From 797ab646b154cde0de68f5468f4b65c2f1e31d3e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= <luhliari@redhat.com>
Date: Thu, 14 Nov 2024 17:51:47 +0100
Subject: [PATCH] Disable ESI support

Resolves: RHEL-65080 - CVE-2024-45802 squid: Denial of Service processing
  ESI response content
---
 squid.spec | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/squid.spec b/squid.spec
index ee02fbb..c7aef8e 100644
--- a/squid.spec
+++ b/squid.spec
@@ -2,7 +2,7 @@
 
 Name:     squid
 Version:  5.5
-Release:  16%{?dist}
+Release:  17%{?dist}
 Summary:  The Squid proxy caching server
 Epoch:    7
 # See CREDITS for breakdown of non GPLv2+ code
@@ -102,8 +102,6 @@ BuildRequires: openssl-devel
 BuildRequires: krb5-devel
 # time_quota requires TrivialDB
 BuildRequires: libtdb-devel
-# ESI support requires Expat & libxml2
-BuildRequires: expat-devel libxml2-devel
 # TPROXY requires libcap, and also increases security somewhat
 BuildRequires: libcap-devel
 # eCAP support
@@ -221,7 +219,7 @@ sed -i 's|@SYSCONFDIR@/squid.conf.documented|%{_pkgdocdir}/squid.conf.documented
    --enable-storeio="aufs,diskd,ufs,rock" \
    --enable-diskio \
    --enable-wccpv2 \
-   --enable-esi \
+   --disable-esi \
    --enable-ecap \
    --with-aio \
    --with-default-user="squid" \
@@ -405,6 +403,11 @@ fi
 
 
 %changelog
+* Thu Nov 14 2024 Luboš Uhliarik <luhliari@redhat.com> - 7:5.5-17
+- Disable ESI support
+- Resolves: RHEL-65080 - CVE-2024-45802 squid: Denial of Service processing
+  ESI response content
+
 * Tue Oct 22 2024 Luboš Uhliarik <luhliari@redhat.com> - 7:5.5-16
 - Resolves: RHEL-12356 - TCP_MISS_ABORTED/100 erros when uploading