Log message:
Update ruby-actionpack32 to 3.2.14

*   Merge `:action` from routing scope and assign endpoint if both `:controller`
    and `:action` are present. The endpoint assignment only occurs if there is
    no `:to` present in the options hash so should only affect routes using the
    shorthand syntax (i.e. endpoint is inferred from the the path).

    Fixes #9856

    *Yves Senn*, *Andrew White*

*   Always escape the result of `link_to_unless` method.

    Before:

        link_to_unless(true, '<b>Showing</b>', 'github.com')
        # => "<b>Showing</b>"

    After:

        link_to_unless(true, '<b>Showing</b>', 'github.com')
        # => "&lt;b&gt;Showing&lt;/b&gt;"

    *dtaniwaki*

*   Use a case insensitive URI Regexp for #asset_path.

    This fix a problem where the same asset path using different case are generating
    different URIs.

    Before:

        image_tag("HTTP://google.com")
        # => "<img alt=\"Google\" \ 
src=\"/assets/HTTP://google.com\" />"
        image_tag("http://google.com")
        # => "<img alt=\"Google\" \ 
src=\"http://google.com\" />"

    After:

        image_tag("HTTP://google.com")
        # => "<img alt=\"Google\" \ 
src=\"HTTP://google.com\" />"
        image_tag("http://google.com")
        # => "<img alt=\"Google\" \ 
src=\"http://google.com\" />"

    *David Celis + Rafael Mendon«®a Fran«®a*

*   Fix explicit names on multiple file fields. If a file field tag has
    the multiple option, it is turned into an array field (appending `[]`),
    but if an explicit name is passed to `file_field` the `[]` is not
    appended.
    Fixes #9830.

    *Ryan McGeary*

Log message:
Update ruby-actionpack32 to 3.2.13.

This is part of security update of Ruby on Rails 3.2.13 and changes are
too many to write here.  Please refer CHANGELOG.md.

Log message:
Make depends to www/ruby-rack14 instead of www/ruby-rack.

Bump PKGREVISION.

Log message:
Update ruby-actionpack32 to 3.2.12.

Change of version only.

Log message:
Update ruby-actionpack32 to 3.2.11.

## Rails 3.2.11 ##

* Strip nils from collections on JSON and XML posts. [CVE-2013-0155]

Log message:
Update ruby-actionpack32 to 3.9.2.

## Rails 3.2.9 (unreleased) ##

*   Clear url helpers when reloading routes.

    *Santiago Pastorino*

*   Revert the shorthand routes scoped with `:module` option fix
    This added a regression since it is changing the URL mapping.
    This makes the stable release backward compatible.

    *Rafael Mendonça França*

*   Revert the `assert_template` fix to not pass with ever string that matches \ 
the template name.
    This added a regression since people were relying on this buggy behavior.
    This will introduce back #3849 but this stable release will be backward \ 
compatible.
    Fixes #8068.

    *Rafael Mendonça França*

*   Revert the rename of internal variable on \ 
ActionController::TemplateAssertions to prevent
    naming collisions. This added a regression related with shoulda-matchers, \ 
since it is
    expecting the [instance variable \ 
@layouts](https://github.com/thoughtbot/shoulda-matchers/blob/9e1188eea68c47d9a56ce6280e45027da6187ab1/lib/shoulda/matchers/action_controller/render_with_layout_matcher.rb#L74).
    This will introduce back #7459 but this stable release will be backward \ 
compatible.
    Fixes #8068.

    *Rafael Mendonça França*

*   Accept :remote as symbolic option for `link_to` helper. *Riley Lynch*

*   Warn when the `:locals` option is passed to `assert_template` outside of a \ 
view test case
    Fix #3415

    *Yves Senn*

*   Rename internal variables on ActionController::TemplateAssertions to prevent
    naming collisions. @partials, @templates and @layouts are now prefixed with \ 
an underscore.
    Fix #7459

    *Yves Senn*

*   `resource` and `resources` don't modify the passed options hash
    Fix #7777

    *Yves Senn*

*   Precompiled assets include aliases from foo.js to foo/index.js and vice versa.

        # Precompiles phone-<digest>.css and aliases phone/index.css to \ 
phone.css.
        config.assets.precompile = [ 'phone.css' ]

        # Precompiles phone/index-<digest>.css and aliases phone.css to \ 
phone/index.css.
        config.assets.precompile = [ 'phone/index.css' ]

        # Both of these work with either precompile thanks to their aliases.
        <%= stylesheet_link_tag 'phone', media: 'all' %>
        <%= stylesheet_link_tag 'phone/index', media: 'all' %>

    *Jeremy Kemper*

*   `assert_template` is no more passing with what ever string that matches
    with the template name.

    Before when we have a template `/layout/hello.html.erb`, `assert_template`
    was passing with any string that matches. This behavior allowed false
    positive like:

        assert_template "layout"
        assert_template "out/hello"

    Now it only passes with:

        assert_template "layout/hello"
        assert_template "hello"

    Fixes #3849.

    *Hugolnx*

*   Handle `ActionDispatch::Http::UploadedFile` like `Rack::Test::UploadedFile`, \ 
don't call to_param on it. Since
    `Rack::Test::UploadedFile` isn't API compatible this is needed to test file \ 
uploads that rely on `tempfile`
    being available.

    *Tim Vandecasteele*

*   Respect `config.digest = false` for `asset_path`

    Previously, the `asset_path` internals only respected the `:digest`
    option, but ignored the global config setting. This meant that
    `config.digest = false` could not be used in conjunction with
    `config.compile = false` this corrects the behavior.

    *Peter Wagenet*

*   Fix #7646, the log now displays the correct status code when an exception is \ 
raised.

    *Yves Senn*

*   Fix handling of date selects when using both disabled and discard options.
    Fixes #7431.

    *Vasiliy Ermolovich*

*   Fix select_tag when option_tags is nil.
    Fixes #7404.

    *Sandeep Ravichandran*

*   `javascript_include_tag :all` will now not include `application.js` if the \ 
file does not exists. *Prem Sichanugrist*

*   Support cookie jar options (e.g., domain :all) for all session stores.
    Fixes GH#3047, GH#2483.

    *Ravil Bayramgalin*

*   Performance Improvement to send_file: Avoid having to pass an open file \ 
handle as the response body. Rack::Sendfile
    will usually intercept the response and just uses the path directly, so no \ 
reason to open the file. This performance
    improvement also resolves an issue with jRuby encodings, and is the reason \ 
for the backport, see issue #6844.

    *Jeremy Kemper & Erich Menge*

Log message:
Update ruby-actionpack32 to 3.2.8.

## Rails 3.2.8 (Aug 9, 2012) ##

* There is an XSS vulnerability in the strip_tags helper in Ruby on Rails, the
  helper doesn't correctly handle malformed html.  As a result an attacker can
  execute arbitrary javascript through the use of specially crafted malformed
  html.

  *Marek from Nethemba (www.nethemba.com) & Santiago Pastorino*

* When a "prompt" value is supplied to the `select_tag` helper, the \ 
"prompt"
  value is not escaped.
  If untrusted data is not escaped, and is supplied as the prompt value, there
  is a potential for XSS attacks.
  Vulnerable code will look something like this:

    select_tag("name", options, :prompt => UNTRUSTED_INPUT)

  *Santiago Pastorino*

Log message:
Update ruby-actionpack32 to 3.2.7.

## Rails 3.2.7 (unreleased) ##

* Do not convert digest auth strings to symbols. CVE-2012-3424

* Bump Journey requirements to 1.0.4

* Add support for optional root segments containing slashes

* Fixed bug creating invalid HTML in select options

* Show in log correct wrapped keys

* Fix NumberHelper options wrapping to prevent verbatim blocks being rendered
  instead of line continuations.

* ActionController::Metal doesn't have logger method, check it and then
  delegate

* ActionController::Caching depends on RackDelegation and
  AbstractController::Callbacks

Log message:
Set RUBY_RAILS_STRICT_DEP to yes.

Log message:
Update www/ruby-actionpack32 to 3.2.6.

## Rails 3.2.6 (Jun 12, 2012) ##

*   nil is removed from array parameter values

    CVE-2012-2694

*   Deprecate `:confirm` in favor of `':data => { :confirm => \ 
"Text" }'` option
    for `button_to`, `button_tag`, `image_submit_tag`, `link_to` and
    `submit_tag` helpers.

    *Carlos Galdino*

*   Allow to use mounted_helpers (helpers for accessing mounted engines) in
    ActionView::TestCase. *Piotr Sarnacki*

*   Include mounted_helpers (helpers for accessing mounted engines) in
    ActionDispatch::IntegrationTest by default. *Piotr Sarnacki*