[packages/nagios-theme-exfoliation] Rel 4; add remove-information-leak.patch from nagios here, too

Thu Aug 1 12:45:41 CEST 2024

commit 717987b87c4d441a720eec988ea2dca29d174f96
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date:   Thu Aug 1 11:48:07 2024 +0200

    Rel 4; add remove-information-leak.patch from nagios here, too

 nagios-theme-exfoliation.spec |   4 +-
 remove-information-leak.patch | 140 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 143 insertions(+), 1 deletion(-)
---

diff --git a/nagios-theme-exfoliation.spec b/nagios-theme-exfoliation.spec
index 2b31902..61f0b6e 100644
--- a/nagios-theme-exfoliation.spec
+++ b/nagios-theme-exfoliation.spec
@@ -1,13 +1,14 @@
 Summary:	Exfoliation Nagios theme
 Name:		nagios-theme-exfoliation
 Version:	4.5.3
-Release:	3
+Release:	4
 License:	GPL v2+
 Group:		Applications/WWW
 # https://www.nagios.org/downloads/nagios-core/thanks/?product_download=nagioscore-source
 Source0:	https://assets.nagios.com/downloads/nagioscore/releases/nagios-%{version}.tar.gz
 # Source0-md5:	b77fd2fb656245dd0097c8e7b1310d3e
 Patch0:		system-jquery.patch
+Patch1:		remove-information-leak.patch
 URL:		http://lancet.mit.edu/mwall/projects/nagios/exfoliation.html
 BuildRequires:	sed >= 4.0
 Requires:	jquery >= 3.7.1
@@ -28,6 +29,7 @@ Exfoliation is a simple makeover for the Nagios Core web interface.
 %setup -qc
 cd nagios-%{version}
 %patch0 -p1
+%patch1 -p1
 cd ..
 mv nagios-%{version}/contrib/exfoliation/* .
 # need some files from nagios tarball the way themes are made
diff --git a/remove-information-leak.patch b/remove-information-leak.patch
new file mode 100644
index 0000000..b1a1f49
--- /dev/null
+++ b/remove-information-leak.patch
@@ -0,0 +1,140 @@
+diff -urN nagios-4.5.3.org/cgi/extinfo.c nagios-4.5.3/cgi/extinfo.c
+--- nagios-4.5.3.org/cgi/extinfo.c	2024-06-11 16:50:20.000000000 +0200
++++ nagios-4.5.3/cgi/extinfo.c	2024-08-01 10:36:50.536637843 +0200
+@@ -557,27 +557,6 @@
+ 		printf("<LINK REL='stylesheet' TYPE='text/css' HREF='%s%s'>\n", url_stylesheets_path, NAGFUNCS_CSS);
+ 		}
+ 
+-	if (display_type == DISPLAY_HOST_INFO)
+-		vidurl = "https://www.youtube.com/embed/n3QEAf-MxY4";
+-	else if(display_type == DISPLAY_SERVICE_INFO)
+-		vidurl = "https://www.youtube.com/embed/f_knwQOS6FI";
+-
+-	if (enable_page_tour == TRUE && vidurl) {
+-		printf("<script type='text/javascript' src='%s%s'></script>\n", url_js_path, JQUERY_JS);
+-		printf("<script type='text/javascript' src='%s%s'></script>\n", url_js_path, NAGFUNCS_JS);
+-		printf("<script type='text/javascript'>\n");
+-		printf("var vbox, vBoxId='extinfo%d', vboxText = "
+-				"'<a href=https://www.nagios.com/tours target=_blank>"
+-				"Click here to watch the entire Nagios Core 4 Tour!</a>';\n",
+-				display_type);
+-		printf("$(document).ready(function() {\n"
+-				"var user = '%s';\nvBoxId += ';' + user;\n",
+-				current_authdata.username);
+-		printf("vbox = new vidbox({pos:'lr',vidurl:'%s',text:vboxText,"
+-				"vidid:vBoxId});\n", vidurl);
+-		printf("});\n</script>\n");
+-		}
+-
+ 	printf("</head>\n");
+ 
+ 	printf("<body CLASS='extinfo'>\n");
+diff -urN nagios-4.5.3.org/cgi/status.c nagios-4.5.3/cgi/status.c
+--- nagios-4.5.3.org/cgi/status.c	2024-06-11 16:50:20.000000000 +0200
++++ nagios-4.5.3/cgi/status.c	2024-08-01 10:36:50.539971176 +0200
+@@ -556,31 +556,8 @@
+ 	/* JS function to append content to elements on page */
+ 	printf("<script type='text/javascript'>\n");
+ 	if (enable_page_tour == TRUE) {
+-		printf("var vbox, vBoxId='status%d%d', vboxText = "
+-				"'<a href=https://www.nagios.com/tours target=_blank>"
+-				"Click here to watch the entire Nagios Core 4 Tour!</a>';\n",
+-				display_type, group_style_type);
+ 		printf("$(document).ready(function() {\n"
+ 				"$('#top_page_numbers').append($('#bottom_page_numbers').html() );\n");
+-		if (display_type == DISPLAY_HOSTS)
+-			vidurl = "https://www.youtube.com/embed/ahDIJcbSEFM";
+-		else if(display_type == DISPLAY_SERVICEGROUPS) {
+-			if (group_style_type == STYLE_HOST_DETAIL)
+-				vidurl = "https://www.youtube.com/embed/nNiRr0hDZag";
+-			else if (group_style_type == STYLE_OVERVIEW)
+-				vidurl = "https://www.youtube.com/embed/MyvgTKLyQhA";
+-		} else {
+-			if (group_style_type == STYLE_OVERVIEW)
+-				vidurl = "https://www.youtube.com/embed/jUDrjgEDb2A";
+-			else if (group_style_type == STYLE_HOST_DETAIL)
+-				vidurl = "https://www.youtube.com/embed/nNiRr0hDZag";
+-		}
+-		if (vidurl) {
+-			printf("var user = '%s';\nvBoxId += ';' + user;",
+-				 current_authdata.username);
+-			printf("vbox = new vidbox({pos:'lr',vidurl:'%s',text:vboxText,"
+-					"vidid:vBoxId});\n", vidurl);
+-		}
+ 		printf("});\n");
+ 		}
+ 	printf("function set_limit(url) { \nthis.location = url+'&limit='+$('#limit').val();\n  }\n");
+diff -urN nagios-4.5.3.org/cgi/tac.c nagios-4.5.3/cgi/tac.c
+--- nagios-4.5.3.org/cgi/tac.c	2024-06-11 16:50:20.000000000 +0200
++++ nagios-4.5.3/cgi/tac.c	2024-08-01 10:36:50.539971176 +0200
+@@ -308,17 +308,7 @@
+ 
+ 	if (enable_page_tour == TRUE) {
+ 		printf("<script type='text/javascript' src='%s%s'></script>\n", url_js_path, NAGFUNCS_JS);
+-
+-		printf("<script type='text/javascript'>\nvar vbox, vBoxId='tac', "
+-				"vboxText = '<a href=https://www.nagios.com/tours target=_blank>"
+-				"Click here to watch the entire Nagios Core 4 Tour!</a>';\n");
+-		printf("$(document).ready(function() {\n"
+-				"var user = '%s';\nvBoxId += ';' + user;", current_authdata.username);
+-		printf("vbox = new vidbox({pos:'lr',"
+-				"vidurl:'https://www.youtube.com/embed/l20YRDhbOfA',text:vboxText,"
+-				"vidid:vBoxId});");
+-		printf("\n});\n</script>\n");
+-		}
++	}
+ 
+ 
+ 
+diff -urN nagios-4.5.3.org/html/main.php nagios-4.5.3/html/main.php
+--- nagios-4.5.3.org/html/main.php	2024-06-11 16:50:20.000000000 +0200
++++ nagios-4.5.3/html/main.php	2024-08-01 10:36:50.539971176 +0200
+@@ -19,20 +19,7 @@
+ 
+ <script type='text/javascript'>
+ 	var cookie;
+-	<?php if ($cfg["enable_page_tour"]) { ?>
+-		var vbox;
+-		var vBoxId = "main";
+-		var vboxText = "<a href=https://www.nagios.com/tours target=_blank> " +
+-						"Click here to watch the entire Nagios Core 4 Tour!</a>";
+-	<?php } ?>
+ 	$(document).ready(function() {
+-		var user = "<?php echo htmlspecialchars($_SERVER['REMOTE_USER']); ?>";
+-
+-		<?php if ($cfg["enable_page_tour"]) { ?>
+-			vBoxId += ";" + user;
+-			vbox = new vidbox({pos:'lr',vidurl:'https://www.youtube.com/embed/2hVBAet-XpY',
+-								text:vboxText,vidid:vBoxId});
+-		<?php } ?>
+ 		loadRemoteFeed( // Our top banner splash.
+ 			'#splashbox0-contents', 'corebanner', 1,
+ 			'', processBannerItem, ''
+@@ -59,7 +46,6 @@
+ 			crossDomain: true,
+ 			success: function(d, status, jqXHR) {
+ 				// We should have Internet access, set the playlist HTML.
+-				initializePlaylist();
+ 
+ 				var text = ''; // Start with empty text by default.
+ 
+@@ -94,19 +80,6 @@
+ 			: '';
+ 	}
+ 
+-
+-	// Set our playlist HTML when we know we have Internet access.
+-	var playlistInitialized = false;
+-	function initializePlaylist() {
+-		if (!playlistInitialized) {
+-			playlistInitialized = true;
+-			$('#splashbox3')
+-				.addClass('splashbox3-full')
+-				.removeClass('splashbox3-empty')
+-				.html('<iframe width="100%" height="100%" src="//www.youtube.com/embed/videoseries?list=PLN-ryIrpC_mCUW1DFwZpxpAk00i60lSkE&iv_load_policy=3&rel=0" frameborder="0" allowfullscreen></iframe>');
+-		}
+-	}
+-
+ 	// Get the daemon status JSON.
+ 	function getCoreStatus() {
+ 		setCoreStatusHTML('passiveonly', 'Checking process status...');
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/nagios-theme-exfoliation.git/commitdiff/717987b87c4d441a720eec988ea2dca29d174f96

