diff --git checkpolicy-2.5/Android.mk checkpolicy-2.5/Android.mk
index 98f5168..3b7ff8a 100644
--- checkpolicy-2.5/Android.mk
+++ checkpolicy-2.5/Android.mk
@@ -12,10 +12,6 @@ common_cflags := \
 	-Wall -Wshadow -O2 \
 	-pipe -fno-strict-aliasing \
 
-ifeq ($(HOST_OS),darwin)
-common_cflags += -DDARWIN
-endif
-
 common_includes := \
 	$(LOCAL_PATH)/ \
 	$(LOCAL_PATH)/../libsepol/include/ \
diff --git checkpolicy-2.5/ChangeLog checkpolicy-2.5/ChangeLog
index dfe4908..f2216ec 100644
--- checkpolicy-2.5/ChangeLog
+++ checkpolicy-2.5/ChangeLog
@@ -1,3 +1,11 @@
+	* Extend checkpolicy pathname matching, from Stephen Smalley.
+	* Fix typos in test/dispol, from Petr Lautrbach.
+	* Set flex as default lexer, from Julien Pivotto.
+	* Fix checkmodule output message, from Petr Lautrbach.
+	* Build policy on systems not supporting DCCP protocol, from Richard Haines.
+	* Fail if module name different than output base filename, from James Carter
+	* Add support for portcon dccp protocol, from Richard Haines
+
 2.5 2016-02-23
 	* Add neverallow support for ioctl extended permissions, from Jeff Vander Stoep.
 	* fix double free on name-based type transitions, from Stephen Smalley.
diff --git checkpolicy-2.5/Makefile checkpolicy-2.5/Makefile
index e5fae3d..53a3074 100644
--- checkpolicy-2.5/Makefile
+++ checkpolicy-2.5/Makefile
@@ -8,6 +8,7 @@ LIBDIR ?= $(PREFIX)/lib
 INCLUDEDIR ?= $(PREFIX)/include
 TARGETS = checkpolicy checkmodule
 
+LEX = flex
 YACC = bison -y
 
 CFLAGS ?= -g -Wall -Werror -Wshadow -O2 -pipe -fno-strict-aliasing
diff --git checkpolicy-2.5/checkmodule.c checkpolicy-2.5/checkmodule.c
index 5957d29..53cc5a0 100644
--- checkpolicy-2.5/checkmodule.c
+++ checkpolicy-2.5/checkmodule.c
@@ -19,6 +19,7 @@
 #include <stdio.h>
 #include <errno.h>
 #include <sys/mman.h>
+#include <libgen.h>
 
 #include <sepol/module_to_cil.h>
 #include <sepol/policydb/policydb.h>
@@ -258,6 +259,25 @@ int main(int argc, char **argv)
 		}
 	}
 
+	if (policy_type != POLICY_BASE && outfile) {
+		char *mod_name = modpolicydb.name;
+		char *out_path = strdup(outfile);
+		if (out_path == NULL) {
+			fprintf(stderr, "%s:  out of memory\n", argv[0]);
+			exit(1);
+		}
+		char *out_name = basename(out_path);
+		char *separator = strrchr(out_name, '.');
+		if (separator) {
+			*separator = '\0';
+		}
+		if (strcmp(mod_name, out_name) != 0) {
+			fprintf(stderr,	"%s:  Module name %s is different than the output base filename %s\n", argv[0], mod_name, out_name);
+			exit(1);
+		}
+		free(out_path);
+	}
+
 	if (modpolicydb.policy_type == POLICY_BASE && !cil) {
 		/* Verify that we can successfully expand the base module. */
 		policydb_t kernpolicydb;
@@ -294,7 +314,7 @@ int main(int argc, char **argv)
 
 		if (!cil) {
 			printf("%s:  writing binary representation (version %d) to %s\n",
-				   argv[0], policyvers, file);
+				   argv[0], policyvers, outfile);
 
 			if (write_binary_policy(&modpolicydb, outfp) != 0) {
 				fprintf(stderr, "%s:  error writing %s\n", argv[0], outfile);
diff --git checkpolicy-2.5/checkpolicy.c checkpolicy-2.5/checkpolicy.c
index 9da661e..2d68316 100644
--- checkpolicy-2.5/checkpolicy.c
+++ checkpolicy-2.5/checkpolicy.c
@@ -64,13 +64,16 @@
 #include <sys/stat.h>
 #include <sys/socket.h>
 #include <netinet/in.h>
+#ifndef IPPROTO_DCCP
+#define IPPROTO_DCCP 33
+#endif
 #include <arpa/inet.h>
 #include <fcntl.h>
 #include <stdio.h>
 #include <errno.h>
 #include <sys/mman.h>
 
-#ifdef DARWIN
+#ifdef __APPLE__
 #include <ctype.h>
 #endif
 
@@ -919,6 +922,8 @@ int main(int argc, char **argv)
 				protocol = IPPROTO_TCP;
 			else if (!strcmp(ans, "udp") || !strcmp(ans, "UDP"))
 				protocol = IPPROTO_UDP;
+			else if (!strcmp(ans, "dccp") || !strcmp(ans, "DCCP"))
+				protocol = IPPROTO_DCCP;
 			else {
 				printf("unknown protocol\n");
 				break;
diff --git checkpolicy-2.5/policy_define.c checkpolicy-2.5/policy_define.c
index ee20fea..100e517 100644
--- checkpolicy-2.5/policy_define.c
+++ checkpolicy-2.5/policy_define.c
@@ -36,6 +36,9 @@
 #include <string.h>
 #include <sys/socket.h>
 #include <netinet/in.h>
+#ifndef IPPROTO_DCCP
+#define IPPROTO_DCCP 33
+#endif
 #include <arpa/inet.h>
 #include <stdlib.h>
 #include <limits.h>
@@ -4876,6 +4879,8 @@ int define_port_context(unsigned int low, unsigned int high)
 		protocol = IPPROTO_TCP;
 	} else if ((strcmp(id, "udp") == 0) || (strcmp(id, "UDP") == 0)) {
 		protocol = IPPROTO_UDP;
+	} else if ((strcmp(id, "dccp") == 0) || (strcmp(id, "DCCP") == 0)) {
+		protocol = IPPROTO_DCCP;
 	} else {
 		yyerror2("unrecognized protocol %s", id);
 		free(newc);
@@ -5135,7 +5140,7 @@ int define_ipv6_node_context(void)
 
 	memset(newc, 0, sizeof(ocontext_t));
 
-#ifdef DARWIN
+#ifdef __APPLE__
 	memcpy(&newc->u.node6.addr[0], &addr.s6_addr[0], 16);
 	memcpy(&newc->u.node6.mask[0], &mask.s6_addr[0], 16);
 #else
diff --git checkpolicy-2.5/policy_scan.l checkpolicy-2.5/policy_scan.l
index 22da338..2f7f221 100644
--- checkpolicy-2.5/policy_scan.l
+++ checkpolicy-2.5/policy_scan.l
@@ -249,9 +249,9 @@ high |
 HIGH				{ return(HIGH); }
 low |
 LOW				{ return(LOW); }
-"/"({alnum}|[_\.\-/])*	        { return(PATH); }
-\""/"[ !#-~]*\" 		{ return(QPATH); }
-\"({alnum}|[_\.\-\+\~\: ])+\"	{ return(FILENAME); }
+"/"[^ \n\r\t\f]*	        { return(PATH); }
+\""/"[^\"\n]*\" 		{ return(QPATH); }
+\"[^"/"\"\n]+\"	{ return(FILENAME); }
 {letter}({alnum}|[_\-])*([\.]?({alnum}|[_\-]))*	{ return(IDENTIFIER); }
 {digit}+|0x{hexval}+            { return(NUMBER); }
 {alnum}*{letter}{alnum}*        { return(FILESYSTEM); }
diff --git checkpolicy-2.5/test/dispol.c checkpolicy-2.5/test/dispol.c
index 86f5688..a78ce81 100644
--- checkpolicy-2.5/test/dispol.c
+++ checkpolicy-2.5/test/dispol.c
@@ -252,11 +252,11 @@ int display_cond_expressions(policydb_t * p, FILE * fp)
 int display_handle_unknown(policydb_t * p, FILE * out_fp)
 {
 	if (p->handle_unknown == ALLOW_UNKNOWN)
-		fprintf(out_fp, "Allow unknown classes and permisions\n");
+		fprintf(out_fp, "Allow unknown classes and permissions\n");
 	else if (p->handle_unknown == DENY_UNKNOWN)
-		fprintf(out_fp, "Deny unknown classes and permisions\n");
+		fprintf(out_fp, "Deny unknown classes and permissions\n");
 	else if (p->handle_unknown == REJECT_UNKNOWN)
-		fprintf(out_fp, "Reject unknown classes and permisions\n");
+		fprintf(out_fp, "Reject unknown classes and permissions\n");
 	return 0;
 }
 
@@ -349,7 +349,7 @@ int menu(void)
 	printf("\nSelect a command:\n");
 	printf("1)  display unconditional AVTAB\n");
 	printf("2)  display conditional AVTAB (entirely)\n");
-	printf("3)  display conditional AVTAG (only ENABLED rules)\n");
+	printf("3)  display conditional AVTAB (only ENABLED rules)\n");
 	printf("4)  display conditional AVTAB (only DISABLED rules)\n");
 	printf("5)  display conditional bools\n");
 	printf("6)  display conditional expressions\n");