Hi Aurélien,
The recent release of cifs-utils 6.13, more precisely e461afd8cf
(which,
to my understanding, is a fix for CVE-2021-20208) makes attempts of
mounting CIFS shares with krb5 fail for me:
Can anyone tell me if this is a packaging/configuration issue (Arch in
my case) or a bug?
It's unfortunately a regression in the CVE fix. We are trying to come
up
with a proper fix.
In the meantime, as a workaround:
* you can build cifs-utils --with-libcap=yes (libcap instead of
libcapng). This will skip
capability dropping in cifs.upcall.c.
* Alternatively you can comment out the call to trim_capabilities() in
cifs.upcall.c.
Thanks a million for the clarification. For me, downgrading the package
to
6.12 works as an intermediate solution.
I'll open a task on the Arch bugtracker and let the package maintainer
decide what to do with the package until a proper fix is done.
Cheers,
Alex
