add 2 patches from upstream to fix possible buffer overflows

(CVE-2011-3193, CVE-2011-3194)
bump PKGREV

x11/qt4-libs/Makefile

@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.62 2011/08/18 12:34:26 cheusov Exp $
+# $NetBSD: Makefile,v 1.63 2011/08/30 22:18:30 drochner Exp $
 
 PKG_DESTDIR_SUPPORT=	user-destdir
 
 PKGNAME=	qt4-libs-${QTVERSION}
-PKGREVISION=	1
+PKGREVISION=	2
 COMMENT=	C++ X GUI toolkit
 
 .include "../../x11/qt4-libs/Makefile.common"

x11/qt4-libs/distinfo

@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.59 2011/08/19 14:55:15 obache Exp $
+$NetBSD: distinfo,v 1.60 2011/08/30 22:18:31 drochner Exp $
 
 SHA1 (qt-everywhere-opensource-src-4.7.3.tar.gz) = 765eb70d9779f93fefddddda5e6ddb33f4c0b71e
 RMD160 (qt-everywhere-opensource-src-4.7.3.tar.gz) = ab9c11c85898430fa74e5e07894f8da5e5936645
@@ -46,5 +46,7 @@ SHA1 (patch-cg) = c5948cea47fb4134c626415b0b2c36660beea64a
 SHA1 (patch-ch) = 8efaa05e564022710ff978b59581c017bbece979
 SHA1 (patch-ci) = a2ac5703503afcdb2a87f80a8ba373c8ff7a2697
 SHA1 (patch-cj) = 49fd8ae10c5fc026101355596b91fcf3e1701b9d
+SHA1 (patch-da) = 47f1d44bb593a81fb0520a4ee23f2f528533156f
+SHA1 (patch-db) = cbecf57ba75ce82901d347197013208811366514
 SHA1 (patch-src_network_ssl_qsslsocket__openssl__symbols.cpp) = 87c48f97ba2026f4bb553aa0b855bc1b1f653abf
 SHA1 (patch-src_network_ssl_qsslsocket__openssl__symbols__p.h) = e05f420bd532a8964d293e4bad848636dc716d0f

x11/qt4-libs/patches/patch-da

@@ -0,0 +1,29 @@
+$NetBSD: patch-da,v 1.1 2011/08/30 22:18:31 drochner Exp $
+
+CVE-2011-3194
+
+--- src/gui/image/qtiffhandler.cpp.orig	2011-03-30 05:19:04.000000000 +0000
++++ src/gui/image/qtiffhandler.cpp
+@@ -196,9 +196,12 @@ bool QTiffHandler::read(QImage *image)
+     uint16 bitPerSample;
+     if (!TIFFGetField(tiff, TIFFTAG_BITSPERSAMPLE, &bitPerSample))
+         bitPerSample = 1;
++    uint16 samplesPerPixel; // they may be e.g. grayscale with 2 samples per pixel
++    if (!TIFFGetField(tiff, TIFFTAG_SAMPLESPERPIXEL, &samplesPerPixel))
++	samplesPerPixel = 1;
+ 
+     bool grayscale = photometric == PHOTOMETRIC_MINISBLACK || photometric == PHOTOMETRIC_MINISWHITE;
+-    if (grayscale && bitPerSample == 1) {
++    if (grayscale && bitPerSample == 1 && samplesPerPixel == 1) {
+         if (image->size() != QSize(width, height) || image->format() != QImage::Format_Mono)
+             *image = QImage(width, height, QImage::Format_Mono);
+         QVector<QRgb> colortable(2);
+@@ -220,7 +223,7 @@ bool QTiffHandler::read(QImage *image)
+             }
+         }
+     } else {
+-        if ((grayscale || photometric == PHOTOMETRIC_PALETTE) && bitPerSample == 8) {
++        if ((grayscale || photometric == PHOTOMETRIC_PALETTE) && bitPerSample == 8 && samplesPerPixel == 1) {
+             if (image->size() != QSize(width, height) || image->format() != QImage::Format_Indexed8)
+                 *image = QImage(width, height, QImage::Format_Indexed8);
+             if (!image->isNull()) {

x11/qt4-libs/patches/patch-db

@@ -0,0 +1,16 @@
+$NetBSD: patch-db,v 1.1 2011/08/30 22:18:31 drochner Exp $
+
+CVE-2011-3193
+
+--- src/3rdparty/harfbuzz/src/harfbuzz-gpos.c.orig	2011-03-30 05:19:01.000000000 +0000
++++ src/3rdparty/harfbuzz/src/harfbuzz-gpos.c
+@@ -3012,6 +3012,9 @@ static HB_Error  Lookup_MarkMarkPos( GPO
+     j--;
+   }
+ 
++  if ( i > buffer->in_pos )
++    return HB_Err_Not_Covered;
++
+   error = _HB_OPEN_Coverage_Index( &mmp->Mark2Coverage, IN_GLYPH( j ),
+ 			  &mark2_index );
+   if ( error )

x11/qt4-tiff/Makefile

@@ -1,10 +1,11 @@
-# $NetBSD: Makefile,v 1.17 2011/05/05 12:37:08 adam Exp $
+# $NetBSD: Makefile,v 1.18 2011/08/30 22:18:31 drochner Exp $
 
 PKG_DESTDIR_SUPPORT=	user-destdir
 
 .include "../../x11/qt4-libs/Makefile.common"
 
 PKGNAME=	qt4-tiff-${QTVERSION}
+PKGREVISION=	1
 COMMENT=	QT TIFF image format plugin
 
 CONFIGURE_ARGS+=	-I${QTDIR}/include