From 83a65ef99bdcd14efab57b35688650a781f599ac Mon Sep 17 00:00:00 2001 From: Sebastian Lackner Date: Tue, 20 Jun 2017 13:55:21 +0200 Subject: [PATCH] Rebase against abaddc871842ba4ec0156f4bfed9939b44052ee4. --- ...ze-containers-list-in-GdipCloneImage.patch | 24 -- ...dd-basic-tests-for-BuildSecurityDesc.patch | 16 +- .../definition | 2 +- ...Implement-GetExplicitEntriesFromAclW.patch | 16 +- patches/patchinstall.sh | 323 +++++++----------- ...vapi32-tests-Add-back-a-dropped-test.patch | 29 -- ...how-that-tokens-do-not-inherit-secur.patch | 78 ----- ...how-that-tokens-do-not-inherit-dacls.patch | 190 ----------- ...how-that-tokens-do-not-inherit-sacls.patch | 106 ------ ...n-a-default-label-high-to-all-tokens.patch | 196 ----------- .../definition | 4 - ...lt-security-descriptor-ownership-for.patch | 26 +- ...d-support-for-32bppCMYK-and-64bppCMY.patch | 10 +- .../wined3d-CSMT_Main/9999-IfDefined.patch | 6 +- ...LL-pointer-dereference-when-using-GD.patch | 48 --- ...eate-CPU-blitter-also-for-GDI-render.patch | 44 --- ...ry-leaks-in-blitter_destroy-callback.patch | 44 --- ...frontbuffer-update-in-surface_cpu_bl.patch | 84 ----- patches/wined3d-GDI_Rendering/definition | 1 - ...eck-input-format-in-MPEG3_StreamOpen.patch | 12 +- 20 files changed, 171 insertions(+), 1088 deletions(-) delete mode 100644 patches/Compiler_Warnings/0011-gdiplus-Initialize-containers-list-in-GdipCloneImage.patch delete mode 100644 patches/server-LABEL_SECURITY_INFORMATION/0001-advapi32-tests-Add-back-a-dropped-test.patch delete mode 100644 patches/server-LABEL_SECURITY_INFORMATION/0006-advapi32-tests-Show-that-tokens-do-not-inherit-secur.patch delete mode 100644 patches/server-LABEL_SECURITY_INFORMATION/0007-advapi32-tests-Show-that-tokens-do-not-inherit-dacls.patch delete mode 100644 patches/server-LABEL_SECURITY_INFORMATION/0008-advapi32-tests-Show-that-tokens-do-not-inherit-sacls.patch delete mode 100644 patches/server-LABEL_SECURITY_INFORMATION/0009-server-Assign-a-default-label-high-to-all-tokens.patch delete mode 100644 patches/server-LABEL_SECURITY_INFORMATION/definition delete mode 100644 patches/wined3d-GDI_Rendering/0001-wined3d-Avoid-NULL-pointer-dereference-when-using-GD.patch delete mode 100644 patches/wined3d-GDI_Rendering/0002-wined3d-Create-CPU-blitter-also-for-GDI-render.patch delete mode 100644 patches/wined3d-GDI_Rendering/0003-wined3d-Fix-memory-leaks-in-blitter_destroy-callback.patch delete mode 100644 patches/wined3d-GDI_Rendering/0004-wined3d-Trigger-frontbuffer-update-in-surface_cpu_bl.patch delete mode 100644 patches/wined3d-GDI_Rendering/definition diff --git a/patches/Compiler_Warnings/0011-gdiplus-Initialize-containers-list-in-GdipCloneImage.patch b/patches/Compiler_Warnings/0011-gdiplus-Initialize-containers-list-in-GdipCloneImage.patch deleted file mode 100644 index d8e1ed0c..00000000 --- a/patches/Compiler_Warnings/0011-gdiplus-Initialize-containers-list-in-GdipCloneImage.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 380543910f8912374a13b9773738e018bd638341 Mon Sep 17 00:00:00 2001 -From: Sebastian Lackner -Date: Sun, 11 Jun 2017 02:42:47 +0200 -Subject: gdiplus: Initialize containers list in GdipCloneImage. - ---- - dlls/gdiplus/image.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/dlls/gdiplus/image.c b/dlls/gdiplus/image.c -index ce2194317ff..b28606e916c 100644 ---- a/dlls/gdiplus/image.c -+++ b/dlls/gdiplus/image.c -@@ -1339,6 +1339,7 @@ GpStatus WINGDIPAPI GdipCloneImage(GpImage *image, GpImage **cloneImage) - result->unit = metafile->unit; - result->metafile_type = metafile->metafile_type; - result->hemf = CopyEnhMetaFileW(metafile->hemf, NULL); -+ list_init(&result->containers); - - if (!result->hemf) - { --- -2.13.1 - diff --git a/patches/advapi32-BuildSecurityDescriptor/0002-advapi32-tests-Add-basic-tests-for-BuildSecurityDesc.patch b/patches/advapi32-BuildSecurityDescriptor/0002-advapi32-tests-Add-basic-tests-for-BuildSecurityDesc.patch index 6c5a850d..56ae06b8 100644 --- a/patches/advapi32-BuildSecurityDescriptor/0002-advapi32-tests-Add-basic-tests-for-BuildSecurityDesc.patch +++ b/patches/advapi32-BuildSecurityDescriptor/0002-advapi32-tests-Add-basic-tests-for-BuildSecurityDesc.patch @@ -1,4 +1,4 @@ -From 63082c3863d8be466ed14f532653ddf35e40328a Mon Sep 17 00:00:00 2001 +From 09d62cfc4fa999eacc89af2ad414810e22c910a9 Mon Sep 17 00:00:00 2001 From: Sebastian Lackner Date: Fri, 5 May 2017 00:18:50 +0200 Subject: advapi32/tests: Add basic tests for BuildSecurityDescriptor. @@ -8,11 +8,11 @@ Subject: advapi32/tests: Add basic tests for BuildSecurityDescriptor. 1 file changed, 39 insertions(+) diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c -index d6ea3a19fad..c591f7b6e5f 100644 +index ca5edffae5..db5a0f934c 100644 --- a/dlls/advapi32/tests/security.c +++ b/dlls/advapi32/tests/security.c -@@ -7489,6 +7489,44 @@ static void test_child_token_sd(void) - HeapFree(GetProcessHeap(), 0, sd); +@@ -7217,6 +7217,44 @@ static void test_GetExplicitEntriesFromAclW(void) + HeapFree(GetProcessHeap(), 0, old_acl); } +static void test_BuildSecurityDescriptorW(void) @@ -56,14 +56,14 @@ index d6ea3a19fad..c591f7b6e5f 100644 START_TEST(security) { init(); -@@ -7542,6 +7580,7 @@ START_TEST(security) - test_pseudo_tokens(); +@@ -7271,6 +7309,7 @@ START_TEST(security) test_maximum_allowed(); + test_token_label(); test_GetExplicitEntriesFromAclW(); + test_BuildSecurityDescriptorW(); - /* must be the last test, modifies process token */ + /* Must be the last test, modifies process token */ test_token_security_descriptor(); -- -2.12.2 +2.13.1 diff --git a/patches/advapi32-BuildSecurityDescriptor/definition b/patches/advapi32-BuildSecurityDescriptor/definition index bbfe49d3..213cfd64 100644 --- a/patches/advapi32-BuildSecurityDescriptor/definition +++ b/patches/advapi32-BuildSecurityDescriptor/definition @@ -1,2 +1,2 @@ Fixes: Initial implementation of advapi32.BuildSecurityDescriptorW -Depends: server-LABEL_SECURITY_INFORMATION +Depends: advapi32-GetExplicitEntriesFromAclW diff --git a/patches/advapi32-GetExplicitEntriesFromAclW/0001-advapi32-Implement-GetExplicitEntriesFromAclW.patch b/patches/advapi32-GetExplicitEntriesFromAclW/0001-advapi32-Implement-GetExplicitEntriesFromAclW.patch index 1e8cdba0..af843d27 100644 --- a/patches/advapi32-GetExplicitEntriesFromAclW/0001-advapi32-Implement-GetExplicitEntriesFromAclW.patch +++ b/patches/advapi32-GetExplicitEntriesFromAclW/0001-advapi32-Implement-GetExplicitEntriesFromAclW.patch @@ -1,4 +1,4 @@ -From cd5f99efd824965d92bd8491afd0c6e6d7bdc118 Mon Sep 17 00:00:00 2001 +From 510d9f43f441bc3a9723aabfd2c1cdc8737d6dcc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20M=C3=BCller?= Date: Sun, 28 Aug 2016 21:56:41 +0200 Subject: advapi32: Implement GetExplicitEntriesFromAclW. @@ -101,7 +101,7 @@ index e36792cff4..b305947347 100644 /****************************************************************************** diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c -index 09c6a721cc..286d236e4b 100644 +index 3c68205922..ca5edffae5 100644 --- a/dlls/advapi32/tests/security.c +++ b/dlls/advapi32/tests/security.c @@ -134,6 +134,7 @@ static BOOL (WINAPI *pGetWindowsAccountDomainSid)(PSID,PSID,DWORD*); @@ -120,8 +120,8 @@ index 09c6a721cc..286d236e4b 100644 myARGC = winetest_get_mainargs( &myARGV ); } -@@ -6795,6 +6797,145 @@ static void test_token_security_descriptor(void) - CloseHandle(token); +@@ -7076,6 +7078,145 @@ static void test_child_token_sd(void) + HeapFree(GetProcessHeap(), 0, sd); } +static void test_GetExplicitEntriesFromAclW(void) @@ -266,12 +266,14 @@ index 09c6a721cc..286d236e4b 100644 START_TEST(security) { init(); -@@ -6845,4 +6986,5 @@ START_TEST(security) +@@ -7129,6 +7270,7 @@ START_TEST(security) test_pseudo_tokens(); test_maximum_allowed(); - test_token_security_descriptor(); + test_token_label(); + test_GetExplicitEntriesFromAclW(); - } + + /* Must be the last test, modifies process token */ + test_token_security_descriptor(); -- 2.13.1 diff --git a/patches/patchinstall.sh b/patches/patchinstall.sh index ea544d75..6c2cc8b2 100755 --- a/patches/patchinstall.sh +++ b/patches/patchinstall.sh @@ -52,7 +52,7 @@ usage() # Get the upstream commit sha upstream_commit() { - echo "95a49bdce6cd5a35d5035456e576ab81239fb081" + echo "abaddc871842ba4ec0156f4bfed9939b44052ee4" } # Show version information @@ -321,7 +321,6 @@ patch_enable_all () enable_server_File_Permissions="$1" enable_server_Inherited_ACLs="$1" enable_server_Key_State="$1" - enable_server_LABEL_SECURITY_INFORMATION="$1" enable_server_Map_EXDEV_Error="$1" enable_server_Misc_ACL="$1" enable_server_Object_Types="$1" @@ -433,7 +432,6 @@ patch_enable_all () enable_wined3d_CSMT_Helper="$1" enable_wined3d_CSMT_Main="$1" enable_wined3d_DXTn="$1" - enable_wined3d_GDI_Rendering="$1" enable_wined3d_GTX_560M="$1" enable_wined3d_Limit_Vram="$1" enable_wined3d_QUERY_Stubs="$1" @@ -1209,9 +1207,6 @@ patch_enable () server-Key_State) enable_server_Key_State="$2" ;; - server-LABEL_SECURITY_INFORMATION) - enable_server_LABEL_SECURITY_INFORMATION="$2" - ;; server-Map_EXDEV_Error) enable_server_Map_EXDEV_Error="$2" ;; @@ -1545,9 +1540,6 @@ patch_enable () wined3d-DXTn) enable_wined3d_DXTn="$2" ;; - wined3d-GDI_Rendering) - enable_wined3d_GDI_Rendering="$2" - ;; wined3d-GTX_560M) enable_wined3d_GTX_560M="$2" ;; @@ -2321,6 +2313,17 @@ if test "$enable_server_Inherited_ACLs" -eq 1; then enable_server_Stored_ACLs=1 fi +if test "$enable_server_Stored_ACLs" -eq 1; then + if test "$enable_ntdll_DOS_Attributes" -gt 1; then + abort "Patchset ntdll-DOS_Attributes disabled, but server-Stored_ACLs depends on that." + fi + if test "$enable_server_File_Permissions" -gt 1; then + abort "Patchset server-File_Permissions disabled, but server-Stored_ACLs depends on that." + fi + enable_ntdll_DOS_Attributes=1 + enable_server_File_Permissions=1 +fi + if test "$enable_oleaut32_OLEPictureImpl_SaveAsFile" -eq 1; then if test "$enable_oleaut32_Load_Save_EMF" -gt 1; then abort "Patchset oleaut32-Load_Save_EMF disabled, but oleaut32-OLEPictureImpl_SaveAsFile depends on that." @@ -2661,36 +2664,10 @@ if test "$enable_advapi32_LsaLookupSids" -eq 1; then fi if test "$enable_advapi32_BuildSecurityDescriptor" -eq 1; then - if test "$enable_server_LABEL_SECURITY_INFORMATION" -gt 1; then - abort "Patchset server-LABEL_SECURITY_INFORMATION disabled, but advapi32-BuildSecurityDescriptor depends on that." - fi - enable_server_LABEL_SECURITY_INFORMATION=1 -fi - -if test "$enable_server_LABEL_SECURITY_INFORMATION" -eq 1; then if test "$enable_advapi32_GetExplicitEntriesFromAclW" -gt 1; then - abort "Patchset advapi32-GetExplicitEntriesFromAclW disabled, but server-LABEL_SECURITY_INFORMATION depends on that." - fi - if test "$enable_server_Misc_ACL" -gt 1; then - abort "Patchset server-Misc_ACL disabled, but server-LABEL_SECURITY_INFORMATION depends on that." - fi - if test "$enable_server_Stored_ACLs" -gt 1; then - abort "Patchset server-Stored_ACLs disabled, but server-LABEL_SECURITY_INFORMATION depends on that." + abort "Patchset advapi32-GetExplicitEntriesFromAclW disabled, but advapi32-BuildSecurityDescriptor depends on that." fi enable_advapi32_GetExplicitEntriesFromAclW=1 - enable_server_Misc_ACL=1 - enable_server_Stored_ACLs=1 -fi - -if test "$enable_server_Stored_ACLs" -eq 1; then - if test "$enable_ntdll_DOS_Attributes" -gt 1; then - abort "Patchset ntdll-DOS_Attributes disabled, but server-Stored_ACLs depends on that." - fi - if test "$enable_server_File_Permissions" -gt 1; then - abort "Patchset server-File_Permissions disabled, but server-Stored_ACLs depends on that." - fi - enable_ntdll_DOS_Attributes=1 - enable_server_File_Permissions=1 fi @@ -2714,11 +2691,11 @@ fi # | Modified files: # | * dlls/amstream/mediastreamfilter.c, dlls/d2d1/brush.c, dlls/d2d1/geometry.c, dlls/d3d11/view.c, dlls/d3d8/texture.c, # | dlls/d3d9/tests/visual.c, dlls/d3d9/texture.c, dlls/ddraw/viewport.c, dlls/dsound/primary.c, dlls/dwrite/font.c, -# | dlls/dwrite/layout.c, dlls/fusion/tests/asmenum.c, dlls/fusion/tests/asmname.c, dlls/gdiplus/image.c, -# | dlls/kernel32/oldconfig.c, dlls/kernel32/tests/heap.c, dlls/msxml3/schema.c, dlls/netapi32/netapi32.c, -# | dlls/ole32/storage32.h, dlls/oleaut32/oleaut.c, dlls/rpcrt4/cstub.c, dlls/rsaenh/rsaenh.c, dlls/shell32/shfldr_fs.c, -# | dlls/vbscript/vbdisp.c, dlls/winealsa.drv/mmdevdrv.c, dlls/wined3d/glsl_shader.c, dlls/ws2_32/tests/sock.c, -# | include/wine/list.h, include/wine/rbtree.h, include/winnt.h, tools/makedep.c +# | dlls/dwrite/layout.c, dlls/fusion/tests/asmenum.c, dlls/fusion/tests/asmname.c, dlls/kernel32/oldconfig.c, +# | dlls/kernel32/tests/heap.c, dlls/msxml3/schema.c, dlls/netapi32/netapi32.c, dlls/ole32/storage32.h, +# | dlls/oleaut32/oleaut.c, dlls/rpcrt4/cstub.c, dlls/rsaenh/rsaenh.c, dlls/shell32/shfldr_fs.c, dlls/vbscript/vbdisp.c, +# | dlls/winealsa.drv/mmdevdrv.c, dlls/wined3d/glsl_shader.c, dlls/ws2_32/tests/sock.c, include/wine/list.h, +# | include/wine/rbtree.h, include/winnt.h, tools/makedep.c # | if test "$enable_Compiler_Warnings" -eq 1; then patch_apply Compiler_Warnings/0001-ole32-Fix-compilation-with-recent-versions-of-gcc.patch @@ -2729,7 +2706,6 @@ if test "$enable_Compiler_Warnings" -eq 1; then patch_apply Compiler_Warnings/0007-rsaenh-tests-Avoid-compiler-warnings-with-GCC-7.patch patch_apply Compiler_Warnings/0008-kernel32-Avoid-compiler-warnings-with-GCC-7.patch patch_apply Compiler_Warnings/0009-ws2_32-tests-Work-around-an-incorrect-detection-in-G.patch - patch_apply Compiler_Warnings/0011-gdiplus-Initialize-containers-list-in-GdipCloneImage.patch patch_apply Compiler_Warnings/0018-Appease-the-blessed-version-of-gcc-4.5-when-Werror-i.patch patch_apply Compiler_Warnings/0019-dsound-Avoid-implicit-cast-of-interface-pointer.patch patch_apply Compiler_Warnings/0020-amstream-Avoid-implicit-cast-of-interface-pointer.patch @@ -2753,7 +2729,6 @@ if test "$enable_Compiler_Warnings" -eq 1; then printf '%s\n' '+ { "Sebastian Lackner", "rsaenh/tests: Avoid compiler warnings with GCC 7.", 1 },'; printf '%s\n' '+ { "Sebastian Lackner", "kernel32: Avoid compiler warnings with GCC 7.", 1 },'; printf '%s\n' '+ { "Sebastian Lackner", "ws2_32/tests: Work around an incorrect detection in GCC 7.", 1 },'; - printf '%s\n' '+ { "Sebastian Lackner", "gdiplus: Initialize containers list in GdipCloneImage.", 1 },'; printf '%s\n' '+ { "Erich E. Hoover", "Appease the blessed version of gcc (4.5) when -Werror is enabled.", 1 },'; printf '%s\n' '+ { "Sebastian Lackner", "dsound: Avoid implicit cast of interface pointer.", 1 },'; printf '%s\n' '+ { "Sebastian Lackner", "amstream: Avoid implicit cast of interface pointer.", 1 },'; @@ -2856,144 +2831,10 @@ if test "$enable_advapi32_GetExplicitEntriesFromAclW" -eq 1; then ) >> "$patchlist" fi -# Patchset server-Misc_ACL -# | -# | This patchset fixes the following Wine bugs: -# | * [#15980] GetSecurityInfo returns NULL DACL for process object -# | -# | Modified files: -# | * dlls/advapi32/tests/security.c, server/process.c, server/security.h, server/token.c -# | -if test "$enable_server_Misc_ACL" -eq 1; then - patch_apply server-Misc_ACL/0001-server-Add-default-security-descriptor-ownership-for.patch - patch_apply server-Misc_ACL/0002-server-Add-default-security-descriptor-DACL-for-proc.patch - ( - printf '%s\n' '+ { "Erich E. Hoover", "server: Add default security descriptor ownership for processes.", 1 },'; - printf '%s\n' '+ { "Erich E. Hoover", "server: Add default security descriptor DACL for processes.", 1 },'; - ) >> "$patchlist" -fi - -# Patchset ntdll-DOS_Attributes -# | -# | This patchset fixes the following Wine bugs: -# | * [#9158] Support for DOS hidden/system file attributes -# | -# | Modified files: -# | * configure.ac, dlls/ntdll/directory.c, dlls/ntdll/file.c, dlls/ntdll/ntdll_misc.h, dlls/ntdll/tests/directory.c, -# | dlls/ntdll/tests/file.c, include/wine/port.h, libs/port/Makefile.in, libs/port/xattr.c -# | -if test "$enable_ntdll_DOS_Attributes" -eq 1; then - patch_apply ntdll-DOS_Attributes/0001-ntdll-Implement-retrieving-DOS-attributes-in-NtQuery.patch - patch_apply ntdll-DOS_Attributes/0002-ntdll-Implement-retrieving-DOS-attributes-in-NtQuery.patch - patch_apply ntdll-DOS_Attributes/0003-ntdll-Implement-storing-DOS-attributes-in-NtSetInfor.patch - patch_apply ntdll-DOS_Attributes/0004-ntdll-Implement-storing-DOS-attributes-in-NtCreateFi.patch - patch_apply ntdll-DOS_Attributes/0005-libport-Add-support-for-Mac-OS-X-style-extended-attr.patch - patch_apply ntdll-DOS_Attributes/0006-libport-Add-support-for-FreeBSD-style-extended-attri.patch - patch_apply ntdll-DOS_Attributes/0007-ntdll-Perform-the-Unix-style-hidden-file-check-withi.patch - patch_apply ntdll-DOS_Attributes/0008-ntdll-Always-store-SAMBA_XATTR_DOS_ATTRIB-when-path-.patch - ( - printf '%s\n' '+ { "Erich E. Hoover", "ntdll: Implement retrieving DOS attributes in NtQueryInformationFile.", 1 },'; - printf '%s\n' '+ { "Erich E. Hoover", "ntdll: Implement retrieving DOS attributes in NtQuery[Full]AttributesFile and NtQueryDirectoryFile.", 1 },'; - printf '%s\n' '+ { "Erich E. Hoover", "ntdll: Implement storing DOS attributes in NtSetInformationFile.", 1 },'; - printf '%s\n' '+ { "Erich E. Hoover", "ntdll: Implement storing DOS attributes in NtCreateFile.", 1 },'; - printf '%s\n' '+ { "Erich E. Hoover", "libport: Add support for Mac OS X style extended attributes.", 1 },'; - printf '%s\n' '+ { "Erich E. Hoover", "libport: Add support for FreeBSD style extended attributes.", 1 },'; - printf '%s\n' '+ { "Erich E. Hoover", "ntdll: Perform the Unix-style hidden file check within the unified file info grabbing routine.", 1 },'; - printf '%s\n' '+ { "Sebastian Lackner", "ntdll: Always store SAMBA_XATTR_DOS_ATTRIB when path could be interpreted as hidden.", 1 },'; - ) >> "$patchlist" -fi - -# Patchset server-File_Permissions -# | -# | This patchset fixes the following Wine bugs: -# | * [#38970] Improve mapping of DACL to file permissions -# | -# | Modified files: -# | * dlls/advapi32/tests/security.c, dlls/ntdll/tests/file.c, server/fd.c, server/file.c -# | -if test "$enable_server_File_Permissions" -eq 1; then - patch_apply server-File_Permissions/0001-server-Improve-STATUS_CANNOT_DELETE-checks-for-direc.patch - patch_apply server-File_Permissions/0002-server-Allow-to-open-files-without-any-permission-bi.patch - patch_apply server-File_Permissions/0003-server-When-creating-new-directories-temporarily-giv.patch - patch_apply server-File_Permissions/0004-advapi32-tests-Add-tests-for-ACL-inheritance-in-Crea.patch - patch_apply server-File_Permissions/0005-advapi32-tests-Add-ACL-inheritance-tests-for-creatin.patch - patch_apply server-File_Permissions/0006-ntdll-tests-Added-tests-for-open-behaviour-on-readon.patch - patch_apply server-File_Permissions/0007-server-FILE_WRITE_ATTRIBUTES-should-succeed-for-read.patch - patch_apply server-File_Permissions/0008-server-Improve-mapping-of-DACL-to-file-permissions.patch - ( - printf '%s\n' '+ { "Sebastian Lackner", "server: Improve STATUS_CANNOT_DELETE checks for directory case.", 1 },'; - printf '%s\n' '+ { "Sebastian Lackner", "server: Allow to open files without any permission bits.", 2 },'; - printf '%s\n' '+ { "Sebastian Lackner", "server: When creating new directories temporarily give read-permissions until they are opened.", 1 },'; - printf '%s\n' '+ { "Sebastian Lackner", "advapi32/tests: Add tests for ACL inheritance in CreateDirectoryA.", 1 },'; - printf '%s\n' '+ { "Sebastian Lackner", "advapi32/tests: Add ACL inheritance tests for creating subdirectories with NtCreateFile.", 1 },'; - printf '%s\n' '+ { "Qian Hong", "ntdll/tests: Added tests for open behaviour on readonly files.", 1 },'; - printf '%s\n' '+ { "Sebastian Lackner", "server: FILE_WRITE_ATTRIBUTES should succeed for readonly files.", 1 },'; - printf '%s\n' '+ { "Sebastian Lackner", "server: Improve mapping of DACL to file permissions.", 1 },'; - ) >> "$patchlist" -fi - -# Patchset server-Stored_ACLs -# | -# | This patchset has the following (direct or indirect) dependencies: -# | * ntdll-DOS_Attributes, server-File_Permissions -# | -# | This patchset fixes the following Wine bugs: -# | * [#33576] Support for stored file ACLs -# | -# | Modified files: -# | * dlls/advapi32/tests/security.c, include/wine/port.h, server/change.c, server/file.c, server/file.h, server/object.c, -# | server/object.h -# | -if test "$enable_server_Stored_ACLs" -eq 1; then - patch_apply server-Stored_ACLs/0001-server-Unify-the-storage-of-security-attributes-for-.patch - patch_apply server-Stored_ACLs/0002-server-Unify-the-retrieval-of-security-attributes-fo.patch - patch_apply server-Stored_ACLs/0003-server-Add-a-helper-function-set_sd_from_token_inter.patch - patch_apply server-Stored_ACLs/0004-server-Temporarily-store-the-full-security-descripto.patch - patch_apply server-Stored_ACLs/0005-server-Store-file-security-attributes-with-extended-.patch - patch_apply server-Stored_ACLs/0006-server-Convert-return-of-file-security-masks-with-ge.patch - patch_apply server-Stored_ACLs/0007-server-Retrieve-file-security-attributes-with-extend.patch - ( - printf '%s\n' '+ { "Erich E. Hoover", "server: Unify the storage of security attributes for files and directories.", 7 },'; - printf '%s\n' '+ { "Erich E. Hoover", "server: Unify the retrieval of security attributes for files and directories.", 7 },'; - printf '%s\n' '+ { "Sebastian Lackner", "server: Add a helper function set_sd_from_token_internal to merge two security descriptors.", 1 },'; - printf '%s\n' '+ { "Sebastian Lackner", "server: Temporarily store the full security descriptor for file objects.", 1 },'; - printf '%s\n' '+ { "Erich E. Hoover", "server: Store file security attributes with extended file attributes.", 8 },'; - printf '%s\n' '+ { "Erich E. Hoover", "server: Convert return of file security masks with generic access mappings.", 7 },'; - printf '%s\n' '+ { "Erich E. Hoover", "server: Retrieve file security attributes with extended file attributes.", 7 },'; - ) >> "$patchlist" -fi - -# Patchset server-LABEL_SECURITY_INFORMATION -# | -# | This patchset has the following (direct or indirect) dependencies: -# | * advapi32-GetExplicitEntriesFromAclW, server-Misc_ACL, ntdll-DOS_Attributes, server-File_Permissions, server-Stored_ACLs -# | -# | This patchset fixes the following Wine bugs: -# | * [#42014] Implement support for LABEL_SECURITY_INFORMATION -# | -# | Modified files: -# | * dlls/advapi32/tests/security.c, server/process.c, server/security.h, server/token.c -# | -if test "$enable_server_LABEL_SECURITY_INFORMATION" -eq 1; then - patch_apply server-LABEL_SECURITY_INFORMATION/0001-advapi32-tests-Add-back-a-dropped-test.patch - patch_apply server-LABEL_SECURITY_INFORMATION/0006-advapi32-tests-Show-that-tokens-do-not-inherit-secur.patch - patch_apply server-LABEL_SECURITY_INFORMATION/0007-advapi32-tests-Show-that-tokens-do-not-inherit-dacls.patch - patch_apply server-LABEL_SECURITY_INFORMATION/0008-advapi32-tests-Show-that-tokens-do-not-inherit-sacls.patch - patch_apply server-LABEL_SECURITY_INFORMATION/0009-server-Assign-a-default-label-high-to-all-tokens.patch - ( - printf '%s\n' '+ { "Sebastian Lackner", "advapi32/tests: Add back a dropped test.", 1 },'; - printf '%s\n' '+ { "Michael Müller", "advapi32/tests: Show that tokens do not inherit security descriptors during duplication.", 1 },'; - printf '%s\n' '+ { "Michael Müller", "advapi32/tests: Show that tokens do not inherit dacls while creating child processes.", 1 },'; - printf '%s\n' '+ { "Michael Müller", "advapi32/tests: Show that tokens do not inherit sacls / mandatory labels while creating child processes.", 1 },'; - printf '%s\n' '+ { "Michael Müller", "server: Assign a default label (high) to all tokens.", 1 },'; - ) >> "$patchlist" -fi - # Patchset advapi32-BuildSecurityDescriptor # | # | This patchset has the following (direct or indirect) dependencies: -# | * advapi32-GetExplicitEntriesFromAclW, server-Misc_ACL, ntdll-DOS_Attributes, server-File_Permissions, server-Stored_ACLs, -# | server-LABEL_SECURITY_INFORMATION +# | * advapi32-GetExplicitEntriesFromAclW # | # | Modified files: # | * dlls/advapi32/security.c, dlls/advapi32/tests/security.c @@ -3026,6 +2867,23 @@ if test "$enable_server_CreateProcess_ACLs" -eq 1; then ) >> "$patchlist" fi +# Patchset server-Misc_ACL +# | +# | This patchset fixes the following Wine bugs: +# | * [#15980] GetSecurityInfo returns NULL DACL for process object +# | +# | Modified files: +# | * dlls/advapi32/tests/security.c, server/process.c, server/security.h, server/token.c +# | +if test "$enable_server_Misc_ACL" -eq 1; then + patch_apply server-Misc_ACL/0001-server-Add-default-security-descriptor-ownership-for.patch + patch_apply server-Misc_ACL/0002-server-Add-default-security-descriptor-DACL-for-proc.patch + ( + printf '%s\n' '+ { "Erich E. Hoover", "server: Add default security descriptor ownership for processes.", 1 },'; + printf '%s\n' '+ { "Erich E. Hoover", "server: Add default security descriptor DACL for processes.", 1 },'; + ) >> "$patchlist" +fi + # Patchset advapi32-LsaLookupSids # | # | This patchset has the following (direct or indirect) dependencies: @@ -4808,6 +4666,35 @@ if test "$enable_kernel32_COMSPEC" -eq 1; then ) >> "$patchlist" fi +# Patchset server-File_Permissions +# | +# | This patchset fixes the following Wine bugs: +# | * [#38970] Improve mapping of DACL to file permissions +# | +# | Modified files: +# | * dlls/advapi32/tests/security.c, dlls/ntdll/tests/file.c, server/fd.c, server/file.c +# | +if test "$enable_server_File_Permissions" -eq 1; then + patch_apply server-File_Permissions/0001-server-Improve-STATUS_CANNOT_DELETE-checks-for-direc.patch + patch_apply server-File_Permissions/0002-server-Allow-to-open-files-without-any-permission-bi.patch + patch_apply server-File_Permissions/0003-server-When-creating-new-directories-temporarily-giv.patch + patch_apply server-File_Permissions/0004-advapi32-tests-Add-tests-for-ACL-inheritance-in-Crea.patch + patch_apply server-File_Permissions/0005-advapi32-tests-Add-ACL-inheritance-tests-for-creatin.patch + patch_apply server-File_Permissions/0006-ntdll-tests-Added-tests-for-open-behaviour-on-readon.patch + patch_apply server-File_Permissions/0007-server-FILE_WRITE_ATTRIBUTES-should-succeed-for-read.patch + patch_apply server-File_Permissions/0008-server-Improve-mapping-of-DACL-to-file-permissions.patch + ( + printf '%s\n' '+ { "Sebastian Lackner", "server: Improve STATUS_CANNOT_DELETE checks for directory case.", 1 },'; + printf '%s\n' '+ { "Sebastian Lackner", "server: Allow to open files without any permission bits.", 2 },'; + printf '%s\n' '+ { "Sebastian Lackner", "server: When creating new directories temporarily give read-permissions until they are opened.", 1 },'; + printf '%s\n' '+ { "Sebastian Lackner", "advapi32/tests: Add tests for ACL inheritance in CreateDirectoryA.", 1 },'; + printf '%s\n' '+ { "Sebastian Lackner", "advapi32/tests: Add ACL inheritance tests for creating subdirectories with NtCreateFile.", 1 },'; + printf '%s\n' '+ { "Qian Hong", "ntdll/tests: Added tests for open behaviour on readonly files.", 1 },'; + printf '%s\n' '+ { "Sebastian Lackner", "server: FILE_WRITE_ATTRIBUTES should succeed for readonly files.", 1 },'; + printf '%s\n' '+ { "Sebastian Lackner", "server: Improve mapping of DACL to file permissions.", 1 },'; + ) >> "$patchlist" +fi + # Patchset ntdll-FileDispositionInformation # | # | This patchset has the following (direct or indirect) dependencies: @@ -5751,6 +5638,36 @@ if test "$enable_ntdll_CLI_Images" -eq 1; then ) >> "$patchlist" fi +# Patchset ntdll-DOS_Attributes +# | +# | This patchset fixes the following Wine bugs: +# | * [#9158] Support for DOS hidden/system file attributes +# | +# | Modified files: +# | * configure.ac, dlls/ntdll/directory.c, dlls/ntdll/file.c, dlls/ntdll/ntdll_misc.h, dlls/ntdll/tests/directory.c, +# | dlls/ntdll/tests/file.c, include/wine/port.h, libs/port/Makefile.in, libs/port/xattr.c +# | +if test "$enable_ntdll_DOS_Attributes" -eq 1; then + patch_apply ntdll-DOS_Attributes/0001-ntdll-Implement-retrieving-DOS-attributes-in-NtQuery.patch + patch_apply ntdll-DOS_Attributes/0002-ntdll-Implement-retrieving-DOS-attributes-in-NtQuery.patch + patch_apply ntdll-DOS_Attributes/0003-ntdll-Implement-storing-DOS-attributes-in-NtSetInfor.patch + patch_apply ntdll-DOS_Attributes/0004-ntdll-Implement-storing-DOS-attributes-in-NtCreateFi.patch + patch_apply ntdll-DOS_Attributes/0005-libport-Add-support-for-Mac-OS-X-style-extended-attr.patch + patch_apply ntdll-DOS_Attributes/0006-libport-Add-support-for-FreeBSD-style-extended-attri.patch + patch_apply ntdll-DOS_Attributes/0007-ntdll-Perform-the-Unix-style-hidden-file-check-withi.patch + patch_apply ntdll-DOS_Attributes/0008-ntdll-Always-store-SAMBA_XATTR_DOS_ATTRIB-when-path-.patch + ( + printf '%s\n' '+ { "Erich E. Hoover", "ntdll: Implement retrieving DOS attributes in NtQueryInformationFile.", 1 },'; + printf '%s\n' '+ { "Erich E. Hoover", "ntdll: Implement retrieving DOS attributes in NtQuery[Full]AttributesFile and NtQueryDirectoryFile.", 1 },'; + printf '%s\n' '+ { "Erich E. Hoover", "ntdll: Implement storing DOS attributes in NtSetInformationFile.", 1 },'; + printf '%s\n' '+ { "Erich E. Hoover", "ntdll: Implement storing DOS attributes in NtCreateFile.", 1 },'; + printf '%s\n' '+ { "Erich E. Hoover", "libport: Add support for Mac OS X style extended attributes.", 1 },'; + printf '%s\n' '+ { "Erich E. Hoover", "libport: Add support for FreeBSD style extended attributes.", 1 },'; + printf '%s\n' '+ { "Erich E. Hoover", "ntdll: Perform the Unix-style hidden file check within the unified file info grabbing routine.", 1 },'; + printf '%s\n' '+ { "Sebastian Lackner", "ntdll: Always store SAMBA_XATTR_DOS_ATTRIB when path could be interpreted as hidden.", 1 },'; + ) >> "$patchlist" +fi + # Patchset ntdll-Dealloc_Thread_Stack # | # | Modified files: @@ -7115,6 +7032,37 @@ if test "$enable_server_FileEndOfFileInformation" -eq 1; then ) >> "$patchlist" fi +# Patchset server-Stored_ACLs +# | +# | This patchset has the following (direct or indirect) dependencies: +# | * ntdll-DOS_Attributes, server-File_Permissions +# | +# | This patchset fixes the following Wine bugs: +# | * [#33576] Support for stored file ACLs +# | +# | Modified files: +# | * dlls/advapi32/tests/security.c, include/wine/port.h, server/change.c, server/file.c, server/file.h, server/object.c, +# | server/object.h +# | +if test "$enable_server_Stored_ACLs" -eq 1; then + patch_apply server-Stored_ACLs/0001-server-Unify-the-storage-of-security-attributes-for-.patch + patch_apply server-Stored_ACLs/0002-server-Unify-the-retrieval-of-security-attributes-fo.patch + patch_apply server-Stored_ACLs/0003-server-Add-a-helper-function-set_sd_from_token_inter.patch + patch_apply server-Stored_ACLs/0004-server-Temporarily-store-the-full-security-descripto.patch + patch_apply server-Stored_ACLs/0005-server-Store-file-security-attributes-with-extended-.patch + patch_apply server-Stored_ACLs/0006-server-Convert-return-of-file-security-masks-with-ge.patch + patch_apply server-Stored_ACLs/0007-server-Retrieve-file-security-attributes-with-extend.patch + ( + printf '%s\n' '+ { "Erich E. Hoover", "server: Unify the storage of security attributes for files and directories.", 7 },'; + printf '%s\n' '+ { "Erich E. Hoover", "server: Unify the retrieval of security attributes for files and directories.", 7 },'; + printf '%s\n' '+ { "Sebastian Lackner", "server: Add a helper function set_sd_from_token_internal to merge two security descriptors.", 1 },'; + printf '%s\n' '+ { "Sebastian Lackner", "server: Temporarily store the full security descriptor for file objects.", 1 },'; + printf '%s\n' '+ { "Erich E. Hoover", "server: Store file security attributes with extended file attributes.", 8 },'; + printf '%s\n' '+ { "Erich E. Hoover", "server: Convert return of file security masks with generic access mappings.", 7 },'; + printf '%s\n' '+ { "Erich E. Hoover", "server: Retrieve file security attributes with extended file attributes.", 7 },'; + ) >> "$patchlist" +fi + # Patchset server-Inherited_ACLs # | # | This patchset has the following (direct or indirect) dependencies: @@ -9142,25 +9090,6 @@ if test "$enable_wined3d_CSMT_Helper" -eq 1; then ) >> "$patchlist" fi -# Patchset wined3d-GDI_Rendering -# | -# | Modified files: -# | * dlls/wined3d/context.c, dlls/wined3d/device.c, dlls/wined3d/surface.c, dlls/wined3d/texture.c, -# | dlls/wined3d/wined3d_private.h -# | -if test "$enable_wined3d_GDI_Rendering" -eq 1; then - patch_apply wined3d-GDI_Rendering/0001-wined3d-Avoid-NULL-pointer-dereference-when-using-GD.patch - patch_apply wined3d-GDI_Rendering/0002-wined3d-Create-CPU-blitter-also-for-GDI-render.patch - patch_apply wined3d-GDI_Rendering/0003-wined3d-Fix-memory-leaks-in-blitter_destroy-callback.patch - patch_apply wined3d-GDI_Rendering/0004-wined3d-Trigger-frontbuffer-update-in-surface_cpu_bl.patch - ( - printf '%s\n' '+ { "Sebastian Lackner", "wined3d: Avoid NULL pointer dereference when using GDI renderer.", 1 },'; - printf '%s\n' '+ { "Sebastian Lackner", "wined3d: Create CPU blitter also for GDI render.", 1 },'; - printf '%s\n' '+ { "Sebastian Lackner", "wined3d: Fix memory leaks in blitter_destroy callbacks.", 1 },'; - printf '%s\n' '+ { "Sebastian Lackner", "wined3d: Trigger frontbuffer update in surface_cpu_blt.", 1 },'; - ) >> "$patchlist" -fi - # Patchset wined3d-GTX_560M # | # | Modified files: diff --git a/patches/server-LABEL_SECURITY_INFORMATION/0001-advapi32-tests-Add-back-a-dropped-test.patch b/patches/server-LABEL_SECURITY_INFORMATION/0001-advapi32-tests-Add-back-a-dropped-test.patch deleted file mode 100644 index df137835..00000000 --- a/patches/server-LABEL_SECURITY_INFORMATION/0001-advapi32-tests-Add-back-a-dropped-test.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 47f4a0e0cb0e90695cb863306475e7ac11ef3e4a Mon Sep 17 00:00:00 2001 -From: Sebastian Lackner -Date: Fri, 16 Jun 2017 04:53:19 +0200 -Subject: advapi32/tests: Add back a dropped test. - ---- - dlls/advapi32/tests/security.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c -index de511af32f..eca83765af 100644 ---- a/dlls/advapi32/tests/security.c -+++ b/dlls/advapi32/tests/security.c -@@ -6426,10 +6426,12 @@ static void test_AddMandatoryAce(void) - - sacl = (void *)0xdeadbeef; - present = TRUE; -+ defaulted = TRUE; - ret = GetSecurityDescriptorSacl(sd2, &present, &sacl, &defaulted); - ok(ret, "GetSecurityDescriptorSacl failed with error %u\n", GetLastError()); - ok(!present, "SACL is present\n"); - ok(sacl == (void *)0xdeadbeef, "SACL is set\n"); -+ todo_wine ok(!defaulted, "SACL defaulted\n"); - - HeapFree(GetProcessHeap(), 0, sd2); - CloseHandle(handle); --- -2.13.1 - diff --git a/patches/server-LABEL_SECURITY_INFORMATION/0006-advapi32-tests-Show-that-tokens-do-not-inherit-secur.patch b/patches/server-LABEL_SECURITY_INFORMATION/0006-advapi32-tests-Show-that-tokens-do-not-inherit-secur.patch deleted file mode 100644 index 7872b711..00000000 --- a/patches/server-LABEL_SECURITY_INFORMATION/0006-advapi32-tests-Show-that-tokens-do-not-inherit-secur.patch +++ /dev/null @@ -1,78 +0,0 @@ -From afc6af7ffafd30c8830d2085e32505dd87d866ec Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Michael=20M=C3=BCller?= -Date: Thu, 12 Jan 2017 05:31:31 +0100 -Subject: advapi32/tests: Show that tokens do not inherit security descriptors - during duplication. - ---- - dlls/advapi32/tests/security.c | 45 ++++++++++++++++++++++++++++++++++++++++-- - 1 file changed, 43 insertions(+), 2 deletions(-) - -diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c -index eca83765af..f4f2519a04 100644 ---- a/dlls/advapi32/tests/security.c -+++ b/dlls/advapi32/tests/security.c -@@ -6947,8 +6947,9 @@ static void test_token_security_descriptor(void) - BOOL defaulted, present, ret; - ACCESS_ALLOWED_ACE *ace; - SECURITY_ATTRIBUTES sa; -- HANDLE token, token2; -- DWORD size; -+ HANDLE token, token2, token3; -+ DWORD size, index; -+ BOOL found; - PSID psid; - - if (!pDuplicateTokenEx || !pConvertStringSidToSidA || !pAddAccessAllowedAceEx || !pGetAce -@@ -7011,8 +7012,48 @@ static void test_token_security_descriptor(void) - - HeapFree(GetProcessHeap(), 0, sd2); - -+ /* Duplicate token without security attributes. -+ * Tokens do not inherit the security descriptor when calling DuplicateToken, -+ * see https://blogs.msdn.microsoft.com/oldnewthing/20160512-00/?p=93447 -+ */ -+ ret = pDuplicateTokenEx(token2, MAXIMUM_ALLOWED, NULL, SecurityImpersonation, TokenImpersonation, &token3); -+ ok(ret, "DuplicateTokenEx failed with %u\n", GetLastError()); -+ -+ ret = GetKernelObjectSecurity(token3, DACL_SECURITY_INFORMATION, NULL, 0, &size); -+ ok(!ret && GetLastError() == ERROR_INSUFFICIENT_BUFFER, -+ "GetKernelObjectSecurity failed with %u\n", GetLastError()); -+ -+ sd2 = HeapAlloc(GetProcessHeap(), 0, size); -+ ret = GetKernelObjectSecurity(token3, DACL_SECURITY_INFORMATION, sd2, size, &size); -+ ok(ret, "GetKernelObjectSecurity failed %u\n", GetLastError()); -+ -+ acl2 = (void *)0xdeadbeef; -+ present = FALSE; -+ defaulted = TRUE; -+ ret = GetSecurityDescriptorDacl(sd2, &present, &acl2, &defaulted); -+ ok(ret, "GetSecurityDescriptorDacl failed with %u\n", GetLastError()); -+ todo_wine -+ ok(present, "acl2 not present\n"); -+ ok(acl2 != (void *)0xdeadbeef, "acl2 not set\n"); -+ ok(!defaulted, "acl2 defaulted\n"); -+ -+ if (acl2) -+ { -+ index = 0; -+ found = FALSE; -+ while (pGetAce( acl2, index++, (void **)&ace )) -+ { -+ if (ace->Header.AceType == ACCESS_ALLOWED_ACE_TYPE && EqualSid(&ace->SidStart, psid)) -+ found = TRUE; -+ } -+ ok(!found, "Access allowed ace got inherited!\n"); -+ } -+ -+ HeapFree(GetProcessHeap(), 0, sd2); -+ - LocalFree(psid); - -+ CloseHandle(token3); - CloseHandle(token2); - CloseHandle(token); - } --- -2.13.1 - diff --git a/patches/server-LABEL_SECURITY_INFORMATION/0007-advapi32-tests-Show-that-tokens-do-not-inherit-dacls.patch b/patches/server-LABEL_SECURITY_INFORMATION/0007-advapi32-tests-Show-that-tokens-do-not-inherit-dacls.patch deleted file mode 100644 index eb5d78f7..00000000 --- a/patches/server-LABEL_SECURITY_INFORMATION/0007-advapi32-tests-Show-that-tokens-do-not-inherit-dacls.patch +++ /dev/null @@ -1,190 +0,0 @@ -From 21b2087eb06737076d603559bc7ba9059f8414d0 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Michael=20M=C3=BCller?= -Date: Thu, 12 Jan 2017 05:37:42 +0100 -Subject: advapi32/tests: Show that tokens do not inherit dacls while creating - child processes. - ---- - dlls/advapi32/tests/security.c | 135 +++++++++++++++++++++++++++++++++++++++-- - 1 file changed, 130 insertions(+), 5 deletions(-) - -diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c -index f4f2519a04..8316de84d7 100644 ---- a/dlls/advapi32/tests/security.c -+++ b/dlls/advapi32/tests/security.c -@@ -6942,13 +6942,16 @@ static void test_token_security_descriptor(void) - { - char buffer_sd[SECURITY_DESCRIPTOR_MIN_LENGTH]; - SECURITY_DESCRIPTOR *sd = (SECURITY_DESCRIPTOR *)&buffer_sd, *sd2; -- char buffer_acl[256]; -- ACL *acl = (ACL *)&buffer_acl, *acl2; -+ char buffer_acl[256], buffer[MAX_PATH]; -+ ACL *acl = (ACL *)&buffer_acl, *acl2, *acl_child; - BOOL defaulted, present, ret; - ACCESS_ALLOWED_ACE *ace; - SECURITY_ATTRIBUTES sa; - HANDLE token, token2, token3; -- DWORD size, index; -+ EXPLICIT_ACCESSW exp_access; -+ PROCESS_INFORMATION info; -+ STARTUPINFOA startup; -+ DWORD size, index, retd; - BOOL found; - PSID psid; - -@@ -7051,6 +7054,76 @@ static void test_token_security_descriptor(void) - - HeapFree(GetProcessHeap(), 0, sd2); - -+ /* When creating a child process, the process does only inherit the -+ * Token of the parent, but not the DACL of the token. -+ */ -+ ret = GetKernelObjectSecurity(token, DACL_SECURITY_INFORMATION, NULL, 0, &size); -+ ok(!ret && GetLastError() == ERROR_INSUFFICIENT_BUFFER, -+ "GetKernelObjectSecurity failed with %u\n", GetLastError()); -+ -+ sd2 = HeapAlloc(GetProcessHeap(), 0, size); -+ ret = GetKernelObjectSecurity(token, DACL_SECURITY_INFORMATION, sd2, size, &size); -+ ok(ret, "GetKernelObjectSecurity failed %u\n", GetLastError()); -+ -+ acl2 = (void *)0xdeadbeef; -+ present = FALSE; -+ defaulted = TRUE; -+ ret = GetSecurityDescriptorDacl(sd2, &present, &acl2, &defaulted); -+ ok(ret, "GetSecurityDescriptorDacl failed with %u\n", GetLastError()); -+ todo_wine -+ ok(present, "acl2 not present\n"); -+ ok(acl2 != (void *)0xdeadbeef, "acl2 not set\n"); -+ ok(!defaulted, "acl2 defaulted\n"); -+ -+ /* check that the ace we add for testing does not already exist! */ -+ if (acl2) -+ { -+ index = 0; -+ found = FALSE; -+ while (pGetAce( acl2, index++, (void **)&ace )) -+ { -+ if (ace->Header.AceType == ACCESS_ALLOWED_ACE_TYPE && EqualSid(&ace->SidStart, psid)) -+ found = TRUE; -+ } -+ ok(!found, "Test ace does already exist!\n"); -+ } -+ -+ exp_access.grfAccessPermissions = GENERIC_ALL; -+ exp_access.grfAccessMode = GRANT_ACCESS; -+ exp_access.grfInheritance = NO_PROPAGATE_INHERIT_ACE; -+ exp_access.Trustee.pMultipleTrustee = NULL; -+ exp_access.Trustee.TrusteeForm = TRUSTEE_IS_SID; -+ exp_access.Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE; -+ exp_access.Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP; -+ exp_access.Trustee.ptstrName = (void*)psid; -+ -+ retd = pSetEntriesInAclW(1, &exp_access, acl2, &acl_child); -+ ok(retd == ERROR_SUCCESS, "Expected ERROR_SUCCESS, got %u\n", retd); -+ -+ memset(sd, 0, sizeof(buffer_sd)); -+ ret = InitializeSecurityDescriptor(sd, SECURITY_DESCRIPTOR_REVISION); -+ ok(ret, "InitializeSecurityDescriptor failed with %u\n", GetLastError()); -+ -+ ret = SetSecurityDescriptorDacl(sd, TRUE, acl_child, FALSE); -+ ok(ret, "SetSecurityDescriptorDacl failed with %u\n", GetLastError()); -+ -+ ret = SetKernelObjectSecurity(token, DACL_SECURITY_INFORMATION, sd); -+ ok(ret, "SetKernelObjectSecurity failed with %u\n", GetLastError()); -+ -+ /* start child process with our modified token */ -+ memset(&startup, 0, sizeof(startup)); -+ startup.cb = sizeof(startup); -+ startup.dwFlags = STARTF_USESHOWWINDOW; -+ startup.wShowWindow = SW_SHOWNORMAL; -+ -+ sprintf(buffer, "%s tests/security.c test_token_sd", myARGV[0]); -+ ret = CreateProcessA(NULL, buffer, NULL, NULL, FALSE, 0, NULL, NULL, &startup, &info); -+ ok(ret, "CreateProcess failed with error %u\n", GetLastError()); -+ winetest_wait_child_process(info.hProcess); -+ CloseHandle(info.hProcess); -+ CloseHandle(info.hThread); -+ -+ LocalFree(acl_child); - LocalFree(psid); - - CloseHandle(token3); -@@ -7197,6 +7270,53 @@ static void test_GetExplicitEntriesFromAclW(void) - HeapFree(GetProcessHeap(), 0, old_acl); - } - -+static void test_child_token_sd(void) -+{ -+ BOOL ret, present, defaulted, found; -+ ACCESS_ALLOWED_ACE *ace_acc; -+ SECURITY_DESCRIPTOR *sd; -+ DWORD size, index; -+ HANDLE token; -+ ACL *pAcl; -+ PSID psid; -+ -+ ret = pConvertStringSidToSidA("S-1-5-6", &psid); -+ ok(ret, "ConvertStringSidToSidA failed with %u\n", GetLastError()); -+ -+ ret = OpenProcessToken(GetCurrentProcess(), MAXIMUM_ALLOWED, &token); -+ ok(ret, "OpenProcessToken failed with error %u\n", GetLastError()); -+ -+ ret = GetKernelObjectSecurity(token, DACL_SECURITY_INFORMATION, NULL, 0, &size); -+ ok(!ret && GetLastError() == ERROR_INSUFFICIENT_BUFFER, -+ "GetKernelObjectSecurity failed with %u\n", GetLastError()); -+ -+ sd = HeapAlloc(GetProcessHeap(), 0, size); -+ ret = GetKernelObjectSecurity(token, DACL_SECURITY_INFORMATION, sd, size, &size); -+ ok(ret, "GetKernelObjectSecurity failed %u\n", GetLastError()); -+ -+ pAcl = NULL; -+ present = FALSE; -+ defaulted = TRUE; -+ ret = GetSecurityDescriptorDacl(sd, &present, &pAcl, &defaulted); -+ ok(ret, "GetSecurityDescriptorSacl failed with %u\n", GetLastError()); -+ -+ index = 0; -+ found = FALSE; -+ if (present && pAcl) -+ { -+ ok(pAcl->AceCount > 0, "Expected at least one ACE\n"); -+ while (pGetAce( pAcl, index++, (void **)&ace_acc )) -+ { -+ if (ace_acc->Header.AceType == ACCESS_ALLOWED_ACE_TYPE && EqualSid(&ace_acc->SidStart, psid)) -+ found = TRUE; -+ } -+ } -+ ok(!found, "The ACE should not haven been inherited from the parent\n"); -+ -+ LocalFree(psid); -+ HeapFree(GetProcessHeap(), 0, sd); -+} -+ - START_TEST(security) - { - init(); -@@ -7204,7 +7324,10 @@ START_TEST(security) - - if (myARGC >= 3) - { -- test_process_security_child(); -+ if (!strcmp(myARGV[2], "test_token_sd")) -+ test_child_token_sd(); -+ else -+ test_process_security_child(); - return; - } - test_kernel_objects_security(); -@@ -7246,6 +7369,8 @@ START_TEST(security) - test_GetSidIdentifierAuthority(); - test_pseudo_tokens(); - test_maximum_allowed(); -- test_token_security_descriptor(); - test_GetExplicitEntriesFromAclW(); -+ -+ /* must be the last test, modifies process token */ -+ test_token_security_descriptor(); - } --- -2.13.1 - diff --git a/patches/server-LABEL_SECURITY_INFORMATION/0008-advapi32-tests-Show-that-tokens-do-not-inherit-sacls.patch b/patches/server-LABEL_SECURITY_INFORMATION/0008-advapi32-tests-Show-that-tokens-do-not-inherit-sacls.patch deleted file mode 100644 index fece32b1..00000000 --- a/patches/server-LABEL_SECURITY_INFORMATION/0008-advapi32-tests-Show-that-tokens-do-not-inherit-sacls.patch +++ /dev/null @@ -1,106 +0,0 @@ -From 3ba5029a2aef625586559621bdcd457d686a9424 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Michael=20M=C3=BCller?= -Date: Thu, 12 Jan 2017 05:45:33 +0100 -Subject: advapi32/tests: Show that tokens do not inherit sacls / mandatory - labels while creating child processes. - ---- - dlls/advapi32/tests/security.c | 61 ++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 61 insertions(+) - -diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c -index 8316de84d7..0ed683103a 100644 ---- a/dlls/advapi32/tests/security.c -+++ b/dlls/advapi32/tests/security.c -@@ -6940,6 +6940,8 @@ static void test_maximum_allowed(void) - - static void test_token_security_descriptor(void) - { -+ static SID low_level = {SID_REVISION, 1, {SECURITY_MANDATORY_LABEL_AUTHORITY}, -+ {SECURITY_MANDATORY_LOW_RID}}; - char buffer_sd[SECURITY_DESCRIPTOR_MIN_LENGTH]; - SECURITY_DESCRIPTOR *sd = (SECURITY_DESCRIPTOR *)&buffer_sd, *sd2; - char buffer_acl[256], buffer[MAX_PATH]; -@@ -7110,6 +7112,28 @@ static void test_token_security_descriptor(void) - ret = SetKernelObjectSecurity(token, DACL_SECURITY_INFORMATION, sd); - ok(ret, "SetKernelObjectSecurity failed with %u\n", GetLastError()); - -+ /* The security label is also not inherited */ -+ if (pAddMandatoryAce) -+ { -+ ret = InitializeAcl(acl, 256, ACL_REVISION); -+ ok(ret, "InitializeAcl failed with %u\n", GetLastError()); -+ -+ ret = pAddMandatoryAce(acl, ACL_REVISION, 0, SYSTEM_MANDATORY_LABEL_NO_WRITE_UP, &low_level); -+ ok(ret, "AddMandatoryAce failed with %u\n", GetLastError()); -+ -+ memset(sd, 0, sizeof(buffer_sd)); -+ ret = InitializeSecurityDescriptor(sd, SECURITY_DESCRIPTOR_REVISION); -+ ok(ret, "InitializeSecurityDescriptor failed with %u\n", GetLastError()); -+ -+ ret = SetSecurityDescriptorSacl(sd, TRUE, acl, FALSE); -+ ok(ret, "SetSecurityDescriptorSacl failed with %u\n", GetLastError()); -+ -+ ret = SetKernelObjectSecurity(token, LABEL_SECURITY_INFORMATION, sd); -+ ok(ret, "SetKernelObjectSecurity failed with %u\n", GetLastError()); -+ } -+ else -+ win_skip("SYSTEM_MANDATORY_LABEL not supported\n"); -+ - /* start child process with our modified token */ - memset(&startup, 0, sizeof(startup)); - startup.cb = sizeof(startup); -@@ -7272,6 +7296,9 @@ static void test_GetExplicitEntriesFromAclW(void) - - static void test_child_token_sd(void) - { -+ static SID low_level = {SID_REVISION, 1, {SECURITY_MANDATORY_LABEL_AUTHORITY}, -+ {SECURITY_MANDATORY_LOW_RID}}; -+ SYSTEM_MANDATORY_LABEL_ACE *ace_label; - BOOL ret, present, defaulted, found; - ACCESS_ALLOWED_ACE *ace_acc; - SECURITY_DESCRIPTOR *sd; -@@ -7315,6 +7342,40 @@ static void test_child_token_sd(void) - - LocalFree(psid); - HeapFree(GetProcessHeap(), 0, sd); -+ -+ if (!pAddMandatoryAce) -+ { -+ win_skip("SYSTEM_MANDATORY_LABEL not supported\n"); -+ return; -+ } -+ -+ ret = GetKernelObjectSecurity(token, LABEL_SECURITY_INFORMATION, NULL, 0, &size); -+ ok(!ret && GetLastError() == ERROR_INSUFFICIENT_BUFFER, -+ "GetKernelObjectSecurity failed with %u\n", GetLastError()); -+ -+ sd = HeapAlloc(GetProcessHeap(), 0, size); -+ ret = GetKernelObjectSecurity(token, LABEL_SECURITY_INFORMATION, sd, size, &size); -+ ok(ret, "GetKernelObjectSecurity failed %u\n", GetLastError()); -+ -+ pAcl = NULL; -+ present = FALSE; -+ defaulted = TRUE; -+ ret = GetSecurityDescriptorSacl(sd, &present, &pAcl, &defaulted); -+ ok(ret, "GetSecurityDescriptorSacl failed with %u\n", GetLastError()); -+ -+ index = 0; -+ found = FALSE; -+ if (present && pAcl) -+ { -+ while (pGetAce( pAcl, index++, (void **)&ace_label )) -+ { -+ if (ace_label->Header.AceType == SYSTEM_MANDATORY_LABEL_ACE_TYPE && EqualSid(&ace_label->SidStart, &low_level)) -+ found = TRUE; -+ } -+ } -+ ok(!found, "Low integrity level should not have been inherited\n"); -+ -+ HeapFree(GetProcessHeap(), 0, sd); - } - - START_TEST(security) --- -2.13.1 - diff --git a/patches/server-LABEL_SECURITY_INFORMATION/0009-server-Assign-a-default-label-high-to-all-tokens.patch b/patches/server-LABEL_SECURITY_INFORMATION/0009-server-Assign-a-default-label-high-to-all-tokens.patch deleted file mode 100644 index 7b65d436..00000000 --- a/patches/server-LABEL_SECURITY_INFORMATION/0009-server-Assign-a-default-label-high-to-all-tokens.patch +++ /dev/null @@ -1,196 +0,0 @@ -From c58ae1d5ffa3fa25798833d84edfc56ae0394753 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Michael=20M=C3=BCller?= -Date: Thu, 12 Jan 2017 05:58:02 +0100 -Subject: server: Assign a default label (high) to all tokens. - ---- - dlls/advapi32/tests/security.c | 42 ++++++++++++++++++++++++++++++++- - server/process.c | 7 ++++++ - server/security.h | 2 ++ - server/token.c | 53 ++++++++++++++++++++++++++++++++++++++++++ - 4 files changed, 103 insertions(+), 1 deletion(-) - -diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c -index 0ed683103a..bc33a623cb 100644 ---- a/dlls/advapi32/tests/security.c -+++ b/dlls/advapi32/tests/security.c -@@ -6386,6 +6386,8 @@ static void test_AddMandatoryAce(void) - {SECURITY_MANDATORY_LOW_RID}}; - static SID medium_level = {SID_REVISION, 1, {SECURITY_MANDATORY_LABEL_AUTHORITY}, - {SECURITY_MANDATORY_MEDIUM_RID}}; -+ static SID high_level = {SID_REVISION, 1, {SECURITY_MANDATORY_LABEL_AUTHORITY}, -+ {SECURITY_MANDATORY_HIGH_RID}}; - static SID_IDENTIFIER_AUTHORITY sia_world = {SECURITY_WORLD_SID_AUTHORITY}; - char buffer_sd[SECURITY_DESCRIPTOR_MIN_LENGTH]; - SECURITY_DESCRIPTOR *sd2, *sd = (SECURITY_DESCRIPTOR *)&buffer_sd; -@@ -6641,6 +6643,45 @@ static void test_AddMandatoryAce(void) - FreeSid(everyone); - HeapFree(GetProcessHeap(), 0, sd2); - CloseHandle(handle); -+ -+ ret = OpenProcessToken(GetCurrentProcess(), READ_CONTROL, &handle); -+ ok(ret, "got %d with %d (expected TRUE)\n", ret, GetLastError()); -+ -+ ret = GetKernelObjectSecurity(handle, LABEL_SECURITY_INFORMATION, NULL, 0, &size); -+ ok(!ret && GetLastError() == ERROR_INSUFFICIENT_BUFFER, -+ "GetKernelObjectSecurity failed with %u\n", GetLastError()); -+ -+ sd2 = HeapAlloc(GetProcessHeap(), 0, size); -+ ret = GetKernelObjectSecurity(handle, LABEL_SECURITY_INFORMATION, sd2, size, &size); -+ ok(ret, "GetKernelObjectSecurity failed %u\n", GetLastError()); -+ -+ sacl = (void *)0xdeadbeef; -+ present = FALSE; -+ defaulted = TRUE; -+ ret = GetSecurityDescriptorSacl(sd2, &present, &sacl, &defaulted); -+ ok(ret, "GetSecurityDescriptorSacl failed with %u\n", GetLastError()); -+ ok(present, "sacl not present\n"); -+ ok(sacl != (void *)0xdeadbeef, "sacl not set\n"); -+ ok(sacl->AceCount == 1, "Expected 1 ACEs, got %d\n", sacl->AceCount); -+ ok(!defaulted, "sacl defaulted\n"); -+ -+ index = 0; -+ found = FALSE; -+ while (pGetAce( sacl, index++, (void **)&ace )) -+ { -+ if (ace->Header.AceType == SYSTEM_MANDATORY_LABEL_ACE_TYPE && -+ (EqualSid(&ace->SidStart, &medium_level) || EqualSid(&ace->SidStart, &high_level))) -+ { -+ found = TRUE; -+ ok(ace->Header.AceFlags == 0, "Expected 0 as flags, got %x\n", ace->Header.AceFlags); -+ ok(ace->Mask == SYSTEM_MANDATORY_LABEL_NO_WRITE_UP, -+ "Expected SYSTEM_MANDATORY_LABEL_NO_WRITE_UP as flag, got %x\n", ace->Mask); -+ } -+ } -+ ok(found, "Could not find medium/high mandatory label\n"); -+ -+ HeapFree(GetProcessHeap(), 0, sd2); -+ CloseHandle(handle); - } - - static void test_system_security_access(void) -@@ -7072,7 +7113,6 @@ static void test_token_security_descriptor(void) - defaulted = TRUE; - ret = GetSecurityDescriptorDacl(sd2, &present, &acl2, &defaulted); - ok(ret, "GetSecurityDescriptorDacl failed with %u\n", GetLastError()); -- todo_wine - ok(present, "acl2 not present\n"); - ok(acl2 != (void *)0xdeadbeef, "acl2 not set\n"); - ok(!defaulted, "acl2 defaulted\n"); -diff --git a/server/process.c b/server/process.c -index 5b1860df14..98dcb21f1a 100644 ---- a/server/process.c -+++ b/server/process.c -@@ -571,6 +571,13 @@ struct thread *create_process( int fd, struct thread *parent_thread, int inherit - } - if (!process->handles || !process->token) goto error; - -+ /* Assign high security label to token. The default would be medium, but wine provides -+ * admin access to all applications, so high makes more sense. For further information: -+ * "Default integrity level" at https://msdn.microsoft.com/en-us/library/bb625963.aspx -+ */ -+ if (!token_assign_label( process->token, security_high_label_sid )) -+ goto error; -+ - /* create the main thread */ - if (pipe( request_pipe ) == -1) - { -diff --git a/server/security.h b/server/security.h -index 4d9db9ae41..606dbb2ab2 100644 ---- a/server/security.h -+++ b/server/security.h -@@ -48,11 +48,13 @@ extern const PSID security_local_system_sid; - extern const PSID security_builtin_users_sid; - extern const PSID security_builtin_admins_sid; - extern const PSID security_domain_users_sid; -+extern const PSID security_high_label_sid; - - - /* token functions */ - - extern struct token *token_create_admin(void); -+extern int token_assign_label( struct token *token, PSID label ); - extern struct token *token_duplicate( struct token *src_token, unsigned primary, - int impersonation_level, const struct security_descriptor *sd ); - extern int token_check_privileges( struct token *token, int all_required, -diff --git a/server/token.c b/server/token.c -index dc3887967c..a1c615eec3 100644 ---- a/server/token.c -+++ b/server/token.c -@@ -70,6 +70,7 @@ static const SID interactive_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, - static const SID anonymous_logon_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ANONYMOUS_LOGON_RID } }; - static const SID authenticated_user_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_AUTHENTICATED_USER_RID } }; - static const SID local_system_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SYSTEM_RID } }; -+static const SID high_label_sid = { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY }, { SECURITY_MANDATORY_HIGH_RID } }; - static const struct /* same fields as struct SID */ - { - BYTE Revision; -@@ -108,6 +109,7 @@ const PSID security_local_user_sid = (PSID)&local_user_sid; - const PSID security_builtin_admins_sid = (PSID)&builtin_admins_sid; - const PSID security_builtin_users_sid = (PSID)&builtin_users_sid; - const PSID security_domain_users_sid = (PSID)&domain_users_sid; -+const PSID security_high_label_sid = (PSID)&high_label_sid; - - static luid_t prev_luid_value = { 1000, 0 }; - -@@ -734,6 +736,57 @@ struct sid_data - unsigned int subauth[MAX_SUBAUTH_COUNT]; - }; - -+static struct security_descriptor *create_security_label_sd( PSID label_sid ) -+{ -+ size_t sid_len = security_sid_len( label_sid ); -+ size_t sacl_size = sizeof(ACL) + FIELD_OFFSET(SYSTEM_MANDATORY_LABEL_ACE, SidStart) + sid_len; -+ size_t sd_size = sizeof(struct security_descriptor) + sacl_size; -+ SYSTEM_MANDATORY_LABEL_ACE *smla; -+ struct security_descriptor *sd; -+ ACL *sacl; -+ -+ sd = mem_alloc( sd_size ); -+ if (!sd) return NULL; -+ -+ sd->control = SE_SACL_PRESENT; -+ sd->owner_len = 0; -+ sd->group_len = 0; -+ sd->sacl_len = sacl_size; -+ sd->dacl_len = 0; -+ -+ sacl = (ACL *)(sd + 1); -+ sacl->AclRevision = ACL_REVISION; -+ sacl->Sbz1 = 0; -+ sacl->AclSize = sacl_size; -+ sacl->AceCount = 1; -+ sacl->Sbz2 = 0; -+ -+ smla = (SYSTEM_MANDATORY_LABEL_ACE *)(sacl + 1); -+ smla->Header.AceType = SYSTEM_MANDATORY_LABEL_ACE_TYPE; -+ smla->Header.AceFlags = 0; -+ smla->Header.AceSize = FIELD_OFFSET(SYSTEM_MANDATORY_LABEL_ACE, SidStart) + sid_len; -+ smla->Mask = SYSTEM_MANDATORY_LABEL_NO_WRITE_UP; -+ memcpy( &smla->SidStart, label_sid, sid_len ); -+ -+ assert( sd_is_valid( sd, sd_size ) ); -+ return sd; -+} -+ -+int token_assign_label( struct token *token, PSID label ) -+{ -+ struct security_descriptor *sd; -+ int ret = 0; -+ -+ if ((sd = create_security_label_sd( label ))) -+ { -+ /* FIXME: this overwrites the complete SACL, not only the label */ -+ ret = set_sd_defaults_from_token( &token->obj, sd, SACL_SECURITY_INFORMATION, token ); -+ free( sd ); -+ } -+ -+ return ret; -+} -+ - struct token *token_create_admin( void ) - { - struct token *token = NULL; --- -2.13.1 - diff --git a/patches/server-LABEL_SECURITY_INFORMATION/definition b/patches/server-LABEL_SECURITY_INFORMATION/definition deleted file mode 100644 index 5fb1129d..00000000 --- a/patches/server-LABEL_SECURITY_INFORMATION/definition +++ /dev/null @@ -1,4 +0,0 @@ -Fixes: [42014] Implement support for LABEL_SECURITY_INFORMATION -Depends: advapi32-GetExplicitEntriesFromAclW -Depends: server-Stored_ACLs -Depends: server-Misc_ACL diff --git a/patches/server-Misc_ACL/0001-server-Add-default-security-descriptor-ownership-for.patch b/patches/server-Misc_ACL/0001-server-Add-default-security-descriptor-ownership-for.patch index 6176b861..28a442e2 100644 --- a/patches/server-Misc_ACL/0001-server-Add-default-security-descriptor-ownership-for.patch +++ b/patches/server-Misc_ACL/0001-server-Add-default-security-descriptor-ownership-for.patch @@ -1,4 +1,4 @@ -From 2380d7451dc978cdab3ebcbeb75272c9147d0f68 Mon Sep 17 00:00:00 2001 +From 8bffcd9ad57c8c1b13f38045585043b7003c7c0c Mon Sep 17 00:00:00 2001 From: "Erich E. Hoover" Date: Wed, 25 Jun 2014 11:49:12 -0600 Subject: server: Add default security descriptor ownership for processes. @@ -11,10 +11,10 @@ Subject: server: Add default security descriptor ownership for processes. 4 files changed, 69 insertions(+), 1 deletion(-) diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c -index 498d19a..c09b097 100644 +index ca5edffae5..acbf124be8 100644 --- a/dlls/advapi32/tests/security.c +++ b/dlls/advapi32/tests/security.c -@@ -4303,11 +4303,15 @@ static void test_acls(void) +@@ -4542,11 +4542,15 @@ static void test_acls(void) static void test_GetSecurityInfo(void) { @@ -30,7 +30,7 @@ index 498d19a..c09b097 100644 ACL_SIZE_INFORMATION acl_size; PSECURITY_DESCRIPTOR pSD; ACCESS_ALLOWED_ACE *ace; -@@ -4434,6 +4438,37 @@ static void test_GetSecurityInfo(void) +@@ -4673,6 +4677,37 @@ static void test_GetSecurityInfo(void) } LocalFree(pSD); CloseHandle(obj); @@ -69,7 +69,7 @@ index 498d19a..c09b097 100644 static void test_GetSidSubAuthority(void) diff --git a/server/process.c b/server/process.c -index d51c884..14e36b0 100644 +index 2327a2664b..de6b1ed020 100644 --- a/server/process.c +++ b/server/process.c @@ -62,6 +62,7 @@ static int shutdown_stage; /* current stage in the shutdown process */ @@ -89,7 +89,7 @@ index d51c884..14e36b0 100644 default_set_sd, /* set_sd */ no_lookup_name, /* lookup_name */ no_link_name, /* link_name */ -@@ -664,6 +665,29 @@ static unsigned int process_map_access( struct object *obj, unsigned int access +@@ -671,6 +672,29 @@ static unsigned int process_map_access( struct object *obj, unsigned int access return access & ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL); } @@ -120,7 +120,7 @@ index d51c884..14e36b0 100644 { struct process *process = get_fd_user( fd ); diff --git a/server/security.h b/server/security.h -index 925a85b..bdb7d42 100644 +index 873bbc6afd..606dbb2ab2 100644 --- a/server/security.h +++ b/server/security.h @@ -47,6 +47,7 @@ extern const PSID security_local_user_sid; @@ -128,14 +128,14 @@ index 925a85b..bdb7d42 100644 extern const PSID security_builtin_users_sid; extern const PSID security_builtin_admins_sid; +extern const PSID security_domain_users_sid; + extern const PSID security_high_label_sid; - /* token functions */ diff --git a/server/token.c b/server/token.c -index ca12813..d66c39a 100644 +index 532d7b7405..1aa1c993df 100644 --- a/server/token.c +++ b/server/token.c -@@ -91,6 +91,13 @@ static const struct /* same fields as struct SID */ +@@ -92,6 +92,13 @@ static const struct /* same fields as struct SID */ SID_IDENTIFIER_AUTHORITY IdentifierAuthority; DWORD SubAuthority[2]; } builtin_users_sid = { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_USERS } }; @@ -149,14 +149,14 @@ index ca12813..d66c39a 100644 const PSID security_world_sid = (PSID)&world_sid; static const PSID security_local_sid = (PSID)&local_sid; -@@ -100,6 +107,7 @@ const PSID security_local_system_sid = (PSID)&local_system_sid; +@@ -101,6 +108,7 @@ const PSID security_local_system_sid = (PSID)&local_system_sid; const PSID security_local_user_sid = (PSID)&local_user_sid; const PSID security_builtin_admins_sid = (PSID)&builtin_admins_sid; const PSID security_builtin_users_sid = (PSID)&builtin_users_sid; +const PSID security_domain_users_sid = (PSID)&domain_users_sid; + const PSID security_high_label_sid = (PSID)&high_label_sid; static luid_t prev_luid_value = { 1000, 0 }; - -- -2.7.0 +2.13.1 diff --git a/patches/windowscodecs-TIFF_Support/0011-windowscodecs-Add-support-for-32bppCMYK-and-64bppCMY.patch b/patches/windowscodecs-TIFF_Support/0011-windowscodecs-Add-support-for-32bppCMYK-and-64bppCMY.patch index 884217d7..348004b1 100644 --- a/patches/windowscodecs-TIFF_Support/0011-windowscodecs-Add-support-for-32bppCMYK-and-64bppCMY.patch +++ b/patches/windowscodecs-TIFF_Support/0011-windowscodecs-Add-support-for-32bppCMYK-and-64bppCMY.patch @@ -1,4 +1,4 @@ -From e8d59694358c592df65e9e1f1600df2946f3b2cb Mon Sep 17 00:00:00 2001 +From d57197600db7bb0c9f5f3c935ea568cf526d7cb9 Mon Sep 17 00:00:00 2001 From: Dmitry Timoshkov Date: Fri, 9 Dec 2016 12:52:36 +0800 Subject: windowscodecs: Add support for 32bppCMYK and 64bppCMYK formats to @@ -11,7 +11,7 @@ Subject: windowscodecs: Add support for 32bppCMYK and 64bppCMYK formats to 3 files changed, 38 insertions(+), 1 deletion(-) diff --git a/dlls/windowscodecs/regsvr.c b/dlls/windowscodecs/regsvr.c -index f695d3e40a5..9024574e808 100644 +index f695d3e40a..9024574e80 100644 --- a/dlls/windowscodecs/regsvr.c +++ b/dlls/windowscodecs/regsvr.c @@ -1224,6 +1224,8 @@ static GUID const * const tiff_decode_formats[] = { @@ -42,7 +42,7 @@ index f695d3e40a5..9024574e808 100644 "The Wine Project", "128bpp RGBAFloat", diff --git a/dlls/windowscodecs/tiffformat.c b/dlls/windowscodecs/tiffformat.c -index 151b999a359..414c92195ea 100644 +index 151b999a35..414c92195e 100644 --- a/dlls/windowscodecs/tiffformat.c +++ b/dlls/windowscodecs/tiffformat.c @@ -507,8 +507,31 @@ static HRESULT tiff_get_decode_info(TIFF *tiff, tiff_decode_info *decode_info) @@ -79,7 +79,7 @@ index 151b999a359..414c92195ea 100644 case 8: /* CIELab */ default: diff --git a/include/wincodec.idl b/include/wincodec.idl -index 73e867f733b..b2fa4a843fe 100644 +index 0e279f590e..3132bf6b3b 100644 --- a/include/wincodec.idl +++ b/include/wincodec.idl @@ -218,6 +218,7 @@ cpp_quote("DEFINE_GUID(GUID_WICPixelFormat64bppPRGBA, 0x6fddc324,0x4e03,0x4bfe,0 @@ -89,7 +89,7 @@ index 73e867f733b..b2fa4a843fe 100644 +cpp_quote("DEFINE_GUID(GUID_WICPixelFormat64bppCMYK, 0x6fddc324,0x4e03,0x4bfe,0xb1,0x85,0x3d,0x77,0x76,0x8d,0xc9,0x1f);") cpp_quote("#if 0") - typedef DWORD *ID2D1Device; + typedef DWORD *D2D1_PIXEL_FORMAT; -- 2.13.1 diff --git a/patches/wined3d-CSMT_Main/9999-IfDefined.patch b/patches/wined3d-CSMT_Main/9999-IfDefined.patch index 3b469246..af7ffcdd 100644 --- a/patches/wined3d-CSMT_Main/9999-IfDefined.patch +++ b/patches/wined3d-CSMT_Main/9999-IfDefined.patch @@ -512,7 +512,7 @@ diff --git a/dlls/wined3d/texture.c b/dlls/wined3d/texture.c if (resource->type == WINED3D_RTYPE_TEXTURE_2D) { -@@ -2981,7 +3053,11 @@ static BOOL texture3d_load_location(struct wined3d_texture *texture, unsigned in +@@ -2969,7 +3041,11 @@ static BOOL texture3d_load_location(struct wined3d_texture *texture, unsigned in } else if (sub_resource->locations & WINED3D_LOCATION_BUFFER) { @@ -524,7 +524,7 @@ diff --git a/dlls/wined3d/texture.c b/dlls/wined3d/texture.c wined3d_texture_bind_and_dirtify(texture, context, location == WINED3D_LOCATION_TEXTURE_SRGB); wined3d_texture_get_pitch(texture, sub_resource_idx, &row_pitch, &slice_pitch); -@@ -3027,7 +3103,11 @@ static BOOL texture3d_load_location(struct wined3d_texture *texture, unsigned in +@@ -3015,7 +3091,11 @@ static BOOL texture3d_load_location(struct wined3d_texture *texture, unsigned in case WINED3D_LOCATION_BUFFER: if (sub_resource->locations & (WINED3D_LOCATION_TEXTURE_RGB | WINED3D_LOCATION_TEXTURE_SRGB)) { @@ -536,7 +536,7 @@ diff --git a/dlls/wined3d/texture.c b/dlls/wined3d/texture.c if (sub_resource->locations & WINED3D_LOCATION_TEXTURE_RGB) wined3d_texture_bind_and_dirtify(texture, context, FALSE); -@@ -3245,8 +3325,19 @@ HRESULT CDECL wined3d_texture_blt(struct wined3d_texture *dst_texture, unsigned +@@ -3233,8 +3313,19 @@ HRESULT CDECL wined3d_texture_blt(struct wined3d_texture *dst_texture, unsigned if (dst_texture->sub_resources[dst_sub_resource_idx].map_count || src_texture->sub_resources[src_sub_resource_idx].map_count) { diff --git a/patches/wined3d-GDI_Rendering/0001-wined3d-Avoid-NULL-pointer-dereference-when-using-GD.patch b/patches/wined3d-GDI_Rendering/0001-wined3d-Avoid-NULL-pointer-dereference-when-using-GD.patch deleted file mode 100644 index c8b1af23..00000000 --- a/patches/wined3d-GDI_Rendering/0001-wined3d-Avoid-NULL-pointer-dereference-when-using-GD.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 9dc3f3172083cf450ad72c3a8294f592c70e9114 Mon Sep 17 00:00:00 2001 -From: Sebastian Lackner -Date: Fri, 16 Jun 2017 16:01:04 +0200 -Subject: wined3d: Avoid NULL pointer dereference when using GDI renderer. - -Fixes a regression introduced in 62ca4f38269139ef2a8b9842ec538d9e7f7a0e76. - -Signed-off-by: Sebastian Lackner ---- - dlls/wined3d/context.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/dlls/wined3d/context.c b/dlls/wined3d/context.c -index 0f6054226b..fbc73ca9a1 100644 ---- a/dlls/wined3d/context.c -+++ b/dlls/wined3d/context.c -@@ -2703,12 +2703,13 @@ void context_bind_texture(struct wined3d_context *context, GLenum target, GLuint - void *context_map_bo_address(struct wined3d_context *context, - const struct wined3d_bo_address *data, size_t size, GLenum binding, DWORD flags) - { -- const struct wined3d_gl_info *gl_info = context->gl_info; -+ const struct wined3d_gl_info *gl_info; - BYTE *memory; - - if (!data->buffer_object) - return data->addr; - -+ gl_info = context->gl_info; - context_bind_bo(context, binding, data->buffer_object); - - if (gl_info->supported[ARB_MAP_BUFFER_RANGE]) -@@ -2731,11 +2732,12 @@ void *context_map_bo_address(struct wined3d_context *context, - void context_unmap_bo_address(struct wined3d_context *context, - const struct wined3d_bo_address *data, GLenum binding) - { -- const struct wined3d_gl_info *gl_info = context->gl_info; -+ const struct wined3d_gl_info *gl_info; - - if (!data->buffer_object) - return; - -+ gl_info = context->gl_info; - context_bind_bo(context, binding, data->buffer_object); - GL_EXTCALL(glUnmapBuffer(binding)); - context_bind_bo(context, binding, 0); --- -2.13.1 - diff --git a/patches/wined3d-GDI_Rendering/0002-wined3d-Create-CPU-blitter-also-for-GDI-render.patch b/patches/wined3d-GDI_Rendering/0002-wined3d-Create-CPU-blitter-also-for-GDI-render.patch deleted file mode 100644 index 6f9e442e..00000000 --- a/patches/wined3d-GDI_Rendering/0002-wined3d-Create-CPU-blitter-also-for-GDI-render.patch +++ /dev/null @@ -1,44 +0,0 @@ -From e18e871d92506bae4647566f55841db205d61475 Mon Sep 17 00:00:00 2001 -From: Sebastian Lackner -Date: Fri, 16 Jun 2017 16:01:34 +0200 -Subject: wined3d: Create CPU blitter also for GDI render. - -Fixes a regression introduced in cad4badbcf25992e0c61521aa15e639c2611f5d6. - -Signed-off-by: Sebastian Lackner ---- - dlls/wined3d/device.c | 11 +++++++++++ - 1 file changed, 11 insertions(+) - -diff --git a/dlls/wined3d/device.c b/dlls/wined3d/device.c -index ded4af6616..3d12e417a4 100644 ---- a/dlls/wined3d/device.c -+++ b/dlls/wined3d/device.c -@@ -1164,6 +1164,15 @@ HRESULT CDECL wined3d_device_init_gdi(struct wined3d_device *device, - goto err_out; - } - device->swapchains[0] = swapchain; -+ -+ if (!(device->blitter = wined3d_cpu_blitter_create())) -+ { -+ ERR("Failed to create CPU blitter.\n"); -+ HeapFree(GetProcessHeap(), 0, device->swapchains); -+ device->swapchain_count = 0; -+ goto err_out; -+ } -+ - return WINED3D_OK; - - err_out: -@@ -1252,6 +1261,8 @@ HRESULT CDECL wined3d_device_uninit_gdi(struct wined3d_device *device) - { - unsigned int i; - -+ device->blitter->ops->blitter_destroy(device->blitter, NULL); -+ - for (i = 0; i < device->swapchain_count; ++i) - { - TRACE("Releasing the implicit swapchain %u.\n", i); --- -2.13.1 - diff --git a/patches/wined3d-GDI_Rendering/0003-wined3d-Fix-memory-leaks-in-blitter_destroy-callback.patch b/patches/wined3d-GDI_Rendering/0003-wined3d-Fix-memory-leaks-in-blitter_destroy-callback.patch deleted file mode 100644 index c3292f80..00000000 --- a/patches/wined3d-GDI_Rendering/0003-wined3d-Fix-memory-leaks-in-blitter_destroy-callback.patch +++ /dev/null @@ -1,44 +0,0 @@ -From bb63fe5dc5aec0dc8fec304f1d7ce790f684dfce Mon Sep 17 00:00:00 2001 -From: Sebastian Lackner -Date: Fri, 16 Jun 2017 16:01:58 +0200 -Subject: wined3d: Fix memory leaks in blitter_destroy callbacks. - -Signed-off-by: Sebastian Lackner ---- - dlls/wined3d/surface.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/dlls/wined3d/surface.c b/dlls/wined3d/surface.c -index abdeb9cac0..af8b5b4cb3 100644 ---- a/dlls/wined3d/surface.c -+++ b/dlls/wined3d/surface.c -@@ -2394,6 +2394,8 @@ static void fbo_blitter_destroy(struct wined3d_blitter *blitter, struct wined3d_ - - if ((next = blitter->next)) - next->ops->blitter_destroy(next, context); -+ -+ HeapFree(GetProcessHeap(), 0, blitter); - } - - static void fbo_blitter_clear(struct wined3d_blitter *blitter, struct wined3d_device *device, -@@ -2476,6 +2478,8 @@ static void ffp_blitter_destroy(struct wined3d_blitter *blitter, struct wined3d_ - - if ((next = blitter->next)) - next->ops->blitter_destroy(next, context); -+ -+ HeapFree(GetProcessHeap(), 0, blitter); - } - - static BOOL ffp_blit_supported(const struct wined3d_gl_info *gl_info, -@@ -2766,6 +2770,8 @@ static void cpu_blitter_destroy(struct wined3d_blitter *blitter, struct wined3d_ - - if ((next = blitter->next)) - next->ops->blitter_destroy(next, context); -+ -+ HeapFree(GetProcessHeap(), 0, blitter); - } - - static HRESULT surface_cpu_blt_compressed(const BYTE *src_data, BYTE *dst_data, --- -2.13.1 - diff --git a/patches/wined3d-GDI_Rendering/0004-wined3d-Trigger-frontbuffer-update-in-surface_cpu_bl.patch b/patches/wined3d-GDI_Rendering/0004-wined3d-Trigger-frontbuffer-update-in-surface_cpu_bl.patch deleted file mode 100644 index 2f8a8b0a..00000000 --- a/patches/wined3d-GDI_Rendering/0004-wined3d-Trigger-frontbuffer-update-in-surface_cpu_bl.patch +++ /dev/null @@ -1,84 +0,0 @@ -From 4bc32d1d59b90666b20523e692e9cfc724eacecd Mon Sep 17 00:00:00 2001 -From: Sebastian Lackner -Date: Fri, 16 Jun 2017 16:03:22 +0200 -Subject: wined3d: Trigger frontbuffer update in surface_cpu_blt. - -Fixes a regression introduced in ee17d7ba1b72b26baae90c1d5e2ae5b3e4721654. - -Signed-off-by: Sebastian Lackner ---- - dlls/wined3d/surface.c | 3 +++ - dlls/wined3d/texture.c | 22 +++++++++++++++++----- - dlls/wined3d/wined3d_private.h | 2 ++ - 3 files changed, 22 insertions(+), 5 deletions(-) - -diff --git a/dlls/wined3d/surface.c b/dlls/wined3d/surface.c -index af8b5b4cb3..88ae765e17 100644 ---- a/dlls/wined3d/surface.c -+++ b/dlls/wined3d/surface.c -@@ -3343,6 +3343,9 @@ release: - context_unmap_bo_address(context, &dst_data, GL_PIXEL_UNPACK_BUFFER); - if (!same_sub_resource) - context_unmap_bo_address(context, &src_data, GL_PIXEL_UNPACK_BUFFER); -+ -+ swapchain_frontbuffer_updated(dst_texture, dst_sub_resource_idx, dst_box); -+ - if (converted_texture) - wined3d_texture_decref(converted_texture); - if (context) -diff --git a/dlls/wined3d/texture.c b/dlls/wined3d/texture.c -index 476295cecc..9de8b93c5a 100644 ---- a/dlls/wined3d/texture.c -+++ b/dlls/wined3d/texture.c -@@ -1979,6 +1979,22 @@ static HRESULT texture_resource_sub_resource_map(struct wined3d_resource *resour - return WINED3D_OK; - } - -+void swapchain_frontbuffer_updated(struct wined3d_texture *texture, unsigned int sub_resource_idx, -+ const struct wined3d_box *box) -+{ -+ struct wined3d_texture_sub_resource *sub_resource; -+ -+ if (!texture->swapchain || texture->swapchain->front_buffer != texture) -+ return; -+ if (!(sub_resource = wined3d_texture_get_sub_resource(texture, sub_resource_idx))) -+ return; -+ if (sub_resource->locations & (WINED3D_LOCATION_DRAWABLE | WINED3D_LOCATION_TEXTURE_RGB)) -+ return; -+ -+ if (box) SetRect(&texture->swapchain->front_buffer_update, box->left, box->top, box->right, box->bottom); -+ texture->swapchain->swapchain_ops->swapchain_frontbuffer_updated(texture->swapchain); -+} -+ - static HRESULT texture_resource_sub_resource_unmap(struct wined3d_resource *resource, unsigned int sub_resource_idx) - { - struct wined3d_texture_sub_resource *sub_resource; -@@ -2010,11 +2026,7 @@ static HRESULT texture_resource_sub_resource_unmap(struct wined3d_resource *reso - if (context) - context_release(context); - -- if (texture->swapchain && texture->swapchain->front_buffer == texture) -- { -- if (!(sub_resource->locations & (WINED3D_LOCATION_DRAWABLE | WINED3D_LOCATION_TEXTURE_RGB))) -- texture->swapchain->swapchain_ops->swapchain_frontbuffer_updated(texture->swapchain); -- } -+ swapchain_frontbuffer_updated(texture, sub_resource_idx, NULL); - - --sub_resource->map_count; - if (!--resource->map_count && texture->update_map_binding) -diff --git a/dlls/wined3d/wined3d_private.h b/dlls/wined3d/wined3d_private.h -index 1025c98f18..e394931573 100644 ---- a/dlls/wined3d/wined3d_private.h -+++ b/dlls/wined3d/wined3d_private.h -@@ -3686,6 +3686,8 @@ void swapchain_destroy_contexts(struct wined3d_swapchain *swapchain) DECLSPEC_HI - HDC swapchain_get_backup_dc(struct wined3d_swapchain *swapchain) DECLSPEC_HIDDEN; - void swapchain_update_draw_bindings(struct wined3d_swapchain *swapchain) DECLSPEC_HIDDEN; - void swapchain_update_swap_interval(struct wined3d_swapchain *swapchain) DECLSPEC_HIDDEN; -+void swapchain_frontbuffer_updated(struct wined3d_texture *texture, unsigned int sub_resource_idx, -+ const struct wined3d_box *box) DECLSPEC_HIDDEN; - - /***************************************************************************** - * Utility function prototypes --- -2.13.1 - diff --git a/patches/wined3d-GDI_Rendering/definition b/patches/wined3d-GDI_Rendering/definition deleted file mode 100644 index 2f2168cf..00000000 --- a/patches/wined3d-GDI_Rendering/definition +++ /dev/null @@ -1 +0,0 @@ -Fixes: Multiple regression fixes for GDI rendering diff --git a/patches/winemp3.acm-MPEG3_StreamOpen/0001-winemp3.acm-Check-input-format-in-MPEG3_StreamOpen.patch b/patches/winemp3.acm-MPEG3_StreamOpen/0001-winemp3.acm-Check-input-format-in-MPEG3_StreamOpen.patch index 6b428440..a4c38bf4 100644 --- a/patches/winemp3.acm-MPEG3_StreamOpen/0001-winemp3.acm-Check-input-format-in-MPEG3_StreamOpen.patch +++ b/patches/winemp3.acm-MPEG3_StreamOpen/0001-winemp3.acm-Check-input-format-in-MPEG3_StreamOpen.patch @@ -1,4 +1,4 @@ -From a9e9bf9a348ddd771fd405dae8dcbe9fcb42ddb3 Mon Sep 17 00:00:00 2001 +From 4e90e07da9b0880527ac5aed3d2d27b2ba094d83 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20M=C3=BCller?= Date: Sun, 21 Aug 2016 02:36:47 +0200 Subject: winemp3.acm: Check input format in MPEG3_StreamOpen. @@ -9,10 +9,10 @@ Subject: winemp3.acm: Check input format in MPEG3_StreamOpen. 2 files changed, 85 insertions(+), 1 deletion(-) diff --git a/dlls/msacm32/tests/msacm.c b/dlls/msacm32/tests/msacm.c -index 44a6febb662..21cc10bd45e 100644 +index a485f9a197..13532a4980 100644 --- a/dlls/msacm32/tests/msacm.c +++ b/dlls/msacm32/tests/msacm.c -@@ -1151,6 +1151,76 @@ static void test_acmFormatTagDetails(void) +@@ -1249,6 +1249,76 @@ static void test_acmFormatTagDetails(void) ok(aftd.cbFormatSize == sizeof(MPEGLAYER3WAVEFORMAT), "got %d\n", aftd.cbFormatSize); } @@ -89,8 +89,8 @@ index 44a6febb662..21cc10bd45e 100644 static struct { struct -@@ -1319,6 +1389,7 @@ START_TEST(msacm) - test_prepareheader(); +@@ -1418,6 +1488,7 @@ START_TEST(msacm) + test_convert(); test_acmFormatSuggest(); test_acmFormatTagDetails(); + test_mp3(); @@ -98,7 +98,7 @@ index 44a6febb662..21cc10bd45e 100644 * with other tests due to codec lookup order */ test_acmDriverAdd(); diff --git a/dlls/winemp3.acm/mpegl3.c b/dlls/winemp3.acm/mpegl3.c -index 13a6109a77a..b5ba4c6d834 100644 +index 13a6109a77..b5ba4c6d83 100644 --- a/dlls/winemp3.acm/mpegl3.c +++ b/dlls/winemp3.acm/mpegl3.c @@ -215,6 +215,7 @@ static void MPEG3_Reset(PACMDRVSTREAMINSTANCE adsi, AcmMpeg3Data* aad)