upgrade rubygem-rexml to 3.2.7 to resolve CVE-2024-35176 (#9282)

Co-authored-by: minghe <rmhsawyer>

Author: rmhsawyer

SPECS/rubygem-rexml/CVE-2024-35176.patch

@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "rexml-3.2.5.tar.gz": "23b7a82bf41bcd1201f67e7ca6e795eee1bb76dce94cd7abf411969e39c5c71d"
+  "rexml-3.2.7.tar.gz": "e17b16cf079251c76226d8aa96a2e8ba9633d600cf6ef28fe28b08b664383387"
  }
 }

SPECS/rubygem-rexml/rubygem-rexml.signatures.json

@@ -2,15 +2,14 @@
 %global gem_name rexml
 Summary:        REXML is an XML toolkit for Ruby
 Name:           rubygem-%{gem_name}
-Version:        3.2.5
-Release:        2%{?dist}
+Version:        3.2.7
+Release:        1%{?dist}
 License:        BSD
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
 Group:          Development/Languages
 URL:            https://github.com/ruby/rexml
 Source0:        https://github.com/ruby/rexml/archive/refs/tags/v%{version}.tar.gz#/%{gem_name}-%{version}.tar.gz
-Patch0:         CVE-2024-35176.patch
 BuildRequires:  git
 BuildRequires:  ruby
 Requires:       ruby(release)
@@ -35,6 +34,10 @@ gem install -V --local --force --install-dir %{buildroot}/%{gemdir} %{gem_name}-
 %{gemdir}
 
 %changelog
+* Fri May 31 2024 Minghe Ren <mingheren@microsoft.com> - 3.2.7-1
+- Upgrade to 3.2.7 to resolve CVE-2024-35176
+- Remove CVE-2024-35176.patch as it is no longer needed
+
 * Tue May 28 2024 Minghe Ren <mingheren@microsoft.com> - 3.2.5-2
 - Add patch for CVE-2024-35176
 

SPECS/rubygem-rexml/rubygem-rexml.spec

@@ -26915,8 +26915,8 @@
         "type": "other",
         "other": {
           "name": "rubygem-rexml",
-          "version": "3.2.5",
-          "downloadUrl": "https://github.com/ruby/rexml/archive/refs/tags/v3.2.5.tar.gz"
+          "version": "3.2.7",
+          "downloadUrl": "https://github.com/ruby/rexml/archive/refs/tags/v3.2.7.tar.gz"
         }
       }
     },