From 63b6ffa102b1acd3f3121ee7b34d8a26c3918ca4 Mon Sep 17 00:00:00 2001 From: chenjiankun Date: Mon, 15 Jul 2024 17:18:22 +0800 Subject: [PATCH] docker: Ignore SIGURG on Linux fix #IA9T8K (cherry picked from commit c24648a4d416f366d23ee7ae58736c7794595d15) --- VERSION-vendor | 2 +- docker.spec | 8 +++- git-commit | 2 +- .../0276-docker-Ignore-SIGURG-on-Linux.patch | 42 +++++++++++++++++++ series.conf | 1 + 5 files changed, 52 insertions(+), 3 deletions(-) create mode 100644 patch/0276-docker-Ignore-SIGURG-on-Linux.patch diff --git a/VERSION-vendor b/VERSION-vendor index 48ca1c7..395642b 100644 --- a/VERSION-vendor +++ b/VERSION-vendor @@ -1 +1 @@ -18.09.0.336 +18.09.0.338 diff --git a/docker.spec b/docker.spec index dd88857..ae3bebe 100644 --- a/docker.spec +++ b/docker.spec @@ -1,6 +1,6 @@ Name: docker-engine Version: 18.09.0 -Release: 337 +Release: 338 Epoch: 2 Summary: The open-source application container engine Group: Tools/Docker @@ -227,6 +227,12 @@ fi %endif %changelog +* Mon Jul 15 2024 chenjiankun - 18.09.0-338 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:Ignore SIGURG on Linux + * Fri Jun 07 2024 suoxiaocong - 18.09.0-337 - Type:BUG - CVE:NA diff --git a/git-commit b/git-commit index aa74852..7297e2e 100644 --- a/git-commit +++ b/git-commit @@ -1 +1 @@ -33f6ee35033ba46754532d87ae6800eca565cb26 +a08d4cca7068a32e0d0af533c6e01aacc3f525ff diff --git a/patch/0276-docker-Ignore-SIGURG-on-Linux.patch b/patch/0276-docker-Ignore-SIGURG-on-Linux.patch new file mode 100644 index 0000000..34006aa --- /dev/null +++ b/patch/0276-docker-Ignore-SIGURG-on-Linux.patch @@ -0,0 +1,42 @@ +From 96b2c9ecfbd1ebaae8353c1131e6ed8a0c3de65b Mon Sep 17 00:00:00 2001 +From: chenjiankun +Date: Fri, 21 Jun 2024 16:39:55 +0800 +Subject: [PATCH] docker: Ignore SIGURG on Linux + +In go1.14+, SIGURG is used by the runtime to handle preemtable system +calls. +In practice this signal caught *frequently*. + +For reference: + +https://go.googlesource.com/proposal/+/master/design/24543-non-cooperative-preemption.md +golang/go#37942 +https://github.com/docker/cli/commit/fff164c22e8dc904291fecb62307312fd4ca153e +--- + components/cli/cli/command/container/tty.go | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/components/cli/cli/command/container/tty.go b/components/cli/cli/command/container/tty.go +index cb49ded8e..5a914b109 100644 +--- a/components/cli/cli/command/container/tty.go ++++ b/components/cli/cli/command/container/tty.go +@@ -13,6 +13,7 @@ import ( + "github.com/docker/docker/client" + "github.com/docker/docker/pkg/signal" + "github.com/sirupsen/logrus" ++ "golang.org/x/sys/unix" + ) + + // resizeTtyTo resizes tty to specific height and width +@@ -79,7 +80,7 @@ func ForwardAllSignals(ctx context.Context, cli command.Cli, cid string) chan os + signal.CatchAll(sigc) + go func() { + for s := range sigc { +- if s == signal.SIGCHLD || s == signal.SIGPIPE { ++ if s == signal.SIGCHLD || s == signal.SIGPIPE || s == unix.SIGURG { + continue + } + var sig string +-- +2.33.0 + diff --git a/series.conf b/series.conf index f2b5fb4..40447f1 100644 --- a/series.conf +++ b/series.conf @@ -273,4 +273,5 @@ patch/0272-Fixes-41871-Update-daemon-daemon.go-resume-healthche.patch patch/0273-backport-fix-CVE-2024-24557.patch patch/0274-docker-fix-CVE-2024-29018.patch patch/0275-backport-fix-CVE-2024-32473.patch +patch/0276-docker-Ignore-SIGURG-on-Linux.patch #end -- Gitee