| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| | | |
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
Drop conditionals for Boost earlier than 1.49
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Ledger requires Boost 1.49 or later and enforces this in
CMakeLists.txt. This means BOOST_VERSION will always be
104900 or higher. Also, since Boost 1.46,
BOOST_FILESYSTEM_VERSION is 3.
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
Ignore null deferred postings
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
All-null transactions (i.e. a transaction where all postings have a null
amount) are discarded during parsing and the `xact` object is free'd.
But if the transaction contains a deferred posting this results in a
use-after-free vulnerability because a reference to the deferred posting
is stored in the account object which is later read when deferred
postings are applied after parsing is finished.
Ignore null deferred postings to prevent this – they should not have any
effect any way.
Thanks to Cory Duplantis for reporting this issue and providing an
initial analysis.
Ref TALOS-2017-0304, CVE-2017-2808
Fixes #1723
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This fixes #1655 by making the post_t::given_cost variable accessible
over python.
This allows access to the given cost of a posting. For example, here
it will be "-2 EUR":
A -2 XXX {1 EUR} [2018-01-01] @@ 2 EUR
If a per-unit cost is given, the given_cost variable will still
contain the cost of the posting. For example, here it will be
"-4 EUR":
B -2 XXX {1 EUR} [2018-01-01] @ 2 EUR
|
| | | | | |
|
|/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
FreeBSD 4 was declared end-of-life in 2006
(https://lists.freebsd.org/pipermail/freebsd-security/2006-October/004111.html).
Currently, only FreeBSD 11 and 12 are supported
(https://www.freebsd.org/security/security.html#sup).
|
|/ / /
| | |
| | |
| | |
| | | |
The code can be accessed by Git history and reused in a branch if
necessary.
|
|/ /
| |
| |
| |
| |
| | |
Fixes:
Error: boost::bad_format_string: format-string is ill-formed
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Cory Duplantis reported that "A specially crafted journal file can
cause [an] integer underflow resulting in code execution". Cory
provided this test case:
Expenses:Food:Groceries $ 37.50 ; ] [=2004/01/01]
Note the ] that comes before [ after the ;.
This issue was reported and described in great detail by Cory Duplantis
of Cisco Talos. This issue is known as TALOS-2017-0303 and has been
assigned CVE-2017-2807. Cory's description can be found at
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0303
Fixes #1722
|
|\ \ |
|
| |\ \
| | | |
| | | | |
Remove unnecessary include for sys/stat.h
|
| | | | |
|
| |\ \ \
| | | | |
| | | | | |
Remove unnecessary include for unicodeobject.h
|
| | |/ / |
|
| |\ \ \
| | | | |
| | | | | |
Remove unused function py_dump_relaxed()
|
| | |/ /
| | | |
| | | |
| | | |
| | | | |
The only user of py_dump_relaxed() was removed in commit
0bbb4f2f0cbaa6ffb5c7a2c018a3819cca0b2405.
|
| |\ \ \
| | | | |
| | | | | |
Fix warnings for -Wimplicit-fallthrough
|
| | | | | |
|
| |\ \ \ \
| | | | | |
| | | | | | |
Fix warning about uninitialized variable prepend_width
|
| | | |/ /
| | |/| | |
|
| |/ / / |
|
|/ / / |
|
| | | |
|
|\ \ \ |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
In file included from src/main.cc:34:
In file included from src/global.h:41:
In file included from src/option.h:45:
In file included from src/scope.h:45:
In file included from src/op.h:45:
In file included from src/expr.h:45:
In file included from src/exprbase.h:57:
src/utils.h:47:10: fatal error: 'boost/uuid/sha1.hpp' file not found
#include <boost/uuid/sha1.hpp>
^
|
| |_|/
|/| |
| | |
| | |
| | |
| | |
| | |
| | | |
file paths"
This reverts commit 3364850cc7cf73fc67af1ea6cd9a65a32e336623.
Fixes #559
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Capture the `std::string` value from options in a local variable that
lives as long as the `c_str()` taken from it to ensure it does not get
freed prematurely.
Fixes: #546
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This fixes #1626.
The tokenizer eagerly classifies 4-digit integers as TOK_A_YEAR
tokens. In some contexts such as "every 1000 years", this causes
errors.
I think the tokenizer does not have enough information available to
distinguish between integers and years.
After this patch, the tokenizer will always classify integers as
TOK_INT tokens. The "has 4 digits" heuristic to determine if an
integer is a year is moved to the place where it's actually
needed (and it can be slightly more generic there, too).
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This fixes issue #1127. In my understanding, PR #552 was meant to fix
this, but was incomplete.
Without this patch, automated transactions are invisible to
assertions.
This patch fixes this by adding a flag to the account to tell it that
there is a new posting, analogous to the behavior of finalize().
I dug up issue #1127 too late to find that this is the same solution
proposed by @tbm. Although I wrote this independently, credit goes to
Martin Michlmayr (@tbm).
|
| | | |
|
| |/
|/| |
|
| | |
|
|\ \
| | |
| | | |
Add support for --prepend-format in accounts command
|
| | |
| | |
| | |
| | |
| | | |
Add support for the `--prepend-format` and `--prepend-width` options in
the `accounts` command.
|
|\ \ \
| | | |
| | | | |
Fix handling of edge cases in trim function
|
| |/ /
| | |
| | |
| | | |
Fixes #520
|
|/ /
| |
| |
| | |
[ci skip]
|
| | |
|
| |
| |
| | |
Resolve issue where generated balanced postings would become real when the original null post was virtual.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
`changed_value_posts::create_accounts()` reuses the `<Revalued>` account
from `display_filter`, but when clearing `changed_value_posts`
`create_accounts()` would be called before the account had been
recreated by `display_filter_posts`. This results in a segfault when
using the --group-by option.
I'm not sure if `display_filter_posts` has the same problem but I
reordered the calls there too for good measure.
|
| |
| |
| |
| |
| | |
Instead of using a "magic" value (12), use the proper variable to set
the width.
|
| | |
|
| |
| |
| |
| |
| | |
Should fix problem with garbage being read from this field causing some
test failures on my machine.
|
| | |
|
| |
| |
| |
| | |
file
|