summaryrefslogtreecommitdiff
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Fix tag value parsingMichael Budde2019-03-301-1/+1
| | | | | | | | | | | | If a tag is more than 2 characters from the beginning of the comment the tag value offset will be wrong. #1702 gives an example where the tag line starts with `;;` and the tag value thus becomes `: Bar` because of this bug. The use `index` in the offset calulation seems to be a lucky coincidence that works in the common case: "; tag: value" Fixes #1702
* Reject postings with comment after flagMichael Budde2019-03-301-1/+1
| | | | Fixes #1753
* Explicitly sort when creating the equity reportJohn Wiegley2019-03-151-11/+11
|
* Greatly simplify balance_t::operator==John Wiegley2019-03-151-8/+1
|
* Switch amounts_map to std::unordered_mapJohn Wiegley2019-03-152-1/+2
|
* Remove the 'org' command, which was always a hack to begin withJohn Wiegley2019-03-155-305/+0
|
* Change compare_by_commodity to return an integerJohn Wiegley2019-03-154-80/+108
|
* Further improvements to commodity sortingJohn Wiegley2019-03-151-4/+6
|
* Add more debugging information to compare_by_commodityJohn Wiegley2019-03-151-13/+41
|
* Add back some whitespace for clarityJohn Wiegley2019-01-301-1/+1
|
* Expose a new utility function for balances: sorted_amountsJohn Wiegley2019-01-302-9/+16
|
* Update copyright statement for 2019Martin Michlmayr2019-01-301-2/+2
|
* Add Travis CI setup for macOS and homebrew-installed BoostTim Landscheidt2019-01-301-1/+3
| | | | | | | | | | | | | | | | On macOS, CMake detects the Boost.Python component installed by homebrew only when named "python27". Thus this change not only adds a Travis CI setup for macOS, but also a CMake option to switch the component name between "python" and "python27". In addition, precompiling system.hh does not work with the current setup for Clang, so another CMake option to disable it is added. The currently used commands to compile specific versions of Boost do not produce a result that works out of the box on macOS. It should be possible just to mimic homebrew's formula for boost-python (https://github.com/Homebrew/homebrew-core/blob/master/Formula/boost-python.rb), but for the moment on macOS this change tests only against Boost installed by homebrew.
* Fix use-after-free when destroying filter chainMichael Budde2019-01-281-0/+1
| | | | | | | | | | | | | | | | When using the `--gain` option the `temporaries_t` in `changed_value_posts` filter stores a reference to the `<Revalued>` temp account created in `display_filter_posts`. When destroying the filter chain `display_filter_posts` is destroyed before `changed_value_posts` and this can result in a use-after-free in `temporaries_t::clear()` when `temps` in `changed_value_posts` is cleared during destruction if there are any temp posts referencing the `<Revalued>` account. Fix the issue by clearing the `temporaries_t` in `changed_value_posts` before destroying the rest of the filter chain (which includes `display_filter_posts`). Fixes #541
* Use CMAKE_CXX_COMPILER_ID for conditions based on compilerTim Landscheidt2019-01-261-2/+2
| | | | | | | | | CMAKE_CXX_COMPILER is the path to the compiler binary and does not need to follow a specific pattern. For example, on Linux with GCC and without an explicit "-DCMAKE_CXX_COMPILER:PATH=" option, CMAKE_CXX_COMPILER is "/usr/bin/c++" which does not match "g++". CMAKE_CXX_COMPILER_ID however will always reliably be "Clang" or "GNU".
* Fix possible stack overflow in option parsing routineMartin Michlmayr2019-01-261-0/+5
| | | | | | | | | | | | | | | It is possible to create a stack overflow by giving an option that is longer than the buffer that is used during option parsing because the length of the input string is not checked. Prevent the issue by always checking the input string length and discarding options that does not fit in the buffer as invalid. This issue has been assigned CVE-2017-12481. Thanks to Gwan Yeong Kim for reporting this issue. Fixes #1222
* Fix possible stack overflow in date parsing routineMichael Budde2019-01-261-1/+3
| | | | | | | | | | | | | | | It is possible to create a stack overflow by giving a date that is longer than the buffer that is used during date parsing because the length of the input string is not checked. The `VERIFY` macro is only enabled when debug-mode is enabled and the `--verify-memory` argument is used. Prevent the issue by always checking the input string length and discarding dates that does not fit in the buffer as invalid. This issue has been assigned CVE-2017-12482. Fixes #1224
* Merge pull request #1657 from ↵John Wiegley2019-01-251-1/+1
|\ | | | | | | | | nagakiran/timelog-checkin-multiple-accounts-at-a-time Timelog: Not able to check-in to multiple accounts at a time
| * Timelog: Not able to check-in to multiple accounts at a timeNaga Kiran2018-06-251-1/+1
| | | | | | | | | | | | | | | | | | | | | | Checking-in to multiple accounts at a time throws the following error "When multiple check-ins are active, checking out requires an account" Issue is that the acount name was sent as 3rd parameter to time_xact_t constructor whereas it is supposed to be sent as 4th parameter Corrected the argument position of account name in constructor call to time_xact_t
* | Merge pull request #1726 from scfc/compile-strptime-only-on-windowsJohn Wiegley2019-01-252-5/+12
|\ \ | | | | | | Compile strptime.cc only on Windows
| * | Compile strptime.cc only on WindowsTim Landscheidt2019-01-162-5/+12
| | |
* | | Merge pull request #1736 from scfc/drop-conditionals-for-boost-earlier-than-1-49John Wiegley2019-01-257-62/+4
|\ \ \ | | | | | | | | | | | | | | | | Drop conditionals for Boost earlier than 1.49
| * | | Drop conditionals for Boost earlier than 1.49Tim Landscheidt2019-01-177-64/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Ledger requires Boost 1.49 or later and enforces this in CMakeLists.txt. This means BOOST_VERSION will always be 104900 or higher. Also, since Boost 1.46, BOOST_FILESYSTEM_VERSION is 3.
* | | | Merge pull request #1745 from mbudde/ignore-null-deferred-postingsJohn Wiegley2019-01-251-3/+5
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | Ignore null deferred postings
| * | | | Ignore null deferred postingsMichael Budde2019-01-231-3/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | All-null transactions (i.e. a transaction where all postings have a null amount) are discarded during parsing and the `xact` object is free'd. But if the transaction contains a deferred posting this results in a use-after-free vulnerability because a reference to the deferred posting is stored in the account object which is later read when deferred postings are applied after parsing is finished. Ignore null deferred postings to prevent this – they should not have any effect any way. Thanks to Cory Duplantis for reporting this issue and providing an initial analysis. Ref TALOS-2017-0304, CVE-2017-2808 Fixes #1723
* | | | | Expose post_t::given_cost over pythonChristoph Dittmann2019-01-251-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes #1655 by making the post_t::given_cost variable accessible over python. This allows access to the given cost of a posting. For example, here it will be "-2 EUR": A -2 XXX {1 EUR} [2018-01-01] @@ 2 EUR If a per-unit cost is given, the given_cost variable will still contain the cost of the posting. For example, here it will be "-4 EUR": B -2 XXX {1 EUR} [2018-01-01] @ 2 EUR
* | | | | Drop support for gcc 2 and earlierTim Landscheidt2019-01-2514-97/+65
| | | | |
* | | | | Remove workaround for isspace() on FreeBSD 4 and earlierTim Landscheidt2019-01-251-5/+0
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | FreeBSD 4 was declared end-of-life in 2006 (https://lists.freebsd.org/pipermail/freebsd-security/2006-October/004111.html). Currently, only FreeBSD 11 and 12 are supported (https://www.freebsd.org/security/security.html#sup).
* / / / Remove unused development code related to USE_BOOST_FACETSTim Landscheidt2019-01-172-82/+2
|/ / / | | | | | | | | | | | | The code can be accessed by Git history and reused in a branch if necessary.
* / / Fix some boost format stringsTommi Komulainen2019-01-172-4/+4
|/ / | | | | | | | | | | Fixes: Error: boost::bad_format_string: format-string is ill-formed
* | Fix parsing issue involving effective datesMartin Michlmayr2019-01-151-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Cory Duplantis reported that "A specially crafted journal file can cause [an] integer underflow resulting in code execution". Cory provided this test case: Expenses:Food:Groceries $ 37.50 ; ] [=2004/01/01] Note the ] that comes before [ after the ;. This issue was reported and described in great detail by Cory Duplantis of Cisco Talos. This issue is known as TALOS-2017-0303 and has been assigned CVE-2017-2807. Cory's description can be found at https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0303 Fixes #1722
* | Merge branch 'next' into move-have-editJohn Wiegley2019-01-147-22/+9
|\ \
| * \ Merge pull request #1707 from scfc/remove-sys-stat-hJohn Wiegley2019-01-141-1/+0
| |\ \ | | | | | | | | Remove unnecessary include for sys/stat.h
| | * | Remove unnecessary include for sys/stat.hTim Landscheidt2019-01-121-2/+1
| | | |
| * | | Merge pull request #1713 from scfc/remove-unicodeobject-hJohn Wiegley2019-01-141-1/+0
| |\ \ \ | | | | | | | | | | Remove unnecessary include for unicodeobject.h
| | * | | Remove unnecessary include for unicodeobject.hTim Landscheidt2019-01-131-1/+0
| | |/ /
| * | | Merge pull request #1714 from scfc/remove-py-dump-relaxedJohn Wiegley2019-01-141-7/+1
| |\ \ \ | | | | | | | | | | Remove unused function py_dump_relaxed()
| | * | | Remove unused function py_dump_relaxed()Tim Landscheidt2019-01-131-7/+1
| | |/ / | | | | | | | | | | | | | | | | The only user of py_dump_relaxed() was removed in commit 0bbb4f2f0cbaa6ffb5c7a2c018a3819cca0b2405.
| * | | Merge pull request #540 from scfc/fix-warnings-for-implicit-fallthroughJohn Wiegley2019-01-143-3/+3
| |\ \ \ | | | | | | | | | | Fix warnings for -Wimplicit-fallthrough
| | * | | Fix warnings for -Wimplicit-fallthroughTim Landscheidt2018-02-193-3/+3
| | | | |
| * | | | Merge pull request #1718 from scfc/fix-prepend-width-warningJohn Wiegley2019-01-141-3/+4
| |\ \ \ \ | | | | | | | | | | | | Fix warning about uninitialized variable prepend_width
| | * | | | Fix warning about uninitialized variable prepend_widthTim Landscheidt2019-01-141-3/+4
| | | |/ / | | |/| |
| * / | | Remove unused macros HAVE_ACCESS and HAVE_REALPATHTim Landscheidt2019-01-122-8/+2
| |/ / /
* / / / Use HAVE_EDIT only in main.ccTim Landscheidt2019-01-122-14/+10
|/ / /
* | | Don't attempt to invert a value if it's already zero (#1703)John Wiegley2019-01-111-1/+3
| | |
* | | Merge remote-tracking branch 'origin/master' into nextJohn Wiegley2018-07-194-4/+11
|\ \ \
| * | | Ensure that parse errors produce useful RuntimeErrors for Python code.Manuel Amador (Rudd-O)2016-02-064-4/+11
| | | |
* | | | fix regression of test 1147_aPascal Fleury2018-07-171-17/+18
| | | |
* | | | amount_t -> balance_t.Pascal Fleury2018-07-171-13/+30
| | | |
* | | | Unbreak with boost 1.68Jan Beich2018-07-091-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In file included from src/main.cc:34: In file included from src/global.h:41: In file included from src/option.h:45: In file included from src/scope.h:45: In file included from src/op.h:45: In file included from src/expr.h:45: In file included from src/exprbase.h:57: src/utils.h:47:10: fatal error: 'boost/uuid/sha1.hpp' file not found #include <boost/uuid/sha1.hpp> ^
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-06 14:44:34 +0000