openssl (1.0.1e-2+deb7u14) and other new year security updates

etc/default/ntpdate.dpkg-dist

@@ -7,7 +7,7 @@ NTPDATE_USE_NTP_CONF=yes
 
 # List of NTP servers to use  (Separate multiple servers with spaces.)
 # Not used if NTPDATE_USE_NTP_CONF is yes.
-NTPSERVERS="0.progress.pool.ntp.org 1.progress.pool.ntp.org 2.progress.pool.ntp.org 3.progress.pool.ntp.org"
+NTPSERVERS="0.debian.pool.ntp.org 1.debian.pool.ntp.org 2.debian.pool.ntp.org 3.debian.pool.ntp.org"
 
 # Additional options to pass to ntpdate
 NTPOPTIONS=""

usr/bin/run-mailcap

@@ -9,6 +9,7 @@
 #
 ###############################################################################
 
+use File::Spec;
 
 $debug=($ENV{RUN_MAILCAP_DEBUG} || 0);
 $norun=0;
@@ -474,27 +475,22 @@ foreach (@files) {
         }
 
         if ($file ne "-") {
-            if ($comm =~ m/[^%]%s/) {
-                if ($file =~ m![^ a-z0-9,.:/@%^+=_-]!i) {
-                    $match =~ m/nametemplate=(.*?)\s*($|;)/;
-                    my $prefix = $1;
-                    my $linked = 0;
-                    while (!$linked) {
-                        $tmplink = TempFile($prefix);
-                        unlink($tmplink);
-                        if ($file =~ m!^/!) {
-                            $linked = symlink($file,$tmplink);
-                        } else {
-                            my $pwd = `/bin/pwd`;
-                            chomp($pwd);
-                            $linked = symlink("$pwd/$file",$tmplink);
-                        }
-                    }
-                    print STDERR " - filename contains shell meta-characters; aliased to '$tmplink'\n" if $debug;
-                    $comm =~ s/([^%])%s/$1$tmplink/g;
-                } else {
-                    $comm =~ s/([^%])%s/$1$file/g;
+            # Resolve file name to an absolute path
+            $file = File::Spec->rel2abs($file);
+            if ($file =~ m![^ a-z0-9,.:/@%^+=_-]!i) {
+                $match =~ m/nametemplate=(.*?)\s*($|;)/;
+                my $prefix = $1;
+                my $linked = 0;
+                while (!$linked) {
+                    $tmplink = TempFile($prefix);
+                    unlink($tmplink);
+                    $linked = symlink($file,$tmplink);
                 }
+                $file = $tmplink;
+                print STDERR " - filename contains shell meta-characters; aliased to '$tmplink'\n" if $debug;
+            }
+            if ($comm =~ m/[^%]%s/) {
+                   $comm =~ s/([^%])%s/$1$file/g;
             } else {
                 if ($comm =~ m/\|/) {
                     $comm =~ s/\|/<\Q$file\E \|/;

var/lib/dpkg/available

@@ -787,15 +787,15 @@ Homepage: http://www.gnupg.org
 Package: libssl1.0.0
 Priority: important
 Section: libs
-Installed-Size: 6999
+Installed-Size: 7003
 Maintainer: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>
 Architecture: i386
 Multi-Arch: same
 Source: openssl
-Version: 1.0.1e-2+deb7u13
+Version: 1.0.1e-2+deb7u14
 Depends: libc6 (>= 2.7), zlib1g (>= 1:1.1.4), debconf (>= 0.5) | debconf-2.0
 Pre-Depends: multiarch-support
-Size: 3034726
+Size: 3037322
 Description: SSL shared libraries
  libssl and libcrypto shared libraries needed by programs like
  apache-ssl, telnet-ssl and openssh.
@@ -1335,13 +1335,13 @@ Maintainer: Alessandro Ghedini <ghedo@debian.org>
 Architecture: i386
 Multi-Arch: same
 Source: curl
-Version: 7.26.0-1+wheezy11
+Version: 7.26.0-1+wheezy12
 Replaces: libcurl4-gnutls
 Depends: libc6 (>= 2.11), libgcrypt11 (>= 1.4.5), libgnutls26 (>= 2.12.17-0), libgssapi-krb5-2 (>= 1.10+dfsg~), libidn11 (>= 1.13), libldap-2.4-2 (>= 2.4.7), librtmp0 (>= 2.3), libssh2-1 (>= 1.2.6), zlib1g (>= 1:1.1.4)
 Pre-Depends: multiarch-support
 Recommends: ca-certificates
 Conflicts: libcurl4-gnutls
-Size: 326444
+Size: 326484
 Description: easy-to-use client-side URL transfer library (GnuTLS flavour)
  libcurl is an easy-to-use client-side URL transfer library, supporting DICT,
  FILE, FTP, FTPS, GOPHER, HTTP, HTTPS, IMAP, IMAPS, LDAP, POP3, POP3S, RTMP,
@@ -3160,10 +3160,10 @@ Section: utils
 Installed-Size: 1002
 Maintainer: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>
 Architecture: i386
-Version: 1.0.1e-2+deb7u13
+Version: 1.0.1e-2+deb7u14
 Depends: libc6 (>= 2.7), libssl1.0.0 (>= 1.0.1e-2+deb7u5), zlib1g (>= 1:1.1.4)
 Suggests: ca-certificates
-Size: 693616
+Size: 693642
 Description: Secure Socket Layer (SSL) binary and related cryptographic tools
  This package contains the openssl binary and related tools.
  .
@@ -4010,16 +4010,16 @@ Homepage: http://live.debian.net/devel/live-boot/
 Package: libmagic1
 Priority: standard
 Section: libs
-Installed-Size: 2381
+Installed-Size: 2385
 Maintainer: Daniel Baumann <daniel.baumann@progress-technologies.net>
 Architecture: i386
 Multi-Arch: same
 Source: file
-Version: 5.11-2+deb7u6
+Version: 5.11-2+deb7u7
 Depends: libc6 (>= 2.8), zlib1g (>= 1:1.1.4)
 Pre-Depends: multiarch-support
 Suggests: file
-Size: 204892
+Size: 206070
 Description: File type determination library using "magic" numbers
  This library can be used to classify files according to magic number tests. It
  implements the core functionality of the file command.
@@ -5503,13 +5503,13 @@ Description: GNU version of the tar archiving utility
 Package: file
 Priority: standard
 Section: utils
-Installed-Size: 62
+Installed-Size: 66
 Maintainer: Daniel Baumann <daniel.baumann@progress-technologies.net>
 Architecture: i386
 Multi-Arch: foreign
-Version: 5.11-2+deb7u6
-Depends: libc6 (>= 2.4), libmagic1 (= 5.11-2+deb7u6), zlib1g (>= 1:1.1.4)
-Size: 52374
+Version: 5.11-2+deb7u7
+Depends: libc6 (>= 2.4), libmagic1 (= 5.11-2+deb7u7), zlib1g (>= 1:1.1.4)
+Size: 53092
 Description: Determines file type using "magic" numbers
  File tests each argument in an attempt to classify it. There are three sets of
  tests, performed in this order: filesystem tests, magic number tests, and
@@ -6546,11 +6546,11 @@ Section: web
 Installed-Size: 324
 Maintainer: Alessandro Ghedini <ghedo@debian.org>
 Architecture: i386
-Version: 7.26.0-1+wheezy11
+Version: 7.26.0-1+wheezy12
 Replaces: curl-ssl
 Provides: curl-ssl
-Depends: libc6 (>= 2.7), libcurl3 (= 7.26.0-1+wheezy11), zlib1g (>= 1:1.1.4)
-Size: 268558
+Depends: libc6 (>= 2.7), libcurl3 (= 7.26.0-1+wheezy12), zlib1g (>= 1:1.1.4)
+Size: 268582
 Description: command line tool for transferring data with URL syntax
  curl is a command line tool for transferring data with URL syntax, supporting
  DICT, FILE, FTP, FTPS, GOPHER, HTTP, HTTPS, IMAP, IMAPS, LDAP, POP3, POP3S,
@@ -10649,13 +10649,13 @@ Maintainer: Alessandro Ghedini <ghedo@debian.org>
 Architecture: i386
 Multi-Arch: same
 Source: curl
-Version: 7.26.0-1+wheezy11
+Version: 7.26.0-1+wheezy12
 Replaces: libcurl2 (<< 1:7.11.2-2), libcurl4
 Depends: libc6 (>= 2.11), libgssapi-krb5-2 (>= 1.10+dfsg~), libidn11 (>= 1.13), libldap-2.4-2 (>= 2.4.7), librtmp0 (>= 2.3), libssh2-1 (>= 1.2.6), libssl1.0.0 (>= 1.0.1), zlib1g (>= 1:1.1.4)
 Pre-Depends: multiarch-support
 Recommends: ca-certificates
 Conflicts: libcurl4
-Size: 335588
+Size: 335658
 Description: easy-to-use client-side URL transfer library (OpenSSL flavour)
  libcurl is an easy-to-use client-side URL transfer library, supporting DICT,
  FILE, FTP, FTPS, GOPHER, HTTP, HTTPS, IMAP, IMAPS, LDAP, POP3, POP3S, RTMP,
@@ -11975,18 +11975,18 @@ Description: X11 client-side library
 Package: libjasper1
 Priority: optional
 Section: libs
-Installed-Size: 357
+Installed-Size: 325
 Maintainer: Roland Stigge <stigge@antcom.de>
 Architecture: i386
 Multi-Arch: same
 Source: jasper
-Version: 1.900.1-13+deb7u1
+Version: 1.900.1-13+deb7u2
 Replaces: libjasper-1.700-2
 Depends: libc6 (>= 2.7), libjpeg8 (>= 8c)
 Pre-Depends: multiarch-support
 Suggests: libjasper-runtime
 Conflicts: libjasper-1.700-2
-Size: 159162
+Size: 159212
 Description: JasPer JPEG-2000 runtime library
  JasPer is a collection of software (i.e., a library and application programs)
  for the coding and manipulation of images.  This software can handle image
@@ -14681,13 +14681,13 @@ Homepage: http://projects.gnome.org/gconf/
 Package: mime-support
 Priority: standard
 Section: net
-Installed-Size: 192
+Installed-Size: 132
 Maintainer: Brian White <bcwhite@pobox.com>
 Architecture: all
-Version: 3.52-1
+Version: 3.52-1+deb7u1
 Recommends: file (>= 3.27-3)
 Conflicts: a2ps (<< 4.10.4), metamail (<< 2.7-44)
-Size: 35490
+Size: 35466
 Description: MIME files 'mime.types' & 'mailcap', and support programs
  As these files can be used by all MIME compliant programs, they
  have been moved into their own package that others can depend upon.
@@ -15768,17 +15768,16 @@ Homepage: http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/Tools.html
 Package: ntpdate
 Priority: optional
 Section: net
-Installed-Size: 217
-Maintainer: Progress Linux Maintainers <maintainers@lists.progress-linux.org>
-Bugs: mailto:bugs@lists.progress-linux.org
+Installed-Size: 141
+Maintainer: Debian NTP Team <pkg-ntp-maintainers@lists.alioth.debian.org>
 Architecture: i386
 Source: ntp
-Version: 1:4.2.6.p5+dfsg-2baureo1
-Depends: netbase, libc6 (>= 2.3), libssl1.0.0 (>= 1.0.0)
-Pre-Depends: dpkg-lzip
+Version: 1:4.2.6.p5+dfsg-2+deb7u1
+Depends: netbase, libc6 (>= 2.4), libssl1.0.0 (>= 1.0.0)
+Pre-Depends: dpkg (>= 1.15.7.2)
 Recommends: lockfile-progs
 Breaks: dhcp3-client (<< 4.1.0-1)
-Size: 72302
+Size: 80300
 Description: client for setting system time from NTP servers
  NTP, the Network Time Protocol, is used to keep computer clocks
  accurate by synchronizing them over the Internet or a local network,
@@ -15795,11 +15794,6 @@ Description: client for setting system time from NTP servers
  If the full NTP daemon from the package "ntp" is installed, then
  ntpdate is not necessary.
 Homepage: http://support.ntp.org/
-Original-Maintainer: Debian NTP Team <pkg-ntp-maintainers@lists.alioth.debian.org>
-Original-Uploaders: Bdale Garbee <bdale@gag.com>, Peter Eisentraut <petere@debian.org>, Kurt Roeckx <kurt@roeckx.be>
-Original-Vcs-Browser: http://svn.debian.org/wsvn/pkg-ntp/ntp/trunk/
-Original-Vcs-Svn: svn://svn.debian.org/pkg-ntp/ntp/trunk/
-Uploaders: Daniel Baumann <daniel.baumann@progress-linux.org>
 
 Package: libaa1
 Priority: optional
@@ -16773,16 +16767,16 @@ Homepage: http://www.boost.org/libs/iostreams/
 Package: cpio
 Priority: important
 Section: utils
-Installed-Size: 844
+Installed-Size: 845
 Maintainer: Ruben Molina <rmolina@udea.edu.co>
 Architecture: i386
-Version: 2.11+dfsg-0.1
+Version: 2.11+dfsg-0.1+deb7u1
 Replaces: cpio-mt
 Depends: libc6 (>= 2.6), dpkg (>= 1.15.4) | install-info
 Suggests: libarchive1
 Conflicts: cpio-mt, mt-st (<< 0.6)
 Filename: pool/main/c/cpio/cpio_2.11-4_i386.deb
-Size: 266530
+Size: 267080
 MD5sum: aa5b5d0ae83acb479bc79068643cfe1a
 Description: GNU cpio -- a program to manage archives of files
  GNU cpio is a tool for creating and extracting archives, or copying
@@ -17200,16 +17194,16 @@ Description: X.Org X server -- SiliconMotion display driver
 Package: binutils
 Priority: optional
 Section: devel
-Installed-Size: 13230
+Installed-Size: 12984
 Maintainer: Matthias Klose <doko@debian.org>
 Architecture: i386
-Version: 2.22-8
+Version: 2.22-8+deb7u2
 Replaces: binutils-gold (<< 2.20.51.20100415)
 Provides: elf-binutils
 Depends: libc6 (>= 2.11), libgcc1 (>= 1:4.1.1), libstdc++6 (>= 4.6), zlib1g (>= 1:1.2.0)
-Suggests: binutils-doc (>= 2.22-8)
+Suggests: binutils-doc (>= 2.22-8+deb7u2)
 Conflicts: binutils-gold (<< 2.20.51.20100415), elf-binutils, gas, modutils (<< 2.4.19-1)
-Size: 4565092
+Size: 4555422
 Description: GNU assembler, linker and binary utilities
  The programs in this package are used to assemble, link and manipulate
  binary and object files.  They may be used in conjunction with a compiler