From 6e6837efbdf8132d74e6b45c4169877477c3fb4d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= <luhliari@redhat.com>
Date: Thu, 7 Nov 2024 18:00:11 +0100
Subject: [PATCH] Disable ESI support

Resolves: RHEL-65069 - CVE-2024-45802 squid: Denial of Service processing ESI
  response content
---
 squid.spec | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/squid.spec b/squid.spec
index 3b8c83e..81bc0f0 100644
--- a/squid.spec
+++ b/squid.spec
@@ -2,7 +2,7 @@
 
 Name:     squid
 Version:  6.10
-Release:  4%{?dist}
+Release:  5%{?dist}
 Summary:  The Squid proxy caching server
 Epoch:    7
 # See CREDITS for breakdown of non GPLv2+ code
@@ -59,8 +59,6 @@ BuildRequires: openssl-devel
 BuildRequires: krb5-devel
 # time_quota requires TrivialDB
 BuildRequires: libtdb-devel
-# ESI support requires Expat & libxml2
-BuildRequires: expat-devel libxml2-devel
 # TPROXY requires libcap, and also increases security somewhat
 BuildRequires: libcap-devel
 # eCAP support
@@ -143,7 +141,7 @@ sed -i 's|@SYSCONFDIR@/squid.conf.documented|%{_pkgdocdir}/squid.conf.documented
    --enable-storeio="aufs,diskd,ufs,rock" \
    --enable-diskio \
    --enable-wccpv2 \
-   --enable-esi \
+   --disable-esi \
    --enable-ecap \
    --with-aio \
    --with-default-user="squid" \
@@ -328,6 +326,11 @@ fi
 
 
 %changelog
+* Thu Nov 07 2024 Luboš Uhliarik <luhliari@redhat.com> - 7:6.10-5
+- Disable ESI support
+- Resolves: RHEL-65069 - CVE-2024-45802 squid: Denial of Service processing ESI
+  response content
+
 * Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 7:6.10-4
 - Bump release for October 2024 mass rebuild:
   Resolves: RHEL-64018