Merge branch 'AcademySoftwareFoundation:main' into fix/default-sequen…

…ce-replaced-by-comparison_SG-31769
AcademySoftwareFoundation · Aug 21, 2024 · fa64748 · fa64748
2 parents 0dd9113 + 39eace1
commit fa64748
Show file tree

Hide file tree

Showing 17 changed files with 741 additions and 102 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -3,7 +3,9 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 #
-CMAKE_MINIMUM_REQUIRED(VERSION 3.24)
+
+# Need 3.27 for Boost 1.82 (FindBoost.cmake).
+CMAKE_MINIMUM_REQUIRED(VERSION 3.27)
 
 # These variables are parsed by sphinx for the documentation. One-line formatting facilitates parsing and readability.
 # cmake-format: off

diff --git a/README.md b/README.md
@@ -35,7 +35,7 @@ git submodule update --init --recursive
 Open RV is currently supported on the following operating systems:
 
 * [Windows 10 and 11](docs/build_system/config_windows.md)
-* [macOS Big Sur, Monterey and Ventura](docs/build_system/config_macos.md)
+* [macOS](docs/build_system/config_macos.md)
 * [Linux Centos 7](docs/build_system/config_linux_centos7.md)
 * [Linux Rocky 8](docs/build_system/config_linux_rocky8.md)
 * [Linux Rocky 9](docs/build_system/config_linux_rocky9.md)

diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,28 @@
+# Security and Open RV
+
+The Open RV Technical Steering Committee (TSC) takes security very
+seriously. We strive to design secure software, and utilize continuous 
+integration and code analysis tools to help identify potential 
+vulnerabilities.
+
+Users should exercise caution when working with untrusted data (Open RV
+session files, external Open RV packages, external Open RV movie and image 
+plugins, etc.). Open RV takes every precaution to read only valid data, but it 
+would be naive to say our code is immune to every exploit.
+
+## Reporting Vulnerabilities
+
+Quickly resolving security related issues is a priority. 
+To report a security issue, please use the GitHub Security Advisory ["Report a Vulnerability"](https://github.com/AcademySoftwareFoundation/OpenRV/security/advisories/new) tab.
+
+Include detailed steps to reproduce the issue, and any other information that
+could aid an investigation. Someone will assess the report and make every
+effort to respond within 14 days.
+
+## Outstanding Security Issues
+
+None
+
+## Addressed Security Issues
+
+None
diff --git a/cmake/dependencies/boost.cmake b/cmake/dependencies/boost.cmake
@@ -4,30 +4,18 @@
 # SPDX-License-Identifier: Apache-2.0
 #
 
+# IMPORTANT: CMake minimum version need to be increased everytime Boost version is increased.
+#            e.g. CMake 3.27 is needed for Boost 1.82 to be found by FindBoost.cmake.
+#
+#            Starting from CMake 3.30, FindBoost.cmake has been removed in favor of BoostConfig.cmake (Boost 1.70+).
+#            This behavior is covered by CMake policy CMP0167.
+
 INCLUDE(ProcessorCount) # require CMake 3.15+
 PROCESSORCOUNT(_cpu_count)
 
-# This should handle fetching or checking then compiling required 3rd party dependencies
-SET(_target
-    "RV_DEPS_BOOST"
-)
-
-# This version of boost resolves Python3 compatibilty issues on Big Sur and Monterey and is compatible with Python 2.7 through Python 3.10
-SET(_version
-    "1.80.0"
-)
-
-SET(_major_minor_version
-    "1_80"
-)
-
-SET(_download_hash
-    077f074743ea7b0cb49c6ed43953ae95
-)
-
-# Note: Boost 1.80 cannot be built with XCode 15 which is now the only XCode version available on macOS Sonoma without a hack. Boost 1.81 has all the fixes
-# required to be able to be built with XCode 15, however it is not VFX Platform CY2023 compliant which specifies Boost version 1.80. With the aim of making the
-# OpenRV build on macOS smoother by default, we will use Boost 1.81 if XCode 15 or more recent.
+# Note: Boost 1.80 cannot be built with XCode 15 which is now the only XCode version available on macOS Sonoma without a hack. 
+# Boost 1.81+ has all the fixes required to be able to be built with XCode 15, however it is not VFX Platform CY2023 compliant which specifies Boost version 1.80. 
+# With the aim of making the OpenRV build on macOS smoother by default, OpenRV will use Boost 1.81 if XCode 15 or more recent.
 IF(RV_TARGET_DARWIN)
   EXECUTE_PROCESS(
     COMMAND xcrun clang --version
@@ -41,21 +29,59 @@ IF(RV_TARGET_DARWIN)
     MESSAGE(STATUS "Clang version ${CLANG_VERSION_STRING} is not compatible with Boost 1.80, using Boost 1.81 instead. "
                    "Install XCode 14.3.1 if you absolutely want to use Boost version 1.80 as per VFX reference platform CY2023"
     )
+    SET(_BOOST_DETECTED_XCODE_15_ ON)
+  ENDIF()
+ENDIF()
 
-    SET(_version
-        "1.81.0"
-    )
+# Set some variables for VFX2024 since those value are used at two locations.
+SET(_BOOST_VFX2024_VERSION_ "1.82.0")
+SET(_BOOST_VFX2024_MAJOR_MINOR_VERSION_ "1_82")
+SET(_BOOST_VFX2024_DOWNLOAD_HASH_ "f7050f554a65f6a42ece221eaeec1660")
+
+IF (NOT _BOOST_DETECTED_XCODE_15_)
+  # XCode 14 and below.
+  RV_VFX_SET_VARIABLE(
+    _ext_boost_version
+    CY2023 "1.80.0"
+    CY2024 "${_BOOST_VFX2024_VERSION_}"
+  )
 
-    SET(_major_minor_version
-        "1_81"
-    )
+  RV_VFX_SET_VARIABLE(
+    _major_minor_version
+    CY2023 "1_80"
+    CY2024 "${_BOOST_VFX2024_MAJOR_MINOR_VERSION_}"
+  )
 
-    SET(_download_hash
-        4bf02e84afb56dfdccd1e6aec9911f4b
-    )
-  ENDIF()
+  RV_VFX_SET_VARIABLE(
+    _download_hash
+    CY2023 "077f074743ea7b0cb49c6ed43953ae95"
+    CY2024 "${_BOOST_VFX2024_DOWNLOAD_HASH_}"
+  )
+ELSE()
+  # XCode 15 and above. (Need Boost 1.81+)
+  RV_VFX_SET_VARIABLE(
+    _ext_boost_version
+    # Use Boost 1.81.0 for VFX2023 (Boost 1.80.0 does not work with XCode 15)
+    CY2023 "1.81.0"
+    CY2024 "${_BOOST_VFX2024_VERSION_}"
+  )
+
+  RV_VFX_SET_VARIABLE(
+    _major_minor_version
+    CY2023 "1_81"
+    CY2024 "${_BOOST_VFX2024_MAJOR_MINOR_VERSION_}"
+  )
+
+  RV_VFX_SET_VARIABLE(
+    _download_hash
+    CY2023 "4bf02e84afb56dfdccd1e6aec9911f4b"
+    CY2024 "${_BOOST_VFX2024_DOWNLOAD_HASH_}"
+  )
 ENDIF()
 
+RV_CREATE_STANDARD_DEPS_VARIABLES("RV_DEPS_BOOST" "${_ext_boost_version}" "" "")
+RV_SHOW_STANDARD_DEPS_VARIABLES()
+
 STRING(REPLACE "." "_" _version_with_underscore ${_version})
 SET(_download_url
     "https://archives.boost.io/release/${_version}/source/boost_${_version_with_underscore}.tar.gz"
@@ -304,16 +330,9 @@ ADD_CUSTOM_TARGET(
   DEPENDS ${_boost_stage_output}
 )
 
-ADD_CUSTOM_TARGET(
-  clean-${_target}
-  COMMENT "Cleaning '${_target}' ..."
-  COMMAND ${CMAKE_COMMAND} -E remove_directory ${_base_dir}
-  COMMAND ${CMAKE_COMMAND} -E remove_directory ${RV_DEPS_BASE_DIR}/cmake/dependencies/${_target}-prefix
-)
-
 ADD_DEPENDENCIES(dependencies ${_target}-stage-target)
 
 SET(RV_DEPS_BOOST_VERSION
     ${_version}
     CACHE INTERNAL "" FORCE
-)
+)
diff --git a/cmake/dependencies/dav1d.cmake b/cmake/dependencies/dav1d.cmake
@@ -12,14 +12,14 @@ SET(_target
 )
 
 SET(_version
-    "1.0.0"
+    "1.4.3"
 )
 
 SET(_download_url
     "https://github.com/videolan/dav1d/archive/refs/tags/${_version}.zip"
 )
 SET(_download_hash
-    "425282a997804984c5c115aacb005ab4"
+    "2c62106fda87a69122dc8709243a34e8"
 )
 
 SET(_install_dir

diff --git a/cmake/dependencies/openexr.cmake b/cmake/dependencies/openexr.cmake
@@ -7,14 +7,22 @@
 INCLUDE(ProcessorCount) # require CMake 3.15+
 PROCESSORCOUNT(_cpu_count)
 
-RV_CREATE_STANDARD_DEPS_VARIABLES("RV_DEPS_OPENEXR" "3.1.7" "" "")
+RV_VFX_SET_VARIABLE(
+  _ext_openexr_version
+  CY2023 "3.1.7"
+  CY2024 "3.2.4"
+)
+
+RV_CREATE_STANDARD_DEPS_VARIABLES("RV_DEPS_OPENEXR" "${_ext_openexr_version}" "" "")
 
 SET(_download_url
     "https://github.com/AcademySoftwareFoundation/openexr/archive/refs/tags/v${_version}.zip"
 )
 
-SET(_download_hash
-    "a278571601083a74415d40d2497d205c"
+RV_VFX_SET_VARIABLE(
+  _download_hash
+  CY2023 "a278571601083a74415d40d2497d205c"
+  CY2024 "11e713886a0e1c6a2c147e9704bbbe68"
 )
 
 SET(_install_dir
@@ -35,34 +43,59 @@ ELSE()
   )
 ENDIF()
 
+SET(_make_command
+    make
+)
+IF(${RV_OSX_EMULATION})
+  SET(_darwin_x86_64
+      "arch" "${RV_OSX_EMULATION_ARCH}"
+  )
+  SET(_make_command
+      ${_darwin_x86_64} ${_make_command}
+  )
+ENDIF()
+IF(RV_TARGET_WINDOWS)
+  # MSYS2/CMake defaults to Ninja
+  SET(_make_command
+      ninja
+  )
+ENDIF()
+RV_VFX_SET_VARIABLE(
+  _openexr_libname_suffix_
+  CY2023 "3_1"
+  CY2024 "3_2"
+)
+
 IF(RV_TARGET_WINDOWS)
   SET(_openexr_name
-      ${CMAKE_SHARED_LIBRARY_PREFIX}OpenEXR-3_1${RV_DEBUG_POSTFIX}${CMAKE_SHARED_LIBRARY_SUFFIX}
+      ${CMAKE_SHARED_LIBRARY_PREFIX}OpenEXR-${_openexr_libname_suffix_}${RV_DEBUG_POSTFIX}${CMAKE_SHARED_LIBRARY_SUFFIX}
   )
 ELSE()
   SET(_openexr_name
-      ${CMAKE_SHARED_LIBRARY_PREFIX}OpenEXR-3_1${RV_DEBUG_POSTFIX}${CMAKE_SHARED_LIBRARY_SUFFIX}
+      ${CMAKE_SHARED_LIBRARY_PREFIX}OpenEXR-${_openexr_libname_suffix_}${RV_DEBUG_POSTFIX}${CMAKE_SHARED_LIBRARY_SUFFIX}
   )
 ENDIF()
 SET(_openexr_lib
     ${_lib_dir}/${_openexr_name}
 )
 
-SET(LIB_VERSION_SUFFIX
-    "30.7.1"
+RV_VFX_SET_VARIABLE(
+  LIB_VERSION_SUFFIX
+  CY2023 "30.7.1"
+  CY2024 "31.3.2.4"
 )
 
 IF(RV_TARGET_DARWIN)
   SET(_openexrcore_name
-      ${CMAKE_SHARED_LIBRARY_PREFIX}OpenEXRCore-3_1${RV_DEBUG_POSTFIX}.${LIB_VERSION_SUFFIX}${CMAKE_SHARED_LIBRARY_SUFFIX}
+      ${CMAKE_SHARED_LIBRARY_PREFIX}OpenEXRCore-${_openexr_libname_suffix_}${RV_DEBUG_POSTFIX}.${LIB_VERSION_SUFFIX}${CMAKE_SHARED_LIBRARY_SUFFIX}
   )
 ELSEIF(RV_TARGET_LINUX)
   SET(_openexrcore_name
-      ${CMAKE_SHARED_LIBRARY_PREFIX}OpenEXRCore-3_1${RV_DEBUG_POSTFIX}${CMAKE_SHARED_LIBRARY_SUFFIX}.${LIB_VERSION_SUFFIX}
+      ${CMAKE_SHARED_LIBRARY_PREFIX}OpenEXRCore-${_openexr_libname_suffix_}${RV_DEBUG_POSTFIX}${CMAKE_SHARED_LIBRARY_SUFFIX}.${LIB_VERSION_SUFFIX}
   )
 ELSEIF(RV_TARGET_WINDOWS)
   SET(_openexrcore_name
-      ${CMAKE_SHARED_LIBRARY_PREFIX}OpenEXRCore-3_1${RV_DEBUG_POSTFIX}${CMAKE_SHARED_LIBRARY_SUFFIX}
+      ${CMAKE_SHARED_LIBRARY_PREFIX}OpenEXRCore-${_openexr_libname_suffix_}${RV_DEBUG_POSTFIX}${CMAKE_SHARED_LIBRARY_SUFFIX}
   )
 ENDIF()
 
@@ -72,15 +105,15 @@ SET(_openexrcore_lib
 
 IF(RV_TARGET_DARWIN)
   SET(_ilmthread_name
-      ${CMAKE_SHARED_LIBRARY_PREFIX}IlmThread-3_1${RV_DEBUG_POSTFIX}.${LIB_VERSION_SUFFIX}${CMAKE_SHARED_LIBRARY_SUFFIX}
+      ${CMAKE_SHARED_LIBRARY_PREFIX}IlmThread-${_openexr_libname_suffix_}${RV_DEBUG_POSTFIX}.${LIB_VERSION_SUFFIX}${CMAKE_SHARED_LIBRARY_SUFFIX}
   )
 ELSEIF(RV_TARGET_LINUX)
   SET(_ilmthread_name
-      ${CMAKE_SHARED_LIBRARY_PREFIX}IlmThread-3_1${RV_DEBUG_POSTFIX}${CMAKE_SHARED_LIBRARY_SUFFIX}.${LIB_VERSION_SUFFIX}
+      ${CMAKE_SHARED_LIBRARY_PREFIX}IlmThread-${_openexr_libname_suffix_}${RV_DEBUG_POSTFIX}${CMAKE_SHARED_LIBRARY_SUFFIX}.${LIB_VERSION_SUFFIX}
   )
 ELSEIF(RV_TARGET_WINDOWS)
   SET(_ilmthread_name
-      ${CMAKE_SHARED_LIBRARY_PREFIX}IlmThread-3_1${RV_DEBUG_POSTFIX}${CMAKE_SHARED_LIBRARY_SUFFIX}
+      ${CMAKE_SHARED_LIBRARY_PREFIX}IlmThread-${_openexr_libname_suffix_}${RV_DEBUG_POSTFIX}${CMAKE_SHARED_LIBRARY_SUFFIX}
   )
 ENDIF()
 
@@ -90,15 +123,15 @@ SET(_ilmthread_lib
 
 IF(RV_TARGET_DARWIN)
   SET(_iex_name
-      ${CMAKE_SHARED_LIBRARY_PREFIX}Iex-3_1${RV_DEBUG_POSTFIX}.${LIB_VERSION_SUFFIX}${CMAKE_SHARED_LIBRARY_SUFFIX}
+      ${CMAKE_SHARED_LIBRARY_PREFIX}Iex-${_openexr_libname_suffix_}${RV_DEBUG_POSTFIX}.${LIB_VERSION_SUFFIX}${CMAKE_SHARED_LIBRARY_SUFFIX}
   )
 ELSEIF(RV_TARGET_LINUX)
   SET(_iex_name
-      ${CMAKE_SHARED_LIBRARY_PREFIX}Iex-3_1${RV_DEBUG_POSTFIX}${CMAKE_SHARED_LIBRARY_SUFFIX}.${LIB_VERSION_SUFFIX}
+      ${CMAKE_SHARED_LIBRARY_PREFIX}Iex-${_openexr_libname_suffix_}${RV_DEBUG_POSTFIX}${CMAKE_SHARED_LIBRARY_SUFFIX}.${LIB_VERSION_SUFFIX}
   )
 ELSEIF(RV_TARGET_WINDOWS)
   SET(_iex_name
-      ${CMAKE_SHARED_LIBRARY_PREFIX}Iex-3_1${RV_DEBUG_POSTFIX}${CMAKE_SHARED_LIBRARY_SUFFIX}
+      ${CMAKE_SHARED_LIBRARY_PREFIX}Iex-${_openexr_libname_suffix_}${RV_DEBUG_POSTFIX}${CMAKE_SHARED_LIBRARY_SUFFIX}
   )
 ENDIF()
 
@@ -110,20 +143,26 @@ LIST(APPEND _openexr_byproducts ${_openexr_lib} ${_ilmthread_lib} ${_iex_lib})
 
 IF(RV_TARGET_WINDOWS)
   SET(_openexr_implib
-      ${_install_dir}/lib/${CMAKE_IMPORT_LIBRARY_PREFIX}OpenEXR-3_1${RV_DEBUG_POSTFIX}${CMAKE_IMPORT_LIBRARY_SUFFIX}
+      ${_install_dir}/lib/${CMAKE_IMPORT_LIBRARY_PREFIX}OpenEXR-${_openexr_libname_suffix_}${RV_DEBUG_POSTFIX}${CMAKE_IMPORT_LIBRARY_SUFFIX}
   )
   SET(_ilmthread_implib
-      ${_install_dir}/lib/${CMAKE_IMPORT_LIBRARY_PREFIX}IlmThread-3_1${RV_DEBUG_POSTFIX}${CMAKE_IMPORT_LIBRARY_SUFFIX}
+      ${_install_dir}/lib/${CMAKE_IMPORT_LIBRARY_PREFIX}IlmThread-${_openexr_libname_suffix_}${RV_DEBUG_POSTFIX}${CMAKE_IMPORT_LIBRARY_SUFFIX}
   )
   SET(_iex_implib
-      ${_install_dir}/lib/${CMAKE_IMPORT_LIBRARY_PREFIX}Iex-3_1${RV_DEBUG_POSTFIX}${CMAKE_IMPORT_LIBRARY_SUFFIX}
+      ${_install_dir}/lib/${CMAKE_IMPORT_LIBRARY_PREFIX}Iex-${_openexr_libname_suffix_}${RV_DEBUG_POSTFIX}${CMAKE_IMPORT_LIBRARY_SUFFIX}
   )
 
   LIST(APPEND _openexr_byproducts ${_openexr_implib} ${_ilmthread_implib} ${_iex_implib})
 ENDIF()
 
+RV_VFX_SET_VARIABLE(
+  _openexr_patch_name_
+  CY2023 "openexr_3.1.7_invalid_to_black"
+  CY2024 "openexr_3.2.4_invalid_to_black"
+)
+
 SET(_patch_command 
-    patch -p1 < ${CMAKE_CURRENT_SOURCE_DIR}/patch/openexr_invalid_to_black.patch
+    patch -p1 < ${CMAKE_CURRENT_SOURCE_DIR}/patch/${_openexr_patch_name_}.patch
 )
 
 LIST(APPEND _configure_options "-DCMAKE_PREFIX_PATH=${RV_DEPS_IMATH_CMAKE_DIR}")

diff --git a/...cies/patch/openexr_invalid_to_black.patch → ...atch/openexr_3.1.7_invalid_to_black.patch b/...cies/patch/openexr_invalid_to_black.patch → ...atch/openexr_3.1.7_invalid_to_black.patch