summaryrefslogtreecommitdiff
path: root/doc
Commit message (Collapse)AuthorAgeFilesLines
* Update NEWS for 3.1.2Martin Michlmayr2019-02-051-2/+2
|
* Update copyright statement for 2019Martin Michlmayr2019-01-301-1/+1
|
* Fix use-after-free when destroying filter chainMichael Budde2019-01-281-0/+2
| | | | | | | | | | | | | | | | When using the `--gain` option the `temporaries_t` in `changed_value_posts` filter stores a reference to the `<Revalued>` temp account created in `display_filter_posts`. When destroying the filter chain `display_filter_posts` is destroyed before `changed_value_posts` and this can result in a use-after-free in `temporaries_t::clear()` when `temps` in `changed_value_posts` is cleared during destruction if there are any temp posts referencing the `<Revalued>` account. Fix the issue by clearing the `temporaries_t` in `changed_value_posts` before destroying the rest of the filter chain (which includes `display_filter_posts`). Fixes #541
* Add short option -f (for --file) to man pageJonas Meurer2019-01-261-1/+1
|
* Fix possible stack overflow in option parsing routineMartin Michlmayr2019-01-261-0/+3
| | | | | | | | | | | | | | | It is possible to create a stack overflow by giving an option that is longer than the buffer that is used during option parsing because the length of the input string is not checked. Prevent the issue by always checking the input string length and discarding options that does not fit in the buffer as invalid. This issue has been assigned CVE-2017-12481. Thanks to Gwan Yeong Kim for reporting this issue. Fixes #1222
* Fix possible stack overflow in date parsing routineMichael Budde2019-01-261-0/+3
| | | | | | | | | | | | | | | It is possible to create a stack overflow by giving a date that is longer than the buffer that is used during date parsing because the length of the input string is not checked. The `VERIFY` macro is only enabled when debug-mode is enabled and the `--verify-memory` argument is used. Prevent the issue by always checking the input string length and discarding dates that does not fit in the buffer as invalid. This issue has been assigned CVE-2017-12482. Fixes #1224
* Ignore null deferred postingsMichael Budde2019-01-231-0/+3
| | | | | | | | | | | | | | | | | | All-null transactions (i.e. a transaction where all postings have a null amount) are discarded during parsing and the `xact` object is free'd. But if the transaction contains a deferred posting this results in a use-after-free vulnerability because a reference to the deferred posting is stored in the account object which is later read when deferred postings are applied after parsing is finished. Ignore null deferred postings to prevent this – they should not have any effect any way. Thanks to Cory Duplantis for reporting this issue and providing an initial analysis. Ref TALOS-2017-0304, CVE-2017-2808 Fixes #1723
* Fix parsing issue involving effective datesMartin Michlmayr2019-01-151-0/+3
| | | | | | | | | | | | | | | | | Cory Duplantis reported that "A specially crafted journal file can cause [an] integer underflow resulting in code execution". Cory provided this test case: Expenses:Food:Groceries $ 37.50 ; ] [=2004/01/01] Note the ] that comes before [ after the ;. This issue was reported and described in great detail by Cory Duplantis of Cisco Talos. This issue is known as TALOS-2017-0303 and has been assigned CVE-2017-2807. Cory's description can be found at https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0303 Fixes #1722
* Update NEWS for 3.1.2Martin Michlmayr2019-01-121-9/+42
|
* Add release dates to doc/NEWSMartin Michlmayr2019-01-121-3/+3
|
* Remove trailing whitespaceMartin Michlmayr2019-01-092-11/+11
|
* explain round brackets in section on fundsGeorg J.P. Link2018-11-181-4/+5
| | | Section "Working with multiple funds and accounts" introduces square brackets and explains them but does not explain round brackets in the following example. This commit adds the explanation what the round brackets do.
* Fix broken link in manualMartin Michlmayr2018-11-141-1/+1
|
* A minor suggested change in the documentationJohn Wiegley2018-09-201-3/+3
|
* Fix two bugs in the documentationJohn Wiegley2018-09-031-2/+2
|
* Clarify regex vs exact matches with has_tag()Martin Michlmayr2018-08-311-1/+2
|
* Fix texinfo syntaxMartin Michlmayr2018-08-301-1/+1
|
* Clarify tag() and has_tag()Martin Michlmayr2018-08-301-2/+6
| | | | Fixes #1676
* Correct some instance of @@ to @@@@ (for Texinfo escaping)John Wiegley2018-08-091-8/+8
|
* Mention and point to related bug for Payee metadata tagScott Carpenter2018-08-081-2/+5
|
* Add notes to 5.7.1.1 Payee metadata tag docScott Carpenter2018-08-021-0/+4
|
* Added more documentation about assertions.Pascal Fleury2018-07-181-0/+39
|
* Fix order of transaction state in txn headerScott Carpenter2018-07-091-1/+1
| | | | The transaction state comes before (not after) the code.
* Document keywords "any" and "all"Martin Michlmayr2018-07-061-0/+13
| | | | Fixes #1192
* Document the use of wildcards for !includeMartin Michlmayr2018-06-281-1/+3
| | | | Fixes #1658
* Documents commodity directive's alias sub-directiveColin Dean2018-06-101-0/+4
|
* Fix documentation for apply fixedMartin Michlmayr2018-06-011-43/+35
| | | | | | | | | The old "fixed" and "endfixed" are no longer used (and afaict don't work). You have to use "apply fixed" and "end apply" instead. Fixes issue #789 Signed-off-by: Martin Michlmayr <tbm@cyrius.com>
* Remove references to BugzillaMartin Michlmayr2018-06-011-1/+1
|
* Add documentation on how to sort in reverse orderVishesh Handa2018-04-081-0/+3
|
* Fix Python exampleMartin Michlmayr2018-03-251-1/+1
| | | | | | Thanks to Brian Carlson for pointing this out. Fixes #547
* Fix documentation about the "end" directiveMartin Michlmayr2018-03-251-1/+1
| | | | | "tag" is not a block command. This was probably supposed to be "apply" which can be used to apply tags to several transactions.
* [misc] Update year in copyright notice to 2017Alexis Hildebrandt2018-01-271-1/+1
| | | | [ci skip]
* For now, comment out a documented function whose test is failingJohn Wiegley2017-12-301-10/+10
| | | | Plus, the test was not testing the documented function!
* ledger3.texi: Fix two more typosDaniel Mueller2017-12-201-5/+6
|
* Merge pull request #500 from d-e-s-o/fix-another-typoJohn Wiegley2017-12-151-1/+1
|\ | | | | ledger3.texi: Fix typo
| * ledger3.texi: Fix typoDaniel Mueller2017-12-151-1/+1
| |
* | ledger3.texi: Fix typoDaniel Mueller2017-12-151-1/+1
|/
* Fix sentence broken by d1928e64Michael Budde2017-10-301-1/+1
|
* Merge pull request #487 from craig9/craig9-improve-wordingJohn Wiegley2017-10-261-1/+1
|\ | | | | Improve wording, remove connection between financial worth and personal worth.
| * Improve wording, remove connection between financial worth and personal worthCraig Marshall2017-02-171-1/+1
| |
* | Merge pull request #488 from bkuhn/doc-mention-third-party-tutorialsJohn Wiegley2017-10-261-1/+19
|\ \ | | | | | | Add mention of third-party tutorials to documentation
| * | Update nodes and menus based on section just addedBradley M. Kuhn2017-02-231-2/+3
| | |
| * | Section on Third-Party Tutorials available.Bradley M. Kuhn2017-02-231-0/+17
| |/ | | | | | | | | | | | | I was updating the tutorial that Conservancy published regarding how it uses Ledger CLI for non-profit accounting and realized that mentioning the tutorial's availability in Ledger's own documentation might be useful as well.
* | Merge pull request #492 from CrackedP0t/patch-1John Wiegley2017-10-261-1/+1
|\ \ | | | | | | Fix small typo
| * | Fix small typoElaina Martineau2017-06-161-1/+1
| |/
* | Update: ledger3.texi: fix calculatiotsmyq2017-05-281-4/+4
| | | | | | Unless I'm missing something, these don't balance @ $750
* | Update ledger3.texi: grammar and typosmyq2017-05-281-2/+2
|/ | | | - removed redundant preposition - fixed calculation on unvalidated smallexample block
* Flip ordering of "options" and "command" in the man pageJohn Wiegley2017-02-161-2/+2
|
* typo in docsAlexander Pletnev2017-01-271-1/+1
| | | | fix test
* [misc] Update year in copyright notice to 2017Alexis Hildebrandt2017-01-051-1/+1
| | | | [ci skip]
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-06 10:58:07 +0000