#! /bin/sh /usr/share/dpatch/dpatch-run
## dns_acl_merge-bug.dpatch by <russell-debian@stuart.id.au>
## 
## DP: Bind9 was failing with this message in daemon.log:
## DP:   named[15418]: acl.c:403: INSIST(0) failed
## DP: Turns out its caused by this sort of construct:
## DP:   acl a { key a_tsig_key; }
## DP:   acl b { "a"; localhost; }
## DP: When acl b is created, acl a is merged into it.  The insertion
## DP: point for the next element isn't adjusted after the merge so
## DP: the localhost entry then overwrites the "key a_tsig_key" entry.

@DPATCH@
diff -Nur bind9-9.5.0.dfsg.P1/lib/isccfg/aclconf.c bind9-9.5.0.dfsg.P1.new/lib/isccfg/aclconf.c
--- bind9-9.5.0.dfsg.P1/lib/isccfg/aclconf.c	2007-12-21 16:46:47.000000000 +1000
+++ bind9-9.5.0.dfsg.P1.new/lib/isccfg/aclconf.c	2008-07-30 13:29:50.000000000 +1000
@@ -287,6 +287,7 @@
 			} else {
 				dns_acl_merge(dacl, inneracl,
 					      ISC_TF(!neg));
+				de = &dacl->elements[dacl->length];
 				dns_acl_detach(&inneracl);
 				continue;
 			}