23a5364eb6
CVE-2016-1982 (invalid reads in case of corrupt chunk-encoded content) and CVE-2016-1983 (invalid reads with empty Host headers). While there, drop MESSAGE that relates to updating from a <=2011 version of the port, and use an autoconf version from this century (upstream doesn't provide a generated script so there is no "right" version).