The following reply was made to PR kern/31858; it has been noted by GNATS.

From: Manuel Bouyer <bouyer@netbsd.org>
To: gnats-bugs@netbsd.org
Cc: 
Subject: PR/31858 CVS commit: pkgsrc/www/apache
Date: Wed, 19 Oct 2005 20:30:21 +0000 (UTC)

 Module Name:	pkgsrc
 Committed By:	bouyer
 Date:		Wed Oct 19 20:30:21 UTC 2005
 
 Modified Files:
 	pkgsrc/www/apache: Makefile distinfo
 
 Log Message:
 Update to 1.3.34. This is a security fix release, fix pkg/31868 by
 Zafer Aydogan. Changes from 1.3.33:
   *) hsregex: fix potential core dumping on 64 bit machines, such as
      AMD64. PR 31858. [Glenn Strauss < gs-apache-dev gluelogic.com>]
 
   *) SECURITY: core: If a request contains both Transfer-Encoding and
      Content-Length headers, remove the Content-Length, mitigating some
      HTTP Request Splitting/Spoofing attacks.  This has no impact on
      mod_proxy_http, yet affects any module which supports chunked
      encoding yet fails to prefer T-E: chunked over the Content-Length
      purported value.  [Paul Querna, Joe Orton]
 
   *) Added TraceEnable [on|off|extended] per-server directive to alter
      the behavior of the TRACE method.  This addresses a flaw in proxy
      conformance to RFC 2616 - previously the proxy server would accept
      a TRACE request body although the RFC prohibited it.  The default
      remains 'TraceEnable on'.
      [William Rowe]
 
   *) mod_digest: Fix another nonce string calculation issue.
      [Eric Covener]
 
 
 To generate a diff of this commit:
 cvs rdiff -r1.172 -r1.173 pkgsrc/www/apache/Makefile
 cvs rdiff -r1.46 -r1.47 pkgsrc/www/apache/distinfo
 
 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.