Re: CVS: cvs.openbsd.org: ports

Wed, 25 Dec 2019 17:54:34 -0800 

On 2019-12-25 11:28:20, Jeremie Courreges-Anglas <j...@wxcvbn.org> wrote:
> On Tue, Dec 24 2019, Bryan Linton <b...@shoshoni.info> wrote:
> > On 2019-12-22 09:05:42, Frederic Cambus <fcam...@openbsd.org> wrote:
> >> CVSROOT:   /cvs
> >> Module name:       ports
> >> Changes by:        fcam...@cvs.openbsd.org 2019/12/22 09:05:42
> >> 
> >> Modified files:
> >>    productivity/ledger: Makefile distinfo 
> >>    productivity/ledger/patches: patch-src_CMakeLists_txt 
> >>    productivity/ledger/pkg: PLIST 
> >> Removed files:
> >>    productivity/ledger/patches: patch-src_item_h 
> >> 
> >> Log message:
> >> Update ledger to 3.1.3.
> >> 
> >> This fixes CVE-2017-2807, CVE-2017-2808, CVE-2017-12481, CVE-2017-12482.
> >> 
> >> OK jca@, Sergey Bronnikov (MAINTAINER)
> >> 
> >
> > This update causes ledger to segfault when processing commodities.
> >
> > I can reproduce this with a file consisting of the following
> > snippet from ledger's manual.
> >
> > ---------8<----------
> >
> > 9/29  Get some stuff at the Inn
> >     Places:Black's Tavern                   -3 Apples
> >     Places:Black's Tavern                   -5 Steaks
> >     EverQuest:Inventory
> >
> > ---------8<----------
> >
> > To reproduce, simply copy the above 4 lines to a file and run
> > ledger.  E.g. "ledger --file test.txt balance"
> >
> > If I remove the commodities from my (much longer) journal, ledger
> > works fine when dealing with cash transactions so the bug must be
> > specific to commodities.
> >
> > Can anyone else reproduce this?
> 
> Using your testcase, nope:
> 
> --8<--
> ritchie ~/tmp$ ledger -f testcase  balance; echo "status: $?"; ledger 
> --version | head -n1
>             3 Apples
>             5 Steaks  EverQuest:Inventory
>            -3 Apples
>            -5 Steaks  Places:Black's Tavern
> --------------------
>                    0
> status: 0
> Ledger 3.1.3-20190331, the command-line accounting tool
> -->8--
> 

It must have been a hiccup with my system then.

I updated packages again, removed old .libs-* packages, and
rebuilt ledger and now I can no longer reproduce it either.

Apologies for the false alarm.  And many thanks to the maintainers
of ledger for keeping it up to date!

-- 
Bryan

Reply via email to