From d1f4a25cbdcdd894899329125c6c50e0e2dc6902 Mon Sep 17 00:00:00 2001 From: Sebastian Lackner Date: Fri, 10 Jul 2015 20:55:42 +0200 Subject: [PATCH] Revert security cookie patch causing regression in multiple applications. --- README.md | 4 +- debian/changelog | 1 + ...domize-security-cookie-when-availabl.patch | 51 ++++++++++++++++++ .../ntdll-Revert_Security_Cookie/definition | 2 + patches/patchinstall.sh | 54 +++++++++++++------ 5 files changed, 94 insertions(+), 18 deletions(-) create mode 100644 patches/ntdll-Revert_Security_Cookie/0001-Revert-ntdll-Randomize-security-cookie-when-availabl.patch create mode 100644 patches/ntdll-Revert_Security_Cookie/definition diff --git a/README.md b/README.md index 2bf99595..2d3e9b13 100644 --- a/README.md +++ b/README.md @@ -39,9 +39,11 @@ Wine. All those differences are also documented on the Included bug fixes and improvements ----------------------------------- -**Bug fixes and features included in the next upcoming release [2]:** +**Bug fixes and features included in the next upcoming release [4]:** * Increase buffer size in widl/typegen.c to avoid buffer overflow ([Wine Bug #37129](https://bugs.winehq.org/show_bug.cgi?id=37129)) +* Revert patch causing crash in IrfanView when using the WebP plugin ([Wine Bug #38895](https://bugs.winehq.org/show_bug.cgi?id=38895)) +* Revert patch causing crash in Word Viewer when opening docx files ([Wine Bug #38897](https://bugs.winehq.org/show_bug.cgi?id=38897)) * Silence repeated wbemprox "timeout not supported" fixme ([Wine Bug #37618](https://bugs.winehq.org/show_bug.cgi?id=37618)) diff --git a/debian/changelog b/debian/changelog index 32855502..34bc7dc6 100644 --- a/debian/changelog +++ b/debian/changelog @@ -4,6 +4,7 @@ wine-staging (1.7.47) UNRELEASED; urgency=low * Added patch to silence repeated wbemprox "timeout not supported" fixme. * Added patch to increase buffer size in widl/typegen.c to avoid buffer overflow. + * Revert security cookie patch causing regression in multiple applications. * Removed patch to implement kernel32.GetNumaProcessorNode (accepted upstream). * Removed patch to initialize *end with NULL on failure in msvcrt.strtod diff --git a/patches/ntdll-Revert_Security_Cookie/0001-Revert-ntdll-Randomize-security-cookie-when-availabl.patch b/patches/ntdll-Revert_Security_Cookie/0001-Revert-ntdll-Randomize-security-cookie-when-availabl.patch new file mode 100644 index 00000000..01b8e5d5 --- /dev/null +++ b/patches/ntdll-Revert_Security_Cookie/0001-Revert-ntdll-Randomize-security-cookie-when-availabl.patch @@ -0,0 +1,51 @@ +From 2322a6e69849a1537724b0fe7dd08a3edea83e0c Mon Sep 17 00:00:00 2001 +From: Sebastian Lackner +Date: Fri, 10 Jul 2015 20:40:01 +0200 +Subject: Revert "ntdll: Randomize security cookie when available." + +This reverts commit 7e1c886fbfd362376b6aebe5381ab7d4433c3371. +--- + dlls/ntdll/virtual.c | 20 -------------------- + 1 file changed, 20 deletions(-) + +diff --git a/dlls/ntdll/virtual.c b/dlls/ntdll/virtual.c +index 410e060..bc3f7cd 100644 +--- a/dlls/ntdll/virtual.c ++++ b/dlls/ntdll/virtual.c +@@ -1067,8 +1067,6 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz + IMAGE_SECTION_HEADER sections[96]; + IMAGE_SECTION_HEADER *sec; + IMAGE_DATA_DIRECTORY *imports; +- IMAGE_LOAD_CONFIG_DIRECTORY *loadcfg; +- ULONG loadcfg_size; + NTSTATUS status = STATUS_CONFLICTING_ADDRESSES; + int i; + off_t pos; +@@ -1280,24 +1278,6 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz + } + } + +- /* randomize security cookie */ +- +- loadcfg = RtlImageDirectoryEntryToData( (HMODULE)ptr, TRUE, +- IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG, &loadcfg_size ); +- if (loadcfg && loadcfg_size >= sizeof(*loadcfg)) +- { +- static ULONG seed; +- ULONG_PTR *cookie = (ULONG_PTR *)loadcfg->SecurityCookie; +- +- if (!seed) seed = NtGetTickCount() ^ GetCurrentProcessId(); +- if (cookie) +- { +- *cookie = RtlRandom( &seed ); +- if (sizeof(ULONG_PTR) > sizeof(ULONG)) /* fill up, but keep the highest word clear */ +- *cookie ^= (ULONG_PTR)RtlRandom( &seed ) << 16; +- } +- } +- + /* set the image protections */ + + VIRTUAL_SetProt( view, ptr, ROUND_SIZE( 0, header_size ), VPROT_COMMITTED | VPROT_READ ); +-- +2.4.5 + diff --git a/patches/ntdll-Revert_Security_Cookie/definition b/patches/ntdll-Revert_Security_Cookie/definition new file mode 100644 index 00000000..b61e8b6e --- /dev/null +++ b/patches/ntdll-Revert_Security_Cookie/definition @@ -0,0 +1,2 @@ +Fixes: [38897] Revert patch causing crash in Word Viewer when opening docx files +Fixes: [38895] Revert patch causing crash in IrfanView when using the WebP plugin diff --git a/patches/patchinstall.sh b/patches/patchinstall.sh index dcf0d954..4c4c2c14 100755 --- a/patches/patchinstall.sh +++ b/patches/patchinstall.sh @@ -168,6 +168,7 @@ patch_enable_all () enable_ntdll_NtQuerySection="$1" enable_ntdll_NtSetLdtEntries="$1" enable_ntdll_Pipe_SpecialCharacters="$1" + enable_ntdll_Revert_Security_Cookie="$1" enable_ntdll_RtlIpStringToAddress="$1" enable_ntdll_ThreadTime="$1" enable_ntdll_Threading="$1" @@ -577,6 +578,9 @@ patch_enable () ntdll-Pipe_SpecialCharacters) enable_ntdll_Pipe_SpecialCharacters="$2" ;; + ntdll-Revert_Security_Cookie) + enable_ntdll_Revert_Security_Cookie="$2" + ;; ntdll-RtlIpStringToAddress) enable_ntdll_RtlIpStringToAddress="$2" ;; @@ -1972,6 +1976,23 @@ if test "$enable_Staging" -eq 1; then ) >> "$patchlist" fi +# Patchset server-Misc_ACL +# | +# | This patchset fixes the following Wine bugs: +# | * [#15980] GetSecurityInfo returns NULL DACL for process object +# | +# | Modified files: +# | * dlls/advapi32/tests/security.c, server/process.c, server/security.h, server/token.c +# | +if test "$enable_server_Misc_ACL" -eq 1; then + patch_apply server-Misc_ACL/0001-server-Add-default-security-descriptor-ownership-for.patch + patch_apply server-Misc_ACL/0002-server-Add-default-security-descriptor-DACL-for-proc.patch + ( + echo '+ { "Erich E. Hoover", "server: Add default security descriptor ownership for processes.", 1 },'; + echo '+ { "Erich E. Hoover", "server: Add default security descriptor DACL for processes.", 1 },'; + ) >> "$patchlist" +fi + # Patchset server-CreateProcess_ACLs # | # | This patchset fixes the following Wine bugs: @@ -1991,23 +2012,6 @@ if test "$enable_server_CreateProcess_ACLs" -eq 1; then ) >> "$patchlist" fi -# Patchset server-Misc_ACL -# | -# | This patchset fixes the following Wine bugs: -# | * [#15980] GetSecurityInfo returns NULL DACL for process object -# | -# | Modified files: -# | * dlls/advapi32/tests/security.c, server/process.c, server/security.h, server/token.c -# | -if test "$enable_server_Misc_ACL" -eq 1; then - patch_apply server-Misc_ACL/0001-server-Add-default-security-descriptor-ownership-for.patch - patch_apply server-Misc_ACL/0002-server-Add-default-security-descriptor-DACL-for-proc.patch - ( - echo '+ { "Erich E. Hoover", "server: Add default security descriptor ownership for processes.", 1 },'; - echo '+ { "Erich E. Hoover", "server: Add default security descriptor DACL for processes.", 1 },'; - ) >> "$patchlist" -fi - # Patchset advapi32-LsaLookupSids # | # | Modified files: @@ -3555,6 +3559,22 @@ if test "$enable_ntdll_Pipe_SpecialCharacters" -eq 1; then ) >> "$patchlist" fi +# Patchset ntdll-Revert_Security_Cookie +# | +# | This patchset fixes the following Wine bugs: +# | * [#38897] Revert patch causing crash in Word Viewer when opening docx files +# | * [#38895] Revert patch causing crash in IrfanView when using the WebP plugin +# | +# | Modified files: +# | * dlls/ntdll/virtual.c +# | +if test "$enable_ntdll_Revert_Security_Cookie" -eq 1; then + patch_apply ntdll-Revert_Security_Cookie/0001-Revert-ntdll-Randomize-security-cookie-when-availabl.patch + ( + echo '+ { "Sebastian Lackner", "Revert \"ntdll: Randomize security cookie when available.\".", 1 },'; + ) >> "$patchlist" +fi + # Patchset ntdll-RtlIpStringToAddress # | # | Modified files: