| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| | |/ / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
All-null transactions (i.e. a transaction where all postings have a null
amount) are discarded during parsing and the `xact` object is free'd.
But if the transaction contains a deferred posting this results in a
use-after-free vulnerability because a reference to the deferred posting
is stored in the account object which is later read when deferred
postings are applied after parsing is finished.
Ignore null deferred postings to prevent this – they should not have any
effect any way.
Thanks to Cory Duplantis for reporting this issue and providing an
initial analysis.
Ref TALOS-2017-0304, CVE-2017-2808
Fixes #1723
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This fixes #1655 by making the post_t::given_cost variable accessible
over python.
This allows access to the given cost of a posting. For example, here
it will be "-2 EUR":
A -2 XXX {1 EUR} [2018-01-01] @@ 2 EUR
If a per-unit cost is given, the given_cost variable will still
contain the cost of the posting. For example, here it will be
"-4 EUR":
B -2 XXX {1 EUR} [2018-01-01] @ 2 EUR
|
| | | | | | |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
FreeBSD 4 was declared end-of-life in 2006
(https://lists.freebsd.org/pipermail/freebsd-security/2006-October/004111.html).
Currently, only FreeBSD 11 and 12 are supported
(https://www.freebsd.org/security/security.html#sup).
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
The test suite uses the symbolic time zone name "America/Chicago".
To resolve that, the tzdata package needs to be installed. This
fixes #1739.
|
| |/ / / / |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Commit 4c4367fe6b7f184605c900735fc5b646f45311c1 added some logic to
compile Ledger with GCC 4.8 as Travis CI's Ubuntu Precise environments
only offered 4.6 at that time. Since then, the default image has
changed to Ubuntu Trusty which provides GCC 4.8.
|
| |\ \ \ \
| | |/ / /
| |/| | | |
Remove unused development code related to USE_BOOST_FACETS
|
| |/ / /
| | | |
| | | |
| | | |
| | | | |
The code can be accessed by Git history and reused in a branch if
necessary.
|
| |\ \ \
| | | | |
| | | | | |
Ubuntu deps update
|
| | | | | |
|
| | | | | |
|
| | |/ / |
|
| |\ \ \
| | |/ /
| |/| | |
Fix some boost format strings
|
| |/ /
| | |
| | |
| | |
| | |
| | | |
Fixes:
Error: boost::bad_format_string: format-string is ill-formed
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Cory Duplantis reported that "A specially crafted journal file can
cause [an] integer underflow resulting in code execution". Cory
provided this test case:
Expenses:Food:Groceries $ 37.50 ; ] [=2004/01/01]
Note the ] that comes before [ after the ;.
This issue was reported and described in great detail by Cory Duplantis
of Cisco Talos. This issue is known as TALOS-2017-0303 and has been
assigned CVE-2017-2807. Cory's description can be found at
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0303
Fixes #1722
|
| |\ \
| | | |
| | | | |
Use HAVE_EDIT only in main.cc
|
| | |\ \
| | |/ /
| |/| | |
|
| |\ \ \
| | | | |
| | | | | |
Remove unnecessary include for sys/stat.h
|
| | | | | |
|
| |\ \ \ \
| | | | | |
| | | | | | |
Remove unnecessary include for unicodeobject.h
|
| | |/ / / |
|
| |\ \ \ \
| | | | | |
| | | | | | |
Remove unused function py_dump_relaxed()
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
The only user of py_dump_relaxed() was removed in commit
0bbb4f2f0cbaa6ffb5c7a2c018a3819cca0b2405.
|
| |\ \ \ \ \
| | | | | | |
| | | | | | | |
Fix warnings for -Wimplicit-fallthrough
|
| | | | | | | |
|
| |\ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
Fix warning about uninitialized variable prepend_width
|
| | | |/ / / /
| | |/| | | | |
|
| |\ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
Prefer system utf8cpp if available
|
| | |/ / / / /
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
The current logic always uses the bundled utf8cpp. This is contrary
to the stated intent of commit
1d7dd3e082be8a046f21d4a2d51026ac3c1f7c14 if UTFCPP_PATH is not set
explicitly.
|
| |\ \ \ \ \ \
| | |/ / / / /
| |/| | | | | |
Remove unused macros HAVE_ACCESS and HAVE_REALPATH
|
| | | |/ / /
| | |/| | | |
|
| | | | | | |
|
| | | | | | |
|
| |/ / / / |
|
| | |/ /
| |/| | |
|
| | | |
| | | |
| | | |
| | | |
| | | | |
Add a test case for issue #1703 which John Wiegley fixed in commit
56025cde ("Don't attempt to invert a value if it's already zero").
|
| | | | |
|
| | | |
| | | |
| | | |
| | | | |
macOS seems to be the current name for Mac OS X.
|
| | | | |
|
| | | | |
|
| |\ \ \
| | | | |
| | | | | |
explain round brackets in section 3.8 on multiple funds
|
| |/ / /
| | | |
| | | | |
Section "Working with multiple funds and accounts" introduces square brackets and explains them but does not explain round brackets in the following example. This commit adds the explanation what the round brackets do.
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| |\ \ \
| | | | |
| | | | | |
Improve bash completion
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
We now complete option shorthands
[ci skip]
|
| | | | | |
|