Version in base suite: 5.1.7-1
Version in overlay suite: 5.1.7-1+deb11u1

Base version: autofs_5.1.7-1+deb11u1
Target version: autofs_5.1.7-1+deb11u2
Base file: /srv/ftp-master.debian.org/ftp/pool/main/a/autofs/autofs_5.1.7-1+deb11u1.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/a/autofs/autofs_5.1.7-1+deb11u2.dsc

 changelog                                             |    7 
 patches/dont-probe-interface-that-cant-send-pac.patch |  160 ++++++++++++++++++
 patches/series                                        |    2 
 patches/use-correct-reference-for-IN6-macro-cal.patch |   41 ++++
 4 files changed, 210 insertions(+)

diff -Nru autofs-5.1.7/debian/changelog autofs-5.1.7/debian/changelog
--- autofs-5.1.7/debian/changelog	2023-07-10 17:01:17.000000000 +0000
+++ autofs-5.1.7/debian/changelog	2023-08-08 08:31:29.000000000 +0000
@@ -1,3 +1,10 @@
+autofs (5.1.7-1+deb11u2) bullseye; urgency=medium
+
+  * use correct reference for IN6 macro call
+  * dont probe interface that cant send packet (Closes: #1041051)
+
+ -- Salvatore Bonaccorso <carnil@debian.org>  Tue, 08 Aug 2023 10:31:29 +0200
+
 autofs (5.1.7-1+deb11u1) bullseye; urgency=medium
 
   * debian/patches:
diff -Nru autofs-5.1.7/debian/patches/dont-probe-interface-that-cant-send-pac.patch autofs-5.1.7/debian/patches/dont-probe-interface-that-cant-send-pac.patch
--- autofs-5.1.7/debian/patches/dont-probe-interface-that-cant-send-pac.patch	1970-01-01 00:00:00.000000000 +0000
+++ autofs-5.1.7/debian/patches/dont-probe-interface-that-cant-send-pac.patch	2023-08-08 08:30:32.000000000 +0000
@@ -0,0 +1,160 @@
+From: Ian Kent <raven@themaw.net>
+Date: Thu, 13 Jul 2023 10:44:49 +0800
+Subject: autofs-5.1.8 - dont probe interface that cant send packet
+Origin: https://www.spinics.net/lists/autofs/msg02667.html
+Bug-Debian: https://bugs.debian.org/1041051
+
+When calculating the proximity add checks for basic reachability.
+
+If an interface doesn't have an address of the family of the target
+host, or the interface address is the IPv6 link local address, or
+the target host address is the IPv6 link local address then don't
+add it to the list of hosts to probe.
+
+Reported-by: Salvatore Bonaccorso <carnil@debian.org>
+Tested-by: Salvatore Bonaccorso <carnil@debian.org>
+Cc: Goldwyn Rodrigues <rgoldwyn@suse.de>
+Cc: Mike Gabriel <sunweaver@debian.org>
+Signed-off-by: Ian Kent <raven@themaw.net>
+---
+ CHANGELOG            |  1 +
+ lib/parse_subs.c     | 36 +++++++++++++++++++++++++++++++++++-
+ modules/replicated.c | 19 +++++++++++--------
+ 3 files changed, 47 insertions(+), 9 deletions(-)
+
+diff --git a/lib/parse_subs.c b/lib/parse_subs.c
+index 0ee00d517718..3c95996eaf02 100644
+--- a/lib/parse_subs.c
++++ b/lib/parse_subs.c
+@@ -218,7 +218,7 @@ unsigned int get_proximity(struct sockaddr *host_addr)
+ 	int addr_len;
+ 	char buf[MAX_ERR_BUF];
+ 	uint32_t mask, ha, ia, *mask6, *ha6, *ia6;
+-	int ret;
++	int ret, at_least_one;
+ 
+ 	addr = NULL;
+ 	addr6 = NULL;
+@@ -228,6 +228,7 @@ unsigned int get_proximity(struct sockaddr *host_addr)
+ 	ha6 = NULL;
+ 	ia6 = NULL;
+ 	ha = 0;
++	at_least_one = 0;
+ 
+ 	switch (host_addr->sa_family) {
+ 	case AF_INET:
+@@ -245,6 +246,14 @@ unsigned int get_proximity(struct sockaddr *host_addr)
+ 		hst6_addr = (struct in6_addr *) &addr6->sin6_addr;
+ 		ha6 = &hst6_addr->s6_addr32[0];
+ 		addr_len = sizeof(*hst6_addr);
++
++		/* The link-local address always seems to be a problem so
++		 * ignore it when trying to work out if the address we have
++		 * is reachable.
++		 */
++		if (IN6_IS_ADDR_LINKLOCAL(hst6_addr))
++			return PROXIMITY_UNSUPPORTED;
++
+ 		break;
+ #endif
+ 
+@@ -278,6 +287,14 @@ unsigned int get_proximity(struct sockaddr *host_addr)
+ 				freeifaddrs(ifa);
+ 				return PROXIMITY_LOCAL;
+ 			}
++
++			/* If the target address is the loopback address it will
++			 * have matched above so we can ignore it when trying to
++			 * work out if the address we have is reachable.
++			 */
++			if (addr->sin_addr.s_addr != INADDR_LOOPBACK)
++				at_least_one = 1;
++
+ 			break;
+ 
+ 		case AF_INET6:
+@@ -290,6 +307,15 @@ unsigned int get_proximity(struct sockaddr *host_addr)
+ 				freeifaddrs(ifa);
+ 				return PROXIMITY_LOCAL;
+ 			}
++
++			/* If the interface address is the loopback address it will
++			 * have matched above so we can ignore it and the link-local
++			 * address always seems to be a problem so ignore it too when
++			 * trying to work out if the address we have is reachable.
++			 */
++			if (!IN6_IS_ADDR_LINKLOCAL(&if6_addr->sin6_addr) &&
++			    !IN6_IS_ADDR_LOOPBACK(&if6_addr->sin6_addr))
++				at_least_one = 1;
+ #endif
+ 		default:
+ 			break;
+@@ -297,6 +323,11 @@ unsigned int get_proximity(struct sockaddr *host_addr)
+ 		this = this->ifa_next;
+ 	}
+ 
++	if (!at_least_one) {
++		freeifaddrs(ifa);
++		return PROXIMITY_UNSUPPORTED;
++	}
++
+ 	this = ifa;
+ 	while (this) {
+ 		if (!(this->ifa_flags & IFF_UP) ||
+@@ -353,6 +384,9 @@ unsigned int get_proximity(struct sockaddr *host_addr)
+ 			if6_addr = (struct sockaddr_in6 *) this->ifa_addr;
+ 			ia6 = &if6_addr->sin6_addr.s6_addr32[0];
+ 
++			if (IN6_IS_ADDR_LINKLOCAL(&if6_addr->sin6_addr))
++				break;
++
+ 			/* Is the address within the network of the interface */
+ 
+ 			msk6_addr = (struct sockaddr_in6 *) this->ifa_netmask;
+diff --git a/modules/replicated.c b/modules/replicated.c
+index 2e628123d64b..5e2f8b17c136 100644
+--- a/modules/replicated.c
++++ b/modules/replicated.c
+@@ -926,6 +926,15 @@ static int add_new_host(struct host **list,
+ 
+ 	prx = get_proximity(host_addr->ai_addr);
+ 
++	/*
++	 * If we tried to add an IPv6 address and we don't have IPv6
++	 * support (or the host_addr type doesn't match that of any
++	 * of the interface addresses or looks unreachable) return
++	 * success in the hope of getting a valid address later.
++	 */
++	if (prx == PROXIMITY_UNSUPPORTED)
++		return 1;
++
+ 	/*
+ 	 * If we want the weight to be the determining factor
+ 	 * when selecting a host, or we are using random selection,
+@@ -938,13 +947,6 @@ static int add_new_host(struct host **list,
+ 		       MOUNT_FLAG_RANDOM_SELECT)))
+ 		prx = PROXIMITY_SUBNET;
+ 
+-	/*
+-	 * If we tried to add an IPv6 address and we don't have IPv6
+-	 * support return success in the hope of getting an IPv4
+-	 * address later.
+-	 */
+-	if (prx == PROXIMITY_UNSUPPORTED)
+-		return 1;
+ 	if (prx == PROXIMITY_ERROR)
+ 		return 0;
+ 
+@@ -1038,7 +1040,8 @@ try_name:
+ 		} else if (this->ai_family == AF_INET6) {
+ 			struct sockaddr_in6 *addr = (struct sockaddr_in6 *) this->ai_addr;
+ 
+-			if (!IN6_IS_ADDR_LOOPBACK(&addr->sin6_addr))
++			if (!IN6_IS_ADDR_LOOPBACK(&addr->sin6_addr) &&
++			    !IN6_IS_ADDR_LINKLOCAL(&addr->sin6_addr))
+ 				rr6++;
+ 		}
+ 		this = this->ai_next;
+-- 
+2.40.1
+
diff -Nru autofs-5.1.7/debian/patches/series autofs-5.1.7/debian/patches/series
--- autofs-5.1.7/debian/patches/series	2023-07-05 10:14:29.000000000 +0000
+++ autofs-5.1.7/debian/patches/series	2023-08-08 08:30:32.000000000 +0000
@@ -11,3 +11,5 @@
 fix-nfs4-mounts-in-auto-net.patch
 fix-nfs4-only-mounts-should-not-use-rpcbind.patch
 fix-missing-unlock-in-sasl-do-kinit-ext-cc.patch
+use-correct-reference-for-IN6-macro-cal.patch
+dont-probe-interface-that-cant-send-pac.patch
diff -Nru autofs-5.1.7/debian/patches/use-correct-reference-for-IN6-macro-cal.patch autofs-5.1.7/debian/patches/use-correct-reference-for-IN6-macro-cal.patch
--- autofs-5.1.7/debian/patches/use-correct-reference-for-IN6-macro-cal.patch	1970-01-01 00:00:00.000000000 +0000
+++ autofs-5.1.7/debian/patches/use-correct-reference-for-IN6-macro-cal.patch	2023-08-08 08:28:34.000000000 +0000
@@ -0,0 +1,41 @@
+From: Ian Kent <raven@themaw.net>
+Date: Thu, 13 Jul 2023 10:44:43 +0800
+Subject: autofs-5.1.8 - use correct reference for IN6 macro call
+Origin https://www.spinics.net/lists/autofs/msg02669.html
+Bug-Debian: https://bugs.debian.org/1041051
+
+While the usage isn't strickly wrong it's also not correct and it
+passes compiler checks but it doesn't match the usage within the
+macro it's passed to.
+
+Change it to match the IN6_* macro definition to reduce the potential
+for confusion.
+
+Signed-off-by: Ian Kent <raven@themaw.net>
+---
+ CHANGELOG            | 1 +
+ modules/replicated.c | 4 +++-
+ 2 files changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/modules/replicated.c b/modules/replicated.c
+index cdb7c6173454..2e628123d64b 100644
+--- a/modules/replicated.c
++++ b/modules/replicated.c
+@@ -1032,11 +1032,13 @@ try_name:
+ 	while (this) {
+ 		if (this->ai_family == AF_INET) {
+ 			struct sockaddr_in *addr = (struct sockaddr_in *) this->ai_addr;
++
+ 			if (addr->sin_addr.s_addr != INADDR_LOOPBACK)
+ 				rr4++;
+ 		} else if (this->ai_family == AF_INET6) {
+ 			struct sockaddr_in6 *addr = (struct sockaddr_in6 *) this->ai_addr;
+-			if (!IN6_IS_ADDR_LOOPBACK(addr->sin6_addr.s6_addr32))
++
++			if (!IN6_IS_ADDR_LOOPBACK(&addr->sin6_addr))
+ 				rr6++;
+ 		}
+ 		this = this->ai_next;
+-- 
+2.40.1
+