2023-01-25 21:40:15
2023-01-24 19:24:19
2023-01-24 19:24:19
2664591
ilyess reshared this.
Does anyone know if there is a decent #FOSS solution to editing #LibreOffice documents (particularly spreadsheets) on an #Android device? Bonus points if it works nicely with #NextCloud. I've come across collabora, but it seems proprietary.
like this
Ade Malsasa Akbar, Joël de Bruijn and Earthshine like this.
reshared this
Coffee β, Jeff MacKinnon, Ade Malsasa Akbar, Joël de Bruijn and James P. :os_arch: :xfce: reshared this.
2022-12-12 22:55:29
2022-12-09 14:16:42
2022-12-09 14:16:42
2021626
ZZ Bottom reshared this.
like this
ZZ Bottom, thamespirat and Miander like this.
reshared this
Susan βΆβΆβΆβΆ and Christoph S reshared this.
My recommendation is threefold:
1) Do you think that you read unknown-soured ebooks/pdfs regularly, and importantly, what's your existing threat model around those?
2) Giving F-Droid's proclivity for not disclosing the bug - can you be sure that the known issue is relevant?
3) What is the feature you like about Libera Reader?
1) Do you think that you read unknown-soured ebooks/pdfs regularly, and importantly, what's your existing threat model around those?
2) Giving F-Droid's proclivity for not disclosing the bug - can you be sure that the known issue is relevant?
3) What is the feature you like about Libera Reader?
@silverwizard Some of my epubs cone from my local peg-legged friend, so something malicious being injected is not out of the realm of possibility.
I spent a long time finding a FOSS ereader that was usable. It was a while ago, so I don't exactly remember the specific criticisms of the others I'd tried.
I remember there was one where the right ~5% of the page would render off-screen.
I just want something I can read with and will remember my page on each book.
I spent a long time finding a FOSS ereader that was usable. It was a while ago, so I don't exactly remember the specific criticisms of the others I'd tried.
I remember there was one where the right ~5% of the page would render off-screen.
I just want something I can read with and will remember my page on each book.
To be clear here: I use Libera because it's the only one that seems "mostly fine" in FDroid
Jonathan Lamothe likes this.
@silverwizard This was my experience as well.
The libera issue seems to link back to: https://github.com/SufficientlySecure/document-viewer/issues/277
From here: https://divestos.org/misc/appsec.txt
From here: https://github.com/foobnix/LibreraReader/issues/1030
So - basically - there's a chance you might trip over an unrisk analyzed CVE in an unlikely path that's used only sometimes on older devices.
These issues are:
https://github.com/advisories/GHSA-hh5m-fj6m-hwjp bad XPS file (I have never fed one into my PDF reader), and appears to be a crash, and only on Windows
https://github.com/advisories/GHSA-6xp9-rj6v-fx2r the exact same issue but different vector, also Windows only
https://github.com/advisories/GHSA-9jxc-7cqj-8cgc a repeat of the above, also only on windows
https://github.com/advisories/GHSA-gqv2-4ghg-ccgm this is an actual integer overflow - https://nvd.nist.gov/vuln/detail/CVE-2017-15587 shows that there's no known exploit or POC, so you might be only able to crash the app container - though it's possibly exploitable
OK! So there's a potentially problematic bug, in a fallback PDF renderer
This really feels like anti-security - since it's not a static code analysis, and just a specific report for *any* CVEs, not even relevant CVEs.
Personally? I'd wait for a fix and possibly stop running windows.
From here: https://divestos.org/misc/appsec.txt
From here: https://github.com/foobnix/LibreraReader/issues/1030
So - basically - there's a chance you might trip over an unrisk analyzed CVE in an unlikely path that's used only sometimes on older devices.
These issues are:
https://github.com/advisories/GHSA-hh5m-fj6m-hwjp bad XPS file (I have never fed one into my PDF reader), and appears to be a crash, and only on Windows
https://github.com/advisories/GHSA-6xp9-rj6v-fx2r the exact same issue but different vector, also Windows only
https://github.com/advisories/GHSA-9jxc-7cqj-8cgc a repeat of the above, also only on windows
https://github.com/advisories/GHSA-gqv2-4ghg-ccgm this is an actual integer overflow - https://nvd.nist.gov/vuln/detail/CVE-2017-15587 shows that there's no known exploit or POC, so you might be only able to crash the app container - though it's possibly exploitable
OK! So there's a potentially problematic bug, in a fallback PDF renderer
This really feels like anti-security - since it's not a static code analysis, and just a specific report for *any* CVEs, not even relevant CVEs.
Personally? I'd wait for a fix and possibly stop running windows.
Jonathan Lamothe likes this.
@silverwizard I'm not sure how that constitutes a "security vulnerability" tbh. More of a potential nuisance than anything else.
Integer overflow might become a stack escape, which, if you can figure out how to control ASLR, might become a real bug
Also, integer overflows might let you read random memory.
It's basically a case of "this is a vulnerability that could become a thing, and might already be a thing, but this is the root cause if it's a thing"
But I'm not aware of a criminal muPDF gang exploiting 5 year old muPDFs for the sweet sweet keys.
Since - uh - ebook pirates running muPDF probably isn't a large enough demographic for criminals
Edit:
This is why you really need to say *what* CVEs are involved, and what issues are the actual issues. Since just randomly saying "A security vulnerability" for both "Can turn on your camera while powered off, without turning on the camera light" and "There's an unexploited integer overflow" is just security theatre
Also, integer overflows might let you read random memory.
It's basically a case of "this is a vulnerability that could become a thing, and might already be a thing, but this is the root cause if it's a thing"
But I'm not aware of a criminal muPDF gang exploiting 5 year old muPDFs for the sweet sweet keys.
Since - uh - ebook pirates running muPDF probably isn't a large enough demographic for criminals
Edit:
This is why you really need to say *what* CVEs are involved, and what issues are the actual issues. Since just randomly saying "A security vulnerability" for both "Can turn on your camera while powered off, without turning on the camera light" and "There's an unexploited integer overflow" is just security theatre
This entry was edited (9 months ago)
@Osaka I'll give it a go. As long as it's legible and remembers where I am in my books, that's about all I need.
@Osaka Hmm, it also seems to lack a dark mode... which admittedly Libera only achieved by reversing the colours.
@Osaka I have confirmed that it does retain the last page you were on in your document. The lack of a dark mode irks me, but isn't a deal breaker (though I may have to forego reading in bed while my wife's asleep).
this is because the fdroid auto build tool chain is outdated but it's gonna be fixed soon as far as I know
or wait, is there a post with more info about it? Maybe I am confusing myself
silverwizard likes this.
This one is because Libera uses an outdated build of MuPDF because of compat with older phones, according to the GitHub issues
KOReader in F-Droid works very well after becoming familiar with the UI
@gradaigh When I tried KOReader, it would immediately crash every time I opened it.
Would you be able to share the details about it? I like Libera Reader and haven't headed about the bug (yet)
This website uses cookies. If you continue browsing this website, you agree to the usage of cookies.
Coffee β
•One option is to install UserLAnd and a VNC client so you can install Debian so you can install and run actual LibreOffice.
Coffee β
•https://f-droid.org/packages/com.gaurav.avnc/
(for example - multiple options exist)
UserLAnd | F-Droid - Free and Open Source Android App Repository
f-droid.orgJonathan Lamothe
Russ O β€ πΊπ¦
•Total Sonic Media
•Collabora Online
GitHubDave Lane π³πΏ
•Dave Lane π³πΏ
•Steffen VoΓ
•Dave Lane π³πΏ
•Steffen VoΓ
•How to use Edit Files with LibreOffice app in Nextcloud
YouTubeJonathan Lamothe