Commit Graph

6213 Commits

Author SHA1 Message Date
Aravind Mani
1740beb1f2
[sonic-cfggen]: Fix sonic-cfggen build failures for armhf (#10132)
Why I did it
amrhf build fails while building sonic-config-engine whl package
https://dev.azure.com/mssonic/be1b070f-be15-4154-aade-b1d3bfb17054/_apis/build/builds/77089/logs/9

The reason for the failure is due to the fact that there is a new line generated at the top of the file in buffer config test cases while building for broadcom based platform and this issue is not seen in Marvell based platforms.

How I did it
Removed the new line for all the buffer test cases as there is no need to add it and accordingly changed the buffer_config.j2 where the new line is generated.
2022-03-02 13:06:20 -08:00
Maxime Lorrillere
7891760fd0
[yang-models] Add chassis fields to device_metadata (#10006)
This change is adding asic_name, switch_id, switch_type and max_cores to sonic-device_metadata.yang
This should fix issue #9575

Co-authored-by: Maxime Lorrillere <mlorrillere@arista.com>
2022-03-02 16:10:04 +08:00
ganglv
3bb87c03a1
[yang]: Add yang models for BGP_PEER_RANGE table (#10082)
Why I did it
end2end test is blocked by Yang model for BGP_PEER_RANGE.

How I did it
Add new yang models.

How to verify it
Run UT for sonc-yang-models.

Signed-off-by: Gang Lv ganglv@microsoft.com
2022-03-02 10:09:41 +08:00
jostar-yang
76363cfa16
[AS7326-5X] Fix code bug for led drv (#8555)
Signed-off-by: Jostar Yang <jostar_yang@accton.com.tw>
2022-03-01 13:33:42 -08:00
jostar-yang
74e790c89f
[as7816-64x]Modify to check specific DUT (#7826)
AS7816 support AT or non-AT DUT. They use different pmbus i2c bus. So use "pre_pddf_init.sh" to check this case.

Signed-off-by: Jostar Yang <jostar_yang@accton.com.tw>
2022-03-01 13:09:17 -08:00
jostar-yang
b617ffd88c
[AS9716-32d] Modify check eeprom via pre_pddf sh (#7827)
Modify to use pre_pddf_init.sh to check eeprom is 0x57 or 0x56.

Signed-off-by: Jostar Yang <jostar_yang@accton.com.tw>
2022-03-01 13:08:03 -08:00
Lawrence Lee
47d9b26063
Revert "[swss]: Wait for vlan intf to start ndppd (#10036)" (#10085)
This reverts commit 91204879df.

#10036 breaks ndppd functionality
2022-02-28 15:42:02 -08:00
Aravind Mani
6c31fc65ff
Dell: S6100 fix xcvrd crash (#10062) 2022-02-28 13:13:52 -08:00
Saikrishna Arcot
afa18e2856
[build_debian.sh]: Fix /var/log having 0750 permissions instead of 0755 (#10031)
PR #9481 changed auditd's log directory to be /var/log instead of
/var/log/audit, because SONiC mounts a disk image at /var/log during
runtime, and so the /var/log/audit directory might not exist (since it
would've been created during package installation, mounting another
partition at /var/log will hide it). However, for security reasons,
auditd changes the log directory to have 0750 permissions, so that not
everyone knows about the audit logs or read them.

To fix this, revert the change to auditd's log directory, and tell
systemd to create the audit log directory at runtime if it doesn't
exist. Because the disk image gets mounted during initramfs (before
systemd starts), systemd will make sure that the /var/log/audit
directory will exist.

Fixes #9548 and #10015

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
2022-02-28 11:46:50 -08:00
Alexander Allen
7c4fbf0455
[Mellanox] Add patch to hw-mgmt to prevent loading of non-existent kernel modules (#10073)
- Why I did it
The latest upgrade of Mellanox hw-mgmt V7.0020.1300 introduced a couple new kernel modules for new Mellanox platforms that have yet to be upstreamed to the linux kernel.

As these new platforms do not have SONiC support we elected not to upstream these new drivers to sonic-linux-kernel but hw-mgmt expects them to exist which is causing a non-functional error on switch boot.

Feb 15 00:09:55.374130 r-leopard-simx-74 ERR systemd-modules-load[269]: Failed to find module 'emc2305'
Feb 15 00:09:55.374141 r-leopard-simx-74 ERR systemd-modules-load[269]: Failed to find module 'ads1015'
To resolve this we can patch hw-mgmt to no longer attempt to load these modules by default.

- How I did it
Added a SONiC patch to Mellanox hw-mgmt in order to remove the unused kernel modules which were not upstreamed to sonic-linux-kernel

- How to verify it
Boot switch and verify there are no error logs regarding kernel modules failing to load.
2022-02-28 08:08:19 +02:00
Rajkumar-Marvell
5daf482a95
[Marevell] Fix armhf build failure (#9875)
Signed-off-by: Rajkumar Pennadam Ramamoorthy <rpennadamram@marvell.com>
2022-02-28 13:40:58 +08:00
Yang Wang
b8fa5e0d8d
install xmlrunner python3 version (#10086) 2022-02-28 11:21:04 +08:00
Junchao-Mellanox
47870cecfc
Stop PMON before swss during warm reboot (#10046)
- Why I did it
Stopping swss and syncd causes some driver module unloading. Those driver modules are depended by PMON. This could trigger ERROR logs in syslog.

- How I did it
Adjust warmboot shutdown order in make file

- How to verify it
Manual test
2022-02-27 11:47:15 +02:00
saksarav-nokia
5e1acf0225
[Nokia][platform]Modify BCM config & platform_reboot for Nokia-IXR7250E-36x400G (#9990)
Signed-off-by: Sakthivadivu Saravanaraj <sakthivadivu.saravanaraj@nokia.com>
2022-02-25 19:57:38 -08:00
Alexander Allen
8dc00ef4e1
[mellanox] Fix DPB supported breakout modes (#10072) 2022-02-25 18:33:35 +05:30
Lawrence Lee
91204879df
[swss]: Wait for vlan intf to start ndppd (#10036)
- Use the `wait_for_link.sh` script to delay ndppd start until after the VLAN interface is ready
- Avoids issue where ndppd tries to change interface attributes before the interface is ready

Signed-off-by: Lawrence Lee <lawlee@microsoft.com>
2022-02-24 17:54:45 -08:00
Qi Luo
c9cf4d9ff0
sonic-slave-buster pins the versions of Jinja2 and MarkupSafe in py3 (#10043)
#### Why I did it
Upstream breaking change, ref discussion https://github.com/pallets/markupsafe/issues/282
2022-02-24 17:00:13 -08:00
xumia
b101b023d3
[Security]: Upgrade urllib3 to fix CVE-2021-33503
See https://security.archlinux.org/CVE-2021-33503
2022-02-25 08:59:57 +08:00
Lawrence Lee
a50d1f1fc8
[write_standby]: Increase timeout to 60s (#10065)
- Avoid scenarios where script times out before orchagent can establish IPinIP tunnel

Signed-off-by: Lawrence Lee <lawlee@microsoft.com>
2022-02-24 14:55:45 -08:00
arlakshm
fd22635de0
[chassis][bgp] create v4 and v6 peer group for VoQ internal neighbors (#9693)
Why I did it
In the recent minigraph changes we add separate BGP session configuration for V4 and V6 internal VoQ neighbors.
This PR is adding different Peer groups for V4 and V6 neighbors

How I did it
Add VOQ_CHASSIS_V4_PEER and VOQ_CHASSIS_V6_PEER groups
Add extra Unit tests

How to verify it

Signed-off-by: Arvindsrinivasan Lakshmi Narasimhan <arlakshm@microsoft.com>
2022-02-24 11:21:26 -08:00
abdosi
2bfad16ae1
Fix Headroom value for 7260C64 SKU (#10075)
Updated the Headroom value for (100G,5m) in 7260C64 SKU.
2022-02-24 10:06:43 -08:00
Junchao-Mellanox
fe59e0f2c0
[Mellanox] Fix issue: thermal zone threshold value 0 causes fan speed stuck at 100% (#10057)
- Why I did it
In SONiC thermal control algorithm, it compares thermal zone temperature with thermal zone threshold. Previously, a thermal zone with no thermal sensor can still get its threshold. However, a recently driver patch changes this behavior: a thermal zone with no thermal sensor will return 0 for threshold. We need to ignore such thermal zone.

- How I did it
Ignore thermal zones whose temperature is 0.

- How to verify it
Added unit test case and Manual test
2022-02-24 12:05:56 +02:00
Junchao-Mellanox
d82eafd8ae
[system-health] Fix file handle leak (#10059)
- Why I did it
swsscommon.ConfigDBConnector does not automatically close connection when the instance is recycled by python. So, it should not create this instance each time calling check_services. It will cause error like Failed to read from file /var/run/hw-management/led/led_status_capability - OSError(24, 'Too many open files')

- How I did it
Only connect DB once in init

- How to verify it
Manual test
2022-02-24 11:29:59 +02:00
Zhaohui Sun
44028723ef
Split kvmtest t0 job into two jobs and run in parallel (#10044)
Why I did it
Introduce 2 sub jobs for kvmtest t0 job in sonic-mgmt repo in PR Azure/sonic-mgmt#4861
But in sonic-buildimage repo, because section parameter is null, it always run the part 2 test scripts in kvmtest t0 job.
It missed the part 1 test scripts in kvmtest.sh.

How I did it
Split kvmtest t0 job into two sub jobs such as sonic-mgmt repo and run them in parallel to save time.

How to verify it
Submit PR will trigger the pipeline to run.

Signed-off-by: Zhaohui Sun <zhaohuisun@microsoft.com>
2022-02-24 10:20:24 +08:00
wenyiz2021
2d0b063191
Update container_checker for multi-asic devices when state is 'always_enabled' (#10067)
* Update container_checker for multi-asic devices 

Update container_checker for multi-asic devices to add database containers in always_running_containers. 
Previous change was made for single-asic, and that database containers were not considered as feature when writing to state_db.

* Update container_checker

Update an indent
2022-02-23 18:06:30 -08:00
Junchao-Mellanox
72477bcac8
[submodule] Update submodule for sonic-swss-common (#10012)
*9eac0ae Add support for route flow counter (#576)
*2262c01 [VS] Increase test timout to 360min (#582)
*a2b8161 [ci] pipeline fixes for VS test (#581)
2022-02-23 17:55:37 -08:00
vmittal-msft
bc1dfea619
Updated traffic scheduler settings for HWSKUs : DellEMC-Z9332f-O32 and DellEMC-Z9332f-M-O16C64 (#9828) 2022-02-23 17:22:41 -08:00
Ze Gan
937ffbdb05
[submodule]: Update sonic-sairedis (#10061)
Signed-off-by: Ze Gan <ganze718@gmail.com>

b9337dc (HEAD, origin/master, origin/HEAD) [vslib]: Fix MACsec bug in SCI and XPN (#1003)
edbceb9 [syncd][vslib] Keep new warm boot discovered SERDES objects (#985)
af5c156 Fix build issues on gcc-10 (#999)
1445cd5 update SAI submoule (#1001)
48fe704 [ci] pipeline fixes for VS test (#1002)
f484cf9 Enable SAI_SWITCH_ATTR_UNINIT_DATA_PLANE_ON_REMOVAL attribute (#975)
5d0b22d Enable SAI_SWITCH_ATTR_UNINIT_DATA_PLANE_ON_REMOVAL attribute (#975)
1b8ce97 (origin/202111) [pipeline] Download swss common artifact in a separated directory (#995)
7a2e096 Change sonic-buildimage.vs artifact source from CI build to official build. (#992)
2022-02-23 19:31:41 +08:00
Xin Wang
9fe128c8e8
Fix issue of parsing syseeprom value with whitespace in middle (#10021)
Fixes #10020

Why I did it
The platform api for parsing syseeprom information read from STATE DB has issue
with parsing the value part that has whitespace in the middle. The current
code assumes that the value part does not have whitespace. So everything after
the whitespace will be ignored. The syseeprom values returned from platform
API do not match the output of "show platform syseeprom".

How I did it
This change improved the regular expression for parsing syseeprom values to
accommodate whitespaces in the value.

How to verify it
Locally updated the code on a dx010 device. Call the platform API:
```
>>> import sonic_platform
>>> platform = sonic_platform.platform.Platform()
>>> chassis = platform.get_chassis()
>>> chassis.get_system_eeprom_info()
{'0x21': 'DX010', '0x22': 'R0872-F0020-02', '0x23': 'DX010B2F030A27BY200002', '0x24': '00:E0:EC:E7:71:0F', '0x25': '11/03/2020 21:22:56', '0x26': '3', '0x27': 'Seastone', '0x28': 'RANGELEY', '0x29': '2014.08', '0x2A': '131', '0x2B': 'CELESTICA', '0x2C': 'THA', '0x2D': 'Celestica', '0x2E': '1.0.5', '0x2F': 'LB', '0xFD': '', '0xFE': '0xAAB39BDB'}
```

Signed-off-by: Xin Wang <xiwang5@microsoft.com>
2022-02-23 10:33:34 +08:00
Richard.Yu
2489727c46
Generate sai.profile from j2 tempalte when saiserver start (#10022)
Generate the sai.profile base on the brcm j2 file if the sai.profile
is not existing in the dut mounted folder.
Change the supervisor service configuration accordingly.

Testing done:
Add the script and config in dut
saiservice server can start automatically with [systemctl start saiserver]

Signed-off-by: richardyu-ms <richard.yu@microsoft.com>
2022-02-22 18:33:16 -08:00
Ze Gan
4a2a0df607
[submodule]: Update sonic-swss (#9978)
* Update sonic-swss

Signed-off-by: Ze Gan <ganze718@gmail.com>

* update swss

Signed-off-by: Ze Gan <ganze718@gmail.com>

* Update submodule update-swss

Signed-off-by: Ze Gan <ganze718@gmail.com>
2022-02-23 09:18:05 +08:00
Nazarii Hnydyn
55e7a14f04
[submodule]: Advance sonic-utilities. (#10058)
```
Commits on Jan 31, 2022
[sonic-package-manager] implement blocking feature state change (#2035) 

Commits on Feb 12, 2022
[ci] pipeline fixes for VS test (#2059) 

Commits on Feb 14, 2022
[ci] allow download partially succeeded suilds for sonic-swss-pytests… 
[build] allowPartiallySucceededBuilds true in the step of download so… 

Commits on Feb 16, 2022
[config] Fix snmpagentaddress doesn't support the uppercase letters f… 

Commits on Feb 17, 2022
[ci] Fix pipeline on build_and_install_module (#2074) 
Enable diff coverage and set the threshold to 50% (#2061) 

Commits on Feb 18, 2022
check for adding default vlan attempt added (#2075) 
[GCU] Adding unit-test where path and ref paths are under the same YA… 
[GCU] Turning port admin down before some critical port changes (#1998) 

Commits on Feb 20, 2022
show_platfom_info not run for simx (#2042) 
[aclshow] fix aclshow when clear is called before counters are popula… 
```
2022-02-22 15:32:57 -08:00
Shilong Liu
3bbe562bca
[build] Increase vs platform kvm disk size (#10001)
#### Why I did it
Info: Attempting file://dev/vdb/onie-installer ...
Info: Attempting file://dev/vdb/onie-installer.bin ...
cp: write error: No space left on device
Failure: local_fs_run():/dev/vdb Unable to copy /tmp/tmp.CPY0ad/onie-installer.bin to tmpfs

vs image is failing. Increase kvm device space.
2022-02-21 21:42:27 -08:00
Mohamed Ghoneim
f21a45b68a
[build] fix build exception and revert #9136 (#10037)
#### Why I did it

1. Fix Build exception [example](https://dev.azure.com/mssonic/build/_build/results?buildId=73911&view=logs&jobId=88ce9a53-729c-5fa9-7b6e-3d98f2488e3f&j=cef3d8a9-152e-5193-620b-567dc18af272&t=ac3bce9f-b126-5a26-3fee-28ce0ec1679d)

```
2022-02-19T01:54:23.4200556Z ImportError: cannot import name 'soft_unicode' from 'markupsafe' (/usr/local/lib/python3.8/dist-packages/markupsafe/__init__.py)
```

This is because Jinja2 uses MarkupSafe without specifying an upper limit to the version, MarkupSafe version that was released today removed 'soft_unicode'. So now Jinja2 is complaining.

Related issues:
https://github.com/pallets/jinja/issues/1591
https://github.com/aws/aws-sam-cli/issues/3661


2. Reverts #9136

Fixing build failures in SONiC utils [example](https://dev.azure.com/mssonic/build/_build/results?buildId=73784&view=logs&jobId=83516c17-6666-5250-abde-63983ce72a49&j=83516c17-6666-5250-abde-63983ce72a49&t=6177235f-d4f1-5f72-835a-90ebb93a1784)

One of the errors:
```
 TestPathAddressing.test_find_ref_paths__ref_is_the_whole_key__returns_ref_paths 

self = <tests.generic_config_updater.gu_common_test.TestPathAddressing testMethod=test_find_ref_paths__ref_is_the_whole_key__returns_ref_paths>

    def test_find_ref_paths__ref_is_the_whole_key__returns_ref_paths(self):
        # Arrange
        path = "/PORT/Ethernet0"
        expected = [
            "/ACL_TABLE/NO-NSW-PACL-V4/ports/0",
            "/VLAN_MEMBER/Vlan1000|Ethernet0",
        ]
    
        # Act
        actual = self.path_addressing.find_ref_paths(path, Files.CROPPED_CONFIG_DB_AS_JSON)
    
        # Assert
>       self.assertEqual(expected, actual)
E       AssertionError: Lists differ: ['/ACL_TABLE/NO-NSW-PACL-V4/ports/0', '/VLAN_MEMBER/Vlan1000|Ethernet0'] != ['/ACL_TABLE/NO-NSW-PACL-V4/ports/0']
E       
E       First list contains 1 additional elements.
E       First extra element 1:
E       '/VLAN_MEMBER/Vlan1000|Ethernet0'
E       
E       - ['/ACL_TABLE/NO-NSW-PACL-V4/ports/0', '/VLAN_MEMBER/Vlan1000|Ethernet0']
E       + ['/ACL_TABLE/NO-NSW-PACL-V4/ports/0']
```

The VLAN_MEMBER backlink (can be called referrer link or ref link) is not found.

Issue introduced by https://github.com/Azure/sonic-buildimage/pull/9136
I don't know how this PR passed the build system, it should have failed.

Known YANG issue https://github.com/Azure/sonic-buildimage/issues/9312

#### How I did it
The import to `sonic-vlan` is breaking the build
```
    import sonic-vlan {
        prefix vlan;
    }
```

I am not sure if that's the only issue, so I think reverting the whole PR should be the safer option.

#### How to verify it
Ran sonic-utils tests locally.
2022-02-21 11:07:29 -08:00
xumia
f65a071410
[Build]: Fix marvell sai package version parsing issue
Fix marvell sai package version parsing issue (#10009)
2022-02-19 12:16:50 +08:00
thomas.cappleman@metaswitch.com
a7f6130383
[submodule] swss-common and py-swssdk updates (#9777)
sonic-swss-common:
[ci] Set diff coverage threshold to 50% (#567)
Added NVGRE tunnel related tables (#549)
Add option to suppress logging (#566)
[TableBase] Make channel name from both table name and database ID (#568)
Revert "[TableBase] Make channel name from both table name and database ID (#568)" (#574)

sonic-py-swsssdk:
Add option to suppress warnings when querying Redis (#115)
2022-02-18 13:24:04 -08:00
alvinkaiwei
d2f6fe7463
Add support for Accton wedge100bf_32qs platform to SONiC master (#9257)
* Add support for Accton wedge100bf_32qs platform

This pull request is based on wedge100bf_32x.

The components on the mainboard are the same as wedge100bf_32x, except for tofino 32Q and COMe models, so it refers to wedge100bf_32x to create new model: wedge100bf_32qs.

Signed-off-by: alvin_feng <alvin_feng@accton.com>

* Fix lgtm alerts issues

Signed-off-by: alvin_feng <alvin_feng@accton.com>

* Modify some file permissions and use symlink to link wedge100bf-32qs/sonic_platform

Signed-off-by: alvin_feng <alvin_feng@accton.com>

* Remove switch-sai.conf file

Signed-off-by: alvin_feng <alvin_feng@accton.com>

* Modify platform.json to avoid platform TCs issues and changes for correct generating BUFFER_QUEUE values in DB.

Signed-off-by: alvin_feng <alvin_feng@accton.com>

* Fix error name in platform.json
2022-02-18 15:21:14 +05:30
Richard.Yu
2210c82ef8
[PTF-SAIv2]Add ptf docker for sai-ptf (saiv2) (#9729)
* [PTF-SAIv2]Add ptf dockre for sai-ptf (saiv2)

Base on current ptf docker create a new docker for sai-ptf(saiv2)
upgrade related package
use the latest ptf and install it

test done:
NOJESSIE=1 NOSTRETCH=1 NOBULLSEYE=1 ENABLE_SYNCD_RPC=y make target/docker-ptf-sai.gz
BLDENV=buster make -f Makefile.work target/docker-ptf-sai.gz

* upgrade the thrift to 014
2022-02-18 01:48:50 -08:00
Myron Sosyak
bec35267cb
[BFN] syncd-rpc build with thrift 0.14.1 (#9884) 2022-02-18 01:44:42 -08:00
Christian Svensson
d540492834
caclmgrd: remove permit source port 179 (#9827)
[Caclmgrd] Remove insecure opening of source port 179
Signed-off-by: Christian Svensson <blue@cmd.nu>
2022-02-17 15:04:59 -08:00
Vadym Hlushko
5ce75acfa5
[nvgre] Added YANG model and tests (#9136)
- Why I did it
NVGRE Tunnel feature extends the Config DB with new tables. These tables require a new YANG model.

- How I did it
Added a new YANG model sonic-nvgre-tunnel.yang

- How to verify it
Added YANG test cases.

Signed-off-by: Vadym Hlushko <vadymh@nvidia.com>
2022-02-17 12:06:01 +02:00
Stepan Blyshchak
fb752a4ae5
[rsyslog.j2] fix typo in VAR_LOG_SIZE_KB (#9954)
This issue causes negative threshold value and thus deleting log files even when there is enough space.

This issue causes negative threshold value and thus deleting log files even when there is enough space.

- Why I did it
To fix an issue when log files get deleted even if there is enough space.

- How I did it
Fixed an typo.

- How to verify it
Run the portion of the script that calculates threshold, see that the threshold is calculated correctly.

Signed-off-by: Stepan Blyschak <stepanb@nvidia.com>
2022-02-17 10:16:44 +02:00
kellyyeh
f136c53d19
[radv] Support multiple ipv6 prefixes per vlan interface (#9934)
Why I did it
Radvd.conf.j2 template creates two copies of the vlan interface when there are more than one ipv6 address assigned to a single vlan interface. Changed the format to add prefixes under the same vlan interface block.

How I did it
Modifies radvd.conf.j2 and added unit tests

How to verify it
Configure multiple ipv6 address to the same vlan, start radvd
Unit test will check if radvd.conf with multiple ipv6 addresses is formed correctly
2022-02-16 14:17:26 -08:00
Aravind Mani
b7ae4f2e67
Dell S6100: Addition of 10G ports (#9988) 2022-02-16 00:09:05 -08:00
Jason Lyu
b023c29a1e
[redis] Upgrade redis version (#9757)
#### Why I did it

The current redis version of SONiC is `6.0.6`, which contains many high-risky security issues like CVEs that are fixed in the latest version. The Redis release notes also highly recommend to upgrade with SECURITY urgency.

```
================================================================================
Redis 6.0.16 Released Mon Oct 4 12:00:00 IDT 2021
================================================================================

Upgrade urgency: SECURITY, contains fixes to security issues.

Security Fixes:
* (CVE-2021-41099) Integer to heap buffer overflow handling certain string
  commands and network payloads, when proto-max-bulk-len is manually configured
  to a non-default, very large value [reported by yiyuaner].
* (CVE-2021-32762) Integer to heap buffer overflow issue in redis-cli and
  redis-sentinel parsing large multi-bulk replies on some older and less common
  platforms [reported by Microsoft Vulnerability Research].
* (CVE-2021-32687) Integer to heap buffer overflow with intsets, when
  set-max-intset-entries is manually configured to a non-default, very large
  value [reported by Pawel Wieczorkiewicz, AWS].
* (CVE-2021-32675) Denial Of Service when processing RESP request payloads with
  a large number of elements on many connections.
* (CVE-2021-32672) Random heap reading issue with Lua Debugger [reported by
  Meir Shpilraien].
* (CVE-2021-32628) Integer to heap buffer overflow handling ziplist-encoded
  data types, when configuring a large, non-default value for
  hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries
  or zset-max-ziplist-value [reported by sundb].
* (CVE-2021-32627) Integer to heap buffer overflow issue with streams, when
  configuring a non-default, large value for proto-max-bulk-len and
  client-query-buffer-limit [reported by sundb].
* (CVE-2021-32626) Specially crafted Lua scripts may result with Heap buffer
  overflow [reported by Meir Shpilraien].

Other bug fixes:
* Fix appendfsync to always guarantee fsync before reply, on MacOS and FreeBSD (kqueue) (#9416)
* Fix the wrong mis-detection of sync_file_range system call, affecting performance (#9371)
* Fix replication issues when repl-diskless-load is used (#9280)
```

#### How I did it

Edit `Dockerfile.j2` file

#### How to verify it

Check redis version

#### Description for the changelog
This PR will upgrade redis-server version to `6.0.16`.
2022-02-15 16:43:01 -08:00
Myron Sosyak
125fe9907a
Bump Thrift version from 0.13.0 to 0.14.1 (#9881)
#### Why I did it
To bump the Thrift version to 0.14.1 
- To avoid [CVE-2020-13949](https://nvd.nist.gov/vuln/detail/CVE-2020-13949) 
- to fix some dependencies issues

#### How I did it
- rename `src/thrfit_0_13_0` to `src/thrift_2` to remove version number in the path. (`src/thrift` contains rules to build thrift 0.11.0  )
- Add thrift sources as submodule as there are no prepared debian packages for version >0.13.0 on [debian.org](https://packages.debian.org/search?searchon=sourcenames&keywords=thrift)
- Added patches with fixes for original thrift debian rules:(remove unneeded packages, fix multi job build)
#### How to verify it
```
BLDENV=buster make -f Makefile.work target/debs/buster/libthrift-dev_0.14.1_amd64.deb
```
2022-02-15 16:39:47 -08:00
Alexander Allen
9677401f4a
[pmon] Fix chassis_db_init exit not being expected (#9858)
- Why I did it
Error log was shown on switches during boot
pmon#supervisord 2021-12-22 04:27:16,709 INFO exited: chassis_db_init (exit status 0; not expected)

- How I did it
Add exit code zero as an expected exit code and also disable autorestart.

- How to verify it
Boot the switch and ensure the above log line does not appear.
2022-02-15 10:51:24 +02:00
Sudharsan Dhamal Gopalarathnam
1223a7baba
Update template pull_request_template.md (#9888)
Updating template description to include link to configuration schema for YANG module changes.

#### Why I did it
Updating template description to include link to configuration schema for YANG module changes. When reviewing yang models it becomes difficult to know the entire schema for the table for which yang is defined. Besides providing a clear picture, it will also help to document the config_db schema which is not upto date.

#### How I did it
Updating template file
2022-02-14 13:55:40 -08:00
Sudharsan Dhamal Gopalarathnam
0b59f0b641
[yang]YANG model for policer table (#9948)
#### Why I did it
Added yang model for policer table
Fixes https://github.com/Azure/sonic-buildimage/issues/9742 and https://github.com/Azure/sonic-buildimage/issues/9743
#### How I did it
Creating yang model for policer

#### How to verify it
Added UT to verify the yang model

The configuration schema for policer is added in the pull request https://github.com/Azure/sonic-swss/pull/2144
2022-02-14 13:00:58 -08:00
Dror Prital
cf1bc8dc65
[Mellanox] Upgrade ASIC FW tool to 4.18.1-16 (#9981)
- Why I did it
Update MFT to version 4.18.1-16 for bugs fixes and new SN2201 support

- How I did it
Advance to MFT tool version to 4.18.1-16

- How to verify it
Manually tested on all Mellanox platforms (ASIC FW Upgrade, link debug tools, CPLD upgrade, etc.)
2022-02-14 10:39:47 +02:00