		dnssec-keymgr: Expired/deleted keys were not always
			excluded. [RT #42884]

Patch submitted by Nis Wechselberg (enewe@enbewe.de).
---
 CHANGES                        |  3 +++
 bin/python/isc/keyseries.py.in | 13 ++++++-------
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/CHANGES b/CHANGES
index d403c335b7..adb76a253e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+4415.	[bug]		dnssec-keymgr: Expired/deleted keys were not always
+			excluded. [RT #42884]
+			
 4414.	[bug]		Corrected a bug in the MIPS implementation of
 			isc_atomic_xadd(). [RT #41965]
 
diff --git a/bin/python/isc/keyseries.py.in b/bin/python/isc/keyseries.py.in
index cdcdd62e37..7c6191a868 100644
--- a/bin/python/isc/keyseries.py.in
+++ b/bin/python/isc/keyseries.py.in
@@ -31,15 +31,14 @@ class keyseries:
             for alg, keys in kdict[zone].items():
                 for k in keys.values():
                     if k.sep:
-                        self._K[zone][alg].append(k)
+                        if not (k.delete() and k.delete() < now):
+                          self._K[zone][alg].append(k)
                     else:
-                        self._Z[zone][alg].append(k)
+                        if not (k.delete() and k.delete() < now):
+                          self._Z[zone][alg].append(k)
 
-                for group in [self._K[zone][alg], self._Z[zone][alg]]:
-                    group.sort()
-                    for k in group:
-                        if k.delete() and k.delete() < now:
-                            group.remove(k)
+                self._K[zone][alg].sort()
+                self._Z[zone][alg].sort()
 
     def __iter__(self):
         for zone in self._zones: