Rocky Linux, RHEL and LibreOffice

Hi,
I am happily running Rocky Linux Workstation 8.5 as my day to day personal desktop.

I use LibreOffice (LO) daily and noticed it is version 6.4.7.2.

Knowing that LO is now in version 7, I had assumed that 6.4.7.2 is some long term support version.
But is seems not to be.

From:

It says:

Older versions of LibreOffice (no longer updated!) are available in the archive

and version 6.4.7.2 is in that archive and so I presume no longer updated. I had read that it stopped being supported at the end of 2020.

Which means my LO 6.4.7.2 is not longer maintained or updated and might have security issues.

And this made me wonder why RHEL 8.5 would use and outdated LO 6.4.7.2.

(I am assuming that RL 8.5 uses LO 6.4.7.2 because RHEL 8.5 uses it )

I had presumed that in RHEL 8, supported till 2029, that packages like LO would be updated as needed and older out of date versions would not be used.

But that seems not to be the case…

Why would RHEL use an out of date / unmaintained version of LibreOffice, that could have security issues?

Should I uninstall LO 6.4.7.2 and install LO 7.x?, as eg described here:

If RHEL is using out of date LO then maybe it is using a lot of other out of date packages - is this a significant security risk?

Thanks ahead of time.

By its nature, a significant amount of RHEL (and Rocky) consists of older versions of various software. The latest shiny thing isn’t what Enterprise Linux is all about.

Having said that, even though the version numbers may make the software appear to be outdated, things like security fixes are usually back-ported by the fine folks at Red Hat.

@ FrankCox,
I am aware that RL has older software and specifically switched away from Fedora because I did not want the latest versions of various software (shiny things I believe you call them) due to breakages.

I did not know RHEL backports security fixes - I will try to find out if they have done that with LO 6.4.7.2 specifically.

Red Hat describes their backport/version practice:

They can support their branches way past upstream EOL. For example, they maintain python 2.7 up to June 2024, because RHEL 7 depends on it and offer 2.7 as application stream for RHEL 8 too (up to 2024):

Red Hat does occasionally backport features from upstream. I’ve seen that happen in kernel and GCC.
They do occasionally rebase too. Lets see which versions one of my (CentOS/Alma) has seen:

$ dnf history info libreoffice-core | grep libreoffice-core | grep -v Upgraded
    Upgrade     libreoffice-core-1:6.4.7.2-5.el8.alma.x86_64      @appstream
    Upgrade   libreoffice-core-1:6.4.7.2-5.el8.x86_64             @appstream
    Upgrade   libreoffice-core-1:6.3.6.2-3.el8.x86_64             @appstream
    Upgrade   libreoffice-core-1:6.0.6.1-20.el8.x86_64            @AppStream
    Upgrade   libreoffice-core-1:6.0.6.1-19.el8.x86_64            @cr
    Install libreoffice-core-1:6.0.6.1-13.el8.x86_64              @c8-media-AppStream

See how version “6.0.6” was not set in stone?

That said, the latest update to libreoffice was in Feb 2021:

$ rpm -q --changelog libreoffice-core | head
* Sun Apr 11 2021 Andrew Lukoshko <alukoshko@almalinux.org> - 1:6.4.7.2-5.alma
- Debrand About window and palette

* Wed Feb 03 2021 Caolán McNamara <caolanm@redhat.com> - 1:6.4.7.2-5
- Resolves: rhbz#1924619 bad insertion of emoji

* Mon Nov 09 2020 Caolán McNamara <caolanm@redhat.com> - 1:6.4.7.2-4
- Resolves: rhbz#1889801 rebuild for poppler

* Thu Oct 29 2020 Caolán McNamara <caolanm@redhat.com> - 1:6.4.7.2-3

Peeking into CentOS Stream 8 we see that there is: libreoffice-core-6.4.7.2-8.el8.x86_64.rpm with date: 2021-12-13
That, or later version, will go into RHEL 8.6 and hence Rocky – most likely next May.

If you absolutely need features of LibreOffice 7, then find third-party repo that has packaged it for EL8 or use snap/flatpak (whatever they are).
Luckily LibreOffice is not essential – only humans need it, AFAIK. Therefore, it is easier/safer to replace.

Libreoffice actually has a headless mode where you can use it to layouts and/or file conversions from other programs or from the commandline.

Having said that, I’ve never actually used it that way myself. But it’s there.

Hi @ jlehtone,

Wow, thanks so much for providing all this information.

I had searched for this type of information before posting, and could not find anything relevant, so your post is very helpful.

I had been searching for exactly something like:

But did not know it was called “backporting” and so I did not use this term in my search and hence did not find.

Is also extremely helpful to me.

I was not even aware that I could do:

dnf history info libreoffice-core | grep libreoffice-core | grep -v Upgraded

or:

rpm -q --changelog libreoffice-core | head

And for you to point out these commands exceeds what I was expecting to get as an answer to my original post and is for me a great learning experience about how things get updated, and about Rocky.

Running:

rpm -q --changelog libreoffice-core | head

On Rocky gives:

* Sat Dec 11 2021 Release Engineering <releng@rockylinux.org> - 6.4.7.2-5.2.rocky
- Remove Red Hat branding
- Change vendor to RESF

* Wed Feb 03 2021 Caolán McNamara <caolanm@redhat.com> - 1:6.4.7.2-5
- Resolves: rhbz#1924619 bad insertion of emoji

* Mon Nov 09 2020 Caolán McNamara <caolanm@redhat.com> - 1:6.4.7.2-4
- Resolves: rhbz#1889801 rebuild for poppler

Which like you pointed out, shows the update done in Feb 2021, etc, and alleviates my concern about RHEL / RL having out of date packages from a security point of view.

Thanks again very much for your post. (Marked as Solution).

Any package provided in RHEL / RL will be supported for the life o RHEL. So no worries there. If you want the very latest LibreOffice the flatpak from flathub works great.

Hi @ tkuraku,
Thanks for taking the time to post and letting me know.

It is also possible to let the stock LO install on Rocky alone and install a more recent ‘shiny’ version using the method described here: Installing several versions of LibreOffice in parallel - The Document Foundation Wiki. I routinely do this to get newer versions with better compatibility with docx documents and of course all the new functionality. If you are careful when installing and also do the Gnome integration you will end up with a truly parallel install ending with two versions appearing in application menus and desktop icons and the new version can be used as the default version (change it in nautilus).

Hi @ ank99,
Good to know, thanks