Update ruby-rspec-rails to 2.10.1.

### 2.10.1 / 2012-05-03
[full changelog](http://github.com/rspec/rspec-rails/compare/v2.10.0...v2.10.1)

Bug fixes

* fix regression introduced in 2.10.0 that broke integration with Devise
  (https://github.com/rspec/rspec-rails/issues/534)

### 2.10.0 / 2012-05-03
[full changelog](http://github.com/rspec/rspec-rails/compare/v2.9.0...v2.10.0)

Bug fixes

* `render_views` called in a spec can now override the config setting. (martinsvalin)
* Fix `render_views` for anonymous controllers on 1.8.7. (hudge, mudge)
* Eliminate use of deprecated `process_view_paths`
* Fix false negatives when using `route_to` matcher with `should_not`
* `controller` is no longer nil in `config.before` hooks
* Change `request.path_parameters` keys to symbols to match real Rails
  environment (Nathan Broadbent)
* Silence deprecation warnings in pre-2.9 generated view specs (Jonathan del
  Strother)

(taca)

Update ruby-rspec to 2.10.0.

This is a meta package like one and reflect update of
ruby-rspec-core/ruby-rspec-expectations/ruby-rspec-mock.

(taca)

Update ruby-rspec-mocks to 2.10.1.

### 2.10.1 / 2012-05-05
[full changelog](http://github.com/rspec/rspec-mocks/compare/v2.10.0...v2.10.1)

Bug fixes

* fix regression of edge case behavior
  (https://github.com/rspec/rspec-mocks/issues/132)
    * fixed failure of `object.should_receive(:message).at_least(0).times.and_return value`
    * fixed failure of `object.should_not_receive(:message).and_return value`

### 2.10.0 / 2012-05-03
[full changelog](http://github.com/rspec/rspec-mocks/compare/v2.9.0...v2.10.0)

Bug fixes

* fail fast when an `exactly` or `at_most` expectation is exceeded

(taca)

Update ruby-rspec-expectations to 2.10.0.

### 2.10.0 / 2012-05-03
[full changelog](http://github.com/rspec/rspec-expectations/compare/v2.9.1...v2.10.0)

Enhancements

* Add new `start_with` and `end_with` matchers (Jeremy Wadsack)
* Add new matchers for specifying yields (Myron Marson):
    * `expect {...}.to yield_control`
    * `expect {...}.to yield_with_args(1, 2, 3)`
    * `expect {...}.to yield_with_no_args`
    * `expect {...}.to yield_successive_args(1, 2, 3)`
* `match_unless_raises` takes multiple exception args

Bug fixes

* Fix `be_within` matcher to be inclusive of delta.
* Fix message-specific specs to pass on Rubinius (John Firebaugh)

(taca)

Update ruby-rspec-core to 2.10.1.

### 2.10.1 / 2012-05-19
[full changelog](http://github.com/rspec/rspec-core/compare/v2.10.0...v2.10.1)

Bug fixes

* `RSpec.reset` properly reinits configuration and world
* Call `to_s` before `split` on exception messages that might not always be
  Strings (slyphon)

### 2.10.0 / 2012-05-03
[full changelog](http://github.com/rspec/rspec-core/compare/v2.9.0...v2.10.0)

Enhancements

* Add `prepend_before` and `append_after` hooks (preethiramdev)
    * intended for extension libs
    * restores rspec-1 behavior
* Reporting of profiled examples (moro)
    * Report the total amount of time taken for the top slowest examples.
    * Report what percentage the slowest examples took from the total runtime.

Bug fixes

* Properly parse `SPEC_OPTS` options.
* `example.description` returns the location of the example if there is no
  explicit description or matcher-generated description.
* RDoc fixes (Grzegorz ��wirski)
* Do not modify example ancestry when dumping errors (Michael Grosser)

(taca)

Note update of these packages:

devel/ruby-gettext 2.2.1
devel/ruby-fast_gettext 0.6.7
devel/ruby-gettext_i18n_rails 0.5.4
devel/ruby-highline 1.6.12
devel/ruby-mocha 0.11.4
devel/ruby-parsetree 3.0.9

(taca)

Update ruby-parsetree to 3.0.9.

=== 3.0.9 / 2012-05-01

* 6 minor enhancements:

  * Added a bunch of new tests from PTTC.
  * Added masgn handling inside block_pass
  * Added rewrite_iter to unwrap masgns w/ only 1 arg.
  * Handle rewriting block_pass in iter.
  * Imported RawParseTree test data from PTTC.
  * Removed rewrite_masgn requirement for 4 slots.

* 3 bug fixes:

  * Fixed dependencies to ensure they're not going to use ruby_parser 3 and friends.
  * Fixed segv for NODE_BLOCK_PASS in iter (nd_iter == 1... go boom)
  * Remove nil body in iter (I think this is wrong, but whatevs).

(taca)

Update ruby-mocha to 0.11.4.

= 0.11.4
* Homepage has moved to http://gofreerange.com/mocha/docs.

(taca)

Update ruby-highline to 1.6.12.

== 1.6.12

* Silenced warnings (by James McEwan).

(taca)

Update ruby-gettext_i18n_rails to 0.5.4.

Changes are unknown.

(taca)

Update ruby-fast_gettext to 0.6.7.

Changes are unknown.

(taca)

Update ruby-gettext o 2.2.1.

= Ruby-GetText-Package-2.2.1 (2012-05-20)
* Supported non ASCII string in msgid. [GitHub#1]
  [Patch by Urban Hafner]
* Stopped overriding String#% on Ruby 1.9.
* Fixed a bug that "\" is too escaped.
* Removed GetText.bindtext dependency from GetText::PoParser.
* Ranamed GetText::MOFile to GetText::MoFile but GetText::MOFile
  is still available.

Thanks to:
* Urban Hafner

(taca)

Note update of databases/ruby-sequel package to 3.36.0 and devel/ZenTest
package to 4.8.1.

(taca)

Update ZenTest to 4.8.1.

=== 4.8.1 / 2012-06-01

* 1 bug fix:

  * Fixed 1.9 bug caused by differences between Hash#find_all and Hash#select. (semaperepelitsa)

(taca)

Update ruby-sequel to 3.36.0.

=== 3.36.0 (2012-06-01)

* Use Bignum generic type when dumping unsigned integer types that could potentially overflow 32-bit signed integer values (stu314)

* Support :transform option in the nested_attributes plugin, for automatically preprocessing input hashes (chanks)

* Support :unmatched_pk option in the nested_attributes plugin, can be set to :create for associated objects with natural keys (chanks)

* Support composite primary keys in the nested_attributes plugin (chanks)

* Allow Model#from_json in the json_serializer plugin to use set_fields if a :fields option is given (jeremyevans)

* Support :using option to set_column_type on PostgreSQL, to force a specific conversion from the old value to the new value (jeremyevans)

* Drop indexes in the reverse order that they were added in the schema dumper (jeremyevans)

* Add :index_names option to schema dumper method, can be set to false or :namespace (stu314, jeremyevans)

* Add Database#global_index_namespace? for checking if index namespace is global or per table (jeremyevans)

* Fix typecasting of time columns on jdbc/postgres, before could be off by a millisecond (jeremyevans)

* Add document explaining Sequel's object model (jeremyevans)

* Attempt to detect more disconnect errors in the mysql2 adapter (jeremyevans)

* Add is_current? and check_current to the migrators, for checking/raising if there are unapplied migrations (pvh, jeremyevans) (#487)

* Add a jdbc subadapter for the Progress database (Michael Gliwinski, jeremyevans)

* Add pg_inet extension, for working with PostgreSQL inet and cidr types (jeremyevans)

* Fix bug in model column setters when passing an object that raises an exception for ==('') (jeremyevans)

* Add eager_each plugin, which makes each on an eagerly loaded dataset do eager loading (jeremyevans)

* Fix bugs when parsing foreign keys for tables with explicit schema on PostgreSQL (jeremyevans)

* Remove Database#case_sensitive_like on SQLite (jeremyevans)

* Remove Database#single_value in the native sqlite adapter (jeremyevans)

* Make Dataset#get work with nil and false arguments (jeremyevans)

* Make json_serializer plugin respect :root=>:collection and :root=>:instance options (jeremyevans)

* Support savepoints in prepared transactions on MySQL 5.5.23+ (jeremyevans)

* Add pg_json extension, for working with PostgreSQL 9.2's new json type (jeremyevans)

* In the optimistic locking plugin, make refresh and save after a failed save work correctly (jeremyevans)

* Support partial indexes on Microsoft SQL Server 2008 (jeremyevans)

* Make Database#call pass blocks (jeremyevans)

* Support :each when preparing statements, useful for iterating over large datasets (jeremyevans)

* Support :if_exists and :cascade options when dropping indexes on PostgreSQL (jeremyevans)

* Support :concurrently option when adding and dropping indexes on PostgreSQL (jeremyevans)

* Make Database#transaction on PostgreSQL recognize :synchronous, :read_only, and :deferrable options (jeremyevans)

* Support :sql_mode option when connecting to MySQL (jeremyevans)

* Apply :timeout MySQL connection setting on do, jdbc, and swift adapters (jeremyevans)

* Don't set Sequel::Model.db automatically when creating an anonymous class with an associated database object (jeremyevans)

* Add :connection_handling=>:queue option to the threaded connection pools, may reduce chance of stale connections (jeremyevans) (#481)

* Handle JRuby 1.7 exception handling changes when connecting in the jdbc adapter (jeremyevans) (#477)

* Make *_to_one association setters be noops if you pass a value that is the same as the cached value (jeremyevans)

* Make Model#refresh return self when using dirty plugin (jeremyevans)

(taca)

+ php-5.4.3 [taca].
- ruby-rb-appscript-0.6.1.

(taca)

Note update of devel/hoe package to 3.0.6.

(taca)

Update hoe to 3.0.6.

=== 3.0.6 / 2012-05-15

* 1 minor enhancement:

  * Added install_plugins to the newb task

=== 3.0.5 / 2012-05-07

* 1 bug fix:

  * Fixed ridocs argument handling (erikh)

=== 3.0.4 / 2012-05-01

* 1 bug fix:

  * Removed rubygems/deprecated and rolled my own for users on older rubygems

(taca)

Note update of devel/ZenTest package to 4.8.0.

(taca)

Update ZenTest to 4.8.0.

=== 4.8.0 / 2012-05-04

* 1 minor enhancement:

  * Added Minitest generation to zentest (use -t to generate for test/unit)

* 1 bug fix:

  * Fixes and clarifications to Autotest#find_file. (hugh sasse)

(taca)

Note update of databases/ruby-sequel package to 3.35.0.

(taca)

Update ruby-sequel to 3.35.0.

=== 3.35.0 (2012-05-01)

* Correctly handle parsing schema for tables in other databases on MySQL (jeremyevans)

* Add DSL support for the modulus operator (%), similar to the bitwise operators (jeremyevans)

* Fix possible thread-safety issues on non-GVL ruby implementations (jeremyevans)

* Allow truncation of multiple tables at the same time on PostgreSQL (jeremyevans)

* Allow truncate to take a :cascade, :only, and :restart options on PostgreSQL (hgimenez, jeremyevans)

* Allow json and xml serializers to support :array option in class to_json method to serialize existing array of model instances (jeremyevans)

* Add dirty plugin, which saves the initial value of the column when the value is changed (jeremyevans)

* create_table now supports an :as option to create a table directly from the results of a query (jeremyevans)

* The :index option when creating columns in the schema generator can now be a hash of options passed to index (jeremyevans)

* Parsing the default column values in the oracle adapter no longer requires superuser privileges (Jason Hines)

* Add Database#cache_schema to allow schema caching to be turned of, useful for development modes where models are reloaded (jeremyevans)

* Correctly handle errors that occur when rolling back transactions (jeremyevans)

* Recognize identity type in the schema dumper (jeremyevans) (#468)

* Don't assign instance variables to Java objects, for future JRuby 2.0 support (jeremyevans) (#466)

* Use date and timestamp formats that are multilanguage and not DATEFORMAT dependent on Microsoft SQL Server (jeremyevans)

* Add Database#log_exception, which logs when a query raises an exception, for easier overriding (jeremyevans) (#465)

* Make the migrators only use transactions by default if the database supports transactional DDL (jeremyevans)

* Add Database#supports_transactional_ddl? for checking if DDL statements can be rolled back in transactions (jeremyevans)

* Don't use auto parameterization when using cursors in the pg_auto_parameterize extension (jeremyevans) (#463)

* No longer escape backslashes in strings by default, fixes doubled backslashes on some adapters (jeremyevans)

* Escape blackslash-carriage return-line feed in strings on Microsoft SQL Server (mluu, jeremyevans) (#462, #461)

* Remove Array#all_two_pairs? (jeremyevans)

* Remove Dataset#disable_insert_returning on PostgreSQL (jeremyevans)

* Remove support for PostgreSQL <8.2 (jeremyevans)

* Remove support for Ruby <1.8.7 (jeremyevans)

(taca)

Note update of converters/ruby-unf_ext package to 0.0.5.

(taca)

Update ruby-unf_ext pacakge to 0.0.5.

Exact changes are unknown but a few code improvements.

(taca)

+ sudo-1.8.4p5.

(taca)

Note update of lang/php53 package to 5.3.13nb1.

(taca)

Add a patch to fix for CVE_2012-2143 from PHP's repository.

Bump PKGREVISION.

(taca)

Fix path of the target file in patch files.

(taca)

+ gallery3-3.0.2, libxml2-2.8.0, xf86-video-newport-0.2.4 [unpackaged].

(taca)

Note update of bind pakcages:

net/bind99 9.9.1
net/bind98 9.8.3
net/bind97 9.7.6
net/bind96 9.6.3.1.ESV.7

(taca)

Update bind96 package to 9.6.3.1.ESV.7 (BIND 9.6-ESV-R7).

New Features

*  None

Feature Changes

*  BIND now recognizes the TLSA resource record type, created to
  support IETF DANE (DNS-based Authentication of Named Entities)
  [RT #28989]

Bug Fixes

*  The locking strategy around the handling of iterative queries
  has been tuned to reduce unnecessary contention in a multi-threaded
  environment.  (Note that this may not provide a measurable
  improvement over previous versions of BIND, but it corrects the
  performance impact of change 3309 / RT #27995) [RT #29239]

*  Addresses a race condition that can cause named to to crash when
  the masters list for a zone is updated via rndc reload/reconfig
  [RT #26732]

*  Fixes a race condition in zone.c that can cause named to crash
  during the processing of rndc delzone [RT #29028]

*  Prevents a named segfault from resolver.c due to procedure
  fctx_finddone() not being thread-safe.  [RT #27995]

*  Uses hmctx, not mctx when freeing rbtdb->heaps to avoid triggering
  an assertion when flushing cache data. [RT #28571]

*  Resolves inconsistencies in locating DNSSEC keys where zone names
  contain characters that require special mappings [RT #28600]

*  A new flag -R  has been added to queryperf for running tests
  using non-recursive queries.  It also now builds correctly on
  MacOS version 10.7 (darwin)  [RT #28565]

*  Named no longer crashes if gssapi is enabled in named.conf but
  was not compiled into the binary [RT #28338]

*  SDB now handles unexpected errors from back-end database drivers
  gracefully instead of exiting on an assert. [RT #28534]

(taca)

Update bind97 package to 9.7.6.

New Features

*  None

Feature Changes

*  BIND now recognizes the TLSA resource record type, created to
  support IETF DANE (DNS-based Authentication of Named Entities)
  [RT #28989]

Bug Fixes

*  The locking strategy around the handling of iterative queries
  has been tuned to reduce unnecessary contention in a multi-threaded
  environment.  (Note that this may not provide a measurable
  improvement over previous versions of BIND, but it corrects the
  performance impact of change 3309 / RT #27995) [RT #29239]

*  Addresses a race condition that can cause named to to crash when
  the masters list for a zone is updated via rndc reload/reconfig
  [RT #26732]

*  Fixes a race condition in zone.c that can cause named to crash
  during the processing of rndc delzone [RT #29028]

*  Prevents a named segfault from resolver.c due to procedure
  fctx_finddone() not being thread-safe.  [RT #27995]

*  Uses hmctx, not mctx when freeing rbtdb->heaps to avoid triggering
  an assertion when flushing cache data. [RT #28571]

*  A new flag -R  has been added to queryperf for running tests
  using non-recursive queries.  It also now builds correctly on
  MacOS version 10.7 (darwin)  [RT #28565]

*  Named no longer crashes if gssapi is enabled in named.conf but
  was not compiled into the binary [RT #28338]

*  SDB now handles unexpected errors from back-end database drivers
  gracefully instead of exiting on an assert. [RT #28534]

(taca)

Update bind98 to 9.8.3.

pkgsrc change: add an comment to patches/patch-bin_tests_system_Makefile.in.

Changes from release announce:

Security Fixes

*  Windows binary packages distributed by ISC are now built and linked
  against OpenSSL 1.0.0i

New Features

*  None

Feature Changes

*  BIND now recognizes the TLSA resource record type, created to
  support IETF DANE (DNS-based Authentication of Named Entities)
  [RT #28989]

Bug Fixes

*  The locking strategy around the handling of iterative queries
  has been tuned to reduce unnecessary contention in a multi-threaded
  environment.  (Note that this may not provide a measurable
  improvement over previous versions of BIND, but it corrects the
  performance impact of change 3309 / RT #27995) [RT #29239]

*  Addresses a race condition that can cause named to to crash when
  the masters list for a zone is updated via rndc reload/reconfig
  [RT #26732]

*  named-checkconf now correctly validates dns64 clients acl
  definitions. [RT #27631]

*  Fixes a race condition in zone.c that can cause named to crash
  during the processing of rndc delzone [RT #29028]

*  Prevents a named segfault from resolver.c due to procedure
  fctx_finddone() not being thread-safe.  [RT #27995]

*  Improves DNS64 reverse zone performance. [RT #28563]

*  Adds wire format lookup method to sdb. [RT #28563]

*  Uses hmctx, not mctx when freeing rbtdb->heaps to avoid triggering
  an assertion when flushing cache data. [RT #28571]

*  Resolves inconsistencies in locating DNSSEC keys where zone names
  contain characters that require special mappings [RT #28600]

*  A new flag -R  has been added to queryperf for running tests
  using non-recursive queries.  It also now builds correctly on
  MacOS version 10.7 (darwin)  [RT #28565]

*  Named no longer crashes if gssapi is enabled in named.conf but
  was not compiled into the binary [RT #28338]

*  SDB now handles unexpected errors from back-end database drivers
  gracefully instead of exiting on an assert. [RT #28534]

(taca)

Update biind99 package to 9.9.1.

pkgsrc change: add an comment to patches/patch-bin_tests_system_Makefile.in.

Changes from release announce:

Security Fixes

*  Windows binary packages distributed by ISC are now built and linked
  against OpenSSL 1.0.0i

New Features

*  None

Feature Changes

*  BIND now recognizes the TLSA resource record type, created to
  support IETF DANE (DNS-based Authentication of Named Entities)
  [RT #28989]

*  A note will be added to the README in future releases to explain
  that the improved scalability provided by using multiple threads
  to listen for and process queries (change 3137, RT #22992) does
  not provide any performance benefit when running BIND on versions
  of the linux kernel that do not include the 'lockless UDP transmit
  path' changes that were incorporated in 2.6.39.  (Some linux
  distributors may have provided this functionality under their
  own version numbering systems).

Bug Fixes

*  The locking strategy around the handling of iterative queries
  has been tuned to reduce unnecessary contention in a multi-threaded
  environment.  (Note that this may not provide a measurable
  improvement over previous versions of BIND, but it corrects the
  performance impact of change 3309 / RT #27995) [RT #29239]

*  Addresses a race condition that can cause named to to crash when
  the masters list for a zone is updated via rndc reload/reconfig
  [RT #26732]

*  named-checkconf now correctly validates dns64 clients acl
  definitions. [RT #27631]

*  Fixes a race condition in zone.c that can cause named to crash
  during the processing of rndc delzone [RT #29028]

*  Prevents a named segfault from resolver.c due to procedure
  fctx_finddone() not being thread-safe.  [RT #27995]

*  Improves DNS64 reverse zone performance. [RT #28563]

*  Adds wire format lookup method to sdb. [RT #28563]

*  Uses hmctx, not mctx when freeing rbtdb->heaps to avoid triggering
  an assertion when flushing cache data. [RT #28571]

*  Prevents intermittent named crashes following an rndc reload [RT
  #28606]

*  Resolves inconsistencies in locating DNSSEC keys where zone names
  contain characters that require special mappings [RT #28600]

*  A new flag -R  has been added to queryperf for running tests
  using non-recursive queries.  It also now builds correctly on
  MacOS version 10.7 (darwin)  [RT #28565]

*  Named no longer crashes if gssapi is enabled in named.conf but
  was not compiled into the binary [RT #28338]

*  SDB now handles unexpected errors from back-end database drivers
  gracefully instead of exiting on an assert. [RT #28534]

*  Prevents named crashes as a result of dereferencing a NULL pointer
  in zmgr_start_xfrin_ifquota if the zone was being removed while
  there were zone transfers still pending [RT #28419]

*  Corrects a parser bug that could cause named to crash while
  reading a malformed zone file. [RT #28467]

*  Ensures that when a client recurses its status fields are
  consistently set so that named doesn't fail on an INSIST in
  client.c:exit_check. [RT #28346]

*  Fixed a problem preventing proper use of 64 bit time values in
  libbind. [RT # 26542]

*  isccc/cc.c:table_fromwire could fail to free an allocated object
  on error, leading to a possible memory leak condition. [RT #28265]

*  Fixed a build error on systems without ENOTSUP.  [RT #28200]

*  The header file isc/hmacsha.h is now installed when building
  BIND. [RT #28169]

*  AAAA responses will no longer be returned in the additional
  section when filter-aaaa-on-v4 is in use.  (Prior to this change,
  they would be returned for some query types). [RT #27292]

(taca)

Note update of mail/postfix to 2.8.11 package.

(taca)

Update postfix to 2.8.11.

Changes from release announce:

  * OpenSSL related (all supported Postfix versions).

      o Some people have reported program crashes when the OpenSSL
        library was updated while Postfix was accessing the Postfix
        TLS session cache. To avoid this, the Postfix TLS session
        cache ID now includes the OpenSSL library version number.
        This cache ID is not shared via the network.

      o The OpenSSL workaround introduced with the previous stable
        and legacy releases did not compile with older gcc compilers.
        These compilers can't handle #ifdef inside a macro invocation
        (NOT: definition).

  * postscreen(8) related (Postfix 2.9, Postfix 2.8).

      o To avoid repeated warnings from postscreen(8) with "connect
        to private/dnsblog service: Connection refused" on FreeBSD,
        the dnsblog(8) daemon now uses the single_server program
        driver instead of the multi_server driver. This one-line
        code change has no performance impact for other systems,
        and eliminates a high-frequency accept() race on a shared
        socket that appears to cause trouble on FreeBSD. The same
single_server program driver has proven itself for many
years in smtpd(8).  Problem reported by Sahil Tandon.

  * Laptop-friendly support (all supported Postfix versions). A
    little-known secret is that Postfix has always had support to
    avoid unnecessary disk spin-up for MTIME updates, by doing
    s/fifo/unix/ in master.cf (this is currently not supported on
    Solaris systems). However, two minor fixes are needed to make
    this bullet-proof.

      o In laptop-friendly mode, the "postqueue -f" and "sendmail
        -q" commands did not wait until their requests had reached
        the pickup and qmgr servers before closing their UNIX-domain
        request sockets.

      o In laptop-friendly mode, the unused postkick command waited
        for more than a minute because the event_drain() function
        was comparing bitmasks incorrectly on systems with kqueue(2),
        epoll(2) or /dev/poll support.

(taca)

Note update of textproc/libxml2 package to 2.7.8nb10.

(taca)

Add fix for http://secunia.com/advisories/49177/ from repository.

Bump PKGREVISION.

(taca)

Note update of security/sudo package to 1.7.9p1.

(taca)

Update sudo package to 1.7.9p1.

Fix seuciry problem of CVE-2012-2337.

What's new in Sudo 1.7.9p1?

* Fixed a bug when matching against an IP address with an associated
  netmask in the sudoers file.  In certain circumstances, this
  could allow users to run commands on hosts they are not authorized
  for.

What's new in Sudo 1.7.9?

* Fixed a false positive in visudo strict mode when aliases are
  in use.

* The line on which a syntax error is reported in the sudoers file
  is now more accurate.  Previously it was often off by a line.

* The #include and #includedir directives in sudoers now support
  relative paths.  If the path is not fully qualified it is expected
  to be located in the same directory of the sudoers file that is
  including it.

* visudo will now fix the mode on the sudoers file even if no changes
  are made unless the -f option is specified.

* The "use_loginclass" sudoers option works properly again.

* For LDAP-based sudoers, values in the search expression are now
  escaped as per RFC 4515.

* Fixed a race condition when I/O logging is not enabled that could
  result in tty-generated signals (e.g. control-C) being received
  by the command twice.

* If none of the standard input, output or error are connected to
  a tty device, sudo will now check its parent's standard input,
  output or error for the tty name on systems with /proc and BSD
  systems that support the KERN_PROC_PID sysctl.  This allows
  tty-based tickets to work properly even when, e.g. standard
  input, output and error are redirected to /dev/null.

* Fixed a bug where a pattern like "/usr/*" included /usr/bin/ in
  the results, which would be incorrectly be interpreted as if the
  sudoers file had specified a directory.

* "visudo -c" will now list any include files that were checked
  in addition to the main sudoers file when everything parses OK.

* Users that only have read-only access to the sudoers file may
  now run "visudo -c".  Previously, write permissions were required
  even though no writing is down in check-only mode.

What's new in Sudo 1.7.8p2?

* Fixed a crash in the monitor process on Solaris when NOPASSWD
  was specified or when authentication was disabled.

(taca)

Note update of mail/dovecot2 package to 2.1.6nb1.

(taca)

Add support for net_getunixcred() to NetBSD before 5.0 which dosen't
have getpeereid(3); no LOCAL_PEEREID socket options.

Bump PKGREVISION.

(taca)

* Remove duplicate definition of PHP_EXTENSION_DIR from Makefile.php.

(taca)

Note update of lang/php5 package to 5.2.17nb5.

(taca)

Add fix for CVE-2012-1823.

Bump PKGREVISION.

(taca)

* Remove duplicate definition of PHP_EXTENSION_DIR from Makefile.php.
* Simplify comparsion of PHP_BASE_VERS and SUHOSIN_PHPVER.

(taca)

Note update of mysql55-{client,server} to 5.55.24.

(taca)

Update mysql55-{client,server} to 5.55.24.

Changes (http://dev.mysql.com/doc/refman/5.5/en/news-5-5-24.html):

Functionality Added or Changed

    * Important Change: Replication: INSERT ON DUPLICATE KEY UPDATE is now
      marked as unsafe for statement-based replication if the target table has
      more than one primary or unique key. For more information, see Section
      16.1.2.3, "Determination of Safe and Unsafe Statements in Binary
      Logging".

Bugs Fixed

    * Security Fix: Bug #64884 was fixed.

    * InnoDB: Replication: When binary log statements were replayed on the
      slave, the Com_insert, Com_update, and Com_delete counters were
      incremented by BEGIN statements initiating transactions affecting InnoDB
      tables but not by COMMIT statements ending such transactions. This
      affected these statements whether they were replicated or they were run
      using mysqlbinlog. (Bug #12662190)

    * If the --bind-address option was given a host name value and the host
      name resolved to more than one IP address, the server failed to
      start. For example, with --bind-address=localhost, if localhost resolved
      to both 127.0.0.1 and ::1, startup failed. Now the server prefers the
      IPv4 address in such cases. (Bug #61713, Bug #12762885)

    * mysql_store_result() and mysql_use_result() are not for use with
      prepared statements and are not intended to be called following
      mysql_stmt_execute(), but failed to return an error when invoked that
      way in libmysqld. (Bug #62136, Bug #13738989)

      References: See also Bug #47485.

    * On Windows, mysqlslap crashed for attempts to connect using shared
      memory. (Bug #31173, Bug #11747181, Bug #59107, Bug #11766072)

(taca)

Note update of mysql51-{client,server} to 5.1.63.

(taca)

Update mysql51-{client,server} to 5.1.63 (MySQL 5.1.63).

Changes (http://dev.mysql.com/doc/refman/5.1/en/news-5-1-63.html):

    * Security Fix: Bug #64884 was fixed.

    * Security Fix: Bug #59387 was fixed.

    * InnoDB: Deleting a huge amount of data from InnoDB tables
      within a short time could cause the purge operation that
      flushes data from the buffer pool to stall. If this issue
      occurs, restart the server to work around it. This issue is
      only likely to occur on 32-bit platforms. (Bug #13847885)

    * InnoDB: If the server crashed during a TRUNCATE TABLE or
      CREATE INDEX statement for an InnoDB table, or a DROP DATABASE
      statement for a database containing InnoDB tables, an index
      could be corrupted, causing an error message when accessing
      the table after restart:
      InnoDB: Error: trying to load index index_name for table
      table_name
      InnoDB: but the index tree has been freed!
      In MySQL 5.1, this fix applies to the InnoDB Plugin, but not
      the built-in InnoDB storage engine. (Bug #12861864, Bug
      #11766019)

    * InnoDB: When data was removed from an InnoDB table, newly
      inserted data might not reuse the freed disk blocks, leading
      to an unexpected size increase for the system tablespace or
      .ibd file (depending on the setting of innodb_file_per_table.
      The OPTIMIZE TABLE could compact a .ibd file in some cases but
      not others. The freed disk blocks would eventually be reused
      as additional data was inserted. (Bug #11766634, Bug #59783)

    * Partitioning: After updating a row of a partitioned table and
      selecting that row within the same transaction with the query
      cache enabled, then performing a ROLLBACK, the same result was
      returned by an identical SELECT issued in a new transaction.
      (Bug #11761296, Bug #53775)

    * Replication: The --relay-log-space-limit option was sometimes
      ignored.
      More specifically, when the SQL thread went to sleep, it
      allowed the I/O thread to queue additional events in such a
      way that the relay log space limit was bypassed, and the
      number of events in the queue could grow well past the point
      where the relay logs needed to be rotated. Now in such cases,
      the SQL thread checks to see whether the I/O thread should
      rotate and provide the SQL thread a chance to purge the logs
      (thus freeing space).
      Note that, when the SQL thread is in the middle of a
      transaction, it cannot purge the logs; it can only ask for
      more events until the transaction is complete. Once the
      transaction is finished, the SQL thread can immediately
      instruct the I/O thread to rotate. (Bug #12400313, Bug #64503)
      References: See also Bug #13806492.

    * Mishandling of NO_BACKSLASH_ESCAPES SQL mode within stored
      procedures on slave servers could cause replication failures.
      (Bug #12601974)

    * If the system time was adjusted backward during query
      execution, the apparent execution time could be negative. But
      in some cases these queries would be written to the slow query
      log, with the negative execution time written as a large
      unsigned number. Now statements with apparent negative
      execution time are not written to the slow query log. (Bug
      #63524, Bug #13454045) References: See also Bug #27208.

    * mysql_store_result() and mysql_use_result() are not for use
      with prepared statements and are not intended to be called
      following mysql_stmt_execute(), but failed to return an error
      when invoked that way in libmysqld. (Bug #62136, Bug
      #13738989) References: See also Bug #47485.

    * SHOW statements treated stored procedure, stored function, and
      event names as case sensitive. (Bug #56224, Bug #11763507)

    * On Windows, mysqlslap crashed for attempts to connect using
      shared memory. (Bug #31173, Bug #11747181, Bug #59107, Bug
      #11766072)

(taca)

Note update of security/openssl package to 0.9.8x.

(taca)

Update openssl to 0.9.8x.

OpenSSL CHANGES
_______________

Changes between 0.9.8w and 0.9.8x [10 May 2012]

  *) Sanity check record length before skipping explicit IV in DTLS
    to fix DoS attack.

    Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
    fuzzing as a service testing platform.
    (CVE-2012-2333)
    [Steve Henson]

  *) Initialise tkeylen properly when encrypting CMS messages.
    Thanks to Solar Designer of Openwall for reporting this issue.
    [Steve Henson]

(taca)

Note update of lang/php53 package to 5.3.13.

(taca)

Update php53 pacakge to 5.3.13 (PHP 5.3.13).

08 May 2012, PHP 5.3.13
- CGI
  . Improve fix for PHP-CGI query string parameter vulnerability, CVE-2012-2311.
    (Stas)

(taca)

Note update of www/fengoffice package to 2.0.0nb1.

(taca)

Add a patch forgot to commit.

Bump PKGREVISION.

(taca)

Strict RUBY_VERSION_DEFAULT when RUBY_VERSION_SUPPORTED has one word.

Should be fix PR pkg/46420.

(taca)

Fix miss spelling in comment: s/CVS-/CVE-/.

(taca)

Note update of lang/php53 pacakge to 5.3.12nb1.

(taca)

Additional fix for CVS-2012-1823; it wasn't fixed by PHP 5.3.12.

Bump PKGREVISION.

(taca)

Make sure to contao211's version to 2.11.3.

Noted by David Holland, thanks much.

(taca)

Note update of www/contao211-translations package to 201205050.

(taca)

Update contao211-translations to 201205050.

Update Bulgarian, Persian, Japanese, Swedish and Ukrainian language files.
These language support Contao 2.11.3 except Bulgarian.

(taca)

Note update of www/contao211 package to 2.11.3.

(taca)

Update contao211 to 2.11.3 (Contao 2.11.3).

pkgsrc change: install .htaccess as configuration file with .htaccess.default
as an example.

* Fix permission checking problem of Task center.
* Provide improved .htaccess.default.
* Several bug fixes and improvements.

(taca)

Correct default value in description of PHP_VERSION_DEFAULT.

(taca)

Note update of lang/php53 package to 5.3.12.

(taca)

Update php53 package to 5.3.12.

03 Mar 2012, PHP 5.3.12
- Fix PHP-CGI query string parameter vulnerability, CVE-2012-1823. (Rasmus)

(taca)

Note update of drupal6 and drupal7 packages:

www/drupal6 6.26
www/drupal7 7.14

(taca)

Update drupal7 to 7.14.

Drupal 7.14 2012-05-02
----------------------
- Fixed "integrity constraint" fatal errors when rebuilding registry.
- Fixed custom logo and favicon functionality referencing incorrect paths.
- Fixed DB Case Sensitivity: Allow BINARY attribute in MySQL.
- Split field_bundle_settings out per bundle.
- Improve UX for machine names for fields (UI change).
- Fixed User pictures are not removed properly.
- Fixed HTTPS sessions not working in all cases.
- Fixed Regression: Required radios throw illegal choice error when none
  selected.
- Fixed allow autocompletion requests to include slashes.
- Eliminate $user->cache and {session}.cache in favor of
  $_SESSION['cache_expiration'][$bin] (Performance).
- Fixed focus jumps to tab when pressing enter on a form element within tab.
- Fixed race condition in locale() - duplicates in {locales_source}.
- Fixed Missing "Default image" per field instance.
- Quit clobbering people's work when they click the filter tips link
- Form API #states: Fix conditionals to allow OR and XOR constructions.
- Fixed Focus jumps to tab when pressing enter on a form element within tab.
  (Accessibility)
- Improved performance of node_access queries.
- Fixed Fieldsets inside vertical tabs have no title and can't be collapsed.
- Reduce size of cache_menu table (Performance).
- Fixed unnecessary aggregation of CSS/JS (Performance).
- Fixed taxonomy_autocomplete() produces SQL error for nonexistent field.
- Fixed HTML filter is not run first by default, despite default weight.
- Fixed Overlay does not work with prefixed URL paths.
- Better debug info for field errors (string change).
- Fixed Data corruption in comment IDs (results in broken threading on
  PostgreSQL).
- Fixed machine name not editable if every character is replaced.
- Fixed user picture not appearing in comment preview (Markup change).
- Added optional vid argument for taxonomy_get_term_by_name().
- Fixed Invalid Unicode code range in PREG_CLASS_UNICODE_WORD_BOUNDARY fails
  with PCRE 8.30.
- Fixed {trigger_assignments()}.hook has only 32 characters, is too short.
- Numerous fixes to run-tests.sh.
- Fixed Tests in profiles/[name]/modules cannot be run and cannot use a
  different profile for running tests.
- Numerous JavaScript performance fixes.
- Numerous documentation fixes.
- Fixed All pager links have an 'active' CSS class.
- Numerous upgrade path fixes; notably:
  - system_update_7061() fails on inserting files with same name but different
    case.
  - system_update_7061() converts filepaths too aggressively.
  - Trigger upgrade path: Node triggers removed when upgrading to 7-x from 6.25.

(taca)

Update drupal6 package to 6.26.

Drupal 6.26, 2012-05-02
----------------------
- Fixed a small number of bugs.
- Made code documentation improvements.

(taca)

Note update of www/drupal7 package to 7.13.

(taca)

Update dupal7 to 7.13.

Drupal 7.13 2012-05-02
----------------------
- Fixed security issues (Multiple vulnerabilities), see SA-CORE-2012-002.

(taca)

Note update of net/samba35 package to 3.5.15.

(taca)

Update samba35 package to 3.5.15.

                  ==============================
                  Release Notes for Samba 3.5.15
  April 30, 2012
                  ==============================

This is a security release in order to address
CVE-2012-2111 (Incorrect permission checks when granting/removing
privileges can compromise file server security).

o  CVE-2012-2111:
  Samba 3.4.x to 3.6.4 are affected by a
  vulnerability that allows arbitrary users
  to modify privileges on a file server.

(taca)

+ openssl-1.0.1b, postfix-2.9.2.

(taca)

Note update of net/samba package to 3.6.5.

(taca)

Update samba to 3.6.5.

                  =============================
                  Release Notes for Samba 3.6.5
                          April 30, 2012
                  =============================

This is a security release in order to address
CVE-2012-2111 (Incorrect permission checks when granting/removing
privileges can compromise file server security).

o  CVE-2012-2111:
  Samba 3.4.x to 3.6.4 are affected by a
  vulnerability that allows arbitrary users
  to modify privileges on a file server.

(taca)

Note update of bind packages:

net/bind99 9.9.0nb1
net/bind98 9.8.2nb1
net/bind97 9.7.5nb1
net/bind96 9.6.3.1.ESV.6nb1

(taca)

Add fix to a race condition in the resolver code that can cause a recursive
nameserver: <https://kb.isc.org/article/AA-00664>.

Bump PKGREVISION.

(taca)

Add fix to a race condition in the resolver code that can cause a recursive
nameserver: <https://kb.isc.org/article/AA-00664>.

Bump PKGREVISION.

(taca)

Add fix to a race condition in the resolver code that can cause a recursive
nameserver: <https://kb.isc.org/article/AA-00664>.

Bump PKGREVISION.

(taca)

Add fix to a race condition in the resolver code that can cause a recursive
nameserver: <https://kb.isc.org/article/AA-00664>.

Bump PKGREVISION.

(taca)

Note update of www/contao211-translations package to 201204290.

(taca)

Update contao211-translations to 201204290.

Update Slovak language files.

(taca)

Note update of devel/ruby-readline to 1.9.3p194nb1.

(taca)

Don't enable "readline" option default if RUBY_VER is prior to 193.

Ruby 1.9.3 changes its license and solve the problem with GPL3 of readline
license.  But Ruby 1.9.2/1.8.7 dosen't solve this problem.

If you want to use ruby-readline with GNU readline on ruby18 or ruby192,
please explictly set "readline" PKG_OPTION.

Fix PR pkg/41943.

Bump PKGREVISION.

(taca)

Note update of www/php-apc package to 3.1.10.

(taca)

Update php-apc package to 3.1.10.

- Add PHP 5.4 support (Dmitry, Anatoliy, Pierre)
- Fixed bug #22679: Fix apc_bin_dump for constants. Use IS_CONSTANT_TYPE_MASK
  to handle all the constants, including the unqalified ones (instead of
  ~IS_CONSTANT_INDEX check)
- Fixed bug #23822, php crashes on apache restart

(taca)

Note update of lang/pear package to 1.9.4nb3.

(taca)

Update Archive_Tar which included this package to 1.3.10.

Archive_Tar 1.3.10

Changelog:

* Fix Bug #13361: Unable to add() some files (ex. mp3) [mrook]
* Fix Bug #19330: Class creates incorrect (non-readable) tar.gz file [mrook]

Bump PKGREVISION.

(taca)

Note update of www/termtter package to 1.11.0.

(taca)

Update termtter to 1.11.0.
Changes are unavailable.

(taca)

Note update of these packages:

www/ramaze 2012.04.14
www/ruby-mechanize 2.4

(taca)

Update ruby-mechanize to 2.4.

=== 2.4

* Security fix:

  Mechanize#auth and Mechanize#basic_auth allowed disclosure of passwords to
  malicious servers and have been removed.

  In prior versions of mechanize only one set of HTTP authentication
  credentials were allowed for all connections.  If a mechanize instance
  connected to more than one server then a malicious server detecting
  mechanize could ask for HTTP Basic authentication.  This would expose the
  username and password intended only for one server.

  Mechanize#auth and Mechanize#basic_auth now warn when used.

  To fix the warning switch to Mechanize#add_auth which requires at the URI
  the credentials are intended for, the username and the password.
  Optionally an HTTP authentication realm or NTLM domain may be provided.

* Minor enhancement
  * Improved exception messages for 401 Unauthorized responses.  Mechanize now
    tells you if you were missing credentials, had an incorrect password, etc.

(taca)

Update ramaze to 2012.04.14.

Changelog

* The Redis adapter (Ramaze::Cache::Redis) has been fixed so that it works
  with sessions, previously this would result in "Can't convert into symbol"
  errors and the like. This problem was caused by not encoding data using
  Marshal. Thanks to EdvardM for reporting the issue.
* The Redis cache adapter namespaces keys just like the other adapters.
* Ramaze::Cache::MemCache has been updated for the latest version of Dalli and
  should no longer display deprecation warnings. The minimum required version
  of Dalli has been set to at least 2.0.2.
* Various documentation improvements and additions.
* The HTML of the pagination helper can now be customized, thanks to Leucos
  and bougyman for adding it.

(taca)

Note update of www/ruby-unicorn package to 4.3.1.

(taca)

Update ruby-unicorn to 4.3.1.

=== unicorn 4.3.1 - shutdown() fixes / 2012-04-29 07:04 UTC

  * Call shutdown(2) if a client EOFs on us during upload.
    We can avoid holding a socket open if the Rack app forked a
    process during uploads.

  * ignore potential Errno::ENOTCONN errors (from shutdown(2)).
    Even on LANs, connections can occasionally be accept()-ed but
    be unusable afterwards.

  Thanks to Joel Nimety <jnimety@continuity.net>,
  Matt Smith <matt@nearapogee.com> and George <lists@southernohio.net>
  on the mongrel-unicorn@rubyforge.org mailing list for their
  feedback and testing for this release.

=== unicorn 4.3.0 - minor fixes and updates / 2012-04-17 21:51 UTC

  * PATH_INFO (aka REQUEST_PATH) increased to 4096 (from 1024).
    This allows requests with longer path components and matches
    the system PATH_MAX value common to GNU/Linux systems for
    serving filesystem components with long names.

  * Apps that fork() (but do not exec()) internally for background
    tasks now indicate the end-of-request immediately after
    writing the Rack response.

  Thanks to Hongli Lai, Lawrence Pit, Patrick Wenger and Nuo Yan
  for their valuable feedback for this release.

=== unicorn 4.2.1 - minor fix and doc updates / 2012-03-26 21:39 UTC

  * Stale pid files are detected if a pid is recycled by processes
    belonging to another user, thanks to Graham Bleach.
  * nginx example config updates thanks to to Eike Herzbach.
  * KNOWN_ISSUES now documents issues with apps/libs that install
    conflicting signal handlers.

(taca)

Note update of www/ruby-sass package to 3.1.16.

(taca)

Update ruby-sass to 3.1.16.

3.1.16

* Fix some bugs in sass-convert selector parsing when converting from CSS.
* Substantially improve compilation performance on Ruby 1.8.
* Support the @-moz-document directive’s non-standard url-prefix and domain
  function syntax.
* Support the @supports directive.
* Fix a performance issue when using /*! */ comments with the Rails asset
  pipeline.
* Support -moz-element.
* Properly handle empty lists in sass-convert.
* Move from FSSM to Listen for file-system monitoring.

(taca)

Note update of these packages:

www/ruby-jquery-rails20 2.0.2
www/ruby-net-http-persistent 2.6

(taca)

Update ruby-net-http-persistent to 2.6.

=== 2.6 / 2010-03-26

* Minor enhancement
  * Net::HTTP::Persistent#idle_timeout may be set to nil to disable expiration
    of connections.  Pull Request #21 by Aaron Stone

(taca)

Update ruby-jquery-rails20 to 2.0.2.

## 2.0.2 (03 April 2012)

  - Updated to jQuery 1.7.2
  - Updated to jQuery UI 1.8.18
  - Updated to latest jquery-ujs
    - Override provided for obtaining `href`
    - Edit `crossDomain` and `dataType` from `ajax:before` event

(taca)

Note upfate of these packages:

textproc/ruby-coderay 1.0.6
textproc/ruby-fast-stemmer 1.0.1
textproc/ruby-rdtool 0.6.33
textproc/ruby-stringex 1.3.3

(taca)

Update stringex to 1.3.3.
Exact changes are unavailable.

Several bug fixes.

(taca)

Update ruby-rdtool to 0.6.33.

= CHANGES
:0.6.33
  * Typo fixed
  * Remove makerdtool.rb, merge Rake task.
:0.6.32
  * Fix for Ruby 1.9.1. Thanks to Shin-ya Murakami
  * Update Rakefile to create gem and .tar.gz, no longer needed jeweler.
  * Add RD::Version into rd/version.rb

(taca)

Update ruby-fast-stemmer to 1.0.1.

One bug fix: don't mutate the original string.

(taca)

Update ruby-coderay package to 1.0.6.

Changes in 1.0.6

* New option :break_lines for the HTML encoder (splits tokens at line
  breaks). [GH-15, thanks to Etienne Massip]
* Improved speed of :line_numbers => :inline option for the HTML encoder.
* Fixed wrong HTML file type. (was :page) [GH-16, thanks to Doug Hammond]
* The CSS Scanner now highlights tokens like url(...) as :function instead of
  :string. [GH-13, thanks to Joel Holdbrooks]

(taca)

Note update of these packages:

sysutils/ruby-facter 1.6.8
sysutils/ruby-fssm 0.2.9

(taca)

Update ruby-fssm to 0.2.9.

>From commit log.

* completely remove rubycocoa backend, as it hasn't worked correctly
  since 10.6 and rb-fsevent is a better solution regardless
* mention guard/listen on require

(taca)

Update ruby-facter package to 1.6.8.

1.6.8
===
b86fe4c (#12831) Add rspec tests to have_which method in Resolution
70be957 (#12831) Fix recursion on first kernel fact resolution

1.6.7
===
ab9e26c Updating CHANGELOG and lib/facter.rb for Facter 1.6.7rc1
bdbf332 (#12720) Add Solaris CPU info to 'processorN' fact.
a7f5924 (#12813) Redirect lspci output to /dev/null
6ec2863 (#12669) Preserve timestamps when installing files

(taca)

Note update of print/ruby-pdf-reader package to 1.1.0.

(taca)

Update ruby-pdf-reader to 1.1.0.

v1.1.0 (25th March 2012)
- new PageState class for handling common state tracking in page receivers
  - see PageTextReceiver for example usage
- various bugfixes to support reading more PDF dialects

(taca)

Note update of these packages:

net/ruby-domain_name 0.5.3
net/ruby-soap4r 2.0.5

(taca)

Update ruby-soap4r to 2.0.5.
Exact changes are unavailable.

(taca)

Update ruby-domain_name to 0.5.3.

Several bugfixes.

(taca)

Note update of these packages:

misc/ruby-bundler 1.1.3
misc/ruby-sprockets 2.4.1

(taca)

Update ruby-sprockets package to 2.4.1.

pkgsrc change: fix HOMEPAGE.

**2.4.1** (April 26, 2012)

* Fixed MultiJson API change
* Fixed gzip mtime

**2.4.0** (March 27, 2012)

* Added global path registry
* Added global processor registry

**2.3.2** (March 26, 2012)

* Fix Context#logical_path with dots

(taca)

Update ruby-bundler to 1.1.3.

## 1.1.3 (March 23, 2012)

Bugfixes:

  - escape the bundler root path (@tenderlove, #1789)

(taca)

Note update of these pacakges:

lang/ruby-coffee-script-source 1.3.1
lang/ruby-execjs 1.3.1

(taca)

Update ruby-execjs to 1.3.1.

- Fix multijson api change.
- Skip disabled tests.

(taca)

Update ruby-coffee-script-source to 1.3.1.

1.3.1 – APRIL 10, 2012

* CoffeeScript now enforces all of JavaScript's Strict Mode early syntax
  errors at compile time. This includes old-style octal literals, duplicate
  property names in object literals, duplicate parameters in a function
  definition, deleting naked variables, setting the value of eval or
  arguments, and more. See a full discussion at #1547.
* The REPL now has a handy new multi-line mode for entering large blocks of
  code. It's useful when copy-and-pasting examples into the REPL. Enter
  multi-line mode with Ctrl-V. You may also now pipe input directly into the
  REPL.
* CoffeeScript now prints a Generated by CoffeeScript VERSION header at the
  top of each compiled file.
* Conditional assignment of previously undefined variables a or= b is now
  considered a syntax error.
* A tweak to the semantics of do, which can now be used to more easily
  simulate a namespace: do (x = 1, y = 2) -> ...
* Loop indices are now mutable within a loop iteration, and immutable between
  them.
* Both endpoints of a slice are now allowed to be omitted for consistency,
  effectively creating a shallow copy of the list.
* Additional tweaks and improvments to coffee --watch under Node's "new" file
  watching API. Watch will now beep by default if you introduce a syntax error
  into a watched script. We also now ignore hidden directories by default when
  watching recursively.

(taca)

Note update of devel/ruby-turn package to 0.9.5.

(taca)

Update ruby-turn package to 0.9.5.

== 0.9.5 / 2012-04-15
  * Add -m/-mark option to flag tests with high runtimes.
  * Show per-test runtime in Pretty reporter. (#83)
  * Fix colorization of result box. (Don Wilson) (#81, #85)
  * Add support for natural test names in pretty format. (Don Wilson) (#86)
  * Fix test rake task on Windows. (Don Wilson) (#88)

(taca)

Remove accidently commited file.

(taca)

Note update of devel/ruby-uglifier package to 1.2.4.

(taca)

Update ruby-uglifier to 1.2.4.

* Update UglifyJS to 1.2.6.

(taca)

Note update of Ruby on Rails 3.2.3 packages;

devel/ruby-activesupport32 3.2.3
devel/ruby-activemodel32 3.2.3
databases/ruby-activerecord32 3.2.3
www/ruby-activeresource32 3.2.3
www/ruby-actionpack32 3.2.3
mail/ruby-actionmailer32 3.2.3
devel/ruby-railties32 3.2.3
www/ruby-rails32 3.2.3

(taca)

Update www/ruby-rails32 to 3.2.3.

No change but version.

(taca)

Update devel/ruby-railties32 to 3.2.3.

No change but version.

(taca)

Update mail/ruby-actionmailer32 to 3.2.3.

## Rails 3.2.3 (unreleased) ##

*  Upgrade mail version to 2.4.3 *ML*

(taca)

Update www/ruby-actionpack32 to 3.3.2.

## Rails 3.2.3 (unreleased) ##

*  Remove the leading \n added by textarea on assert_select. *Santiago Pastorino*

*  Fix #5632, render :inline set the proper rendered format. *Santiago Pastorino*

*  Fix textarea rendering when using plugins like HAML. Such plugins encode the first newline character in the content. This issue was introduced in https://github.com/rails/rails/pull/5191 *James Coleman*

*  Add `config.action_view.embed_authenticity_token_in_remote_forms` (defaults to true) which allows to set if authenticity token will be included by default in remote forms. If you change it to false, you can still force authenticity token by passing `:authenticity_token => true` in form options *Piotr Sarnacki*

*  Do not include the authenticity token in forms where remote: true as ajax forms use the meta-tag value *DHH*

*  Turn off verbose mode of rack-cache, we still have X-Rack-Cache to
    check that info. Closes #5245. *Santiago Pastorino*

*  Fix #5238, rendered_format is not set when template is not rendered. *Piotr Sarnacki*

*  Upgrade rack-cache to 1.2. *Jos辿 Valim*

*  ActionController::SessionManagement is deprecated. *Santiago Pastorino*

*  Since the router holds references to many parts of the system like engines, controllers and the application itself, inspecting the route set can actually be really slow, therefore we default alias inspect to to_s. *Jos辿 Valim*

*  Add a new line after the textarea opening tag. Closes #393 *Rafael Mendon巽a Fran巽a*

*  Always pass a respond block from to responder. We should let the responder to decide what to do with the given overridden response block, and not short circuit it. *sikachu*

*  Fixes layout rendering regression from 3.2.2. *Jos辿 Valim*

(taca)

Update www/ruby-activeresource32 to 3.2.3.

No change but version.

(taca)

Update databasers/ruby-activerecord32 to 3.2.3.

## Rails 3.2.3 (unreleased) ##

*  Added find_or_create_by_{attribute}! dynamic method. *Andrew White*

*  Whitelist all attribute assignment by default. Change the default for newly generated applications to whitelist all attribute assignment.  Also update the generated model classes so users are reminded of the importance of attr_accessible. *NZKoz*

*  Update ActiveRecord::AttributeMethods#attribute_present? to return false for empty strings. *Jacobkg*

*  Fix associations when using per class databases. *larskanis*

*  Revert setting NOT NULL constraints in add_timestamps *fxn*

*  Fix mysql to use proper text types. Fixes #3931. *kennyj*

*  Fix #5069 - Protect foreign key from mass assignment through association builder. *byroot*

(taca)

Update devel/ruby-activemodel32 to 3.2.3.

No change but version.

(taca)

Update devel/ruby-activesupport32 to 3.2.3.

No change but version.

(taca)

Start updating Ruby on Rails to 3.2.3.

(taca)

Update of these packages:

devel/ruby-simplecov 0.6.2
devel/ruby-subexec 0.2.2

(taca)

Update ruby-subexec to 0.2.2.
Exact changes aren't available.

* Fix for JRuby.
* Run with Solaris's /bin/sh.

(taca)

Update ruby-simplecov to 0.6.2.

v0.6.2 (2012-04-20)
===================

  * Updated to latest version of MultiJSON and it's new API (thanks to
    @sferik and @ronen).
    See https://github.com/colszowka/simplecov/pull/122

(taca)

Note update of json related ruby pacakges:

textproc/ruby-multi_json 1.3.4
textproc/ruby-json 1.7.0
textproc/ruby-json-pure 1.7.0

(taca)

Update ruby-json and ruby-json-pure to 1.7.0

2012-04-28 (1.7.0)
  * Add JSON::GenericObject for method access to objects transmitted via JSON.
2012-04-27 (1.6.7)
  * Fix possible crash when trying to parse nil value.

(taca)

Update ruby-multi_json to 1.3.4.
Exact changes aren't avaiable.

* Add support for Oj library.
* Several bug fixes.

(taca)

Note update of these packages:

devel/ruby-rspec-expectations 2.9.1
devel/ruby-sexp-processor 3.2.0

(taca)

Update ruby-sexp-processor to 3.2.0.

=== 3.2.0 / 2012-04-15

* 5 minor enhancements:

  * Added a ton of block arg tests.
  * Added add19_edgecases to help refactor a bunch of tests that all have the same output.
  * Added better debugging output for rewrites.
  * Cleaned and added a bunch of stabby proc tests.
  * Moved RawParseTree test data to ParseTree project.

* 2 bug fixes:

  * Fixed a bunch of entries for r2r changes against edgecase parse/lex tests
  * Fixes for R2R

(taca)

Update ruby-rspec-expectations to 2.9.1.

### 2.9.1 / 2012-04-03
[full changelog](http://github.com/rspec/rspec-expectations/compare/v2.9.0...2.9.1)

Bug fixes

* Provide a helpful message if the diff between two objects is empty.
* Fix bug diffing single strings with multiline strings.
* Fix for error with using custom matchers inside other custom matchers
  (mirasrael)
* Fix using execution context methods in nested DSL matchers (mirasrael)

(taca)

Note update of these pacakges:

devel/ruby-kgio 2.7.4
devel/ruby-logging 1.7.2
devel/ruby-mocha 0.11.3

(taca)

Update ruby-mocha to 0.11.3.

= 0.11.3
* Fix for #78 i.e. alias Object#method as Object#_method, not Object#__method__ which already exists as another Ruby method.

= 0.11.2
* Rails has a Request class which defines its own #method method. This broke the new mechanism for stubbing a method. This release includes a slightly modified version of fix #77 provided by @sikachu. See https://github.com/rails/rails/pull/5907 for further info.

= 0.11.1 ()
* In Ruby 1.8.7 methods accepting a block parameter were incorrectly restored without the block parameter after being stubbed. Fix for #76.

= 0.11.0 (fa601c89a7f5314dc3d258391a99c6a9e25cefb3)
* Store original method when stubbing rather than using alias_method. This fixes #41, #47, #74 and all tests now pass on both Ruby 1.8.7 and 1.9.3.
* Attempting to stub a method on a frozen object should fail fast. See #68.
* Prevent stubbing a method on nil by default. See #68.
* Generate documentation using YARD instead of Rdoc - removes dependency on Coderay.
* Publish documentation on Github pages instead of Rubyforge - uses rake task written by @tomafro.
* Remove agiledox which has outlived it's usefulness.
* Removed trailing whitespace throughout codebase.
* Add documentation for Mock#unstub.
* Improve documentation for ObjectMethods.
* Provide a way to run multiple tests within a single acceptance test method.

(taca)

Update ruby-logging to 1.7.2.

== 1.7.2 / 2012-04-03

Bug Fixes
- Fixed segmentation fault on exit [issue #30]
- Fixed syswrite warning when IO contains unflushed data in buffer [issue #31]
- Added "mingw" to the list of Windows host versions

== 1.7.1 / 2012-03-05

Bug Fixes
- Fixed deprecated use of Config::* [issue #29]

== 1.7.0 / 2012-02-18

Enhancements
- Move appender factories [issue #28]
- ActionMail compatible options in the email appender [issue #27]
- Add TLS support to the email appender [issue #25]
- Refactoring appender shutdown [issue #20]
Bug Fixes
- File locking fails on windows using JRuby [issue #22]

== 1.6.2 / 2012-01-05

Bug Fixes
- Fix typo in the Readme [issue #14]
- Fix spelling in a variety of places [issue #15]
- Solaris does not have Syslog#LOG_PERROR defined [issue #17]
- Fix failing tests for Ruby 1.9.3 [issue #18]
- Check for RUBY_ENGINE for Ruby 1.8.7 [issue #19]
- Whitespace and '# EOF' cleanup
- Support for Rubinious

== 1.6.1 / 2011-09-09

Bug Fixes
- Rails compatibility methods [issue #11]
- Blocked rolling file appender [issue #12]

== 1.6.0 / 2011-08-22

Enhancements
- Adding periodic flushing of buffered messages [issue #10]
- Accessor for a logger's appenders [issue #9]
- Better support for capturing log messages in RSpec version 1 & 2

== 1.5.2 / 2011-07-07

Bug Fixes
- Changing working directory breaks rolling file appenders [issue #8]

== 1.5.1 / 2011-06-03

Bug Fixes
- IO streams cannot be buffered when using syswrite
- JRuby does not allow shared locks on write only file descriptors
- Fixing tests for JRuby 1.6.X

== 1.5.0 / 2011-03-22

Minor Enhancements
- removed mutexes in favor of IO#syswrite
- no round tripping through the buffer array when auto_flushing is true
- added a Proxy object that will log all methods called on it
- colorization of log messages

(taca)

Update ruby-kgio package to 2.7.4.

=== kgio 2.7.4 - small fixes and cleanups / 2012-03-24 01:15 UTC

  Fix build for platforms lacking both TCP_CORK _and_ TCP_NOPUSH
  There are many test case fixes and cleanups, too.

(taca)

Note update of textproc/ruby-json and textproc/ruby-json-pure
package to 1.6.6.

(taca)

Update ruby-json and ruby-json-pure pacakge to 1.6.6.

2012-02-11 (1.6.6)
  * Propagate src encoding to values made from it (fixes 1.9 mode converting
    everything to ascii-8bit; harmless for 1.8 mode too) (Thomas E. Enebo
    <tom.enebo@gmail.com>), should fix
    https://github.com/flori/json/issues#issue/119.
  * Fix https://github.com/flori/json/issues#issue/124 Thx to Jason Hutchens.
  * Fix https://github.com/flori/json/issues#issue/117

(taca)

Note update of devel/ruby-gettext_i18n_rails package to 0.4.6.

(taca)

Update ruby-gettext_i18n_rails to 0.4.6.

Exact changes are unknown but improvemnt for handling of unparseable
1.9 syntax files.

(taca)

Note update of devel/ruby-fast_gettext package to 0.6.6.

(taca)

Update ruby-fast_gettext to 0.6.6.

Exact changes are unknown, but some bug fixes and remove development
dependency to jeweler.

(taca)

Note update of devel/hoe package to 3.0.3.

(taca)

Update hoe package to 3.0.3.

=== 3.0.3 / 2012-04-09

* 2 bug fixes:

  * Fixed racc plugin's gem dependency activation
  * Fixed rake multi's use of multiruby_skip.

=== 3.0.2 / 2012-04-03

* 1 bug fix:

  * Generate urls list properly in #announcement if you use k/v form

=== 3.0.1 / 2012-03-26

* 1 minor enhancement:

  * Uniqify hoe plugins in sow Rakefile template. (evanphx)

* 3 bug fixes:

  * Fixed have_gem? checks in the install_plugins task to match the install_gem calls.
  * Fixed homepage handling when bullet list used in readme. (evanphx)
  * Removed deprecated use of #url in publish plugin

(taca)

Note update of databases/ruby-sqlite3 package to 1.3.6.

(taca)

Update ruby-sqlite3 package to 1.3.6.

=== 1.3.6 / 2012-04-16

* Enhancements
  * Windows: build against SQLite 3.7.11
  * Added SQLite3::ResultSet#each_hash for fetching each row as a hash.
  * Added SQLite3::ResultSet#next_hash for fetching one row as a hash.

* Bugfixes
  * Support both UTF-16LE and UTF-16BE encoding modes on PPC. Closes #63
  * Protect parameters to custom functions from being garbage collected too
    soon. Fixes #60. Thanks hirataya!
  * Fix backwards compatibility with 1.2.5 with bind vars and `query` method.
    Fixes #35.
  * Fix double definition error caused by defining sqlite3_int64/uint64.
  * Fix suspicious version regexp.

* Deprecations
  * ArrayWithTypesAndFields#types is deprecated and the class will be removed
    in version 2.0.0.  Please use the `types` method on the ResultSet class
    that created this object.
  * ArrayWithTypesAndFields#fields is deprecated and the class will be removed
    in version 2.0.0.  Please use the `columns` method on the ResultSet class
    that created this object.
  * The ArrayWithTypesAndFields class will be removed in 2.0.0
  * The ArrayWithTypes class will be removed in 2.0.0
  * HashWithTypesAndFields#types is deprecated and the class will be removed
    in version 2.0.0.  Please use the `types` method on the ResultSet class
    that created this object.
  * HashWithTypesAndFields#fields is deprecated and the class will be removed
    in version 2.0.0.  Please use the `columns` method on the ResultSet class
    that created this object.

(taca)

Note update of databases/ruby-sequel package to 3.34.1.

(taca)

Update ruby-sequel package to 3.34.1.

=== 3.34.1 (2012-04-02)

* Fix bug in optimization of primary key lookup (jeremyevans) (#460)

As for 3.34.0, changes are too many, please refer:

http://sequel.rubyforge.org/rdoc/files/CHANGELOG.html

(taca)

Note update of mail/postfix package to 2.8.10.

(taca)

Update postfix package to 2.8.10.

Major changes with Postfix 2.8.10
---------------------------------

This release adds support to turn off the TLSv1.1 and TLSv1.2
protocols.  Introduced with OpenSSL version 1.0.1, these are known
to cause inter-operability problems with for example hotmail.

The radical workaround is to temporarily turn off problematic
protocols globally:

/etc/postfix/main.cf:
    smtp_tls_protocols = !SSLv2, !TLSv1.1, !TLSv1.2
    smtp_tls_mandatory_protocols = !SSLv2, !TLSv1.1, !TLSv1.2

    smtpd_tls_protocols = !SSLv2, !TLSv1.1, !TLSv1.2
    smtpd_tls_mandatory_protocols = !SSLv2, !TLSv1.1, !TLSv1.2

However, it may be better to temporarily turn off problematic
protocols for broken sites only:

/etc/postfix/main.cf:
    smtp_tls_policy_maps = hash:/etc/postfix/tls_policy

/etc/postfix/tls_policy:
    example.com        may protocols=!SSLv2:!TLSv1.1:!TLSv1.2

Important:

- Note the use of ":" instead of comma or space. Also, note that
  there is NO space around the "=" in "protocols=".

- The smtp_tls_policy_maps lookup key must match the "next-hop"
  destination that is given to the Postfix SMTP client. If you
  override the next-hop destination with transport_maps, relayhost,
  sender_dependent_relayhost_maps, or otherwise, you need to specify
  the same destination for the smtp_tls_policy_maps lookup key.

(taca)

Note update of archivers/ruby-zip package to 0.9.8.

(taca)

Update ruby-zip package to 0.9.8.

pkgsrc change: Update HOMEPAGE.

= Version 0.9.8

Fixed: "Unitialized constant NullInputStream" error

(taca)

Note update of misc/rubygems package to 1.8.24.

(taca)

Update rubygems package to 1.8.24.

=== 1.8.24 / 2012-04-27

* 1 bug fix:

  * Install the .pem files properly. Fixes #320
  * Remove OpenSSL dependency from the http code path

(taca)

Note update of sysutils/ruby-rb-appscript package to 0.6.1.

(taca)

Update sysutils/ruby-rb-appscript to 0.6.1.

2010-03-19 -- 0.6.1

* removed 32-bit only AE.run_application_event_loop,
  AE.quit_application_event_loop
* updated AE.launch_application to use LSOpenApplication
* minor documentation fixes

2010-12-17 -- 0.6.0

* added UTF-8 Encoding support in Ruby 1.9+; added
  AEMCodecs::Codecs#use_ascii_8bit for optionally disabling it
* AEM::Codecs#pack now accepts Date, DateTime instances; added
  AEM::Codecs#use_date_time method for unpacking typeLongDateTime descriptors
  as DateTime instead of Time instances
* removed AE.get_app_terminology() as it relied on deprecated Carbon APIs
* added AE.copy_scripting_definition()
* the OSAX module now now uses OSACopyScriptingDefinition() to obtain
  scripting addition terminology, so works in both 32- and 64-bit Ruby. Note
  that in addition to limitations of OSACopyScriptingDefinition
  (e.g. aete-to-sdef conversion is not 100% reliable), the SdefParser is
  limited in capability (no support for xi:include, class-extension, synonym
  elements), but should suffice for parsing relatively simple osax
  dictionaries.
* modified Terminology.dump() to retrieve aete resources via 'ascrgdte'
  events; added OSAX.dump() method
* added workaround for transaction id bug in some versions of OS X 10.6
* renamed AEMReference::Base class to AEMReference::Query
* renamed Send::CommandError class to Send::EventError; note that AEM
  re-exports it as AEM::EventError and [for backwards compatibilty]
  AEM::CommandError

2009-07-18 -- 0.5.3

* fixed pALL code in defaultterminology
* fixed OSAX module initialisation code (previously didn't initialise if
  ScriptingAddition.new was called directly)
* fixed out-of-date URLs in appscript manual

2009-07-05 -- 0.5.2

* removed deprecated AEM::Application.is_running? method
* added #dont_cache_unpacked_specifiers, #pack_strings_as_type compatibility
  options to AEM::Codecs
* added default definitions for 'item' type, 'items' elements, 'properties'
  property as Apple have removed the 'item' class definition from
  skeleton.sdef (the default terminology for Cocoa apps)
* property and elements methods now raise ArgumentError if passed arguments;
  previously, malformed elements selectors,
  e.g. app('TextEdit').documents(1).text, would be silently ignored, resulting
  in unexpected behaviour
* Codecs#unpack now tries to coerce descriptors of typeVersion to unicode text
  (works on 10.4+) c.f. AppleScript (note: itunes.version.get returns the
  wrong version number otherwise; this appears to be an iTunes bug, but is
  masked by current AppleScript behaviour)
* #process_exists_for_url?, #remote_app in connect.rb now raise error if URL
  string doesn't contain a colon (process will crash otherwise due to an OS
  bug)
* improved error reporting in Reference#[] when a malformed generic reference
  containing a command expands to a non-reference value. e.g. its.name.get()
  would previously expand the the value of the object's 'name' property,
  typically a string, resulting in a cryptic NoMethodError; this now raises a
  descriptive ArgumentError.
* fixed bug where Terminology module would error on zero-length keywords in
  problem dictionaries (e.g. MS Word 12.1.7)
* AEM::Codecs now correctly unpacks AEDescs of typeBoolean whose data >1 byte
* fixed inconsistent escaping of application-defined property/element names
  that overlap built-in type/enum/property names but uses different
  codes. e.g. Adobe Illustrator defines 'rotation' as 'SxRx' - this overlaps
  built-in definition ('rotation' = 'trot'), so is escaped as
  'rotation_'. Previously only the Keyword was escaped (i.e. :rotation_ but
  ref.rotation) now both are escaped (i.e. :rotation_, ref.rotation_). Users
  should update existing code as needed.
* restructured defaultterminology.rb to make it easier to maintain
* changed default terminology mapping for :data from KAE::CRawData ('rdat') to
  KAE::TypeData ('tdta')
* the OSAX module now obtains list of installed scripting additions on first
  use instead of import (the .osax scanning code uses System Events via AEM,
  and sending Apple events in event loop-based application before the event
  loop is started can disrupt the process's handling of incoming Apple events)

(taca)

Note update of lang/php53 package to 5.3.11.

(taca)

Update php53 package to 5.3.11.

For full changes, please refer <http://www.php.net/ChangeLog-5.php#5.3.11>.

Security Enhancements:

* Fixed bug #54374 (Insufficient validating of upload name leading to
  corrupted $_FILES indices). (CVE-2012-1172).
* Add open_basedir checks to readline_write_history and readline_read_history.
* Fixed bug #61043 (Regression in magic_quotes_gpc fix for CVE-2012-0831).

Key enhancements in these releases include:

* Added debug info handler to DOM objects.
* Fixed bug #61172 (Add Apache 2.4 support).

(taca)

Note update of security/openssl package to 0.9.8w.

(taca)

Update openssl package to 0.9.8w.

Security fix for CVS-2012-2131.

Changes between 0.9.8v and 0.9.8w [23 Apr 2012]

  *) The fix for CVE-2012-2110 did not take into account that the
    'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an
    int in OpenSSL 0.9.8, making it still vulnerable. Fix by
    rejecting negative len parameter. (CVE-2012-2131)
    [Tomas Hoger <thoger@redhat.com>]

(taca)

Remove modular-xorg-server-1.12.0 since modular-xorg-server-1.12.1 is there.

(taca)

Note update of www/contao211-translations package to 201204220.

(taca)

Update contao211-translations package to 201204220.

Update Japanese language files.

(taca)

Note update of ruby19-base and ruby19 package to 1.9.2pl320.

(taca)

Reset PKGREVISION.

(taca)

Update ruby19 packages to 1.9.2p320.

Security fix with updating bundled RubyGems to 1.8.23 and several a few bug
fixes.

Fri Apr 20 12:40:19 2012  Eric Hodel  <drbrain@segment7.net>

* lib/rubygems/ssl_certs/AddTrustExternalCARoot.pem:  Removed to avoid
  conflict with ca-bundle.pem
* lib/rubygems/ssl_certs/VerisignClass3PublicPrimaryCertificationAuthority-G2.pem:
  ditto.
* lib/rubygems/ssl_certs/Entrust_net-Secure-Server-Certification-Authority.pem:
  ditto.

Fri Apr 20 09:04:35 2012  Eric Hodel  <drbrain@segment7.net>

* lib/rubygems:  Apply the following security fixes to RubyGems 1.3.7:

  RubyGems now disallows redirection from HTTPS to HTTP.

  RubyGems now verifies SSL connections.

  Patch by Hiroshi Nakamura.

* test/rubygems:  ditto.

(taca)

Note update of ruby193-base and some related packages:

lang/ruby193-base 1.9.3p194
lang/ruby193 1.9.3p194
devel/ruby-mode 1.9.3p194

(taca)

Update ruby193 packages to 1.9.3p194.

Security fix with updating bundled RubyGems to 1.8.23 and several bug fixes.
Please refer ChangeLog in detail:
http://svn.ruby-lang.org/repos/ruby/tags/v1_9_3_194/ChangeLog

(taca)

Note update of misc/rubygems package to 1.8.23.

(taca)

Update rubygems package to 1.8.23.

=== 1.8.23 / 2012-04-19

This release increases the security used when RubyGems is talking to
an https server. If you use a custom RubyGems server over SSL, this
release will cause RubyGems to no longer connect unless your SSL cert
is globally valid.

You can configure SSL certificate usage in RubyGems through the
:ssl_ca_cert and :ssl_verify_mode options in ~/.gemrc and /etc/gemrc.
The recommended way is to set :ssl_ca_cert to the CA certificate for
your server or a certificate bundle containing your CA certification.

You may also set :ssl_verify_mode to 0 to completely disable SSL
certificate checks, but this is not recommended.

* 2 security fixes:
  * Disallow redirects from https to http
  * Turn on verification of server SSL certs

* 1 minor feature:
  * Add --clear-sources to fetch

* 2 bug fixes:
  * Use File.identical? to check if two files are the same.
  * Fixed init_with warning when using psych

=== 1.8.22 / 2012-04-13

* 4 bug fixes:

  * Workaround for psych/syck YAML date parsing issue
  * Don't trust the encoding of ARGV. Fixes #307
  * Quiet default warnings about missing spec variables
  * Read a binary file properly (windows fix)

=== 1.8.21 / 2012-03-22

* 2 bug fixes:

  * Add workaround for buggy yaml output from 1.9.2
  * Force 1.9.1 to remove it's prelude code. Fixes #305

=== 1.8.20 / 2012-03-21

* 4 bug fixes:

  * Add --force to `gem build` to skip validation. Fixes #297
  * Gracefully deal with YAML::PrivateType objects in Marshal'd gemspecs
  * Treat the source as a proper url base. Fixes #304
  * Warn when updating the specs cache fails. Fixes #300

=== 1.8.19 / 2012-03-14

* 3 bug fixes:

  * Handle loading psych vs syck properly. Fixes #298
  * Make sure Date objects don't leak in via Marshal
  * Perform Date => Time coercion on yaml loading. Fixes #266

=== 1.8.18 / 2012-03-11

* 4 bug fixes:

  * Use Psych API to emit more compatible YAML
  * Download and write inside `gem fetch` directly. Fixes #289
  * Honor sysconfdir on 1.8. Fixes #291
  * Search everywhere for a spec for `gem spec`. Fixes #288
  * Fix Gem.all_load_path. Fixes #171

(taca)

Note update of security/openssl package to 0.9.8v.

(taca)

Update openssl package to 0.9.8v.

NEWS
====

This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.

Major changes between OpenSSL 0.9.8u and OpenSSL 0.9.8v:

    o Fix for ASN1 overflow bug CVE-2012-2110

(taca)

Fix typo of HOMEPAGE which was never accessable URL.

Noted by ISIHARA Takanori at K*BUG meeting.

(taca)

Note update of TYPO3 packages:

www/typo3_45 4.5.15
www/typo3_46 4.6.8

(taca)

Update typo3_46 package to 4.6.8 (TYPO3 4.6.8).

Contains fix for XSS, https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-002/.

2012-04-17  7bec4f3                  [RELEASE] Release of TYPO3 4.6.8 (TYPO3 v4 Release Team)
2012-04-17  e894089  #34348          [SECURITY] XSS in exception handler (Oliver Klee)
2012-04-17  da929e3                  [TASK] Raise submodule pointer (TYPO3 v4 Release Team)
2012-04-15  4fb406e  #36027          [BUGFIX] Localisation update doesn't work (Sebastian Fischer)
2012-04-14  a444816  #34742          [TASK] Change hardcoded URL to constant (dkd-egerer Sascha Egerer)
2012-04-14  32017dc  #33497,#34897  [BUGFIX] t3lib_http_Request can not be loaded in frontend (Philipp Gampe)
2012-04-13  efe107e  #34923          [BUGFIX] Hardcoded variable in CookieJar.php (Philipp Gampe)
2012-04-12  f1bb34c  #32581          [BUGFIX] Slider doesn't work in IE9 (Jigal van Hemert)
2012-04-12  88135a6  #35202          [BUGFIX] Fix the unit tests to work with PHPUnit 3.6 (Oliver Klee)
2012-04-12  f68a85e  #34860,#33685  [BUGFIX] Results from live search and opendocs can't be opened (Stefan Galinski)
2012-04-12  fbde347  #35905          [BUGFIX] Failing test in autoloader with phpunit 3.6 (Christian Kuhn)
2012-04-12  fed2e3c  #35897          [BUGFIX] Failing test in caching framework memcache backend (Christian Kuhn)
2012-04-11  87e9436  #35847          [BUGFIX] t3lib_div::getUrl() providing wrong error information (Ingo Renner)
2012-04-11  7825e7a  #35272          [BUGFIX] Enable XClassing of t3lib_install by replacing new (Kay Strobach)
2012-04-11  51d1dcf  #35126          [BUGFIX] Use state "excludeFromUpdates" in update check (Jigal van Hemert)
2012-04-10  e1c402f  #35257          [BUGFIX] ext_icon.gif for EXT:impexp (Georg Ringer)
2012-04-08  f4e9e59  #34695          [BUGFIX] missing parameter for implode (Jigal van Hemert)
2012-04-05  80946db  #31831          [BUGFIX] "Allowed excludefields" misses non-tt_content FlexForms (Kai Vogel)
2012-04-05  bd038d6  #32517          [BUGFIX] Set filename to downloaded resource in t3lib_compressor (Morton Jonuschat)
2012-03-29  2df8eda  #34625          [BUGFIX] preg_spliti should be preg_split (Georg Ringer)

(taca)

Update typo3_45 package to 4.5.15 (TYPO3 4.5.15).

Contains fix for XSS, https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-002/.

2012-04-17  7bd7fa7                  [RELEASE] Release of TYPO3 4.5.15 (TYPO3 v4 Release Team)
2012-04-17  34cd65d  #34348          [SECURITY] XSS in exception handler (Oliver Klee)
2012-04-17  03ed1e3                  [TASK] Raise submodule pointer (TYPO3 v4 Release Team)
2012-04-15  bd08193  #36027          [BUGFIX] Localisation update doesn't work (Sebastian Fischer)
2012-04-14  455c288  #34742          [TASK] Change hardcoded URL to constant (dkd-egerer Sascha Egerer)
2012-04-13  d92797c  #24884          [BUGFIX] Saving Page Tree states issues in large environments (cybercraft)
2012-04-12  89232cd  #35202          [BUGFIX] Fix the unit tests to work with PHPUnit 3.6 (Oliver Klee)
2012-04-12  573c480  #34860,#33685  [BUGFIX] Results from live search and opendocs can't be opened (Stefan Galinski)
2012-04-12  df51e20  #35897          [BUGFIX] Failing test in caching framework memcache backend (Christian Kuhn)
2012-04-11  174d81f  #35847          [BUGFIX] t3lib_div::getUrl() providing wrong error information (Ingo Renner)
2012-04-11  8d9854c  #35272          [BUGFIX] Enable XClassing of t3lib_install by replacing new (Kay Strobach)
2012-04-10  d5b2b13  #35257          [BUGFIX] ext_icon.gif for EXT:impexp (Georg Ringer)
2012-04-08  f9fe38e  #34695          [BUGFIX] missing parameter for implode (Jigal van Hemert)
2012-04-05  c49f742  #31831          [BUGFIX] "Allowed excludefields" misses non-tt_content FlexForms (Kai Vogel)
2012-03-29  2a25362  #34625          [BUGFIX] preg_spliti should be preg_split (Georg Ringer)
2012-03-28  a2b1f8c  #25021          [BUGFIX] Creating new pages via drag'n'drop respects page TS (Philipp Kitzberger)

(taca)

- mysql-5.0.96.
+ mysql-5.5.23, xlsatoms-1.1.1 [unpackaged], xpr-1.0.4 [unpackaged].

(taca)

Note update of databases/mysql5-client and databases/mysql5-server
packages to 5.0.96.

(taca)

Update mysql5-client and mysql5-server to 5.0.96, last release of
MySQL 5.0 series.

5.0.96

* yaSSL was upgraded from version 1.7.2 to 2.2.0.

5.0.95

* No change log entries.

5.0.94

* Some files in the MySQL Server sources containing legacy code still used the
  LGPL license. Such files that were no longer in use have been removed. Any
  such code that remains following this removal now appears under the GPL
  only. (Bug #11896296)

  References: See also Bug #11840513.

* Under some circumstances, the result of SUBSTRING_INDEX() incorrectly
  depended on the contents of the previous row. (Bug #42404, Bug #11751514)

5.0.93

* Security Fix: The PolyFromWKB() function could crash the server when
  improper WKB data was passed to the function. (Bug #51875, Bug #11759554,
  CVE-2010-3840)

* Security Fix: Bug #36544 was fixed.

* Security Fix: Bug #49124 and Bug #11757121 were fixed.

* Two unused test files in storage/ndb/test/sql contained incorrect versions
  of the GNU Lesser General Public License. The files and the directory
  containing them have been removed. (Bug #11810224)

  References: See also Bug #11810156.

* On FreeBSD and OpenBSD, the server incorrectly checked the range of the
  system date, causing legal values to be rejected. (Bug #55755, Bug
  #11763089)

(taca)

Note update of graphics/tiff package to 4.0.1nb1.

(taca)

Add fix for CVE-2012-1173 from upstream.

Bump PKGREVISION.

(taca)

Fix build problem on the platform without RLIMIT_AS; NetBSD 4.

No PKGREVISION bump since it is simply fix of build problem.

(taca)

Note update of devel/glib2 package to 2.30.3nb1.

(taca)

Make sure to initialize mutex before use it.  Should be fix PR pkg/46266
by me.

Bump PKGREVISION but no need to recursive bump since it simply fixes
internal problem of glib2 and no external interface at all.

(taca)

Note update of lang/php53 package to 5.3.10nb1.

(taca)

Add a patch to fix possible newline injection problem of header() function
from PHP 5.4.0.  This is a small security fix.

Bump PKGREVISION.

(taca)