CVE-2013-7459 and CVE-2018-6594. Both patches taken from Fedora. Also took the liberty to update the PKG_SOURCE_URL to a standard one. Updated the home URL as well. Signed-off-by: Rosen Penev <rosenp@gmail.com>