Main menu:

Sponsoring

Please consider a small donation:

 

Also appreciated: support me by clicking the ads (costs nothing) :-)

 

Or you can donate bitcoin:

 

Thanks to TekLinks in Birmingham, AL, for providing colocation and bandwidth.

Page Rank

Fame

FOSS Force Best Blog--2013 Award

Recent posts

Recent comments

About this blog

I am Eric Hameleers, and this is where I think out loud.
More about me.

Search

My Favourites

Slackware

Calendar

August 2014
M T W T F S S
« Jul    
 123
45678910
11121314151617
18192021222324
25262728293031

RSS Alien's Slackware packages

RSS Alien's unofficial KDE Slackware packages

RSS Alien's multilib packages

Meta

LibreOffice 4.2.3 – addresses Heartbleed vulnerability

Last week was a black page in Open Source security with the publication of the Heartbleed vulnerability. For those of you who think the hype is overrated and no one will be able to get at your private keys and passwords, better check out the results of the Cloudflare Challenge (the SSL certificate for that site has been revoked in order to stop it from being abused so that page won’t load).  Cloudflare’s security engineers were unable to exploit the vulnerability and retrieve their server’s private key so they confidently made it a public challenge… and at least three people independently obtained the server’s private key through the exploit! Proof was given by posting messages signed with that same private key. Read all about it on the Cloudflare blog. Don’t take this vulnerability too lightly! Slackware 14.0, 14.1 and -current users should apply the openssl patch packages as soon as possible. And if your machine was exposed to the Internet, running a secure web server (https://) then it is wise to revoke your SSL certificate and create a new one. It may also be a good idea to change the passwords of the accounts on that server.

Not just OpenSSL-protected web sites are affected; regular “client” software can be abused by attacks when these applications contain the vulnerable code because they statically link to the openssl library. I’ll post some more later, but here is the first fix:

The Document Foundation added a fix for Heartbleed to their latest LibreOffice 4.2.3 (codenamed ‘Fresh’) release. It took an additional day for me to get rid of the bugs in my revised SlackBuild script, because I had decided to split the “big” libreoffice package in three sub-packages. The SDK documentation (several hundreds of MB) has now moved into a separate package “libreoffice-sdkdoc” which you will not need unless you are a developer. And the KDE integration libraries have been moved into their own package as well: “libreoffice-kde-integration”. It’s these libraries which give the LibreOffice user interface the “KDE look” when you are running KDE, and make it use the KDE file dialogs. Some people experienced issues in KDE which were solved by removing these KDE libraries, and the new sub-package was born to help you get a better experience out of LibreOffice on Slackware. Note that if you are on KDE and simply “upgradepkg” the libreoffice package, your application will suddenly look very out of style, having switched to a GTK look & feel. All you need to do is “installpkg” the new libreoffice-kde-integration package.

If you are in need of stability, note that the official statement from the Document Foundation is that LibreOffice 4.2.3 is “the most feature rich version of the software, and is suited for early adopters willing to leverage a larger number of innovations. For enterprise deployments and for more conservative users, The Document Foundation suggests the more mature LibreOffice 4.1.5“. You can find Slackware packages for LibreOffice 4.1.5 in my repository onder the “14.0″directory. They were built on Slackware 14.0 and work well on Slackware 14.1 and -current.

Packages for Slackware 14.1 and -current are ready for download from the usual mirror locations:

Eric

Comments

Comment from gegechris99
Posted: April 13, 2014 at 08:11

Although I’ll stick with the 4.1 series for now (I’m no early adopter), I’d like to thank you again for making both LO Fresh and Stable available to the Slackware community.

By the way: “The SDK documentation (several hundreds of MB)”. 18MB is rather in the low end of 100MB :)

Comment from gegechris99
Posted: April 13, 2014 at 08:12

Re: “The SDK documentation (several hundreds of MB)”. I guess you are referring to the space taken when installed and not the package size. My mistake in the previous post.

Comment from Steven McIntosh
Posted: April 13, 2014 at 12:25

Thanks for the update Eric.

I’m having a problem with writer. It opens a file when you click upon in but fails to open from the menu.

samac

Comment from alienbob
Posted: April 13, 2014 at 21:25

Hi samac,

That’s weird. I have the same problem just now. I installed the LibreOffice 4.2.3 package on a Slackware 14.1 computer and my Slackware-current laptop and all was well. I am now working at my Slackware-current desktop and on this machine, I see the outline of the Writer window appear and then it freezes.

All computers are 64-bit, but the desktop is the only one using the Nvidia binary blob. I tried XFCE and KDE on the other machines, all worked OK. This desktop has KDE.
A “strace lowriter” does not show anything which I recognize as an error:

open("/usr/bin/lowriter", O_RDONLY) = 3
ioctl(3, SNDCTL_TMR_TIMEBASE or SNDRV_TIMER_IOCTL_NEXT_DEVICE or TCGETS, 0x7fff7d000f60) = -1 ENOTTY (Inappropriate ioctl for device)
lseek(3, 0, SEEK_CUR) = 0
read(3, "#!/bin/sh\n/usr/lib64/libreoffice"..., 80) = 63
lseek(3, 0, SEEK_SET) = 0
getrlimit(RLIMIT_NOFILE, {rlim_cur=1024, rlim_max=4*1024}) = 0
fcntl(255, F_GETFD) = -1 EBADF (Bad file descriptor)
dup2(3, 255) = 255
close(3) = 0
fcntl(255, F_SETFD, FD_CLOEXEC) = 0
fcntl(255, F_GETFL) = 0x8000 (flags O_RDONLY|O_LARGEFILE)
fstat(255, {st_mode=S_IFREG|0755, st_size=63, ...}) = 0
lseek(255, 0, SEEK_CUR) = 0
brk(0x26e1000) = 0x26e1000
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
read(255, "#!/bin/sh\n/usr/lib64/libreoffice"..., 63) = 63
brk(0x26e2000) = 0x26e2000
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
brk(0x26e3000) = 0x26e3000
rt_sigprocmask(SIG_BLOCK, [INT CHLD], [], 8) = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7ffdb35b8a10) = 28214
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigaction(SIGINT, {0x440d50, [], SA_RESTORER, 0x7ffdb2c44e50}, {SIG_DFL, [], SA_RESTORER, 0x7ffdb2c44e50}, 8) = 0
wait4(-1,

Eric

Comment from Raveriux
Posted: April 13, 2014 at 22:01

I have the same problem with KDE, Nvidia and Libreoffice writer. it freezes.

Comment from John
Posted: April 13, 2014 at 23:27

Eric the slackbuild is failing for me as follows
[CODE]
:
: Setting Root Module: gid_Module_Root
: Using spellchecker file: /tmp/build/tmp-libreoffice/libreoffice-4.2.3.3/setup_native/source/packinfo/spellchecker_selection.txt
: Collected spellchecker languages for spellchecker: en,es,fr
:
: *****************************************************************
: ERROR: ERROR: Missing files at /tmp/build/tmp-libreoffice/libreoffice-4.2.3.3/solenv/bin/modules/installer/scriptitems.pm line 1199.
: *****************************************************************

Sun Apr 13 18:09:47 2014 (00:01 min.)
Failed to install: No such file or directory at /tmp/build/tmp-libreoffice/libreoffice-4.2.3.3/solenv/bin/ooinstall line 97.
make: *** [install] Error 2
mv: cannot stat ‘/tmp/build/package-libreoffice/usr/lib64/libreoffice/sdk/classes’: No such file or directory
libreoffice.SlackBuild FAILED at line 949

real 14m12.372s
user 34m48.780s
sys 3m43.245s
[/CODE]
Slack64 base install w/ your requirements per the Changelog

Do you have any suggestions
thanks
john

Comment from alienbob
Posted: April 13, 2014 at 23:31

John, please find the real error in your build log – it will have occurred _much_ earlier in the process.
What you’ve shown is the generic message at the end of a failed build process

Eric

Comment from alienbob
Posted: April 13, 2014 at 23:34

samac, Raveriux;

Looks like this bug: https://bugs.freedesktop.org/show_bug.cgi?id=77128
Too bad that the fix is already in the repository, they just failed to back-port it to the 4.2 branch.
I am test-compiling KDE 4.13.0 at the moment which takes all my time, after that has finished I will see if I can patch the LibreOffice package.

Eric

Comment from Richard
Posted: April 14, 2014 at 07:34

Hi, Eric.

I am the issue with LIbreOffice Writer, when I try to open a .odt file from LibreOffice, It quits without any message, the same thing happens when I export a file as pdf.

Comment from John
Posted: April 14, 2014 at 14:07

Slackware package /tmp/libreoffice-4.2.3-x86_64-1alien.txz created.
/tmp/build/package-libreoffice

real 100m46.696s
user 316m20.726s
sys 28m29.361s
MY Mistake when built with jdk-7u45 all is well
John

Comment from Robby
Posted: April 16, 2014 at 11:31

I’ve had the pdf crashing issue ( same as Richard above ) for the last few releases. Seems to be a kde integration issue – http://forums.opensuse.org/showthread.php/496150-Libre-Office-gt-Export-to-PDF/page2?s=4aa90a71c40907bd5694e8b108978df4. As soon as you switch LO to use its own dialogues, this goes away. The issue doesn’t happen all the time for me though – a bit random.

Write a comment