Samba bump, if any, could happen after release. No functional changes really unless we go 4.7, but even those changes are not something a normal user without a domain and controller would run into it seems. 4.7 does try to enforce SMB3 usage and discourages SMB1/CIFS for security reasons.
On Tue, Nov 21, 2017, 1:23 PM Joost Ruis <joost.r...@sabayon.org> wrote: > I recently bumped nvidia-drivers for Entropy against all kernels and > wasn't aware that 387.XX is actually a beta version. Just followed what was > done on our overlay: > > > https://github.com/Sabayon/sabayon-distro/commit/f79f1cf16b1c4d1be390823271710ed73bdae83c > > @Francesco any thoughts? > > I must say that I didn't have any problems with them on my gaming laptop. > We hopefully have a newer zfs version available in Entropy, one that also > supports the 4.14 kernel that is currently in Limbo. > > @Ettore should have a say about efivar 0.21 -> 31 && efibootmgr 0.12 -> > 15. I don't touch them. Same goes for sys-boot/grub. > > No opinion about Samba here. If we wanna bump this prior to "the release" > let me know and I will take care off it. > > > On Tue, Nov 21, 2017 at 8:06 PM, SÅ‚awomir Nizio < > slawomir.ni...@sabayon.org> wrote: > >> I can comment on this one for sure: >> >> > Samba (not really sure what to do here. CVE-2017-15275,14746,11103, list >> > goes on an on) we need to be on 4.5.14, but that doesn't cure all the >> > CVE on samba's page but switching to 4.7.2 is just switching to a list >> > of unknown vulnerabilities. Is it really beneficial to go from 4.5 to >> > 4.7? at the very least we should be 4.5.14, but beyond that I'm not sure >> > how we should proceed or the effort it would take to constantly hop as >> > samba updates at a pretty fast pace.. Looking for some insight on this >> > topic. >> >> I'm keeping it in the overlay to fix automatic dependency on Ceph. It >> was fixed in Gentoo in a new version that is not yet stable. >> >> I don't see benefit to switch to unstable (in Gentoo terms) one, unless >> there is a reason to do otherwise, risking the usage of a less tested >> (in theory) version. Also note that in case of a security issue, Gentoo >> would either backport a fix to the older series, or new upstream version >> (in the same "series" or newer) should be stabilized soon enough. >> >> (If there is a version that has a fix on some CVE and is not listed in >> Gentoo bug tracker, it's a good idea to file a bug there.) >> >> > >
