libexif: fix CVE-2018-20030

Also:

- Use GitHub as source for CVE-2017-7544.patch [0]. The resulting patch
  is identical, but comes in a different format.

- Update the website, as http://libexif.sourceforge.net/ shows only a
  move notice.

- Add erictapen as maintainer.

[0] https://github.com/libexif/libexif/commit/c39acd1692023b26290778a02a9232c873f9d71a

1 files changed, 16 insertions, 7 deletions

diff --git a/pkgs/development/libraries/libexif/default.nix b/pkgs/development/libraries/libexif/default.nix
index 5a8f5126680e8..98556c474ef84 100644
--- a/pkgs/development/libraries/libexif/default.nix
+++ b/pkgs/development/libraries/libexif/default.nix
@@ -9,21 +9,30 @@ stdenv.mkDerivation rec {
   };
 
   patches = [
-   (fetchpatch {
-     name = "CVE-2017-7544.patch";
-     url = https://sourceforge.net/p/libexif/bugs/_discuss/thread/fc394c4b/489a/attachment/xx.pat;
-     sha256 = "1qgk8hgnxr8d63jsc4vljxz9yg33mbml280dq4a6050rmk9wq4la";
-   })
+    (fetchpatch {
+      name = "CVE-2017-7544.patch";
+      url = "https://github.com/libexif/libexif/commit/c39acd1692023b26290778a02a9232c873f9d71a.patch";
+      sha256 = "0xgx6ly2i4q05shb61mfx6njwf1yp347jkznm0ka4m85i41xm6sd";
+    })
+    (fetchpatch {
+      name = "CVE-2018-20030-1.patch";
+      url = "https://github.com/libexif/libexif/commit/5d28011c40ec86cf52cffad541093d37c263898a.patch";
+      sha256 = "1wv8s962wmbn2m2xypgirf12g6msrbplpsmd5bh86irfwhkcppj3";
+    })
+    # This is basically
+    # https://github.com/libexif/libexif/commit/6aa11df549114ebda520dde4cdaea2f9357b2c89.patch,
+    # but without the addition to ./NEWS
+    ./CVE-2018-20030-2.patch
   ];
-  patchFlags = "-p0";
 
   buildInputs = [ gettext ];
 
   meta = {
-    homepage = http://libexif.sourceforge.net/;
+    homepage = https://libexif.github.io/;
     description = "A library to read and manipulate EXIF data in digital photographs";
     license = stdenv.lib.licenses.lgpl21;
     platforms = stdenv.lib.platforms.unix;
+    maintainers = [ stdenv.lib.maintainers.erictapen ];
   };
 
 }