summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Update date in manpageMartin Michlmayr2019-02-241-1/+1
|
* Mention ledger3 Texinfo manual in manpageMartin Michlmayr2019-02-241-0/+8
| | | | | | Thanks to Alexis Hildebrandt. Fixes #1763
* Fix possible fail acprep make doctolva2019-02-081-1/+1
|
* Release 3.1.2Martin Michlmayr2019-02-053-22/+3
|
* Merge branch 'next' into release/3.1.2Martin Michlmayr2019-02-0581-698/+847
|\
| * Update NEWS for 3.1.2Martin Michlmayr2019-02-051-2/+2
| |
| * Add back some whitespace for clarityJohn Wiegley2019-01-301-1/+1
| |
| * Expose a new utility function for balances: sorted_amountsJohn Wiegley2019-01-302-9/+16
| |
| * Update copyright statement for 2019Martin Michlmayr2019-01-303-4/+4
| |
| * Merge pull request #1755 from scfc/add-travis-ci-setup-for-macosJohn Wiegley2019-01-293-4/+33
| |\ | | | | | | Add Travis CI setup for macOS and homebrew-installed Boost
| | * Add Travis CI setup for macOS and homebrew-installed BoostTim Landscheidt2019-01-303-4/+33
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | On macOS, CMake detects the Boost.Python component installed by homebrew only when named "python27". Thus this change not only adds a Travis CI setup for macOS, but also a CMake option to switch the component name between "python" and "python27". In addition, precompiling system.hh does not work with the current setup for Clang, so another CMake option to disable it is added. The currently used commands to compile specific versions of Boost do not produce a result that works out of the box on macOS. It should be possible just to mimic homebrew's formula for boost-python (https://github.com/Homebrew/homebrew-core/blob/master/Formula/boost-python.rb), but for the moment on macOS this change tests only against Boost installed by homebrew.
| * Merge pull request #1752 from mbudde/gain-use-after-freeJohn Wiegley2019-01-282-0/+3
| |\ | | | | | | | | | | | | Fix use-after-free when destroying filter chain
| | * Fix use-after-free when destroying filter chainMichael Budde2019-01-282-0/+3
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When using the `--gain` option the `temporaries_t` in `changed_value_posts` filter stores a reference to the `<Revalued>` temp account created in `display_filter_posts`. When destroying the filter chain `display_filter_posts` is destroyed before `changed_value_posts` and this can result in a use-after-free in `temporaries_t::clear()` when `temps` in `changed_value_posts` is cleared during destruction if there are any temp posts referencing the `<Revalued>` account. Fix the issue by clearing the `temporaries_t` in `changed_value_posts` before destroying the rest of the filter chain (which includes `display_filter_posts`). Fixes #541
| * Merge pull request #1751 from ↵John Wiegley2019-01-272-4/+3
| |\ | | | | | | | | | | | | scfc/use-cmake-cxx-compiler-id-to-select-on-compiler Use CMAKE_CXX_COMPILER_ID for conditions based on compiler
| | * Use CMAKE_CXX_COMPILER_ID for conditions based on compilerTim Landscheidt2019-01-262-4/+3
| |/ | | | | | | | | | | | | | | | | CMAKE_CXX_COMPILER is the path to the compiler binary and does not need to follow a specific pattern. For example, on Linux with GCC and without an explicit "-DCMAKE_CXX_COMPILER:PATH=" option, CMAKE_CXX_COMPILER is "/usr/bin/c++" which does not match "g++". CMAKE_CXX_COMPILER_ID however will always reliably be "Clang" or "GNU".
| * Add short option -f (for --file) to man pageJonas Meurer2019-01-261-1/+1
| |
| * Fix possible stack overflow in option parsing routineMartin Michlmayr2019-01-263-0/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It is possible to create a stack overflow by giving an option that is longer than the buffer that is used during option parsing because the length of the input string is not checked. Prevent the issue by always checking the input string length and discarding options that does not fit in the buffer as invalid. This issue has been assigned CVE-2017-12481. Thanks to Gwan Yeong Kim for reporting this issue. Fixes #1222
| * Fix possible stack overflow in date parsing routineMichael Budde2019-01-263-1/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It is possible to create a stack overflow by giving a date that is longer than the buffer that is used during date parsing because the length of the input string is not checked. The `VERIFY` macro is only enabled when debug-mode is enabled and the `--verify-memory` argument is used. Prevent the issue by always checking the input string length and discarding dates that does not fit in the buffer as invalid. This issue has been assigned CVE-2017-12482. Fixes #1224
| * Merge pull request #1657 from ↵John Wiegley2019-01-251-1/+1
| |\ | | | | | | | | | | | | nagakiran/timelog-checkin-multiple-accounts-at-a-time Timelog: Not able to check-in to multiple accounts at a time
| | * Timelog: Not able to check-in to multiple accounts at a timeNaga Kiran2018-06-251-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Checking-in to multiple accounts at a time throws the following error "When multiple check-ins are active, checking out requires an account" Issue is that the acount name was sent as 3rd parameter to time_xact_t constructor whereas it is supposed to be sent as 4th parameter Corrected the argument position of account name in constructor call to time_xact_t
| * | Merge pull request #1726 from scfc/compile-strptime-only-on-windowsJohn Wiegley2019-01-252-5/+12
| |\ \ | | | | | | | | Compile strptime.cc only on Windows
| | * | Compile strptime.cc only on WindowsTim Landscheidt2019-01-162-5/+12
| | | |
| * | | Merge pull request #1736 from scfc/drop-conditionals-for-boost-earlier-than-1-49John Wiegley2019-01-257-62/+4
| |\ \ \ | | | | | | | | | | | | | | | | | | | | Drop conditionals for Boost earlier than 1.49
| | * | | Drop conditionals for Boost earlier than 1.49Tim Landscheidt2019-01-177-64/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Ledger requires Boost 1.49 or later and enforces this in CMakeLists.txt. This means BOOST_VERSION will always be 104900 or higher. Also, since Boost 1.46, BOOST_FILESYSTEM_VERSION is 3.
| * | | | Merge pull request #1742 from scfc/rephrase-boost-build-matrixJohn Wiegley2019-01-253-96/+29
| |\ \ \ \ | | | | | | | | | | | | Rephrase Boost build matrix
| | * | | | Use build matrix to specify Boost versions for Travis CITim Landscheidt2019-01-223-45/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In Travis CI, versions of libraries, etc. to build against are typically specified in a build matrix. In addition, currently there is no way to build against the distribution-provided Boost version. This change uses a build matrix for BOOST_VERSION and allows that variable to be empty for building against the distribution-provided Boost version.
| | * | | | Remove broken and disabled Travis CI configurationsTim Landscheidt2019-01-223-51/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Travis CI configurations for macOS, Clang on Linux and CheckTexinfo.py and CheckManpage.py are broken and disabled or ignored. They appear to be non-trivial to fix, so the current stub is probably more distracting than helpful while also making changes to the working Linux configuration more difficult.
| * | | | | Merge pull request #1743 from scfc/move-garbage-dat-to-test-using-itJohn Wiegley2019-01-253-32/+32
| |\ \ \ \ \ | | | | | | | | | | | | | | Move garbage-input.dat to test case using it
| | * | | | | Move garbage-input.dat to test case using itTim Landscheidt2019-01-223-32/+32
| | |/ / / /
| * | | | | Merge pull request #1744 from scfc/do-not-set-dependencies-for-target-checkJohn Wiegley2019-01-252-7/+0
| |\ \ \ \ \ | | | | | | | | | | | | | | Do not set dependencies for target check
| | * | | | | Do not set dependencies for target checkTim Landscheidt2019-01-222-7/+0
| | |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The set_target_properties() commands themselves do not cause the tests to run if the target check is made, and as the target check executes ctest, all tests will be run anyway.
| * | | | | Merge pull request #1745 from mbudde/ignore-null-deferred-postingsJohn Wiegley2019-01-253-3/+13
| |\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | Ignore null deferred postings
| | * | | | | Ignore null deferred postingsMichael Budde2019-01-233-3/+13
| | |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | All-null transactions (i.e. a transaction where all postings have a null amount) are discarded during parsing and the `xact` object is free'd. But if the transaction contains a deferred posting this results in a use-after-free vulnerability because a reference to the deferred posting is stored in the account object which is later read when deferred postings are applied after parsing is finished. Ignore null deferred postings to prevent this – they should not have any effect any way. Thanks to Cory Duplantis for reporting this issue and providing an initial analysis. Ref TALOS-2017-0304, CVE-2017-2808 Fixes #1723
| * | | | | Expose post_t::given_cost over pythonChristoph Dittmann2019-01-251-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes #1655 by making the post_t::given_cost variable accessible over python. This allows access to the given cost of a posting. For example, here it will be "-2 EUR": A -2 XXX {1 EUR} [2018-01-01] @@ 2 EUR If a per-unit cost is given, the given_cost variable will still contain the cost of the posting. For example, here it will be "-4 EUR": B -2 XXX {1 EUR} [2018-01-01] @ 2 EUR
| * | | | | Drop support for gcc 2 and earlierTim Landscheidt2019-01-2514-97/+65
| | | | | |
| * | | | | Remove workaround for isspace() on FreeBSD 4 and earlierTim Landscheidt2019-01-251-5/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | FreeBSD 4 was declared end-of-life in 2006 (https://lists.freebsd.org/pipermail/freebsd-security/2006-October/004111.html). Currently, only FreeBSD 11 and 12 are supported (https://www.freebsd.org/security/security.html#sup).
| * | | | | Add tzdata to build dependencies for UbuntuTim Landscheidt2019-01-253-4/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The test suite uses the symbolic time zone name "America/Chicago". To resolve that, the tzdata package needs to be installed. This fixes #1739.
| * | | | | Quick nitpick styling change/enhancementGonzalo Rizzo2019-01-251-6/+6
| |/ / / /
| * | | | Use standard GCC in Travis CITim Landscheidt2019-01-191-7/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 4c4367fe6b7f184605c900735fc5b646f45311c1 added some logic to compile Ledger with GCC 4.8 as Travis CI's Ubuntu Precise environments only offered 4.6 at that time. Since then, the default image has changed to Ubuntu Trusty which provides GCC 4.8.
| * | | | Merge pull request #1735 from scfc/remove-code-related-to-boost-facetsJohn Wiegley2019-01-172-82/+2
| |\ \ \ \ | | |/ / / | |/| | | Remove unused development code related to USE_BOOST_FACETS
| | * | | Remove unused development code related to USE_BOOST_FACETSTim Landscheidt2019-01-172-82/+2
| |/ / / | | | | | | | | | | | | | | | | The code can be accessed by Git history and reused in a branch if necessary.
| * | | Merge pull request #1733 from pascalfleury/ubuntu_deps_updateJohn Wiegley2019-01-172-49/+44
| |\ \ \ | | | | | | | | | | Ubuntu deps update
| | * | | Update README info.Pascal Fleury2019-01-171-9/+1
| | | | |
| | * | | update deps.Pascal Fleury2019-01-171-39/+42
| | | | |
| | * | | Make acprep work with Python3.Pascal Fleury2019-01-171-1/+1
| | |/ /
| * | | Merge pull request #1734 from tko/boost-fmtJohn Wiegley2019-01-172-4/+4
| |\ \ \ | | |/ / | |/| | Fix some boost format strings
| | * | Fix some boost format stringsTommi Komulainen2019-01-172-4/+4
| |/ / | | | | | | | | | | | | | | | Fixes: Error: boost::bad_format_string: format-string is ill-formed
| * | Fix parsing issue involving effective datesMartin Michlmayr2019-01-153-1/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Cory Duplantis reported that "A specially crafted journal file can cause [an] integer underflow resulting in code execution". Cory provided this test case: Expenses:Food:Groceries $ 37.50 ; ] [=2004/01/01] Note the ] that comes before [ after the ;. This issue was reported and described in great detail by Cory Duplantis of Cisco Talos. This issue is known as TALOS-2017-0303 and has been assigned CVE-2017-2807. Cory's description can be found at https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0303 Fixes #1722
| * | Merge pull request #1705 from scfc/move-have-editJohn Wiegley2019-01-142-13/+9
| |\ \ | | | | | | | | Use HAVE_EDIT only in main.cc
| | * \ Merge branch 'next' into move-have-editJohn Wiegley2019-01-1411-47/+56
| | |\ \ | | |/ / | |/| |
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-07 22:49:05 +0000