Package Details: onlyoffice 8.3.2-1

Git Clone URL: https://aur.archlinux.org/onlyoffice.git (read-only, click to copy)
Package Base: onlyoffice
Description: An office suite that combines text, spreadsheet and presentation editors allowing to create, view and edit local documents
Upstream URL: https://www.onlyoffice.com/desktop.aspx
Licenses: AGPL-3.0-only
Conflicts: onlyoffice-bin, onlyoffice-git
Submitter: kxxt
Maintainer: kxxt
Last Packager: kxxt
Votes: 2
Popularity: 0.021725
First Submitted: 2024-07-26 09:42 (UTC)
Last Updated: 2025-03-21 11:07 (UTC)

Required by (0)

Sources (24)

Pinned Comments

kxxt commented on 2024-07-26 09:48 (UTC)

Pull requests are welcome here: https://github.com/kxxt/aur-onlyoffice

You can also report issues at the GitHub repo.

Latest Comments

« First ‹ Previous 1 2

kxxt commented on 2024-09-03 14:12 (UTC)

Since Qt5 is now already outdated,

Yes, every dependency onlyoffice uses is outdated. They even use v8 8.9 that doesn't include any security patches. They also uses outdated CEF binary downloaded from an http url and doesn't check its integrity at all. Even worse, that CEF binary might be closed source as suggested by dbermond in https://github.com/ONLYOFFICE/DesktopEditors/issues/1664

I would advise anyone who uses onlyoffice to avoid opening any untrusted documents with it. It appears that onlyoffice upstream doesn't care about security at all. See https://github.com/ONLYOFFICE/DesktopEditors/issues/1664 for more details

can you switch to Qt6, or drop Qt support, or rename the package to onlyoffice-qt5 (and adding proper provides=("onlyoffice=${pkgver}"), conflicts=("onlyoffice"))?

@dreieck That's no really up to me. AFAIK onlyoffice only supports and requires qt5 and it does not support building with qt6. But if you can put together a patch for qt6 support, I would recommend you to open a PR in onlyoffice repo. Thanks!

kxxt commented on 2024-09-03 13:56 (UTC)

Can you also pin onlyoffice-core git repository, and all the other unversioned git repositories you use, to a specific commit, please?

That's no necessary because ./configure.py --branch "v$pkgver" will checkout the git repos to the correct revision. But having said that, I didn't verify whether that script really achieves that. I don't put too much trust on the onlyoffice upstream now. I agree that pinning them in sources would be an improvement.

dreieck commented on 2024-09-03 12:25 (UTC)

Since Qt5 is now already outdated, can you

  • switch to Qt6, or
  • drop Qt support, or
  • rename the package to onlyoffice-qt5 (and adding proper provides=("onlyoffice=${pkgver}"), conflicts=("onlyoffice"))?

Regards!

dreieck commented on 2024-09-03 12:21 (UTC)

Can you also pin onlyoffice-core git repository, and all the other unversioned git repositories you use, to a specific commit, please?

Since this here is not a VCS package but a fixed version package, users should expect to get the same source for the same $pkgver.

Regards and thanks for the package!

kxxt commented on 2024-07-26 09:48 (UTC)

Pull requests are welcome here: https://github.com/kxxt/aur-onlyoffice

You can also report issues at the GitHub repo.

« First ‹ Previous 1 2