Solved Vulnerabilities

I worked on the project Free Online Office, a collaborative online office based on LibreOffice technology, to solve vulnerabilities of the used JavaScript packages. I updated all used JavaScript packages to new versions. The command ‘npm audit’ reports no vulnerabilities now.

This is a big difference to the starting point, where there was and is the following report:

57 vulnerabilities (1 low, 20 moderate, 34 high, 2 critical)

I’ll create a new Docker image from the updated source code and publish it on the Docker hub during the next days. You can get it from there with:

docker pull freeonlineoffice/online:nightly

Free Online Office Nightly On ProxMox

I created a Linux Container on my ProxMox server using Debian 11 and installed and run Docker inside of it. Then I pulled the current Free Online Office (nightly build) from hub.docker.io:

docker pull freeonlineoffice/online:nightly

I started this Docker container with:

docker run -t -d -p 192.168.10.15:9980:9980 -e "username=admin" -e "password=S3cRet" freeonlineoffice/online:nightly

The IP in the docker command depends on the IP address of the Linux Container on your ProxMox server. You should give the container a fixed IP address. I used the IP address (double escaped) for the aliasgroup entry for my first run too.

Once I started the container I run ‘docker ps’ to see, if the container is running. Then I checked with curl from my remote machine, if everything works.

curl -k https://192.168.10.15:9980

If you don’t get an error message in return everything seemed to work. I could open a browser on my remote machine and type call the URL:

https://192.168.10.15:9980/browser/dist/admin/admin.html

This shows the admin console of Free Online Office build on LibreOffice technology.

Worked Further On LibreOffice Online Code And Docker Image

The Javascript packages in the former git repository of LibreOffice Online and ist fork were not up to date. Thus I hat to work on update them. This and the code update took a bunch of my spare time.

I had also to work on the configuration of the shrinkwrap/shrinkpack tooling. The former configuration and especially the shrinkwrap.json.in file blocked the build process of the docker file. The naming of the shrinkpacked files changed.

Once this was fixed the browser part of LibreOffice was build sucessfully. And finally I was able to build a first lool docker container and start it.

I made a first test and could copy the loolwsd.xml from the container and also view the container log.

Updated The LibreOffice Online Code And JavaScript Modules

I worked further on the update of the LibreOffice Online source code during the last days. I brought it on par with its fork first. In parallel I worked on the JavaScript modules and were able to move them to newer versions. This fixes also some vulnerabilities, from critical to mid category. The npm tool doesn’t complain about vulnerabillities in the JavaScript area of the source code anymore yet.

Update JavaScript Modules Of LOOL

I had a look at the ‘zoo’ of JavaScript modules which are living in the browser part of LibreOffice Online and found a lot of outdated versions there. This modules need an update to newer versions. I’m working currently on this task step by step.

I also got the message in the shell about vulnarabilities in the modules, some of them classified high and one critical. I fixed a bunch of them with an npm command, thus there is no critical vulnarability left. The high classified dimished from 15 to five.

Next Step: Work On Docker File

I worked on the changes in the source code to create an up to day docker file of LibreOffice Online today. I had to adapt scripts to build the online version from source to LibreOffice Online for that and run it. Because the naming and the variable names of former scripts were changed with the fork I had to rework them.

I’m currently running the build process a second time and hope it will create a first version of a new LibreOffice Online docker container from source. Keep your fingers cross 😉

Work On Revival Of LibreOffice Online

I worked during the last two weeks on a revival of the LibreOffice Online project. This project / branch is a version of LibreOffice which runs in a browser and supports collaborative editing.

I fetched the commits, which has been commited to a fork of the LibreOffice Online (LOOL) branch since October 2020. But there had been some renamings of file names and strings, which increases the effort. I had to adapt those commits to the original file names and strings. There were also changes in the license header of some files. I had to revert the commit, which inserted those changes.

And then I got another issue with an hardware defect and I had to migrate my environment to another hardware. And yet I got everything up and running. The first screenshot shows LibreOffice Online Writer with a text document.

LibreOffice Online Writer Document in the Browser

And the next screenshot shows the Admin console of LibreOffice Online with some statistics. It shows also that there is currently one user working with one document.

LibreOffice Online Admin Console in the Browser

LibreOffice Extension erstellen: Neue Version des HowTo

In den letzten Tagen habe ich mein kleines HowTo, wie man LibreOffice Extensions (Erweiterungen) für Inhalte erstellt, überarbeitet. Das HowTo enthält Informationen dazu, wie man mit einer Extension verschiedene Arten von zusätzlichen Inhalten, z.B. einer Gallery mit Bildern, für seine Anwender zur Verfügung stellen kann. Das HowTo enthält auch Hinweise auf entsprechende für die einzelnen Arten dieser Non-Code-Extensions für LibreOffice. Diese habe ich meinem Github-Repository erstellt. Die Links zu Ihnen werden im HowTo jeweils genannt.
Die neue Version des HowTo können Sie von meiner Webseite über folgenden Link herunterladen:
https://amantke.de/wp-content/uploads/2021/04/extensionsbook20210417.pdf

Zwischenzeitlich habe ich auch noch an einer PythonQT-Anwendung gearbeitet, über die sich die entsprechenden LibreOffice Non-Code-Extensions (Inhalte-Erweiterungen) über eine Benutzeroberfläche erstellen lassen. Diese Anwendung können Sie aus dem Python Package Index (PyPI) herunterladen bzw. mit Pip installieren (empfohlen in einer virtuellen Python3-Umgebung):
https://pypi.org/project/liboextensioncreator/

Activity Of A Project By Mails On The Project Organization List

I made a quick calculation of the emails that were sent to the project organization list of the LibreOffice germanophone project (de-discuss-list). I looked at the number of mailing addresses which were subscribed to the list and the number of postings during one year from 2015 to 2020. I started with the numbers from 2015-06-14 and my calculation endet with the numbers from 2020-06-21.

The number of mailing addresses subscribed to the list:
– June 2015: 198 addresses
– June 2016: 208 addresses
– June 2017: 204 addresses
– June 2018: 208 addresses
– June 2019: 210 addresses
– June 2020: 221 addresses

I calculated the number of mails during one year since June 2015:
– June 2015 to June 2016: 1208 new mails
– June 2016 to June 2017: 1281 new mails
– June 2017 to June 2018: 1087 new mails
– June 2018 to June 2019: 865 new mails
– June 2019 to June 2020: 699 new mails

Although the number of mail addresses subscribed to the list increased during the period (with one exception) the number of new mails declined dramatically to approximately 54 percent. Thus the communication inside the open source project went alarming down.

Update December 2020

I looked again on the numbers on the mailing list of the germanophone project to get an impression, if there is some change in the direction. But I had to state that the numbers develop in the same direction further:
– December 2019 to December 2020: 514 new mails

Although the number of inscribed mail addresses increases from 213 to 222 the communication inside the open source project went down further.

New Releases Of TDF.Templateuploadcenter and TDF.Extensionuploadcenter

I worked on some improvements of the code of the Plone add-ons tdf.templateuploadcenter and tdf.extensionuploadcenter. This add-ons were used to drive the current LibreOffice extensions and templates website.

I moved all unicode strings to ‘safe_unicode’ strings to make it more smooth to migrate the content of the current website to the current version of Plone, 5.2, and Python 3.x.

I published a new release of the add-on tdf.templateuploadcenter (https://pypi.org/project/tdf.templateuploadcenter/) on the Cheeseshop (https://pypi.org) during the weekend. Today I submitted a new release of the add-on tdf.extensionuploadcenter on the Cheeseshop (https://pypi.org/project/tdf.extensionuploadcenter/).

The source code of both Plone add-ons is available in their Github repositories:
https://github.com/andreasma/tdf.templateuploadcenter
https://github.com/andreasma/tdf.extensionuploadcenter