New packages for LibreOffice and Chromium
There’s a new LibreOffice release with a lot of improvements: 5.2.0. The announcement on the Document Foundation blog shows quite a lot of extensive information this time because of the version number jump and the changes implied by it. I’ll mention just a couple of semi-random facts here:
Document classification has been added as a major feature. Two-factor authentication for Google Docs storage finally works in Writer. Interoperability (with the MS Office file formats of course) has been improved and an import filter for Word for DOS was added. In Calc, new functions were added along with tooltips showing context information about functions. Source code quality has been measurably improved again.
I’ll share a picture from that blog post. It is a timeline detailing the roadmap of the last 5 years (2011 – 2016) on how LibreOffice has matured after it was forked off of OpenOffice. From the onset, the developers have focused on code cleaning and refactoring; the codebase was old, originating in StarOffice with tens of thousands of lines of german comments that had to be translated to english, and the ancient build system was switched to GNU make. With the codebase at an acceptible quality level and ready for collaborative development using git and gerrit, the focus for the 5.x releases has been to improve the user experience through a better and more fuctional UI:
Michael Meeks wrote a presentation several years ago which offers more insight into this re-factoring process.
A series of short videos have been created to showcase the new and improved User Interface functionality.
Packages for the new LibreOffice 5.2.0 are now ready on mirror servers for Slackware 14.2 and -current. Note that according to the announcement this LO release is “targeted to early adopters and power users“. For better stability, the 5.1.x releases are worth considering, but I will gladly welcome any feedback about (lack of) issues you are encountering with this new version 5.2.0 if you decide to go with it.
Get the packages here:
- http://www.slackware.com/~alien/slackbuilds/ (US master site)
- http://bear.alienbase.nl/mirrors/people/alien/slackbuilds/ (my own fast mirror)
- http://alien.slackbook.org/slackbuilds/ (US)
- http://ftp.lip6.fr/pub/linux/distributions/slackware/people/alien/slackbuilds/ (FR mirror)
- http://slackware.uk/people/alien/slackbuilds/ (UK – fast mirror!)
PS: for those who had not noticed: the LibreOffice browser plugin (NPAPI based) has been removed in 4.4.0: https://skyfromme.wordpress.com/2014/09/25/killing-the-npapi-plugin/
Let’s not forget that there was also a new release of the Chromium browser. This event is a lot more common than LibreOffice releases but since chromium is the single most used program on my computer apart from konsole, vlc and vim, it is worth mentioning… if just for my own sake.
The Google Chrome Releases blog mentions a list of vulnerabilities that were addressed with this release. Here are the ones that were contributed by external researchers as well as the Google team:
[$4000] High CVE-2016-5141 Address bar spoofing. Credit to anonymous
[$4000] High CVE-2016-5142 Use-after-free in Blink. Credit to anonymous
[$3000] High CVE-2016-5139 Heap overflow in pdfium. Credit to GiWan Go of Stealien
[$3500] High CVE-2016-5140 Heap overflow in pdfium. Credit to Ke Liu of Tencent’s Xuanwu LAB
[$4000] Medium CVE-2016-5145 Same origin bypass for images in Blink. Credit to anonymous
[$1000] Medium CVE-2016-5143 Parameter sanitization failure in DevTools. Credit to Gregory Panakkal
[$1000] Medium CVE-2016-5144 Parameter sanitization failure in DevTools. Credit to Gregory Panakkal
 CVE-2016-5146: Various fixes from internal audits, fuzzing and other initiatives.
Packages for Slackware 14.1, 14.2 and -current are now available from my repository. Be sure to upgrade!
Have fun! Eric