From 6cc2193024c6a17b072465571d4a0be3c57efdab Mon Sep 17 00:00:00 2001
From: wangcichen <wangcichen_yewu@cmss.chinamobile.com>
Date: Thu, 25 May 2023 08:08:43 +0800
Subject: [PATCH 1/2] Fix: Random crashes during the output decoding of dnf
 commands

---
 repos/system_upgrade/el7toel8/libraries/utils.py | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/repos/system_upgrade/el7toel8/libraries/utils.py b/repos/system_upgrade/el7toel8/libraries/utils.py
index 712b6a45..0c08216d 100644
--- a/repos/system_upgrade/el7toel8/libraries/utils.py
+++ b/repos/system_upgrade/el7toel8/libraries/utils.py
@@ -1,4 +1,5 @@
 import functools
+import os
 import sys
 
 import six
@@ -75,12 +76,13 @@ def logging_handler(fd_info, buf):
     Custom log handler to always show stdout to console and stderr only in DEBUG mode
     """
     (_unused, fd_type) = fd_info
-
-    if fd_type == STDOUT:
-        sys.stdout.write(buf)
+    if fd_type != STDOUT and not config.is_debug():
+        return
+    target = sys.stdout if fd_type == STDOUT else sys.stderr
+    if sys.version_info > (3, 0):
+        os.writev(target.fileno(), [buf])
     else:
-        if config.is_debug():
-            sys.stderr.write(buf)
+        target.write(buf)
 
 
 def reinstall_leapp_repository_hint():
-- 
Gitee


From 052ff020a611a2538e00298a3b865b5637d8bedf Mon Sep 17 00:00:00 2001
From: wangcichen <wangcichen_yewu@cmss.chinamobile.com>
Date: Thu, 25 May 2023 08:27:55 +0800
Subject: [PATCH 2/2] mounting library: secure the isolated actions

---
 repos/system_upgrade/el7toel8/libraries/mounting.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/repos/system_upgrade/el7toel8/libraries/mounting.py b/repos/system_upgrade/el7toel8/libraries/mounting.py
index c39f5ceb..670da947 100644
--- a/repos/system_upgrade/el7toel8/libraries/mounting.py
+++ b/repos/system_upgrade/el7toel8/libraries/mounting.py
@@ -140,11 +140,14 @@ class IsolatedActions(object):
         """
         Transform the path given to be prefixed with the base_dir, to get the real path on the system.
 
+        The function is secured, so it is not possible to return path outside
+        of the self.base_dir directory.
+
         Example: self.base_dir = '/var/lib/leapp/scratch/userspace'
                  path = '/etc/yum.repos.d/redhat.repo'
                  The result would be: /var/lib/leapp/scratch/userspace/etc/yum.repos.d/redhat.repo
         """
-        return os.path.join(self.base_dir, path.lstrip('/'))
+        return os.path.join(self.base_dir, os.path.abspath(path).lstrip('/'))
 
     def open(self, path, *args, **kwargs):
         """
-- 
Gitee