tar CVE-2016-6321: Path-traversal via unvalidated --strip-components

GNU tar's --strip-components option fails to sanitize path-traversal sequences (..) in member names after stripping leading path components. When a tar archive contains a member name like 'foo/../bar/baz.txt' and is extracted with --strip-components=1, the function strips the 'foo/' component but leaves the '../bar/baz.txt' portion intact. This allows an attacker to craft a malicious tar archive where stripping components reveals a path-traversal attack that writes files outside the intended extraction directory.