Merge pull request #2317 from CumulusNetworks/create-pull-request/patch

Changes by create-pull-request action

content/cumulus-linux-43/Whats-New/rn.md

@@ -65,7 +65,7 @@ pdfhidden: True
 | <a name="2782033"></a> [2782033](#2782033) <a name="2782033"></a> <br /> | The following vulnerabilities have been announced in the openssl packages:CVE-2021-3711: buffer overflow vulnerability in SM2 decryption<br />CVE-2021-3712: buffer overrun when processing ASN.1 strings in the X509_aux_print() function<br />More details at https://www.openssl.org/news/secadv/20210824.txt <br />Vulnerable: <= 1.1.1d-0+deb10u6Fixed: 1.1.1d-0+deb10u7 | 4.0.0-4.4.1 | 4.4.2-4.4.5|
 | <a name="2781537"></a> [2781537](#2781537) <a name="2781537"></a> <br /> | In Cumulus VX, the iptables FORWARD chain does not count hits. To work around this issue, use <code> -t mangle -A PREROUTING</code> instead of <code>FORWARD</code>. | 4.3.0-4.4.5 | 5.0.0-5.6.0|
 | <a name="2771871"></a> [2771871](#2771871) <a name="2771871"></a> <br /> | IPv4 and IPv6 neighbor entries in a FAILED state are incorrectly programmed into hardware as FORWARD entries instead of TRAP entries. Traffic is forwarded to these neighbors with a destination MAC address of 00:00:00:00:00:00 instead of trapping them to the CPU to resolve the correct MAC address<br />This affects failed neighbor entries on routed interfaces that are not SVIs. | 4.3.0-4.4.1 | 4.4.2-4.4.5|
-| <a name="2771653"></a> [2771653](#2771653) <a name="2771653"></a> <br /> | When using W-ECMP, the weights for various BGP next hops  can sometimes be in the range of 100s or more which consumes a lot of hardware space. | 4.3.0-4.4.5 | |
+| <a name="2771653"></a> [2771653](#2771653) <a name="2771653"></a> <br /> | When using W-ECMP, the weights for various BGP next hops  can sometimes be in the range of 100s or more, which consumes a lot of hardware space. | 4.3.0-4.4.5 | |
 | <a name="2754791"></a> [2754791](#2754791) <a name="2754791"></a> <br /> | Remote MAC addreses in zebra are out of sync with <code>bgpd</code>. The zebra MAC addresses point to an incorrect (old) VTEP IP  address and the sequence number is one higher than in BGP.  | 3.7.14.2-3.7.16, 4.3.0-4.4.5 | |
 | <a name="2754691"></a> [2754691](#2754691) <a name="2754691"></a> <br /> | CVE-2021-3672: in c-ares, a library that performs DNS requests and name resolution asynchronously, missing input validation of hostnames returned by DNS servers can lead to output of wrong hostnames (leading to Domain Hijacking)<br />Vulnerable: 1.14.0-1Fixed: 1.14.0-1+deb10u1 | 4.0.0-4.4.1 | 4.4.2-4.4.5|
 | <a name="2754685"></a> [2754685](#2754685) <a name="2754685"></a> <br /> | CVE-2021-38165: lynx, a non-graphical (text-mode) web browser, does not properly handle the userinfo subcomponent of a URI, which can lead to leaking of credential in cleartext in SNI data<br />Vulnerable: 2.8.9rel.1-3Fixed: 2.8.9rel.1-3+deb10u1 | 4.0.0-4.4.1 | 4.4.2-4.4.5|
@@ -394,7 +394,7 @@ pdfhidden: True
 | <a name="2782033"></a> [2782033](#2782033) <a name="2782033"></a> <br /> | The following vulnerabilities have been announced in the openssl packages:CVE-2021-3711: buffer overflow vulnerability in SM2 decryption<br />CVE-2021-3712: buffer overrun when processing ASN.1 strings in the X509_aux_print() function<br />More details at https://www.openssl.org/news/secadv/20210824.txt <br />Vulnerable: <= 1.1.1d-0+deb10u6Fixed: 1.1.1d-0+deb10u7 | 4.0.0-4.4.1 | 4.4.2-4.4.5|
 | <a name="2781537"></a> [2781537](#2781537) <a name="2781537"></a> <br /> | In Cumulus VX, the iptables FORWARD chain does not count hits. To work around this issue, use <code> -t mangle -A PREROUTING</code> instead of <code>FORWARD</code>. | 4.3.0-4.4.5 | 5.0.0-5.6.0|
 | <a name="2771871"></a> [2771871](#2771871) <a name="2771871"></a> <br /> | IPv4 and IPv6 neighbor entries in a FAILED state are incorrectly programmed into hardware as FORWARD entries instead of TRAP entries. Traffic is forwarded to these neighbors with a destination MAC address of 00:00:00:00:00:00 instead of trapping them to the CPU to resolve the correct MAC address<br />This affects failed neighbor entries on routed interfaces that are not SVIs. | 4.3.0-4.4.1 | 4.4.2-4.4.5|
-| <a name="2771653"></a> [2771653](#2771653) <a name="2771653"></a> <br /> | When using W-ECMP, the weights for various BGP next hops  can sometimes be in the range of 100s or more which consumes a lot of hardware space. | 4.3.0-4.4.5 | |
+| <a name="2771653"></a> [2771653](#2771653) <a name="2771653"></a> <br /> | When using W-ECMP, the weights for various BGP next hops  can sometimes be in the range of 100s or more, which consumes a lot of hardware space. | 4.3.0-4.4.5 | |
 | <a name="2754791"></a> [2754791](#2754791) <a name="2754791"></a> <br /> | Remote MAC addreses in zebra are out of sync with <code>bgpd</code>. The zebra MAC addresses point to an incorrect (old) VTEP IP  address and the sequence number is one higher than in BGP.  | 3.7.14.2-3.7.16, 4.3.0-4.4.5 | |
 | <a name="2754691"></a> [2754691](#2754691) <a name="2754691"></a> <br /> | CVE-2021-3672: in c-ares, a library that performs DNS requests and name resolution asynchronously, missing input validation of hostnames returned by DNS servers can lead to output of wrong hostnames (leading to Domain Hijacking)<br />Vulnerable: 1.14.0-1Fixed: 1.14.0-1+deb10u1 | 4.0.0-4.4.1 | 4.4.2-4.4.5|
 | <a name="2754685"></a> [2754685](#2754685) <a name="2754685"></a> <br /> | CVE-2021-38165: lynx, a non-graphical (text-mode) web browser, does not properly handle the userinfo subcomponent of a URI, which can lead to leaking of credential in cleartext in SNI data<br />Vulnerable: 2.8.9rel.1-3Fixed: 2.8.9rel.1-3+deb10u1 | 4.0.0-4.4.1 | 4.4.2-4.4.5|

content/cumulus-linux-43/rn.xml

@@ -351,7 +351,7 @@ This affects failed neighbor entries on routed interfaces that are not SVIs.</td
 </tr>
 <tr>
 <td>2771653</td>
-<td>When using W-ECMP, the weights for various BGP next hops  can sometimes be in the range of 100s or more which consumes a lot of hardware space.</td>
+<td>When using W-ECMP, the weights for various BGP next hops  can sometimes be in the range of 100s or more, which consumes a lot of hardware space.</td>
 <td>4.3.0-4.4.5</td>
 <td></td>
 </tr>
@@ -2777,7 +2777,7 @@ This affects failed neighbor entries on routed interfaces that are not SVIs.</td
 </tr>
 <tr>
 <td>2771653</td>
-<td>When using W-ECMP, the weights for various BGP next hops  can sometimes be in the range of 100s or more which consumes a lot of hardware space.</td>
+<td>When using W-ECMP, the weights for various BGP next hops  can sometimes be in the range of 100s or more, which consumes a lot of hardware space.</td>
 <td>4.3.0-4.4.5</td>
 <td></td>
 </tr>

content/cumulus-linux-44/Whats-New/rn.md

@@ -116,7 +116,7 @@ pdfhidden: True
 | <a name="2780915"></a> [2780915](#2780915) <a name="2780915"></a> <br /> | In NVUE, you can't deactivate the IPv4 address family per neighbor. | 4.4.0-4.4.5 | 5.0.0-5.6.0|
 | <a name="2780834"></a> [2780834](#2780834) <a name="2780834"></a> <br /> | To enable an address family on a peer, you have to enable the address family  globally. | 4.4.0-4.4.5 | 5.0.0-5.6.0|
 | <a name="2780211"></a> [2780211](#2780211) <a name="2780211"></a> <br /> | When you use the NVUE <code>nv set vrf default router bgp peer <peer> local-as asn <asn></code> command to configure a local AS, Cumulus Linux does not update the <code>etc/frr/frr.conf</code> file. | 4.4.0-4.4.5 | 5.0.0-5.6.0|
-| <a name="2771653"></a> [2771653](#2771653) <a name="2771653"></a> <br /> | When using W-ECMP, the weights for various BGP next hops  can sometimes be in the range of 100s or more which consumes a lot of hardware space. | 4.3.0-4.4.5 | |
+| <a name="2771653"></a> [2771653](#2771653) <a name="2771653"></a> <br /> | When using W-ECMP, the weights for various BGP next hops  can sometimes be in the range of 100s or more, which consumes a lot of hardware space. | 4.3.0-4.4.5 | |
 | <a name="2763819"></a> [2763819](#2763819) <a name="2763819"></a> <br /> | When  you enable LACP bypass on a bond, traffic to static MAC addresses configured on the bond might not work when LACP bypass is enforced. | 4.4.0-4.4.5 | |
 | <a name="2754791"></a> [2754791](#2754791) <a name="2754791"></a> <br /> | Remote MAC addreses in zebra are out of sync with <code>bgpd</code>. The zebra MAC addresses point to an incorrect (old) VTEP IP  address and the sequence number is one higher than in BGP.  | 3.7.14.2-3.7.16, 4.3.0-4.4.5 | |
 | <a name="2753955"></a> [2753955](#2753955) <a name="2753955"></a> <br /> | On the Lenovo MSN3700 switch, if you try to configure an interface with a link speed of 200G, the configuration fails. | 4.2.1-4.4.5 | 5.0.0-5.6.0|
@@ -407,7 +407,7 @@ pdfhidden: True
 | <a name="2780915"></a> [2780915](#2780915) <a name="2780915"></a> <br /> | In NVUE, you can't deactivate the IPv4 address family per neighbor. | 4.4.0-4.4.5 | 5.0.0-5.6.0|
 | <a name="2780834"></a> [2780834](#2780834) <a name="2780834"></a> <br /> | To enable an address family on a peer, you have to enable the address family  globally. | 4.4.0-4.4.5 | 5.0.0-5.6.0|
 | <a name="2780211"></a> [2780211](#2780211) <a name="2780211"></a> <br /> | When you use the NVUE <code>nv set vrf default router bgp peer <peer> local-as asn <asn></code> command to configure a local AS, Cumulus Linux does not update the <code>etc/frr/frr.conf</code> file. | 4.4.0-4.4.5 | 5.0.0-5.6.0|
-| <a name="2771653"></a> [2771653](#2771653) <a name="2771653"></a> <br /> | When using W-ECMP, the weights for various BGP next hops  can sometimes be in the range of 100s or more which consumes a lot of hardware space. | 4.3.0-4.4.5 | |
+| <a name="2771653"></a> [2771653](#2771653) <a name="2771653"></a> <br /> | When using W-ECMP, the weights for various BGP next hops  can sometimes be in the range of 100s or more, which consumes a lot of hardware space. | 4.3.0-4.4.5 | |
 | <a name="2763819"></a> [2763819](#2763819) <a name="2763819"></a> <br /> | When  you enable LACP bypass on a bond, traffic to static MAC addresses configured on the bond might not work when LACP bypass is enforced. | 4.4.0-4.4.5 | |
 | <a name="2754791"></a> [2754791](#2754791) <a name="2754791"></a> <br /> | Remote MAC addreses in zebra are out of sync with <code>bgpd</code>. The zebra MAC addresses point to an incorrect (old) VTEP IP  address and the sequence number is one higher than in BGP.  | 3.7.14.2-3.7.16, 4.3.0-4.4.5 | |
 | <a name="2753955"></a> [2753955](#2753955) <a name="2753955"></a> <br /> | On the Lenovo MSN3700 switch, if you try to configure an interface with a link speed of 200G, the configuration fails. | 4.2.1-4.4.5 | 5.0.0-5.6.0|
@@ -733,7 +733,7 @@ pdfhidden: True
 | <a name="2780915"></a> [2780915](#2780915) <a name="2780915"></a> <br /> | In NVUE, you can't deactivate the IPv4 address family per neighbor. | 4.4.0-4.4.5 | 5.0.0-5.6.0|
 | <a name="2780834"></a> [2780834](#2780834) <a name="2780834"></a> <br /> | To enable an address family on a peer, you have to enable the address family  globally. | 4.4.0-4.4.5 | 5.0.0-5.6.0|
 | <a name="2780211"></a> [2780211](#2780211) <a name="2780211"></a> <br /> | When you use the NVUE <code>nv set vrf default router bgp peer <peer> local-as asn <asn></code> command to configure a local AS, Cumulus Linux does not update the <code>etc/frr/frr.conf</code> file. | 4.4.0-4.4.5 | 5.0.0-5.6.0|
-| <a name="2771653"></a> [2771653](#2771653) <a name="2771653"></a> <br /> | When using W-ECMP, the weights for various BGP next hops  can sometimes be in the range of 100s or more which consumes a lot of hardware space. | 4.3.0-4.4.5 | |
+| <a name="2771653"></a> [2771653](#2771653) <a name="2771653"></a> <br /> | When using W-ECMP, the weights for various BGP next hops  can sometimes be in the range of 100s or more, which consumes a lot of hardware space. | 4.3.0-4.4.5 | |
 | <a name="2763819"></a> [2763819](#2763819) <a name="2763819"></a> <br /> | When  you enable LACP bypass on a bond, traffic to static MAC addresses configured on the bond might not work when LACP bypass is enforced. | 4.4.0-4.4.5 | |
 | <a name="2754791"></a> [2754791](#2754791) <a name="2754791"></a> <br /> | Remote MAC addreses in zebra are out of sync with <code>bgpd</code>. The zebra MAC addresses point to an incorrect (old) VTEP IP  address and the sequence number is one higher than in BGP.  | 3.7.14.2-3.7.16, 4.3.0-4.4.5 | |
 | <a name="2753955"></a> [2753955](#2753955) <a name="2753955"></a> <br /> | On the Lenovo MSN3700 switch, if you try to configure an interface with a link speed of 200G, the configuration fails. | 4.2.1-4.4.5 | 5.0.0-5.6.0|
@@ -1038,7 +1038,7 @@ pdfhidden: True
 | <a name="2780915"></a> [2780915](#2780915) <a name="2780915"></a> <br /> | In NVUE, you can't deactivate the IPv4 address family per neighbor. | 4.4.0-4.4.5 | 5.0.0-5.6.0|
 | <a name="2780834"></a> [2780834](#2780834) <a name="2780834"></a> <br /> | To enable an address family on a peer, you have to enable the address family  globally. | 4.4.0-4.4.5 | 5.0.0-5.6.0|
 | <a name="2780211"></a> [2780211](#2780211) <a name="2780211"></a> <br /> | When you use the NVUE <code>nv set vrf default router bgp peer <peer> local-as asn <asn></code> command to configure a local AS, Cumulus Linux does not update the <code>etc/frr/frr.conf</code> file. | 4.4.0-4.4.5 | 5.0.0-5.6.0|
-| <a name="2771653"></a> [2771653](#2771653) <a name="2771653"></a> <br /> | When using W-ECMP, the weights for various BGP next hops  can sometimes be in the range of 100s or more which consumes a lot of hardware space. | 4.3.0-4.4.5 | |
+| <a name="2771653"></a> [2771653](#2771653) <a name="2771653"></a> <br /> | When using W-ECMP, the weights for various BGP next hops  can sometimes be in the range of 100s or more, which consumes a lot of hardware space. | 4.3.0-4.4.5 | |
 | <a name="2763819"></a> [2763819](#2763819) <a name="2763819"></a> <br /> | When  you enable LACP bypass on a bond, traffic to static MAC addresses configured on the bond might not work when LACP bypass is enforced. | 4.4.0-4.4.5 | |
 | <a name="2754791"></a> [2754791](#2754791) <a name="2754791"></a> <br /> | Remote MAC addreses in zebra are out of sync with <code>bgpd</code>. The zebra MAC addresses point to an incorrect (old) VTEP IP  address and the sequence number is one higher than in BGP.  | 3.7.14.2-3.7.16, 4.3.0-4.4.5 | |
 | <a name="2753955"></a> [2753955](#2753955) <a name="2753955"></a> <br /> | On the Lenovo MSN3700 switch, if you try to configure an interface with a link speed of 200G, the configuration fails. | 4.2.1-4.4.5 | 5.0.0-5.6.0|
@@ -1365,7 +1365,7 @@ pdfhidden: True
 | <a name="2780834"></a> [2780834](#2780834) <a name="2780834"></a> <br /> | To enable an address family on a peer, you have to enable the address family  globally. | 4.4.0-4.4.5 | 5.0.0-5.6.0|
 | <a name="2780211"></a> [2780211](#2780211) <a name="2780211"></a> <br /> | When you use the NVUE <code>nv set vrf default router bgp peer <peer> local-as asn <asn></code> command to configure a local AS, Cumulus Linux does not update the <code>etc/frr/frr.conf</code> file. | 4.4.0-4.4.5 | 5.0.0-5.6.0|
 | <a name="2771871"></a> [2771871](#2771871) <a name="2771871"></a> <br /> | IPv4 and IPv6 neighbor entries in a FAILED state are incorrectly programmed into hardware as FORWARD entries instead of TRAP entries. Traffic is forwarded to these neighbors with a destination MAC address of 00:00:00:00:00:00 instead of trapping them to the CPU to resolve the correct MAC address<br />This affects failed neighbor entries on routed interfaces that are not SVIs. | 4.3.0-4.4.1 | 4.4.2-4.4.5|
-| <a name="2771653"></a> [2771653](#2771653) <a name="2771653"></a> <br /> | When using W-ECMP, the weights for various BGP next hops  can sometimes be in the range of 100s or more which consumes a lot of hardware space. | 4.3.0-4.4.5 | |
+| <a name="2771653"></a> [2771653](#2771653) <a name="2771653"></a> <br /> | When using W-ECMP, the weights for various BGP next hops  can sometimes be in the range of 100s or more, which consumes a lot of hardware space. | 4.3.0-4.4.5 | |
 | <a name="2763819"></a> [2763819](#2763819) <a name="2763819"></a> <br /> | When  you enable LACP bypass on a bond, traffic to static MAC addresses configured on the bond might not work when LACP bypass is enforced. | 4.4.0-4.4.5 | |
 | <a name="2755614"></a> [2755614](#2755614) <a name="2755614"></a> <br /> | When <code>route_preferred_over_neigh</code> is set to <code>FALSE</code> in the <code>/etc/cumulus/switchd.conf</code> file, host routes (/32 or /128) are used for forwarding in hardware instead of a local neighbor entry. | 4.0.0-4.3.0, 4.4.0-4.4.5 | 4.3.1, 5.0.0-5.6.0|
 | <a name="2754791"></a> [2754791](#2754791) <a name="2754791"></a> <br /> | Remote MAC addreses in zebra are out of sync with <code>bgpd</code>. The zebra MAC addresses point to an incorrect (old) VTEP IP  address and the sequence number is one higher than in BGP.  | 3.7.14.2-3.7.16, 4.3.0-4.4.5 | |

content/cumulus-linux-44/rn.xml

@@ -706,7 +706,7 @@ To work around this issue, do not disable EVPN Advertise Primary IP Address, whi
 </tr>
 <tr>
 <td>2771653</td>
-<td>When using W-ECMP, the weights for various BGP next hops  can sometimes be in the range of 100s or more which consumes a lot of hardware space.</td>
+<td>When using W-ECMP, the weights for various BGP next hops  can sometimes be in the range of 100s or more, which consumes a lot of hardware space.</td>
 <td>4.3.0-4.4.5</td>
 <td></td>
 </tr>
@@ -2801,7 +2801,7 @@ To work around this issue, do not disable EVPN Advertise Primary IP Address, whi
 </tr>
 <tr>
 <td>2771653</td>
-<td>When using W-ECMP, the weights for various BGP next hops  can sometimes be in the range of 100s or more which consumes a lot of hardware space.</td>
+<td>When using W-ECMP, the weights for various BGP next hops  can sometimes be in the range of 100s or more, which consumes a lot of hardware space.</td>
 <td>4.3.0-4.4.5</td>
 <td></td>
 </tr>
@@ -5092,7 +5092,7 @@ To work around this issue, do not disable EVPN Advertise Primary IP Address, whi
 </tr>
 <tr>
 <td>2771653</td>
-<td>When using W-ECMP, the weights for various BGP next hops  can sometimes be in the range of 100s or more which consumes a lot of hardware space.</td>
+<td>When using W-ECMP, the weights for various BGP next hops  can sometimes be in the range of 100s or more, which consumes a lot of hardware space.</td>
 <td>4.3.0-4.4.5</td>
 <td></td>
 </tr>
@@ -7276,7 +7276,7 @@ To work around this issue, do not disable EVPN Advertise Primary IP Address, whi
 </tr>
 <tr>
 <td>2771653</td>
-<td>When using W-ECMP, the weights for various BGP next hops  can sometimes be in the range of 100s or more which consumes a lot of hardware space.</td>
+<td>When using W-ECMP, the weights for various BGP next hops  can sometimes be in the range of 100s or more, which consumes a lot of hardware space.</td>
 <td>4.3.0-4.4.5</td>
 <td></td>
 </tr>
@@ -9654,7 +9654,7 @@ This affects failed neighbor entries on routed interfaces that are not SVIs.</td
 </tr>
 <tr>
 <td>2771653</td>
-<td>When using W-ECMP, the weights for various BGP next hops  can sometimes be in the range of 100s or more which consumes a lot of hardware space.</td>
+<td>When using W-ECMP, the weights for various BGP next hops  can sometimes be in the range of 100s or more, which consumes a lot of hardware space.</td>
 <td>4.3.0-4.4.5</td>
 <td></td>
 </tr>