fix(tar) absolute symlink extraction

Absolute targets were converted before, but it was too simple to
be right other than when the link target was in the same directory.

With this change absolute symlinks like

  /sbin/ls -> /bin/busybox

are converted to

  /sbin/ls -> ../bin/busybox

Co-authored-by: Andrew Fasano <fasano@mit.edu>

Author: e3krisztian

unblob/handlers/archive/_safe_tarfile.py

@@ -63,7 +63,7 @@ def extract(self, tarinfo: tarfile.TarInfo, extract_root: Path):  # noqa: C901
                 "Absolute path.",
                 "Converted to extraction relative path.",
             )
-            tarinfo.name = f"./{tarinfo.name}"
+            tarinfo.name = str(Path(tarinfo.name).relative_to("/"))
 
         # prevent traversal attempts through file name
         if not is_safe_path(basedir=extract_root, path=extract_root / tarinfo.name):
@@ -82,7 +82,18 @@ def extract(self, tarinfo: tarfile.TarInfo, extract_root: Path):  # noqa: C901
                     "Absolute path as link target.",
                     "Converted to extraction relative path.",
                 )
-                tarinfo.linkname = f"./{tarinfo.linkname}"
+
+                def calculate_linkname():
+                    root = extract_root.resolve()
+                    path = (extract_root / tarinfo.name).resolve()
+                    common_path = Path(os.path.commonpath([root, path]))
+                    # normally root == common_path
+                    # if it is not, the output will be bad
+                    depth = max(0, len(path.parts) - len(common_path.parts) - 1)
+                    return ("/".join([".."] * depth) or ".") + tarinfo.linkname
+
+                tarinfo.linkname = calculate_linkname()
+                assert not Path(tarinfo.linkname).is_absolute()
 
             resolved_path = (extract_root / tarinfo.name).parent / tarinfo.linkname
             if not is_safe_path(basedir=extract_root, path=resolved_path):