[gentoo-commits] proj/hardened-dev:musl commit in: dev-libs/glib/files/, dev-libs/glib/

["Anthony G. Basile" <blueness@gentoo.org>]

commit:     627e4ea816e415131619a7c150b21a09be8149e3
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Mon Jul 29 13:30:41 2013 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Mon Jul 29 13:30:41 2013 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=627e4ea8

dev-libs/glib: unconditionally include fcntl.h

---
 dev-libs/glib/files/glib-2.12.12-fbsd.patch        |  21 ++
 .../files/glib-2.31.x-external-gdbus-codegen.patch |  99 +++++++++
 .../glib/files/glib-2.32.4-CVE-2012-3524.patch     | 247 +++++++++++++++++++++
 .../files/glib-2.32.4-always-include-fcntl.h-patch |  15 ++
 dev-libs/glib/files/glib-2.32.4-bashcomp.patch     |  27 +++
 .../files/glib-2.34.0-testsuite-skip-thread4.patch |  44 ++++
 .../glib/files/glib-2.34.3-automake-1.13.patch     |  23 ++
 dev-libs/glib/glib-2.32.4-r99.ebuild               | 238 ++++++++++++++++++++
 dev-libs/glib/metadata.xml                         |  14 ++
 9 files changed, 728 insertions(+)

diff --git a/dev-libs/glib/files/glib-2.12.12-fbsd.patch b/dev-libs/glib/files/glib-2.12.12-fbsd.patch
new file mode 100644
index 0000000..bba6329
--- /dev/null
+++ b/dev-libs/glib/files/glib-2.12.12-fbsd.patch
@@ -0,0 +1,21 @@
+diff --exclude-from=/home/dang/.scripts/diffrc -up -ruN glib-2.12.12.orig/gmodule/gmodule-dl.c glib-2.12.12/gmodule/gmodule-dl.c
+--- glib-2.12.12.orig/gmodule/gmodule-dl.c	2007-05-01 19:12:40.000000000 -0400
++++ glib-2.12.12/gmodule/gmodule-dl.c	2007-07-05 20:10:51.000000000 -0400
+@@ -106,6 +106,7 @@ _g_module_open (const gchar *file_name,
+ static gpointer
+ _g_module_self (void)
+ {
++#ifndef __FreeBSD__
+   gpointer handle;
+   
+   /* to query symbols from the program itself, special link options
+@@ -117,6 +118,9 @@ _g_module_self (void)
+     g_module_set_error (fetch_dlerror (TRUE));
+   
+   return handle;
++#else
++  return RTLD_DEFAULT;
++#endif
+ }
+ 
+ static void

diff --git a/dev-libs/glib/files/glib-2.31.x-external-gdbus-codegen.patch b/dev-libs/glib/files/glib-2.31.x-external-gdbus-codegen.patch
new file mode 100644
index 0000000..df1378e
--- /dev/null
+++ b/dev-libs/glib/files/glib-2.31.x-external-gdbus-codegen.patch
@@ -0,0 +1,99 @@
+From 732f04b55f59b8107a7fbe317317edb5f184ea8f Mon Sep 17 00:00:00 2001
+From: Priit Laes <plaes@plaes.org>
+Date: Fri, 3 Feb 2012 09:08:28 +0200
+Subject: [PATCH] Split out gdbus codegen
+
+---
+ configure.ac                                       |    4 +---
+ docs/reference/gio/Makefile.am                     |    3 +--
+ gio/Makefile.am                                    |    2 +-
+ gio/tests/Makefile.am                              |    6 ++----
+ gio/tests/gdbus-object-manager-example/Makefile.am |    6 ++----
+ 5 files changed, 7 insertions(+), 14 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 4cf04a1..0bb18c8 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -356,7 +356,7 @@ fi
+ AC_SUBST(PERL_PATH)
+ 
+ # Need suitable python path for greport
+-AM_PATH_PYTHON(2.5,,PYTHON="/usr/bin/env python2.5")
++# AM_PATH_PYTHON(2.5,,PYTHON="/usr/bin/env python2.5")
+ 
+ 
+ dnl ***********************
+@@ -3525,8 +3525,6 @@ gobject/glib-mkenums
+ gobject/tests/Makefile
+ gthread/Makefile
+ gio/Makefile
+-gio/gdbus-2.0/codegen/Makefile
+-gio/gdbus-2.0/codegen/config.py
+ gio/xdgmime/Makefile
+ gio/inotify/Makefile
+ gio/fen/Makefile
+diff --git a/docs/reference/gio/Makefile.am b/docs/reference/gio/Makefile.am
+index 535aa26..5027dd5 100644
+--- a/docs/reference/gio/Makefile.am
++++ b/docs/reference/gio/Makefile.am
+@@ -144,8 +144,7 @@ man_MANS =			\
+ 	glib-compile-resources.1	\
+ 	gsettings.1		\
+ 	gresource.1		\
+-	gdbus.1			\
+-	gdbus-codegen.1
++	gdbus.1
+ 
+ if ENABLE_MAN
+ 
+diff --git a/gio/Makefile.am b/gio/Makefile.am
+index 67eeae6..277931b 100644
+--- a/gio/Makefile.am
++++ b/gio/Makefile.am
+@@ -2,7 +2,7 @@ include $(top_srcdir)/Makefile.decl
+ 
+ NULL =
+ 
+-SUBDIRS = gdbus-2.0/codegen
++SUBDIRS =
+ 
+ if OS_UNIX
+ SUBDIRS += xdgmime
+diff --git a/gio/tests/Makefile.am b/gio/tests/Makefile.am
+index e987fd1..66af8cf 100644
+--- a/gio/tests/Makefile.am
++++ b/gio/tests/Makefile.am
+@@ -275,10 +275,8 @@ gdbus_close_pending_SOURCES = gdbus-close-pending.c gdbus-sessionbus.c gdbus-ses
+ gdbus_close_pending_LDADD = $(progs_ldadd)
+ 
+ if OS_UNIX
+-gdbus-test-codegen-generated.h gdbus-test-codegen-generated.c : test-codegen.xml Makefile $(top_builddir)/gio/gdbus-2.0/codegen/gdbus-codegen
+-	$(AM_V_GEN) UNINSTALLED_GLIB_SRCDIR=$(top_srcdir) \
+-		UNINSTALLED_GLIB_BUILDDIR=$(top_builddir) \
+-		$(PYTHON) $(top_builddir)/gio/gdbus-2.0/codegen/gdbus-codegen \
++gdbus-test-codegen-generated.h gdbus-test-codegen-generated.c : test-codegen.xml Makefile
++	$(AM_V_GEN) gdbus-codegen \
+ 		--interface-prefix org.project. \
+ 		--generate-c-code gdbus-test-codegen-generated \
+ 		--c-generate-object-manager \
+diff --git a/gio/tests/gdbus-object-manager-example/Makefile.am b/gio/tests/gdbus-object-manager-example/Makefile.am
+index 9861d0e..9ca6eb9 100644
+--- a/gio/tests/gdbus-object-manager-example/Makefile.am
++++ b/gio/tests/gdbus-object-manager-example/Makefile.am
+@@ -21,10 +21,8 @@ GDBUS_GENERATED = 										\
+ 	gdbus-example-objectmanager-generated-org.gtk.GDBus.Example.ObjectManager.Cat.xml 	\
+ 	$(NULL)
+ 
+-$(GDBUS_GENERATED) : gdbus-example-objectmanager.xml Makefile $(top_builddir)/gio/gdbus-2.0/codegen/gdbus-codegen
+-	$(AM_V_GEN) UNINSTALLED_GLIB_SRCDIR=$(top_srcdir) \
+-		UNINSTALLED_GLIB_BUILDDIR=$(top_builddir) \
+-		$(PYTHON) $(top_builddir)/gio/gdbus-2.0/codegen/gdbus-codegen \
++$(GDBUS_GENERATED) : gdbus-example-objectmanager.xml Makefile
++	$(AM_V_GEN) gdbus-codegen \
+ 		--interface-prefix org.gtk.GDBus.Example.ObjectManager. \
+ 		--c-namespace Example \
+ 		--c-generate-object-manager \
+-- 
+1.7.8.4
+

diff --git a/dev-libs/glib/files/glib-2.32.4-CVE-2012-3524.patch b/dev-libs/glib/files/glib-2.32.4-CVE-2012-3524.patch
new file mode 100644
index 0000000..92e6c81
--- /dev/null
+++ b/dev-libs/glib/files/glib-2.32.4-CVE-2012-3524.patch
@@ -0,0 +1,247 @@
+From 4c2928a54482913cf236bff0e66650a8f47e17ea Mon Sep 17 00:00:00 2001
+From: Colin Walters <walters@verbum.org>
+Date: Wed, 22 Aug 2012 18:26:11 +0000
+Subject: CVE-2012-3524: Hardening for being run in a setuid environment
+
+Some programs attempt to use libglib (or even libgio) when setuid.
+For a long time, GTK+ simply aborted if launched in this
+configuration, but we never had a real policy for GLib.
+
+I'm not sure whether we should advertise such support.  However, given
+that there are real-world programs that do this currently, we can make
+them safer with not too much effort.
+
+Better to fix a problem caused by an interaction between two
+components in *both* places if possible.
+
+This patch adds a private function g_check_setuid() which is used to
+first ensure we don't run an external dbus-launch binary if
+DBUS_SESSION_BUS_ADDRESS isn't set.
+
+Second, we also ensure the local VFS is used in this case.  The
+gdaemonvfs extension point will end up talking to the session bus
+which is typically undesirable in a setuid context.
+
+Implementing g_check_setuid() is interesting - whether or not we're
+running in a privilege-escalated path is operating system specific.
+Note that GTK+'s code to check euid versus uid worked historically on
+Unix, more modern systems have filesystem capabilities and SELinux
+domain transitions, neither of which are captured by the uid
+comparison.
+
+On Linux/glibc, the way this works is that the kernel sets an
+AT_SECURE flag in the ELF auxiliary vector, and glibc looks for it on
+startup.  If found, then glibc sets a public-but-undocumented
+__libc_enable_secure variable which we can use.  Unfortunately, while
+it *previously* worked to check this variable, a combination of newer
+binutils and RPM break it:
+http://www.openwall.com/lists/owl-dev/2012/08/14/1
+
+So for now on Linux/glibc, we fall back to the historical Unix version
+until we get glibc fixed.
+
+On some BSD variants, there is a issetugid() function.  On other Unix
+variants, we fall back to what GTK+ has been doing.
+
+Reported-By: Sebastian Krahmer <krahmer@suse.de>
+Signed-off-by: Colin Walters <walters@verbum.org>
+---
+diff --git a/configure.ac b/configure.ac
+index 584df1d..67ea1a9 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -583,9 +583,20 @@ AC_TRY_COMPILE([#include <dirent.h>], [DIR *dir;],
+ # Checks for library functions.
+ AC_FUNC_VPRINTF
+ AC_FUNC_ALLOCA
+-AC_CHECK_FUNCS(mmap posix_memalign memalign valloc fsync pipe2)
++AC_CHECK_FUNCS(mmap posix_memalign memalign valloc fsync pipe2 issetugid)
+ AC_CHECK_FUNCS(atexit on_exit timegm gmtime_r)
+ 
++AC_CACHE_CHECK([for __libc_enable_secure], glib_cv_have_libc_enable_secure,
++  [AC_TRY_LINK([#include <unistd.h>
++    extern int __libc_enable_secure;],
++    [return __libc_enable_secure;],
++   glib_cv_have_libc_enable_secure=yes,
++   glib_cv_have_libc_enable_secure=no)])
++AS_IF([test x$glib_cv_have_libc_enable_secure = xyes], [
++   AC_DEFINE(HAVE_LIBC_ENABLE_SECURE, 1,
++     [Define if you have the __libc_enable_secure variable (GNU libc, eglibc)])
++])
++
+ AC_CHECK_SIZEOF(char)
+ AC_CHECK_SIZEOF(short)
+ AC_CHECK_SIZEOF(long)
+@@ -984,7 +995,7 @@ AC_MSG_RESULT(unsigned $glib_size_type)
+ 
+ # Check for some functions
+ AC_CHECK_FUNCS(lstat strerror strsignal memmove vsnprintf stpcpy strcasecmp strncasecmp poll getcwd vasprintf setenv unsetenv getc_unlocked readlink symlink fdwalk memmem)
+-AC_CHECK_FUNCS(chown lchmod lchown fchmod fchown link utimes getgrgid getpwuid)
++AC_CHECK_FUNCS(chown lchmod lchown fchmod fchown link utimes getgrgid getpwuid getresuid)
+ AC_CHECK_FUNCS(getmntent_r setmntent endmntent hasmntopt getfsstat getvfsstat)
+ # Check for high-resolution sleep functions
+ AC_CHECK_FUNCS(splice)
+diff --git a/gio/gdbusaddress.c b/gio/gdbusaddress.c
+index 4aa13b9..96b6343 100644
+--- a/gio/gdbusaddress.c
++++ b/gio/gdbusaddress.c
+@@ -37,6 +37,7 @@
+ #include "giostream.h"
+ #include "gasyncresult.h"
+ #include "gsimpleasyncresult.h"
++#include "glib-private.h"
+ #include "gdbusprivate.h"
+ #include "giomodule-priv.h"
+ #include "gdbusdaemon.h"
+@@ -1023,6 +1024,14 @@ get_session_address_dbus_launch (GError **error)
+   restore_dbus_verbose = FALSE;
+   old_dbus_verbose = NULL;
+ 
++  /* Don't run binaries as root if we're setuid. */
++  if (GLIB_PRIVATE_CALL (g_check_setuid) ())
++    {
++      g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
++		   _("Cannot spawn a message bus when setuid"));
++      goto out;
++    }
++
+   machine_id = _g_dbus_get_machine_id (error);
+   if (machine_id == NULL)
+     {
+diff --git a/gio/gvfs.c b/gio/gvfs.c
+index dda8afb..9afbcec 100644
+--- a/gio/gvfs.c
++++ b/gio/gvfs.c
+@@ -23,6 +23,7 @@
+ #include "config.h"
+ #include <string.h>
+ #include "gvfs.h"
++#include "glib-private.h"
+ #include "glocalvfs.h"
+ #include "gresourcefile.h"
+ #include "giomodule-priv.h"
+@@ -191,6 +192,8 @@ g_vfs_parse_name (GVfs       *vfs,
+ GVfs *
+ g_vfs_get_default (void)
+ {
++  if (GLIB_PRIVATE_CALL (g_check_setuid) ())
++    return g_vfs_get_local ();
+   return _g_io_module_get_default (G_VFS_EXTENSION_POINT_NAME,
+ 				   "GIO_USE_VFS",
+ 				   (GIOModuleVerifyFunc)g_vfs_is_active);
+diff --git a/glib/genviron.c b/glib/genviron.c
+index 59a8bbe..9525cf0 100644
+--- a/glib/genviron.c
++++ b/glib/genviron.c
+@@ -40,6 +40,7 @@
+ #include <windows.h>
+ #endif
+ 
++#include "glib-private.h"
+ #include "gmem.h"
+ #include "gmessages.h"
+ #include "gstrfuncs.h"
+diff --git a/glib/glib-private.c b/glib/glib-private.c
+index 3946e77..3506782 100644
+--- a/glib/glib-private.c
++++ b/glib/glib-private.c
+@@ -38,7 +38,9 @@ glib__private__ (void)
+     g_wakeup_signal,
+     g_wakeup_acknowledge,
+ 
+-    g_get_worker_context
++    g_get_worker_context,
++
++    g_check_setuid
+   };
+ 
+   return &table;
+diff --git a/glib/glib-private.h b/glib/glib-private.h
+index fde0be8..87da6f3 100644
+--- a/glib/glib-private.h
++++ b/glib/glib-private.h
+@@ -25,6 +25,8 @@
+ 
+ G_GNUC_INTERNAL
+ GMainContext *          g_get_worker_context            (void);
++G_GNUC_INTERNAL
++gboolean                g_check_setuid                  (void);
+ 
+ #define GLIB_PRIVATE_CALL(symbol) (glib__private__()->symbol)
+ 
+@@ -40,6 +42,8 @@ typedef struct {
+   /* See gmain.c */
+   GMainContext *        (* g_get_worker_context)        (void);
+   /* Add other private functions here, initialize them in glib-private.c */
++
++  gboolean              (* g_check_setuid)              (void);
+ } GLibPrivateVTable;
+ 
+ GLibPrivateVTable *glib__private__ (void);
+diff --git a/glib/gutils.c b/glib/gutils.c
+index 38b5e44..f8a38d1 100644
+--- a/glib/gutils.c
++++ b/glib/gutils.c
+@@ -2409,3 +2409,60 @@ g_get_tmp_dir (void)
+ }
+ 
+ #endif
++
++/* Private API:
++ *
++ * Returns %TRUE if the current process was executed as setuid (or an
++ * equivalent __libc_enable_secure is available).  See:
++ * http://osdir.com/ml/linux.lfs.hardened/2007-04/msg00032.html
++ */ 
++gboolean
++g_check_setuid (void)
++{
++  /* TODO: get __libc_enable_secure exported from glibc.
++   * See http://www.openwall.com/lists/owl-dev/2012/08/14/1
++   */
++#if 0 && defined(HAVE_LIBC_ENABLE_SECURE)
++  {
++    /* See glibc/include/unistd.h */
++    extern int __libc_enable_secure;
++    return __libc_enable_secure;
++  }
++#elif defined(HAVE_ISSETUGID)
++  /* BSD: http://www.freebsd.org/cgi/man.cgi?query=issetugid&sektion=2 */
++  return issetugid ();
++#elif defined(G_OS_UNIX)
++  uid_t ruid, euid, suid; /* Real, effective and saved user ID's */
++  gid_t rgid, egid, sgid; /* Real, effective and saved group ID's */
++
++  static gsize check_setuid_initialised;
++  static gboolean is_setuid;
++
++  if (g_once_init_enter (&check_setuid_initialised))
++    {
++#ifdef HAVE_GETRESUID
++      /* These aren't in the header files, so we prototype them here.
++       */
++      int getresuid(uid_t *ruid, uid_t *euid, uid_t *suid);
++      int getresgid(gid_t *rgid, gid_t *egid, gid_t *sgid);
++      
++      if (getresuid (&ruid, &euid, &suid) != 0 ||
++          getresgid (&rgid, &egid, &sgid) != 0)
++#endif /* HAVE_GETRESUID */
++        {
++          suid = ruid = getuid ();
++          sgid = rgid = getgid ();
++          euid = geteuid ();
++          egid = getegid ();
++        }
++
++      is_setuid = (ruid != euid || ruid != suid ||
++                   rgid != egid || rgid != sgid);
++
++      g_once_init_leave (&check_setuid_initialised, 1);
++    }
++  return is_setuid;
++#else
++  return FALSE;
++#endif
++}
+--
+cgit v0.9.0.2

diff --git a/dev-libs/glib/files/glib-2.32.4-always-include-fcntl.h-patch b/dev-libs/glib/files/glib-2.32.4-always-include-fcntl.h-patch
new file mode 100644
index 0000000..dcac735
--- /dev/null
+++ b/dev-libs/glib/files/glib-2.32.4-always-include-fcntl.h-patch
@@ -0,0 +1,15 @@
+diff -Naur glib-2.32.4.orig/gio/gfile.c glib-2.32.4/gio/gfile.c
+--- glib-2.32.4.orig/gio/gfile.c	2012-07-14 19:16:55.000000000 +0000
++++ glib-2.32.4/gio/gfile.c	2013-07-06 22:01:12.564092562 +0000
+@@ -26,10 +26,10 @@
+ #ifdef HAVE_SPLICE
+ #include <sys/stat.h>
+ #include <unistd.h>
+-#include <fcntl.h>
+ #include <errno.h>
+ #endif
+ #include <string.h>
++#include <fcntl.h>
+ #include <sys/types.h>
+ #ifdef HAVE_PWD_H
+ #include <pwd.h>

diff --git a/dev-libs/glib/files/glib-2.32.4-bashcomp.patch b/dev-libs/glib/files/glib-2.32.4-bashcomp.patch
new file mode 100644
index 0000000..33abffc
--- /dev/null
+++ b/dev-libs/glib/files/glib-2.32.4-bashcomp.patch
@@ -0,0 +1,27 @@
+From 6d032421b4871105e1f37bb75a5ec7b012f19f61 Mon Sep 17 00:00:00 2001
+From: Alexandre Rostovtsev <tetromino@gentoo.org>
+Date: Sun, 15 Jul 2012 22:30:07 -0400
+Subject: [PATCH] gio: use /usr/share/bash-completion for bashcomp
+
+In Gentoo, we use /usr/share/bash-completion, not
+/usr/share/bash-completion/completions.
+---
+ gio/Makefile.am |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/gio/Makefile.am b/gio/Makefile.am
+index 704367c..bee9dc6 100644
+--- a/gio/Makefile.am
++++ b/gio/Makefile.am
+@@ -715,7 +715,7 @@ gdbus_LDADD = libgio-2.0.la \
+ 	$(top_builddir)/glib/libglib-2.0.la 		\
+ 	$(top_builddir)/gobject/libgobject-2.0.la
+ 
+-completiondir = $(datadir)/bash-completion/completions
++completiondir = $(datadir)/bash-completion
+ completion_DATA = \
+ 	completion/gdbus				\
+ 	completion/gsettings				\
+-- 
+1.7.8.6
+

diff --git a/dev-libs/glib/files/glib-2.34.0-testsuite-skip-thread4.patch b/dev-libs/glib/files/glib-2.34.0-testsuite-skip-thread4.patch
new file mode 100644
index 0000000..f409094
--- /dev/null
+++ b/dev-libs/glib/files/glib-2.34.0-testsuite-skip-thread4.patch
@@ -0,0 +1,44 @@
+From 8a8112aad6dc98aaaf9767b31e48f5ae8fabd858 Mon Sep 17 00:00:00 2001
+From: Priit Laes <plaes@plaes.org>
+Date: Tue, 3 Jul 2012 11:21:56 +0300
+Subject: [PATCH] Gentoo: skip over thread/thread4 test failure
+
+https://bugzilla.gnome.org/show_bug.cgi?id=679306
+---
+ glib/tests/thread.c |    5 +++++
+ 1 files changed, 5 insertions(+), 0 deletions(-)
+
+diff --git a/glib/tests/thread.c b/glib/tests/thread.c
+index 29b3850..ffe8087 100644
+--- a/glib/tests/thread.c
++++ b/glib/tests/thread.c
+@@ -124,6 +124,8 @@ test_thread3 (void)
+   g_assert_cmpint (GPOINTER_TO_INT(result), ==, 9);
+ }
+ 
++#if 0
++// https://bugzilla.gnome.org/show_bug.cgi?id=679306
+ /* test that thread creation fails as expected,
+  * by setting RLIMIT_NPROC ridiculously low
+  */
+@@ -152,6 +154,7 @@ test_thread4 (void)
+     g_error ("resetting RLIMIT_NPROC failed: %s\n", g_strerror (ret));
+ #endif
+ }
++#endif
+ 
+ static void
+ test_thread5 (void)
+@@ -195,7 +198,9 @@ main (int argc, char *argv[])
+   g_test_add_func ("/thread/thread1", test_thread1);
+   g_test_add_func ("/thread/thread2", test_thread2);
+   g_test_add_func ("/thread/thread3", test_thread3);
++#if 0
+   g_test_add_func ("/thread/thread4", test_thread4);
++#endif
+   g_test_add_func ("/thread/thread5", test_thread5);
+   g_test_add_func ("/thread/thread6", test_thread6);
+ 
+-- 
+1.7.8.6
+

diff --git a/dev-libs/glib/files/glib-2.34.3-automake-1.13.patch b/dev-libs/glib/files/glib-2.34.3-automake-1.13.patch
new file mode 100644
index 0000000..5f4e7b6
--- /dev/null
+++ b/dev-libs/glib/files/glib-2.34.3-automake-1.13.patch
@@ -0,0 +1,23 @@
+Replace macros deprecated in automake-1.13; fixed upstream in glib-2.36
+
+diff --git a/configure.ac b/configure.ac
+index a3567b3..3e3d697 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -56,7 +56,7 @@ m4_define([glib_debug_default],
+ AC_INIT(glib, [glib_version],
+         [http://bugzilla.gnome.org/enter_bug.cgi?product=glib])
+ 
+-AC_CONFIG_HEADER([config.h])
++AC_CONFIG_HEADERS([config.h])
+ AC_CONFIG_SRCDIR([glib/glib.h])
+ AC_CONFIG_MACRO_DIR([m4macros])
+ 
+@@ -291,7 +291,6 @@ AC_TRY_COMPILE(,[class a { int b; } c;], ,CXX=)
+ AM_CONDITIONAL(HAVE_CXX, [test "$CXX" != ""])
+ AC_LANG_RESTORE
+ 
+-AM_PROG_CC_STDC
+ AM_PROG_CC_C_O
+ AC_PROG_INSTALL
+ 

diff --git a/dev-libs/glib/glib-2.32.4-r99.ebuild b/dev-libs/glib/glib-2.32.4-r99.ebuild
new file mode 100644
index 0000000..8e4bb81
--- /dev/null
+++ b/dev-libs/glib/glib-2.32.4-r99.ebuild
@@ -0,0 +1,238 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/glib/glib-2.32.4-r1.ebuild,v 1.13 2013/04/30 14:29:12 tetromino Exp $
+
+EAPI="4"
+PYTHON_DEPEND="utils? 2" # Avoid runtime dependency on python when USE=test
+
+inherit autotools gnome.org libtool eutils flag-o-matic gnome2-utils multilib pax-utils python toolchain-funcs virtualx linux-info
+
+DESCRIPTION="The GLib library of C routines"
+HOMEPAGE="http://www.gtk.org/"
+SRC_URI="${SRC_URI}
+	http://dev.gentoo.org/~tetromino/distfiles/glib/${P}-AS_IF-patches.tar.xz
+	http://pkgconfig.freedesktop.org/releases/pkg-config-0.26.tar.gz" # pkg.m4 for eautoreconf
+
+LICENSE="LGPL-2+"
+SLOT="2"
+IUSE="debug fam kernel_linux selinux static-libs systemtap test utils xattr"
+KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~x86-linux"
+
+RDEPEND="virtual/libiconv
+	virtual/libffi
+	sys-libs/zlib
+	|| (
+		>=dev-libs/elfutils-0.142
+		>=dev-libs/libelf-0.8.12 )
+	xattr? ( sys-apps/attr )
+	fam? ( virtual/fam )
+	utils? ( >=dev-util/gdbus-codegen-${PV} )"
+DEPEND="${RDEPEND}
+	>=sys-devel/gettext-0.11
+	>=dev-util/gtk-doc-am-1.15
+	systemtap? ( >=dev-util/systemtap-1.3 )
+	test? (
+		sys-devel/gdb
+		=dev-lang/python-2*
+		>=dev-util/gdbus-codegen-${PV}
+		>=sys-apps/dbus-1.2.14 )
+	!<dev-util/gtk-doc-1.15-r2"
+PDEPEND="x11-misc/shared-mime-info
+	!<gnome-base/gvfs-1.6.4-r990"
+# shared-mime-info needed for gio/xdgmime, bug #409481
+# Earlier versions of gvfs do not work with glib
+
+pkg_setup() {
+	# Needed for gio/tests/gdbus-testserver.py
+	if use test ; then
+		python_set_active_version 2
+		python_pkg_setup
+	fi
+
+	if use kernel_linux ; then
+		CONFIG_CHECK="~INOTIFY_USER"
+		linux-info_pkg_setup
+	fi
+}
+
+src_prepare() {
+	epatch "${FILESDIR}"/${P}-CVE-2012-3524.patch
+
+	mv -f "${WORKDIR}"/pkg-config-*/pkg.m4 "${WORKDIR}"/ || die
+
+	# Fix gmodule issues on fbsd; bug #184301
+	epatch "${FILESDIR}"/${PN}-2.12.12-fbsd.patch
+
+	if ! use test; then
+		# don't waste time building tests
+		sed 's/^\(.*\SUBDIRS .*\=.*\)tests\(.*\)$/\1\2/' -i $(find . -name Makefile.am -o -name Makefile.in) || die
+	else
+		# Do not try to remove files on live filesystem, upstream bug #619274
+		sed 's:^\(.*"/desktop-app-info/delete".*\):/*\1*/:' \
+			-i "${S}"/gio/tests/desktop-app-info.c || die "sed failed"
+
+		# Disable tests requiring dev-util/desktop-file-utils when not installed, bug #286629
+		if ! has_version dev-util/desktop-file-utils ; then
+			ewarn "Some tests will be skipped due dev-util/desktop-file-utils not being present on your system,"
+			ewarn "think on installing it to get these tests run."
+			sed -i -e "/appinfo\/associations/d" gio/tests/appinfo.c || die
+			sed -i -e "/desktop-app-info\/default/d" gio/tests/desktop-app-info.c || die
+			sed -i -e "/desktop-app-info\/fallback/d" gio/tests/desktop-app-info.c || die
+			sed -i -e "/desktop-app-info\/lastused/d" gio/tests/desktop-app-info.c || die
+		fi
+
+		# Disable tests requiring dbus-python and pygobject; bugs #349236, #377549, #384853
+		if ! has_version dev-python/dbus-python || ! has_version 'dev-python/pygobject:2' ; then
+			ewarn "Some tests will be skipped due to dev-python/dbus-python or dev-python/pygobject:2"
+			ewarn "not being present on your system, think on installing them to get these tests run."
+			sed -i -e "/connection\/filter/d" gio/tests/gdbus-connection.c || die
+			sed -i -e "/connection\/large_message/d" gio/tests/gdbus-connection-slow.c || die
+			sed -i -e "/gdbus\/proxy/d" gio/tests/gdbus-proxy.c || die
+			sed -i -e "/gdbus\/proxy-well-known-name/d" gio/tests/gdbus-proxy-well-known-name.c || die
+			sed -i -e "/gdbus\/introspection-parser/d" gio/tests/gdbus-introspection.c || die
+			sed -i -e "/g_test_add_func/d" gio/tests/gdbus-threading.c || die
+			sed -i -e "/gdbus\/method-calls-in-thread/d" gio/tests/gdbus-threading.c || die
+			# needed to prevent gdbus-threading from asserting
+			ln -sfn $(type -P true) gio/tests/gdbus-testserver.py
+		fi
+	fi
+
+	# gdbus-codegen is a separate package
+	epatch "${FILESDIR}/${PN}-2.31.x-external-gdbus-codegen.patch"
+
+	# bashcomp goes in /usr/share/bash-completion
+	epatch "${FILESDIR}/${PN}-2.32.4-bashcomp.patch"
+
+	# AS_IF fixes from 2.33.x, needed for cross-compiling, bug #434770
+	epatch ../AS_IF-patches/*.patch
+
+	# https://bugzilla.gnome.org/show_bug.cgi?id=679306
+	epatch "${FILESDIR}/${PN}-2.34.0-testsuite-skip-thread4.patch"
+
+	# build failure with automake-1.13; fixed upstream in 2.36
+	epatch "${FILESDIR}/${PN}-2.34.3-automake-1.13.patch"
+
+	# We need fcntl.h on musl for loff_t
+	epatch "${FILESDIR}/glib-2.32.4-always-include-fcntl.h-patch"
+
+	epatch_user
+
+	# disable pyc compiling
+	use test && python_clean_py-compile_files
+
+	# Needed for the punt-python-check patch, disabling timeout test
+	# Also needed to prevent croscompile failures, see bug #267603
+	# Also needed for the no-gdbus-codegen patch
+	AT_M4DIR="${WORKDIR}" eautoreconf
+
+	[[ ${CHOST} == *-freebsd* ]] && elibtoolize
+
+	epunt_cxx
+}
+
+src_configure() {
+	# Avoid circular depend with dev-util/pkgconfig and
+	# native builds (cross-compiles won't need pkg-config
+	# in the target ROOT to work here)
+	if ! tc-is-cross-compiler && ! $(tc-getPKG_CONFIG) --version >& /dev/null; then
+		if has_version sys-apps/dbus; then
+			export DBUS1_CFLAGS="-I/usr/include/dbus-1.0 -I/usr/$(get_libdir)/dbus-1.0/include"
+			export DBUS1_LIBS="-ldbus-1"
+		fi
+		export LIBFFI_CFLAGS="-I$(echo /usr/$(get_libdir)/libffi-*/include)"
+		export LIBFFI_LIBS="-lffi"
+	fi
+
+	local myconf
+
+	# Building with --disable-debug highly unrecommended.  It will build glib in
+	# an unusable form as it disables some commonly used API.  Please do not
+	# convert this to the use_enable form, as it results in a broken build.
+	# -- compnerd (3/27/06)
+	use debug && myconf="--enable-debug"
+
+	# Always use internal libpcre, bug #254659
+	econf ${myconf} \
+		$(use_enable xattr) \
+		$(use_enable fam) \
+		$(use_enable selinux) \
+		$(use_enable static-libs static) \
+		$(use_enable systemtap dtrace) \
+		$(use_enable systemtap systemtap) \
+		--with-pcre=internal \
+		--with-threads=posix
+}
+
+src_install() {
+	local f
+
+	# install-exec-hook substitutes ${PYTHON} in glib/gtester-report
+	emake DESTDIR="${D}" PYTHON="${EPREFIX}/usr/bin/python2" install
+
+	if ! use utils; then
+		rm "${ED}usr/bin/gtester-report"
+	fi
+
+	# Do not install charset.alias even if generated, leave it to libiconv
+	rm -f "${ED}/usr/lib/charset.alias"
+
+	# Don't install gdb python macros, bug 291328
+	rm -rf "${ED}/usr/share/gdb/" "${ED}/usr/share/glib-2.0/gdb/"
+
+	dodoc AUTHORS ChangeLog* NEWS* README
+
+	# Completely useless with or without USE static-libs, people need to use
+	# pkg-config
+	find "${D}" -name '*.la' -exec rm -f {} +
+}
+
+src_test() {
+	gnome2_environment_reset
+
+	unset DBUS_SESSION_BUS_ADDRESS
+	export XDG_CONFIG_DIRS=/etc/xdg
+	export XDG_DATA_DIRS=/usr/local/share:/usr/share
+	export G_DBUS_COOKIE_SHA1_KEYRING_DIR="${T}/temp"
+	unset GSETTINGS_BACKEND # bug 352451
+	export LC_TIME=C # bug #411967
+
+	# Related test is a bit nitpicking
+	mkdir "$G_DBUS_COOKIE_SHA1_KEYRING_DIR"
+	chmod 0700 "$G_DBUS_COOKIE_SHA1_KEYRING_DIR"
+
+	# Hardened: gdb needs this, bug #338891
+	if host-is-pax ; then
+		pax-mark -mr "${S}"/tests/.libs/assert-msg-test \
+			|| die "Hardened adjustment failed"
+	fi
+
+	# Need X for dbus-launch session X11 initialization
+	Xemake check
+}
+
+pkg_preinst() {
+	# Only give the introspection message if:
+	# * The user has gobject-introspection
+	# * Has glib already installed
+	# * Previous version was different from new version
+	if has_version "dev-libs/gobject-introspection" && ! has_version "=${CATEGORY}/${PF}"; then
+		ewarn "You must rebuild gobject-introspection so that the installed"
+		ewarn "typelibs and girs are regenerated for the new APIs in glib"
+	fi
+}
+
+pkg_postinst() {
+	# Inform users about possible breakage when updating glib and not dbus-glib, bug #297483
+	if has_version dev-libs/dbus-glib; then
+		ewarn "If you experience a breakage after updating dev-libs/glib try"
+		ewarn "rebuilding dev-libs/dbus-glib"
+	fi
+
+	if has_version '<x11-libs/gtk+-3.0.12:3'; then
+		# To have a clear upgrade path for gtk+-3.0.x users, have to resort to
+		# a warning instead of a blocker
+		ewarn
+		ewarn "Using <gtk+-3.0.12:3 with ${P} results in frequent crashes."
+		ewarn "You should upgrade to a newer version of gtk+:3 immediately."
+	fi
+}

diff --git a/dev-libs/glib/metadata.xml b/dev-libs/glib/metadata.xml
new file mode 100644
index 0000000..ae970d3
--- /dev/null
+++ b/dev-libs/glib/metadata.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+  <herd>gnome</herd>
+  <use>
+	<flag name="systemtap">Build support for profiling and tracing using 
+		<pkg>dev-util/systemtap</pkg></flag>
+	<flag name="utils">Install gtester-report utility to generate test
+		report files for your software.</flag>
+  </use>
+  <upstream>
+    <remote-id type="cpe">cpe:/a:gnome:glib</remote-id>
+  </upstream>
+</pkgmetadata>