Disable ESI support

Resolves: RHEL-65080 - CVE-2024-45802 squid: Denial of Service processing
  ESI response content

squid.spec

@@ -2,7 +2,7 @@
 
 Name:     squid
 Version:  5.5
-Release:  16%{?dist}
+Release:  17%{?dist}
 Summary:  The Squid proxy caching server
 Epoch:    7
 # See CREDITS for breakdown of non GPLv2+ code
@@ -102,8 +102,6 @@ BuildRequires: openssl-devel
 BuildRequires: krb5-devel
 # time_quota requires TrivialDB
 BuildRequires: libtdb-devel
-# ESI support requires Expat & libxml2
-BuildRequires: expat-devel libxml2-devel
 # TPROXY requires libcap, and also increases security somewhat
 BuildRequires: libcap-devel
 # eCAP support
@@ -221,7 +219,7 @@ sed -i 's|@SYSCONFDIR@/squid.conf.documented|%{_pkgdocdir}/squid.conf.documented
    --enable-storeio="aufs,diskd,ufs,rock" \
    --enable-diskio \
    --enable-wccpv2 \
-   --enable-esi \
+   --disable-esi \
    --enable-ecap \
    --with-aio \
    --with-default-user="squid" \
@@ -405,6 +403,11 @@ fi
 
 
 %changelog
+* Thu Nov 14 2024 Luboš Uhliarik <luhliari@redhat.com> - 7:5.5-17
+- Disable ESI support
+- Resolves: RHEL-65080 - CVE-2024-45802 squid: Denial of Service processing
+  ESI response content
+
 * Tue Oct 22 2024 Luboš Uhliarik <luhliari@redhat.com> - 7:5.5-16
 - Resolves: RHEL-12356 - TCP_MISS_ABORTED/100 erros when uploading