Revision bump to import upstream patch for CVE-2012-3524 wrt #436028

Package-Manager: portage-2.2.0_alpha128/cvs/Linux x86_64

4 files changed, 500 insertions, 9 deletions

diff --git a/dev-libs/glib/ChangeLog b/dev-libs/glib/ChangeLog
index 151fc651e3f2..a1e01f030f03 100644
--- a/dev-libs/glib/ChangeLog
+++ b/dev-libs/glib/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for dev-libs/glib
 # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-libs/glib/ChangeLog,v 1.536 2012/09/28 18:54:44 tetromino Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/glib/ChangeLog,v 1.537 2012/09/29 17:17:13 ssuominen Exp $
+
+*glib-2.32.4-r1 (29 Sep 2012)
+
+  29 Sep 2012; Samuli Suominen <ssuominen@gentoo.org> +glib-2.32.4-r1.ebuild,
+  +files/glib-2.32.4-CVE-2012-3524.patch:
+  Revision bump to import upstream patch for CVE-2012-3524 wrt #436028
 
   28 Sep 2012; Alexandre Rostovtsev <tetromino@gentoo.org> glib-2.34.0.ebuild:
   Really disable building tests when USE=-test (bug #436508, thanks to Jeff
diff --git a/dev-libs/glib/Manifest b/dev-libs/glib/Manifest
index 417b01082652..cd613c79445a 100644
--- a/dev-libs/glib/Manifest
+++ b/dev-libs/glib/Manifest
@@ -15,6 +15,7 @@ AUX glib-2.30.2-missing-decls.patch 940 SHA256 028943a9f0684ed99e3cbac0631a0c367
 AUX glib-2.30.3-assert-test-failure.patch 752 SHA256 2c7473f49b2ef928714af3e514f80b558af4737e2422a3a3e7e71e3ee07bde17 SHA512 8b5aa95b084ff9e11e5eb12148ca1aa36dca2b5bc0620ac68f3c8e1478337910c204a56262d8ede8c3bad328a5765f2648691ebc12b800918043909752c99956 WHIRLPOOL 1c6cdb524bd0d1d6927359f81aa4a0bd77a74d677f0ec4ceac3f8afad2e3dccf613d7be12820e0ad329cc33eb78429f7a1e5d3b3fc6dc5526b278bf6cf93c52f
 AUX glib-2.30.3-closure-64bit-be.patch 8029 SHA256 15b0fc9e64411678321f00fd31e3622d1267f9b0c1a55b6b568a2f09e8b0f23f SHA512 0e194029c417245c64c5f67c935730fa7ef53c852ca74d99835a7c56d89fd4d0da566004bfe40c3b07e1d7835e1383947abdb4a5720d56b5c7559aa281b10a91 WHIRLPOOL a222a5b46b8df5c77b165356356172eefda9b3914c868a701f61a49361c7891d1ea10b76e17086205ead936b07dcdd13551a18f1a7811d78257759deb7732f00
 AUX glib-2.31.x-external-gdbus-codegen.patch 3504 SHA256 47a0f2f2a99a50042063952994c8538097dee14ea5b2ca39f1c168092c645c6e SHA512 30d8d57bd67047eef5276309734b73eba6026309f3f261f74d0eb96a87e9e8733e44b63e65c765b9ace89ba6b0c8df438785f9aa1a8a297e6da261906a4c11a7 WHIRLPOOL c64cdb643d36df9b20f386aee75f285f3cf17366f2ec3a93370e365a54d72454085cbd3b043ca4fd919115575d46c07a5bf972dee4981aab736bc9da0ca41203
+AUX glib-2.32.4-CVE-2012-3524.patch 8294 SHA256 feaafc740a8f7623056171e595613f86fc6e01caef604541be89ff92f312cd69 SHA512 7afd7ea3c1ff871debb7424f6b152ced1686236dc04c7271caa78f904afa0b17817448ef7365954c6dc524f1b8cd53e2a748323c490276d87e7e1ec28a851e39 WHIRLPOOL b941904a5a8f058d71e39b12729828ebbf0f26feec72ada8a1e3b223fe6b3cbd6f6c95a3cbe256b6bc5b501f451eac1724116dcc17c7b8fae65e8e0f11617b0d
 AUX glib-2.32.4-bashcomp.patch 843 SHA256 262a3689dc030712eea1349ee96cbf21123b0329c78629e2e80cd9917ac415fb SHA512 6e9f5678ccc7ea4317eba53294151d4a2e14f0aac9f2891ff6a8ba4679758386d6e5853c79f0f9fe828b83771da2498c52c69c7a329847e9fb2fd36acceb6f43 WHIRLPOOL 87d57428ef8626ab9f207e6a7df896748912c717fdc8aef3ebf1de73b72899fd5adfd97800ec4ce2fd38528f16267778a26492f79a85dd42f99734e1fa299ffb
 AUX glib-2.34.0-testsuite-skip-gdbus-auth-tests.patch 1784 SHA256 00ff3dd00872158eaf5a9e622d0877b8003c16880af07ceb9fed4d4bdfba69a1 SHA512 1001f6b24033187db50568a24bfaea9cdd0e70721a9cba988f3a64e75725ded31d23fe7d6d7dbb81678632a44770639ee36c6ab7a79bae0fa764a8b467d6e104 WHIRLPOOL 211ad59497093b34c313f22884b0a29a7a9973167e6a56f4737962d590b30ae7fd2dd9b1d9843c6d247cba8ee0d866cb1981a30c363aa19c711d32145a15e345
 AUX glib-2.34.0-testsuite-skip-thread4.patch 1312 SHA256 65ed09251a66b096df38431fde13335038e26c4fa973534af68948757801a3a5 SHA512 d64799f42d269e33295a2aca3728a762508ab06bf8cc20c399ab926095a884a73795fc0b5d3806c16c0f579472d06e945f332df96be0b4307b7d5c289e03591f WHIRLPOOL 8da1696ce6fd7fac83bef9563baf71e2b67b3e194ab3e631d238dc6e0a2d5493dc7a7f3af61bfa64a2023b0554ecaf3c523e7d9edea30e22f3615186e63f14cc
@@ -27,18 +28,19 @@ DIST glib-2.34.0.tar.xz 6368532 SHA256 f69b112f8848be35139d9099b62bc81649241f78f
 DIST pkg-config-0.26.tar.gz 396399 SHA256 94c1936a797c930fb3e4e5a154165b6268caba22b32d24083dd4c492a533c8af SHA512 9390d5918dd4ac520b914d2330aa7cae2587ca7b21b03bc88372fd5dbbd78e33eeb3fca39fcdb6dd10113658f03118a1c8829149c7029eb0dd80348d100170a4 WHIRLPOOL f535946a02192a9bffc7be0fae454e25aa86af8bac7f47622d52ed13f77f1ba05ff9b5693b2a501981e3991e4e1595eced22dee4ab748b310baa7d57267a62a7
 EBUILD glib-1.2.10-r5.ebuild 1782 SHA256 1ac935da2188aa1ed04e5db79d8637f519fdfa9d9a64dd8a978cbf31bb056486 SHA512 6d9f9839be66df0f343f4dd39c6f88524e8acc45c747ef0ce7507c24296d0550c8b1c13efa396a6a65f31033d62f064cbc0fc7c7b8b28b2eabe22387b611fa15 WHIRLPOOL b5967b8704e5ce04f41a03bb108ccaffa628f02add1b67803e8b0a531d7f345b9a0c458388da90262a53e76fd96dae7a82cab391fc5e6404c6b2ff7d43164f54
 EBUILD glib-2.30.3.ebuild 8947 SHA256 5adf86b28c2f555619519c2115c971bbc82547066334979c9dcc7acbf0bba05a SHA512 947fd2af003c94fd63aaa164e14fba68e7b00f22f8c4e8eca30a9e3d4158e342d6739b44c7ec5e64f4d1fc901b8ba45b8563e8b5d47771f43b7f932e6d382888 WHIRLPOOL fb97179c951d9c55fb2231e817ac74e0fa28d908b29b1df3d577bfcc2156436799e9dd0c10ff141a2022a7482a45d20c2d9e49844336d434277842d57313cd6d
+EBUILD glib-2.32.4-r1.ebuild 8297 SHA256 aed89e36ee93c219eb935a98f29056f474d52100e38b80f8f83884dcff1a771d SHA512 24eb2dc3eba74d5185b8a9e8d0b55d764acd4907aa4706cb2c9334357896e334c3e780b8586f5f5f8bd3c4c62aefc203faf8f38eeb055876d66fc17028ade7f7 WHIRLPOOL 33a57734e8b70994061d878adf15053fe72e53db78cb435e58a6cfbee95e52cad2af97575eb42aef4080da0625ee9a045bc1ccd446deeab349176d6bc13e99c1
 EBUILD glib-2.32.4.ebuild 8244 SHA256 7f2d6a5833c884d4f33612c080fe4f63119a5d64534657c024330eaa5323a930 SHA512 9e1fbebb6a7492a2f29d9dd508691f6623be383212efb182421110f5773e745f782d2d8294e39643877afeffe030e3adad34a3b5e22c1ba3a748ae02d22da3af WHIRLPOOL d8fa8381447abd89cc0acdb67931abdad9d2c1c193434a3191c2e32e6483bcf7e5b3588ab38793cc1d46233744b6753051f527efb8d74d50ac6fb5c376a18608
 EBUILD glib-2.34.0.ebuild 8263 SHA256 588edda667dbafb641d5293cfaaf0127ce337b0a05abda64615100f9f2a6221e SHA512 f8637abb0c8b9ee9333b51fad3736d6df5c963c598cbc59070f885ca4135626dcb6a3d1569e782929b744d2f16a6328c8b41cfe8d752ca888aee1b1cbefd5169 WHIRLPOOL 05bfec2b82b041caa304aad9e398bcd6470b0e34732114ac16abc0da1133fd5cabb02470ce9dd5901438464db296d54a5bfe3de34edcb1bebe94138beeb89a81
-MISC ChangeLog 73509 SHA256 feac6d6d461d48e067b9e0b1a0830789d7a09a2c4da2efa889fb4f1180054d7a SHA512 0a40b74d1688a8236f9f041151890375038d8c058e2e378dc0bd30af1dbf25f118499ce9d74235c5f2f786a3d0de04e8bbcedaabf31a29bc3faa0be63457bfab WHIRLPOOL 612b3ea4c7be9763416b84987043d74938d31c76488fa721e8cf6e08b4f262c012c3be4b611c85935c3d2b505a63c4498ddd2016644c46a8f479d1cc7ba65228
+MISC ChangeLog 73732 SHA256 f625f3e330ac4ba4379a54f14ff8c9c3853c1b1ad353f2cec80e3d5e5a352998 SHA512 af630341fbffdd4ba3faf661435dd64cf5725f15b9e48c6f6e6d0b68060a5b3ed0aaf232040f84990412d9ece4f1f6edfc2d9a14480428ce9c7e0c05cfcf8e1c WHIRLPOOL 571572bae4bb500961b67207147e0eb712a20e1b54521956b27dbe55f5afc8fd60088e3ff343bc6d3dd9da9c68e2ab242280e3656fcb1482ca6cdbba8891e349
 MISC metadata.xml 396 SHA256 15590ae8a4e9724b07cdc4766f62257c604ffb256acc15f065e005a34cfe81cb SHA512 b1083fad61b609c0f01421745147cf7bbf3964d5d8fa95e5f0db7e38443a4038404103abf87cba9ce6809683f089fe71f8b080ce464964befff336db7e8c1d2f WHIRLPOOL 0cc2b231d0d1f14e31361c4160f9164af7972d3832e475655cc1fbc7be3bf948ea40f295de55583b065a5b17af7842d03f6d4c869c7f65bae1306b4faf00eae4
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.19 (GNU/Linux)
 
-iQEcBAEBCAAGBQJQZfJ5AAoJEJ0WA1zPCt1hO6kIAJP9joxJF8cgzFTYagU2++xA
-EJJanVTLdQT4zWL4L3kPDky/bHJiAciPpB0m9E0Afoogg2/S3i41yrDb+rpBmVzB
-SsqfFTL6hbjzmvaKyOsMdqGxrby+WBOefWOBbg2WG+5efjI8SuikOsqb2sg1iOrQ
-hWL10shOpsdeet7cWgDs7bExNzDWen4fytB8fkwrtbT65GlwBKTNQ7NL3CvI+4z0
-baMi8yLZLBrSMSxgdJuhpLIEGBgssfSoOhme3nGag/w/yxBfqAo9bgZZDq0RnsUf
-uNFtGYuhBLkGSuO4gWDH4dYu+gUxs9oYumBRrYVFuHTPiELseZmvn0EuCJ6mNug=
-=0tK+
+iQEcBAEBCAAGBQJQZyxsAAoJEEdUh39IaPFNhrQH/3OQ11oyaFt8ouALIMcxrzW8
+Hw6y4dUue0avPv8598yAcJkc4MaUb14NSbW8eeUw2SawPqd20YE/5dIHzsLveuM+
+RkavadEn7HtCmcRHau0t4Cgi7ija33pJp71FwrbmhdNxugrI6Q7rU5qSDCCo8g+7
+mmfnO4NJ4qsJNoFwM/XCUtNkussyg9I9FOdcdJlbUUVeBjC47p0OmNr+PxN0BvXv
+lv2osgZ7RjB6Dn7lWYVD0uVNY9P0j+HVQR32ldKndEvWPrFUlvjc75qvbLAEWr6y
+tfCq+Dze66/kqr2o/u9Pz7/ecM8pLSc3xWMh/GQgO2zzgnZjrlkMxqFvcQqa+s8=
+=2juR
 -----END PGP SIGNATURE-----
diff --git a/dev-libs/glib/files/glib-2.32.4-CVE-2012-3524.patch b/dev-libs/glib/files/glib-2.32.4-CVE-2012-3524.patch
new file mode 100644
index 000000000000..92e6c8125e5b
--- /dev/null
+++ b/dev-libs/glib/files/glib-2.32.4-CVE-2012-3524.patch
@@ -0,0 +1,247 @@
+From 4c2928a54482913cf236bff0e66650a8f47e17ea Mon Sep 17 00:00:00 2001
+From: Colin Walters <walters@verbum.org>
+Date: Wed, 22 Aug 2012 18:26:11 +0000
+Subject: CVE-2012-3524: Hardening for being run in a setuid environment
+
+Some programs attempt to use libglib (or even libgio) when setuid.
+For a long time, GTK+ simply aborted if launched in this
+configuration, but we never had a real policy for GLib.
+
+I'm not sure whether we should advertise such support.  However, given
+that there are real-world programs that do this currently, we can make
+them safer with not too much effort.
+
+Better to fix a problem caused by an interaction between two
+components in *both* places if possible.
+
+This patch adds a private function g_check_setuid() which is used to
+first ensure we don't run an external dbus-launch binary if
+DBUS_SESSION_BUS_ADDRESS isn't set.
+
+Second, we also ensure the local VFS is used in this case.  The
+gdaemonvfs extension point will end up talking to the session bus
+which is typically undesirable in a setuid context.
+
+Implementing g_check_setuid() is interesting - whether or not we're
+running in a privilege-escalated path is operating system specific.
+Note that GTK+'s code to check euid versus uid worked historically on
+Unix, more modern systems have filesystem capabilities and SELinux
+domain transitions, neither of which are captured by the uid
+comparison.
+
+On Linux/glibc, the way this works is that the kernel sets an
+AT_SECURE flag in the ELF auxiliary vector, and glibc looks for it on
+startup.  If found, then glibc sets a public-but-undocumented
+__libc_enable_secure variable which we can use.  Unfortunately, while
+it *previously* worked to check this variable, a combination of newer
+binutils and RPM break it:
+http://www.openwall.com/lists/owl-dev/2012/08/14/1
+
+So for now on Linux/glibc, we fall back to the historical Unix version
+until we get glibc fixed.
+
+On some BSD variants, there is a issetugid() function.  On other Unix
+variants, we fall back to what GTK+ has been doing.
+
+Reported-By: Sebastian Krahmer <krahmer@suse.de>
+Signed-off-by: Colin Walters <walters@verbum.org>
+---
+diff --git a/configure.ac b/configure.ac
+index 584df1d..67ea1a9 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -583,9 +583,20 @@ AC_TRY_COMPILE([#include <dirent.h>], [DIR *dir;],
+ # Checks for library functions.
+ AC_FUNC_VPRINTF
+ AC_FUNC_ALLOCA
+-AC_CHECK_FUNCS(mmap posix_memalign memalign valloc fsync pipe2)
++AC_CHECK_FUNCS(mmap posix_memalign memalign valloc fsync pipe2 issetugid)
+ AC_CHECK_FUNCS(atexit on_exit timegm gmtime_r)
+ 
++AC_CACHE_CHECK([for __libc_enable_secure], glib_cv_have_libc_enable_secure,
++  [AC_TRY_LINK([#include <unistd.h>
++    extern int __libc_enable_secure;],
++    [return __libc_enable_secure;],
++   glib_cv_have_libc_enable_secure=yes,
++   glib_cv_have_libc_enable_secure=no)])
++AS_IF([test x$glib_cv_have_libc_enable_secure = xyes], [
++   AC_DEFINE(HAVE_LIBC_ENABLE_SECURE, 1,
++     [Define if you have the __libc_enable_secure variable (GNU libc, eglibc)])
++])
++
+ AC_CHECK_SIZEOF(char)
+ AC_CHECK_SIZEOF(short)
+ AC_CHECK_SIZEOF(long)
+@@ -984,7 +995,7 @@ AC_MSG_RESULT(unsigned $glib_size_type)
+ 
+ # Check for some functions
+ AC_CHECK_FUNCS(lstat strerror strsignal memmove vsnprintf stpcpy strcasecmp strncasecmp poll getcwd vasprintf setenv unsetenv getc_unlocked readlink symlink fdwalk memmem)
+-AC_CHECK_FUNCS(chown lchmod lchown fchmod fchown link utimes getgrgid getpwuid)
++AC_CHECK_FUNCS(chown lchmod lchown fchmod fchown link utimes getgrgid getpwuid getresuid)
+ AC_CHECK_FUNCS(getmntent_r setmntent endmntent hasmntopt getfsstat getvfsstat)
+ # Check for high-resolution sleep functions
+ AC_CHECK_FUNCS(splice)
+diff --git a/gio/gdbusaddress.c b/gio/gdbusaddress.c
+index 4aa13b9..96b6343 100644
+--- a/gio/gdbusaddress.c
++++ b/gio/gdbusaddress.c
+@@ -37,6 +37,7 @@
+ #include "giostream.h"
+ #include "gasyncresult.h"
+ #include "gsimpleasyncresult.h"
++#include "glib-private.h"
+ #include "gdbusprivate.h"
+ #include "giomodule-priv.h"
+ #include "gdbusdaemon.h"
+@@ -1023,6 +1024,14 @@ get_session_address_dbus_launch (GError **error)
+   restore_dbus_verbose = FALSE;
+   old_dbus_verbose = NULL;
+ 
++  /* Don't run binaries as root if we're setuid. */
++  if (GLIB_PRIVATE_CALL (g_check_setuid) ())
++    {
++      g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
++		   _("Cannot spawn a message bus when setuid"));
++      goto out;
++    }
++
+   machine_id = _g_dbus_get_machine_id (error);
+   if (machine_id == NULL)
+     {
+diff --git a/gio/gvfs.c b/gio/gvfs.c
+index dda8afb..9afbcec 100644
+--- a/gio/gvfs.c
++++ b/gio/gvfs.c
+@@ -23,6 +23,7 @@
+ #include "config.h"
+ #include <string.h>
+ #include "gvfs.h"
++#include "glib-private.h"
+ #include "glocalvfs.h"
+ #include "gresourcefile.h"
+ #include "giomodule-priv.h"
+@@ -191,6 +192,8 @@ g_vfs_parse_name (GVfs       *vfs,
+ GVfs *
+ g_vfs_get_default (void)
+ {
++  if (GLIB_PRIVATE_CALL (g_check_setuid) ())
++    return g_vfs_get_local ();
+   return _g_io_module_get_default (G_VFS_EXTENSION_POINT_NAME,
+ 				   "GIO_USE_VFS",
+ 				   (GIOModuleVerifyFunc)g_vfs_is_active);
+diff --git a/glib/genviron.c b/glib/genviron.c
+index 59a8bbe..9525cf0 100644
+--- a/glib/genviron.c
++++ b/glib/genviron.c
+@@ -40,6 +40,7 @@
+ #include <windows.h>
+ #endif
+ 
++#include "glib-private.h"
+ #include "gmem.h"
+ #include "gmessages.h"
+ #include "gstrfuncs.h"
+diff --git a/glib/glib-private.c b/glib/glib-private.c
+index 3946e77..3506782 100644
+--- a/glib/glib-private.c
++++ b/glib/glib-private.c
+@@ -38,7 +38,9 @@ glib__private__ (void)
+     g_wakeup_signal,
+     g_wakeup_acknowledge,
+ 
+-    g_get_worker_context
++    g_get_worker_context,
++
++    g_check_setuid
+   };
+ 
+   return &table;
+diff --git a/glib/glib-private.h b/glib/glib-private.h
+index fde0be8..87da6f3 100644
+--- a/glib/glib-private.h
++++ b/glib/glib-private.h
+@@ -25,6 +25,8 @@
+ 
+ G_GNUC_INTERNAL
+ GMainContext *          g_get_worker_context            (void);
++G_GNUC_INTERNAL
++gboolean                g_check_setuid                  (void);
+ 
+ #define GLIB_PRIVATE_CALL(symbol) (glib__private__()->symbol)
+ 
+@@ -40,6 +42,8 @@ typedef struct {
+   /* See gmain.c */
+   GMainContext *        (* g_get_worker_context)        (void);
+   /* Add other private functions here, initialize them in glib-private.c */
++
++  gboolean              (* g_check_setuid)              (void);
+ } GLibPrivateVTable;
+ 
+ GLibPrivateVTable *glib__private__ (void);
+diff --git a/glib/gutils.c b/glib/gutils.c
+index 38b5e44..f8a38d1 100644
+--- a/glib/gutils.c
++++ b/glib/gutils.c
+@@ -2409,3 +2409,60 @@ g_get_tmp_dir (void)
+ }
+ 
+ #endif
++
++/* Private API:
++ *
++ * Returns %TRUE if the current process was executed as setuid (or an
++ * equivalent __libc_enable_secure is available).  See:
++ * http://osdir.com/ml/linux.lfs.hardened/2007-04/msg00032.html
++ */ 
++gboolean
++g_check_setuid (void)
++{
++  /* TODO: get __libc_enable_secure exported from glibc.
++   * See http://www.openwall.com/lists/owl-dev/2012/08/14/1
++   */
++#if 0 && defined(HAVE_LIBC_ENABLE_SECURE)
++  {
++    /* See glibc/include/unistd.h */
++    extern int __libc_enable_secure;
++    return __libc_enable_secure;
++  }
++#elif defined(HAVE_ISSETUGID)
++  /* BSD: http://www.freebsd.org/cgi/man.cgi?query=issetugid&sektion=2 */
++  return issetugid ();
++#elif defined(G_OS_UNIX)
++  uid_t ruid, euid, suid; /* Real, effective and saved user ID's */
++  gid_t rgid, egid, sgid; /* Real, effective and saved group ID's */
++
++  static gsize check_setuid_initialised;
++  static gboolean is_setuid;
++
++  if (g_once_init_enter (&check_setuid_initialised))
++    {
++#ifdef HAVE_GETRESUID
++      /* These aren't in the header files, so we prototype them here.
++       */
++      int getresuid(uid_t *ruid, uid_t *euid, uid_t *suid);
++      int getresgid(gid_t *rgid, gid_t *egid, gid_t *sgid);
++      
++      if (getresuid (&ruid, &euid, &suid) != 0 ||
++          getresgid (&rgid, &egid, &sgid) != 0)
++#endif /* HAVE_GETRESUID */
++        {
++          suid = ruid = getuid ();
++          sgid = rgid = getgid ();
++          euid = geteuid ();
++          egid = getegid ();
++        }
++
++      is_setuid = (ruid != euid || ruid != suid ||
++                   rgid != egid || rgid != sgid);
++
++      g_once_init_leave (&check_setuid_initialised, 1);
++    }
++  return is_setuid;
++#else
++  return FALSE;
++#endif
++}
+--
+cgit v0.9.0.2
diff --git a/dev-libs/glib/glib-2.32.4-r1.ebuild b/dev-libs/glib/glib-2.32.4-r1.ebuild
new file mode 100644
index 000000000000..3f7a0814ba77
--- /dev/null
+++ b/dev-libs/glib/glib-2.32.4-r1.ebuild
@@ -0,0 +1,236 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/glib/glib-2.32.4-r1.ebuild,v 1.1 2012/09/29 17:17:13 ssuominen Exp $
+
+EAPI="4"
+PYTHON_DEPEND="utils? 2"
+# Avoid runtime dependency on python when USE=test
+
+inherit autotools gnome.org libtool eutils flag-o-matic gnome2-utils multilib pax-utils python toolchain-funcs virtualx linux-info
+
+DESCRIPTION="The GLib library of C routines"
+HOMEPAGE="http://www.gtk.org/"
+SRC_URI="${SRC_URI}
+	http://dev.gentoo.org/~tetromino/distfiles/glib/${P}-AS_IF-patches.tar.xz
+	http://pkgconfig.freedesktop.org/releases/pkg-config-0.26.tar.gz" # pkg.m4 for eautoreconf
+
+LICENSE="LGPL-2+"
+SLOT="2"
+IUSE="debug doc fam kernel_linux selinux static-libs systemtap test utils xattr"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~x86-linux"
+
+RDEPEND="virtual/libiconv
+	virtual/libffi
+	sys-libs/zlib
+	|| (
+		>=dev-libs/elfutils-0.142
+		>=dev-libs/libelf-0.8.12 )
+	xattr? ( sys-apps/attr )
+	fam? ( virtual/fam )
+	utils? ( >=dev-util/gdbus-codegen-${PV} )"
+DEPEND="${RDEPEND}
+	>=sys-devel/gettext-0.11
+	>=dev-util/gtk-doc-am-1.15
+	doc? (
+		>=dev-libs/libxslt-1.0
+		>=dev-util/gdbus-codegen-${PV}
+		>=dev-util/gtk-doc-1.15
+		~app-text/docbook-xml-dtd-4.1.2 )
+	systemtap? ( >=dev-util/systemtap-1.3 )
+	test? (
+		sys-devel/gdb
+		=dev-lang/python-2*
+		>=dev-util/gdbus-codegen-${PV}
+		>=sys-apps/dbus-1.2.14 )
+	!<dev-util/gtk-doc-1.15-r2"
+PDEPEND="x11-misc/shared-mime-info
+	!<gnome-base/gvfs-1.6.4-r990"
+# shared-mime-info needed for gio/xdgmime, bug #409481
+# Earlier versions of gvfs do not work with glib
+
+pkg_setup() {
+	# Needed for gio/tests/gdbus-testserver.py
+	if use test ; then
+		python_set_active_version 2
+		python_pkg_setup
+	fi
+
+	if use kernel_linux ; then
+		CONFIG_CHECK="~INOTIFY_USER"
+		linux-info_pkg_setup
+	fi
+}
+
+src_prepare() {
+	epatch "${FILESDIR}"/${P}-CVE-2012-3524.patch
+
+	mv -f "${WORKDIR}"/pkg-config-*/pkg.m4 "${WORKDIR}"/ || die
+
+	# Fix gmodule issues on fbsd; bug #184301
+	epatch "${FILESDIR}"/${PN}-2.12.12-fbsd.patch
+
+	# need to build tests if USE=doc for bug #387385
+	if ! use test && ! use doc; then
+		# don't waste time building tests
+		sed 's/^\(.*\SUBDIRS .*\=.*\)tests\(.*\)$/\1\2/' -i $(find . -name Makefile.am -o -name Makefile.in) || die
+	else
+		# Do not try to remove files on live filesystem, upstream bug #619274
+		sed 's:^\(.*"/desktop-app-info/delete".*\):/*\1*/:' \
+			-i "${S}"/gio/tests/desktop-app-info.c || die "sed failed"
+
+		# Disable tests requiring dev-util/desktop-file-utils when not installed, bug #286629
+		if ! has_version dev-util/desktop-file-utils ; then
+			ewarn "Some tests will be skipped due dev-util/desktop-file-utils not being present on your system,"
+			ewarn "think on installing it to get these tests run."
+			sed -i -e "/appinfo\/associations/d" gio/tests/appinfo.c || die
+			sed -i -e "/desktop-app-info\/default/d" gio/tests/desktop-app-info.c || die
+			sed -i -e "/desktop-app-info\/fallback/d" gio/tests/desktop-app-info.c || die
+			sed -i -e "/desktop-app-info\/lastused/d" gio/tests/desktop-app-info.c || die
+		fi
+
+		# Disable tests requiring dbus-python and pygobject; bugs #349236, #377549, #384853
+		if ! has_version dev-python/dbus-python || ! has_version 'dev-python/pygobject:2' ; then
+			ewarn "Some tests will be skipped due to dev-python/dbus-python or dev-python/pygobject:2"
+			ewarn "not being present on your system, think on installing them to get these tests run."
+			sed -i -e "/connection\/filter/d" gio/tests/gdbus-connection.c || die
+			sed -i -e "/connection\/large_message/d" gio/tests/gdbus-connection-slow.c || die
+			sed -i -e "/gdbus\/proxy/d" gio/tests/gdbus-proxy.c || die
+			sed -i -e "/gdbus\/proxy-well-known-name/d" gio/tests/gdbus-proxy-well-known-name.c || die
+			sed -i -e "/gdbus\/introspection-parser/d" gio/tests/gdbus-introspection.c || die
+			sed -i -e "/g_test_add_func/d" gio/tests/gdbus-threading.c || die
+			sed -i -e "/gdbus\/method-calls-in-thread/d" gio/tests/gdbus-threading.c || die
+			# needed to prevent gdbus-threading from asserting
+			ln -sfn $(type -P true) gio/tests/gdbus-testserver.py
+		fi
+	fi
+
+	# gdbus-codegen is a separate package
+	epatch "${FILESDIR}/${PN}-2.31.x-external-gdbus-codegen.patch"
+
+	# bashcomp goes in /usr/share/bash-completion
+	epatch "${FILESDIR}/${PN}-2.32.4-bashcomp.patch"
+
+	# AS_IF fixes from 2.33.x, needed for cross-compiling, bug #434770
+	epatch ../AS_IF-patches/*.patch
+
+	# disable pyc compiling
+	use test && python_clean_py-compile_files
+
+	# Needed for the punt-python-check patch, disabling timeout test
+	# Also needed to prevent croscompile failures, see bug #267603
+	# Also needed for the no-gdbus-codegen patch
+	AT_M4DIR="${WORKDIR}" eautoreconf
+
+	[[ ${CHOST} == *-freebsd* ]] && elibtoolize
+
+	epunt_cxx
+}
+
+src_configure() {
+	# Avoid circular depend with dev-util/pkgconfig and
+	# native builds (cross-compiles won't need pkg-config
+	# in the target ROOT to work here)
+	if ! tc-is-cross-compiler && ! $(tc-getPKG_CONFIG) --version >& /dev/null; then
+		if has_version sys-apps/dbus; then
+			export DBUS1_CFLAGS="-I/usr/include/dbus-1.0 -I/usr/$(get_libdir)/dbus-1.0/include"
+			export DBUS1_LIBS="-ldbus-1"
+		fi
+		export LIBFFI_CFLAGS="-I$(echo /usr/$(get_libdir)/libffi-*/include)"
+		export LIBFFI_LIBS="-lffi"
+	fi
+
+	local myconf
+
+	# Building with --disable-debug highly unrecommended.  It will build glib in
+	# an unusable form as it disables some commonly used API.  Please do not
+	# convert this to the use_enable form, as it results in a broken build.
+	# -- compnerd (3/27/06)
+	use debug && myconf="--enable-debug"
+
+	# Always use internal libpcre, bug #254659
+	econf ${myconf} \
+		$(use_enable xattr) \
+		$(use_enable doc man) \
+		$(use_enable doc gtk-doc) \
+		$(use_enable fam) \
+		$(use_enable selinux) \
+		$(use_enable static-libs static) \
+		$(use_enable systemtap dtrace) \
+		$(use_enable systemtap systemtap) \
+		--with-pcre=internal \
+		--with-threads=posix
+}
+
+src_install() {
+	local f
+
+	# install-exec-hook substitutes ${PYTHON} in glib/gtester-report
+	emake DESTDIR="${D}" PYTHON="${EPREFIX}/usr/bin/python2" install
+
+	if ! use utils; then
+		rm "${ED}usr/bin/gtester-report"
+	fi
+
+	# Do not install charset.alias even if generated, leave it to libiconv
+	rm -f "${ED}/usr/lib/charset.alias"
+
+	# Don't install gdb python macros, bug 291328
+	rm -rf "${ED}/usr/share/gdb/" "${ED}/usr/share/glib-2.0/gdb/"
+
+	dodoc AUTHORS ChangeLog* NEWS* README
+
+	# Completely useless with or without USE static-libs, people need to use
+	# pkg-config
+	find "${D}" -name '*.la' -exec rm -f {} +
+}
+
+src_test() {
+	gnome2_environment_reset
+
+	unset DBUS_SESSION_BUS_ADDRESS
+	export XDG_CONFIG_DIRS=/etc/xdg
+	export XDG_DATA_DIRS=/usr/local/share:/usr/share
+	export G_DBUS_COOKIE_SHA1_KEYRING_DIR="${T}/temp"
+	unset GSETTINGS_BACKEND # bug 352451
+	export LC_TIME=C # bug #411967
+
+	# Related test is a bit nitpicking
+	mkdir "$G_DBUS_COOKIE_SHA1_KEYRING_DIR"
+	chmod 0700 "$G_DBUS_COOKIE_SHA1_KEYRING_DIR"
+
+	# Hardened: gdb needs this, bug #338891
+	if host-is-pax ; then
+		pax-mark -mr "${S}"/tests/.libs/assert-msg-test \
+			|| die "Hardened adjustment failed"
+	fi
+
+	# Need X for dbus-launch session X11 initialization
+	Xemake check
+}
+
+pkg_preinst() {
+	# Only give the introspection message if:
+	# * The user has gobject-introspection
+	# * Has glib already installed
+	# * Previous version was different from new version
+	if has_version "dev-libs/gobject-introspection" && ! has_version "=${CATEGORY}/${PF}"; then
+		ewarn "You must rebuild gobject-introspection so that the installed"
+		ewarn "typelibs and girs are regenerated for the new APIs in glib"
+	fi
+}
+
+pkg_postinst() {
+	# Inform users about possible breakage when updating glib and not dbus-glib, bug #297483
+	if has_version dev-libs/dbus-glib; then
+		ewarn "If you experience a breakage after updating dev-libs/glib try"
+		ewarn "rebuilding dev-libs/dbus-glib"
+	fi
+
+	if has_version '<x11-libs/gtk+-3.0.12:3'; then
+		# To have a clear upgrade path for gtk+-3.0.x users, have to resort to
+		# a warning instead of a blocker
+		ewarn
+		ewarn "Using <gtk+-3.0.12:3 with ${P} results in frequent crashes."
+		ewarn "You should upgrade to a newer version of gtk+:3 immediately."
+	fi
+}