diff --git a/debian/changelog b/debian/changelog index 0754286f..789600f9 100644 --- a/debian/changelog +++ b/debian/changelog @@ -30,6 +30,8 @@ wine-staging (1.7.50) UNRELEASED; urgency=low upstream). * Removed patch to ensure winhttp raw request headers are terminated with double \r\n (accepted upstream). + * Removed compatibility patchset for deprecated ACL string format. The format + was changed in version 1.7.25, released about one year ago. -- Sebastian Lackner Tue, 11 Aug 2015 06:12:14 +0200 wine-staging (1.7.49) unstable; urgency=low diff --git a/patches/patchinstall.sh b/patches/patchinstall.sh index ac448fca..03e04a19 100755 --- a/patches/patchinstall.sh +++ b/patches/patchinstall.sh @@ -204,7 +204,6 @@ patch_enable_all () enable_rpcrt4_Pipe_Transport="$1" enable_rpcrt4_Use_After_Free="$1" enable_secur32_ANSI_NTLM_Credentials="$1" - enable_server_ACL_Compat="$1" enable_server_Address_List_Change="$1" enable_server_ClipCursor="$1" enable_server_CreateProcess_ACLs="$1" @@ -701,9 +700,6 @@ patch_enable () secur32-ANSI_NTLM_Credentials) enable_secur32_ANSI_NTLM_Credentials="$2" ;; - server-ACL_Compat) - enable_server_ACL_Compat="$2" - ;; server-Address_List_Change) enable_server_Address_List_Change="$2" ;; @@ -1712,13 +1708,6 @@ if test "$enable_server_Pipe_ObjectName" -eq 1; then enable_kernel32_Named_Pipe=1 fi -if test "$enable_server_ACL_Compat" -eq 1; then - if test "$enable_server_Inherited_ACLs" -gt 1; then - abort "Patchset server-Inherited_ACLs disabled, but server-ACL_Compat depends on that." - fi - enable_server_Inherited_ACLs=1 -fi - if test "$enable_server_Inherited_ACLs" -eq 1; then if test "$enable_server_Stored_ACLs" -gt 1; then abort "Patchset server-Stored_ACLs disabled, but server-Inherited_ACLs depends on that." @@ -4368,6 +4357,54 @@ if test "$enable_secur32_ANSI_NTLM_Credentials" -eq 1; then ) >> "$patchlist" fi +# Patchset server-Address_List_Change +# | +# | This patchset fixes the following Wine bugs: +# | * [#38062] Support for non-blocking SIO_ADDRESS_LIST_CHANGE requests +# | +# | Modified files: +# | * server/sock.c +# | +if test "$enable_server_Address_List_Change" -eq 1; then + patch_apply server-Address_List_Change/0001-server-Return-STATUS_CANT_WAIT-WSAEWOULDBLOCK-for-no.patch + ( + echo '+ { "Erich E. Hoover", "server: Return STATUS_CANT_WAIT/WSAEWOULDBLOCK for non-overlapped SIO_ADDRESS_LIST_CHANGE requests on non-blocking sockets.", 1 },'; + ) >> "$patchlist" +fi + +# Patchset server-ClipCursor +# | +# | This patchset fixes the following Wine bugs: +# | * [#33479] Fix cursor clip regression / broken raw input in multiple games +# | * [#38087] Fix multithreading issues with fullscreen clipping +# | +# | Modified files: +# | * dlls/user32/message.c, dlls/winex11.drv/mouse.c, server/queue.c +# | +if test "$enable_server_ClipCursor" -eq 1; then + patch_apply server-ClipCursor/0001-server-Only-send-WM_WINE_CLIPCURSOR-for-forced-clip-.patch + patch_apply server-ClipCursor/0002-winex11-Forward-all-clipping-requests-to-the-right-t.patch + ( + echo '+ { "Sebastian Lackner", "server: Only send WM_WINE_CLIPCURSOR for forced clip resets.", 1 },'; + echo '+ { "Sebastian Lackner", "winex11: Forward all clipping requests to the right thread (including fullscreen clipping).", 1 },'; + ) >> "$patchlist" +fi + +# Patchset server-Delete_On_Close +# | +# | This patchset fixes the following Wine bugs: +# | * [#38417] Fix handling of opening read-only files for FILE_DELETE_ON_CLOSE +# | +# | Modified files: +# | * dlls/kernel32/file.c, dlls/kernel32/tests/file.c, server/fd.c +# | +if test "$enable_server_Delete_On_Close" -eq 1; then + patch_apply server-Delete_On_Close/0001-server-Fix-handling-of-opening-read-only-files-with-.patch + ( + echo '+ { "Sebastian Lackner", "server: Fix handling of opening read-only files with FILE_DELETE_ON_CLOSE.", 1 },'; + ) >> "$patchlist" +fi + # Patchset server-RootDirectory_File # | # | This patchset has the following dependencies: @@ -4429,69 +4466,6 @@ if test "$enable_server_Inherited_ACLs" -eq 1; then ) >> "$patchlist" fi -# Patchset server-ACL_Compat -# | -# | This patchset has the following dependencies: -# | * server-Inherited_ACLs -# | -# | Modified files: -# | * server/file.c -# | -if test "$enable_server_ACL_Compat" -eq 1; then - patch_apply server-ACL_Compat/0001-server-Add-compatibility-code-for-handling-the-old-m.patch - ( - echo '+ { "Erich E. Hoover", "server: Add compatibility code for handling the old method of storing ACLs.", 6 },'; - ) >> "$patchlist" -fi - -# Patchset server-Address_List_Change -# | -# | This patchset fixes the following Wine bugs: -# | * [#38062] Support for non-blocking SIO_ADDRESS_LIST_CHANGE requests -# | -# | Modified files: -# | * server/sock.c -# | -if test "$enable_server_Address_List_Change" -eq 1; then - patch_apply server-Address_List_Change/0001-server-Return-STATUS_CANT_WAIT-WSAEWOULDBLOCK-for-no.patch - ( - echo '+ { "Erich E. Hoover", "server: Return STATUS_CANT_WAIT/WSAEWOULDBLOCK for non-overlapped SIO_ADDRESS_LIST_CHANGE requests on non-blocking sockets.", 1 },'; - ) >> "$patchlist" -fi - -# Patchset server-ClipCursor -# | -# | This patchset fixes the following Wine bugs: -# | * [#33479] Fix cursor clip regression / broken raw input in multiple games -# | * [#38087] Fix multithreading issues with fullscreen clipping -# | -# | Modified files: -# | * dlls/user32/message.c, dlls/winex11.drv/mouse.c, server/queue.c -# | -if test "$enable_server_ClipCursor" -eq 1; then - patch_apply server-ClipCursor/0001-server-Only-send-WM_WINE_CLIPCURSOR-for-forced-clip-.patch - patch_apply server-ClipCursor/0002-winex11-Forward-all-clipping-requests-to-the-right-t.patch - ( - echo '+ { "Sebastian Lackner", "server: Only send WM_WINE_CLIPCURSOR for forced clip resets.", 1 },'; - echo '+ { "Sebastian Lackner", "winex11: Forward all clipping requests to the right thread (including fullscreen clipping).", 1 },'; - ) >> "$patchlist" -fi - -# Patchset server-Delete_On_Close -# | -# | This patchset fixes the following Wine bugs: -# | * [#38417] Fix handling of opening read-only files for FILE_DELETE_ON_CLOSE -# | -# | Modified files: -# | * dlls/kernel32/file.c, dlls/kernel32/tests/file.c, server/fd.c -# | -if test "$enable_server_Delete_On_Close" -eq 1; then - patch_apply server-Delete_On_Close/0001-server-Fix-handling-of-opening-read-only-files-with-.patch - ( - echo '+ { "Sebastian Lackner", "server: Fix handling of opening read-only files with FILE_DELETE_ON_CLOSE.", 1 },'; - ) >> "$patchlist" -fi - # Patchset server-Key_State # | # | This patchset fixes the following Wine bugs: diff --git a/patches/server-ACL_Compat/0001-server-Add-compatibility-code-for-handling-the-old-m.patch b/patches/server-ACL_Compat/0001-server-Add-compatibility-code-for-handling-the-old-m.patch deleted file mode 100644 index 120bedd1..00000000 --- a/patches/server-ACL_Compat/0001-server-Add-compatibility-code-for-handling-the-old-m.patch +++ /dev/null @@ -1,230 +0,0 @@ -From ded8679bb992d9d82bdeeb5a78b38100586906a0 Mon Sep 17 00:00:00 2001 -From: "Erich E. Hoover" -Date: Fri, 18 Apr 2014 15:21:00 -0600 -Subject: server: Add compatibility code for handling the old method of storing - ACLs. (try 6) - ---- - server/file.c | 170 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++-- - 1 file changed, 167 insertions(+), 3 deletions(-) - -diff --git a/server/file.c b/server/file.c -index 6fbb71c..3b56a9b 100644 ---- a/server/file.c -+++ b/server/file.c -@@ -72,6 +72,7 @@ struct file - - static unsigned int generic_file_map_access( unsigned int access ); - static struct security_descriptor *get_xattr_sd( int fd ); -+static struct security_descriptor *get_xattr_acls( int fd, const SID *user, const SID *group ); - - static void file_dump( struct object *obj, int verbose ); - static struct object_type *file_get_type( struct object *obj ); -@@ -313,6 +314,7 @@ static struct security_descriptor *file_get_parent_sd( struct fd *root, const ch - mode_t parent_mode = 0555; - char *p, *parent_name; - struct fd *parent_fd; -+ struct stat st; - int unix_fd; - - if (!(parent_name = mem_alloc( child_len + 1 ))) return NULL; -@@ -345,6 +347,9 @@ static struct security_descriptor *file_get_parent_sd( struct fd *root, const ch - if (unix_fd != -1) - { - parent_sd = get_xattr_sd( unix_fd ); -+ if (!parent_sd && fstat( unix_fd, &st ) != -1) -+ parent_sd = get_xattr_acls( unix_fd, security_unix_uid_to_sid( st.st_uid ), -+ token_get_primary_group( current->process->token ) ); - if (parent_sd) - { - sd = inherit_sd( parent_sd, is_dir ); -@@ -636,6 +641,163 @@ static void convert_generic_sd( struct security_descriptor *sd ) - } - } - -+static struct security_descriptor *get_xattr_acls( int fd, const SID *user, const SID *group ) -+{ -+ int dacl_size = sizeof(ACL), n; -+ int offset, type, flags, mask, rev, ia, sa; -+ char buffer[XATTR_SIZE_MAX + 1], *p, *ptr; -+ struct security_descriptor *sd; -+ ACL *dacl; -+ -+ n = xattr_fget( fd, XATTR_USER_PREFIX "wine.acl", buffer, sizeof(buffer) - 1 ); -+ if (n == -1) return NULL; -+ buffer[n] = 0; /* ensure NULL terminated buffer for string functions */ -+ -+ p = buffer; -+ do -+ { -+ int sub_authority_count = 0; -+ -+ if (sscanf(p, "%x,%x,%x,S-%u-%d%n", &type, &flags, &mask, &rev, &ia, &offset) != 5) -+ return NULL; -+ p += offset; -+ -+ while (sscanf(p, "-%u%n", &sa, &offset) == 1) -+ { -+ p += offset; -+ sub_authority_count++; -+ } -+ -+ if (*p == ';') p++; -+ else if (*p) return NULL; -+ -+ /* verify that the SubAuthorityCount does not exceed the maximum permitted value */ -+ if (sub_authority_count > SID_MAX_SUB_AUTHORITIES) -+ continue; -+ -+ switch (type) -+ { -+ case ACCESS_DENIED_ACE_TYPE: -+ dacl_size += FIELD_OFFSET(ACCESS_DENIED_ACE, SidStart) + -+ FIELD_OFFSET(SID, SubAuthority[sub_authority_count]); -+ break; -+ case ACCESS_ALLOWED_ACE_TYPE: -+ dacl_size += FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart) + -+ FIELD_OFFSET(SID, SubAuthority[sub_authority_count]); -+ break; -+ default: -+ continue; -+ } -+ } -+ while (*p); -+ -+ n = sizeof(struct security_descriptor) + -+ FIELD_OFFSET(SID, SubAuthority[user->SubAuthorityCount]) + -+ FIELD_OFFSET(SID, SubAuthority[group->SubAuthorityCount]) + -+ dacl_size; -+ -+ sd = mem_alloc( n ); -+ if (!sd) return NULL; -+ -+ sd->control = SE_DACL_PRESENT; -+ sd->owner_len = FIELD_OFFSET(SID, SubAuthority[user->SubAuthorityCount]); -+ sd->group_len = FIELD_OFFSET(SID, SubAuthority[group->SubAuthorityCount]); -+ sd->sacl_len = 0; -+ sd->dacl_len = dacl_size; -+ -+ ptr = (char *)(sd + 1); -+ memcpy( ptr, user, sd->owner_len ); -+ ptr += sd->owner_len; -+ memcpy( ptr, group, sd->group_len ); -+ ptr += sd->group_len; -+ -+ dacl = (ACL *)ptr; -+ dacl->AclRevision = ACL_REVISION; -+ dacl->Sbz1 = 0; -+ dacl->AclSize = dacl_size; -+ dacl->AceCount = 0; -+ dacl->Sbz2 = 0; -+ -+ ptr = (char *)(dacl + 1); -+ p = buffer; -+ do -+ { -+ char sid_buffer[sizeof(SID) + sizeof(ULONG) * SID_MAX_SUB_AUTHORITIES]; -+ SID *sid = (SID *)sid_buffer; -+ int sub_authority_count = 0; -+ -+ if (sscanf(p, "%x,%x,%x,S-%u-%d%n", &type, &flags, &mask, &rev, &ia, &offset) != 5) -+ goto err; -+ p += offset; -+ -+ while (sscanf(p, "-%u%n", &sa, &offset) == 1) -+ { -+ p += offset; -+ if (sub_authority_count < SID_MAX_SUB_AUTHORITIES) -+ sid->SubAuthority[sub_authority_count] = sa; -+ sub_authority_count++; -+ } -+ -+ if (*p == ';') p++; -+ else if (*p) goto err; -+ -+ if (sub_authority_count > SID_MAX_SUB_AUTHORITIES) -+ continue; -+ -+ sid->Revision = rev; -+ sid->IdentifierAuthority.Value[0] = 0; -+ sid->IdentifierAuthority.Value[1] = 0; -+ sid->IdentifierAuthority.Value[2] = HIBYTE(HIWORD(ia)); -+ sid->IdentifierAuthority.Value[3] = LOBYTE(HIWORD(ia)); -+ sid->IdentifierAuthority.Value[4] = HIBYTE(LOWORD(ia)); -+ sid->IdentifierAuthority.Value[5] = LOBYTE(LOWORD(ia)); -+ sid->SubAuthorityCount = sub_authority_count; -+ -+ /* Handle the specific ACE */ -+ switch (type) -+ { -+ case ACCESS_DENIED_ACE_TYPE: -+ { -+ ACCESS_DENIED_ACE *ada = (ACCESS_DENIED_ACE *)ptr; -+ ada->Header.AceType = type; -+ ada->Header.AceFlags = flags; -+ ada->Header.AceSize = FIELD_OFFSET(ACCESS_DENIED_ACE, SidStart) + -+ FIELD_OFFSET(SID, SubAuthority[sid->SubAuthorityCount]); -+ ada->Mask = mask; -+ memcpy( &ada->SidStart, sid, FIELD_OFFSET(SID, SubAuthority[sid->SubAuthorityCount]) ); -+ } -+ break; -+ case ACCESS_ALLOWED_ACE_TYPE: -+ { -+ ACCESS_ALLOWED_ACE *aaa = (ACCESS_ALLOWED_ACE *)ptr; -+ aaa->Header.AceType = type; -+ aaa->Header.AceFlags = flags; -+ aaa->Header.AceSize = FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart) + -+ FIELD_OFFSET(SID, SubAuthority[sid->SubAuthorityCount]); -+ aaa->Mask = mask; -+ memcpy( &aaa->SidStart, sid, FIELD_OFFSET(SID, SubAuthority[sid->SubAuthorityCount]) ); -+ } -+ break; -+ default: -+ continue; -+ } -+ -+ ptr = (char *)ace_next( (ACE_HEADER *)ptr ); -+ dacl->AceCount++; -+ } -+ while (*p); -+ -+ if (sd_is_valid( sd, n )) -+ { -+ convert_generic_sd( sd ); -+ return sd; -+ } -+ -+err: -+ free( sd ); -+ return NULL; -+} -+ - static struct security_descriptor *get_xattr_sd( int fd ) - { - struct security_descriptor *sd; -@@ -665,6 +827,7 @@ struct security_descriptor *get_file_sd( struct object *obj, struct fd *fd, mode - int unix_fd = get_unix_fd( fd ); - struct stat st; - struct security_descriptor *sd; -+ const SID *user, *group; - - if (unix_fd == -1 || fstat( unix_fd, &st ) == -1) - return obj->sd; -@@ -674,10 +837,11 @@ struct security_descriptor *get_file_sd( struct object *obj, struct fd *fd, mode - (st.st_uid == *uid)) - return obj->sd; - -+ user = security_unix_uid_to_sid( st.st_uid ); -+ group = token_get_primary_group( current->process->token ); - sd = get_xattr_sd( unix_fd ); -- if (!sd) sd = mode_to_sd( st.st_mode, -- security_unix_uid_to_sid( st.st_uid ), -- token_get_primary_group( current->process->token )); -+ if (!sd) sd = get_xattr_acls( unix_fd, user, group ); -+ if (!sd) sd = mode_to_sd( st.st_mode, user, group ); - if (!sd) return obj->sd; - - *mode = st.st_mode; --- -2.4.2 - diff --git a/patches/server-ACL_Compat/definition b/patches/server-ACL_Compat/definition deleted file mode 100644 index 4da8a1bd..00000000 --- a/patches/server-ACL_Compat/definition +++ /dev/null @@ -1 +0,0 @@ -Depends: server-Inherited_ACLs