From 5db15bbd74a8f8a46ba4599b3b331e180cfe5d44 Mon Sep 17 00:00:00 2001
From: Attila Krasznahorkay <Attila.Krasznahorkay@cern.ch>
Date: Wed, 29 Nov 2023 10:41:00 +0100
Subject: [PATCH 1/2] Add a patch for ROOT's WebUI vulnerability.

At the same time removed the "outdated ROOT patches" from the repository.
---
 External/ROOT/CMakeLists.txt                 |  6 ++--
 External/ROOT/patches/v6-26-08-cmp0135.patch | 12 --------
 External/ROOT/patches/v6-26-08-vdt.patch     | 31 --------------------
 External/ROOT/patches/v6-28-08-webgui.patch  | 15 ++++++++++
 4 files changed, 18 insertions(+), 46 deletions(-)
 delete mode 100644 External/ROOT/patches/v6-26-08-cmp0135.patch
 delete mode 100644 External/ROOT/patches/v6-26-08-vdt.patch
 create mode 100644 External/ROOT/patches/v6-28-08-webgui.patch

diff --git a/External/ROOT/CMakeLists.txt b/External/ROOT/CMakeLists.txt
index 7562957e..bec7c440 100644
--- a/External/ROOT/CMakeLists.txt
+++ b/External/ROOT/CMakeLists.txt
@@ -1,4 +1,4 @@
-# Copyright (C) 2002-2022 CERN for the benefit of the ATLAS collaboration
+# Copyright (C) 2002-2023 CERN for the benefit of the ATLAS collaboration
 #
 # Configuration for building ROOT as part of the offline / analysis release.
 #
@@ -27,10 +27,10 @@ mark_as_advanced( ATLAS_ROOT_SOURCE )
 
 # Decide whether / how to patch the ROOT sources.
 set( ATLAS_ROOT_PATCH
-   "PATCH_COMMAND;patch;-p1;<;${CMAKE_CURRENT_SOURCE_DIR}/patches/v6-28-04-vdt.patch"
+   "PATCH_COMMAND;patch;-p1;<;${CMAKE_CURRENT_SOURCE_DIR}/patches/v6-28-04-vdt.patch;COMMAND;patch;-p1;<;${CMAKE_CURRENT_SOURCE_DIR}/patches/v6-28-08-webgui.patch"
    CACHE STRING "Patch command for ROOT" )
 set( ATLAS_ROOT_FORCEDOWNLOAD_MESSAGE
-   "Forcing the re-download of ROOT (2023.07.26.)"
+   "Forcing the re-download of ROOT (2023.11.29.)"
    CACHE STRING "Download message to update whenever patching changes" )
 mark_as_advanced( ATLAS_ROOT_PATCH ATLAS_ROOT_FORCEDOWNLOAD_MESSAGE )
 
diff --git a/External/ROOT/patches/v6-26-08-cmp0135.patch b/External/ROOT/patches/v6-26-08-cmp0135.patch
deleted file mode 100644
index fcabb606..00000000
--- a/External/ROOT/patches/v6-26-08-cmp0135.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -ur root-6.26.08-orig/CMakeLists.txt root-6.26.08-patched/CMakeLists.txt
---- root-6.26.08-orig/CMakeLists.txt	2022-10-18 08:52:45.000000000 +0200
-+++ root-6.26.08-patched/CMakeLists.txt	2022-12-02 09:51:17.083162714 +0100
-@@ -18,7 +18,7 @@
-     " Please see README/INSTALL for more information.")
- endif()
- 
--set(policy_new CMP0072 CMP0077 CMP0135)
-+set(policy_new CMP0072 CMP0077)
- foreach(policy ${policy_new})
-   if(POLICY ${policy})
-     cmake_policy(SET ${policy} NEW)
diff --git a/External/ROOT/patches/v6-26-08-vdt.patch b/External/ROOT/patches/v6-26-08-vdt.patch
deleted file mode 100644
index 1c5ac4a8..00000000
--- a/External/ROOT/patches/v6-26-08-vdt.patch
+++ /dev/null
@@ -1,31 +0,0 @@
---- root-6.26.08/cmake/modules/SearchInstalledSoftware.cmake	2022-10-18 08:52:45.000000000 +0200
-+++ root-6.26.08-patched/cmake/modules/SearchInstalledSoftware.cmake	2022-11-03 10:22:03.803979340 +0100
-@@ -1627,23 +1627,26 @@
-     set(vdt_version 0.4.4)
-     set(VDT_FOUND True)
-     set(VDT_LIBRARIES ${CMAKE_BINARY_DIR}/lib/${CMAKE_STATIC_LIBRARY_PREFIX}vdt${CMAKE_SHARED_LIBRARY_SUFFIX})
-+    get_filename_component(python_path ${PYTHON_EXECUTABLE} DIRECTORY)
-     ExternalProject_Add(
-       VDT
-       URL ${lcgpackages}/vdt-${vdt_version}.tar.gz
-       URL_HASH SHA256=8b1664b45ec82042152f89d171dd962aea9bb35ac53c8eebb35df1cb9c34e498
-       INSTALL_DIR ${CMAKE_BINARY_DIR}
--      CMAKE_ARGS
-+      CONFIGURE_COMMAND ${CMAKE_COMMAND} -E env PATH=${python_path}:$ENV{PATH}
-+        ${CMAKE_COMMAND}
-         -DSSE=OFF # breaks on ARM without this
-         -DCMAKE_BUILD_TYPE=${CMAKE_BUILD_TYPE}
-         -DCMAKE_C_COMPILER=${CMAKE_C_COMPILER}
-         -DCMAKE_CXX_COMPILER=${CMAKE_CXX_COMPILER}
-         -DCMAKE_C_FLAGS=${CMAKE_C_FLAGS}
-         -DCMAKE_CXX_FLAGS=${ROOT_EXTERNAL_CXX_FLAGS}
--        -DCMAKE_INSTALL_PREFIX=<INSTALL_DIR>
-+        -DCMAKE_INSTALL_PREFIX=<INSTALL_DIR> <SOURCE_DIR>
-       LOG_DOWNLOAD 1 LOG_CONFIGURE 1 LOG_BUILD 1 LOG_INSTALL 1
-       BUILD_BYPRODUCTS ${VDT_LIBRARIES}
-       TIMEOUT 600
-     )
-+    unset(python_path)
-     ExternalProject_Add_Step(
-        VDT copy2externals
-        COMMAND ${CMAKE_COMMAND} -E copy_directory ${CMAKE_BINARY_DIR}/include/vdt ${CMAKE_BINARY_DIR}/ginclude/vdt
diff --git a/External/ROOT/patches/v6-28-08-webgui.patch b/External/ROOT/patches/v6-28-08-webgui.patch
new file mode 100644
index 00000000..9fa619ef
--- /dev/null
+++ b/External/ROOT/patches/v6-28-08-webgui.patch
@@ -0,0 +1,15 @@
+diff --git a/config/rootrc.in b/config/rootrc.in
+index 50c37fb0c7..63aa8d822c 100644
+--- a/config/rootrc.in
++++ b/config/rootrc.in
+@@ -244,8 +244,8 @@ WebGui.HttpPortMin:         8800
+ WebGui.HttpPortMax:         9800
+ # Exact IP iddress to bind bind http server (default - empty)
+ WebGui.HttpBind:
+-# Use only loopback address to bind http server (default - no)
+-WebGui.HttpLoopback:        no
++# Use only loopback address to bind http server (default - yes)
++WebGui.HttpLoopback:        yes
+ # Use https protocol for the http server (default - no)
+ WebGui.UseHttps:            no
+ WebGui.ServerCert:          rootserver.pem
-- 
GitLab


From 0452ea2ff3fbdede6401c77e93367691133f72c7 Mon Sep 17 00:00:00 2001
From: Attila Krasznahorkay <Attila.Krasznahorkay@cern.ch>
Date: Wed, 29 Nov 2023 11:43:29 +0100
Subject: [PATCH 2/2] Switched to getting ROOT from the ATLAS webserver.

Only falling back to the main ROOT server if the ATLAS one is
unreachable.
---
 External/ROOT/CMakeLists.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/External/ROOT/CMakeLists.txt b/External/ROOT/CMakeLists.txt
index bec7c440..eaf2a0b6 100644
--- a/External/ROOT/CMakeLists.txt
+++ b/External/ROOT/CMakeLists.txt
@@ -21,7 +21,7 @@ endif()
 
 # Declare where to get ROOT from.
 set( ATLAS_ROOT_SOURCE
-   "URL;https://root.cern/download/root_v6.28.08.source.tar.gz;URL_MD5;3eca7fadb7867232fa74a7262644b05d"
+   "URL;http://cern.ch/atlas-software-dist-eos/externals/ROOT/root_v6.28.08.source.tar.gz;https://root.cern/download/root_v6.28.08.source.tar.gz;URL_MD5;3eca7fadb7867232fa74a7262644b05d"
    CACHE STRING "The source for ROOT" )
 mark_as_advanced( ATLAS_ROOT_SOURCE )
 
-- 
GitLab