Commit Graph

5057 Commits

Author SHA1 Message Date
Zebediah Figura
b582d2d018 Rebase against 4904d90870a716fda971fc12240ddbc23323475c. 2021-04-12 16:54:57 -05:00
Zebediah Figura
00aab80494 Release v6.6 2021-04-09 17:47:34 -05:00
Zebediah Figura
86424f3ac1 bcrypt-ECDHSecretAgreement: Remove a commented "Disabled: true" directive. 2021-04-09 17:40:52 -05:00
Zebediah Figura
661df7b889 user32-rawinput-*: Replace with new patches from Rémi Bernon. 2021-04-09 17:39:38 -05:00
Zebediah Figura
64ea26c0cb Rebase against a24bdfc2c69c5648cbb3df762149b2647e209a09. 2021-04-09 15:23:33 -05:00
Zebediah Figura
9319c38de2 Rebase against 3269da9b46eaec8e3ea263fc8ecfcd24d3d8b6e6. 2021-04-08 18:18:17 -05:00
Zebediah Figura
03f7334e65 Actually rebase against ac65e1540960e64ce29e40ec19e4eade8369d520. 2021-04-07 18:35:45 -05:00
Zebediah Figura
eb40bf85d6 Rebase against ac65e1540960e64ce29e40ec19e4eade8369d520. 2021-04-07 17:30:55 -05:00
Zebediah Figura
d1169e15ee Rebase against 5a8bc554ef06c4a21d8b49ea8d936299f2cb2f34. 2021-04-06 18:45:52 -05:00
Zebediah Figura
0c295023f1 Rebase against 8d076bc5e46cc11ec94db631e7c608f62d75cee2. 2021-04-06 17:41:23 -05:00
Zebediah Figura
733a420dd7 server-Key_State: Replace with new patches from Rémi Bernon.
This also serves as a rebase against 2fcc1d0ecdebc55a5f515b1390ce715303f6a6ad.
2021-04-02 20:15:01 -05:00
Zebediah Figura
545073aafa Rebase against 97b420224e767b24d89722ff5efeca38a8ecf1e2. 2021-04-01 23:03:15 -05:00
Zebediah Figura
4e2dc89043 Rebase against 29d9659095fd76e303f204050ab4c85d0a0486e4. 2021-03-31 16:49:32 -05:00
Zebediah Figura
2929606a6a msxml3-FreeThreadedXMLHTTP60: Change bug reference to reflect split upstream bug. 2021-03-31 16:04:59 -05:00
Zebediah Figura
d90a798a26 Rebase against 7c62e6b169f18f4a5d5809490f8aebdb5a9375eb. 2021-03-30 17:06:03 -05:00
Zebediah Figura
2e42e7d996 Rebase against 6ca1a92684fcbaa1c569b60411a8036b6d11dc99. 2021-03-29 17:03:49 -05:00
Alistair Leslie-Hughes
34ba08404f Release v6.5 2021-03-28 18:24:50 +11:00
Zebediah Figura
7b199110bb Rebase against 71d41b37a1917cdf20cdb171dc73c20dbfdaeefa. 2021-03-27 10:31:02 -05:00
Alistair Leslie-Hughes
3d3cbfce86 Updated ntdll-Hide_Wine_Exports patchset 2021-03-26 15:05:50 +11:00
Alistair Leslie-Hughes
0547bb4578 Rebase against 34652f37e443a9e7698f66d13df3b4811b1c0cc3. 2021-03-26 10:38:20 +11:00
Zebediah Figura
f20c33fa04 Rebase against 12cfe6826773708e3b15f73b9674ccb959000d8b. 2021-03-24 16:48:35 -05:00
Zebediah Figura
a644c49d6d winmm-Delay_Import_Depends: Remove patch set.
This was fixed upstream at some point.
2021-03-24 11:27:50 -05:00
Zebediah Figura
d2102728fe Rebase against f69c8f018188af49d5a3916f7bb7e3ab984fd3ec. 2021-03-23 17:24:09 -05:00
Zebediah Figura
a93d3b6369 Use source.winehq.org in CI scripts. 2021-03-22 18:20:56 -05:00
Zebediah Figura
09fdb3b5c9 Rebase against d1764a45cfd12f8c5699fd7428cf90f90a2d31ef.
Actually rebase this time.
2021-03-22 18:18:36 -05:00
Zebediah Figura
5897bc1d27 Rebase against 41df83c50e1c3cfdd6e8ffb65de7838f8503632c. 2021-03-22 17:37:48 -05:00
Zebediah Figura
f8b6fde40c Rebase against 41df83c50e1c3cfdd6e8ffb65de7838f8503632c. 2021-03-19 21:15:35 -05:00
Alistair Leslie-Hughes
34d5c3568f Rebase against 6d26689484070b2c4ad4e0e16812c6eb8176cd40. 2021-03-19 14:27:44 +11:00
Zebediah Figura
44af049de7 Rebase against 2828d0820a1661e46f606f28db090d710cef11f4. 2021-03-18 00:32:41 -05:00
Alistair Leslie-Hughes
c747e46d75 Rebase against 4d5824112e13160e538013a25f1c13a124565180. 2021-03-17 09:44:07 +11:00
Zebediah Figura
1f89c15143 Rebase against 23ffd0a7986421958c23cffce138afa389209920. 2021-03-15 18:28:35 -05:00
Alistair Leslie-Hughes
7ec998e17a Release v6.4 2021-03-15 08:31:03 +11:00
Zebediah Figura
186c17f454 ntdll-Junction_Points: Updates from Erich E. Hoover. 2021-03-12 21:53:58 -06:00
Zebediah Figura
4a427fa757 Rebase against 4336ed0b84b3dd3097bbbbf8e4b9de2e4d444ad7. 2021-03-12 16:12:02 -06:00
Alistair Leslie-Hughes
5bcba4ef5a Rebase against 0ae1669ec2798193b11fd2d2ac74d51203f673b2. 2021-03-12 10:33:43 +11:00
Zebediah Figura
acc0de4def Rebase against 580413032c61bc142078d08efb1d1167fe385a97. 2021-03-10 19:40:52 -06:00
Zebediah Figura
3790a70510 setupapi-SPFILENOTIFY_FILEINCABINET: Remove patch set.
This is fixed upstream now.
2021-03-09 17:07:04 -06:00
Alistair Leslie-Hughes
e7c08665ab Rebase against 9107f591d3d73a3b4040db2e13ef51d9846591c9. 2021-03-10 08:55:33 +11:00
Alistair Leslie-Hughes
a11594e19e
Merge pull request #77 from Gcenx/master
Add a GitHub action to test building for macOS
2021-03-07 13:14:15 +11:00
Dean M Greer
bbebe570f3 Create macOS.yml 2021-03-06 07:11:22 -05:00
Zebediah Figura
89c049ee68 ntdll-Junction_Points: Updates from Erich E. Hoover. 2021-03-05 21:27:36 -06:00
Zebediah Figura
f4cb879b3d ntdll-NtAlertThreadByThreadId: Include mach/mach.h in unix_private.h.
Thanks to Dean Greer for finding this one.
2021-03-05 21:24:30 -06:00
Zebediah Figura
cb2a6e06e1 Rebase against 5bccf6fc3f309207ef4162df335157649f627f50. 2021-03-05 21:21:19 -06:00
Zebediah Figura
3a33c70a9a Rebase against 31af1aeb7895bddf59a73886b89759f76881bc9e. 2021-03-04 17:50:31 -06:00
Alistair Leslie-Hughes
64efb6f0d3 Added ntdll-RtlFirstFreeAce patchset 2021-03-04 12:06:54 +11:00
Alistair Leslie-Hughes
404b698d44 Rebase against 6d5659103f49db9e045087dd0093acc3b9a4b919. 2021-03-04 11:24:46 +11:00
Erich E. Hoover
a2ca43d98b ntdll-Junction_Points: Fix compilation on MacOS. 2021-03-02 20:26:41 -06:00
Zebediah Figura
0b1ffe4b94 Rebase against 7fa74fa78e2f8fedeea6fa3c796f0f2eb202825e. 2021-03-02 20:22:19 -06:00
Zebediah Figura
5d8901ac21 ntdll-set_full_cpu_context: Remove patch set.
These prefixes are redundant. We're restoring the context from 32-bit code, so
%ss = %ds already, and if we're on this side of the code then our %ss = the
target %ss.

Still, why was the patch written?

Before 44fbc018ed, there was a single path to restore contexts, and it looked
like this:

    output( "2:\tpushl 0x94(%%ecx)\n");     /* SegEs */
    output( "\tpopl %%es\n" );
    output( "\tpushl 0x90(%%ecx)\n");       /* SegFs */
    output( "\tpopl %%fs\n" );
    output( "\tpushl 0x8c(%%ecx)\n");       /* SegGs */
    output( "\tpopl %%gs\n" );

    output( "\tmovl 0x9c(%%ecx),%%edi\n");  /* Edi */
    output( "\tmovl 0xa0(%%ecx),%%esi\n");  /* Esi */
    output( "\tmovl 0xa8(%%ecx),%%edx\n");  /* Edx */
    output( "\tmovl 0xa4(%%ecx),%%ebx\n");  /* Ebx */
    output( "\tmovl 0xb0(%%ecx),%%eax\n");  /* Eax */
    output( "\tmovl 0xb4(%%ecx),%%ebp\n");  /* Ebp */

    output( "\tpushl 0xc8(%%ecx)\n");       /* SegSs */
    output( "\tpopl %%ss\n" );
    output( "\tmovl 0xc4(%%ecx),%%esp\n");  /* Esp */

    output( "\tpushl 0xc0(%%ecx)\n");       /* EFlags */
    output( "\tpushl 0xbc(%%ecx)\n");       /* SegCs */
    output( "\tpushl 0xb8(%%ecx)\n");       /* Eip */
    output( "\tpushl 0x98(%%ecx)\n");       /* SegDs */
    output( "\tmovl 0xac(%%ecx),%%ecx\n");  /* Ecx */

    output( "\tpopl %%ds\n" );
    output( "\tiret\n" );

Very simple: we restore most registers (but not %ds), then switch stacks, then
push control registers and %ds to the current (target) stack, then pop %ds and
iret.

This was vulnerable to signal races:

+    /* As soon as we have switched stacks the context structure could
+     * be invalid (when signal handlers are executed for example). Copy
+     * values on the target stack before changing ESP. */

so 44fbc018ed changed the path to a different one:

    output( "\tpushl 0xc8(%%ecx)\n" );      /* SegSs */
    output( "\tpopl %%es\n" );
    output( "\tmovl 0xc4(%%ecx),%%eax\n" ); /* Esp */
    output( "\tleal -4*4(%%eax),%%eax\n" );

    output( "\tmovl 0xc0(%%ecx),%%edx\n" ); /* EFlags */
    output( "\t.byte 0x26\n\tmovl %%edx,3*4(%%eax)\n" );
    output( "\tmovl 0xbc(%%ecx),%%edx\n" ); /* SegCs */
    output( "\t.byte 0x26\n\tmovl %%edx,2*4(%%eax)\n" );
    output( "\tmovl 0xb8(%%ecx),%%edx\n" ); /* Eip */
    output( "\t.byte 0x26\n\tmovl %%edx,1*4(%%eax)\n" );
    output( "\tmovl 0xb0(%%ecx),%%edx\n" ); /* Eax */
    output( "\t.byte 0x26\n\tmovl %%edx,0*4(%%eax)\n" );

    output( "\tpushl %%es\n" );
    output( "\tpushl 0x98(%%ecx)\n" );      /* SegDs */

    output(" \tpushl 0x94(%%ecx)\n" );      /* SegEs */
    output( "\tpopl %%es\n" );
    output( "\tpushl 0x90(%%ecx)\n");       /* SegFs */
    output( "\tpopl %%fs\n" );
    output( "\tpushl 0x8c(%%ecx)\n");       /* SegGs */
    output( "\tpopl %%gs\n" );

    output( "\tmovl 0x9c(%%ecx),%%edi\n" ); /* Edi */
    output( "\tmovl 0xa0(%%ecx),%%esi\n" ); /* Esi */
    output( "\tmovl 0xa4(%%ecx),%%ebx\n" ); /* Ebx */
    output( "\tmovl 0xa8(%%ecx),%%edx\n" ); /* Edx */
    output( "\tmovl 0xb4(%%ecx),%%ebp\n" ); /* Ebp */
    output( "\tmovl 0xac(%%ecx),%%ecx\n" ); /* Ecx */

    output( "\tpopl %%ds\n" );
    output( "\tpopl %%ss\n" );
    output( "\tmovl %%eax,%%esp\n" );

    output( "\tpopl %%eax\n" );
    output( "\tiret\n" );

That is, we set %es to the target %ss, write control regs onto the target stack
using %es, switch to the target stack, then pop + iret. In this case the %es
overrides make perfect sense: the target stack might be different from ours
(i.e. we are returning to 16-bit code).

Evidently this was invalid:

+    /* Restore the context when the stack segment changes. We can't use
+     * the same code as above because we do not know if the stack segment
+     * is 16 or 32 bit, and 'movl' will throw an exception when we try to
+     * access memory above the limit. */

In 4c8b3f63be1 slackner introduced two different paths. If we need to switch
stacks, we use the original path. (I think it's still vulnerable to signal
races, but we have no way of preventing those.) Meanwhile the other path can be
simplified a bit, since we're already on the target stack:

-    output( "\tpushl 0xc8(%%ecx)\n" );      /* SegSs */
-    output( "\tpopl %%es\n" );
     output( "\tmovl 0xc4(%%ecx),%%eax\n" ); /* Esp */
     output( "\tleal -4*4(%%eax),%%eax\n" );

     output( "\tmovl 0xc0(%%ecx),%%edx\n" ); /* EFlags */
-    output( "\t.byte 0x26\n\tmovl %%edx,3*4(%%eax)\n" );
+    output( "\t.byte 0x36\n\tmovl %%edx,3*4(%%eax)\n" );
     output( "\tmovl 0xbc(%%ecx),%%edx\n" ); /* SegCs */
-    output( "\t.byte 0x26\n\tmovl %%edx,2*4(%%eax)\n" );
+    output( "\t.byte 0x36\n\tmovl %%edx,2*4(%%eax)\n" );
     output( "\tmovl 0xb8(%%ecx),%%edx\n" ); /* Eip */
-    output( "\t.byte 0x26\n\tmovl %%edx,1*4(%%eax)\n" );
+    output( "\t.byte 0x36\n\tmovl %%edx,1*4(%%eax)\n" );
     output( "\tmovl 0xb0(%%ecx),%%edx\n" ); /* Eax */
-    output( "\t.byte 0x26\n\tmovl %%edx,0*4(%%eax)\n" );
+    output( "\t.byte 0x36\n\tmovl %%edx,0*4(%%eax)\n" );

-    output( "\tpushl %%es\n" );
     output( "\tpushl 0x98(%%ecx)\n" );      /* SegDs */

@@ -890,11 +889,37 @@ static void build_call_from_regs_x86(void)
     output( "\tmovl 0xac(%%ecx),%%ecx\n" ); /* Ecx */

     output( "\tpopl %%ds\n" );
-    output( "\tpopl %%ss\n" );
     output( "\tmovl %%eax,%%esp\n" );

     output( "\tpopl %%eax\n" );
     output( "\tiret\n" );

Sebastian got rid of the setting of %es, and replaced the %es prefixes with %ss
prefixes. What I think happened is that he made a subtle mistake—or, well, not a
mistake, but a redundancy. %es: was changed to %ss: by analogy, but it's
actually not necessary: we're operating on the source stack, and we know the
source stack is 32-bit, and we haven't set %ds yet, so %ds == %ss already, and
we can use the %implicit %ds prefix.

Alexandre presumably saw this in bab6ece63, and silently removed them. My guess
is that Sebastian saw that, wasn't sure, but (in the best case) didn't want to
submit his fix upstream until he had checked whether it was actually correct,
and never got around to checking. (Alternatively, he thought that the %ss should
have been retained for clarity, and decided not to try to submit that upstream.)
2021-03-02 20:22:01 -06:00
Zebediah Figura
6b24c39d32 Rebase against 3c2db20f66806074b047b0b3c76aa86ad79e3175. 2021-03-01 16:31:44 -06:00