* [gentoo-commits] proj/hardened-patchset:master commit in: 3.19.5/, 3.2.68/, 3.14.39/
@ 2015-04-29 1:20 Anthony G. Basile
0 siblings, 0 replies; only message in thread
From: Anthony G. Basile @ 2015-04-29 1:20 UTC (permalink / raw
To: gentoo-commits
commit: 4522d04d4ebc959b9a4fc09ff531cb49027c6d6b
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 29 01:17:45 2015 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Wed Apr 29 01:17:45 2015 +0000
URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=4522d04d
Grsec/PaX: 3.1-{3.2.68,3.14.39,3.19.5}-201504270827
3.14.39/0000_README | 2 +-
...4420_grsecurity-3.1-3.14.39-201504270826.patch} | 384 ++++++++++++---
3.19.5/0000_README | 2 +-
... 4420_grsecurity-3.1-3.19.5-201504270827.patch} | 516 +++++++++++++++++----
3.2.68/0000_README | 2 +-
... 4420_grsecurity-3.1-3.2.68-201504270825.patch} | 409 ++++++++++++----
6 files changed, 1034 insertions(+), 281 deletions(-)
diff --git a/3.14.39/0000_README b/3.14.39/0000_README
index df5ef6d..7ed8450 100644
--- a/3.14.39/0000_README
+++ b/3.14.39/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.1-3.14.39-201504190814.patch
+Patch: 4420_grsecurity-3.1-3.14.39-201504270826.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.14.39/4420_grsecurity-3.1-3.14.39-201504190814.patch b/3.14.39/4420_grsecurity-3.1-3.14.39-201504270826.patch
similarity index 99%
rename from 3.14.39/4420_grsecurity-3.1-3.14.39-201504190814.patch
rename to 3.14.39/4420_grsecurity-3.1-3.14.39-201504270826.patch
index 71f78fb..3fbeaa8 100644
--- a/3.14.39/4420_grsecurity-3.1-3.14.39-201504190814.patch
+++ b/3.14.39/4420_grsecurity-3.1-3.14.39-201504270826.patch
@@ -45938,7 +45938,7 @@ index 2fd9009..278cc1e 100644
radio = devm_kzalloc(&pdev->dev, sizeof(*radio), GFP_KERNEL);
if (!radio)
diff --git a/drivers/media/radio/wl128x/fmdrv_common.c b/drivers/media/radio/wl128x/fmdrv_common.c
-index 4b2e9e8..c2900d9 100644
+index 4b2e9e8..c2900d99 100644
--- a/drivers/media/radio/wl128x/fmdrv_common.c
+++ b/drivers/media/radio/wl128x/fmdrv_common.c
@@ -71,7 +71,7 @@ module_param(default_rds_buf, uint, 0444);
@@ -48304,6 +48304,19 @@ index d7a3682..9ce272a 100644
rc = efx_mcdi_rpc_start(efx, MC_CMD_PTP, synch_buf,
MC_CMD_PTP_IN_SYNCHRONIZE_LEN);
EFX_BUG_ON_PARANOID(rc);
+diff --git a/drivers/net/ethernet/sfc/selftest.c b/drivers/net/ethernet/sfc/selftest.c
+index 2664181..c9fcf6f 100644
+--- a/drivers/net/ethernet/sfc/selftest.c
++++ b/drivers/net/ethernet/sfc/selftest.c
+@@ -46,7 +46,7 @@ struct efx_loopback_payload {
+ struct iphdr ip;
+ struct udphdr udp;
+ __be16 iteration;
+- const char msg[64];
++ char msg[64];
+ } __packed;
+
+ /* Loopback test source MAC address */
diff --git a/drivers/net/ethernet/stmicro/stmmac/mmc_core.c b/drivers/net/ethernet/stmicro/stmmac/mmc_core.c
index 50617c5..b13724c 100644
--- a/drivers/net/ethernet/stmicro/stmmac/mmc_core.c
@@ -61108,7 +61121,7 @@ index e4141f2..d8263e8 100644
i += packet_length_size;
if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size))
diff --git a/fs/exec.c b/fs/exec.c
-index ea4449d..c3fd55e 100644
+index ea4449d..747fc21 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -56,8 +56,20 @@
@@ -61425,7 +61438,23 @@ index ea4449d..c3fd55e 100644
tsk->mm->vmacache_seqnum = 0;
vmacache_flush(tsk);
task_unlock(tsk);
-@@ -1261,7 +1340,7 @@ static void check_unsafe_exec(struct linux_binprm *bprm)
+@@ -913,10 +992,14 @@ static int de_thread(struct task_struct *tsk)
+ if (!thread_group_leader(tsk)) {
+ struct task_struct *leader = tsk->group_leader;
+
+- sig->notify_count = -1; /* for exit_notify() */
+ for (;;) {
+ threadgroup_change_begin(tsk);
+ write_lock_irq(&tasklist_lock);
++ /*
++ * Do this under tasklist_lock to ensure that
++ * exit_notify() can't miss ->group_exit_task
++ */
++ sig->notify_count = -1;
+ if (likely(leader->exit_state))
+ break;
+ __set_current_state(TASK_KILLABLE);
+@@ -1261,13 +1344,60 @@ static void check_unsafe_exec(struct linux_binprm *bprm)
}
rcu_read_unlock();
@@ -61434,7 +61463,98 @@ index ea4449d..c3fd55e 100644
bprm->unsafe |= LSM_UNSAFE_SHARE;
else
p->fs->in_exec = 1;
-@@ -1437,6 +1516,31 @@ static int exec_binprm(struct linux_binprm *bprm)
+ spin_unlock(&p->fs->lock);
+ }
+
++static void bprm_fill_uid(struct linux_binprm *bprm)
++{
++ struct inode *inode;
++ unsigned int mode;
++ kuid_t uid;
++ kgid_t gid;
++
++ /* clear any previous set[ug]id data from a previous binary */
++ bprm->cred->euid = current_euid();
++ bprm->cred->egid = current_egid();
++
++ if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)
++ return;
++
++ if (current->no_new_privs)
++ return;
++
++ inode = file_inode(bprm->file);
++ mode = ACCESS_ONCE(inode->i_mode);
++ if (!(mode & (S_ISUID|S_ISGID)))
++ return;
++
++ /* Be careful if suid/sgid is set */
++ mutex_lock(&inode->i_mutex);
++
++ /* reload atomically mode/uid/gid now that lock held */
++ mode = inode->i_mode;
++ uid = inode->i_uid;
++ gid = inode->i_gid;
++ mutex_unlock(&inode->i_mutex);
++
++ /* We ignore suid/sgid if there are no mappings for them in the ns */
++ if (!kuid_has_mapping(bprm->cred->user_ns, uid) ||
++ !kgid_has_mapping(bprm->cred->user_ns, gid))
++ return;
++
++ if (mode & S_ISUID) {
++ bprm->per_clear |= PER_CLEAR_ON_SETID;
++ bprm->cred->euid = uid;
++ }
++
++ if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) {
++ bprm->per_clear |= PER_CLEAR_ON_SETID;
++ bprm->cred->egid = gid;
++ }
++}
++
+ /*
+ * Fill the binprm structure from the inode.
+ * Check permissions, then read the first 128 (BINPRM_BUF_SIZE) bytes
+@@ -1276,36 +1406,9 @@ static void check_unsafe_exec(struct linux_binprm *bprm)
+ */
+ int prepare_binprm(struct linux_binprm *bprm)
+ {
+- struct inode *inode = file_inode(bprm->file);
+- umode_t mode = inode->i_mode;
+ int retval;
+
+-
+- /* clear any previous set[ug]id data from a previous binary */
+- bprm->cred->euid = current_euid();
+- bprm->cred->egid = current_egid();
+-
+- if (!(bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID) &&
+- !current->no_new_privs &&
+- kuid_has_mapping(bprm->cred->user_ns, inode->i_uid) &&
+- kgid_has_mapping(bprm->cred->user_ns, inode->i_gid)) {
+- /* Set-uid? */
+- if (mode & S_ISUID) {
+- bprm->per_clear |= PER_CLEAR_ON_SETID;
+- bprm->cred->euid = inode->i_uid;
+- }
+-
+- /* Set-gid? */
+- /*
+- * If setgid is set but no group execute bit then this
+- * is a candidate for mandatory locking, not a setgid
+- * executable.
+- */
+- if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) {
+- bprm->per_clear |= PER_CLEAR_ON_SETID;
+- bprm->cred->egid = inode->i_gid;
+- }
+- }
++ bprm_fill_uid(bprm);
+
+ /* fill in binprm security blob */
+ retval = security_bprm_set_creds(bprm);
+@@ -1437,6 +1540,31 @@ static int exec_binprm(struct linux_binprm *bprm)
return ret;
}
@@ -61466,7 +61586,7 @@ index ea4449d..c3fd55e 100644
/*
* sys_execve() executes a new program.
*/
-@@ -1444,6 +1548,11 @@ static int do_execve_common(struct filename *filename,
+@@ -1444,6 +1572,11 @@ static int do_execve_common(struct filename *filename,
struct user_arg_ptr argv,
struct user_arg_ptr envp)
{
@@ -61478,7 +61598,7 @@ index ea4449d..c3fd55e 100644
struct linux_binprm *bprm;
struct file *file;
struct files_struct *displaced;
-@@ -1452,6 +1561,8 @@ static int do_execve_common(struct filename *filename,
+@@ -1452,6 +1585,8 @@ static int do_execve_common(struct filename *filename,
if (IS_ERR(filename))
return PTR_ERR(filename);
@@ -61487,7 +61607,7 @@ index ea4449d..c3fd55e 100644
/*
* We move the actual failure in case of RLIMIT_NPROC excess from
* set*uid() to execve() because too many poorly written programs
-@@ -1489,11 +1600,21 @@ static int do_execve_common(struct filename *filename,
+@@ -1489,11 +1624,21 @@ static int do_execve_common(struct filename *filename,
if (IS_ERR(file))
goto out_unmark;
@@ -61509,7 +61629,7 @@ index ea4449d..c3fd55e 100644
retval = bprm_mm_init(bprm);
if (retval)
goto out_unmark;
-@@ -1510,24 +1631,70 @@ static int do_execve_common(struct filename *filename,
+@@ -1510,24 +1655,70 @@ static int do_execve_common(struct filename *filename,
if (retval < 0)
goto out;
@@ -61584,7 +61704,7 @@ index ea4449d..c3fd55e 100644
current->fs->in_exec = 0;
current->in_execve = 0;
acct_update_integrals(current);
-@@ -1538,6 +1705,14 @@ static int do_execve_common(struct filename *filename,
+@@ -1538,6 +1729,14 @@ static int do_execve_common(struct filename *filename,
put_files_struct(displaced);
return retval;
@@ -61599,7 +61719,7 @@ index ea4449d..c3fd55e 100644
out:
if (bprm->mm) {
acct_arg_size(bprm, 0);
-@@ -1629,3 +1804,312 @@ asmlinkage long compat_sys_execve(const char __user * filename,
+@@ -1629,3 +1828,312 @@ asmlinkage long compat_sys_execve(const char __user * filename,
return compat_do_execve(getname(filename), argv, envp);
}
#endif
@@ -65576,6 +65696,19 @@ index 553f53c..aaf5133 100644
};
enum ocfs2_local_alloc_state
+diff --git a/fs/ocfs2/refcounttree.c b/fs/ocfs2/refcounttree.c
+index 6ba4bcb..88a6f7d 100644
+--- a/fs/ocfs2/refcounttree.c
++++ b/fs/ocfs2/refcounttree.c
+@@ -4279,7 +4279,7 @@ static int ocfs2_reflink(struct dentry *old_dentry, struct inode *dir,
+ error = posix_acl_create(dir, &mode, &default_acl, &acl);
+ if (error) {
+ mlog_errno(error);
+- goto out;
++ return error;
+ }
+
+ error = ocfs2_create_inode_in_orphan(dir, mode,
diff --git a/fs/ocfs2/suballoc.c b/fs/ocfs2/suballoc.c
index 47ae266..6e8b793 100644
--- a/fs/ocfs2/suballoc.c
@@ -81734,10 +81867,10 @@ index 2507fd2..55203f8 100644
* Mark a position in code as unreachable. This can be used to
* suppress control flow warnings after asm blocks that transfer
diff --git a/include/linux/compiler-gcc5.h b/include/linux/compiler-gcc5.h
-index cdd1cc2..59dc542 100644
+index cdd1cc2..2401b2e 100644
--- a/include/linux/compiler-gcc5.h
+++ b/include/linux/compiler-gcc5.h
-@@ -28,6 +28,28 @@
+@@ -28,6 +28,26 @@
# define __compiletime_error(message) __attribute__((error(message)))
#endif /* __CHECKER__ */
@@ -81747,7 +81880,6 @@ index cdd1cc2..59dc542 100644
+#define __bos1(ptr) __bos((ptr), 1)
+
+#ifdef CONSTIFY_PLUGIN
-+#error not yet
+#define __no_const __attribute__((no_const))
+#define __do_const __attribute__((do_const))
+#endif
@@ -81759,13 +81891,20 @@ index cdd1cc2..59dc542 100644
+#endif
+
+#ifdef LATENT_ENTROPY_PLUGIN
-+#error not yet
+#define __latent_entropy __attribute__((latent_entropy))
+#endif
+
/*
* Mark a position in code as unreachable. This can be used to
* suppress control flow warnings after asm blocks that transfer
+@@ -53,7 +73,6 @@
+ * http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58670
+ *
+ * Work it around via a compiler barrier quirk suggested by Jakub Jelinek.
+- * Fixed in GCC 4.8.2 and later versions.
+ *
+ * (asm goto is automatically volatile - the naming reflects this.)
+ */
diff --git a/include/linux/compiler.h b/include/linux/compiler.h
index 2472740..4857634 100644
--- a/include/linux/compiler.h
@@ -109509,6 +109648,9 @@ index 0000000..eaa4fce
+ exit 0
+fi
+exit 1
+diff --git a/scripts/gcc-version.sh b/scripts/gcc-version.sh
+old mode 100644
+new mode 100755
diff --git a/scripts/headers_install.sh b/scripts/headers_install.sh
index 5de5660..d3deb89 100644
--- a/scripts/headers_install.sh
@@ -112499,12 +112641,12 @@ index 0000000..5452feea
+}
diff --git a/tools/gcc/colorize_plugin.c b/tools/gcc/colorize_plugin.c
new file mode 100644
-index 0000000..d44bd9f
+index 0000000..0c96d8a
--- /dev/null
+++ b/tools/gcc/colorize_plugin.c
@@ -0,0 +1,215 @@
+/*
-+ * Copyright 2012-2014 by PaX Team <pageexec@freemail.hu>
++ * Copyright 2012-2015 by PaX Team <pageexec@freemail.hu>
+ * Licensed under the GPL v2
+ *
+ * Note: the choice of the license means that the compilation process is
@@ -112597,6 +112739,7 @@ index 0000000..d44bd9f
+}
+
+#if BUILDING_GCC_VERSION >= 4009
++namespace {
+static const struct pass_data colorize_rearm_pass_data = {
+#else
+struct simple_ipa_opt_pass colorize_rearm_pass = {
@@ -112630,7 +112773,6 @@ index 0000000..d44bd9f
+};
+
+#if BUILDING_GCC_VERSION >= 4009
-+namespace {
+class colorize_rearm_pass : public simple_ipa_opt_pass {
+public:
+ colorize_rearm_pass() : simple_ipa_opt_pass(colorize_rearm_pass_data, g) {}
@@ -112720,13 +112862,13 @@ index 0000000..d44bd9f
+}
diff --git a/tools/gcc/constify_plugin.c b/tools/gcc/constify_plugin.c
new file mode 100644
-index 0000000..3b5af59
+index 0000000..93b181d
--- /dev/null
+++ b/tools/gcc/constify_plugin.c
-@@ -0,0 +1,558 @@
+@@ -0,0 +1,563 @@
+/*
+ * Copyright 2011 by Emese Revfy <re.emese@gmail.com>
-+ * Copyright 2011-2014 by PaX Team <pageexec@freemail.hu>
++ * Copyright 2011-2015 by PaX Team <pageexec@freemail.hu>
+ * Licensed under the GPL v2, or (at your option) v3
+ *
+ * This gcc plugin constifies all structures which contain only function pointers or are explicitly marked for constification.
@@ -112741,7 +112883,7 @@ index 0000000..3b5af59
+
+#include "gcc-common.h"
+
-+// unused C type flag in all versions 4.5-4.9
++// unused C type flag in all versions 4.5-5.0
+#define TYPE_CONSTIFY_VISITED(TYPE) TYPE_LANG_FLAG_4(TYPE)
+
+int plugin_is_GPL_compatible;
@@ -113047,6 +113189,11 @@ index 0000000..3b5af59
+ if (type == NULL_TREE || type == error_mark_node)
+ return;
+
++#if BUILDING_GCC_VERSION >= 5000
++ if (TREE_CODE(type) == ENUMERAL_TYPE)
++ return;
++#endif
++
+ if (TYPE_FIELDS(type) == NULL_TREE || TYPE_CONSTIFY_VISITED(type))
+ return;
+
@@ -113147,6 +113294,7 @@ index 0000000..3b5af59
+}
+
+#if BUILDING_GCC_VERSION >= 4009
++namespace {
+static const struct pass_data check_local_variables_pass_data = {
+#else
+static struct gimple_opt_pass check_local_variables_pass = {
@@ -113180,7 +113328,6 @@ index 0000000..3b5af59
+};
+
+#if BUILDING_GCC_VERSION >= 4009
-+namespace {
+class check_local_variables_pass : public gimple_opt_pass {
+public:
+ check_local_variables_pass() : gimple_opt_pass(check_local_variables_pass_data, g) {}
@@ -113284,10 +113431,10 @@ index 0000000..3b5af59
+}
diff --git a/tools/gcc/gcc-common.h b/tools/gcc/gcc-common.h
new file mode 100644
-index 0000000..14ec226
+index 0000000..19fedf2
--- /dev/null
+++ b/tools/gcc/gcc-common.h
-@@ -0,0 +1,520 @@
+@@ -0,0 +1,540 @@
+#ifndef GCC_COMMON_H_INCLUDED
+#define GCC_COMMON_H_INCLUDED
+
@@ -113389,11 +113536,13 @@ index 0000000..14ec226
+//#include "diagnostic-color.h"
+#include "context.h"
+#include "tree-ssa-alias.h"
++#include "tree-ssa.h"
+#include "stringpool.h"
+#include "tree-ssanames.h"
+#include "print-tree.h"
+#include "tree-eh.h"
+#include "stmt.h"
++#include "gimplify.h"
+#endif
+
+#include "gimple.h"
@@ -113416,6 +113565,7 @@ index 0000000..14ec226
+//#include "lto-compress.h"
+#if BUILDING_GCC_VERSION >= 5000
+//#include "lto-section-names.h"
++#include "builtins.h"
+#endif
+
+//#include "expr.h" where are you...
@@ -113643,6 +113793,7 @@ index 0000000..14ec226
+typedef union gimple_statement_d gasm;
+typedef union gimple_statement_d gassign;
+typedef union gimple_statement_d gcall;
++typedef union gimple_statement_d gdebug;
+typedef union gimple_statement_d gphi;
+typedef union gimple_statement_d greturn;
+#endif
@@ -113669,6 +113820,7 @@ index 0000000..14ec226
+typedef struct gimple_statement_base gasm;
+typedef struct gimple_statement_base gassign;
+typedef struct gimple_statement_base gcall;
++typedef struct gimple_statement_base gdebug;
+typedef struct gimple_statement_base gphi;
+typedef struct gimple_statement_base greturn;
+#endif
@@ -113685,6 +113837,11 @@ index 0000000..14ec226
+{
+ return stmt;
+}
++
++static inline greturn *as_a_greturn(gimple stmt)
++{
++ return stmt;
++}
+#endif
+
+#if BUILDING_GCC_VERSION >= 4009
@@ -113705,16 +113862,16 @@ index 0000000..14ec226
+
+#define INSN_DELETED_P(insn) (insn)->deleted()
+
-+extern bool is_simple_builtin(tree);
-+
+// symtab/cgraph related
+#define debug_cgraph_node(node) (node)->debug()
+#define cgraph_get_node(decl) cgraph_node::get(decl)
+#define cgraph_n_nodes symtab->cgraph_count
+#define cgraph_max_uid symtab->cgraph_max_uid
++#define varpool_get_node(decl) varpool_node::get(decl)
+
+typedef struct cgraph_node *cgraph_node_ptr;
+typedef struct cgraph_edge *cgraph_edge_p;
++typedef struct varpool_node *varpool_node_ptr;
+
+static inline void change_decl_assembler_name(tree decl, tree name)
+{
@@ -113792,11 +113949,21 @@ index 0000000..14ec226
+ return as_a<gasm *>(stmt);
+}
+
++static inline const gasm *as_a_gasm(const_gimple stmt)
++{
++ return as_a<const gasm *>(stmt);
++}
++
+static inline gcall *as_a_gcall(gimple stmt)
+{
+ return as_a<gcall *>(stmt);
+}
+
++static inline greturn *as_a_greturn(gimple stmt)
++{
++ return as_a<greturn *>(stmt);
++}
++
+// IPA/LTO related
+#define ipa_ref_list_referring_iterate(L,I,P) (L)->referring.iterate((I), &(P))
+#define ipa_ref_list_reference_iterate(L,I,P) (L)->reference.iterate((I), &(P))
@@ -113824,12 +113991,12 @@ index 0000000..7514850
+fi
diff --git a/tools/gcc/kallocstat_plugin.c b/tools/gcc/kallocstat_plugin.c
new file mode 100644
-index 0000000..d81c094
+index 0000000..457d54e
--- /dev/null
+++ b/tools/gcc/kallocstat_plugin.c
-@@ -0,0 +1,183 @@
+@@ -0,0 +1,188 @@
+/*
-+ * Copyright 2011-2014 by the PaX Team <pageexec@freemail.hu>
++ * Copyright 2011-2015 by the PaX Team <pageexec@freemail.hu>
+ * Licensed under the GPL v2
+ *
+ * Note: the choice of the license means that the compilation process is
@@ -113940,6 +114107,7 @@ index 0000000..d81c094
+}
+
+#if BUILDING_GCC_VERSION >= 4009
++namespace {
+static const struct pass_data kallocstat_pass_data = {
+#else
+static struct gimple_opt_pass kallocstat_pass = {
@@ -113950,7 +114118,8 @@ index 0000000..d81c094
+#if BUILDING_GCC_VERSION >= 4008
+ .optinfo_flags = OPTGROUP_NONE,
+#endif
-+#if BUILDING_GCC_VERSION >= 4009
++#if BUILDING_GCC_VERSION >= 5000
++#elif BUILDING_GCC_VERSION == 4009
+ .has_gate = false,
+ .has_execute = true,
+#else
@@ -113972,11 +114141,14 @@ index 0000000..d81c094
+};
+
+#if BUILDING_GCC_VERSION >= 4009
-+namespace {
+class kallocstat_pass : public gimple_opt_pass {
+public:
+ kallocstat_pass() : gimple_opt_pass(kallocstat_pass_data, g) {}
++#if BUILDING_GCC_VERSION >= 5000
++ virtual unsigned int execute(function *) { return execute_kallocstat(); }
++#else
+ unsigned int execute() { return execute_kallocstat(); }
++#endif
+};
+}
+
@@ -114013,12 +114185,12 @@ index 0000000..d81c094
+}
diff --git a/tools/gcc/kernexec_plugin.c b/tools/gcc/kernexec_plugin.c
new file mode 100644
-index 0000000..89f256d
+index 0000000..71716e7
--- /dev/null
+++ b/tools/gcc/kernexec_plugin.c
-@@ -0,0 +1,522 @@
+@@ -0,0 +1,547 @@
+/*
-+ * Copyright 2011-2014 by the PaX Team <pageexec@freemail.hu>
++ * Copyright 2011-2015 by the PaX Team <pageexec@freemail.hu>
+ * Licensed under the GPL v2
+ *
+ * Note: the choice of the license means that the compilation process is
@@ -114051,7 +114223,7 @@ index 0000000..89f256d
+ */
+static void kernexec_reload_fptr_mask(gimple_stmt_iterator *gsi)
+{
-+ gimple asm_movabs_stmt;
++ gasm *asm_movabs_stmt;
+
+ // build asm volatile("movabs $0x8000000000000000, %%r12\n\t" : : : );
+ asm_movabs_stmt = gimple_build_asm_vec("movabs $0x8000000000000000, %%r12\n\t", NULL, NULL, NULL, NULL);
@@ -114073,14 +114245,17 @@ index 0000000..89f256d
+
+ for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) {
+ // gimple match: __asm__ ("" : : : "r12");
-+ gimple asm_stmt;
++ gimple stmt;
++ gasm *asm_stmt;
+ size_t nclobbers;
+
+ // is it an asm ...
-+ asm_stmt = gsi_stmt(gsi);
-+ if (gimple_code(asm_stmt) != GIMPLE_ASM)
++ stmt = gsi_stmt(gsi);
++ if (gimple_code(stmt) != GIMPLE_ASM)
+ continue;
+
++ asm_stmt = as_a_gasm(stmt);
++
+ // ... clobbering r12
+ nclobbers = gimple_asm_nclobbers(asm_stmt);
+ while (nclobbers--) {
@@ -114103,10 +114278,11 @@ index 0000000..89f256d
+ */
+static void kernexec_instrument_fptr_bts(gimple_stmt_iterator *gsi)
+{
-+ gimple assign_intptr, assign_new_fptr, call_stmt;
++ gimple assign_intptr, assign_new_fptr;
++ gcall *call_stmt;
+ tree intptr, orptr, old_fptr, new_fptr, kernexec_mask;
+
-+ call_stmt = gsi_stmt(*gsi);
++ call_stmt = as_a_gcall(gsi_stmt(*gsi));
+ old_fptr = gimple_call_fn(call_stmt);
+
+ // create temporary unsigned long variable used for bitops and cast fptr to it
@@ -114144,7 +114320,8 @@ index 0000000..89f256d
+
+static void kernexec_instrument_fptr_or(gimple_stmt_iterator *gsi)
+{
-+ gimple asm_or_stmt, call_stmt;
++ gasm *asm_or_stmt;
++ gcall *call_stmt;
+ tree old_fptr, new_fptr, input, output;
+#if BUILDING_GCC_VERSION <= 4007
+ VEC(tree, gc) *inputs = NULL;
@@ -114154,7 +114331,7 @@ index 0000000..89f256d
+ vec<tree, va_gc> *outputs = NULL;
+#endif
+
-+ call_stmt = gsi_stmt(*gsi);
++ call_stmt = as_a_gcall(gsi_stmt(*gsi));
+ old_fptr = gimple_call_fn(call_stmt);
+
+ // create temporary fptr variable
@@ -114199,12 +114376,14 @@ index 0000000..89f256d
+ for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) {
+ // gimple match: h_1 = get_fptr (); D.2709_3 = h_1 (x_2(D));
+ tree fn;
-+ gimple call_stmt;
++ gimple stmt;
++ gcall *call_stmt;
+
+ // is it a call ...
-+ call_stmt = gsi_stmt(gsi);
-+ if (!is_gimple_call(call_stmt))
++ stmt = gsi_stmt(gsi);
++ if (!is_gimple_call(stmt))
+ continue;
++ call_stmt = as_a_gcall(stmt);
+ fn = gimple_call_fn(call_stmt);
+ if (TREE_CODE(fn) == ADDR_EXPR)
+ continue;
@@ -114277,7 +114456,7 @@ index 0000000..89f256d
+ */
+static unsigned int execute_kernexec_retaddr(void)
+{
-+ rtx insn;
++ rtx_insn *insn;
+
+// if (stack_realign_drap)
+// inform(DECL_SOURCE_LOCATION(current_function_decl), "drap detected in %s\n", IDENTIFIER_POINTER(DECL_NAME(current_function_decl)));
@@ -114325,6 +114504,7 @@ index 0000000..89f256d
+}
+
+#if BUILDING_GCC_VERSION >= 4009
++namespace {
+static const struct pass_data kernexec_reload_pass_data = {
+#else
+static struct gimple_opt_pass kernexec_reload_pass = {
@@ -114335,7 +114515,8 @@ index 0000000..89f256d
+#if BUILDING_GCC_VERSION >= 4008
+ .optinfo_flags = OPTGROUP_NONE,
+#endif
-+#if BUILDING_GCC_VERSION >= 4009
++#if BUILDING_GCC_VERSION >= 5000
++#elif BUILDING_GCC_VERSION == 4009
+ .has_gate = true,
+ .has_execute = true,
+#else
@@ -114367,7 +114548,8 @@ index 0000000..89f256d
+#if BUILDING_GCC_VERSION >= 4008
+ .optinfo_flags = OPTGROUP_NONE,
+#endif
-+#if BUILDING_GCC_VERSION >= 4009
++#if BUILDING_GCC_VERSION >= 5000
++#elif BUILDING_GCC_VERSION == 4009
+ .has_gate = true,
+ .has_execute = true,
+#else
@@ -114399,7 +114581,8 @@ index 0000000..89f256d
+#if BUILDING_GCC_VERSION >= 4008
+ .optinfo_flags = OPTGROUP_NONE,
+#endif
-+#if BUILDING_GCC_VERSION >= 4009
++#if BUILDING_GCC_VERSION >= 5000
++#elif BUILDING_GCC_VERSION == 4009
+ .has_gate = true,
+ .has_execute = true,
+#else
@@ -114421,26 +114604,40 @@ index 0000000..89f256d
+};
+
+#if BUILDING_GCC_VERSION >= 4009
-+namespace {
+class kernexec_reload_pass : public gimple_opt_pass {
+public:
+ kernexec_reload_pass() : gimple_opt_pass(kernexec_reload_pass_data, g) {}
++#if BUILDING_GCC_VERSION >= 5000
++ virtual bool gate(function *) { return kernexec_cmodel_check(); }
++ virtual unsigned int execute(function *) { return execute_kernexec_reload(); }
++#else
+ bool gate() { return kernexec_cmodel_check(); }
+ unsigned int execute() { return execute_kernexec_reload(); }
++#endif
+};
+
+class kernexec_fptr_pass : public gimple_opt_pass {
+public:
+ kernexec_fptr_pass() : gimple_opt_pass(kernexec_fptr_pass_data, g) {}
++#if BUILDING_GCC_VERSION >= 5000
++ virtual bool gate(function *) { return kernexec_cmodel_check(); }
++ virtual unsigned int execute(function *) { return execute_kernexec_fptr(); }
++#else
+ bool gate() { return kernexec_cmodel_check(); }
+ unsigned int execute() { return execute_kernexec_fptr(); }
++#endif
+};
+
+class kernexec_retaddr_pass : public rtl_opt_pass {
+public:
+ kernexec_retaddr_pass() : rtl_opt_pass(kernexec_retaddr_pass_data, g) {}
++#if BUILDING_GCC_VERSION >= 5000
++ virtual bool gate(function *) { return kernexec_cmodel_check(); }
++ virtual unsigned int execute(function *) { return execute_kernexec_retaddr(); }
++#else
+ bool gate() { return kernexec_cmodel_check(); }
+ unsigned int execute() { return execute_kernexec_retaddr(); }
++#endif
+};
+}
+
@@ -114541,12 +114738,12 @@ index 0000000..89f256d
+}
diff --git a/tools/gcc/latent_entropy_plugin.c b/tools/gcc/latent_entropy_plugin.c
new file mode 100644
-index 0000000..2a39357
+index 0000000..d383708
--- /dev/null
+++ b/tools/gcc/latent_entropy_plugin.c
-@@ -0,0 +1,467 @@
+@@ -0,0 +1,473 @@
+/*
-+ * Copyright 2012-2014 by the PaX Team <pageexec@freemail.hu>
++ * Copyright 2012-2015 by the PaX Team <pageexec@freemail.hu>
+ * Licensed under the GPL v2
+ *
+ * Note: the choice of the license means that the compilation process is
@@ -114926,6 +115123,7 @@ index 0000000..2a39357
+}
+
+#if BUILDING_GCC_VERSION >= 4009
++namespace {
+static const struct pass_data latent_entropy_pass_data = {
+#else
+static struct gimple_opt_pass latent_entropy_pass = {
@@ -114936,7 +115134,8 @@ index 0000000..2a39357
+#if BUILDING_GCC_VERSION >= 4008
+ .optinfo_flags = OPTGROUP_NONE,
+#endif
-+#if BUILDING_GCC_VERSION >= 4009
++#if BUILDING_GCC_VERSION >= 5000
++#elif BUILDING_GCC_VERSION == 4009
+ .has_gate = true,
+ .has_execute = true,
+#else
@@ -114958,12 +115157,16 @@ index 0000000..2a39357
+};
+
+#if BUILDING_GCC_VERSION >= 4009
-+namespace {
+class latent_entropy_pass : public gimple_opt_pass {
+public:
+ latent_entropy_pass() : gimple_opt_pass(latent_entropy_pass_data, g) {}
++#if BUILDING_GCC_VERSION >= 5000
++ virtual bool gate(function *) { return gate_latent_entropy(); }
++ virtual unsigned int execute(function *) { return execute_latent_entropy(); }
++#else
+ bool gate() { return gate_latent_entropy(); }
+ unsigned int execute() { return execute_latent_entropy(); }
++#endif
+};
+}
+
@@ -115014,12 +115217,12 @@ index 0000000..2a39357
+}
diff --git a/tools/gcc/randomize_layout_plugin.c b/tools/gcc/randomize_layout_plugin.c
new file mode 100644
-index 0000000..a5cb46b
+index 0000000..e1983c0
--- /dev/null
+++ b/tools/gcc/randomize_layout_plugin.c
-@@ -0,0 +1,915 @@
+@@ -0,0 +1,917 @@
+/*
-+ * Copyright 2014 by Open Source Security, Inc., Brad Spengler <spender@grsecurity.net>
++ * Copyright 2014,2015 by Open Source Security, Inc., Brad Spengler <spender@grsecurity.net>
+ * and PaX Team <pageexec@freemail.hu>
+ * Licensed under the GPL v2
+ *
@@ -115034,7 +115237,8 @@ index 0000000..a5cb46b
+#include "gcc-common.h"
+#include "randomize_layout_seed.h"
+
-+#if BUILDING_GCC_MAJOR < 4 || BUILDING_GCC_MINOR < 6 || (BUILDING_GCC_MINOR == 6 && BUILDING_GCC_PATCHLEVEL < 4)
++#if BUILDING_GCC_MAJOR < 4 || (BUILDING_GCC_MAJOR == 4 && BUILDING_GCC_MINOR < 6) || \
++ (BUILDING_GCC_MAJOR == 4 && BUILDING_GCC_MINOR == 6 && BUILDING_GCC_PATCHLEVEL < 4)
+#error "The RANDSTRUCT plugin requires GCC 4.6.4 or newer."
+#endif
+
@@ -115834,7 +116038,8 @@ index 0000000..a5cb46b
+#if BUILDING_GCC_VERSION >= 4008
+ .optinfo_flags = OPTGROUP_NONE,
+#endif
-+#if BUILDING_GCC_VERSION >= 4009
++#if BUILDING_GCC_VERSION >= 5000
++#elif BUILDING_GCC_VERSION >= 4009
+ .has_gate = false,
+ .has_execute = true,
+#else
@@ -115894,8 +116099,8 @@ index 0000000..a5cb46b
+ return 1;
+ }
+
-+ if (strcmp(lang_hooks.name, "GNU C")) {
-+ inform(UNKNOWN_LOCATION, G_("%s supports C only"), plugin_name);
++ if (strncmp(lang_hooks.name, "GNU C", 5) && !strncmp(lang_hooks.name, "GNU C+", 6)) {
++ inform(UNKNOWN_LOCATION, G_("%s supports C only, not %s"), plugin_name, lang_hooks.name);
+ enable = false;
+ }
+
@@ -127073,12 +127278,12 @@ index 0000000..0888f6c
+
diff --git a/tools/gcc/stackleak_plugin.c b/tools/gcc/stackleak_plugin.c
new file mode 100644
-index 0000000..90125d6
+index 0000000..51dc09d
--- /dev/null
+++ b/tools/gcc/stackleak_plugin.c
-@@ -0,0 +1,396 @@
+@@ -0,0 +1,408 @@
+/*
-+ * Copyright 2011-2014 by the PaX Team <pageexec@freemail.hu>
++ * Copyright 2011-2015 by the PaX Team <pageexec@freemail.hu>
+ * Licensed under the GPL v2
+ *
+ * Note: the choice of the license means that the compilation process is
@@ -127205,7 +127410,7 @@ index 0000000..90125d6
+
+static unsigned int execute_stackleak_final(void)
+{
-+ rtx insn, next;
++ rtx_insn *insn, *next;
+
+ if (cfun->calls_alloca)
+ return 0;
@@ -127299,6 +127504,7 @@ index 0000000..90125d6
+}
+
+#if BUILDING_GCC_VERSION >= 4009
++namespace {
+static const struct pass_data stackleak_tree_instrument_pass_data = {
+#else
+static struct gimple_opt_pass stackleak_tree_instrument_pass = {
@@ -127309,7 +127515,8 @@ index 0000000..90125d6
+#if BUILDING_GCC_VERSION >= 4008
+ .optinfo_flags = OPTGROUP_NONE,
+#endif
-+#if BUILDING_GCC_VERSION >= 4009
++#if BUILDING_GCC_VERSION >= 5000
++#elif BUILDING_GCC_VERSION == 4009
+ .has_gate = true,
+ .has_execute = true,
+#else
@@ -127341,7 +127548,8 @@ index 0000000..90125d6
+#if BUILDING_GCC_VERSION >= 4008
+ .optinfo_flags = OPTGROUP_NONE,
+#endif
-+#if BUILDING_GCC_VERSION >= 4009
++#if BUILDING_GCC_VERSION >= 5000
++#elif BUILDING_GCC_VERSION == 4009
+ .has_gate = true,
+ .has_execute = true,
+#else
@@ -127363,19 +127571,28 @@ index 0000000..90125d6
+};
+
+#if BUILDING_GCC_VERSION >= 4009
-+namespace {
+class stackleak_tree_instrument_pass : public gimple_opt_pass {
+public:
+ stackleak_tree_instrument_pass() : gimple_opt_pass(stackleak_tree_instrument_pass_data, g) {}
++#if BUILDING_GCC_VERSION >= 5000
++ virtual bool gate(function *) { return gate_stackleak_track_stack(); }
++ virtual unsigned int execute(function *) { return execute_stackleak_tree_instrument(); }
++#else
+ bool gate() { return gate_stackleak_track_stack(); }
+ unsigned int execute() { return execute_stackleak_tree_instrument(); }
++#endif
+};
+
+class stackleak_final_rtl_opt_pass : public rtl_opt_pass {
+public:
+ stackleak_final_rtl_opt_pass() : rtl_opt_pass(stackleak_final_rtl_opt_pass_data, g) {}
++#if BUILDING_GCC_VERSION >= 5000
++ virtual bool gate(function *) { return gate_stackleak_track_stack(); }
++ virtual unsigned int execute(function *) { return execute_stackleak_final(); }
++#else
+ bool gate() { return gate_stackleak_track_stack(); }
+ unsigned int execute() { return execute_stackleak_final(); }
++#endif
+};
+}
+
@@ -127475,12 +127692,12 @@ index 0000000..90125d6
+}
diff --git a/tools/gcc/structleak_plugin.c b/tools/gcc/structleak_plugin.c
new file mode 100644
-index 0000000..4ee2231
+index 0000000..4436cbe
--- /dev/null
+++ b/tools/gcc/structleak_plugin.c
-@@ -0,0 +1,274 @@
+@@ -0,0 +1,287 @@
+/*
-+ * Copyright 2013-2014 by PaX Team <pageexec@freemail.hu>
++ * Copyright 2013-2015 by PaX Team <pageexec@freemail.hu>
+ * Licensed under the GPL v2
+ *
+ * Note: the choice of the license means that the compilation process is
@@ -127507,8 +127724,8 @@ index 0000000..4ee2231
+
+#include "gcc-common.h"
+
-+// unused C type flag in all versions 4.5-4.9
-+#define TYPE_USERSPACE(TYPE) TYPE_LANG_FLAG_3(TYPE)
++// unused C type flag in all versions 4.5-5.0
++#define TYPE_USERSPACE(TYPE) TYPE_LANG_FLAG_5(TYPE)
+
+int plugin_is_GPL_compatible;
+
@@ -127575,6 +127792,14 @@ index 0000000..4ee2231
+{
+ tree type = (tree)event_data;
+
++ if (type == NULL_TREE || type == error_mark_node)
++ return;
++
++#if BUILDING_GCC_VERSION >= 5000
++ if (TREE_CODE(type) == ENUMERAL_TYPE)
++ return;
++#endif
++
+ if (TYPE_USERSPACE(type))
+ return;
+
@@ -127661,6 +127886,7 @@ index 0000000..4ee2231
+}
+
+#if BUILDING_GCC_VERSION >= 4009
++namespace {
+static const struct pass_data structleak_pass_data = {
+#else
+static struct gimple_opt_pass structleak_pass = {
@@ -127671,7 +127897,8 @@ index 0000000..4ee2231
+#if BUILDING_GCC_VERSION >= 4008
+ .optinfo_flags = OPTGROUP_NONE,
+#endif
-+#if BUILDING_GCC_VERSION >= 4009
++#if BUILDING_GCC_VERSION >= 5000
++#elif BUILDING_GCC_VERSION == 4009
+ .has_gate = false,
+ .has_execute = true,
+#else
@@ -127693,11 +127920,14 @@ index 0000000..4ee2231
+};
+
+#if BUILDING_GCC_VERSION >= 4009
-+namespace {
+class structleak_pass : public gimple_opt_pass {
+public:
+ structleak_pass() : gimple_opt_pass(structleak_pass_data, g) {}
++#if BUILDING_GCC_VERSION >= 5000
++ virtual unsigned int execute(function *) { return handle_function(); }
++#else
+ unsigned int execute() { return handle_function(); }
++#endif
+};
+}
+
@@ -127731,7 +127961,7 @@ index 0000000..4ee2231
+ return 1;
+ }
+
-+ if (strcmp(lang_hooks.name, "GNU C")) {
++ if (strncmp(lang_hooks.name, "GNU C", 5) || !strncmp(lang_hooks.name, "GNU C+", 6)) {
+ inform(UNKNOWN_LOCATION, G_("%s supports C only"), plugin_name);
+ enable = false;
+ }
diff --git a/3.19.5/0000_README b/3.19.5/0000_README
index fe57086..4fd49ef 100644
--- a/3.19.5/0000_README
+++ b/3.19.5/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.1-3.19.5-201504190814.patch
+Patch: 4420_grsecurity-3.1-3.19.5-201504270827.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.19.5/4420_grsecurity-3.1-3.19.5-201504190814.patch b/3.19.5/4420_grsecurity-3.1-3.19.5-201504270827.patch
similarity index 99%
rename from 3.19.5/4420_grsecurity-3.1-3.19.5-201504190814.patch
rename to 3.19.5/4420_grsecurity-3.1-3.19.5-201504270827.patch
index 6ae0a6e..2036ebb 100644
--- a/3.19.5/4420_grsecurity-3.1-3.19.5-201504190814.patch
+++ b/3.19.5/4420_grsecurity-3.1-3.19.5-201504270827.patch
@@ -965,7 +965,7 @@ index 97d07ed..2931f2b 100644
kexec is a system call that implements the ability to shutdown your
current kernel, and to start another kernel. It is like a reboot
diff --git a/arch/arm/include/asm/atomic.h b/arch/arm/include/asm/atomic.h
-index e22c119..eaa807d 100644
+index e22c119..abe7041 100644
--- a/arch/arm/include/asm/atomic.h
+++ b/arch/arm/include/asm/atomic.h
@@ -18,17 +18,41 @@
@@ -1059,8 +1059,8 @@ index e22c119..eaa807d 100644
-#define ATOMIC_OP_RETURN(op, c_op, asm_op) \
-static inline int atomic_##op##_return(int i, atomic_t *v) \
-+#define ATOMIC_OP(op, c_op, asm_op) __ATOMIC_OP(op, , c_op, asm_op, , )\
-+ __ATOMIC_OP(op, _unchecked, c_op, asm_op##s, __OVERFLOW_POST, __OVERFLOW_EXTABLE)
++#define ATOMIC_OP(op, c_op, asm_op) __ATOMIC_OP(op, _unchecked, c_op, asm_op, , )\
++ __ATOMIC_OP(op, , c_op, asm_op##s, __OVERFLOW_POST, __OVERFLOW_EXTABLE)
+
+#define __ATOMIC_OP_RETURN(op, suffix, c_op, asm_op, post_op, extable) \
+static inline int atomic_##op##_return##suffix(int i, atomic##suffix##_t *v)\
@@ -1088,8 +1088,8 @@ index e22c119..eaa807d 100644
return result; \
}
-+#define ATOMIC_OP_RETURN(op, c_op, asm_op) __ATOMIC_OP_RETURN(op, , c_op, asm_op, , )\
-+ __ATOMIC_OP_RETURN(op, _unchecked, c_op, asm_op##s, __OVERFLOW_POST_RETURN, __OVERFLOW_EXTABLE)
++#define ATOMIC_OP_RETURN(op, c_op, asm_op) __ATOMIC_OP_RETURN(op, _unchecked, c_op, asm_op, , )\
++ __ATOMIC_OP_RETURN(op, , c_op, asm_op##s, __OVERFLOW_POST_RETURN, __OVERFLOW_EXTABLE)
+
static inline int atomic_cmpxchg(atomic_t *ptr, int old, int new)
{
@@ -1363,8 +1363,8 @@ index e22c119..eaa807d 100644
-#define ATOMIC64_OP_RETURN(op, op1, op2) \
-static inline long long atomic64_##op##_return(long long i, atomic64_t *v) \
-+#define ATOMIC64_OP(op, op1, op2) __ATOMIC64_OP(op, , op1, op2, , ) \
-+ __ATOMIC64_OP(op, _unchecked, op1, op2##s, __OVERFLOW_POST, __OVERFLOW_EXTABLE)
++#define ATOMIC64_OP(op, op1, op2) __ATOMIC64_OP(op, _unchecked, op1, op2, , ) \
++ __ATOMIC64_OP(op, , op1, op2##s, __OVERFLOW_POST, __OVERFLOW_EXTABLE)
+
+#define __ATOMIC64_OP_RETURN(op, suffix, op1, op2, post_op, extable) \
+static inline long long atomic64_##op##_return##suffix(long long i, atomic64##suffix##_t *v) \
@@ -1393,8 +1393,8 @@ index e22c119..eaa807d 100644
return result; \
}
-+#define ATOMIC64_OP_RETURN(op, op1, op2) __ATOMIC64_OP_RETURN(op, , op1, op2, , ) \
-+ __ATOMIC64_OP_RETURN(op, _unchecked, op1, op2##s, __OVERFLOW_POST_RETURN, __OVERFLOW_EXTABLE)
++#define ATOMIC64_OP_RETURN(op, op1, op2) __ATOMIC64_OP_RETURN(op, _unchecked, op1, op2, , ) \
++ __ATOMIC64_OP_RETURN(op, , op1, op2##s, __OVERFLOW_POST_RETURN, __OVERFLOW_EXTABLE)
+
#define ATOMIC64_OPS(op, op1, op2) \
ATOMIC64_OP(op, op1, op2) \
@@ -5747,7 +5747,7 @@ index 3778655..1dff0a9 100644
static dma_addr_t octeon_unity_phys_to_dma(struct device *dev, phys_addr_t paddr)
diff --git a/arch/mips/include/asm/atomic.h b/arch/mips/include/asm/atomic.h
-index 857da84..3f4458b 100644
+index 857da84..0fee5e2 100644
--- a/arch/mips/include/asm/atomic.h
+++ b/arch/mips/include/asm/atomic.h
@@ -22,15 +22,39 @@
@@ -5880,8 +5880,8 @@ index 857da84..3f4458b 100644
-#define ATOMIC_OP_RETURN(op, c_op, asm_op) \
-static __inline__ int atomic_##op##_return(int i, atomic_t * v) \
-+#define ATOMIC_OP(op, asm_op) __ATOMIC_OP(op, , asm_op##u) \
-+ __ATOMIC_OP(op, _unchecked, asm_op)
++#define ATOMIC_OP(op, asm_op) __ATOMIC_OP(op, _unchecked, asm_op##u, ) \
++ __ATOMIC_OP(op, , asm_op, __OVERFLOW_EXTABLE)
+
+#define __ATOMIC_OP_RETURN(op, suffix, asm_op, post_op, extable) \
+static inline int atomic_##op##_return##suffix(int i, atomic##suffix##_t * v) \
@@ -5963,8 +5963,8 @@ index 857da84..3f4458b 100644
-#define ATOMIC_OPS(op, c_op, asm_op) \
- ATOMIC_OP(op, c_op, asm_op) \
- ATOMIC_OP_RETURN(op, c_op, asm_op)
-+#define ATOMIC_OP_RETURN(op, asm_op) __ATOMIC_OP_RETURN(op, , asm_op##u, , __OVERFLOW_EXTABLE) \
-+ __ATOMIC_OP_RETURN(op, _unchecked, asm_op, __OVERFLOW_POST, __OVERFLOW_EXTABLE)
++#define ATOMIC_OP_RETURN(op, asm_op) __ATOMIC_OP_RETURN(op, _unchecked, asm_op##u, , ) \
++ __ATOMIC_OP_RETURN(op, , asm_op, __OVERFLOW_POST, __OVERFLOW_EXTABLE)
-ATOMIC_OPS(add, +=, addu)
-ATOMIC_OPS(sub, -=, subu)
@@ -6155,8 +6155,8 @@ index 857da84..3f4458b 100644
-#define ATOMIC64_OP_RETURN(op, c_op, asm_op) \
-static __inline__ long atomic64_##op##_return(long i, atomic64_t * v) \
-+#define ATOMIC64_OP(op, asm_op) __ATOMIC64_OP(op, , asm_op##u) \
-+ __ATOMIC64_OP(op, _unchecked, asm_op)
++#define ATOMIC64_OP(op, asm_op) __ATOMIC64_OP(op, _unchecked, asm_op##u, ) \
++ __ATOMIC64_OP(op, , asm_op, __OVERFLOW_EXTABLE)
+
+#define __ATOMIC64_OP_RETURN(op, suffix, asm_op, post_op, extable) \
+static inline long atomic64_##op##_return##suffix(long i, atomic64##suffix##_t * v)\
@@ -6240,8 +6240,8 @@ index 857da84..3f4458b 100644
-#define ATOMIC64_OPS(op, c_op, asm_op) \
- ATOMIC64_OP(op, c_op, asm_op) \
- ATOMIC64_OP_RETURN(op, c_op, asm_op)
-+#define ATOMIC64_OP_RETURN(op, asm_op) __ATOMIC64_OP_RETURN(op, , asm_op##u, , __OVERFLOW_EXTABLE) \
-+ __ATOMIC64_OP_RETURN(op, _unchecked, asm_op, __OVERFLOW_POST, __OVERFLOW_EXTABLE)
++#define ATOMIC64_OP_RETURN(op, asm_op) __ATOMIC64_OP_RETURN(op, _unchecked, asm_op##u, , ) \
++ __ATOMIC64_OP_RETURN(op, , asm_op, __OVERFLOW_POST, __OVERFLOW_EXTABLE)
-ATOMIC64_OPS(add, +=, daddu)
-ATOMIC64_OPS(sub, -=, dsubu)
@@ -48232,6 +48232,19 @@ index 6b861e3..204ac86 100644
rc = efx_mcdi_rpc_start(efx, MC_CMD_PTP, synch_buf,
MC_CMD_PTP_IN_SYNCHRONIZE_LEN);
EFX_BUG_ON_PARANOID(rc);
+diff --git a/drivers/net/ethernet/sfc/selftest.c b/drivers/net/ethernet/sfc/selftest.c
+index 10b6173..b605dfd5 100644
+--- a/drivers/net/ethernet/sfc/selftest.c
++++ b/drivers/net/ethernet/sfc/selftest.c
+@@ -46,7 +46,7 @@ struct efx_loopback_payload {
+ struct iphdr ip;
+ struct udphdr udp;
+ __be16 iteration;
+- const char msg[64];
++ char msg[64];
+ } __packed;
+
+ /* Loopback test source MAC address */
diff --git a/drivers/net/ethernet/stmicro/stmmac/mmc_core.c b/drivers/net/ethernet/stmicro/stmmac/mmc_core.c
index 08c483b..2c4a553 100644
--- a/drivers/net/ethernet/stmicro/stmmac/mmc_core.c
@@ -60679,7 +60692,7 @@ index e4141f2..d8263e8 100644
i += packet_length_size;
if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size))
diff --git a/fs/exec.c b/fs/exec.c
-index ad8798e..5f872c9 100644
+index ad8798e..e3f50ec 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -56,8 +56,20 @@
@@ -60999,7 +61012,23 @@ index ad8798e..5f872c9 100644
tsk->mm->vmacache_seqnum = 0;
vmacache_flush(tsk);
task_unlock(tsk);
-@@ -1252,7 +1331,7 @@ static void check_unsafe_exec(struct linux_binprm *bprm)
+@@ -920,10 +999,14 @@ static int de_thread(struct task_struct *tsk)
+ if (!thread_group_leader(tsk)) {
+ struct task_struct *leader = tsk->group_leader;
+
+- sig->notify_count = -1; /* for exit_notify() */
+ for (;;) {
+ threadgroup_change_begin(tsk);
+ write_lock_irq(&tasklist_lock);
++ /*
++ * Do this under tasklist_lock to ensure that
++ * exit_notify() can't miss ->group_exit_task
++ */
++ sig->notify_count = -1;
+ if (likely(leader->exit_state))
+ break;
+ __set_current_state(TASK_KILLABLE);
+@@ -1252,13 +1335,60 @@ static void check_unsafe_exec(struct linux_binprm *bprm)
}
rcu_read_unlock();
@@ -61008,7 +61037,98 @@ index ad8798e..5f872c9 100644
bprm->unsafe |= LSM_UNSAFE_SHARE;
else
p->fs->in_exec = 1;
-@@ -1433,6 +1512,31 @@ static int exec_binprm(struct linux_binprm *bprm)
+ spin_unlock(&p->fs->lock);
+ }
+
++static void bprm_fill_uid(struct linux_binprm *bprm)
++{
++ struct inode *inode;
++ unsigned int mode;
++ kuid_t uid;
++ kgid_t gid;
++
++ /* clear any previous set[ug]id data from a previous binary */
++ bprm->cred->euid = current_euid();
++ bprm->cred->egid = current_egid();
++
++ if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)
++ return;
++
++ if (task_no_new_privs(current))
++ return;
++
++ inode = file_inode(bprm->file);
++ mode = READ_ONCE(inode->i_mode);
++ if (!(mode & (S_ISUID|S_ISGID)))
++ return;
++
++ /* Be careful if suid/sgid is set */
++ mutex_lock(&inode->i_mutex);
++
++ /* reload atomically mode/uid/gid now that lock held */
++ mode = inode->i_mode;
++ uid = inode->i_uid;
++ gid = inode->i_gid;
++ mutex_unlock(&inode->i_mutex);
++
++ /* We ignore suid/sgid if there are no mappings for them in the ns */
++ if (!kuid_has_mapping(bprm->cred->user_ns, uid) ||
++ !kgid_has_mapping(bprm->cred->user_ns, gid))
++ return;
++
++ if (mode & S_ISUID) {
++ bprm->per_clear |= PER_CLEAR_ON_SETID;
++ bprm->cred->euid = uid;
++ }
++
++ if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) {
++ bprm->per_clear |= PER_CLEAR_ON_SETID;
++ bprm->cred->egid = gid;
++ }
++}
++
+ /*
+ * Fill the binprm structure from the inode.
+ * Check permissions, then read the first 128 (BINPRM_BUF_SIZE) bytes
+@@ -1267,36 +1397,9 @@ static void check_unsafe_exec(struct linux_binprm *bprm)
+ */
+ int prepare_binprm(struct linux_binprm *bprm)
+ {
+- struct inode *inode = file_inode(bprm->file);
+- umode_t mode = inode->i_mode;
+ int retval;
+
+-
+- /* clear any previous set[ug]id data from a previous binary */
+- bprm->cred->euid = current_euid();
+- bprm->cred->egid = current_egid();
+-
+- if (!(bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID) &&
+- !task_no_new_privs(current) &&
+- kuid_has_mapping(bprm->cred->user_ns, inode->i_uid) &&
+- kgid_has_mapping(bprm->cred->user_ns, inode->i_gid)) {
+- /* Set-uid? */
+- if (mode & S_ISUID) {
+- bprm->per_clear |= PER_CLEAR_ON_SETID;
+- bprm->cred->euid = inode->i_uid;
+- }
+-
+- /* Set-gid? */
+- /*
+- * If setgid is set but no group execute bit then this
+- * is a candidate for mandatory locking, not a setgid
+- * executable.
+- */
+- if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) {
+- bprm->per_clear |= PER_CLEAR_ON_SETID;
+- bprm->cred->egid = inode->i_gid;
+- }
+- }
++ bprm_fill_uid(bprm);
+
+ /* fill in binprm security blob */
+ retval = security_bprm_set_creds(bprm);
+@@ -1433,6 +1536,31 @@ static int exec_binprm(struct linux_binprm *bprm)
return ret;
}
@@ -61040,7 +61160,7 @@ index ad8798e..5f872c9 100644
/*
* sys_execve() executes a new program.
*/
-@@ -1441,6 +1545,11 @@ static int do_execveat_common(int fd, struct filename *filename,
+@@ -1441,6 +1569,11 @@ static int do_execveat_common(int fd, struct filename *filename,
struct user_arg_ptr envp,
int flags)
{
@@ -61052,7 +61172,7 @@ index ad8798e..5f872c9 100644
char *pathbuf = NULL;
struct linux_binprm *bprm;
struct file *file;
-@@ -1450,6 +1559,8 @@ static int do_execveat_common(int fd, struct filename *filename,
+@@ -1450,6 +1583,8 @@ static int do_execveat_common(int fd, struct filename *filename,
if (IS_ERR(filename))
return PTR_ERR(filename);
@@ -61061,7 +61181,7 @@ index ad8798e..5f872c9 100644
/*
* We move the actual failure in case of RLIMIT_NPROC excess from
* set*uid() to execve() because too many poorly written programs
-@@ -1487,6 +1598,11 @@ static int do_execveat_common(int fd, struct filename *filename,
+@@ -1487,6 +1622,11 @@ static int do_execveat_common(int fd, struct filename *filename,
if (IS_ERR(file))
goto out_unmark;
@@ -61073,7 +61193,7 @@ index ad8798e..5f872c9 100644
sched_exec();
bprm->file = file;
-@@ -1513,6 +1629,11 @@ static int do_execveat_common(int fd, struct filename *filename,
+@@ -1513,6 +1653,11 @@ static int do_execveat_common(int fd, struct filename *filename,
}
bprm->interp = bprm->filename;
@@ -61085,7 +61205,7 @@ index ad8798e..5f872c9 100644
retval = bprm_mm_init(bprm);
if (retval)
goto out_unmark;
-@@ -1529,24 +1650,70 @@ static int do_execveat_common(int fd, struct filename *filename,
+@@ -1529,24 +1674,70 @@ static int do_execveat_common(int fd, struct filename *filename,
if (retval < 0)
goto out;
@@ -61160,7 +61280,7 @@ index ad8798e..5f872c9 100644
current->fs->in_exec = 0;
current->in_execve = 0;
acct_update_integrals(current);
-@@ -1558,6 +1725,14 @@ static int do_execveat_common(int fd, struct filename *filename,
+@@ -1558,6 +1749,14 @@ static int do_execveat_common(int fd, struct filename *filename,
put_files_struct(displaced);
return retval;
@@ -61175,7 +61295,7 @@ index ad8798e..5f872c9 100644
out:
if (bprm->mm) {
acct_arg_size(bprm, 0);
-@@ -1704,3 +1879,312 @@ COMPAT_SYSCALL_DEFINE5(execveat, int, fd,
+@@ -1704,3 +1903,312 @@ COMPAT_SYSCALL_DEFINE5(execveat, int, fd,
argv, envp, flags);
}
#endif
@@ -65002,6 +65122,19 @@ index 7d6b7d0..5fb529a 100644
};
enum ocfs2_local_alloc_state
+diff --git a/fs/ocfs2/refcounttree.c b/fs/ocfs2/refcounttree.c
+index d81f6e2..e794c38 100644
+--- a/fs/ocfs2/refcounttree.c
++++ b/fs/ocfs2/refcounttree.c
+@@ -4278,7 +4278,7 @@ static int ocfs2_reflink(struct dentry *old_dentry, struct inode *dir,
+ error = posix_acl_create(dir, &mode, &default_acl, &acl);
+ if (error) {
+ mlog_errno(error);
+- goto out;
++ return error;
+ }
+
+ error = ocfs2_create_inode_in_orphan(dir, mode,
diff --git a/fs/ocfs2/suballoc.c b/fs/ocfs2/suballoc.c
index 0cb889a..6a26b24 100644
--- a/fs/ocfs2/suballoc.c
@@ -80413,10 +80546,10 @@ index d1a5582..4424efa 100644
* Mark a position in code as unreachable. This can be used to
* suppress control flow warnings after asm blocks that transfer
diff --git a/include/linux/compiler-gcc5.h b/include/linux/compiler-gcc5.h
-index c8c5659..d09f2ad 100644
+index c8c5659..2401b2e 100644
--- a/include/linux/compiler-gcc5.h
+++ b/include/linux/compiler-gcc5.h
-@@ -28,6 +28,28 @@
+@@ -28,6 +28,26 @@
# define __compiletime_error(message) __attribute__((error(message)))
#endif /* __CHECKER__ */
@@ -80426,7 +80559,6 @@ index c8c5659..d09f2ad 100644
+#define __bos1(ptr) __bos((ptr), 1)
+
+#ifdef CONSTIFY_PLUGIN
-+#error not yet
+#define __no_const __attribute__((no_const))
+#define __do_const __attribute__((do_const))
+#endif
@@ -80438,7 +80570,6 @@ index c8c5659..d09f2ad 100644
+#endif
+
+#ifdef LATENT_ENTROPY_PLUGIN
-+#error not yet
+#define __latent_entropy __attribute__((latent_entropy))
+#endif
+
@@ -83621,6 +83752,19 @@ index 6d34aa2..d73d848 100644
static inline void mm_init_cpumask(struct mm_struct *mm)
{
+diff --git a/include/linux/mmc/core.h b/include/linux/mmc/core.h
+index cb2b040..f3c9f5c 100644
+--- a/include/linux/mmc/core.h
++++ b/include/linux/mmc/core.h
+@@ -79,7 +79,7 @@ struct mmc_command {
+ #define mmc_cmd_type(cmd) ((cmd)->flags & MMC_CMD_MASK)
+
+ unsigned int retries; /* max number of retries */
+- unsigned int error; /* command error */
++ int error; /* command error */
+
+ /*
+ * Standard errno values are used for errors, but some have specific
diff --git a/include/linux/mmiotrace.h b/include/linux/mmiotrace.h
index c5d5278..f0b68c8 100644
--- a/include/linux/mmiotrace.h
@@ -88279,6 +88423,20 @@ index 536edc2..d28c85d 100644
if (!access_ok(VERIFY_READ, uattr, 1))
return -EFAULT;
+diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
+index a28e09c..36508e6 100644
+--- a/kernel/bpf/verifier.c
++++ b/kernel/bpf/verifier.c
+@@ -1380,7 +1380,8 @@ peek_stack:
+ /* tell verifier to check for equivalent states
+ * after every call and jump
+ */
+- env->explored_states[t + 1] = STATE_LIST_MARK;
++ if (t + 1 < insn_cnt)
++ env->explored_states[t + 1] = STATE_LIST_MARK;
+ } else {
+ /* conditional jump with two edges */
+ ret = push_insn(t, t + 1, FALLTHROUGH, env);
diff --git a/kernel/capability.c b/kernel/capability.c
index 989f5bf..d317ca0 100644
--- a/kernel/capability.c
@@ -101995,7 +102153,7 @@ index 3b6899b..cf36238 100644
{
struct socket *sock;
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
-index 62c67be..01893a0a 100644
+index 62c67be..361c354 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -2123,7 +2123,7 @@ EXPORT_SYMBOL(__skb_checksum);
@@ -102024,6 +102182,31 @@ index 62c67be..01893a0a 100644
NULL);
}
+@@ -4141,18 +4143,20 @@ EXPORT_SYMBOL(skb_try_coalesce);
+ */
+ void skb_scrub_packet(struct sk_buff *skb, bool xnet)
+ {
+- if (xnet)
+- skb_orphan(skb);
+ skb->tstamp.tv64 = 0;
+ skb->pkt_type = PACKET_HOST;
+ skb->skb_iif = 0;
+ skb->ignore_df = 0;
+ skb_dst_drop(skb);
+- skb->mark = 0;
+- skb_init_secmark(skb);
+ secpath_reset(skb);
+ nf_reset(skb);
+ nf_reset_trace(skb);
++
++ if (!xnet)
++ return;
++
++ skb_orphan(skb);
++ skb->mark = 0;
+ }
+ EXPORT_SYMBOL_GPL(skb_scrub_packet);
+
diff --git a/net/core/sock.c b/net/core/sock.c
index 1c7a33d..a3817e2 100644
--- a/net/core/sock.c
@@ -103269,8 +103452,24 @@ index e0ee384..e2688d9 100644
if (net->ipv4.ipv4_hdr == NULL)
goto err_reg;
+diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
+index 3075723..aa6f6e5 100644
+--- a/net/ipv4/tcp.c
++++ b/net/ipv4/tcp.c
+@@ -520,8 +520,10 @@ unsigned int tcp_poll(struct file *file, struct socket *sock, poll_table *wait)
+
+ /* Race breaker. If space is freed after
+ * wspace test but before the flags are set,
+- * IO signal will be lost.
++ * IO signal will be lost. Memory barrier
++ * pairs with the input side.
+ */
++ smp_mb__after_atomic();
+ if (sk_stream_is_writeable(sk))
+ mask |= POLLOUT | POLLWRNORM;
+ }
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
-index 075ab4d..623bb9d 100644
+index 075ab4d..8d0580a 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -766,7 +766,7 @@ static void tcp_update_pacing_rate(struct sock *sk)
@@ -103291,7 +103490,16 @@ index 075ab4d..623bb9d 100644
struct sk_buff *head, struct sk_buff *tail,
u32 start, u32 end)
{
-@@ -5506,6 +5506,7 @@ discard:
+@@ -4786,6 +4786,8 @@ static void tcp_check_space(struct sock *sk)
+ {
+ if (sock_flag(sk, SOCK_QUEUE_SHRUNK)) {
+ sock_reset_flag(sk, SOCK_QUEUE_SHRUNK);
++ /* pairs with tcp_poll() */
++ smp_mb__after_atomic();
+ if (sk->sk_socket &&
+ test_bit(SOCK_NOSPACE, &sk->sk_socket->flags))
+ tcp_new_space(sk);
+@@ -5506,6 +5508,7 @@ discard:
tcp_paws_reject(&tp->rx_opt, 0))
goto discard_and_undo;
@@ -103299,7 +103507,7 @@ index 075ab4d..623bb9d 100644
if (th->syn) {
/* We see SYN without ACK. It is attempt of
* simultaneous connect with crossed SYNs.
-@@ -5556,6 +5557,7 @@ discard:
+@@ -5556,6 +5559,7 @@ discard:
goto discard;
#endif
}
@@ -103307,7 +103515,7 @@ index 075ab4d..623bb9d 100644
/* "fifth, if neither of the SYN or RST bits is set then
* drop the segment and return."
*/
-@@ -5602,7 +5604,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
+@@ -5602,7 +5606,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
goto discard;
if (th->syn) {
@@ -105245,6 +105453,26 @@ index 11d85b3..7fcc420 100644
goto nla_put_failure;
if (data_len) {
+diff --git a/net/netfilter/nft_compat.c b/net/netfilter/nft_compat.c
+index b636486..9898807 100644
+--- a/net/netfilter/nft_compat.c
++++ b/net/netfilter/nft_compat.c
+@@ -274,14 +274,7 @@ static void nft_match_eval(const struct nft_expr *expr,
+ return;
+ }
+
+- switch(ret) {
+- case true:
+- data[NFT_REG_VERDICT].verdict = NFT_CONTINUE;
+- break;
+- case false:
+- data[NFT_REG_VERDICT].verdict = NFT_BREAK;
+- break;
+- }
++ data[NFT_REG_VERDICT].verdict = ret ? NFT_CONTINUE : NFT_BREAK;
+ }
+
+ static const struct nla_policy nft_match_policy[NFTA_MATCH_MAX + 1] = {
diff --git a/net/netfilter/xt_gradm.c b/net/netfilter/xt_gradm.c
new file mode 100644
index 0000000..c566332
@@ -110585,12 +110813,12 @@ index 0000000..5452feea
+}
diff --git a/tools/gcc/colorize_plugin.c b/tools/gcc/colorize_plugin.c
new file mode 100644
-index 0000000..d44bd9f
+index 0000000..0c96d8a
--- /dev/null
+++ b/tools/gcc/colorize_plugin.c
@@ -0,0 +1,215 @@
+/*
-+ * Copyright 2012-2014 by PaX Team <pageexec@freemail.hu>
++ * Copyright 2012-2015 by PaX Team <pageexec@freemail.hu>
+ * Licensed under the GPL v2
+ *
+ * Note: the choice of the license means that the compilation process is
@@ -110683,6 +110911,7 @@ index 0000000..d44bd9f
+}
+
+#if BUILDING_GCC_VERSION >= 4009
++namespace {
+static const struct pass_data colorize_rearm_pass_data = {
+#else
+struct simple_ipa_opt_pass colorize_rearm_pass = {
@@ -110716,7 +110945,6 @@ index 0000000..d44bd9f
+};
+
+#if BUILDING_GCC_VERSION >= 4009
-+namespace {
+class colorize_rearm_pass : public simple_ipa_opt_pass {
+public:
+ colorize_rearm_pass() : simple_ipa_opt_pass(colorize_rearm_pass_data, g) {}
@@ -110806,13 +111034,13 @@ index 0000000..d44bd9f
+}
diff --git a/tools/gcc/constify_plugin.c b/tools/gcc/constify_plugin.c
new file mode 100644
-index 0000000..3b5af59
+index 0000000..93b181d
--- /dev/null
+++ b/tools/gcc/constify_plugin.c
-@@ -0,0 +1,558 @@
+@@ -0,0 +1,563 @@
+/*
+ * Copyright 2011 by Emese Revfy <re.emese@gmail.com>
-+ * Copyright 2011-2014 by PaX Team <pageexec@freemail.hu>
++ * Copyright 2011-2015 by PaX Team <pageexec@freemail.hu>
+ * Licensed under the GPL v2, or (at your option) v3
+ *
+ * This gcc plugin constifies all structures which contain only function pointers or are explicitly marked for constification.
@@ -110827,7 +111055,7 @@ index 0000000..3b5af59
+
+#include "gcc-common.h"
+
-+// unused C type flag in all versions 4.5-4.9
++// unused C type flag in all versions 4.5-5.0
+#define TYPE_CONSTIFY_VISITED(TYPE) TYPE_LANG_FLAG_4(TYPE)
+
+int plugin_is_GPL_compatible;
@@ -111133,6 +111361,11 @@ index 0000000..3b5af59
+ if (type == NULL_TREE || type == error_mark_node)
+ return;
+
++#if BUILDING_GCC_VERSION >= 5000
++ if (TREE_CODE(type) == ENUMERAL_TYPE)
++ return;
++#endif
++
+ if (TYPE_FIELDS(type) == NULL_TREE || TYPE_CONSTIFY_VISITED(type))
+ return;
+
@@ -111233,6 +111466,7 @@ index 0000000..3b5af59
+}
+
+#if BUILDING_GCC_VERSION >= 4009
++namespace {
+static const struct pass_data check_local_variables_pass_data = {
+#else
+static struct gimple_opt_pass check_local_variables_pass = {
@@ -111266,7 +111500,6 @@ index 0000000..3b5af59
+};
+
+#if BUILDING_GCC_VERSION >= 4009
-+namespace {
+class check_local_variables_pass : public gimple_opt_pass {
+public:
+ check_local_variables_pass() : gimple_opt_pass(check_local_variables_pass_data, g) {}
@@ -111370,10 +111603,10 @@ index 0000000..3b5af59
+}
diff --git a/tools/gcc/gcc-common.h b/tools/gcc/gcc-common.h
new file mode 100644
-index 0000000..14ec226
+index 0000000..19fedf2
--- /dev/null
+++ b/tools/gcc/gcc-common.h
-@@ -0,0 +1,520 @@
+@@ -0,0 +1,540 @@
+#ifndef GCC_COMMON_H_INCLUDED
+#define GCC_COMMON_H_INCLUDED
+
@@ -111475,11 +111708,13 @@ index 0000000..14ec226
+//#include "diagnostic-color.h"
+#include "context.h"
+#include "tree-ssa-alias.h"
++#include "tree-ssa.h"
+#include "stringpool.h"
+#include "tree-ssanames.h"
+#include "print-tree.h"
+#include "tree-eh.h"
+#include "stmt.h"
++#include "gimplify.h"
+#endif
+
+#include "gimple.h"
@@ -111502,6 +111737,7 @@ index 0000000..14ec226
+//#include "lto-compress.h"
+#if BUILDING_GCC_VERSION >= 5000
+//#include "lto-section-names.h"
++#include "builtins.h"
+#endif
+
+//#include "expr.h" where are you...
@@ -111729,6 +111965,7 @@ index 0000000..14ec226
+typedef union gimple_statement_d gasm;
+typedef union gimple_statement_d gassign;
+typedef union gimple_statement_d gcall;
++typedef union gimple_statement_d gdebug;
+typedef union gimple_statement_d gphi;
+typedef union gimple_statement_d greturn;
+#endif
@@ -111755,6 +111992,7 @@ index 0000000..14ec226
+typedef struct gimple_statement_base gasm;
+typedef struct gimple_statement_base gassign;
+typedef struct gimple_statement_base gcall;
++typedef struct gimple_statement_base gdebug;
+typedef struct gimple_statement_base gphi;
+typedef struct gimple_statement_base greturn;
+#endif
@@ -111771,6 +112009,11 @@ index 0000000..14ec226
+{
+ return stmt;
+}
++
++static inline greturn *as_a_greturn(gimple stmt)
++{
++ return stmt;
++}
+#endif
+
+#if BUILDING_GCC_VERSION >= 4009
@@ -111791,16 +112034,16 @@ index 0000000..14ec226
+
+#define INSN_DELETED_P(insn) (insn)->deleted()
+
-+extern bool is_simple_builtin(tree);
-+
+// symtab/cgraph related
+#define debug_cgraph_node(node) (node)->debug()
+#define cgraph_get_node(decl) cgraph_node::get(decl)
+#define cgraph_n_nodes symtab->cgraph_count
+#define cgraph_max_uid symtab->cgraph_max_uid
++#define varpool_get_node(decl) varpool_node::get(decl)
+
+typedef struct cgraph_node *cgraph_node_ptr;
+typedef struct cgraph_edge *cgraph_edge_p;
++typedef struct varpool_node *varpool_node_ptr;
+
+static inline void change_decl_assembler_name(tree decl, tree name)
+{
@@ -111878,11 +112121,21 @@ index 0000000..14ec226
+ return as_a<gasm *>(stmt);
+}
+
++static inline const gasm *as_a_gasm(const_gimple stmt)
++{
++ return as_a<const gasm *>(stmt);
++}
++
+static inline gcall *as_a_gcall(gimple stmt)
+{
+ return as_a<gcall *>(stmt);
+}
+
++static inline greturn *as_a_greturn(gimple stmt)
++{
++ return as_a<greturn *>(stmt);
++}
++
+// IPA/LTO related
+#define ipa_ref_list_referring_iterate(L,I,P) (L)->referring.iterate((I), &(P))
+#define ipa_ref_list_reference_iterate(L,I,P) (L)->reference.iterate((I), &(P))
@@ -111910,12 +112163,12 @@ index 0000000..7514850
+fi
diff --git a/tools/gcc/kallocstat_plugin.c b/tools/gcc/kallocstat_plugin.c
new file mode 100644
-index 0000000..d81c094
+index 0000000..457d54e
--- /dev/null
+++ b/tools/gcc/kallocstat_plugin.c
-@@ -0,0 +1,183 @@
+@@ -0,0 +1,188 @@
+/*
-+ * Copyright 2011-2014 by the PaX Team <pageexec@freemail.hu>
++ * Copyright 2011-2015 by the PaX Team <pageexec@freemail.hu>
+ * Licensed under the GPL v2
+ *
+ * Note: the choice of the license means that the compilation process is
@@ -112026,6 +112279,7 @@ index 0000000..d81c094
+}
+
+#if BUILDING_GCC_VERSION >= 4009
++namespace {
+static const struct pass_data kallocstat_pass_data = {
+#else
+static struct gimple_opt_pass kallocstat_pass = {
@@ -112036,7 +112290,8 @@ index 0000000..d81c094
+#if BUILDING_GCC_VERSION >= 4008
+ .optinfo_flags = OPTGROUP_NONE,
+#endif
-+#if BUILDING_GCC_VERSION >= 4009
++#if BUILDING_GCC_VERSION >= 5000
++#elif BUILDING_GCC_VERSION == 4009
+ .has_gate = false,
+ .has_execute = true,
+#else
@@ -112058,11 +112313,14 @@ index 0000000..d81c094
+};
+
+#if BUILDING_GCC_VERSION >= 4009
-+namespace {
+class kallocstat_pass : public gimple_opt_pass {
+public:
+ kallocstat_pass() : gimple_opt_pass(kallocstat_pass_data, g) {}
++#if BUILDING_GCC_VERSION >= 5000
++ virtual unsigned int execute(function *) { return execute_kallocstat(); }
++#else
+ unsigned int execute() { return execute_kallocstat(); }
++#endif
+};
+}
+
@@ -112099,12 +112357,12 @@ index 0000000..d81c094
+}
diff --git a/tools/gcc/kernexec_plugin.c b/tools/gcc/kernexec_plugin.c
new file mode 100644
-index 0000000..89f256d
+index 0000000..71716e7
--- /dev/null
+++ b/tools/gcc/kernexec_plugin.c
-@@ -0,0 +1,522 @@
+@@ -0,0 +1,547 @@
+/*
-+ * Copyright 2011-2014 by the PaX Team <pageexec@freemail.hu>
++ * Copyright 2011-2015 by the PaX Team <pageexec@freemail.hu>
+ * Licensed under the GPL v2
+ *
+ * Note: the choice of the license means that the compilation process is
@@ -112137,7 +112395,7 @@ index 0000000..89f256d
+ */
+static void kernexec_reload_fptr_mask(gimple_stmt_iterator *gsi)
+{
-+ gimple asm_movabs_stmt;
++ gasm *asm_movabs_stmt;
+
+ // build asm volatile("movabs $0x8000000000000000, %%r12\n\t" : : : );
+ asm_movabs_stmt = gimple_build_asm_vec("movabs $0x8000000000000000, %%r12\n\t", NULL, NULL, NULL, NULL);
@@ -112159,14 +112417,17 @@ index 0000000..89f256d
+
+ for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) {
+ // gimple match: __asm__ ("" : : : "r12");
-+ gimple asm_stmt;
++ gimple stmt;
++ gasm *asm_stmt;
+ size_t nclobbers;
+
+ // is it an asm ...
-+ asm_stmt = gsi_stmt(gsi);
-+ if (gimple_code(asm_stmt) != GIMPLE_ASM)
++ stmt = gsi_stmt(gsi);
++ if (gimple_code(stmt) != GIMPLE_ASM)
+ continue;
+
++ asm_stmt = as_a_gasm(stmt);
++
+ // ... clobbering r12
+ nclobbers = gimple_asm_nclobbers(asm_stmt);
+ while (nclobbers--) {
@@ -112189,10 +112450,11 @@ index 0000000..89f256d
+ */
+static void kernexec_instrument_fptr_bts(gimple_stmt_iterator *gsi)
+{
-+ gimple assign_intptr, assign_new_fptr, call_stmt;
++ gimple assign_intptr, assign_new_fptr;
++ gcall *call_stmt;
+ tree intptr, orptr, old_fptr, new_fptr, kernexec_mask;
+
-+ call_stmt = gsi_stmt(*gsi);
++ call_stmt = as_a_gcall(gsi_stmt(*gsi));
+ old_fptr = gimple_call_fn(call_stmt);
+
+ // create temporary unsigned long variable used for bitops and cast fptr to it
@@ -112230,7 +112492,8 @@ index 0000000..89f256d
+
+static void kernexec_instrument_fptr_or(gimple_stmt_iterator *gsi)
+{
-+ gimple asm_or_stmt, call_stmt;
++ gasm *asm_or_stmt;
++ gcall *call_stmt;
+ tree old_fptr, new_fptr, input, output;
+#if BUILDING_GCC_VERSION <= 4007
+ VEC(tree, gc) *inputs = NULL;
@@ -112240,7 +112503,7 @@ index 0000000..89f256d
+ vec<tree, va_gc> *outputs = NULL;
+#endif
+
-+ call_stmt = gsi_stmt(*gsi);
++ call_stmt = as_a_gcall(gsi_stmt(*gsi));
+ old_fptr = gimple_call_fn(call_stmt);
+
+ // create temporary fptr variable
@@ -112285,12 +112548,14 @@ index 0000000..89f256d
+ for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) {
+ // gimple match: h_1 = get_fptr (); D.2709_3 = h_1 (x_2(D));
+ tree fn;
-+ gimple call_stmt;
++ gimple stmt;
++ gcall *call_stmt;
+
+ // is it a call ...
-+ call_stmt = gsi_stmt(gsi);
-+ if (!is_gimple_call(call_stmt))
++ stmt = gsi_stmt(gsi);
++ if (!is_gimple_call(stmt))
+ continue;
++ call_stmt = as_a_gcall(stmt);
+ fn = gimple_call_fn(call_stmt);
+ if (TREE_CODE(fn) == ADDR_EXPR)
+ continue;
@@ -112363,7 +112628,7 @@ index 0000000..89f256d
+ */
+static unsigned int execute_kernexec_retaddr(void)
+{
-+ rtx insn;
++ rtx_insn *insn;
+
+// if (stack_realign_drap)
+// inform(DECL_SOURCE_LOCATION(current_function_decl), "drap detected in %s\n", IDENTIFIER_POINTER(DECL_NAME(current_function_decl)));
@@ -112411,6 +112676,7 @@ index 0000000..89f256d
+}
+
+#if BUILDING_GCC_VERSION >= 4009
++namespace {
+static const struct pass_data kernexec_reload_pass_data = {
+#else
+static struct gimple_opt_pass kernexec_reload_pass = {
@@ -112421,7 +112687,8 @@ index 0000000..89f256d
+#if BUILDING_GCC_VERSION >= 4008
+ .optinfo_flags = OPTGROUP_NONE,
+#endif
-+#if BUILDING_GCC_VERSION >= 4009
++#if BUILDING_GCC_VERSION >= 5000
++#elif BUILDING_GCC_VERSION == 4009
+ .has_gate = true,
+ .has_execute = true,
+#else
@@ -112453,7 +112720,8 @@ index 0000000..89f256d
+#if BUILDING_GCC_VERSION >= 4008
+ .optinfo_flags = OPTGROUP_NONE,
+#endif
-+#if BUILDING_GCC_VERSION >= 4009
++#if BUILDING_GCC_VERSION >= 5000
++#elif BUILDING_GCC_VERSION == 4009
+ .has_gate = true,
+ .has_execute = true,
+#else
@@ -112485,7 +112753,8 @@ index 0000000..89f256d
+#if BUILDING_GCC_VERSION >= 4008
+ .optinfo_flags = OPTGROUP_NONE,
+#endif
-+#if BUILDING_GCC_VERSION >= 4009
++#if BUILDING_GCC_VERSION >= 5000
++#elif BUILDING_GCC_VERSION == 4009
+ .has_gate = true,
+ .has_execute = true,
+#else
@@ -112507,26 +112776,40 @@ index 0000000..89f256d
+};
+
+#if BUILDING_GCC_VERSION >= 4009
-+namespace {
+class kernexec_reload_pass : public gimple_opt_pass {
+public:
+ kernexec_reload_pass() : gimple_opt_pass(kernexec_reload_pass_data, g) {}
++#if BUILDING_GCC_VERSION >= 5000
++ virtual bool gate(function *) { return kernexec_cmodel_check(); }
++ virtual unsigned int execute(function *) { return execute_kernexec_reload(); }
++#else
+ bool gate() { return kernexec_cmodel_check(); }
+ unsigned int execute() { return execute_kernexec_reload(); }
++#endif
+};
+
+class kernexec_fptr_pass : public gimple_opt_pass {
+public:
+ kernexec_fptr_pass() : gimple_opt_pass(kernexec_fptr_pass_data, g) {}
++#if BUILDING_GCC_VERSION >= 5000
++ virtual bool gate(function *) { return kernexec_cmodel_check(); }
++ virtual unsigned int execute(function *) { return execute_kernexec_fptr(); }
++#else
+ bool gate() { return kernexec_cmodel_check(); }
+ unsigned int execute() { return execute_kernexec_fptr(); }
++#endif
+};
+
+class kernexec_retaddr_pass : public rtl_opt_pass {
+public:
+ kernexec_retaddr_pass() : rtl_opt_pass(kernexec_retaddr_pass_data, g) {}
++#if BUILDING_GCC_VERSION >= 5000
++ virtual bool gate(function *) { return kernexec_cmodel_check(); }
++ virtual unsigned int execute(function *) { return execute_kernexec_retaddr(); }
++#else
+ bool gate() { return kernexec_cmodel_check(); }
+ unsigned int execute() { return execute_kernexec_retaddr(); }
++#endif
+};
+}
+
@@ -112627,12 +112910,12 @@ index 0000000..89f256d
+}
diff --git a/tools/gcc/latent_entropy_plugin.c b/tools/gcc/latent_entropy_plugin.c
new file mode 100644
-index 0000000..2a39357
+index 0000000..d383708
--- /dev/null
+++ b/tools/gcc/latent_entropy_plugin.c
-@@ -0,0 +1,467 @@
+@@ -0,0 +1,473 @@
+/*
-+ * Copyright 2012-2014 by the PaX Team <pageexec@freemail.hu>
++ * Copyright 2012-2015 by the PaX Team <pageexec@freemail.hu>
+ * Licensed under the GPL v2
+ *
+ * Note: the choice of the license means that the compilation process is
@@ -113012,6 +113295,7 @@ index 0000000..2a39357
+}
+
+#if BUILDING_GCC_VERSION >= 4009
++namespace {
+static const struct pass_data latent_entropy_pass_data = {
+#else
+static struct gimple_opt_pass latent_entropy_pass = {
@@ -113022,7 +113306,8 @@ index 0000000..2a39357
+#if BUILDING_GCC_VERSION >= 4008
+ .optinfo_flags = OPTGROUP_NONE,
+#endif
-+#if BUILDING_GCC_VERSION >= 4009
++#if BUILDING_GCC_VERSION >= 5000
++#elif BUILDING_GCC_VERSION == 4009
+ .has_gate = true,
+ .has_execute = true,
+#else
@@ -113044,12 +113329,16 @@ index 0000000..2a39357
+};
+
+#if BUILDING_GCC_VERSION >= 4009
-+namespace {
+class latent_entropy_pass : public gimple_opt_pass {
+public:
+ latent_entropy_pass() : gimple_opt_pass(latent_entropy_pass_data, g) {}
++#if BUILDING_GCC_VERSION >= 5000
++ virtual bool gate(function *) { return gate_latent_entropy(); }
++ virtual unsigned int execute(function *) { return execute_latent_entropy(); }
++#else
+ bool gate() { return gate_latent_entropy(); }
+ unsigned int execute() { return execute_latent_entropy(); }
++#endif
+};
+}
+
@@ -113100,12 +113389,12 @@ index 0000000..2a39357
+}
diff --git a/tools/gcc/randomize_layout_plugin.c b/tools/gcc/randomize_layout_plugin.c
new file mode 100644
-index 0000000..a5cb46b
+index 0000000..e1983c0
--- /dev/null
+++ b/tools/gcc/randomize_layout_plugin.c
-@@ -0,0 +1,915 @@
+@@ -0,0 +1,917 @@
+/*
-+ * Copyright 2014 by Open Source Security, Inc., Brad Spengler <spender@grsecurity.net>
++ * Copyright 2014,2015 by Open Source Security, Inc., Brad Spengler <spender@grsecurity.net>
+ * and PaX Team <pageexec@freemail.hu>
+ * Licensed under the GPL v2
+ *
@@ -113120,7 +113409,8 @@ index 0000000..a5cb46b
+#include "gcc-common.h"
+#include "randomize_layout_seed.h"
+
-+#if BUILDING_GCC_MAJOR < 4 || BUILDING_GCC_MINOR < 6 || (BUILDING_GCC_MINOR == 6 && BUILDING_GCC_PATCHLEVEL < 4)
++#if BUILDING_GCC_MAJOR < 4 || (BUILDING_GCC_MAJOR == 4 && BUILDING_GCC_MINOR < 6) || \
++ (BUILDING_GCC_MAJOR == 4 && BUILDING_GCC_MINOR == 6 && BUILDING_GCC_PATCHLEVEL < 4)
+#error "The RANDSTRUCT plugin requires GCC 4.6.4 or newer."
+#endif
+
@@ -113920,7 +114210,8 @@ index 0000000..a5cb46b
+#if BUILDING_GCC_VERSION >= 4008
+ .optinfo_flags = OPTGROUP_NONE,
+#endif
-+#if BUILDING_GCC_VERSION >= 4009
++#if BUILDING_GCC_VERSION >= 5000
++#elif BUILDING_GCC_VERSION >= 4009
+ .has_gate = false,
+ .has_execute = true,
+#else
@@ -113980,8 +114271,8 @@ index 0000000..a5cb46b
+ return 1;
+ }
+
-+ if (strcmp(lang_hooks.name, "GNU C")) {
-+ inform(UNKNOWN_LOCATION, G_("%s supports C only"), plugin_name);
++ if (strncmp(lang_hooks.name, "GNU C", 5) && !strncmp(lang_hooks.name, "GNU C+", 6)) {
++ inform(UNKNOWN_LOCATION, G_("%s supports C only, not %s"), plugin_name, lang_hooks.name);
+ enable = false;
+ }
+
@@ -147228,12 +147519,12 @@ index 0000000..fd4aa92
+}
diff --git a/tools/gcc/stackleak_plugin.c b/tools/gcc/stackleak_plugin.c
new file mode 100644
-index 0000000..90125d6
+index 0000000..51dc09d
--- /dev/null
+++ b/tools/gcc/stackleak_plugin.c
-@@ -0,0 +1,396 @@
+@@ -0,0 +1,408 @@
+/*
-+ * Copyright 2011-2014 by the PaX Team <pageexec@freemail.hu>
++ * Copyright 2011-2015 by the PaX Team <pageexec@freemail.hu>
+ * Licensed under the GPL v2
+ *
+ * Note: the choice of the license means that the compilation process is
@@ -147360,7 +147651,7 @@ index 0000000..90125d6
+
+static unsigned int execute_stackleak_final(void)
+{
-+ rtx insn, next;
++ rtx_insn *insn, *next;
+
+ if (cfun->calls_alloca)
+ return 0;
@@ -147454,6 +147745,7 @@ index 0000000..90125d6
+}
+
+#if BUILDING_GCC_VERSION >= 4009
++namespace {
+static const struct pass_data stackleak_tree_instrument_pass_data = {
+#else
+static struct gimple_opt_pass stackleak_tree_instrument_pass = {
@@ -147464,7 +147756,8 @@ index 0000000..90125d6
+#if BUILDING_GCC_VERSION >= 4008
+ .optinfo_flags = OPTGROUP_NONE,
+#endif
-+#if BUILDING_GCC_VERSION >= 4009
++#if BUILDING_GCC_VERSION >= 5000
++#elif BUILDING_GCC_VERSION == 4009
+ .has_gate = true,
+ .has_execute = true,
+#else
@@ -147496,7 +147789,8 @@ index 0000000..90125d6
+#if BUILDING_GCC_VERSION >= 4008
+ .optinfo_flags = OPTGROUP_NONE,
+#endif
-+#if BUILDING_GCC_VERSION >= 4009
++#if BUILDING_GCC_VERSION >= 5000
++#elif BUILDING_GCC_VERSION == 4009
+ .has_gate = true,
+ .has_execute = true,
+#else
@@ -147518,19 +147812,28 @@ index 0000000..90125d6
+};
+
+#if BUILDING_GCC_VERSION >= 4009
-+namespace {
+class stackleak_tree_instrument_pass : public gimple_opt_pass {
+public:
+ stackleak_tree_instrument_pass() : gimple_opt_pass(stackleak_tree_instrument_pass_data, g) {}
++#if BUILDING_GCC_VERSION >= 5000
++ virtual bool gate(function *) { return gate_stackleak_track_stack(); }
++ virtual unsigned int execute(function *) { return execute_stackleak_tree_instrument(); }
++#else
+ bool gate() { return gate_stackleak_track_stack(); }
+ unsigned int execute() { return execute_stackleak_tree_instrument(); }
++#endif
+};
+
+class stackleak_final_rtl_opt_pass : public rtl_opt_pass {
+public:
+ stackleak_final_rtl_opt_pass() : rtl_opt_pass(stackleak_final_rtl_opt_pass_data, g) {}
++#if BUILDING_GCC_VERSION >= 5000
++ virtual bool gate(function *) { return gate_stackleak_track_stack(); }
++ virtual unsigned int execute(function *) { return execute_stackleak_final(); }
++#else
+ bool gate() { return gate_stackleak_track_stack(); }
+ unsigned int execute() { return execute_stackleak_final(); }
++#endif
+};
+}
+
@@ -147630,12 +147933,12 @@ index 0000000..90125d6
+}
diff --git a/tools/gcc/structleak_plugin.c b/tools/gcc/structleak_plugin.c
new file mode 100644
-index 0000000..4ee2231
+index 0000000..4436cbe
--- /dev/null
+++ b/tools/gcc/structleak_plugin.c
-@@ -0,0 +1,274 @@
+@@ -0,0 +1,287 @@
+/*
-+ * Copyright 2013-2014 by PaX Team <pageexec@freemail.hu>
++ * Copyright 2013-2015 by PaX Team <pageexec@freemail.hu>
+ * Licensed under the GPL v2
+ *
+ * Note: the choice of the license means that the compilation process is
@@ -147662,8 +147965,8 @@ index 0000000..4ee2231
+
+#include "gcc-common.h"
+
-+// unused C type flag in all versions 4.5-4.9
-+#define TYPE_USERSPACE(TYPE) TYPE_LANG_FLAG_3(TYPE)
++// unused C type flag in all versions 4.5-5.0
++#define TYPE_USERSPACE(TYPE) TYPE_LANG_FLAG_5(TYPE)
+
+int plugin_is_GPL_compatible;
+
@@ -147730,6 +148033,14 @@ index 0000000..4ee2231
+{
+ tree type = (tree)event_data;
+
++ if (type == NULL_TREE || type == error_mark_node)
++ return;
++
++#if BUILDING_GCC_VERSION >= 5000
++ if (TREE_CODE(type) == ENUMERAL_TYPE)
++ return;
++#endif
++
+ if (TYPE_USERSPACE(type))
+ return;
+
@@ -147816,6 +148127,7 @@ index 0000000..4ee2231
+}
+
+#if BUILDING_GCC_VERSION >= 4009
++namespace {
+static const struct pass_data structleak_pass_data = {
+#else
+static struct gimple_opt_pass structleak_pass = {
@@ -147826,7 +148138,8 @@ index 0000000..4ee2231
+#if BUILDING_GCC_VERSION >= 4008
+ .optinfo_flags = OPTGROUP_NONE,
+#endif
-+#if BUILDING_GCC_VERSION >= 4009
++#if BUILDING_GCC_VERSION >= 5000
++#elif BUILDING_GCC_VERSION == 4009
+ .has_gate = false,
+ .has_execute = true,
+#else
@@ -147848,11 +148161,14 @@ index 0000000..4ee2231
+};
+
+#if BUILDING_GCC_VERSION >= 4009
-+namespace {
+class structleak_pass : public gimple_opt_pass {
+public:
+ structleak_pass() : gimple_opt_pass(structleak_pass_data, g) {}
++#if BUILDING_GCC_VERSION >= 5000
++ virtual unsigned int execute(function *) { return handle_function(); }
++#else
+ unsigned int execute() { return handle_function(); }
++#endif
+};
+}
+
@@ -147886,7 +148202,7 @@ index 0000000..4ee2231
+ return 1;
+ }
+
-+ if (strcmp(lang_hooks.name, "GNU C")) {
++ if (strncmp(lang_hooks.name, "GNU C", 5) || !strncmp(lang_hooks.name, "GNU C+", 6)) {
+ inform(UNKNOWN_LOCATION, G_("%s supports C only"), plugin_name);
+ enable = false;
+ }
diff --git a/3.2.68/0000_README b/3.2.68/0000_README
index 1221adb..15188a5 100644
--- a/3.2.68/0000_README
+++ b/3.2.68/0000_README
@@ -190,7 +190,7 @@ Patch: 1067_linux-3.2.68.patch
From: http://www.kernel.org
Desc: Linux 3.2.68
-Patch: 4420_grsecurity-3.1-3.2.68-201504142258.patch
+Patch: 4420_grsecurity-3.1-3.2.68-201504270825.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.2.68/4420_grsecurity-3.1-3.2.68-201504142258.patch b/3.2.68/4420_grsecurity-3.1-3.2.68-201504270825.patch
similarity index 99%
rename from 3.2.68/4420_grsecurity-3.1-3.2.68-201504142258.patch
rename to 3.2.68/4420_grsecurity-3.1-3.2.68-201504270825.patch
index 6147d13..5f8c996 100644
--- a/3.2.68/4420_grsecurity-3.1-3.2.68-201504142258.patch
+++ b/3.2.68/4420_grsecurity-3.1-3.2.68-201504270825.patch
@@ -45874,6 +45874,19 @@ index a3bd0ba..8a34a90 100644
int (*set_speed)(struct net_device *, u8 aneg, u16 sp, u8 dpx, u32 adv);
int (*get_settings)(struct net_device *, struct ethtool_cmd *);
+diff --git a/drivers/net/ethernet/sfc/selftest.c b/drivers/net/ethernet/sfc/selftest.c
+index 4907885..af3d197 100644
+--- a/drivers/net/ethernet/sfc/selftest.c
++++ b/drivers/net/ethernet/sfc/selftest.c
+@@ -37,7 +37,7 @@ struct efx_loopback_payload {
+ struct iphdr ip;
+ struct udphdr udp;
+ __be16 iteration;
+- const char msg[64];
++ char msg[64];
+ } __packed;
+
+ /* Loopback test source MAC address */
diff --git a/drivers/net/ethernet/sis/sis190.c b/drivers/net/ethernet/sis/sis190.c
index 1b4658c..a30dabb 100644
--- a/drivers/net/ethernet/sis/sis190.c
@@ -58869,7 +58882,7 @@ index 451b9b8..12e5a03 100644
out_free_fd:
diff --git a/fs/exec.c b/fs/exec.c
-index 78199eb..abce65a 100644
+index 78199eb..ffeac65 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -55,12 +55,35 @@
@@ -59203,7 +59216,22 @@ index 78199eb..abce65a 100644
task_unlock(tsk);
arch_pick_mmap_layout(mm);
if (old_mm) {
-@@ -1070,6 +1149,21 @@ void set_task_comm(struct task_struct *tsk, char *buf)
+@@ -903,9 +982,13 @@ static int de_thread(struct task_struct *tsk)
+ if (!thread_group_leader(tsk)) {
+ struct task_struct *leader = tsk->group_leader;
+
+- sig->notify_count = -1; /* for exit_notify() */
+ for (;;) {
+ write_lock_irq(&tasklist_lock);
++ /*
++ * Do this under tasklist_lock to ensure that
++ * exit_notify() can't miss ->group_exit_task
++ */
++ sig->notify_count = -1;
+ if (likely(leader->exit_state))
+ break;
+ __set_current_state(TASK_UNINTERRUPTIBLE);
+@@ -1070,6 +1153,21 @@ void set_task_comm(struct task_struct *tsk, char *buf)
perf_event_comm(tsk);
}
@@ -59225,7 +59253,7 @@ index 78199eb..abce65a 100644
int flush_old_exec(struct linux_binprm * bprm)
{
int retval;
-@@ -1084,6 +1178,7 @@ int flush_old_exec(struct linux_binprm * bprm)
+@@ -1084,6 +1182,7 @@ int flush_old_exec(struct linux_binprm * bprm)
set_mm_exe_file(bprm->mm, bprm->file);
@@ -59233,7 +59261,7 @@ index 78199eb..abce65a 100644
/*
* Release all of the old mmap stuff
*/
-@@ -1116,10 +1211,6 @@ EXPORT_SYMBOL(would_dump);
+@@ -1116,10 +1215,6 @@ EXPORT_SYMBOL(would_dump);
void setup_new_exec(struct linux_binprm * bprm)
{
@@ -59244,7 +59272,7 @@ index 78199eb..abce65a 100644
arch_pick_mmap_layout(current->mm);
/* This is the point of no return */
-@@ -1130,18 +1221,7 @@ void setup_new_exec(struct linux_binprm * bprm)
+@@ -1130,18 +1225,7 @@ void setup_new_exec(struct linux_binprm * bprm)
else
set_dumpable(current->mm, suid_dumpable);
@@ -59264,7 +59292,7 @@ index 78199eb..abce65a 100644
/* Set the new mm task size. We have to do that late because it may
* depend on TIF_32BIT which is only updated in flush_thread() on
-@@ -1229,7 +1309,7 @@ void install_exec_creds(struct linux_binprm *bprm)
+@@ -1229,7 +1313,7 @@ void install_exec_creds(struct linux_binprm *bprm)
* wait until new credentials are committed
* by commit_creds() above
*/
@@ -59273,7 +59301,7 @@ index 78199eb..abce65a 100644
perf_event_exit_task(current);
/*
* cred_guard_mutex must be held at least to this point to prevent
-@@ -1259,6 +1339,13 @@ int check_unsafe_exec(struct linux_binprm *bprm)
+@@ -1259,6 +1343,13 @@ int check_unsafe_exec(struct linux_binprm *bprm)
bprm->unsafe |= LSM_UNSAFE_PTRACE;
}
@@ -59287,7 +59315,7 @@ index 78199eb..abce65a 100644
n_fs = 1;
spin_lock(&p->fs->lock);
rcu_read_lock();
-@@ -1268,7 +1355,7 @@ int check_unsafe_exec(struct linux_binprm *bprm)
+@@ -1268,7 +1359,7 @@ int check_unsafe_exec(struct linux_binprm *bprm)
}
rcu_read_unlock();
@@ -59296,17 +59324,99 @@ index 78199eb..abce65a 100644
bprm->unsafe |= LSM_UNSAFE_SHARE;
} else {
res = -EAGAIN;
-@@ -1302,7 +1389,8 @@ int prepare_binprm(struct linux_binprm *bprm)
+@@ -1282,45 +1373,60 @@ int check_unsafe_exec(struct linux_binprm *bprm)
+ return res;
+ }
+
+-/*
+- * Fill the binprm structure from the inode.
+- * Check permissions, then read the first 128 (BINPRM_BUF_SIZE) bytes
+- *
+- * This may be called multiple times for binary chains (scripts for example).
+- */
+-int prepare_binprm(struct linux_binprm *bprm)
++static void bprm_fill_uid(struct linux_binprm *bprm)
+ {
+- umode_t mode;
+- struct inode * inode = bprm->file->f_path.dentry->d_inode;
+- int retval;
+-
+- mode = inode->i_mode;
+- if (bprm->file->f_op == NULL)
+- return -EACCES;
++ struct inode *inode;
++ unsigned int mode;
++ uid_t uid;
++ gid_t gid;
+
+ /* clear any previous set[ug]id data from a previous binary */
bprm->cred->euid = current_euid();
bprm->cred->egid = current_egid();
- if (!(bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)) {
-+ if (!(bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID) &&
-+ !current->no_new_privs) {
- /* Set-uid? */
- if (mode & S_ISUID) {
- bprm->per_clear |= PER_CLEAR_ON_SETID;
-@@ -1463,6 +1551,31 @@ int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs)
+- /* Set-uid? */
+- if (mode & S_ISUID) {
+- bprm->per_clear |= PER_CLEAR_ON_SETID;
+- bprm->cred->euid = inode->i_uid;
+- }
+-
+- /* Set-gid? */
+- /*
+- * If setgid is set but no group execute bit then this
+- * is a candidate for mandatory locking, not a setgid
+- * executable.
+- */
+- if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) {
+- bprm->per_clear |= PER_CLEAR_ON_SETID;
+- bprm->cred->egid = inode->i_gid;
+- }
++ if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)
++ return;
++
++ if (current->no_new_privs)
++ return;
++
++ inode = bprm->file->f_path.dentry->d_inode;
++ mode = ACCESS_ONCE(inode->i_mode);
++ if (!(mode & (S_ISUID|S_ISGID)))
++ return;
++
++ /* Be careful if suid/sgid is set */
++ mutex_lock(&inode->i_mutex);
++
++ /* reload atomically mode/uid/gid now that lock held */
++ mode = inode->i_mode;
++ uid = inode->i_uid;
++ gid = inode->i_gid;
++ mutex_unlock(&inode->i_mutex);
++
++ if (mode & S_ISUID) {
++ bprm->per_clear |= PER_CLEAR_ON_SETID;
++ bprm->cred->euid = uid;
+ }
+
++ if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) {
++ bprm->per_clear |= PER_CLEAR_ON_SETID;
++ bprm->cred->egid = gid;
++ }
++}
++
++/*
++ * Fill the binprm structure from the inode.
++ * Check permissions, then read the first 128 (BINPRM_BUF_SIZE) bytes
++ *
++ * This may be called multiple times for binary chains (scripts for example).
++ */
++int prepare_binprm(struct linux_binprm *bprm)
++{
++ int retval;
++
++ bprm_fill_uid(bprm);
++
+ /* fill in binprm security blob */
+ retval = security_bprm_set_creds(bprm);
+ if (retval)
+@@ -1463,6 +1569,31 @@ int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs)
EXPORT_SYMBOL(search_binary_handler);
@@ -59338,7 +59448,7 @@ index 78199eb..abce65a 100644
/*
* sys_execve() executes a new program.
*/
-@@ -1471,6 +1584,11 @@ static int do_execve_common(const char *filename,
+@@ -1471,6 +1602,11 @@ static int do_execve_common(const char *filename,
struct user_arg_ptr envp,
struct pt_regs *regs)
{
@@ -59350,7 +59460,7 @@ index 78199eb..abce65a 100644
struct linux_binprm *bprm;
struct file *file;
struct files_struct *displaced;
-@@ -1478,6 +1596,8 @@ static int do_execve_common(const char *filename,
+@@ -1478,6 +1614,8 @@ static int do_execve_common(const char *filename,
int retval;
const struct cred *cred = current_cred();
@@ -59359,7 +59469,7 @@ index 78199eb..abce65a 100644
/*
* We move the actual failure in case of RLIMIT_NPROC excess from
* set*uid() to execve() because too many poorly written programs
-@@ -1518,12 +1638,22 @@ static int do_execve_common(const char *filename,
+@@ -1518,12 +1656,22 @@ static int do_execve_common(const char *filename,
if (IS_ERR(file))
goto out_unmark;
@@ -59382,7 +59492,7 @@ index 78199eb..abce65a 100644
retval = bprm_mm_init(bprm);
if (retval)
goto out_file;
-@@ -1540,24 +1670,70 @@ static int do_execve_common(const char *filename,
+@@ -1540,24 +1688,70 @@ static int do_execve_common(const char *filename,
if (retval < 0)
goto out;
@@ -59457,7 +59567,7 @@ index 78199eb..abce65a 100644
current->fs->in_exec = 0;
current->in_execve = 0;
acct_update_integrals(current);
-@@ -1566,6 +1742,14 @@ static int do_execve_common(const char *filename,
+@@ -1566,6 +1760,14 @@ static int do_execve_common(const char *filename,
put_files_struct(displaced);
return retval;
@@ -59472,7 +59582,7 @@ index 78199eb..abce65a 100644
out:
if (bprm->mm) {
acct_arg_size(bprm, 0);
-@@ -1639,7 +1823,7 @@ static int expand_corename(struct core_name *cn)
+@@ -1639,7 +1841,7 @@ static int expand_corename(struct core_name *cn)
{
char *old_corename = cn->corename;
@@ -59481,7 +59591,7 @@ index 78199eb..abce65a 100644
cn->corename = krealloc(old_corename, cn->size, GFP_KERNEL);
if (!cn->corename) {
-@@ -1736,7 +1920,7 @@ static int format_corename(struct core_name *cn, long signr)
+@@ -1736,7 +1938,7 @@ static int format_corename(struct core_name *cn, long signr)
int pid_in_pattern = 0;
int err = 0;
@@ -59490,7 +59600,7 @@ index 78199eb..abce65a 100644
cn->corename = kmalloc(cn->size, GFP_KERNEL);
cn->used = 0;
-@@ -1833,6 +2017,309 @@ out:
+@@ -1833,6 +2035,309 @@ out:
return ispipe;
}
@@ -59800,7 +59910,7 @@ index 78199eb..abce65a 100644
static int zap_process(struct task_struct *start, int exit_code)
{
struct task_struct *t;
-@@ -2006,17 +2493,17 @@ static void coredump_finish(struct mm_struct *mm)
+@@ -2006,17 +2511,17 @@ static void coredump_finish(struct mm_struct *mm)
void set_dumpable(struct mm_struct *mm, int value)
{
switch (value) {
@@ -59821,7 +59931,7 @@ index 78199eb..abce65a 100644
set_bit(MMF_DUMP_SECURELY, &mm->flags);
smp_wmb();
set_bit(MMF_DUMPABLE, &mm->flags);
-@@ -2029,7 +2516,7 @@ static int __get_dumpable(unsigned long mm_flags)
+@@ -2029,7 +2534,7 @@ static int __get_dumpable(unsigned long mm_flags)
int ret;
ret = mm_flags & MMF_DUMPABLE_MASK;
@@ -59830,7 +59940,7 @@ index 78199eb..abce65a 100644
}
/*
-@@ -2050,17 +2537,17 @@ static void wait_for_dump_helpers(struct file *file)
+@@ -2050,17 +2555,17 @@ static void wait_for_dump_helpers(struct file *file)
pipe = file->f_path.dentry->d_inode->i_pipe;
pipe_lock(pipe);
@@ -59853,7 +59963,7 @@ index 78199eb..abce65a 100644
pipe_unlock(pipe);
}
-@@ -2121,7 +2608,8 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
+@@ -2121,7 +2626,8 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
int retval = 0;
int flag = 0;
int ispipe;
@@ -59863,7 +59973,7 @@ index 78199eb..abce65a 100644
struct coredump_params cprm = {
.signr = signr,
.regs = regs,
-@@ -2136,6 +2624,9 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
+@@ -2136,6 +2642,9 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
audit_core_dumps(signr);
@@ -59873,7 +59983,7 @@ index 78199eb..abce65a 100644
binfmt = mm->binfmt;
if (!binfmt || !binfmt->core_dump)
goto fail;
-@@ -2146,14 +2637,16 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
+@@ -2146,14 +2655,16 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
if (!cred)
goto fail;
/*
@@ -59894,7 +60004,7 @@ index 78199eb..abce65a 100644
}
retval = coredump_wait(exit_code, &core_state);
-@@ -2203,7 +2696,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
+@@ -2203,7 +2714,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
}
cprm.limit = RLIM_INFINITY;
@@ -59903,7 +60013,7 @@ index 78199eb..abce65a 100644
if (core_pipe_limit && (core_pipe_limit < dump_count)) {
printk(KERN_WARNING "Pid %d(%s) over core_pipe_limit\n",
task_tgid_vnr(current), current->comm);
-@@ -2230,9 +2723,19 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
+@@ -2230,9 +2741,19 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
} else {
struct inode *inode;
@@ -59923,7 +60033,7 @@ index 78199eb..abce65a 100644
cprm.file = filp_open(cn.corename,
O_CREAT | 2 | O_NOFOLLOW | O_LARGEFILE | flag,
0600);
-@@ -2273,7 +2776,7 @@ close_fail:
+@@ -2273,7 +2794,7 @@ close_fail:
filp_close(cprm.file, NULL);
fail_dropcount:
if (ispipe)
@@ -59932,7 +60042,7 @@ index 78199eb..abce65a 100644
fail_unlock:
kfree(cn.corename);
fail_corename:
-@@ -2292,7 +2795,7 @@ fail:
+@@ -2292,7 +2813,7 @@ fail:
*/
int dump_write(struct file *file, const void *addr, int nr)
{
@@ -80307,10 +80417,10 @@ index e2a360a..1d61efb 100644
#if __GNUC_MINOR__ > 0
diff --git a/include/linux/compiler-gcc5.h b/include/linux/compiler-gcc5.h
-index cdd1cc2..59dc542 100644
+index cdd1cc2..2401b2e 100644
--- a/include/linux/compiler-gcc5.h
+++ b/include/linux/compiler-gcc5.h
-@@ -28,6 +28,28 @@
+@@ -28,6 +28,26 @@
# define __compiletime_error(message) __attribute__((error(message)))
#endif /* __CHECKER__ */
@@ -80320,7 +80430,6 @@ index cdd1cc2..59dc542 100644
+#define __bos1(ptr) __bos((ptr), 1)
+
+#ifdef CONSTIFY_PLUGIN
-+#error not yet
+#define __no_const __attribute__((no_const))
+#define __do_const __attribute__((do_const))
+#endif
@@ -80332,13 +80441,20 @@ index cdd1cc2..59dc542 100644
+#endif
+
+#ifdef LATENT_ENTROPY_PLUGIN
-+#error not yet
+#define __latent_entropy __attribute__((latent_entropy))
+#endif
+
/*
* Mark a position in code as unreachable. This can be used to
* suppress control flow warnings after asm blocks that transfer
+@@ -53,7 +73,6 @@
+ * http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58670
+ *
+ * Work it around via a compiler barrier quirk suggested by Jakub Jelinek.
+- * Fixed in GCC 4.8.2 and later versions.
+ *
+ * (asm goto is automatically volatile - the naming reflects this.)
+ */
diff --git a/include/linux/compiler.h b/include/linux/compiler.h
index 7c7546b..92ea3ae 100644
--- a/include/linux/compiler.h
@@ -82714,7 +82830,7 @@ index 9146f39..536519a 100644
#define __meminitconst __section(.meminit.rodata)
#define __memexit __section(.memexit.text) __exitused __cold notrace
diff --git a/include/linux/init_task.h b/include/linux/init_task.h
-index cdde2b3..d782954 100644
+index cdde2b37..d782954 100644
--- a/include/linux/init_task.h
+++ b/include/linux/init_task.h
@@ -144,6 +144,12 @@ extern struct task_group root_task_group;
@@ -111376,6 +111492,9 @@ index 0000000..eaa4fce
+ exit 0
+fi
+exit 1
+diff --git a/scripts/gcc-version.sh b/scripts/gcc-version.sh
+old mode 100644
+new mode 100755
diff --git a/scripts/headers_install.pl b/scripts/headers_install.pl
index 48462be..3e08f94 100644
--- a/scripts/headers_install.pl
@@ -115394,12 +115513,12 @@ index 0000000..5452feea
+}
diff --git a/tools/gcc/colorize_plugin.c b/tools/gcc/colorize_plugin.c
new file mode 100644
-index 0000000..d44bd9f
+index 0000000..0c96d8a
--- /dev/null
+++ b/tools/gcc/colorize_plugin.c
@@ -0,0 +1,215 @@
+/*
-+ * Copyright 2012-2014 by PaX Team <pageexec@freemail.hu>
++ * Copyright 2012-2015 by PaX Team <pageexec@freemail.hu>
+ * Licensed under the GPL v2
+ *
+ * Note: the choice of the license means that the compilation process is
@@ -115492,6 +115611,7 @@ index 0000000..d44bd9f
+}
+
+#if BUILDING_GCC_VERSION >= 4009
++namespace {
+static const struct pass_data colorize_rearm_pass_data = {
+#else
+struct simple_ipa_opt_pass colorize_rearm_pass = {
@@ -115525,7 +115645,6 @@ index 0000000..d44bd9f
+};
+
+#if BUILDING_GCC_VERSION >= 4009
-+namespace {
+class colorize_rearm_pass : public simple_ipa_opt_pass {
+public:
+ colorize_rearm_pass() : simple_ipa_opt_pass(colorize_rearm_pass_data, g) {}
@@ -115615,13 +115734,13 @@ index 0000000..d44bd9f
+}
diff --git a/tools/gcc/constify_plugin.c b/tools/gcc/constify_plugin.c
new file mode 100644
-index 0000000..3b5af59
+index 0000000..93b181d
--- /dev/null
+++ b/tools/gcc/constify_plugin.c
-@@ -0,0 +1,558 @@
+@@ -0,0 +1,563 @@
+/*
+ * Copyright 2011 by Emese Revfy <re.emese@gmail.com>
-+ * Copyright 2011-2014 by PaX Team <pageexec@freemail.hu>
++ * Copyright 2011-2015 by PaX Team <pageexec@freemail.hu>
+ * Licensed under the GPL v2, or (at your option) v3
+ *
+ * This gcc plugin constifies all structures which contain only function pointers or are explicitly marked for constification.
@@ -115636,7 +115755,7 @@ index 0000000..3b5af59
+
+#include "gcc-common.h"
+
-+// unused C type flag in all versions 4.5-4.9
++// unused C type flag in all versions 4.5-5.0
+#define TYPE_CONSTIFY_VISITED(TYPE) TYPE_LANG_FLAG_4(TYPE)
+
+int plugin_is_GPL_compatible;
@@ -115942,6 +116061,11 @@ index 0000000..3b5af59
+ if (type == NULL_TREE || type == error_mark_node)
+ return;
+
++#if BUILDING_GCC_VERSION >= 5000
++ if (TREE_CODE(type) == ENUMERAL_TYPE)
++ return;
++#endif
++
+ if (TYPE_FIELDS(type) == NULL_TREE || TYPE_CONSTIFY_VISITED(type))
+ return;
+
@@ -116042,6 +116166,7 @@ index 0000000..3b5af59
+}
+
+#if BUILDING_GCC_VERSION >= 4009
++namespace {
+static const struct pass_data check_local_variables_pass_data = {
+#else
+static struct gimple_opt_pass check_local_variables_pass = {
@@ -116075,7 +116200,6 @@ index 0000000..3b5af59
+};
+
+#if BUILDING_GCC_VERSION >= 4009
-+namespace {
+class check_local_variables_pass : public gimple_opt_pass {
+public:
+ check_local_variables_pass() : gimple_opt_pass(check_local_variables_pass_data, g) {}
@@ -116179,10 +116303,10 @@ index 0000000..3b5af59
+}
diff --git a/tools/gcc/gcc-common.h b/tools/gcc/gcc-common.h
new file mode 100644
-index 0000000..14ec226
+index 0000000..19fedf2
--- /dev/null
+++ b/tools/gcc/gcc-common.h
-@@ -0,0 +1,520 @@
+@@ -0,0 +1,540 @@
+#ifndef GCC_COMMON_H_INCLUDED
+#define GCC_COMMON_H_INCLUDED
+
@@ -116284,11 +116408,13 @@ index 0000000..14ec226
+//#include "diagnostic-color.h"
+#include "context.h"
+#include "tree-ssa-alias.h"
++#include "tree-ssa.h"
+#include "stringpool.h"
+#include "tree-ssanames.h"
+#include "print-tree.h"
+#include "tree-eh.h"
+#include "stmt.h"
++#include "gimplify.h"
+#endif
+
+#include "gimple.h"
@@ -116311,6 +116437,7 @@ index 0000000..14ec226
+//#include "lto-compress.h"
+#if BUILDING_GCC_VERSION >= 5000
+//#include "lto-section-names.h"
++#include "builtins.h"
+#endif
+
+//#include "expr.h" where are you...
@@ -116538,6 +116665,7 @@ index 0000000..14ec226
+typedef union gimple_statement_d gasm;
+typedef union gimple_statement_d gassign;
+typedef union gimple_statement_d gcall;
++typedef union gimple_statement_d gdebug;
+typedef union gimple_statement_d gphi;
+typedef union gimple_statement_d greturn;
+#endif
@@ -116564,6 +116692,7 @@ index 0000000..14ec226
+typedef struct gimple_statement_base gasm;
+typedef struct gimple_statement_base gassign;
+typedef struct gimple_statement_base gcall;
++typedef struct gimple_statement_base gdebug;
+typedef struct gimple_statement_base gphi;
+typedef struct gimple_statement_base greturn;
+#endif
@@ -116580,6 +116709,11 @@ index 0000000..14ec226
+{
+ return stmt;
+}
++
++static inline greturn *as_a_greturn(gimple stmt)
++{
++ return stmt;
++}
+#endif
+
+#if BUILDING_GCC_VERSION >= 4009
@@ -116600,16 +116734,16 @@ index 0000000..14ec226
+
+#define INSN_DELETED_P(insn) (insn)->deleted()
+
-+extern bool is_simple_builtin(tree);
-+
+// symtab/cgraph related
+#define debug_cgraph_node(node) (node)->debug()
+#define cgraph_get_node(decl) cgraph_node::get(decl)
+#define cgraph_n_nodes symtab->cgraph_count
+#define cgraph_max_uid symtab->cgraph_max_uid
++#define varpool_get_node(decl) varpool_node::get(decl)
+
+typedef struct cgraph_node *cgraph_node_ptr;
+typedef struct cgraph_edge *cgraph_edge_p;
++typedef struct varpool_node *varpool_node_ptr;
+
+static inline void change_decl_assembler_name(tree decl, tree name)
+{
@@ -116687,11 +116821,21 @@ index 0000000..14ec226
+ return as_a<gasm *>(stmt);
+}
+
++static inline const gasm *as_a_gasm(const_gimple stmt)
++{
++ return as_a<const gasm *>(stmt);
++}
++
+static inline gcall *as_a_gcall(gimple stmt)
+{
+ return as_a<gcall *>(stmt);
+}
+
++static inline greturn *as_a_greturn(gimple stmt)
++{
++ return as_a<greturn *>(stmt);
++}
++
+// IPA/LTO related
+#define ipa_ref_list_referring_iterate(L,I,P) (L)->referring.iterate((I), &(P))
+#define ipa_ref_list_reference_iterate(L,I,P) (L)->reference.iterate((I), &(P))
@@ -116719,12 +116863,12 @@ index 0000000..7514850
+fi
diff --git a/tools/gcc/kallocstat_plugin.c b/tools/gcc/kallocstat_plugin.c
new file mode 100644
-index 0000000..d81c094
+index 0000000..457d54e
--- /dev/null
+++ b/tools/gcc/kallocstat_plugin.c
-@@ -0,0 +1,183 @@
+@@ -0,0 +1,188 @@
+/*
-+ * Copyright 2011-2014 by the PaX Team <pageexec@freemail.hu>
++ * Copyright 2011-2015 by the PaX Team <pageexec@freemail.hu>
+ * Licensed under the GPL v2
+ *
+ * Note: the choice of the license means that the compilation process is
@@ -116835,6 +116979,7 @@ index 0000000..d81c094
+}
+
+#if BUILDING_GCC_VERSION >= 4009
++namespace {
+static const struct pass_data kallocstat_pass_data = {
+#else
+static struct gimple_opt_pass kallocstat_pass = {
@@ -116845,7 +116990,8 @@ index 0000000..d81c094
+#if BUILDING_GCC_VERSION >= 4008
+ .optinfo_flags = OPTGROUP_NONE,
+#endif
-+#if BUILDING_GCC_VERSION >= 4009
++#if BUILDING_GCC_VERSION >= 5000
++#elif BUILDING_GCC_VERSION == 4009
+ .has_gate = false,
+ .has_execute = true,
+#else
@@ -116867,11 +117013,14 @@ index 0000000..d81c094
+};
+
+#if BUILDING_GCC_VERSION >= 4009
-+namespace {
+class kallocstat_pass : public gimple_opt_pass {
+public:
+ kallocstat_pass() : gimple_opt_pass(kallocstat_pass_data, g) {}
++#if BUILDING_GCC_VERSION >= 5000
++ virtual unsigned int execute(function *) { return execute_kallocstat(); }
++#else
+ unsigned int execute() { return execute_kallocstat(); }
++#endif
+};
+}
+
@@ -116908,12 +117057,12 @@ index 0000000..d81c094
+}
diff --git a/tools/gcc/kernexec_plugin.c b/tools/gcc/kernexec_plugin.c
new file mode 100644
-index 0000000..89f256d
+index 0000000..71716e7
--- /dev/null
+++ b/tools/gcc/kernexec_plugin.c
-@@ -0,0 +1,522 @@
+@@ -0,0 +1,547 @@
+/*
-+ * Copyright 2011-2014 by the PaX Team <pageexec@freemail.hu>
++ * Copyright 2011-2015 by the PaX Team <pageexec@freemail.hu>
+ * Licensed under the GPL v2
+ *
+ * Note: the choice of the license means that the compilation process is
@@ -116946,7 +117095,7 @@ index 0000000..89f256d
+ */
+static void kernexec_reload_fptr_mask(gimple_stmt_iterator *gsi)
+{
-+ gimple asm_movabs_stmt;
++ gasm *asm_movabs_stmt;
+
+ // build asm volatile("movabs $0x8000000000000000, %%r12\n\t" : : : );
+ asm_movabs_stmt = gimple_build_asm_vec("movabs $0x8000000000000000, %%r12\n\t", NULL, NULL, NULL, NULL);
@@ -116968,14 +117117,17 @@ index 0000000..89f256d
+
+ for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) {
+ // gimple match: __asm__ ("" : : : "r12");
-+ gimple asm_stmt;
++ gimple stmt;
++ gasm *asm_stmt;
+ size_t nclobbers;
+
+ // is it an asm ...
-+ asm_stmt = gsi_stmt(gsi);
-+ if (gimple_code(asm_stmt) != GIMPLE_ASM)
++ stmt = gsi_stmt(gsi);
++ if (gimple_code(stmt) != GIMPLE_ASM)
+ continue;
+
++ asm_stmt = as_a_gasm(stmt);
++
+ // ... clobbering r12
+ nclobbers = gimple_asm_nclobbers(asm_stmt);
+ while (nclobbers--) {
@@ -116998,10 +117150,11 @@ index 0000000..89f256d
+ */
+static void kernexec_instrument_fptr_bts(gimple_stmt_iterator *gsi)
+{
-+ gimple assign_intptr, assign_new_fptr, call_stmt;
++ gimple assign_intptr, assign_new_fptr;
++ gcall *call_stmt;
+ tree intptr, orptr, old_fptr, new_fptr, kernexec_mask;
+
-+ call_stmt = gsi_stmt(*gsi);
++ call_stmt = as_a_gcall(gsi_stmt(*gsi));
+ old_fptr = gimple_call_fn(call_stmt);
+
+ // create temporary unsigned long variable used for bitops and cast fptr to it
@@ -117039,7 +117192,8 @@ index 0000000..89f256d
+
+static void kernexec_instrument_fptr_or(gimple_stmt_iterator *gsi)
+{
-+ gimple asm_or_stmt, call_stmt;
++ gasm *asm_or_stmt;
++ gcall *call_stmt;
+ tree old_fptr, new_fptr, input, output;
+#if BUILDING_GCC_VERSION <= 4007
+ VEC(tree, gc) *inputs = NULL;
@@ -117049,7 +117203,7 @@ index 0000000..89f256d
+ vec<tree, va_gc> *outputs = NULL;
+#endif
+
-+ call_stmt = gsi_stmt(*gsi);
++ call_stmt = as_a_gcall(gsi_stmt(*gsi));
+ old_fptr = gimple_call_fn(call_stmt);
+
+ // create temporary fptr variable
@@ -117094,12 +117248,14 @@ index 0000000..89f256d
+ for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) {
+ // gimple match: h_1 = get_fptr (); D.2709_3 = h_1 (x_2(D));
+ tree fn;
-+ gimple call_stmt;
++ gimple stmt;
++ gcall *call_stmt;
+
+ // is it a call ...
-+ call_stmt = gsi_stmt(gsi);
-+ if (!is_gimple_call(call_stmt))
++ stmt = gsi_stmt(gsi);
++ if (!is_gimple_call(stmt))
+ continue;
++ call_stmt = as_a_gcall(stmt);
+ fn = gimple_call_fn(call_stmt);
+ if (TREE_CODE(fn) == ADDR_EXPR)
+ continue;
@@ -117172,7 +117328,7 @@ index 0000000..89f256d
+ */
+static unsigned int execute_kernexec_retaddr(void)
+{
-+ rtx insn;
++ rtx_insn *insn;
+
+// if (stack_realign_drap)
+// inform(DECL_SOURCE_LOCATION(current_function_decl), "drap detected in %s\n", IDENTIFIER_POINTER(DECL_NAME(current_function_decl)));
@@ -117220,6 +117376,7 @@ index 0000000..89f256d
+}
+
+#if BUILDING_GCC_VERSION >= 4009
++namespace {
+static const struct pass_data kernexec_reload_pass_data = {
+#else
+static struct gimple_opt_pass kernexec_reload_pass = {
@@ -117230,7 +117387,8 @@ index 0000000..89f256d
+#if BUILDING_GCC_VERSION >= 4008
+ .optinfo_flags = OPTGROUP_NONE,
+#endif
-+#if BUILDING_GCC_VERSION >= 4009
++#if BUILDING_GCC_VERSION >= 5000
++#elif BUILDING_GCC_VERSION == 4009
+ .has_gate = true,
+ .has_execute = true,
+#else
@@ -117262,7 +117420,8 @@ index 0000000..89f256d
+#if BUILDING_GCC_VERSION >= 4008
+ .optinfo_flags = OPTGROUP_NONE,
+#endif
-+#if BUILDING_GCC_VERSION >= 4009
++#if BUILDING_GCC_VERSION >= 5000
++#elif BUILDING_GCC_VERSION == 4009
+ .has_gate = true,
+ .has_execute = true,
+#else
@@ -117294,7 +117453,8 @@ index 0000000..89f256d
+#if BUILDING_GCC_VERSION >= 4008
+ .optinfo_flags = OPTGROUP_NONE,
+#endif
-+#if BUILDING_GCC_VERSION >= 4009
++#if BUILDING_GCC_VERSION >= 5000
++#elif BUILDING_GCC_VERSION == 4009
+ .has_gate = true,
+ .has_execute = true,
+#else
@@ -117316,26 +117476,40 @@ index 0000000..89f256d
+};
+
+#if BUILDING_GCC_VERSION >= 4009
-+namespace {
+class kernexec_reload_pass : public gimple_opt_pass {
+public:
+ kernexec_reload_pass() : gimple_opt_pass(kernexec_reload_pass_data, g) {}
++#if BUILDING_GCC_VERSION >= 5000
++ virtual bool gate(function *) { return kernexec_cmodel_check(); }
++ virtual unsigned int execute(function *) { return execute_kernexec_reload(); }
++#else
+ bool gate() { return kernexec_cmodel_check(); }
+ unsigned int execute() { return execute_kernexec_reload(); }
++#endif
+};
+
+class kernexec_fptr_pass : public gimple_opt_pass {
+public:
+ kernexec_fptr_pass() : gimple_opt_pass(kernexec_fptr_pass_data, g) {}
++#if BUILDING_GCC_VERSION >= 5000
++ virtual bool gate(function *) { return kernexec_cmodel_check(); }
++ virtual unsigned int execute(function *) { return execute_kernexec_fptr(); }
++#else
+ bool gate() { return kernexec_cmodel_check(); }
+ unsigned int execute() { return execute_kernexec_fptr(); }
++#endif
+};
+
+class kernexec_retaddr_pass : public rtl_opt_pass {
+public:
+ kernexec_retaddr_pass() : rtl_opt_pass(kernexec_retaddr_pass_data, g) {}
++#if BUILDING_GCC_VERSION >= 5000
++ virtual bool gate(function *) { return kernexec_cmodel_check(); }
++ virtual unsigned int execute(function *) { return execute_kernexec_retaddr(); }
++#else
+ bool gate() { return kernexec_cmodel_check(); }
+ unsigned int execute() { return execute_kernexec_retaddr(); }
++#endif
+};
+}
+
@@ -117436,12 +117610,12 @@ index 0000000..89f256d
+}
diff --git a/tools/gcc/latent_entropy_plugin.c b/tools/gcc/latent_entropy_plugin.c
new file mode 100644
-index 0000000..2a39357
+index 0000000..d383708
--- /dev/null
+++ b/tools/gcc/latent_entropy_plugin.c
-@@ -0,0 +1,467 @@
+@@ -0,0 +1,473 @@
+/*
-+ * Copyright 2012-2014 by the PaX Team <pageexec@freemail.hu>
++ * Copyright 2012-2015 by the PaX Team <pageexec@freemail.hu>
+ * Licensed under the GPL v2
+ *
+ * Note: the choice of the license means that the compilation process is
@@ -117821,6 +117995,7 @@ index 0000000..2a39357
+}
+
+#if BUILDING_GCC_VERSION >= 4009
++namespace {
+static const struct pass_data latent_entropy_pass_data = {
+#else
+static struct gimple_opt_pass latent_entropy_pass = {
@@ -117831,7 +118006,8 @@ index 0000000..2a39357
+#if BUILDING_GCC_VERSION >= 4008
+ .optinfo_flags = OPTGROUP_NONE,
+#endif
-+#if BUILDING_GCC_VERSION >= 4009
++#if BUILDING_GCC_VERSION >= 5000
++#elif BUILDING_GCC_VERSION == 4009
+ .has_gate = true,
+ .has_execute = true,
+#else
@@ -117853,12 +118029,16 @@ index 0000000..2a39357
+};
+
+#if BUILDING_GCC_VERSION >= 4009
-+namespace {
+class latent_entropy_pass : public gimple_opt_pass {
+public:
+ latent_entropy_pass() : gimple_opt_pass(latent_entropy_pass_data, g) {}
++#if BUILDING_GCC_VERSION >= 5000
++ virtual bool gate(function *) { return gate_latent_entropy(); }
++ virtual unsigned int execute(function *) { return execute_latent_entropy(); }
++#else
+ bool gate() { return gate_latent_entropy(); }
+ unsigned int execute() { return execute_latent_entropy(); }
++#endif
+};
+}
+
@@ -117909,12 +118089,12 @@ index 0000000..2a39357
+}
diff --git a/tools/gcc/randomize_layout_plugin.c b/tools/gcc/randomize_layout_plugin.c
new file mode 100644
-index 0000000..a5cb46b
+index 0000000..e1983c0
--- /dev/null
+++ b/tools/gcc/randomize_layout_plugin.c
-@@ -0,0 +1,915 @@
+@@ -0,0 +1,917 @@
+/*
-+ * Copyright 2014 by Open Source Security, Inc., Brad Spengler <spender@grsecurity.net>
++ * Copyright 2014,2015 by Open Source Security, Inc., Brad Spengler <spender@grsecurity.net>
+ * and PaX Team <pageexec@freemail.hu>
+ * Licensed under the GPL v2
+ *
@@ -117929,7 +118109,8 @@ index 0000000..a5cb46b
+#include "gcc-common.h"
+#include "randomize_layout_seed.h"
+
-+#if BUILDING_GCC_MAJOR < 4 || BUILDING_GCC_MINOR < 6 || (BUILDING_GCC_MINOR == 6 && BUILDING_GCC_PATCHLEVEL < 4)
++#if BUILDING_GCC_MAJOR < 4 || (BUILDING_GCC_MAJOR == 4 && BUILDING_GCC_MINOR < 6) || \
++ (BUILDING_GCC_MAJOR == 4 && BUILDING_GCC_MINOR == 6 && BUILDING_GCC_PATCHLEVEL < 4)
+#error "The RANDSTRUCT plugin requires GCC 4.6.4 or newer."
+#endif
+
@@ -118729,7 +118910,8 @@ index 0000000..a5cb46b
+#if BUILDING_GCC_VERSION >= 4008
+ .optinfo_flags = OPTGROUP_NONE,
+#endif
-+#if BUILDING_GCC_VERSION >= 4009
++#if BUILDING_GCC_VERSION >= 5000
++#elif BUILDING_GCC_VERSION >= 4009
+ .has_gate = false,
+ .has_execute = true,
+#else
@@ -118789,8 +118971,8 @@ index 0000000..a5cb46b
+ return 1;
+ }
+
-+ if (strcmp(lang_hooks.name, "GNU C")) {
-+ inform(UNKNOWN_LOCATION, G_("%s supports C only"), plugin_name);
++ if (strncmp(lang_hooks.name, "GNU C", 5) && !strncmp(lang_hooks.name, "GNU C+", 6)) {
++ inform(UNKNOWN_LOCATION, G_("%s supports C only, not %s"), plugin_name, lang_hooks.name);
+ enable = false;
+ }
+
@@ -129043,12 +129225,12 @@ index 0000000..0888f6c
+
diff --git a/tools/gcc/stackleak_plugin.c b/tools/gcc/stackleak_plugin.c
new file mode 100644
-index 0000000..90125d6
+index 0000000..51dc09d
--- /dev/null
+++ b/tools/gcc/stackleak_plugin.c
-@@ -0,0 +1,396 @@
+@@ -0,0 +1,408 @@
+/*
-+ * Copyright 2011-2014 by the PaX Team <pageexec@freemail.hu>
++ * Copyright 2011-2015 by the PaX Team <pageexec@freemail.hu>
+ * Licensed under the GPL v2
+ *
+ * Note: the choice of the license means that the compilation process is
@@ -129175,7 +129357,7 @@ index 0000000..90125d6
+
+static unsigned int execute_stackleak_final(void)
+{
-+ rtx insn, next;
++ rtx_insn *insn, *next;
+
+ if (cfun->calls_alloca)
+ return 0;
@@ -129269,6 +129451,7 @@ index 0000000..90125d6
+}
+
+#if BUILDING_GCC_VERSION >= 4009
++namespace {
+static const struct pass_data stackleak_tree_instrument_pass_data = {
+#else
+static struct gimple_opt_pass stackleak_tree_instrument_pass = {
@@ -129279,7 +129462,8 @@ index 0000000..90125d6
+#if BUILDING_GCC_VERSION >= 4008
+ .optinfo_flags = OPTGROUP_NONE,
+#endif
-+#if BUILDING_GCC_VERSION >= 4009
++#if BUILDING_GCC_VERSION >= 5000
++#elif BUILDING_GCC_VERSION == 4009
+ .has_gate = true,
+ .has_execute = true,
+#else
@@ -129311,7 +129495,8 @@ index 0000000..90125d6
+#if BUILDING_GCC_VERSION >= 4008
+ .optinfo_flags = OPTGROUP_NONE,
+#endif
-+#if BUILDING_GCC_VERSION >= 4009
++#if BUILDING_GCC_VERSION >= 5000
++#elif BUILDING_GCC_VERSION == 4009
+ .has_gate = true,
+ .has_execute = true,
+#else
@@ -129333,19 +129518,28 @@ index 0000000..90125d6
+};
+
+#if BUILDING_GCC_VERSION >= 4009
-+namespace {
+class stackleak_tree_instrument_pass : public gimple_opt_pass {
+public:
+ stackleak_tree_instrument_pass() : gimple_opt_pass(stackleak_tree_instrument_pass_data, g) {}
++#if BUILDING_GCC_VERSION >= 5000
++ virtual bool gate(function *) { return gate_stackleak_track_stack(); }
++ virtual unsigned int execute(function *) { return execute_stackleak_tree_instrument(); }
++#else
+ bool gate() { return gate_stackleak_track_stack(); }
+ unsigned int execute() { return execute_stackleak_tree_instrument(); }
++#endif
+};
+
+class stackleak_final_rtl_opt_pass : public rtl_opt_pass {
+public:
+ stackleak_final_rtl_opt_pass() : rtl_opt_pass(stackleak_final_rtl_opt_pass_data, g) {}
++#if BUILDING_GCC_VERSION >= 5000
++ virtual bool gate(function *) { return gate_stackleak_track_stack(); }
++ virtual unsigned int execute(function *) { return execute_stackleak_final(); }
++#else
+ bool gate() { return gate_stackleak_track_stack(); }
+ unsigned int execute() { return execute_stackleak_final(); }
++#endif
+};
+}
+
@@ -129445,12 +129639,12 @@ index 0000000..90125d6
+}
diff --git a/tools/gcc/structleak_plugin.c b/tools/gcc/structleak_plugin.c
new file mode 100644
-index 0000000..4ee2231
+index 0000000..4436cbe
--- /dev/null
+++ b/tools/gcc/structleak_plugin.c
-@@ -0,0 +1,274 @@
+@@ -0,0 +1,287 @@
+/*
-+ * Copyright 2013-2014 by PaX Team <pageexec@freemail.hu>
++ * Copyright 2013-2015 by PaX Team <pageexec@freemail.hu>
+ * Licensed under the GPL v2
+ *
+ * Note: the choice of the license means that the compilation process is
@@ -129477,8 +129671,8 @@ index 0000000..4ee2231
+
+#include "gcc-common.h"
+
-+// unused C type flag in all versions 4.5-4.9
-+#define TYPE_USERSPACE(TYPE) TYPE_LANG_FLAG_3(TYPE)
++// unused C type flag in all versions 4.5-5.0
++#define TYPE_USERSPACE(TYPE) TYPE_LANG_FLAG_5(TYPE)
+
+int plugin_is_GPL_compatible;
+
@@ -129545,6 +129739,14 @@ index 0000000..4ee2231
+{
+ tree type = (tree)event_data;
+
++ if (type == NULL_TREE || type == error_mark_node)
++ return;
++
++#if BUILDING_GCC_VERSION >= 5000
++ if (TREE_CODE(type) == ENUMERAL_TYPE)
++ return;
++#endif
++
+ if (TYPE_USERSPACE(type))
+ return;
+
@@ -129631,6 +129833,7 @@ index 0000000..4ee2231
+}
+
+#if BUILDING_GCC_VERSION >= 4009
++namespace {
+static const struct pass_data structleak_pass_data = {
+#else
+static struct gimple_opt_pass structleak_pass = {
@@ -129641,7 +129844,8 @@ index 0000000..4ee2231
+#if BUILDING_GCC_VERSION >= 4008
+ .optinfo_flags = OPTGROUP_NONE,
+#endif
-+#if BUILDING_GCC_VERSION >= 4009
++#if BUILDING_GCC_VERSION >= 5000
++#elif BUILDING_GCC_VERSION == 4009
+ .has_gate = false,
+ .has_execute = true,
+#else
@@ -129663,11 +129867,14 @@ index 0000000..4ee2231
+};
+
+#if BUILDING_GCC_VERSION >= 4009
-+namespace {
+class structleak_pass : public gimple_opt_pass {
+public:
+ structleak_pass() : gimple_opt_pass(structleak_pass_data, g) {}
++#if BUILDING_GCC_VERSION >= 5000
++ virtual unsigned int execute(function *) { return handle_function(); }
++#else
+ unsigned int execute() { return handle_function(); }
++#endif
+};
+}
+
@@ -129701,7 +129908,7 @@ index 0000000..4ee2231
+ return 1;
+ }
+
-+ if (strcmp(lang_hooks.name, "GNU C")) {
++ if (strncmp(lang_hooks.name, "GNU C", 5) || !strncmp(lang_hooks.name, "GNU C+", 6)) {
+ inform(UNKNOWN_LOCATION, G_("%s supports C only"), plugin_name);
+ enable = false;
+ }
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2015-04-29 1:21 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-04-29 1:20 [gentoo-commits] proj/hardened-patchset:master commit in: 3.19.5/, 3.2.68/, 3.14.39/ Anthony G. Basile
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox