summaryrefslogtreecommitdiff
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* | | | Merge pull request #1745 from mbudde/ignore-null-deferred-postingsJohn Wiegley2019-01-251-3/+5
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | Ignore null deferred postings
| * | | | Ignore null deferred postingsMichael Budde2019-01-231-3/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | All-null transactions (i.e. a transaction where all postings have a null amount) are discarded during parsing and the `xact` object is free'd. But if the transaction contains a deferred posting this results in a use-after-free vulnerability because a reference to the deferred posting is stored in the account object which is later read when deferred postings are applied after parsing is finished. Ignore null deferred postings to prevent this – they should not have any effect any way. Thanks to Cory Duplantis for reporting this issue and providing an initial analysis. Ref TALOS-2017-0304, CVE-2017-2808 Fixes #1723
* | | | | Expose post_t::given_cost over pythonChristoph Dittmann2019-01-251-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes #1655 by making the post_t::given_cost variable accessible over python. This allows access to the given cost of a posting. For example, here it will be "-2 EUR": A -2 XXX {1 EUR} [2018-01-01] @@ 2 EUR If a per-unit cost is given, the given_cost variable will still contain the cost of the posting. For example, here it will be "-4 EUR": B -2 XXX {1 EUR} [2018-01-01] @ 2 EUR
* | | | | Drop support for gcc 2 and earlierTim Landscheidt2019-01-2514-97/+65
| | | | |
* | | | | Remove workaround for isspace() on FreeBSD 4 and earlierTim Landscheidt2019-01-251-5/+0
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | FreeBSD 4 was declared end-of-life in 2006 (https://lists.freebsd.org/pipermail/freebsd-security/2006-October/004111.html). Currently, only FreeBSD 11 and 12 are supported (https://www.freebsd.org/security/security.html#sup).
* / / / Remove unused development code related to USE_BOOST_FACETSTim Landscheidt2019-01-172-82/+2
|/ / / | | | | | | | | | | | | The code can be accessed by Git history and reused in a branch if necessary.
* / / Fix some boost format stringsTommi Komulainen2019-01-172-4/+4
|/ / | | | | | | | | | | Fixes: Error: boost::bad_format_string: format-string is ill-formed
* | Fix parsing issue involving effective datesMartin Michlmayr2019-01-151-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Cory Duplantis reported that "A specially crafted journal file can cause [an] integer underflow resulting in code execution". Cory provided this test case: Expenses:Food:Groceries $ 37.50 ; ] [=2004/01/01] Note the ] that comes before [ after the ;. This issue was reported and described in great detail by Cory Duplantis of Cisco Talos. This issue is known as TALOS-2017-0303 and has been assigned CVE-2017-2807. Cory's description can be found at https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0303 Fixes #1722
* | Merge branch 'next' into move-have-editJohn Wiegley2019-01-147-22/+9
|\ \
| * \ Merge pull request #1707 from scfc/remove-sys-stat-hJohn Wiegley2019-01-141-1/+0
| |\ \ | | | | | | | | Remove unnecessary include for sys/stat.h
| | * | Remove unnecessary include for sys/stat.hTim Landscheidt2019-01-121-2/+1
| | | |
| * | | Merge pull request #1713 from scfc/remove-unicodeobject-hJohn Wiegley2019-01-141-1/+0
| |\ \ \ | | | | | | | | | | Remove unnecessary include for unicodeobject.h
| | * | | Remove unnecessary include for unicodeobject.hTim Landscheidt2019-01-131-1/+0
| | |/ /
| * | | Merge pull request #1714 from scfc/remove-py-dump-relaxedJohn Wiegley2019-01-141-7/+1
| |\ \ \ | | | | | | | | | | Remove unused function py_dump_relaxed()
| | * | | Remove unused function py_dump_relaxed()Tim Landscheidt2019-01-131-7/+1
| | |/ / | | | | | | | | | | | | | | | | The only user of py_dump_relaxed() was removed in commit 0bbb4f2f0cbaa6ffb5c7a2c018a3819cca0b2405.
| * | | Merge pull request #540 from scfc/fix-warnings-for-implicit-fallthroughJohn Wiegley2019-01-143-3/+3
| |\ \ \ | | | | | | | | | | Fix warnings for -Wimplicit-fallthrough
| | * | | Fix warnings for -Wimplicit-fallthroughTim Landscheidt2018-02-193-3/+3
| | | | |
| * | | | Merge pull request #1718 from scfc/fix-prepend-width-warningJohn Wiegley2019-01-141-3/+4
| |\ \ \ \ | | | | | | | | | | | | Fix warning about uninitialized variable prepend_width
| | * | | | Fix warning about uninitialized variable prepend_widthTim Landscheidt2019-01-141-3/+4
| | | |/ / | | |/| |
| * / | | Remove unused macros HAVE_ACCESS and HAVE_REALPATHTim Landscheidt2019-01-122-8/+2
| |/ / /
* / / / Use HAVE_EDIT only in main.ccTim Landscheidt2019-01-122-14/+10
|/ / /
* | | Don't attempt to invert a value if it's already zero (#1703)John Wiegley2019-01-111-1/+3
| | |
* | | Merge remote-tracking branch 'origin/master' into nextJohn Wiegley2018-07-194-4/+11
|\ \ \
| * | | Ensure that parse errors produce useful RuntimeErrors for Python code.Manuel Amador (Rudd-O)2016-02-064-4/+11
| | | |
* | | | fix regression of test 1147_aPascal Fleury2018-07-171-17/+18
| | | |
* | | | amount_t -> balance_t.Pascal Fleury2018-07-171-13/+30
| | | |
* | | | Unbreak with boost 1.68Jan Beich2018-07-091-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In file included from src/main.cc:34: In file included from src/global.h:41: In file included from src/option.h:45: In file included from src/scope.h:45: In file included from src/op.h:45: In file included from src/expr.h:45: In file included from src/exprbase.h:57: src/utils.h:47:10: fatal error: 'boost/uuid/sha1.hpp' file not found #include <boost/uuid/sha1.hpp> ^
* | | | Revert "Use an std::set instead of an std::list to store the the journal ↵John Wiegley2018-06-182-4/+4
| |_|/ |/| | | | | | | | | | | | | | | | | | | | file paths" This reverts commit 3364850cc7cf73fc67af1ea6cd9a65a32e336623. Fixes #559
* | | Fix garbled dates when using --date-formatTommi Komulainen2018-06-131-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | Capture the `std::string` value from options in a local variable that lives as long as the `c_str()` taken from it to ensure it does not get freed prematurely. Fixes: #546
* | | Remove TOK_A_YEAR tokenChristoph Dittmann2018-06-101-23/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes #1626. The tokenizer eagerly classifies 4-digit integers as TOK_A_YEAR tokens. In some contexts such as "every 1000 years", this causes errors. I think the tokenizer does not have enough information available to distinguish between integers and years. After this patch, the tokenizer will always classify integers as TOK_INT tokens. The "has 4 digits" heuristic to determine if an integer is a year is moved to the place where it's actually needed (and it can be slightly more generic there, too).
* | | Make automated transactions work with assertionsChristoph Dittmann2018-06-091-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes issue #1127. In my understanding, PR #552 was meant to fix this, but was incomplete. Without this patch, automated transactions are invisible to assertions. This patch fixes this by adding a flag to the account to tell it that there is a new posting, analogous to the behavior of finalize(). I dug up issue #1127 too late to find that this is the same solution proposed by @tbm. Although I wrote this independently, credit goes to Martin Michlmayr (@tbm).
* | | budget_posts: Keep pending items until the last day they applysmr8942018-04-041-8/+17
| | |
* | | Fix auto xact posts not getting applied to account total durring journal parseDJ Edmonson2018-03-231-3/+6
| |/ |/|
* | Add (currently undocumented) function 'clear_commodity'John Wiegley2018-02-162-0/+10
| |
* | Merge pull request #519 from mbudde/accounts-prepend-formatJohn Wiegley2018-01-271-0/+15
|\ \ | | | | | | Add support for --prepend-format in accounts command
| * | Add support for --prepend-format in accounts commandMichael Budde2018-01-251-0/+15
| | | | | | | | | | | | | | | Add support for the `--prepend-format` and `--prepend-width` options in the `accounts` command.
* | | Merge pull request #521 from mbudde/fix-trimAlexis Hildebrandt2018-01-271-7/+4
|\ \ \ | | | | | | | | Fix handling of edge cases in trim function
| * | | Fix handling of edge cases in trim functionMichael Budde2018-01-251-7/+4
| |/ / | | | | | | | | | Fixes #520
* / / [misc] Update year in copyright notice to 2017Alexis Hildebrandt2018-01-27126-127/+127
|/ / | | | | | | [ci skip]
* | journal: Expose register_account to PythonKyle Fuller2018-01-231-0/+9
| |
* | Transfer null_post flags to generated postingsAaron Lindsay2018-01-091-1/+1
| | | | | | Resolve issue where generated balanced postings would become real when the original null post was virtual.
* | Fix segfault when using --market with --group-byMichael Budde2018-01-041-4/+4
| | | | | | | | | | | | | | | | | | | | | | `changed_value_posts::create_accounts()` reuses the `<Revalued>` account from `display_filter`, but when clearing `changed_value_posts` `create_accounts()` would be called before the account had been recreated by `display_filter_posts`. This results in a segfault when using the --group-by option. I'm not sure if `display_filter_posts` has the same problem but I reordered the calls there too for good measure.
* | Use amount_width variable for budget reportPaulo Flabiano Smorigo2018-01-031-5/+5
| | | | | | | | | | Instead of using a "magic" value (12), use the proper variable to set the width.
* | The "format" directive for commodities now disables "style observation"John Wiegley2018-01-013-1/+5
| |
* | Initialize field in constructorMichael Budde2018-01-011-2/+5
| | | | | | | | | | Should fix problem with garbage being read from this field causing some test failures on my machine.
* | Be a bit more defensive when calculating the budgetJohn Wiegley2017-12-301-2/+2
| |
* | don't add paths to files, if there is already a path that points to the same ↵Johannes Loher2017-12-291-1/+11
| | | | | | | | file
* | Use an std::set instead of an std::list to store the the journal file pathsJohannes Loher2017-12-292-4/+4
| |
* | Expose journal expand_aliases to PythonKyle Fuller2017-12-241-0/+4
| |
* | account to return the depth of its last displayed parentJakob Demler2017-11-021-0/+16
| |