Problem: search() is used to check for the message from tar that
indicates leading slashes found in the tar archive, or to
check for the leading slashes themselves. However, if
'nowrapscan' is in effect these searches are limited to the
last line and don't find any results. This causes the warning
message from tar to be seen in the buffer, the "Path Traversal
Attack Detected" message to be omitted, and editing actions
can fail. This can be seen, for example, when editing
src/testdir/samples/evil.tar.
Solution: Use the 'w' flag for search() (Kevin Goodsell)
closes: vim/vim#1933318d844e365
Co-authored-by: Kevin Goodsell <kevin-opensource@omegacrash.net>
Problem: [security]: path traversal issue in tar.vim
(@ax)
Solution: warn the user for such things, drop leading /, don't
forcefully overwrite files when writing temporary files,
refactor autoload/tar.vim
tar.vim: drop leading / in path names
A tar archive containing files with leading `/` may cause confusions as
to where the content is extracted. Let's make sure we drop the leading
`/` and use a relative path instead.
Also while at it, had to refactor it quite a bit and increase the
minimum supported Vim version to v9. Also add a test for some basic tar
functionality
closes: vim/vim#1773387757c6b0a
Co-authored-by: Christian Brabandt <cb@256bit.org>
