[packages/nagios] Rel 5; and another approach to make it more robust

arekm arekm at pld-linux.org
Sat Mar 21 17:34:35 CET 2026 

commit 8e728ce2daf5962d779be67fa44db203bd281b39
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date:   Sat Mar 21 17:34:25 2026 +0100

    Rel 5; and another approach to make it more robust

 nagios-resilient-refresh.patch | 80 ++++++++++++++++++------------------------
 nagios.spec                    |  2 +-
 2 files changed, 36 insertions(+), 46 deletions(-)
---
diff --git a/nagios.spec b/nagios.spec
index bd749c5..9600784 100644
--- a/nagios.spec
+++ b/nagios.spec
@@ -13,7 +13,7 @@ Summary(pl.UTF-8):	Program do monitorowania serwerów/usług/sieci
 Summary(pt_BR.UTF-8):	Programa para monitoração de máquinas e serviços
 Name:		nagios
 Version:	4.5.11
-Release:	4
+Release:	5
 License:	GPL v2+
 Group:		Networking
 # https://www.nagios.org/downloads/nagios-core/thanks/?product_download=nagioscore-source
diff --git a/nagios-resilient-refresh.patch b/nagios-resilient-refresh.patch
index 15737ca..67158d4 100644
--- a/nagios-resilient-refresh.patch
+++ b/nagios-resilient-refresh.patch
@@ -4,71 +4,61 @@ CGI pages use the HTTP Refresh header to auto-reload, but when a reload
 fails due to a network outage the browser displays an error page that
 lacks the header, permanently breaking the refresh cycle. Browser error
 pages (e.g. chrome-error://chromewebdata/) also make the iframe
-cross-origin, blocking both reload() and src assignment from the parent.
+cross-origin, blocking contentWindow access from the parent.
 
-display_info_table() in cgiutils.c now emits a self-contained script
-that installs a nagiosSetRefresh() function on the parent frame (using
-parent.setTimeout so timers survive iframe reloads) and calls it with
+display_info_table() in cgiutils.c now emits a script that injects a
+small script element into the parent frame, defining nagiosSetRefresh()
+natively in the parent's execution context. This is called with
 refresh_rate for auto-refreshing pages or 0 for non-refreshing pages.
-The function is installed from the iframe via same-origin access, so it
-works with any theme's index.php without patching it.
+Running in the parent's own context ensures the fallback timer and
+iframe.src assignments are unaffected by cross-origin error pages in
+the iframe — timers created in an iframe's script context may be killed
+or sandboxed by the browser when the iframe navigates to chrome-error://.
 
 The fallback timer fires at 2x the refresh interval, so it only acts
 when the CGI's own Refresh header has failed. On success, the reloaded
 page calls nagiosSetRefresh() again, resetting the cycle. On failure,
-the iframe element is replaced entirely to bypass cross-origin
-restrictions on browser error pages, then retries at the normal interval.
+the timer re-navigates the iframe by setting its src attribute directly
+(a parent-DOM operation that works regardless of iframe origin), then
+retries at the normal interval.
 
 --- nagios-4.5.11.orig/cgi/cgiutils.c	2026-01-14 17:37:45.000000000 +0100
-+++ nagios-4.5.11/cgi/cgiutils.c	2026-03-17 19:27:47.303210420 +0100
-@@ -1659,6 +1659,50 @@ void display_info_table(const char *titl
++++ nagios-4.5.11/cgi/cgiutils.c	2026-03-21 19:00:00.000000000 +0100
+@@ -1659,6 +1659,37 @@ void display_info_table(const char *titl
  	if(refresh == TRUE)
  		printf("Updated every %d seconds<br>\n", refresh_rate);
-
-+	/* Resilient refresh: install a fallback timer on the parent frame
-+	   that reloads the content iframe when the HTTP Refresh header cycle
-+	   breaks (network outage, 504, etc). Uses parent.setTimeout so timers
-+	   survive iframe reloads. Works with any theme's index.php. */
+ 
++	/* Resilient refresh: inject a script into the parent frame that
++	   installs a fallback timer to reload the content iframe when the
++	   HTTP Refresh header cycle breaks (network outage, 504, etc).
++	   The script runs natively in the parent's context so the timer
++	   and iframe.src assignment work regardless of cross-origin error
++	   pages in the iframe. Works with any theme's index.php. */
 +	printf("<script>\n"
 +		"(function() {\n"
 +		"  var p = parent;\n"
 +		"  if (!p || p === window) return;\n"
 +		"  if (!p._nagiosRefreshSetup) {\n"
 +		"    p._nagiosRefreshSetup = true;\n"
-+		"    p._nagiosRefreshTimer = null;\n"
-+		"    p._nagiosRefreshUrl = null;\n"
-+		"    p.nagiosSetRefresh = function(rate) {\n"
-+		"      if (p._nagiosRefreshTimer) {\n"
-+		"        p.clearTimeout(p._nagiosRefreshTimer);\n"
-+		"        p._nagiosRefreshTimer = null;\n"
-+		"      }\n"
-+		"      if (rate > 0) {\n"
-+		"        try {\n"
-+		"          var f = p.document.querySelector('iframe[name=\"main\"]');\n"
-+		"          if (f && f.contentWindow)\n"
-+		"            p._nagiosRefreshUrl = f.contentWindow.location.href;\n"
-+		"        } catch(e) {}\n"
-+		"        p._nagiosRefreshTimer = p.setTimeout(function doRefresh() {\n"
-+		"          var f = p.document.querySelector('iframe[name=\"main\"]');\n"
-+		"          try {\n"
-+		"            if (f && f.contentWindow) f.contentWindow.location.reload();\n"
-+		"          } catch(e) {\n"
-+		"            if (f && p._nagiosRefreshUrl) {\n"
-+		"              var nf = p.document.createElement('iframe');\n"
-+		"              nf.name = 'main';\n"
-+		"              nf.src = p._nagiosRefreshUrl;\n"
-+		"              f.parentNode.replaceChild(nf, f);\n"
-+		"            }\n"
-+		"          }\n"
-+		"          p._nagiosRefreshTimer = p.setTimeout(doRefresh, rate * 1000);\n"
-+		"        }, rate * 2 * 1000);\n"
-+		"      }\n"
-+		"    };\n"
++		"    var s = p.document.createElement('script');\n"
++		"    s.textContent =\n"
++		"      'window._nagiosRefreshTimer=null;' +\n"
++		"      'window._nagiosRefreshUrl=null;' +\n"
++		"      'window.nagiosSetRefresh=function(rate){' +\n"
++		"      'if(window._nagiosRefreshTimer){clearTimeout(window._nagiosRefreshTimer);window._nagiosRefreshTimer=null;}' +\n"
++		"      'if(rate>0){' +\n"
++		"      'try{var f=document.querySelector(\\'iframe[name=\"main\"]\\');if(f&&f.contentWindow)window._nagiosRefreshUrl=f.contentWindow.location.href;}catch(e){}' +\n"
++		"      'window._nagiosRefreshTimer=setTimeout(function doRefresh(){' +\n"
++		"      'var f=document.querySelector(\\'iframe[name=\"main\"]\\');' +\n"
++		"      'if(f&&window._nagiosRefreshUrl)f.src=window._nagiosRefreshUrl;' +\n"
++		"      'window._nagiosRefreshTimer=setTimeout(doRefresh,rate*1000);' +\n"
++		"      '},rate*2*1000);}};';\n"
++		"    p.document.head.appendChild(s);\n"
 +		"  }\n"
 +		"  p.nagiosSetRefresh(%d);\n"
 +		"})();\n"
 +		"</script>\n", refresh == TRUE ? refresh_rate : 0);
 +
  	printf("Nagios® Core™ %s - <A HREF='https://www.nagios.org' TARGET='_new' REL='nofollow' CLASS='homepageURL'>www.nagios.org</A><BR>\n", PROGRAM_VERSION);
-
+ 
  	if(current_authdata != NULL)
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/nagios.git/commitdiff/8e728ce2daf5962d779be67fa44db203bd281b39

More information about the pld-cvs-commit mailing list