Commit Graph

38 Commits

Author SHA1 Message Date
Daniel Schreiber
fc33fa599d Fix: File permissions in packages should not depend on umask of build system
If the build system for packages has a umask of `0077`, cloned
repositories will have no permissions for group and other. As the build
scripts for some packages just copy from clone git repos, this will
preserve the permissions in the package and prevent the following
services from startup:

* `bbb-html5`
* `etherpad`
* `bbb-pads`
* `bbb-export-annotations`
* `bbb-rap-*`

This patch grants everyone read permissions to the code in the packages.
2024-05-28 16:24:27 +02:00
Daniel Petri Rocha
6f86883324
Bump importExportRateLimiting to 32
Allows up to 32 export requests within a 90 second window in Etherpad.
2023-11-14 20:03:23 +01:00
Anton Georgiev
eae34304be build: fix nodejs version paste error in #18686 2023-09-02 06:49:29 -04:00
Anton Georgiev
89d17ff639 build: require node 18 to install bbb packages 2023-09-01 08:19:50 -04:00
danielpetri1
26dea6076a Fix permission issue with Etherpad 1.9.1
A zero-width-space is used to work around an issue with Etherpad 1.9.1 where empty pads are not being created.
2023-07-04 21:37:20 +00:00
Calvin Walton
9ecea0804e nginx config: Allow overriding the $scheme variable
The etherpad component's nginx configuration needs to know the request
scheme in order to set some variables that influence whether the
'Secure' flag is set on cookies. Right now it directly uses the $scheme
variable, but this variable does not get set to the expected value if
nginx is behind a reverse-proxy where the proxy handles TLS termination.

Adjust the etherpad nginx config to use a variable with a different name
$real_scheme, which can be set in the nginx server block to match the
configuration of the nginx listeners.

This variable is set to the value of $scheme in the default
/etc/sites-available/bigbluebutton file. The bbb-install.sh script will
be updated to set this variable in the configurations it writes.

People using other installation scripts will need to add this variable
to their nginx configuration file, or etherpad might not operate correctly.
2023-04-25 17:13:24 -04:00
Anton Georgiev
e4f9d6f6f8
Merge pull request #15884 from danielpetri1/etherpad-language
fix(locale): Remove 'Import' as option from shared notes UI
2022-12-22 13:09:25 -05:00
Daniel Petri Rocha
f7952fa256 Allow 16 simultaneous exports; remove timeout behavior 2022-11-03 18:09:48 +01:00
Daniel Petri Rocha
6338a901a2 Remove 'Import' as option from shared notes UI 2022-10-21 21:34:27 +02:00
Ramon Souza
db5ac1428a Merge tag 'v2.5.3' into merge25-26-jul14 2022-07-15 11:08:02 -03:00
Daniel Molkentin
a7f43ba2b8 Merge remote-tracking branch 'origin/v2.6.x-release' into bbb-target 2022-06-27 17:03:01 +02:00
Daniel Schreiber
1a12514b61 Fix(build): add service dependency to redis for several services
* fix unit name: the unit name on Ubuntu is `redis-server.service`
* services which need a working redis require both After= and Wants=

See the description in the `systemd.unit` man page.
2022-05-29 22:31:03 +02:00
Daniel Schreiber
dfd93e7959 Fix etherpad session authentication to work in cluster setups
Etherpad uses the sessionID cookie for authorization. In cluster setups the
host part of the URI which serves the html5 frontend is different from
the hostname part of the URI which serves etherpad. Therefore the
bbb-html5 client can't set a cookie for etherpad which contains the
etherpad sessionID.

This patch uses the `ep_auth_session` etherpad plugin which takes the
`sessionID` as query parameter, sets the cookie in the browser and
redirects the iframe to the pad URI.
2022-05-16 07:40:42 +02:00
Anton Georgiev
97dbc1aeb6
Merge branch 'v2.5.x-release' into bbb-target 2022-04-01 14:21:15 -04:00
Anton Georgiev
33a2dd566c build: do not delete .nginx file, it is removed on upgrade too 2022-03-18 19:02:46 +00:00
Daniel Molkentin
91c882862e fix paste error 2022-03-17 16:06:42 +01:00
Daniel Molkentin
9f833a4760 Introduce bigbluebutton.target 2022-03-17 11:35:42 +01:00
Pedro Beschorner Marin
06397cae49 build(etherpad): forbid userName argument
Since bbb-pads user's name is set internally by akka-apps and bbb-pads internal
credentials exchange. Yet, Etherpad's embedded URL params still work and the user
could use it to ovewrite.

Use nginx rules to block an access attempt that contains the userName argument.
2022-03-16 12:48:08 -03:00
Anton Georgiev
d00d6a0323
Merge pull request #14600 from bigbluebutton/transition-to-focal
!build and conf: Upgrade Ubunto to 20.04
2022-03-16 08:54:56 -04:00
Anton Georgiev
4e6b0a608e refactor: store nginx files in /usr/share/bigbluebutton/nignx not /etc/bigbluebutton/nginx 2022-03-15 01:42:28 +00:00
Anton Georgiev
7147045a82 build: renamed opts-bionic to -focal 2022-03-14 18:53:35 +00:00
Anton Georgiev
d20e276b58 build: bbb-etherpad set npm to 6.14.11 2022-03-12 20:53:17 +00:00
Anton Georgiev
95ad4afc98 build: bbb-etherpad add logs; comment out #14583 2022-03-11 16:04:42 -05:00
Anton Georgiev
fc071568c4 build: bbb-etherpad missing deps, hacky rm package.json 2022-03-11 18:45:01 +00:00
Ramón Souza
ae5e116e16 Merge remote-tracking branch 'upstream/v2.4.x-release' into merge-24-25-mar09 2022-03-09 20:40:07 +00:00
Max Franke
36e3db4625 fix(etherpad): avoid icons overlapping 2022-03-09 11:29:34 -03:00
Pedro Beschorner Marin
93767d19fe build(etherpad): v1.8.17
Update Etherpad version and settings file.
2022-03-07 17:16:52 -03:00
Pedro Beschorner Marin
f9030bb185
build(etherpad): add soffice path
Enable PDF, ODT and DOCX Etherpad's content exportation.
2022-02-03 17:48:24 -03:00
Anton Georgiev
8237862117 build: resolve conflicts opts dependencies 2022-01-27 19:18:59 +00:00
Ramón Souza
16cd3c4ebb Merge remote-tracking branch 'upstream/v2.4.x-release' into dev-24-0125 2022-01-25 16:56:52 +00:00
moonlies
f057671122 fix missing directory error for etherpad installation 2022-01-22 23:35:07 +01:00
Pedro Beschorner Marin
810deb907b refactor(etherpad): access control et al.
Move all Etherpad's access control from Meteor to a separated [Node application](https://github.com/bigbluebutton/bbb-pads).
This new app uses [Etherpad's API](https://etherpad.org/doc/v1.8.4/#index_overview)
to create groups and manage session tokens for users to access them. Each group
represents one distinct pad at the html5 client.

- Removed locked users' access to pads: replaced readOnly pad's access with a new pad's content sharing routine
- Pad's access is now controlled by [Etherpad's API](https://etherpad.org/doc/v1.8.4/#index_overview)
- Closed captions edited content now reflects at it's live feedback
- Improved closed caption's dictation mode live feedback
- Moved all Etherpad's API control from Meteor to a separated [app](https://github.com/bigbluebutton/bbb-pads)
- Included access control both in akka-apps and bbb-pads
2022-01-21 16:56:01 -03:00
Daniel Schreiber
5cce940346 Fix: ensure services can't modify their code
Code should be owned by root, so an attacker cannot modify it. The same
should apply to systemd unit files.

closes #11752
closes #10831
2022-01-16 18:10:09 +01:00
Ramón Souza
f6e65f58c5 merge 2.4 into develop and resolve conflicts - partial 2022-01-12 16:40:45 +00:00
Anton Georgiev
62040bdcb3 build: use official ep_cursortrace 2021-12-20 14:35:43 +00:00
Pedro Beschorner Marin
d592c11062 build(etherpad): bump v1.8.16 2021-12-16 15:04:26 -03:00
Anton Georgiev
a69d74e659 build: etherpad cursortrace mconf 2021-10-12 21:24:14 +00:00
Johannes Barthel
6c8525ef54 initial public version 2021-08-13 12:53:18 +02:00