Fix security bug that allows running arbitrary user code.

https://bugzilla.redhat.com/show_bug.cgi?id=950777
11 years ago · ad09ee27d4
parent d3c1765255
commit ad09ee27d4
3 changed files with 4 additions and 4 deletions
--- a/bin/autojump
+++ b/bin/autojump
@ -34,7 +34,7 @@ import re
 import shutil
 from tempfile import NamedTemporaryFile

-VERSION = 'release-v21.5.5'
+VERSION = 'release-v21.5.6'
 MAX_KEYWEIGHT = 1000
 MAX_STORED_PATHS = 1000
 COMPLETION_SEPARATOR = '__'
--- a/bin/autojump.sh
+++ b/bin/autojump.sh
@ -15,7 +15,7 @@ elif [ -s /etc/profile.d/autojump.${shell} ]; then
 	source /etc/profile.d/autojump.${shell}

 # check custom install locations (modified by Homebrew or using --destdir option)
-elif [ -s custom_install/autojump.${shell} ]; then
-	source custom_install/autojump.${shell}
+elif [ -s /destdir_${RANDOM}_install/autojump.${shell} ]; then
+	source /destdir_${RANDOM}_install/autojump.${shell}

 fi
--- a/install.sh
+++ b/install.sh
@ -222,7 +222,7 @@ install -v -m 0755 ./bin/_j ${destdir}${zshsharedir} || exit 1

 # MODIFY AUTOJUMP.SH FOR CUSTOM INSTALLS
 if [[ -z ${local} ]] && [[ -z ${global} ]]; then
-    sed -i "s:custom_install:${destdir}etc/profile.d:g" ${destdir}etc/profile.d/autojump.sh
+    sed -i "s:/destdir_.*_install:${destdir}etc/profile.d:g" ${destdir}etc/profile.d/autojump.sh
 fi

 # DISPLAY ADD MESSAGE