- add upstream patches via fedora to fix CVE-2017-1404[01] - rediff patch from opensuse to fix CVE-2017-14039 and CVE-2017-14164