Patch release notes 1908b
Release notes for Vyatta NOS 1908b, released November 4, 2019.
Issues resolved
Issues resolved in release 1908b.
| Issue number | Priority | Summary |
|---|---|---|
| VRVDR-48567 | Blocker | DPLL3 is not in free-run by default |
| VRVDR-48553 | Blocker | SIAD not updating L3 neighbour entry on MAC change |
| VRVDR-48527 | Blocker | SIAD: 1G dataplane interfaces fail to start |
| VRVDR-48522 | Blocker | MACVLAN interface not receiving packets with programmed MAC address (VRRP with RFC-compatibility) |
| VRVDR-48484 | Blocker | QOS policy dropping all traffic by policer intermittently |
| VRVDR-48327 | Blocker | HW forwarding failure due to incorrect L2 Rewrite info |
| VRVDR-48243 | Blocker | SIAD Boundary Clock not staying locked to GM when using ECMP paths |
| VRVDR-48201 | Blocker | Mellanox 100G: Needs improvement for performance of 128, 256 Byte pkts; 64Byte pkt has better performance |
| VRVDR-48093 | Blocker | Missing SFP 'Measured values' on FTLF1518P1BTL optics |
| VRVDR-47747 | Blocker | Dataplane killed by OOM during CGNAT scale test |
| VRVDR-47397 | Blocker | PTP logging "STATE: Overall for path '[service ptp instance]'" every 75 seconds |
| VRVDR-46868 | Blocker | Log the port block allocation logs, subscriber logs and resource constraint logs to a different log other than syslog |
| VRVDR-48623 | Critical | Assert in IDTStackAdaptor_AddDownlinkTimeStampDifferences |
| VRVDR-48600 | Critical | Upgrade to 3.0.8 version of UfiSpace's BSP utils |
| VRVDR-48588 | Critical | PTP fails to create ports when config is removed and reapplied |
| VRVDR-48542 | Critical | "ipsec sad" was not containing "virtual-feature-point" |
| VRVDR-48430 | Critical | Issue trap/notification when servo failure is resolved |
| VRVDR-48338 | Critical | IDT servo fails to reliably negotiate an higher packets rates with GM |
| VRVDR-48169 | Critical | Mellanox 100G: improve traffic throughput performance |
| VRVDR-48167 | Critical | show tech-support hangs the CLI and outputs the following message: WARNING: terminal is not fully functional
|
| VRVDR-48157 | Critical | Center LED status for S/M/L is not working as expected |
| VRVDR-48124 | Critical | Azure: System does not provision ssh key pair |
| VRVDR-48102 | Critical | Fails to operate when the number of interfaces with PTP enabled is scaled up |
| VRVDR-48098 | Critical | BroadPTP fails to re-mark SIGNALING messages with appropriate DSCP |
| VRVDR-48077 | Critical | Update BIOS strings for the Flexware XSmall platform |
| VRVDR-47990 | Critical | Vyatta vRouter for vNAT usecase(s) in Azure external cloud |
| VRVDR-47975 | Critical | TACACS: wall: /dev/pts/2: No such file or directory observed on system reboot |
| VRVDR-47863 | Critical | VRRPv3 VRF IPv6 IPAO: Reconfig of LL vip results in MASTER/MASTER scenario |
| VRVDR-47828 | Critical | Crash of keepalived when reloading the daemon (accessing invalid memory) |
| VRVDR-47472 | Critical | Mellanox-100G: Observing the traffic forwards even after disabling the dataplane interface |
| VRVDR-48560 | Major | Kernel neighbour updates may cause dataplane neighbour to transiently become invalid |
| VRVDR-48559 | Major | Static ARP entry not always noted in dataplane ARP table |
| VRVDR-48519 | Major | Operator in secrets group cannot view redacted secret in show config but can in show config command |
| VRVDR-48415 | Major | OSPF flap to INIT state when changing (add or delete) network statements in OSPF |
| VRVDR-48408 | Major | Upgrade Insyde phy_alloc module to version 6 |
| VRVDR-48384 | Major | Change CGNAT to stop using the NPF interface structure |
| VRVDR-48372 | Major | Source NAT is using PPPoE Server (default GW) IP and not local PPPoE interface IP |
| VRVDR-48366 | Major | Some RFC 7951 data test are wrong causing build breakage 1% of the time |
| VRVDR-48332 | Major | TACACS+ AAA plugin should restart on DBus failures |
| VRVDR-48273 | Major | Show sfp info in show interface dataplane <intf> physical on Flexware |
| VRVDR-48224 | Major | show cgnat session with complex filter missing entry |
| VRVDR-48222 | Major | Isolate configd and opd from plugin panics |
| VRVDR-48113 | Major | OSPF not on vtun interface |
| VRVDR-47986 | Major | Change CGNAT policy match from a prefix to an address-group |
| VRVDR-47927 | Major | DPDK - enable selected test apps |
| VRVDR-47882 | Major | CGNAT logs inconsistent with NAT |
| VRVDR-47816 | Major | NAT statistics not displaying in show tech-support save output |
| VRVDR-47792 | Major | clear cgnat session sometimes errors out after scale test |
| VRVDR-47710 | Major | NHRP overloads IPsec daemon communication |
| VRVDR-47701 | Major | CGNAT: Calculate and store RTT times in microseconds |
| VRVDR-47675 | Major | Sessions are not deleted after deleting CGNAT configurations - stays until original timeout expires in particular scenario |
| VRVDR-47611 | Major | CGNAT: RPC keyerror if non-existing interface name is used in get-session-information
|
| VRVDR-47601 | Major | VRRP retains MASTER when device is disabled due to license invalid/expired |
| VRVDR-47130 | Major | Send gratuitous ARP on MAC address change |
| VRVDR-47006 | Major | PTP show ptp <command> intermittent fails to return any output |
| VRVDR-45781 | Major | reset dns forwarding cache routing-instance red not finding VRF instance |
| VRVDR-48774 | Minor | PTP: When changing port states the old and new states are backward |
| VRVDR-48644 | Minor | Add logging for PTP slaves similar to PTP master |
| VRVDR-48390 | Minor | Enable some IDT log messages |
| VRVDR-48108 | Minor | Debug level messages for VRRP seen in journal |
| VRVDR-48033 | Minor | Keepalived: Packet filter picked up an IPv4 advertisement from the local box - dropping it before processing |
| VRVDR-47842 | Minor | mGRE tunnel is not coming up after making address change at the spoke |
| VRVDR-46829 | Minor | The reported timestamps in packet traces are not consistent with the actual time and system clock |
| VRVDR-42161 | Minor | tech-support should contain "CLI: coredumpctl info" prefix for COREDUMPS header |
Security vulnerabilities resolved
Security vulnerabilities resolved in release 1908b.
| Issue number | CVSS | Advisory | Summary |
|---|---|---|---|
| VRVDR-48841 | 9.8 | DSA-4550-1 | CVE-2019-18218: Debian DSA-4550-1 : file - security update |
| VRVDR-48746 | 9.8 | DSA-4547-1 | CVE-2018-10103, CVE-2018-10105, CVE-2018-14461, CVE-2018-14462, CVE-2018-14463, CVE-2018-14464, CVE-2018-14465, CVE-2018-14466, CVE-2018-14467,CVE-2018-14468, CVE-2018-14469, CVE-2018-14470, CVE-2018-14879, CVE-2018-14880, CVE-2018-14881, CVE-2018-14882, CVE-2018-16227, CVE-2018-16228, CVE-2018-16229, CVE-2018-16230, CVE-2018-16300, CVE-2018-16451, CVE-2018-16452, CVE-2019-15166: Debian DSA-4547-1: tcpdump – security update |
| VRVDR-48412 | 9.8 | DSA-4531-1 | CVE-2019-14821, CVE-2019-14835, CVE-2019-15117, CVE-2019-15118, CVE-2019-15902: Debian DSA-4531-1 : linux - security update |
| VRVDR-47897 | 8.1 | DSA-4497-1 | CVE-2015-8553, CVE-2018-5995, CVE-2018-20836 , CVE-2018-20856, CVE-2019-1125, CVE-2019-3882, CVE-2019-3900, CVE-2019-10207, CVE-2019-10638, CVE-2019-10639, CVE-2019-13631, CVE-2019-13648, CVE-2019-14283, CVE-2019-14284: DSA-4497-1: linux – security update |
| VRVDR-48446 | 6.7 | DSA-4535-1 | CVE-2019-5094: Debian DSA-4535-1 : e2fsprogs - security update |
| VRVDR-48502 | 5.3 | DSA-4539-1 | CVE-2019-1547, CVE-2019-1549, CVE-2019-1563: Debian DSA-4539-1 : openssl - security update |
| VRVDR-48652 | N/A | DSA-4543-1 | CVE-2019-14287: Debian DSA-4543-1 : sudo - security update |
Documentation errata
Errors with the NAT Configuration Guide and Basic Routing Configuration Guide have been corrected in this release.
NAT Configuration Guide
In earlier versions of NAT Configuration Guide up to and including Version 17.2.0, the Source address translations section stated that you could set the translation address either to one of the addresses defined on the outbound interface or to masquerade. This is not correct, because now you can set the translation address to any address that you want.
Basic Routing Configuration Guide
In earlier versions of Basic Routing Configuration Guide, Figure 1 in the Configuring static routes section showed an IPv6 diagram whereas it should show an IPv4 diagram. The correct diagram is as follows: