From: Eric M. Ludlam <ericludlam@gm...> - 2012-01-21 04:31:41
A broad security patch for the EDE issue David posted earlier is now
available in trunk. This update replaces the implementation of
eieio-persistent-read with one that forces a check on the expected class
to be read in, and will manually look at the saved file and instantiate
the new classes explicitly instead of via eval. It will also check the
types of all the slot values, and issue errors before instantiation,
allowing more safety.
This should make it much safer to enable general EDE project loading.
Despite that, the querying protection added earlier will continue to
exist by default.
If you often use CEDET/trunk and if you happen to have other tools using
EIEIO, please give this a try. Your dependent tools may need to be
updated to fix a warning message, and the tool author will need to know.
Get latest updates about Open Source Projects, Conferences and News.