From 78fc476e61ee1854d836e622f247f70b8495cff1 Mon Sep 17 00:00:00 2001
From: Sam Tobin-Hochstadt <samth@cs.indiana.edu>
Date: Thu, 10 Sep 2015 18:35:40 -0400
Subject: [PATCH] Reject relative paths in MANIFEST files when installing.

---
 racket/collects/pkg/private/stage.rkt | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/racket/collects/pkg/private/stage.rkt b/racket/collects/pkg/private/stage.rkt
index 8f3fd17975..52bc8d457b 100644
--- a/racket/collects/pkg/private/stage.rkt
+++ b/racket/collects/pkg/private/stage.rkt
@@ -11,6 +11,7 @@
          net/url
          file/untgz
          file/unzip
+         file/private/check-path
          openssl/sha1
          json
          net/git-checkout
@@ -412,6 +413,7 @@
                   pkg-name)
                  'directory))
               (define (path-like f)
+                (check-unpack-path 'MANIFEST f)
                 (build-path package-path f))
               (define (url-like f)
                 (if (and (pair? (url-path pkg-url))