Hi Alexander, Alexander Koch <mail@xxxxxxxxxxxxxxxxx> writes: > The recent release of cifs-utils 6.13, more precisely e461afd8cf (which, > to my understanding, is a fix for CVE-2021-20208) makes attempts of > mounting CIFS shares with krb5 fail for me: > > Can anyone tell me if this is a packaging/configuration issue (Arch in > my case) or a bug? It's unfortunately a regression in the CVE fix. We are trying to come up with a proper fix. In the meantime, as a workaround: * you can build cifs-utils --with-libcap=yes (libcap instead of libcapng). This will skip capability dropping in cifs.upcall.c. * Alternatively you can comment out the call to trim_capabilities() in cifs.upcall.c. Cheers, -- Aurélien Aptel / SUSE Labs Samba Team GPG: 1839 CB5F 9F5B FB9B AA97 8C99 03C8 A49B 521B D5D3 SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg, DE GF: Felix Imendörffer, Mary Higgins, Sri Rasiah HRB 247165 (AG München)
