Fix security bug that allows running arbitrary user code.

https://bugzilla.redhat.com/show_bug.cgi?id=950777

bin/autojump

@@ -34,7 +34,7 @@ import re
 import shutil
 from tempfile import NamedTemporaryFile
 
-VERSION = 'release-v21.5.5'
+VERSION = 'release-v21.5.6'
 MAX_KEYWEIGHT = 1000
 MAX_STORED_PATHS = 1000
 COMPLETION_SEPARATOR = '__'

bin/autojump.sh

@@ -15,7 +15,7 @@ elif [ -s /etc/profile.d/autojump.${shell} ]; then
 	source /etc/profile.d/autojump.${shell}
 
 # check custom install locations (modified by Homebrew or using --destdir option)
-elif [ -s custom_install/autojump.${shell} ]; then
-	source custom_install/autojump.${shell}
+elif [ -s /destdir_${RANDOM}_install/autojump.${shell} ]; then
+	source /destdir_${RANDOM}_install/autojump.${shell}
 
 fi

install.sh

@@ -222,7 +222,7 @@ install -v -m 0755 ./bin/_j ${destdir}${zshsharedir} || exit 1
 
 # MODIFY AUTOJUMP.SH FOR CUSTOM INSTALLS
 if [[ -z ${local} ]] && [[ -z ${global} ]]; then
-    sed -i "s:custom_install:${destdir}etc/profile.d:g" ${destdir}etc/profile.d/autojump.sh
+    sed -i "s:/destdir_.*_install:${destdir}etc/profile.d:g" ${destdir}etc/profile.d/autojump.sh
 fi
 
 # DISPLAY ADD MESSAGE