Merge latest from master into v3-prototype branch

Signed-off-by: Gary O'Neall <gary@sourceauditor.com>

Author: goneall

.github/workflows/build.yml

@@ -18,11 +18,11 @@ jobs:
     - uses: actions/checkout@v3
       with:
         fetch-depth: 0
-    - name: Set up JDK 11
+    - name: Set up JDK 17
       uses: actions/setup-java@v3
       with:
         distribution: 'temurin'
-        java-version: 11
+        java-version: 17
     - name: Cache SonarCloud packages
       uses: actions/cache@v3
       with:

README.md

@@ -28,21 +28,33 @@ The methods enterCriticalSection and leaveCritialSection are available to suppor
 The library is available in [Maven Central org.spdx:java-spdx-library](https://search.maven.org/artifact/org.spdx/java-spdx-library).
 
 If you are using Maven, you can add the following dependency in your POM file:
-```
+```xml
 <dependency>
   <groupId>org.spdx</groupId>
   <artifactId>java-spdx-library</artifactId>
   <version>(,2.0]</version>
 </dependency>
 ```
 
-[API JavaDocs are available here.](https://spdx.github.io/Spdx-Java-Library/)
+[API JavaDocs are available here](https://spdx.github.io/Spdx-Java-Library/).
 
 There are a couple of static classes that help common usage scenarios:
 
 - org.spdx.library.SpdxModelFactory supports the creation of specific model objects
 - org.spdx.library.model.license.LicenseInfoFactory supports the parsing of SPDX license expressions, creation, and comparison of SPDX licenses
 
+
+## Configuration options
+
+`Spdx-Java-Library` can be configured using either Java system properties or a Java properties file located in the runtime CLASSPATH at `/resources/spdx-java-library.properties`.
+
+The library has these configuration options:
+1. `org.spdx.useJARLicenseInfoOnly` - a boolean that controls whether the (potentially out of date) listed license information bundled inside the JAR is used (true), vs the library downloading the latest files from the SPDX website (false). Default is false (always download the latest files from the SPDX website).
+2. `org.spdx.downloadCacheEnabled` - a boolean that enables or disables the download cache. Defaults to `false` (the cache is disabled). The cache location is determined as per the [XDG Base Directory Specification](https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html) (i.e. `${XDG_CACHE_HOME}/Spdx-Java-Library` or `${HOME}/.cache/Spdx-Java-Library`).
+3. `org.spdx.downloadCacheCheckIntervalSecs` - a long that controls how often each cache entry is rechecked for staleness, in units of seconds. Defaults to 86,400 seconds (24 hours). Set to 0 (zero) to have each cache entry checked every time (note: this will result in a lot more network I/O and negatively impact performance, albeit there is still a substantial performance saving vs not using the cache at all).
+
+Note that these configuration options can only be modified prior to first use of Spdx-Java-Library. Once the library is initialized, subsequent changes will have no effect.
+
 The first thing that needs to be done in your implementation is call `SpdxModelFactory.init()` - this will load all the supported versions.
 
 If you are programatically creating SPDX data, you will start by creating a model store.  The simplest model store is an in-memory model store which can be created with `store = new InMemSpdxStore()`.  A copy manager will be needed if you are working with more than one store (e.g. a serialized format of SPDX data and in memory).  If you're not sure, you should just create one.  This can be done with `copyManager = new ModelCopyManager()`.

RELEASE-CHECKLIST.md

@@ -0,0 +1,12 @@
+# Release Checklist for the SPDX Java Tools
+
+- [ ] Check for any warnings from the compiler and findbugs
+- [ ] Run unit tests for all packages that depend on the library
+- [ ] Run unit tests with `export SPDX_JAVA_LIB_RUN_SLOW_TESTS=true` to ensure the extended (slow) test suite passes
+- [ ] Run dependency check to find any potential vulnerabilities `mvn dependency-check:check`
+- [ ] Test the release `mvn release:prepare -DdryRun`
+- [ ] Run `mvn release:prepare` - you will be prompted for the release - typically take the defaults
+- [ ] Run `mvn release:perform`
+- [ ] Release artifacts to Maven Central
+- [ ] Create a Git release including release notes
+- [ ] Zip up the files from the Maven archive and add them to the release

TestFiles/BSD-2-Clause-nl.txt

@@ -0,0 +1,23 @@
+Copyright (c) 2015, Atlassian Pty Ltd
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+* Redistributions of source code must retain the above copyright notice, this
+  list of conditions and the following disclaimer.
+
+* Redistributions in binary form must reproduce the above copyright notice,
+  this list of conditions and the following disclaimer in the documentation
+  and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

TestFiles/BSD-2-Clause.template.txt

@@ -1,5 +1,9 @@
-Copyright (c) <<var;name="copyright";original="<year> <owner>";match=".+">> All rights reserved.
+<<var;name="copyright";original="Copyright (c) <year> <owner>.  ";match=".{0,5000}">>
+
 Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
-   1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
-   2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
-THIS SOFTWARE IS PROVIDED BY <<var;name="copyrightHolderAsIs";original="THE COPYRIGHT HOLDERS AND CONTRIBUTORS";match=".+">> "AS IS" AND ANY <<var;name="express";original="EXPRESS";match="EXPRESS|EXPRESSED">> OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL <<var;name="copyrightHolderLiability";original="THE COPYRIGHT HOLDER OR CONTRIBUTORS";match=".+">> BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+   <<var;name="bullet";original="1.";match=".{0,20}">> Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+
+   <<var;name="bullet";original="2.";match=".{0,20}">> Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+THIS<<beginOptional>> SOFTWARE<<endOptional>> IS PROVIDED BY <<var;name="copyrightHolderAsIs";original="THE COPYRIGHT HOLDERS AND CONTRIBUTORS";match=".+">> "AS IS" AND ANY <<var;name="express";original="EXPRESS";match="EXPRESS(ED)?">> OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL <<var;name="copyrightHolderLiability";original="THE COPYRIGHT HOLDER OR CONTRIBUTORS";match=".+">> BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS<<beginOptional>> SOFTWARE<<endOptional>>, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

TestFiles/BSD-3-Clause-newline.txt

@@ -0,0 +1,26 @@
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+  - Redistributions of source code must retain the above copyright
+    notice, this list of conditions and the following disclaimer.
+
+  - Redistributions in binary form must reproduce the above copyright
+    notice, this list of conditions and the following disclaimer in the
+    documentation and/or other materials provided with the distribution.
+
+  - Neither the name of the Eclipse Foundation, Inc. nor the names of its
+    contributors may be used to endorse or promote products derived
+    from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

TestFiles/BSD-3-Clause.template.txt

@@ -1,11 +1,11 @@
-Copyright (c) <<var;name="copyright";original="<year> <owner>";match=".+">> . All rights reserved.
+<<var;name="copyright";original="Copyright (c) <year> <owner>.  ";match=".{0,5000}">>
 
-Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+Redistribution and use in source and binary forms<<var;name="theme";original="";match="()|( of the theme)">>, with or without modification, <<var;name="tobe";original="are";match="are|is">> permitted provided that the following conditions are met:
 
-   <<var;name="bullet";original="1.";match=".{0,20}">> Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+   <<var;name="bullet";original="1.";match=".{0,20}">> Redistributions of <<var;name="code";original="source code";match="source code|works">> must retain the <<var;name="above";original="above";match="above|original">> copyright notice, this list of conditions and the following disclaimer.
 
-   <<var;name="bullet";original="2.";match=".{0,20}">> Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+   <<var;name="bullet";original="2.";match=".{0,20}">> Redistributions in binary form must reproduce the <<var;name="above2";original="above";match="above|original">> copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
 
-   <<var;name="bullet";original="3.";match=".{0,20}">> Neither the name of <<var;name="organizationClause3";original="the copyright holder";match=".+">> nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
+   <<var;name="bullet";original="3.";match=".{0,20}">> <<var;name="organizationClause3";original="Neither the name of the copyright holder nor the names of its contributors may";match="(The\s+name\s+of.+may\s+not)|(Neither\s+the\s+names?\s+of.+nor\s+the\s+names\s+of\s+its\s+contributors\s+may)|(\s*Neither\s+the\s+name\s+of.+nor\s+the\s+names\s+of\s+its\s+authors\s+and\s+contributors\s+may)|(Neither\s+the\s+name\s+of.+nor\s+the\s+names\s+of\s+contributors\s+may)|(Neither\s+the\s+name.+nor\s+the\s+names\s+of\s+contributors\s+may)|(The\s+names\s+of\s+its\s+contributors\s+may\s+not)|(The\s+names\s+of\s+any\s+contributors\s+may\s+not)|(The\s+names\s+of\s+the\s+contributors\s+may\s+not)|(None\s+of\s+the\s+names\s+of.+and\s+any\s+contributors\s+may)|(Neither\s+my\s+name.+nor\s+the\s+names\s+of\s+contributors\s+to\s+this\s+code\s+may)">> be used to endorse or promote products derived from this <<var;name="software";original="software";match="software|work">> without specific prior written permission.
 
-THIS SOFTWARE IS PROVIDED BY <<var;name="copyrightHolderAsIs";original="THE COPYRIGHT HOLDERS AND CONTRIBUTORS";match=".+">> "AS IS" AND ANY <<var;name="express";original="EXPRESS";match="EXPRESS(ED)?">> OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL <<var;name="copyrightHolderLiability";original="THE COPYRIGHT HOLDER OR CONTRIBUTORS";match=".+">> BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+THIS <<var;name="software2";original="SOFTWARE";match="(SOFTWARE)|(THEME)">> IS PROVIDED <<var;name="copyrightHolderAsIs";original="BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS";match=".*">> "AS IS" AND ANY <<var;name="express";original="EXPRESS";match="EXPRESS(ED)?">> OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL <<var;name="copyrightHolderLiability";original="THE COPYRIGHT HOLDER OR CONTRIBUTORS";match=".+">> BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS <<var;name="software3";original="SOFTWARE";match="(SOFTWARE)|(THEME)">> , EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.