7ad3412591
Fix a widespread bug named CVE-2007-4559, which is a 15 year old bug in the Python tarfile package. By using extract() or extractall() on a tarfile object without sanitizing input, a maliciously crafted .tar file could perform a directory path traversal attack. This patch essentially checks to see if all tarfile members will be extracted safely and throws an exception otherwise.