Merge branch 'master' of ssh://projects.parabolagnulinux.org:1863/srv/git/abslibre

10 files changed, 186 insertions, 382 deletions

diff --git a/libre/linux-libre-grsec/0007-x86-efi-Correct-EFI-boot-stub-use-of-code32_start.patch b/libre/linux-libre-grsec/0007-x86-efi-Correct-EFI-boot-stub-use-of-code32_start.patch
deleted file mode 100644
index 898ee1543..000000000
--- a/libre/linux-libre-grsec/0007-x86-efi-Correct-EFI-boot-stub-use-of-code32_start.patch
+++ /dev/null
@@ -1,110 +0,0 @@
-From 720a9dbf61c88bd57d6f8198ed8ccb2bd4a6abd8 Mon Sep 17 00:00:00 2001
-From: Matt Fleming <matt@console-pimps.org>
-Date: Wed, 9 Apr 2014 10:33:49 +0200
-Subject: [PATCH 07/10] x86/efi: Correct EFI boot stub use of code32_start
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-code32_start should point at the start of the protected mode code, and
-*not* at the beginning of the bzImage. This is much easier to do in
-assembly so document that callers of make_boot_params() need to fill out
-code32_start.
-
-The fallout from this bug is that we would end up relocating the image
-but copying the image at some offset, resulting in what appeared to be
-memory corruption.
-
-Reported-by: Thomas Bächler <thomas@archlinux.org>
-Signed-off-by: Matt Fleming <matt.fleming@intel.com>
----
- arch/x86/boot/compressed/eboot.c   |  5 +++--
- arch/x86/boot/compressed/head_32.S | 14 ++++++++------
- arch/x86/boot/compressed/head_64.S |  9 +++------
- 3 files changed, 14 insertions(+), 14 deletions(-)
-
-diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
-index a7677ba..78cbb2d 100644
---- a/arch/x86/boot/compressed/eboot.c
-+++ b/arch/x86/boot/compressed/eboot.c
-@@ -425,6 +425,9 @@ void setup_graphics(struct boot_params *boot_params)
-  * Because the x86 boot code expects to be passed a boot_params we
-  * need to create one ourselves (usually the bootloader would create
-  * one for us).
-+ *
-+ * The caller is responsible for filling out ->code32_start in the
-+ * returned boot_params.
-  */
- struct boot_params *make_boot_params(void *handle, efi_system_table_t *_table)
- {
-@@ -483,8 +486,6 @@ struct boot_params *make_boot_params(void *handle, efi_system_table_t *_table)
- 	hdr->vid_mode = 0xffff;
- 	hdr->boot_flag = 0xAA55;
- 
--	hdr->code32_start = (__u64)(unsigned long)image->image_base;
--
- 	hdr->type_of_loader = 0x21;
- 
- 	/* Convert unicode cmdline to ascii */
-diff --git a/arch/x86/boot/compressed/head_32.S b/arch/x86/boot/compressed/head_32.S
-index 9116aac..f45ab7a 100644
---- a/arch/x86/boot/compressed/head_32.S
-+++ b/arch/x86/boot/compressed/head_32.S
-@@ -50,6 +50,13 @@ ENTRY(efi_pe_entry)
- 	pushl	%eax
- 	pushl	%esi
- 	pushl	%ecx
-+
-+	call	reloc
-+reloc:
-+	popl	%ecx
-+	subl	reloc, %ecx
-+	movl	%ecx, BP_code32_start(%eax)
-+
- 	sub	$0x4, %esp
- 
- ENTRY(efi_stub_entry)
-@@ -63,12 +70,7 @@ ENTRY(efi_stub_entry)
- 	hlt
- 	jmp	1b
- 2:
--	call	3f
--3:
--	popl	%eax
--	subl	$3b, %eax
--	subl	BP_pref_address(%esi), %eax
--	add	BP_code32_start(%esi), %eax
-+	movl	BP_code32_start(%esi), %eax
- 	leal	preferred_addr(%eax), %eax
- 	jmp	*%eax
- 
-diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S
-index c5c1ae0..b10fa66 100644
---- a/arch/x86/boot/compressed/head_64.S
-+++ b/arch/x86/boot/compressed/head_64.S
-@@ -217,6 +217,8 @@ ENTRY(efi_pe_entry)
- 	cmpq	$0,%rax
- 	je	1f
- 	mov	%rax, %rdx
-+	leaq	startup_32(%rip), %rax
-+	movl	%eax, BP_code32_start(%rdx)
- 	popq	%rsi
- 	popq	%rdi
- 
-@@ -230,12 +232,7 @@ ENTRY(efi_stub_entry)
- 	hlt
- 	jmp	1b
- 2:
--	call	3f
--3:
--	popq	%rax
--	subq	$3b, %rax
--	subq	BP_pref_address(%rsi), %rax
--	add	BP_code32_start(%esi), %eax
-+	movl	BP_code32_start(%esi), %eax
- 	leaq	preferred_addr(%rax), %rax
- 	jmp	*%rax
- 
--- 
-1.9.2
-
diff --git a/libre/linux-libre-grsec/0008-futex-avoid-race-between-requeue-and-wake.patch b/libre/linux-libre-grsec/0008-futex-avoid-race-between-requeue-and-wake.patch
deleted file mode 100644
index 8685e1168..000000000
--- a/libre/linux-libre-grsec/0008-futex-avoid-race-between-requeue-and-wake.patch
+++ /dev/null
@@ -1,94 +0,0 @@
-From aafcd8f8692fb9e389608c1efad2e57c0bbb9362 Mon Sep 17 00:00:00 2001
-From: Linus Torvalds <torvalds@linux-foundation.org>
-Date: Tue, 8 Apr 2014 15:30:07 -0700
-Subject: [PATCH 08/10] futex: avoid race between requeue and wake
-
-commit 69cd9eba38867a493a043bb13eb9b33cad5f1a9a upstream.
-
-Jan Stancek reported:
- "pthread_cond_broadcast/4-1.c testcase from openposix testsuite (LTP)
-  occasionally fails, because some threads fail to wake up.
-
-  Testcase creates 5 threads, which are all waiting on same condition.
-  Main thread then calls pthread_cond_broadcast() without holding mutex,
-  which calls:
-
-      futex(uaddr1, FUTEX_CMP_REQUEUE_PRIVATE, 1, 2147483647, uaddr2, ..)
-
-  This immediately wakes up single thread A, which unlocks mutex and
-  tries to wake up another thread:
-
-      futex(uaddr2, FUTEX_WAKE_PRIVATE, 1)
-
-  If thread A manages to call futex_wake() before any waiters are
-  requeued for uaddr2, no other thread is woken up"
-
-The ordering constraints for the hash bucket waiter counting are that
-the waiter counts have to be incremented _before_ getting the spinlock
-(because the spinlock acts as part of the memory barrier), but the
-"requeue" operation didn't honor those rules, and nobody had even
-thought about that case.
-
-This fairly simple patch just increments the waiter count for the target
-hash bucket (hb2) when requeing a futex before taking the locks.  It
-then decrements them again after releasing the lock - the code that
-actually moves the futex(es) between hash buckets will do the additional
-required waiter count housekeeping.
-
-Reported-and-tested-by: Jan Stancek <jstancek@redhat.com>
-Acked-by: Davidlohr Bueso <davidlohr@hp.com>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Thomas Gleixner <tglx@linutronix.de>
-Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- kernel/futex.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/kernel/futex.c b/kernel/futex.c
-index 08ec814..16b1f2c 100644
---- a/kernel/futex.c
-+++ b/kernel/futex.c
-@@ -1450,6 +1450,7 @@ retry:
- 	hb2 = hash_futex(&key2);
- 
- retry_private:
-+	hb_waiters_inc(hb2);
- 	double_lock_hb(hb1, hb2);
- 
- 	if (likely(cmpval != NULL)) {
-@@ -1459,6 +1460,7 @@ retry_private:
- 
- 		if (unlikely(ret)) {
- 			double_unlock_hb(hb1, hb2);
-+			hb_waiters_dec(hb2);
- 
- 			ret = get_user(curval, uaddr1);
- 			if (ret)
-@@ -1508,6 +1510,7 @@ retry_private:
- 			break;
- 		case -EFAULT:
- 			double_unlock_hb(hb1, hb2);
-+			hb_waiters_dec(hb2);
- 			put_futex_key(&key2);
- 			put_futex_key(&key1);
- 			ret = fault_in_user_writeable(uaddr2);
-@@ -1517,6 +1520,7 @@ retry_private:
- 		case -EAGAIN:
- 			/* The owner was exiting, try again. */
- 			double_unlock_hb(hb1, hb2);
-+			hb_waiters_dec(hb2);
- 			put_futex_key(&key2);
- 			put_futex_key(&key1);
- 			cond_resched();
-@@ -1592,6 +1596,7 @@ retry_private:
- 
- out_unlock:
- 	double_unlock_hb(hb1, hb2);
-+	hb_waiters_dec(hb2);
- 
- 	/*
- 	 * drop_futex_key_refs() must be called outside the spinlocks. During
--- 
-1.9.2
-
diff --git a/libre/linux-libre-grsec/0009-iwlwifi-mvm-rs-fix-search-cycle-rules.patch b/libre/linux-libre-grsec/0009-iwlwifi-mvm-rs-fix-search-cycle-rules.patch
deleted file mode 100644
index 5acbf53dd..000000000
--- a/libre/linux-libre-grsec/0009-iwlwifi-mvm-rs-fix-search-cycle-rules.patch
+++ /dev/null
@@ -1,125 +0,0 @@
-From 06af061dd673d749d5516bea41e2becb034e00b8 Mon Sep 17 00:00:00 2001
-From: Eyal Shapira <eyal@wizery.com>
-Date: Sun, 16 Mar 2014 05:23:21 +0200
-Subject: [PATCH 09/10] iwlwifi: mvm: rs: fix search cycle rules
-
-commit 8930b05090acd321b1fc7c642528c697cb105c42 upstream.
-
-We should explore all possible columns when searching to be
-as resilient as possible to changing conditions. This fixes
-for example a scenario where even after a sudden creation of
-rssi difference between the 2 antennas we would keep doing MIMO
-at a low rate instead of switching to SISO at a higher rate using
-the better antenna which was the optimal configuration.
-
-Signed-off-by: Eyal Shapira <eyalx.shapira@intel.com>
-Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- drivers/net/wireless/iwlwifi/mvm/rs.c | 36 +++++++++++++++++------------------
- 1 file changed, 18 insertions(+), 18 deletions(-)
-
-diff --git a/drivers/net/wireless/iwlwifi/mvm/rs.c b/drivers/net/wireless/iwlwifi/mvm/rs.c
-index 6abf74e..5bc8715 100644
---- a/drivers/net/wireless/iwlwifi/mvm/rs.c
-+++ b/drivers/net/wireless/iwlwifi/mvm/rs.c
-@@ -211,9 +211,9 @@ static const struct rs_tx_column rs_tx_columns[] = {
- 		.next_columns = {
- 			RS_COLUMN_LEGACY_ANT_B,
- 			RS_COLUMN_SISO_ANT_A,
-+			RS_COLUMN_SISO_ANT_B,
- 			RS_COLUMN_MIMO2,
--			RS_COLUMN_INVALID,
--			RS_COLUMN_INVALID,
-+			RS_COLUMN_MIMO2_SGI,
- 		},
- 	},
- 	[RS_COLUMN_LEGACY_ANT_B] = {
-@@ -221,10 +221,10 @@ static const struct rs_tx_column rs_tx_columns[] = {
- 		.ant = ANT_B,
- 		.next_columns = {
- 			RS_COLUMN_LEGACY_ANT_A,
-+			RS_COLUMN_SISO_ANT_A,
- 			RS_COLUMN_SISO_ANT_B,
- 			RS_COLUMN_MIMO2,
--			RS_COLUMN_INVALID,
--			RS_COLUMN_INVALID,
-+			RS_COLUMN_MIMO2_SGI,
- 		},
- 	},
- 	[RS_COLUMN_SISO_ANT_A] = {
-@@ -234,8 +234,8 @@ static const struct rs_tx_column rs_tx_columns[] = {
- 			RS_COLUMN_SISO_ANT_B,
- 			RS_COLUMN_MIMO2,
- 			RS_COLUMN_SISO_ANT_A_SGI,
--			RS_COLUMN_INVALID,
--			RS_COLUMN_INVALID,
-+			RS_COLUMN_SISO_ANT_B_SGI,
-+			RS_COLUMN_MIMO2_SGI,
- 		},
- 		.checks = {
- 			rs_siso_allow,
-@@ -248,8 +248,8 @@ static const struct rs_tx_column rs_tx_columns[] = {
- 			RS_COLUMN_SISO_ANT_A,
- 			RS_COLUMN_MIMO2,
- 			RS_COLUMN_SISO_ANT_B_SGI,
--			RS_COLUMN_INVALID,
--			RS_COLUMN_INVALID,
-+			RS_COLUMN_SISO_ANT_A_SGI,
-+			RS_COLUMN_MIMO2_SGI,
- 		},
- 		.checks = {
- 			rs_siso_allow,
-@@ -263,8 +263,8 @@ static const struct rs_tx_column rs_tx_columns[] = {
- 			RS_COLUMN_SISO_ANT_B_SGI,
- 			RS_COLUMN_MIMO2_SGI,
- 			RS_COLUMN_SISO_ANT_A,
--			RS_COLUMN_INVALID,
--			RS_COLUMN_INVALID,
-+			RS_COLUMN_SISO_ANT_B,
-+			RS_COLUMN_MIMO2,
- 		},
- 		.checks = {
- 			rs_siso_allow,
-@@ -279,8 +279,8 @@ static const struct rs_tx_column rs_tx_columns[] = {
- 			RS_COLUMN_SISO_ANT_A_SGI,
- 			RS_COLUMN_MIMO2_SGI,
- 			RS_COLUMN_SISO_ANT_B,
--			RS_COLUMN_INVALID,
--			RS_COLUMN_INVALID,
-+			RS_COLUMN_SISO_ANT_A,
-+			RS_COLUMN_MIMO2,
- 		},
- 		.checks = {
- 			rs_siso_allow,
-@@ -292,10 +292,10 @@ static const struct rs_tx_column rs_tx_columns[] = {
- 		.ant = ANT_AB,
- 		.next_columns = {
- 			RS_COLUMN_SISO_ANT_A,
-+			RS_COLUMN_SISO_ANT_B,
-+			RS_COLUMN_SISO_ANT_A_SGI,
-+			RS_COLUMN_SISO_ANT_B_SGI,
- 			RS_COLUMN_MIMO2_SGI,
--			RS_COLUMN_INVALID,
--			RS_COLUMN_INVALID,
--			RS_COLUMN_INVALID,
- 		},
- 		.checks = {
- 			rs_mimo_allow,
-@@ -307,10 +307,10 @@ static const struct rs_tx_column rs_tx_columns[] = {
- 		.sgi = true,
- 		.next_columns = {
- 			RS_COLUMN_SISO_ANT_A_SGI,
-+			RS_COLUMN_SISO_ANT_B_SGI,
-+			RS_COLUMN_SISO_ANT_A,
-+			RS_COLUMN_SISO_ANT_B,
- 			RS_COLUMN_MIMO2,
--			RS_COLUMN_INVALID,
--			RS_COLUMN_INVALID,
--			RS_COLUMN_INVALID,
- 		},
- 		.checks = {
- 			rs_mimo_allow,
--- 
-1.9.2
-
diff --git a/libre/linux-libre-grsec/0011-kernfs-fix-removed-error-check.patch b/libre/linux-libre-grsec/0011-kernfs-fix-removed-error-check.patch
new file mode 100644
index 000000000..b597595c6
--- /dev/null
+++ b/libre/linux-libre-grsec/0011-kernfs-fix-removed-error-check.patch
@@ -0,0 +1,13 @@
+diff --git a/fs/kernfs/file.c b/fs/kernfs/file.c
+index 8034706..e01ea4a 100644
+--- a/fs/kernfs/file.c
++++ b/fs/kernfs/file.c
+@@ -484,6 +484,8 @@ static int kernfs_fop_mmap(struct file *file, struct vm_area_struct *vma)
+ 
+ 	ops = kernfs_ops(of->kn);
+ 	rc = ops->mmap(of, vma);
++	if (rc)
++		goto out_put;
+ 
+ 	/*
+ 	 * PowerPC's pci_mmap of legacy_mem uses shmem_zero_setup()
diff --git a/libre/linux-libre-grsec/0012-fix-saa7134.patch b/libre/linux-libre-grsec/0012-fix-saa7134.patch
new file mode 100644
index 000000000..070fbc8eb
--- /dev/null
+++ b/libre/linux-libre-grsec/0012-fix-saa7134.patch
@@ -0,0 +1,37 @@
+--- a/drivers/media/pci/saa7134/saa7134-video.c	
++++ a/drivers/media/pci/saa7134/saa7134-video.c	
+@@ -1243,6 +1243,7 @@ static int video_release(struct file *file)
+ 		videobuf_streamoff(&dev->cap);
+ 		res_free(dev, fh, RESOURCE_VIDEO);
+ 		videobuf_mmap_free(&dev->cap);
++		INIT_LIST_HEAD(&dev->cap.stream);
+ 	}
+ 	if (dev->cap.read_buf) {
+ 		buffer_release(&dev->cap, dev->cap.read_buf);
+@@ -1254,6 +1255,7 @@ static int video_release(struct file *file)
+ 		videobuf_stop(&dev->vbi);
+ 		res_free(dev, fh, RESOURCE_VBI);
+ 		videobuf_mmap_free(&dev->vbi);
++		INIT_LIST_HEAD(&dev->vbi.stream);
+ 	}
+ 
+ 	/* ts-capture will not work in planar mode, so turn it off Hac: 04.05*/
+@@ -1987,17 +1989,12 @@ int saa7134_streamoff(struct file *file, void *priv,
+ 					enum v4l2_buf_type type)
+ {
+ 	struct saa7134_dev *dev = video_drvdata(file);
+-	int err;
+ 	int res = saa7134_resource(file);
+ 
+ 	if (res != RESOURCE_EMPRESS)
+ 		pm_qos_remove_request(&dev->qos_request);
+ 
+-	err = videobuf_streamoff(saa7134_queue(file));
+-	if (err < 0)
+-		return err;
+-	res_free(dev, priv, res);
+-	return 0;
++	return videobuf_streamoff(saa7134_queue(file));
+ }
+ EXPORT_SYMBOL_GPL(saa7134_streamoff);
+
diff --git a/libre/linux-libre-grsec/0013-net-Start-with-correct-mac_len-in-skb_network_protocol.patch b/libre/linux-libre-grsec/0013-net-Start-with-correct-mac_len-in-skb_network_protocol.patch
new file mode 100644
index 000000000..2840f190c
--- /dev/null
+++ b/libre/linux-libre-grsec/0013-net-Start-with-correct-mac_len-in-skb_network_protocol.patch
@@ -0,0 +1,13 @@
+diff --git a/net/core/dev.c b/net/core/dev.c
+index 45fa2f1..6088927 100644
+--- a/net/core/dev.c
++++ b/net/core/dev.c
+@@ -2289,7 +2289,7 @@ EXPORT_SYMBOL(skb_checksum_help);
+ __be16 skb_network_protocol(struct sk_buff *skb, int *depth)
+ {
+ 	__be16 type = skb->protocol;
+-	int vlan_depth = ETH_HLEN;
++	int vlan_depth = skb->mac_len;
+ 
+ 	/* Tunnel gso handlers can set protocol to ethernet. */
+ 	if (type == htons(ETH_P_TEB)) {
diff --git a/libre/linux-libre-grsec/0015-fix-xsdt-validation.patch b/libre/linux-libre-grsec/0015-fix-xsdt-validation.patch
new file mode 100644
index 000000000..82dd2be25
--- /dev/null
+++ b/libre/linux-libre-grsec/0015-fix-xsdt-validation.patch
@@ -0,0 +1,42 @@
+@@ -, +, @@ 
+ acpi_tb_parse_root_table().
+  Commit: 671cc68dc61f029d44b43a681356078e02d8dab8
+  Subject: ACPICA: Back port and refine validation of the XSDT root table.
+---
+ drivers/acpi/acpica/tbutils.c |    6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+--- a/drivers/acpi/acpica/tbutils.c	
++++ a/drivers/acpi/acpica/tbutils.c	
+@@ -461,6 +461,7 @@ acpi_status __init acpi_tb_parse_root_table(acpi_physical_address rsdp_address)
+ 	u32 table_count;
+ 	struct acpi_table_header *table;
+ 	acpi_physical_address address;
++	acpi_physical_address rsdt_address;
+ 	u32 length;
+ 	u8 *table_entry;
+ 	acpi_status status;
+@@ -488,11 +489,13 @@ acpi_status __init acpi_tb_parse_root_table(acpi_physical_address rsdp_address)
+ 		 * as per the ACPI specification.
+ 		 */
+ 		address = (acpi_physical_address) rsdp->xsdt_physical_address;
++		rsdt_address = (acpi_physical_address) rsdp->rsdt_physical_address;
+ 		table_entry_size = ACPI_XSDT_ENTRY_SIZE;
+ 	} else {
+ 		/* Root table is an RSDT (32-bit physical addresses) */
+ 
+ 		address = (acpi_physical_address) rsdp->rsdt_physical_address;
++		rsdt_address = address;
+ 		table_entry_size = ACPI_RSDT_ENTRY_SIZE;
+ 	}
+ 
+@@ -515,8 +518,7 @@ acpi_status __init acpi_tb_parse_root_table(acpi_physical_address rsdp_address)
+ 
+ 			/* Fall back to the RSDT */
+ 
+-			address =
+-			    (acpi_physical_address) rsdp->rsdt_physical_address;
++			address = rsdt_address;
+ 			table_entry_size = ACPI_RSDT_ENTRY_SIZE;
+ 		}
+ 	}
+
diff --git a/libre/linux-libre-grsec/PKGBUILD b/libre/linux-libre-grsec/PKGBUILD
index 576441ea3..6f7e20edf 100644
--- a/libre/linux-libre-grsec/PKGBUILD
+++ b/libre/linux-libre-grsec/PKGBUILD
@@ -1,24 +1,24 @@
-# Maintainer: Daniel Micay <danielmicay@gmail.com>
-# Contributor: Tobias Powalowski <tpowa@archlinux.org>
-# Contributor: Thomas Baechler <thomas@archlinux.org>
-# Contributor: henning mueller <henning@orgizm.net>
-# Contributor: Thomas Dwyer http://tomd.tel
-# Maintainer (Parabola): André Silva <emulatorman@parabola.nu>
-# Contributor (Parabola): Nicolás Reynolds <fauno@kiwwwi.com.ar>
-# Contributor (Parabola): Sorin-Mihai Vârgolici <smv@yobicore.org>
-# Contributor (Parabola): Michał Masłowski <mtjm@mtjm.eu>
-# Contributor (Parabola): Márcio Silva <coadde@parabola.nu>
+# Maintainer (Arch): Daniel Micay <danielmicay@gmail.com>
+# Contributor (Arch): Tobias Powalowski <tpowa@archlinux.org>
+# Contributor (Arch): Thomas Baechler <thomas@archlinux.org>
+# Contributor (Arch): henning mueller <henning@orgizm.net>
+# Contributor (Arch): Thomas Dwyer http://tomd.tel
+# Maintainer: André Silva <emulatorman@parabola.nu>
+# Contributor: Nicolás Reynolds <fauno@kiwwwi.com.ar>
+# Contributor: Sorin-Mihai Vârgolici <smv@yobicore.org>
+# Contributor: Michał Masłowski <mtjm@mtjm.eu>
+# Contributor: Márcio Silva <coadde@parabola.nu>
 
 pkgbase=linux-libre-grsec   # Build stock -LIBRE-GRSEC kernel
 #pkgbase=linux-libre-custom # Build kernel with a different name
 _basekernel=3.14
-_sublevel=1
+_sublevel=4
 _grsecver=3.0
-_timestamp=201404201132
+_timestamp=201405141623
 _pkgver=${_basekernel}.${_sublevel}
 pkgver=${_basekernel}.${_sublevel}.${_timestamp}
 pkgrel=1
-_lxopkgver=${_basekernel}.0 # nearly always the same as pkgver
+_lxopkgver=${_basekernel}.4 # nearly always the same as pkgver
 arch=('i686' 'x86_64' 'mips64el')
 url="https://grsecurity.net/"
 license=('GPL2')
@@ -42,35 +42,41 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gn
         '0004-fs-Don-t-return-0-from-get_anon_bdev.patch'
         '0005-Revert-Bluetooth-Enable-autosuspend-for-Intel-Blueto.patch'
         '0006-genksyms-fix-typeof-handling.patch'
-        '0007-x86-efi-Correct-EFI-boot-stub-use-of-code32_start.patch'
         '0010-iwlwifi-mvm-delay-enabling-smart-FIFO-until-after-be.patch'
+        '0011-kernfs-fix-removed-error-check.patch'
+        '0012-fix-saa7134.patch'
+        '0013-net-Start-with-correct-mac_len-in-skb_network_protocol.patch'
+        '0015-fix-xsdt-validation.patch'
         'sysctl.conf'
         "http://www.linux-libre.fsfla.org/pub/linux-libre/lemote/gnewsense/pool/debuginfo/linux-patches-${_lxopkgver}-gnu_0loongsonlibre_mipsel.tar.xz")
-md5sums=('c108ec52eeb2a9b9ddbb8d12496ff25f'
-         '2b4862b3c76011e66e536f18fbf0fb27'
-         'db16c597af55a82da6fbe1059377c5cd'
-         'SKIP'
-         '51ead958a4bb74ca5f5702b97740719b'
-         '0822a5655cef86bb6f449692d8b3f3d2'
-         '5f66bed97a5c37e48eb2f71b2d354b9a'
-         '2967cecc3af9f954ccc822fd63dca6ff'
-         '8267264d9a8966e57fdacd1fa1fc65c4'
-         '14bb375a8a1d86d2875f72fcbaa03f3e'
-         '98beb36f9b8cf16e58de2483ea9985e3'
-         '6839ddec74a5300beff1709a81b0e4f3'
-         '706549e8a05f33f7fc697f28c0ca71d2'
-         'd23fc66be93ebce698bd7da844789de1'
-         'b240cc8ebb4b5d74e94b4c72d033f726'
-         'a89d593774ccb955eb8368d3bc87ce26'
-         '16a161979f846b049e90daea907c35dd'
-         '00727251b0d337a25d3ca392218afdf4'
-         '353b553d69da810ef954618aca60e1e2'
-         '7a052645280da78a98bfe8cf805ddab5'
-         '385f03abf27baa73731d27721eafd1c1')
+sha256sums=('477555c709b9407fe37dbd70d3331ff9dde1f9d874aba2741f138d07ae6f281b'
+            '01de5e15a2081197859e617c441de5cac9ddf60bed6fcf4dcff7a54e210e7815'
+            'e41e5dea54db4311655ccc68b371ac15dcc48f8767ca0a02150af70e831d2e4d'
+            'SKIP'
+            '0b6dbdf4d1677a39b9a0d55e8d7c66fe644fa77d769e3b673064181222b17467'
+            '8207a533f4fbad05ad26061f924957a7a92436d44a5dd7ca10e61d730c5e0ef9'
+            '9d2f34f1a8c514a7117b9b017a1f7312fb351f4d0b079eed102f89361534d486'
+            'c5451d5e1eafc4f8d28b1a2958ec3102c124433a414a86450fc32058e004156b'
+            '55bf07738a3286168a7929ae16dbca29defd14e77b9d24c487ae4c3d12bb9eb9'
+            'f913384dd6dbafca476fcf4ccd35f0f497dda5f3074866022facdb92647771f6'
+            'faced4eb4c47c4eb1a9ee8a5bf8a7c4b49d6b4d78efbe426e410730e6267d182'
+            '6d72e14552df59e6310f16c176806c408355951724cd5b48a47bf01591b8be02'
+            '52dec83a8805a8642d74d764494acda863e0aa23e3d249e80d4b457e20a3fd29'
+            '65d58f63215ee3c5f9c4fc6bce36fc5311a6c7dbdbe1ad29de40647b47ff9c0d'
+            '1e1ae0f31f722e80da083ecada1f1be57f9ddad133941820c4483b0240e494c1'
+            '3fffb01cf97a5a7ab9601cb277d2468c0fb1e1cceba4225915f3ffae3a5694ec'
+            'cf2e7a2d00787f754028e7459688c2755a406e632ce48b60952fa4ff7ed6f4b7'
+            'c0af4622f75c89fef62183e18b7d49998228d4eaa906c6accaf4aa4ff0134f85'
+            '04f44bf5c181d6dc31905937c1bdccb0f5aecaad3a579e99b302502b9cbe0f7a'
+            '79359454c9d8446eb55add2b1cdbf8332bd67dafb01fefb5b1ca090225f64d18'
+            'f2a5e22c1ba6e9b8a32a7bd4a5327ee95538aa10edcee3cd12578f8ff49bf6be'
+            '384dd13fd4248fd6809da8c6ae29ced55d4a5cacc33ac2ae7522093ec0fb26d4'
+            'a37823f0cdf3f318ec3f486f6e4035a7a8f887522d3a563d4dfe155f143ba24f'
+            '3cd53473e049a4809d9dde8ebef73307ce87076d707f3fd5c100844d4a9e8255')
 if [ "$CARCH" != "mips64el" ]; then
     # don't use the Loongson-specific patches on non-mips64el arches.
     unset source[${#source[@]}-1]
-    unset md5sums[${#md5sums[@]}-1]
+    unset sha256sums[${#sha256sums[@]}-1]
 fi
 
 _kernelname=${pkgbase#linux-libre}
@@ -118,15 +124,29 @@ prepare() {
   # http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dc53324060f324e8af6867f57bf4891c13c6ef18
   patch -p1 -i "${srcdir}/0006-genksyms-fix-typeof-handling.patch"
 
-  # Fix the use of code32_start in the EFI boot stub
-  # http://permalink.gmane.org/gmane.linux.kernel/1679881
-  # https://git.kernel.org/cgit/linux/kernel/git/mfleming/efi.git/commit/?h=urgent&id=7e8213c1f3acc064aef37813a39f13cbfe7c3ce7
-  patch -p1 -i "${srcdir}/0007-x86-efi-Correct-EFI-boot-stub-use-of-code32_start.patch"
-
   # https://git.kernel.org/cgit/linux/kernel/git/iwlwifi/iwlwifi-fixes.git/commit/?id=12f853a89e29f50b17698e17e73c328a35f1498d
   # FS#39815
   patch -p1 -i "${srcdir}/0010-iwlwifi-mvm-delay-enabling-smart-FIFO-until-after-be.patch"
 
+  # fix Xorg crash with i810 chipset due to wrong removed error check
+  # References: http://lkml.kernel.org/g/533D01BD.1010200@googlemail.com
+  patch -Np1 -i "${srcdir}/0011-kernfs-fix-removed-error-check.patch"
+
+  # fix saa7134 video
+  # https://bugs.archlinux.org/task/39904
+  # https://bugzilla.kernel.org/show_bug.cgi?id=73361
+  patch -Np1 -i "${srcdir}/0012-fix-saa7134.patch"
+
+  # fix tun/openvpn performance
+  # https://bugs.archlinux.org/task/40089
+  # https://bugzilla.kernel.org/show_bug.cgi?id=74051
+  patch -Np1 -i "${srcdir}/0013-net-Start-with-correct-mac_len-in-skb_network_protocol.patch"
+
+  # fix xsdt validation bug
+  # https://bugs.archlinux.org/task/39811
+  # https://bugzilla.kernel.org/show_bug.cgi?id=73911
+  patch -Np1 -i "${srcdir}/0015-fix-xsdt-validation.patch"
+
   if [ "$CARCH" == "mips64el" ]; then
     sed -i "s|^EXTRAVERSION.*|EXTRAVERSION =-libre-grsec|" Makefile
     sed -r "s|^( SUBLEVEL = ).*|\1$_sublevel|" \
@@ -155,7 +175,7 @@ prepare() {
   fi
 
   # set extraversion to pkgrel
-  sed -ri "s|^(EXTRAVERSION =).*|\1 -${pkgrel}|" Makefile
+  sed -ri "s|^(EXTRAVERSION =).*|\1 .${_timestamp}-${pkgrel}|" Makefile
 
   # don't run depmod on 'make install'. We'll do this ourselves in packaging
   sed -i '2iexit 0' scripts/depmod.sh
@@ -215,7 +235,7 @@ _package() {
   # get kernel version
   _kernver="$(make LOCALVERSION= kernelrelease)"
   _basekernel=${_kernver%%-*}
-  _basekernel=${_basekernel%.*}
+  _basekernel=${_basekernel%.*.*}
 
   mkdir -p "${pkgdir}"/{lib/modules,lib/firmware,boot}
   make LOCALVERSION= INSTALL_MOD_PATH="${pkgdir}" modules_install
@@ -272,6 +292,12 @@ _package() {
   # add vmlinux
   install -D -m644 vmlinux "${pkgdir}/usr/lib/modules/${_kernver}/build/vmlinux" 
 
+  # add grsecurity gcc plugins
+  mkdir -p "$pkgdir/usr/lib/modules/${_kernver}/build/tools/gcc"
+  cp -a tools/gcc/*.h "$pkgdir/usr/lib/modules/${_kernver}/build/tools/gcc/"
+  cp -a tools/gcc/Makefile "$pkgdir/usr/lib/modules/${_kernver}/build/tools/gcc/"
+  install -m644 tools/gcc/*.so "$pkgdir/usr/lib/modules/${_kernver}/build/tools/gcc/"
+
   # install sysctl configuration for grsecurity switches
   install -Dm600 "${srcdir}/sysctl.conf" "${pkgdir}/etc/sysctl.d/05-grsecurity.conf"
 }
diff --git a/libre/linux-libre-grsec/config.i686 b/libre/linux-libre-grsec/config.i686
index 76ef4273e..845032842 100644
--- a/libre/linux-libre-grsec/config.i686
+++ b/libre/linux-libre-grsec/config.i686
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 3.14.1-1 Kernel Configuration
+# Linux/x86 3.14.3-1 Kernel Configuration
 #
 # CONFIG_64BIT is not set
 CONFIG_X86_32=y
@@ -1487,7 +1487,8 @@ CONFIG_DMA_SHARED_BUFFER=y
 #
 # Bus devices
 #
-CONFIG_CONNECTOR=m
+CONFIG_CONNECTOR=y
+CONFIG_PROC_EVENTS=y
 CONFIG_MTD=m
 CONFIG_MTD_TESTS=m
 CONFIG_MTD_REDBOOT_PARTS=m
@@ -1663,7 +1664,7 @@ CONFIG_BLK_DEV_DAC960=m
 # CONFIG_BLK_DEV_UMEM is not set
 # CONFIG_BLK_DEV_COW_COMMON is not set
 CONFIG_BLK_DEV_LOOP=m
-CONFIG_BLK_DEV_LOOP_MIN_COUNT=8
+CONFIG_BLK_DEV_LOOP_MIN_COUNT=0
 CONFIG_BLK_DEV_CRYPTOLOOP=m
 CONFIG_BLK_DEV_DRBD=m
 # CONFIG_DRBD_FAULT_INJECTION is not set
@@ -6220,7 +6221,7 @@ CONFIG_DEBUG_MEMORY_INIT=y
 # CONFIG_DEBUG_PER_CPU_MAPS is not set
 # CONFIG_DEBUG_HIGHMEM is not set
 CONFIG_HAVE_DEBUG_STACKOVERFLOW=y
-# CONFIG_DEBUG_STACKOVERFLOW is not set
+CONFIG_DEBUG_STACKOVERFLOW=y
 CONFIG_HAVE_ARCH_KMEMCHECK=y
 # CONFIG_DEBUG_SHIRQ is not set
 
diff --git a/libre/linux-libre-grsec/config.x86_64 b/libre/linux-libre-grsec/config.x86_64
index 14c7909bc..e97911510 100644
--- a/libre/linux-libre-grsec/config.x86_64
+++ b/libre/linux-libre-grsec/config.x86_64
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 3.14.1-1 Kernel Configuration
+# Linux/x86 3.14.3-1 Kernel Configuration
 #
 CONFIG_64BIT=y
 CONFIG_X86_64=y
@@ -260,8 +260,8 @@ CONFIG_SECCOMP_FILTER=y
 CONFIG_HAVE_CC_STACKPROTECTOR=y
 CONFIG_CC_STACKPROTECTOR=y
 # CONFIG_CC_STACKPROTECTOR_NONE is not set
-CONFIG_CC_STACKPROTECTOR_REGULAR=y
-# CONFIG_CC_STACKPROTECTOR_STRONG is not set
+# CONFIG_CC_STACKPROTECTOR_REGULAR is not set
+CONFIG_CC_STACKPROTECTOR_STRONG=y
 CONFIG_HAVE_CONTEXT_TRACKING=y
 CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y
 CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y
@@ -1472,7 +1472,8 @@ CONFIG_DMA_SHARED_BUFFER=y
 #
 # Bus devices
 #
-CONFIG_CONNECTOR=m
+CONFIG_CONNECTOR=y
+CONFIG_PROC_EVENTS=y
 CONFIG_MTD=m
 CONFIG_MTD_TESTS=m
 CONFIG_MTD_REDBOOT_PARTS=m
@@ -1628,7 +1629,7 @@ CONFIG_BLK_DEV_DAC960=m
 # CONFIG_BLK_DEV_UMEM is not set
 # CONFIG_BLK_DEV_COW_COMMON is not set
 CONFIG_BLK_DEV_LOOP=m
-CONFIG_BLK_DEV_LOOP_MIN_COUNT=8
+CONFIG_BLK_DEV_LOOP_MIN_COUNT=0
 CONFIG_BLK_DEV_CRYPTOLOOP=m
 CONFIG_BLK_DEV_DRBD=m
 # CONFIG_DRBD_FAULT_INJECTION is not set
@@ -6001,7 +6002,7 @@ CONFIG_HAVE_DEBUG_KMEMLEAK=y
 CONFIG_DEBUG_MEMORY_INIT=y
 # CONFIG_DEBUG_PER_CPU_MAPS is not set
 CONFIG_HAVE_DEBUG_STACKOVERFLOW=y
-# CONFIG_DEBUG_STACKOVERFLOW is not set
+CONFIG_DEBUG_STACKOVERFLOW=y
 CONFIG_HAVE_ARCH_KMEMCHECK=y
 # CONFIG_DEBUG_SHIRQ is not set