| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Fixes #1877
|
| |
|
|
|
|
| |
Fixes #1690
|
| |
|
|
|
|
| |
Fixes #1868
|
|
|
|
|
|
|
| |
This change adds a warning in the documentation for users using
automated transactions with `--strict` or `--pedantic`, as ledger
will throw an error when `$account` is not defined explicitly
(see #545).
|
|
|
|
|
| |
and add some cross references to more detailed documentation and
examples.
|
| |
|
|
|
|
|
|
| |
Currently the docs recommend the use of balance --average to help
generate a budget. Apparently that doesn't work. Instead use the
register command with --average.
|
|
|
| |
Common misspelling of aforementioned.
|
|
|
|
|
|
|
|
|
| |
'%F' is equivalent to '%Y-%m-%d'. Using the '%F' format without this
change this would not give any hard errors but instead give dates with
wrong years because the 'has_year' trait would not be correctly
detected and thus parsed dates would get set to the current year.
Fixes #1775
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a tag is more than 2 characters from the beginning of the comment the
tag value offset will be wrong. #1702 gives an example where the tag
line starts with `;;` and the tag value thus becomes `: Bar` because of
this bug.
The use `index` in the offset calulation seems to be a lucky coincidence
that works in the common case: "; tag: value"
Fixes #1702
|
|
|
|
| |
Fixes #1753
|
| |
|
| |
|
| |
|
|\
| |
| |
| |
| | |
fix "Income increases with credits"
|
| |
| |
| | |
Signed-off-by: Georg J.P. Link <linkgeorg@gmail.com>
|
|/
|
| |
Signed-off-by: Georg J.P. Link <linkgeorg@gmail.com>
|
| |
|
| |
|
|
|
|
|
|
| |
Thanks to Alexis Hildebrandt.
Fixes #1763
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When using the `--gain` option the `temporaries_t` in
`changed_value_posts` filter stores a reference to the `<Revalued>` temp
account created in `display_filter_posts`. When destroying the filter
chain `display_filter_posts` is destroyed before `changed_value_posts`
and this can result in a use-after-free in `temporaries_t::clear()` when
`temps` in `changed_value_posts` is cleared during destruction if there
are any temp posts referencing the `<Revalued>` account.
Fix the issue by clearing the `temporaries_t` in `changed_value_posts`
before destroying the rest of the filter chain (which includes
`display_filter_posts`).
Fixes #541
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is possible to create a stack overflow by giving an option that is
longer than the buffer that is used during option parsing because the
length of the input string is not checked.
Prevent the issue by always checking the input string length and
discarding options that does not fit in the buffer as invalid.
This issue has been assigned CVE-2017-12481.
Thanks to Gwan Yeong Kim for reporting this issue.
Fixes #1222
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is possible to create a stack overflow by giving a date that is
longer than the buffer that is used during date parsing because the
length of the input string is not checked. The `VERIFY` macro is only
enabled when debug-mode is enabled and the `--verify-memory` argument is
used.
Prevent the issue by always checking the input string length and
discarding dates that does not fit in the buffer as invalid.
This issue has been assigned CVE-2017-12482.
Fixes #1224
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
All-null transactions (i.e. a transaction where all postings have a null
amount) are discarded during parsing and the `xact` object is free'd.
But if the transaction contains a deferred posting this results in a
use-after-free vulnerability because a reference to the deferred posting
is stored in the account object which is later read when deferred
postings are applied after parsing is finished.
Ignore null deferred postings to prevent this – they should not have any
effect any way.
Thanks to Cory Duplantis for reporting this issue and providing an
initial analysis.
Ref TALOS-2017-0304, CVE-2017-2808
Fixes #1723
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cory Duplantis reported that "A specially crafted journal file can
cause [an] integer underflow resulting in code execution". Cory
provided this test case:
Expenses:Food:Groceries $ 37.50 ; ] [=2004/01/01]
Note the ] that comes before [ after the ;.
This issue was reported and described in great detail by Cory Duplantis
of Cisco Talos. This issue is known as TALOS-2017-0303 and has been
assigned CVE-2017-2807. Cory's description can be found at
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0303
Fixes #1722
|
| |
|
| |
|
| |
|
|
|
| |
Section "Working with multiple funds and accounts" introduces square brackets and explains them but does not explain round brackets in the following example. This commit adds the explanation what the round brackets do.
|
| |
|
| |
|
| |
|
| |
|
| |
|