From cf6fa3932ff1831e72b2c872522725caf97825d0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= <luhliari@redhat.com>
Date: Thu, 7 Nov 2024 18:36:37 +0100
Subject: [PATCH] Disable ESI support

Resolves: RHEL-65075 - CVE-2024-45802 squid:4/squid: Denial of Service
  processing ESI response content
---
 squid.spec | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/squid.spec b/squid.spec
index 66bd9f5..83440ea 100644
--- a/squid.spec
+++ b/squid.spec
@@ -2,7 +2,7 @@
 
 Name:     squid
 Version:  4.15
-Release:  10%{?dist}.1
+Release:  10%{?dist}.2
 Summary:  The Squid proxy caching server
 Epoch:    7
 # See CREDITS for breakdown of non GPLv2+ code
@@ -89,8 +89,6 @@ BuildRequires: openssl-devel
 BuildRequires: krb5-devel
 # time_quota requires DB
 BuildRequires: libdb-devel
-# ESI support requires Expat & libxml2
-BuildRequires: expat-devel libxml2-devel
 # TPROXY requires libcap, and also increases security somewhat
 BuildRequires: libcap-devel
 # eCAP support
@@ -195,7 +193,7 @@ autoconf
    --enable-storeio="aufs,diskd,ufs,rock" \
    --enable-diskio \
    --enable-wccpv2 \
-   --enable-esi \
+   --disable-esi \
    --enable-ecap \
    --with-aio \
    --with-default-user="squid" \
@@ -367,6 +365,11 @@ fi
 
 
 %changelog
+* Thu Nov 07 2024 Luboš Uhliarik <luhliari@redhat.com> - 7:4.15-10.2
+- Disable ESI support
+- Resolves: RHEL-65075 - CVE-2024-45802 squid:4/squid: Denial of Service
+  processing ESI response content
+
 * Mon Oct 14 2024 Luboš Uhliarik <luhliari@redhat.com> - 7:4.15-10.1
 - Resolves: RHEL-56024 - (Regression) Transfer-encoding:chunked data is not sent
   to the client in its complementary