Disable ESI support

Resolves: RHEL-65069 - CVE-2024-45802 squid: Denial of Service processing ESI response content
2024-11-07 18:00:11 +01:00 · 2024-11-07 18:00:11 +01:00 · 6e6837efbd
commit 6e6837efbd
parent 6eb57db57c
1 changed files with 7 additions and 4 deletions
--- a/squid.spec
+++ b/squid.spec
@ -2,7 +2,7 @@

 Name:     squid
 Version:  6.10
-Release:  4%{?dist}
+Release:  5%{?dist}
 Summary:  The Squid proxy caching server
 Epoch:    7
 # See CREDITS for breakdown of non GPLv2+ code
@ -59,8 +59,6 @@ BuildRequires: openssl-devel
 BuildRequires: krb5-devel
 # time_quota requires TrivialDB
 BuildRequires: libtdb-devel
-# ESI support requires Expat & libxml2
-BuildRequires: expat-devel libxml2-devel
 # TPROXY requires libcap, and also increases security somewhat
 BuildRequires: libcap-devel
 # eCAP support
@ -143,7 +141,7 @@ sed -i 's|@SYSCONFDIR@/squid.conf.documented|%{_pkgdocdir}/squid.conf.documented
   --enable-storeio="aufs,diskd,ufs,rock" \
   --enable-diskio \
   --enable-wccpv2 \
-   --enable-esi \
+   --disable-esi \
   --enable-ecap \
   --with-aio \
   --with-default-user="squid" \
@ -328,6 +326,11 @@ fi


 %changelog
+* Thu Nov 07 2024 Luboš Uhliarik <luhliari@redhat.com> - 7:6.10-5
+- Disable ESI support
+- Resolves: RHEL-65069 - CVE-2024-45802 squid: Denial of Service processing ESI
+  response content
+
 * Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 7:6.10-4
 - Bump release for October 2024 mass rebuild:
  Resolves: RHEL-64018