diff --git a/README.md b/README.md index 95167725..ecd3c321 100644 --- a/README.md +++ b/README.md @@ -34,10 +34,11 @@ Wine. All those differences are also documented on the Included bug fixes and improvements ----------------------------------- -**Bug fixes and features included in the next upcoming release [4]:** +**Bug fixes and features included in the next upcoming release [5]:** * Add implementation for IDXGIOutput::GetDesc ([Wine Bug #32006](https://bugs.winehq.org/show_bug.cgi?id=32006)) * Do not check if object was signaled after user APC in server_select +* Fix the initialization of combined DACLs when the new DACL is empty ([Wine Bug #38423](https://bugs.winehq.org/show_bug.cgi?id=38423)) * Show windows version when collecting system info in winedbg * Use wrapper functions for syscalls to appease Chromium sandbox (32-bit) ([Wine Bug #39403](https://bugs.winehq.org/show_bug.cgi?id=39403)) diff --git a/debian/changelog b/debian/changelog index c6415a91..469820bd 100644 --- a/debian/changelog +++ b/debian/changelog @@ -7,6 +7,8 @@ wine-staging (1.7.53) UNRELEASED; urgency=low * Added patch to fix handling of wait interrupted by User APC. * Added patch to use wrapper functions for syscalls to appease Chromium sandbox (32-bit). + * Added patch to fix the initialization of combined DACLs when the new DACL is + empty. * Removed patch to mark RegOpenKeyExA, RegCloseKey and RegQueryValueExA as hotpatchable (accepted upstream). * Removed patch to mark BitBlt and StretchDIBits as hotpatchable (accepted diff --git a/patches/advapi32-SetSecurityInfo/0001-advapi32-Move-the-DACL-combining-code-into-a-separat.patch b/patches/advapi32-SetSecurityInfo/0001-advapi32-Move-the-DACL-combining-code-into-a-separat.patch new file mode 100644 index 00000000..4cb6d044 --- /dev/null +++ b/patches/advapi32-SetSecurityInfo/0001-advapi32-Move-the-DACL-combining-code-into-a-separat.patch @@ -0,0 +1,110 @@ +From 646388b696afda85dccc76678af6a8955bf0b627 Mon Sep 17 00:00:00 2001 +From: "Erich E. Hoover" +Date: Fri, 16 Oct 2015 16:03:00 -0600 +Subject: advapi32: Move the DACL combining code into a separate routine. + +--- + dlls/advapi32/security.c | 79 +++++++++++++++++++++++++++--------------------- + 1 file changed, 45 insertions(+), 34 deletions(-) + +diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c +index 00dafe8..dad8b22 100644 +--- a/dlls/advapi32/security.c ++++ b/dlls/advapi32/security.c +@@ -5805,6 +5805,48 @@ BOOL WINAPI FileEncryptionStatusA(LPCSTR lpFileName, LPDWORD lpStatus) + return TRUE; + } + ++static NTSTATUS combine_dacls(ACL *parent, ACL *child, ACL **result) ++{ ++ ACL *combined; ++ int i; ++ ++ /* initialize a combined DACL containing both inherited and new ACEs */ ++ combined = heap_alloc_zero(child->AclSize+parent->AclSize); ++ if (!combined) ++ return STATUS_NO_MEMORY; ++ ++ memcpy(combined, child, child->AclSize); ++ combined->AclSize = child->AclSize+parent->AclSize; ++ ++ /* copy the inherited ACEs */ ++ for (i=0; iAceCount; i++) ++ { ++ ACE_HEADER *ace; ++ ++ if (!GetAce(parent, i, (void*)&ace)) ++ continue; ++ if (!(ace->AceFlags & (OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE))) ++ continue; ++ if ((ace->AceFlags & (OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE)) != ++ (OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE)) ++ { ++ FIXME("unsupported flags: %x\n", ace->AceFlags); ++ continue; ++ } ++ ++ if (ace->AceFlags & NO_PROPAGATE_INHERIT_ACE) ++ ace->AceFlags &= ~(OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE|NO_PROPAGATE_INHERIT_ACE); ++ ace->AceFlags &= ~INHERIT_ONLY_ACE; ++ ace->AceFlags |= INHERITED_ACE; ++ ++ if (!AddAce(combined, ACL_REVISION, MAXDWORD, ace, ace->AceSize)) ++ WARN("error adding inherited ACE\n"); ++ } ++ ++ *result = combined; ++ return STATUS_SUCCESS; ++} ++ + /****************************************************************************** + * SetSecurityInfo [ADVAPI32.@] + */ +@@ -5904,41 +5946,10 @@ DWORD WINAPI SetSecurityInfo(HANDLE handle, SE_OBJECT_TYPE ObjectType, + + if (!err) + { +- int i; +- +- dacl = heap_alloc_zero(pDacl->AclSize+parent_dacl->AclSize); +- if (!dacl) +- { +- LocalFree(parent_sd); +- return ERROR_NOT_ENOUGH_MEMORY; +- } +- memcpy(dacl, pDacl, pDacl->AclSize); +- dacl->AclSize = pDacl->AclSize+parent_dacl->AclSize; +- +- for (i=0; iAceCount; i++) +- { +- ACE_HEADER *ace; +- +- if (!GetAce(parent_dacl, i, (void*)&ace)) +- continue; +- if (!(ace->AceFlags & (OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE))) +- continue; +- if ((ace->AceFlags & (OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE)) != +- (OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE)) +- { +- FIXME("unsupported flags: %x\n", ace->AceFlags); +- continue; +- } +- +- if (ace->AceFlags & NO_PROPAGATE_INHERIT_ACE) +- ace->AceFlags &= ~(OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE|NO_PROPAGATE_INHERIT_ACE); +- ace->AceFlags &= ~INHERIT_ONLY_ACE; +- ace->AceFlags |= INHERITED_ACE; +- +- if(!AddAce(dacl, ACL_REVISION, MAXDWORD, ace, ace->AceSize)) +- WARN("error adding inherited ACE\n"); +- } ++ status = combine_dacls(parent_dacl, pDacl, &dacl); + LocalFree(parent_sd); ++ if (status != STATUS_SUCCESS) ++ return RtlNtStatusToDosError(status); + } + } + else +-- +2.6.1 + diff --git a/patches/advapi32-SetSecurityInfo/0002-advapi32-Fix-the-initialization-of-combined-DACLs-wh.patch b/patches/advapi32-SetSecurityInfo/0002-advapi32-Fix-the-initialization-of-combined-DACLs-wh.patch new file mode 100644 index 00000000..c1828652 --- /dev/null +++ b/patches/advapi32-SetSecurityInfo/0002-advapi32-Fix-the-initialization-of-combined-DACLs-wh.patch @@ -0,0 +1,54 @@ +From d1accafbe8e52b6b2c84e9fe5d08303fc05858af Mon Sep 17 00:00:00 2001 +From: "Erich E. Hoover" +Date: Fri, 16 Oct 2015 13:58:38 -0600 +Subject: advapi32: Fix the initialization of combined DACLs when the new DACL + is empty. + +--- + dlls/advapi32/security.c | 23 +++++++++++++++++++++-- + 1 file changed, 21 insertions(+), 2 deletions(-) + +diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c +index dad8b22..11ae487 100644 +--- a/dlls/advapi32/security.c ++++ b/dlls/advapi32/security.c +@@ -5807,6 +5807,7 @@ BOOL WINAPI FileEncryptionStatusA(LPCSTR lpFileName, LPDWORD lpStatus) + + static NTSTATUS combine_dacls(ACL *parent, ACL *child, ACL **result) + { ++ NTSTATUS status; + ACL *combined; + int i; + +@@ -5815,8 +5816,26 @@ static NTSTATUS combine_dacls(ACL *parent, ACL *child, ACL **result) + if (!combined) + return STATUS_NO_MEMORY; + +- memcpy(combined, child, child->AclSize); +- combined->AclSize = child->AclSize+parent->AclSize; ++ status = RtlCreateAcl(combined, parent->AclSize+child->AclSize, ACL_REVISION); ++ if (status != STATUS_SUCCESS) ++ { ++ heap_free(combined); ++ return status; ++ } ++ ++ /* copy the new ACEs */ ++ for (i=0; iAceCount; i++) ++ { ++ ACE_HEADER *ace; ++ ++ if (!GetAce(child, i, (void*)&ace)) ++ { ++ WARN("error obtaining new ACE\n"); ++ continue; ++ } ++ if (!AddAce(combined, ACL_REVISION, MAXDWORD, ace, ace->AceSize)) ++ WARN("error adding new ACE\n"); ++ } + + /* copy the inherited ACEs */ + for (i=0; iAceCount; i++) +-- +2.6.1 + diff --git a/patches/advapi32-SetSecurityInfo/definition b/patches/advapi32-SetSecurityInfo/definition new file mode 100644 index 00000000..8eff9adf --- /dev/null +++ b/patches/advapi32-SetSecurityInfo/definition @@ -0,0 +1 @@ +Fixes: [38423] Fix the initialization of combined DACLs when the new DACL is empty diff --git a/patches/patchinstall.sh b/patches/patchinstall.sh index c130dc48..b41c204b 100755 --- a/patches/patchinstall.sh +++ b/patches/patchinstall.sh @@ -87,6 +87,7 @@ patch_enable_all () enable_Pipelight="$1" enable_Staging="$1" enable_advapi32_LsaLookupSids="$1" + enable_advapi32_SetSecurityInfo="$1" enable_amstream_GetMultiMediaStream="$1" enable_api_ms_win_crt_Stub_DLLs="$1" enable_authz_Stub_Functions="$1" @@ -349,6 +350,9 @@ patch_enable () advapi32-LsaLookupSids) enable_advapi32_LsaLookupSids="$2" ;; + advapi32-SetSecurityInfo) + enable_advapi32_SetSecurityInfo="$2" + ;; amstream-GetMultiMediaStream) enable_amstream_GetMultiMediaStream="$2" ;; @@ -2222,6 +2226,23 @@ if test "$enable_advapi32_LsaLookupSids" -eq 1; then ) >> "$patchlist" fi +# Patchset advapi32-SetSecurityInfo +# | +# | This patchset fixes the following Wine bugs: +# | * [#38423] Fix the initialization of combined DACLs when the new DACL is empty +# | +# | Modified files: +# | * dlls/advapi32/security.c +# | +if test "$enable_advapi32_SetSecurityInfo" -eq 1; then + patch_apply advapi32-SetSecurityInfo/0001-advapi32-Move-the-DACL-combining-code-into-a-separat.patch + patch_apply advapi32-SetSecurityInfo/0002-advapi32-Fix-the-initialization-of-combined-DACLs-wh.patch + ( + echo '+ { "Erich E. Hoover", "advapi32: Move the DACL combining code into a separate routine.", 1 },'; + echo '+ { "Erich E. Hoover", "advapi32: Fix the initialization of combined DACLs when the new DACL is empty.", 1 },'; + ) >> "$patchlist" +fi + # Patchset amstream-GetMultiMediaStream # | # | This patchset fixes the following Wine bugs: