Module Name:	pkgsrc
Committed By:	bouyer
Date:		Wed Oct 19 20:30:21 UTC 2005

Modified Files:
	pkgsrc/www/apache: Makefile distinfo

Log Message:
Update to 1.3.34. This is a security fix release, fix pkg/31868 by
Zafer Aydogan. Changes from 1.3.33:
  *) hsregex: fix potential core dumping on 64 bit machines, such as
     AMD64. PR 31858. [Glenn Strauss < gs-apache-dev gluelogic.com>]

  *) SECURITY: core: If a request contains both Transfer-Encoding and
     Content-Length headers, remove the Content-Length, mitigating some
     HTTP Request Splitting/Spoofing attacks.  This has no impact on
     mod_proxy_http, yet affects any module which supports chunked
     encoding yet fails to prefer T-E: chunked over the Content-Length
     purported value.  [Paul Querna, Joe Orton]

  *) Added TraceEnable [on|off|extended] per-server directive to alter
     the behavior of the TRACE method.  This addresses a flaw in proxy
     conformance to RFC 2616 - previously the proxy server would accept
     a TRACE request body although the RFC prohibited it.  The default
     remains 'TraceEnable on'.
     [William Rowe]

  *) mod_digest: Fix another nonce string calculation issue.
     [Eric Covener]


To generate a diff of this commit:
cvs rdiff -r1.172 -r1.173 pkgsrc/www/apache/Makefile
cvs rdiff -r1.46 -r1.47 pkgsrc/www/apache/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.