[3.12] gh-149486: tarfile.data_filter: validate written link target (GH-149487)

[miss-islington]

The data filter rewrote linknames with normpath() but ran the
containment check against the un-normalised value, and computed a
symlink's directory before stripping trailing slashes. Both let a
crafted archive create links pointing outside the destination. Also
reject link members that resolve to the destination directory itself,
which could otherwise replace it with a symlink and redirect all
subsequent members.

(Patch by Greg; Petr's just reviewing & merging.)
(cherry picked from commit 5784119)

Co-authored-by: Petr Viktorin encukou@gmail.com
Co-authored-by: Gregory P. Smith greg@krypto.org

• Issue: tarfile.data_filter doesn't handle symlinks with empty names #149486

[read-the-docs-community]

Documentation build overview

📚 cpython-previews | 🛠️ Build #32606778 | 📁 Comparing af3856f against main (2f6b380)

  🔍 Preview build  

533 files changed · + 3 added · ± 477 modified · - 53 deleted

+ Added

• c-api/objbuffer.html
• library/2to3.html
• library/tkinter.tix.html

± Modified

• about.html
• bugs.html
• copyright.html
• glossary.html
• index.html
• license.html
• py-modindex.html
• c-api/abstract.html
• c-api/allocation.html
• c-api/apiabiversion.html
• and 467 more...

- Deleted

• 404.html
• improve-page-nojs.html
• improve-page.html
• _static/tachyon-example-flamegraph.html
• _static/tachyon-example-heatmap.html
• c-api/curses.html
• c-api/extension-modules.html
• c-api/interp-lifecycle.html
• c-api/lifecycle.html
• c-api/monitoring.html
• and 43 more...