From 1b91059721f547b1b585fa5435d2a115149a405b Mon Sep 17 00:00:00 2001 From: Gary O'Neall Date: Mon, 27 May 2024 22:05:26 -0700 Subject: [PATCH 1/3] Remove the patch version on the license list The patch version was added in the most recent release of the SPDX license list to be compatible with the SPDX 3.0 release. This, however, broke the validation for the SPDX 2.X parser which checks that there is no patch version (per the 2.X spec). This commit removes the patch version from the license list version of the license list for the SPDX since this version of the license list only supports version 2.X Signed-off-by: Gary O'Neall --- .../org/spdx/library/model/license/ListedLicenses.java | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/main/java/org/spdx/library/model/license/ListedLicenses.java b/src/main/java/org/spdx/library/model/license/ListedLicenses.java index 57ba1af1..9ec2d617 100644 --- a/src/main/java/org/spdx/library/model/license/ListedLicenses.java +++ b/src/main/java/org/spdx/library/model/license/ListedLicenses.java @@ -22,6 +22,7 @@ import java.util.Optional; import java.util.concurrent.locks.ReadWriteLock; import java.util.concurrent.locks.ReentrantReadWriteLock; +import java.util.regex.Pattern; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -43,6 +44,8 @@ public class ListedLicenses { static final Logger logger = LoggerFactory.getLogger(ListedLicenses.class.getName()); + + static final Pattern PATCH_VERSION_PATTERN = Pattern.compile(".+\\..+\\..+"); boolean onlyUseLocalLicenses; private IListedLicenseStore licenseModelStore; @@ -199,7 +202,11 @@ public List getSpdxListedLicenseIds() { * If no license list is loaded, returns {@link org.spdx.storage.listedlicense.SpdxListedLicenseModelStore#DEFAULT_LICENSE_LIST_VERSION}. */ public String getLicenseListVersion() { - return this.licenseModelStore.getLicenseListVersion(); + String retval = this.licenseModelStore.getLicenseListVersion(); + if (PATCH_VERSION_PATTERN.matcher(retval).matches()) { + retval = retval.substring(0, retval.lastIndexOf('.')); + } + return retval; } /** From a01c0283149fbfcd102c916792513598a5f0231a Mon Sep 17 00:00:00 2001 From: Gary O'Neall Date: Tue, 28 May 2024 08:07:48 -0700 Subject: [PATCH 2/3] Allow for patch versions of the license list Signed-off-by: Gary O'Neall --- src/main/java/org/spdx/library/SpdxConstants.java | 2 +- .../java/org/spdx/library/model/SpdxCreatorInformation.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/spdx/library/SpdxConstants.java b/src/main/java/org/spdx/library/SpdxConstants.java index b883cb72..4d7d3e09 100644 --- a/src/main/java/org/spdx/library/SpdxConstants.java +++ b/src/main/java/org/spdx/library/SpdxConstants.java @@ -373,7 +373,7 @@ public class SpdxConstants { // License list version Format - public static final Pattern LICENSE_LIST_VERSION_PATTERN = Pattern.compile("^[a-zA-Z0-9]+\\.[a-zA-Z0-9]+"); + public static final Pattern LICENSE_LIST_VERSION_PATTERN = Pattern.compile("^[a-zA-Z0-9]+\\.[a-zA-Z0-9]+(\\.[a-zA-Z0-9]+)?"); // Standard value strings public static String NONE_VALUE = "NONE"; public static String NOASSERTION_VALUE = "NOASSERTION"; diff --git a/src/main/java/org/spdx/library/model/SpdxCreatorInformation.java b/src/main/java/org/spdx/library/model/SpdxCreatorInformation.java index a452330b..a987e22c 100644 --- a/src/main/java/org/spdx/library/model/SpdxCreatorInformation.java +++ b/src/main/java/org/spdx/library/model/SpdxCreatorInformation.java @@ -260,7 +260,7 @@ protected List _verify(Set verifiedIds, String specVersion) { if (SpdxConstants.LICENSE_LIST_VERSION_PATTERN.matcher(version).matches()) { return null; } else { - return "License list version does not match the pattern M.N"; + return "License list version does not match the pattern M.N or pattern M.N.P"; } } } From 15cc5de85f5717a52d07db81b041f955f3f30770 Mon Sep 17 00:00:00 2001 From: Gary O'Neall Date: Tue, 28 May 2024 11:36:27 -0700 Subject: [PATCH 3/3] Revert "Allow for patch versions of the license list" This reverts commit a01c0283149fbfcd102c916792513598a5f0231a. Based on feedback from the tech call on 2024 05 28, we don't want to relax the checking for license list versions --- src/main/java/org/spdx/library/SpdxConstants.java | 2 +- .../java/org/spdx/library/model/SpdxCreatorInformation.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/spdx/library/SpdxConstants.java b/src/main/java/org/spdx/library/SpdxConstants.java index 4d7d3e09..b883cb72 100644 --- a/src/main/java/org/spdx/library/SpdxConstants.java +++ b/src/main/java/org/spdx/library/SpdxConstants.java @@ -373,7 +373,7 @@ public class SpdxConstants { // License list version Format - public static final Pattern LICENSE_LIST_VERSION_PATTERN = Pattern.compile("^[a-zA-Z0-9]+\\.[a-zA-Z0-9]+(\\.[a-zA-Z0-9]+)?"); + public static final Pattern LICENSE_LIST_VERSION_PATTERN = Pattern.compile("^[a-zA-Z0-9]+\\.[a-zA-Z0-9]+"); // Standard value strings public static String NONE_VALUE = "NONE"; public static String NOASSERTION_VALUE = "NOASSERTION"; diff --git a/src/main/java/org/spdx/library/model/SpdxCreatorInformation.java b/src/main/java/org/spdx/library/model/SpdxCreatorInformation.java index a987e22c..a452330b 100644 --- a/src/main/java/org/spdx/library/model/SpdxCreatorInformation.java +++ b/src/main/java/org/spdx/library/model/SpdxCreatorInformation.java @@ -260,7 +260,7 @@ protected List _verify(Set verifiedIds, String specVersion) { if (SpdxConstants.LICENSE_LIST_VERSION_PATTERN.matcher(version).matches()) { return null; } else { - return "License list version does not match the pattern M.N or pattern M.N.P"; + return "License list version does not match the pattern M.N"; } } }