Disable ESI support

Resolves: RHEL-65075 - CVE-2024-45802 squid:4/squid: Denial of Service
  processing ESI response content

squid.spec

@@ -2,7 +2,7 @@
 
 Name:     squid
 Version:  4.15
-Release:  10%{?dist}.1
+Release:  10%{?dist}.2
 Summary:  The Squid proxy caching server
 Epoch:    7
 # See CREDITS for breakdown of non GPLv2+ code
@@ -89,8 +89,6 @@ BuildRequires: openssl-devel
 BuildRequires: krb5-devel
 # time_quota requires DB
 BuildRequires: libdb-devel
-# ESI support requires Expat & libxml2
-BuildRequires: expat-devel libxml2-devel
 # TPROXY requires libcap, and also increases security somewhat
 BuildRequires: libcap-devel
 # eCAP support
@@ -195,7 +193,7 @@ autoconf
    --enable-storeio="aufs,diskd,ufs,rock" \
    --enable-diskio \
    --enable-wccpv2 \
-   --enable-esi \
+   --disable-esi \
    --enable-ecap \
    --with-aio \
    --with-default-user="squid" \
@@ -367,6 +365,11 @@ fi
 
 
 %changelog
+* Thu Nov 07 2024 Luboš Uhliarik <luhliari@redhat.com> - 7:4.15-10.2
+- Disable ESI support
+- Resolves: RHEL-65075 - CVE-2024-45802 squid:4/squid: Denial of Service
+  processing ESI response content
+
 * Mon Oct 14 2024 Luboš Uhliarik <luhliari@redhat.com> - 7:4.15-10.1
 - Resolves: RHEL-56024 - (Regression) Transfer-encoding:chunked data is not sent
   to the client in its complementary