deal with CVE-2009-2369 -- neither the advisory nor anything it links

to give useful information, just spotted an obvious case where data
passed from subclasses are used for malloc() unchecked, so added a check.
I can't claim that the CVE report is fixed because it is not clear what
it is about, but it seems that this fixes an issue.
bump PKGREVISION

x11/wxGTK28/Makefile

@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.4 2009/08/01 14:03:19 drochner Exp $
+# $NetBSD: Makefile,v 1.5 2009/08/05 20:58:56 drochner Exp $
 #
 
 .include "../../x11/wxGTK28/Makefile.common"
 
-PKGREVISION=	1
+PKGREVISION=	2
 
 PKGNAME=		${DISTNAME:S/wxGTK/wxGTK28/}
 COMMENT=		GTK-based implementation of the wxWidgets GUI library

x11/wxGTK28/distinfo

@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.5 2009/08/01 14:03:19 drochner Exp $
+$NetBSD: distinfo,v 1.6 2009/08/05 20:58:56 drochner Exp $
 
 SHA1 (wxGTK-2.8.10-libtool.diff.bz2) = 62ff30c26efdd73252bed2d07b82a9b9d3ef890f
 RMD160 (wxGTK-2.8.10-libtool.diff.bz2) = 64e1c32caa4bd6a0503bce4764e3ddc1cba68f8a
@@ -11,3 +11,4 @@ SHA1 (patch-ab) = 82960daef0616824718f3c04929871aeb0e258a2
 SHA1 (patch-ac) = 50cf253797f2dee8b9dab08d138d0070e25e7a8c
 SHA1 (patch-ba) = e47f8613835ce309daff09ae3265d44f37493579
 SHA1 (patch-bb) = 52df734a1df364dc5599a2b9252a15b87cae13b1
+SHA1 (patch-ca) = 4df0c2629c61fbf83a121eb16e490e9c2abb5ad8

x11/wxGTK28/patches/patch-ca

@@ -0,0 +1,15 @@
+$NetBSD: patch-ca,v 1.1 2009/08/05 20:58:56 drochner Exp $
+
+--- src/common/image.cpp.orig	2009-03-06 13:17:40.000000000 +0100
++++ src/common/image.cpp
+@@ -186,6 +186,10 @@ bool wxImage::Create( int width, int hei
+ 
+     m_refData = new wxImageRefData();
+ 
++    if (width <= 0 || height <= 0 || width > INT_MAX / 3 / height) {
++	UnRef();
++	return false;
++    }
+     M_IMGDATA->m_data = (unsigned char *) malloc( width*height*3 );
+     if (!M_IMGDATA->m_data)
+     {