From 37420d9b14097a0df004e771213b1b67695e1e58 Mon Sep 17 00:00:00 2001 From: chenjiankun Date: Mon, 15 Jul 2024 17:27:40 +0800 Subject: [PATCH] docker: Ignore SIGURG on Linux fix #IA9T8K --- VERSION-vendor | 2 +- docker-engine-openeuler.spec | 8 +++- .../0276-docker-Ignore-SIGURG-on-Linux.patch | 42 +++++++++++++++++++ series.conf | 1 + 4 files changed, 51 insertions(+), 2 deletions(-) create mode 100644 patch/0276-docker-Ignore-SIGURG-on-Linux.patch diff --git a/VERSION-vendor b/VERSION-vendor index 36a4168..ffe707d 100644 --- a/VERSION-vendor +++ b/VERSION-vendor @@ -1 +1 @@ -18.09.0.265 +18.09.0.266 diff --git a/docker-engine-openeuler.spec b/docker-engine-openeuler.spec index 4a1b9fe..e55a34f 100644 --- a/docker-engine-openeuler.spec +++ b/docker-engine-openeuler.spec @@ -1,6 +1,6 @@ Name: docker-engine Version: 18.09.0 -Release: 265 +Release: 266 Epoch: 1 Summary: The open-source application container engine Group: Tools/Docker @@ -199,6 +199,12 @@ fi %endif %changelog +* Mon Jul 15 2024 chenjiankun - 18.09.0-266 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:Ignore SIGURG on Linux + * Wed May 08 2024 chenjiankun - 18.09.0-265 - Type:CVE - CVE:CVE-2024-32473 diff --git a/patch/0276-docker-Ignore-SIGURG-on-Linux.patch b/patch/0276-docker-Ignore-SIGURG-on-Linux.patch new file mode 100644 index 0000000..34006aa --- /dev/null +++ b/patch/0276-docker-Ignore-SIGURG-on-Linux.patch @@ -0,0 +1,42 @@ +From 96b2c9ecfbd1ebaae8353c1131e6ed8a0c3de65b Mon Sep 17 00:00:00 2001 +From: chenjiankun +Date: Fri, 21 Jun 2024 16:39:55 +0800 +Subject: [PATCH] docker: Ignore SIGURG on Linux + +In go1.14+, SIGURG is used by the runtime to handle preemtable system +calls. +In practice this signal caught *frequently*. + +For reference: + +https://go.googlesource.com/proposal/+/master/design/24543-non-cooperative-preemption.md +golang/go#37942 +https://github.com/docker/cli/commit/fff164c22e8dc904291fecb62307312fd4ca153e +--- + components/cli/cli/command/container/tty.go | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/components/cli/cli/command/container/tty.go b/components/cli/cli/command/container/tty.go +index cb49ded8e..5a914b109 100644 +--- a/components/cli/cli/command/container/tty.go ++++ b/components/cli/cli/command/container/tty.go +@@ -13,6 +13,7 @@ import ( + "github.com/docker/docker/client" + "github.com/docker/docker/pkg/signal" + "github.com/sirupsen/logrus" ++ "golang.org/x/sys/unix" + ) + + // resizeTtyTo resizes tty to specific height and width +@@ -79,7 +80,7 @@ func ForwardAllSignals(ctx context.Context, cli command.Cli, cid string) chan os + signal.CatchAll(sigc) + go func() { + for s := range sigc { +- if s == signal.SIGCHLD || s == signal.SIGPIPE { ++ if s == signal.SIGCHLD || s == signal.SIGPIPE || s == unix.SIGURG { + continue + } + var sig string +-- +2.33.0 + diff --git a/series.conf b/series.conf index 1cae74c..74cf4e7 100644 --- a/series.conf +++ b/series.conf @@ -264,4 +264,5 @@ patch/0272-Fixes-41871-Update-daemon-daemon.go-resume-healthche.patch patch/0273-backport-fix-CVE-2024-24557.patch patch/0274-backport-fix-CVE-2024-29018.patch patch/0275-backport-fix-CVE-2024-32473.patch +patch/0276-docker-Ignore-SIGURG-on-Linux.patch #end -- Gitee