From 79bd29f4936f4858a8c1675e62604f0ec5f04fa9 Mon Sep 17 00:00:00 2001
From: Shubham Shinde <shubham.shinde@perforce.com>
Date: Fri, 12 Jul 2024 00:55:41 +0530
Subject: [PATCH] (PA-6507) Update gem rexml from default to 3.2.7 for
 CVE-2024-35176

 - The CVE was mitigated from rexml version 3.2.7.
 - Patching for the CVE wasn't getting applied cleanly and had a lot of conflicts. So updated the gem version to 3.2.7 in the rexml component file.
 - Added the change to _shared-agent-components since the CVE impacts both agent-runtime-main (ruby 3.2.4 using rexml 3.2.6) and agent-runtime-7.x (ruby 2.7.8 using rexml 3.2.3).
---
 configs/components/rubygem-rexml.rb          | 4 ++--
 configs/projects/_shared-agent-components.rb | 2 ++
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/configs/components/rubygem-rexml.rb b/configs/components/rubygem-rexml.rb
index e983157aa..8c4588acd 100644
--- a/configs/components/rubygem-rexml.rb
+++ b/configs/components/rubygem-rexml.rb
@@ -1,6 +1,6 @@
 component 'rubygem-rexml' do |pkg, settings, platform|
-  pkg.version '3.2.6'
-  pkg.md5sum 'a57288ae5afed07dd08c9f1302da7b25'
+  pkg.version '3.2.7'
+  pkg.md5sum '78ddb64f45975a40e5d6b644e12aba32'
 
   instance_eval File.read('configs/components/_base-rubygem.rb')
 end
diff --git a/configs/projects/_shared-agent-components.rb b/configs/projects/_shared-agent-components.rb
index 6e722cc46..7ef32d9ec 100644
--- a/configs/projects/_shared-agent-components.rb
+++ b/configs/projects/_shared-agent-components.rb
@@ -69,3 +69,5 @@
 if platform.is_macos?
   proj.component 'rubygem-CFPropertyList'
 end
+
+proj.component 'rubygem-rexml'