[code sync] Merge code from sonic-net/sonic-buildimage:202505 to 202506#2275
Open
mssonicbld wants to merge 24 commits into
Open
[code sync] Merge code from sonic-net/sonic-buildimage:202505 to 202506#2275mssonicbld wants to merge 24 commits into
mssonicbld wants to merge 24 commits into
Conversation
Collaborator
mssonicbld
commented
May 11, 2026
mssonicbld
commented
[202505] Upgrade SONiC package Versions
Signed-off-by: Austin Pham <austinpham@microsoft.com>
Why I did it cherry-pick #26459 Currently, 202505 is failing on PTF add topo. This is because when raising a PR to sonic-buildimage, changes from PTF is not included for sonic-mgmt tests. So the test is always testing on previous build. I did a force PTF build here manually https://elastictest.org/scheduler/testplan/69ce3a31511c8798ab89ad1f with this build and can see that it passed add-topo with PTF change. Once we force-merged this, our add-topo for 202505 will be unblock Signed-off-by: Austin Pham <austinpham@microsoft.com>
…D automatically (#26647) #### Why I did it src/sonic-platform-daemons ``` * 8e36084 - (HEAD -> 202505, origin/202505) Make polling intervals in the ThermalMonitor class configurable (Azure#781) (20 hours ago) [mssonicbld] * 9a084f7 - [ci] Use correct slave container image. (Azure#790) (24 hours ago) [Liu Shilong] ``` #### How I did it #### How to verify it #### Description for the changelog
…lly (#26648) #### Why I did it src/sonic-swss ``` * 88071ff3 - (HEAD -> 202505, origin/202505) [202505] Setting default nexthop weight to 1 in `fpmsyncd` (#4422) (65 minutes ago) [mramezani95] * 72e67371 - Added MAX pre-FEC BER for link health monitoring (#4177) (5 hours ago) [mssonicbld] ``` #### How I did it #### How to verify it #### Description for the changelog
Why I did it Upgrade the xgs SAI version to 13.2.1.36 to include the following fixes. 13.2.1.36: Fix for - Preemphasis Settings Are Not Correctly Applied to Subordinated Interfaces 13.2.1.35: Add OBM drops to IF_IN_DISCARDS counter 13.2.1.34: Pkt_Trim: Unable to Disable Trim when one tc_colot_to_dscp map is applied on multiple ports. 13.2.1.33: Ingress ACL table creation failed due to insufficient resource 13.2.1.32: [HFT]Incorporate Customer feedback on Element Id, Chunk Count along with SDK recommendation on resource error 13.2.1.31: [DNX][CSP CS00012420434]Polarization seen between LAG and ECMP within the same box 13.2.1.30: sai_query_stats_capability support for SAI_OBJECT_TYPE_SWITCH 13.2.1.29: SONIC-116157: enable SAI_TAM_TEL_TYPE_ATTR_SWITCH_ENABLE_PORT_STATS_INGRESS/EGRESS as non functional attributes in capablity and create/get/set APIs 13.2.1.28: bcm_switch_control_set(0, bcmSwitchPcieHotSwapDisable, 1) support through SAI code Work item tracking Microsoft ADO (number only): 37339937 How I did it Update the xgs SAI version in sai.mk file. How to verify it Load image on a DUT, all containers and bgp are up and running. Which release branch to backport (provide reason below if selected) N/A - this PR targets 202505 directly. Signed-off-by: zitingguo zitingguo@microsoft.com
…river (#26562) <!-- Please make sure you've read and understood our contributing guidelines: https://github.com/Azure/SONiC/blob/gh-pages/CONTRIBUTING.md failure_prs.log skip_prs.log Make sure all your commits include a signature generated with `git commit -s` ** If this is a bug fix, make sure your description includes "fixes #xxxx", or "closes #xxxx" or "resolves #xxxx" Please provide the following information: --> #### Why I did it TH5 diodes are being added in platform driver, so need to update the platform.json here to pass sonic-mgmt tests. ##### Work item tracking - Microsoft ADO **(number only)**: #### How I did it #### How to verify it <!-- If PR needs to be backported, then the PR must be tested against the base branch and the earliest backport release branch and provide tested image version on these two branches. For example, if the PR is requested for master, 202211 and 202012, then the requester needs to provide test results on master and 202012. --> #### Which release branch to backport (provide reason below if selected) <!-- - Note we only backport fixes to a release branch, *not* features! - Please also provide a reason for the backporting below. - e.g. - [x] 202006 --> - [ ] 202305 - [ ] 202311 - [ ] 202405 - [ ] 202411 - [ ] 202505 - [x] 202511 #### Tested branch (Please provide the tested image version) <!-- - Please provide tested image version - e.g. - [x] 20201231.100 --> - [ ] <!-- image version 1 --> - [ ] <!-- image version 2 --> #### Description for the changelog <!-- Write a short (one line) summary that describes the changes in this pull request for inclusion in the changelog: --> <!-- Ensure to add label/tag for the feature raised. example - PR#2174 under sonic-utilities repo. where, Generic Config and Update feature has been labelled as GCU. --> #### Link to config_db schema for YANG module changes <!-- Provide a link to config_db schema for the table for which YANG model is defined Link should point to correct section on https://github.com/Azure/sonic-buildimage/blob/master/src/sonic-yang-models/doc/Configuration.md --> Signed-off-by: Sonic Build Admin <sonicbld@microsoft.com> #### A picture of a cute animal (not mandatory but encouraged)
…lly (#26698) Why I did it src/sonic-swss * e9dcd50b - (HEAD -> 202505, origin/202505) Temporarily moving the PORT_PHY_ATTR ERR messages to NOTICE level. (#4463) (3 minutes ago) [mssonicbld] How I did it How to verify it Description for the changelog Signed-off-by: mssonicbld <sonicbld@microsoft.com>
#### Why I did it These are some useful counters which should be enabled by default. ##### Work item tracking - Microsoft ADO **(number only)**: #### How I did it Added the config to init_cfg.json.j2 #### How to verify it <!-- If PR needs to be backported, then the PR must be tested against the base branch and the earliest backport release branch and provide tested image version on these two branches. For example, if the PR is requested for master, 202211 and 202012, then the requester needs to provide test results on master and 202012. --> #### Which release branch to backport (provide reason below if selected) <!-- - Note we only backport fixes to a release branch, *not* features! - Please also provide a reason for the backporting below. - e.g. - [x] 202006 --> - [ ] 202305 - [ ] 202311 - [ ] 202405 - [ ] 202411 - [x] 202505 - [x] 202511 #### Tested branch (Please provide the tested image version) I have tested it on 202505 <!-- - Please provide tested image version - e.g. - [x] 20201231.100 --> - [ ] <!-- image version 1 --> - [ ] <!-- image version 2 --> #### Description for the changelog <!-- Write a short (one line) summary that describes the changes in this pull request for inclusion in the changelog: --> Enable PORT PHY attribute collection by default <!-- Ensure to add label/tag for the feature raised. example - PR#2174 under sonic-utilities repo. where, Generic Config and Update feature has been labelled as GCU. --> #### Link to config_db schema for YANG module changes <!-- Provide a link to config_db schema for the table for which YANG model is defined Link should point to correct section on https://github.com/Azure/sonic-buildimage/blob/master/src/sonic-yang-models/doc/Configuration.md --> Signed-off-by: Sonic Build Admin <sonicbld@microsoft.com> #### A picture of a cute animal (not mandatory but encouraged)
<!-- Please make sure you've read and understood our contributing guidelines: https://github.com/Azure/SONiC/blob/gh-pages/CONTRIBUTING.md failure_prs.log Make sure all your commits include a signature generated with `git commit -s` ** If this is a bug fix, make sure your description includes "fixes #xxxx", or "closes #xxxx" or "resolves #xxxx" Please provide the following information: --> #### Why I did it arm64 builds start to fail since 2026/02/09. Root Cause is pypi package setuptools released new version v82.0.0. [LINK](https://setuptools.pypa.io/en/stable/history.html) pkg_resources is removed from setuptools. pip3 uses tem env to build packages and uses latest dependency version. grpcio 1.51.1 didn't include pkg_resources in its dependencies. Build will fail. Why amd64 and armhf build succeed? Because they have manylinux wheel. They don't need to build from source. Open question: How can we avoid this kind of build break? Disable tem env for 'pip install'? ##### Work item tracking - Microsoft ADO **(number only)**: #### How I did it Use host env instead of tem env when pip install grpcio. #### How to verify it <!-- If PR needs to be backported, then the PR must be tested against the base branch and the earliest backport release branch and provide tested image version on these two branches. For example, if the PR is requested for master, 202211 and 202012, then the requester needs to provide test results on master and 202012. --> #### Which release branch to backport (provide reason below if selected) <!-- - Note we only backport fixes to a release branch, *not* features! - Please also provide a reason for the backporting below. - e.g. - [x] 202006 --> - [ ] 202305 - [ ] 202311 - [ ] 202405 - [ ] 202411 - [ ] 202505 - [ ] 202511 #### Tested branch (Please provide the tested image version) <!-- - Please provide tested image version - e.g. - [x] 20201231.100 --> - [ ] <!-- image version 1 --> - [ ] <!-- image version 2 --> #### Description for the changelog <!-- Write a short (one line) summary that describes the changes in this pull request for inclusion in the changelog: --> <!-- Ensure to add label/tag for the feature raised. example - PR#2174 under sonic-utilities repo. where, Generic Config and Update feature has been labelled as GCU. --> #### Link to config_db schema for YANG module changes <!-- Provide a link to config_db schema for the table for which YANG model is defined Link should point to correct section on https://github.com/Azure/sonic-buildimage/blob/master/src/sonic-yang-models/doc/Configuration.md --> Signed-off-by: Sonic Build Admin <sonicbld@microsoft.com> #### A picture of a cute animal (not mandatory but encouraged)
Signed-off-by: Yijing Yan <yijingyan@microsoft.com>
Signed-off-by: Yijing Yan <yijingyan@microsoft.com>
…(#26772) Fix jsonpath_ng new release 1.8.0's issue. Signed-off-by: Yijing Yan <yijingyan@microsoft.com>
- Upgrade Go toolchain 1.25.8 → 1.25.9 (fixes CVE-2026-32280 through CVE-2026-32289: stdlib crypto/tls, archive/tar, html/template, os) - Bump go.opentelemetry.io/otel/sdk v1.40.0 → v1.43.0 in gnmic (CVE-2026-39883: PATH hijacking via BSD kenv) - Add github.com/go-jose/go-jose/v4@v4.1.4 to gnmic, gnoic, grpcurl (CVE-2026-34986: DoS via crafted JSON Web Encryption) - Bump github.com/docker/docker to latest in gnmic (CVE-2026-34040: authorization bypass, CVE-2026-33997: privilege validation bypass during plugin installation) - Add aws-sdk-go-v2 eventstream/s3 latest to gnmic (GHSA-xmrv-pmrh-hhx2: DoS via panic in AWS SDK for Go v2) - Existing apt-get upgrade covers libpng16-16 fix (CVE-2026-33416: use-after-free, CVE-2026-33636: OOB read/write) Signed-off-by: Austin Pham <austinpham@microsoft.com>
Why I did it cherry-pick #22793 to fix docker dash-engine debian connection issue in vs build why needed for 202505 branch: The image builds in 202505 sometimes fail due to network access to archive.ubuntu.com:80 issue. W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/focal/InRelease Connection failed [IP: 185.125.190.81 80] W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/focal-updates/InRelease Connection failed [IP: 185.125.190.82 80] W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/focal-backports/InRelease Connection failed [IP: 91.189.91.81 80] W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/focal-security/InRelease Connection failed [IP: 91.189.91.81 80] W: Some index files failed to download. They have been ignored, or old ones used instead. With this change, we can use our debian mirror for a more stable connection. Signed-off-by: Yijing Yan <yijingyan@microsoft.com>
…cy (#26895) <!-- Please make sure you've read and understood our contributing guidelines: https://github.com/Azure/SONiC/blob/gh-pages/CONTRIBUTING.md failure_prs.log skip_prs.log Make sure all your commits include a signature generated with `git commit -s` ** If this is a bug fix, make sure your description includes "fixes #xxxx", or "closes #xxxx" or "resolves #xxxx" Please provide the following information: --> #### Why I did it 1. We already use apt to install python3-gi in SONiC image according to #22326 But docker-sonic-vs.gz change is missed in that PR. ##### Work item tracking - Microsoft ADO **(number only)**: 32869072 #### How I did it 1. Install python3-gi in docker-sonic-vs.gz image. #### How to verify it <!-- If PR needs to be backported, then the PR must be tested against the base branch and the earliest backport release branch and provide tested image version on these two branches. For example, if the PR is requested for master, 202211 and 202012, then the requester needs to provide test results on master and 202012. --> #### Which release branch to backport (provide reason below if selected) <!-- - Note we only backport fixes to a release branch, *not* features! - Please also provide a reason for the backporting below. - e.g. - [x] 202006 --> - [ ] 202205 - [ ] 202211 - [ ] 202305 - [ ] 202311 - [ ] 202405 - [ ] 202411 - [ ] 202505 #### Tested branch (Please provide the tested image version) <!-- - Please provide tested image version - e.g. - [x] 20201231.100 --> - [ ] <!-- image version 1 --> - [ ] <!-- image version 2 --> #### Description for the changelog <!-- Write a short (one line) summary that describes the changes in this pull request for inclusion in the changelog: --> <!-- Ensure to add label/tag for the feature raised. example - PR#2174 under sonic-utilities repo. where, Generic Config and Update feature has been labelled as GCU. --> #### Link to config_db schema for YANG module changes <!-- Provide a link to config_db schema for the table for which YANG model is defined Link should point to correct section on https://github.com/Azure/sonic-buildimage/blob/master/src/sonic-yang-models/doc/Configuration.md --> Signed-off-by: Sonic Build Admin <sonicbld@microsoft.com> #### A picture of a cute animal (not mandatory but encouraged)
[202505] Upgrade SONiC package Versions
<!--
Please make sure you've read and understood our contributing guidelines:
https://github.com/Azure/SONiC/blob/gh-pages/CONTRIBUTING.md
** Make sure all your commits include a signature generated with `git commit -s` **
If this is a bug fix, make sure your description includes "fixes #xxxx", or
"closes #xxxx" or "resolves #xxxx"
Please provide the following information:
-->
#### Why I did it
With this commit here, PTF replace nnpy with pynng [p4lang/ptf](p4lang/ptf@ebc00f9)
However, we don't have pynng. To unblock us now, I'll pin ptf_nn_agent.py to a previous version that doesn't require pynng
##### Work item tracking
- Microsoft ADO **(number only)**:
#### How I did it
#### How to verify it
<!--
If PR needs to be backported, then the PR must be tested against the base branch and the earliest backport release branch and provide tested image version on these two branches. For example, if the PR is requested for master, 202211 and 202012, then the requester needs to provide test results on master and 202012.
-->
#### Which release branch to backport (provide reason below if selected)
<!--
- Note we only backport fixes to a release branch, *not* features!
- Please also provide a reason for the backporting below.
- e.g.
- [x] 202006
-->
- [ ] 202305
- [ ] 202311
- [ ] 202405
- [ ] 202411
- [ ] 202505
- [ ] 202511
#### Tested branch (Please provide the tested image version)
<!--
- Please provide tested image version
- e.g.
- [x] 20201231.100
-->
- [ ] <!-- image version 1 -->
- [ ] <!-- image version 2 -->
#### Description for the changelog
<!--
Write a short (one line) summary that describes the changes in this
pull request for inclusion in the changelog:
-->
<!--
Ensure to add label/tag for the feature raised. example - PR#2174 under sonic-utilities repo. where, Generic Config and Update feature has been labelled as GCU.
-->
#### Link to config_db schema for YANG module changes
<!--
Provide a link to config_db schema for the table for which YANG model
is defined
Link should point to correct section on https://github.com/Azure/sonic-buildimage/blob/master/src/sonic-yang-models/doc/Configuration.md
-->
Signed-off-by: Sonic Build Admin <sonicbld@microsoft.com>
#### A picture of a cute animal (not mandatory but encouraged)
Why I did it Cherry-pick #27059 CVE Package Why unfixable GHSA-x744-4wpc-v9h2 (HIGH) github.com/docker/docker v28.5.2 → needs v29.3.1 v29.3.1 doesn't exist as a Go module tag; Docker moved to moby/moby/v2 but gnmic's source code imports the old path GHSA-pxq6-2prw-chj9 (MEDIUM) github.com/docker/docker v28.5.2 → needs v29.3.1 Same reason as above GHSA-vffh-x6r8-xx99 (MEDIUM) github.com/prometheus/prometheus v0.306.0 → needs v0.311.2+ Upgrading pulls in k8s.io/kube-openapi which has a broken transitive dep on go-openapi/testify/v2/assert/yaml (module doesn't exist), so go mod tidy fails Work item tracking Microsoft ADO (number only): How I did it Remove gnmic package related Signed-off-by: Austin Pham (agent) <austinpham@microsoft.com>
Collaborator
Author
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
mssonicbld
force-pushed
the
sonicbld/202506-merge
branch
from
6a20b61 to
683d000
Compare
Collaborator
Author
|
/azp run |
|
Azure Pipelines will not run the associated pipelines, because the pull request was updated after the run command was issued. Review the pull request again and issue a new run command. |
mssonicbld
force-pushed
the
sonicbld/202506-merge
branch
from
683d000 to
a8df9cc
Compare
Collaborator
Author
|
/azp run |
|
Azure Pipelines will not run the associated pipelines, because the pull request was updated after the run command was issued. Review the pull request again and issue a new run command. |
Signed-off-by: Yijing Yan <yijingyan@microsoft.com>
…pes via config registry (#27333)
#### Why I did it
Currently PrefixListMgr only supports ANCHOR_PREFIX with hardcoded device-type checks and template references. This refactor makes PrefixListMgr data-driven and extensible, and adds a generic SUPPRESS_PREFIX type for route suppression use cases.
##### Work item tracking
- Microsoft ADO **(number only)**: 37638053
#### How I did it
**Registry refactor (ANCHOR_PREFIX behavior unchanged):**
- Added `PREFIX_TYPE_CONFIG` registry mapping each prefix type to its templates, allowed device types, prefix-list naming lambda, and log labels
- Added `_is_device_allowed()` helper using `(type, subtype)` tuple matching, with `None` = unrestricted
- Refactored `generate_prefix_list_config` to use registry lookup instead of hardcoded checks
- Renamed handler local `prefix_list_name` → `prefix_type` to avoid confusion with `data["prefix_list_name"]`
- Used `metadata.get("subtype", "")` to handle devices without subtype
**SUPPRESS_PREFIX type (new):**
- Added `SUPPRESS_PREFIX` registry entry with `allowed_devices: None` (any device)
- Added `add_suppress_prefix.conf.j2` / `del_suppress_prefix.conf.j2` templates
- In CLI: replaced global `check_spine_router` with per-type `validate_device_for_type`
**constants.yml-driven prefix-list name resolution:**
- Prefix-list names resolved from `constants.yml` (`bgp.prefix_list.<type>.ipv4_name` / `ipv6_name`) with registry lambda as fallback
- Enables downstream repos to override names via `constants.yml` alone
**Backward-compatibility:**
- All 5 existing ANCHOR_PREFIX unit tests pass unchanged
- PrefixListMgr registered on all devices — ANCHOR_PREFIX on non-spine devices logs a warning (no FRR state change; doesn't occur in practice)
- CLI `status` now allowed on any device (read-only)
#### How to verify it
- All 15 unit tests pass (5 existing ANCHOR_PREFIX + 2 registry validation + 5 SUPPRESS_PREFIX + 3 constants override/fallback)
- ANCHOR_PREFIX behavior identical before and after
#### Which release branch to backport (provide reason below if selected)
- [ ] 202305
- [ ] 202311
- [ ] 202405
- [ ] 202411
- [x] 202505
- [x] 202511
- [x] 202603
#### Tested branch (Please provide the tested image version)
- [x] SONiC.20251110.19
#### Description for the changelog
Refactor PrefixListMgr to use a data-driven config registry with constants.yml-driven prefix-list name resolution, and add generic SUPPRESS_PREFIX type.
#### Link to config_db schema for YANG module changes
No YANG model changes. Uses existing PREFIX_LIST table:
[Prefix list](https://github.com/Azure/sonic-buildimage/blob/master/src/sonic-yang-models/doc/Configuration.md#prefix-list)
#### A picture of a cute animal (not mandatory but encouraged)
<img width="491" height="526" alt="枣" src="https://github.com/user-attachments/assets/244cb96f-1b7d-4110-8ba4-92a5a4abcee0" />
Signed-off-by: Sonic Build Admin <sonicbld@microsoft.com>
mssonicbld
force-pushed
the
sonicbld/202506-merge
branch
from
a8df9cc to
5b954fd
Compare
Collaborator
Author
|
/azp run |
|
Azure Pipelines will not run the associated pipelines, because the pull request was updated after the run command was issued. Review the pull request again and issue a new run command. |
mssonicbld
force-pushed
the
sonicbld/202506-merge
branch
from
5b954fd to
70172ef
Compare
Collaborator
Author
|
/azp run |
|
Azure Pipelines will not run the associated pipelines, because the pull request was updated after the run command was issued. Review the pull request again and issue a new run command. |
Signed-off-by: Austin Pham (agent) <austinpham@microsoft.com>
remove redundant pip bootstrp from docker-ptf Signed-off-by: Yijing Yan <yijingyan@microsoft.com>
Collaborator
Author
|
/azp run |
mssonicbld
force-pushed
the
sonicbld/202506-merge
branch
from
70172ef to
c113abf
Compare
|
Azure Pipelines will not run the associated pipelines, because the pull request was updated after the run command was issued. Review the pull request again and issue a new run command. |
mssonicbld
force-pushed
the
sonicbld/202506-merge
branch
from
c113abf to
bd18621
Compare
Collaborator
Author
|
/azp run |
|
Azure Pipelines will not run the associated pipelines, because the pull request was updated after the run command was issued. Review the pull request again and issue a new run command. |
mssonicbld
force-pushed
the
sonicbld/202506-merge
branch
from
bd18621 to
7bb5cb2
Compare
Collaborator
Author
|
/azp run |
|
Azure Pipelines will not run the associated pipelines, because the pull request was updated after the run command was issued. Review the pull request again and issue a new run command. |
mssonicbld
force-pushed
the
sonicbld/202506-merge
branch
from
7bb5cb2 to
2d700a0
Compare
Collaborator
Author
|
/azp run |
|
Azure Pipelines will not run the associated pipelines, because the pull request was updated after the run command was issued. Review the pull request again and issue a new run command. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.