Unvendoring of 'tar' breaks unpacking

[davean]

Commit 0db3b21 introduces a dependancy on a tarbomb check that can't handle many hackage packages.

For example:

$ cabal get binary-0.6.4.0
Downloading binary-0.6.4.0...
Unpacking to binary-0.6.4.0/
File in tar archive is not in the expected directory "binary-0.6.4.0"

The old code handled POSIX.1-2001/pax tarballs specificly, of which there are many on hackage. The code in the tar package does not understand the pax records, and errors on them thinkng they're "normal files" in the wrong location.

These packages did install properly in the last cabal-install version.

[23Skidoo]

@dcoutts, can you please look into this?

[23Skidoo]

Same issue on the tar bug tracker: haskell/tar#1.

[dcoutts]

Ok.

[dcoutts]

@23Skidoo @hvr @davean please try with the new release 0.5.0.3 and if it's ok then lets just tweak the cabal-install constraints (no need to re-release).

[dcoutts]

Note that haskell/tar#1 is a different issue really. That's about wholesale support for PAX, this issue was just about ignoring PAX headers for the purposes of the tarbomb check. This check had been added to the tar code in cabal-install but never ported over to the main tar package.

[23Skidoo]

Confirmed that tar-0.5.0.3 fixes the issue. Updated the version bound in the repo and on Hackage.