server-Stored_ACLs: Fix some issues causing out-of-sync of local security descriptors and extended attributes.

Various improvements to the Debian packaging files.

README.md

@@ -38,6 +38,19 @@ Wine. All those differences are also documented on the
 Included bug fixes and improvements
 ===================================
 
+**Bugfixes and features included in the next upcoming release [9]:**
+
+* Add stub fltmgr.sys (filter manager driver) ([Wine Bug #23583](https://bugs.winehq.org/show_bug.cgi?id=23583))
+* Add stubs for Power[Set|Clear]Request
+* Avoid spam of FIXME messages for PsLookupProcessByProcessId stub ([Wine Bug #36821](https://bugs.winehq.org/show_bug.cgi?id=36821))
+* Don't return an error in WS_select when EINTR happens during timeout
+* Fix calculation of 3D sound source ([Wine Bug #38041](https://bugs.winehq.org/show_bug.cgi?id=38041))
+* Fix compatibility of Uplay with gnutls28 ([Wine Bug #38134](https://bugs.winehq.org/show_bug.cgi?id=38134))
+* Fix handling of ANSI NTLM credentials ([Wine Bug #37063](https://bugs.winehq.org/show_bug.cgi?id=37063))
+* Implement empty enumerator for IWiaDevMgr::EnumDeviceInfo ([Wine Bug #27775](https://bugs.winehq.org/show_bug.cgi?id=27775))
+* Software support for Environmental Audio Extensions (EAX)
+
+
 **Bugs fixed in Wine Staging 1.7.39 [205]:**
 
 * Add Dynamic DST exceptions for Israel Standard Time ([Wine Bug #36374](https://bugs.winehq.org/show_bug.cgi?id=36374))
@@ -80,7 +93,7 @@ Included bug fixes and improvements
 * Basic support for CUDA
 * Black & White needs DXTn software decoding support ([Wine Bug #14939](https://bugs.winehq.org/show_bug.cgi?id=14939))
 * CPU-Z fails to start because GetLogicalProcessorInformationEx returns FALSE
-* Child of Light expects FindConnectionPoint to succeed and increase the refcount ([Wine Bug #36408](https://bugs.winehq.org/show_bug.cgi?id=36408))
+* ~~Child of Light expects FindConnectionPoint to succeed and increase the refcount~~ ([Wine Bug #36408](https://bugs.winehq.org/show_bug.cgi?id=36408))
 * CreateProcess does not prioritize the working directory over the system search path ([Wine Bug #23934](https://bugs.winehq.org/show_bug.cgi?id=23934))
 * D3DCompileShader should filter specific warning messages ([Wine Bug #33770](https://bugs.winehq.org/show_bug.cgi?id=33770))
 * Do not append duplicate NULL characters when importing keys with regedit ([Wine Bug #37575](https://bugs.winehq.org/show_bug.cgi?id=37575))
@@ -119,8 +132,8 @@ Included bug fixes and improvements
 * Fix multithreading issues with fullscreen clipping ([Wine Bug #38087](https://bugs.winehq.org/show_bug.cgi?id=38087))
 * Fix possible segfault in pulse_rd_loop of PulseAudio backend
 * Fix race-condition when threads are killed during shutdown
-* Fix regression causing black screen on startup ([Wine Bug #38248](https://bugs.winehq.org/show_bug.cgi?id=38248))
-* Fix regression causing too dark/missing textures in several games ([Wine Bug #38256](https://bugs.winehq.org/show_bug.cgi?id=38256))
+* ~~Fix regression causing black screen on startup~~ ([Wine Bug #38248](https://bugs.winehq.org/show_bug.cgi?id=38248))
+* ~~Fix regression causing too dark/missing textures in several games~~ ([Wine Bug #38256](https://bugs.winehq.org/show_bug.cgi?id=38256))
 * Fix return value of ScrollWindowEx for invisible windows ([Wine Bug #37706](https://bugs.winehq.org/show_bug.cgi?id=37706))
 * Fix texture corruption in CSI: Fatal Conspiracy ([Wine Bug #33768](https://bugs.winehq.org/show_bug.cgi?id=33768))
 * Fix unintentional leaks with ntdll internals
@@ -142,7 +155,7 @@ Included bug fixes and improvements
 * Implement ID3DXEffect::FindNextValidTechnique ([Wine Bug #34101](https://bugs.winehq.org/show_bug.cgi?id=34101))
 * Implement IDXGIOutput::GetDesc
 * Implement SetFileInformationByHandle
-* Implement SetupLogError[A|W] and Setup[Open|Close]Log
+* ~~Implement SetupLogError[A|W] and Setup[Open|Close]Log~~
 * Implement a Microsoft Yahei replacement font ([Wine Bug #13829](https://bugs.winehq.org/show_bug.cgi?id=13829))
 * Implement additional stubs for vcomp dlls ([Wine Bug #31640](https://bugs.winehq.org/show_bug.cgi?id=31640))
 * Implement an Arial replacement font ([Wine Bug #32323](https://bugs.winehq.org/show_bug.cgi?id=32323))
@@ -220,7 +233,7 @@ Included bug fixes and improvements
 * Support for PulseAudio backend for audio ([Wine Bug #10495](https://bugs.winehq.org/show_bug.cgi?id=10495))
 * Support for RtlDecompressBuffer ([Wine Bug #37449](https://bugs.winehq.org/show_bug.cgi?id=37449))
 * Support for SHCreateSessionKey ([Wine Bug #35630](https://bugs.winehq.org/show_bug.cgi?id=35630))
-* Support for TOOLTIPS_GetTipText edge cases ([Wine Bug #30648](https://bugs.winehq.org/show_bug.cgi?id=30648))
+* ~~Support for TOOLTIPS_GetTipText edge cases~~ ([Wine Bug #30648](https://bugs.winehq.org/show_bug.cgi?id=30648))
 * Support for TransmitFile ([Wine Bug #5048](https://bugs.winehq.org/show_bug.cgi?id=5048))
 * Support for WTSEnumerateProcessesW ([Wine Bug #29903](https://bugs.winehq.org/show_bug.cgi?id=29903))
 * Support for extra large and jumbo icon lists in shell32 ([Wine Bug #24721](https://bugs.winehq.org/show_bug.cgi?id=24721))

debian/changelog

@@ -1,3 +1,24 @@
+wine-staging (1.7.40) UNRELEASED; urgency=low
+  * Update dsound fast mixer patchset to use integer math.
+  * Various improvements to Debian packaging files, pull request #310.
+  * Added patch with stubs for Power[Set|Clear]Request.
+  * Added patch to avoid spam of FIXME messages for PsLookupProcessByProcessId stub.
+  * Added patch to implement empty enumerator for IWiaDevMgr::EnumDeviceInfo.
+  * Added patch to fix handling of ANSI NTLM credentials.
+  * Added patch to fix compatibility of Uplay with gnutls28.
+  * Added patches for Environmental Audio Extensions (EAX), pull request #311 from Mark Harmstone.
+  * Added patch to fix return value of WS_select in case of EINTR during timeout.
+  * Added patch to fix calculation of 3D sound source.
+  * Added patch for stub of fltmgr.sys (filter manager driver).
+  * Removed patch to fix regression causing black screen on startup (accepted upstream).
+  * Removed patch to fix edge cases in TOOLTIPS_GetTipText (fixed upstream).
+  * Removed patch for IConnectionPoint/INetworkListManagerEvents stub interface (accepted upstream).
+  * Removed patch to fix race-condition when closing browseui IProcessDialog (accepted upstream).
+  * Removed patch with tests for GetFinalPathNameByHandleA/W (accepted upstream).
+  * Removed patch to emulate 'mov Eb, Gb' instruction on x86 processor architecture (accepted upstream).
+  * Removed patches for Setup*Log() functions (accepted upstream).
+ -- Sebastian Lackner <sebastian@fds-team.de>  Mon, 23 Mar 2015 16:12:20 +0100
+
 wine-staging (1.7.39) unstable; urgency=low
   * Fix a build failure on MacOS caused by using of strndup in the server-Inherited_ACLs patchset.
   * Update patchset for ntdll-RtlUnwindEx to fix an issue with dwarf handling (fixes Wine Staging Bug #170).

debian/control

@@ -111,7 +111,8 @@ Recommends: libcapi20-3,
             libgsm1
 Section: otherosfs
 Priority: optional
-Description: The Staging Edition is a special build of the popular Wine software
+Description: special build of the popular Wine software
+ The Staging Edition is a special build of the popular Wine software
  with patches representing my current staging tree for Wine.
  .
  Microsoft Windows Compatibility Layer (Binary Emulator and Library)
@@ -122,9 +123,9 @@ Description: The Staging Edition is a special build of the popular Wine software
  .
  This package provides support for loading 32-bit x86 Windows applications
  .
- This package is based on a recent Wine beta.  While many more applications will
- work, there may be some loss of functionality compared with the stable release
- provided by the regular wine package.
+ This package is based on a recent Wine beta.  While many more applications
+ will work, there may be some loss of functionality compared with the stable
+ release provided by the regular wine package.
 
 Package: wine-staging-amd64
 Architecture: amd64
@@ -167,7 +168,8 @@ Recommends: libcapi20-3,
             libgsm1
 Section: otherosfs
 Priority: optional
-Description: The Staging Edition is a special build of the popular Wine software
+Description: special build of the popular Wine software
+ The Staging Edition is a special build of the popular Wine software
  with patches representing my current staging tree for Wine.
  .
  Microsoft Windows Compatibility Layer (Binary Emulator and Library)
@@ -178,9 +180,9 @@ Description: The Staging Edition is a special build of the popular Wine software
  .
  This package provides support for loading 64-bit x86 Windows applications
  .
- This package is based on a recent Wine beta.  While many more applications will
- work, there may be some loss of functionality compared with the stable release
- provided by the regular wine package.
+ This package is based on a recent Wine beta.  While many more applications
+ will work, there may be some loss of functionality compared with the stable
+ release provided by the regular wine package.
 
 Package: wine-staging
 Architecture: i386 amd64
@@ -191,7 +193,8 @@ Depends:    ${misc:Depends}, ${shlibs:Depends},
             wine-staging-amd64 (= ${binary:Version}) [amd64],
 Section: otherosfs
 Priority: optional
-Description: The Staging Edition is a special build of the popular Wine software
+Description: special build of the popular Wine software
+ The Staging Edition is a special build of the popular Wine software
  with patches representing my current staging tree for Wine.
  .
  Microsoft Windows Compatibility Layer (Binary Emulator and Library)
@@ -200,13 +203,13 @@ Description: The Staging Edition is a special build of the popular Wine software
  does not require Microsoft Windows, however it can use native system dll
  files in place of its own if they are available.
  .
- This package includes a program loader for running unmodified Windows executables
- as well as the Wine project's free version of the Windows API for running programs
- ported from Windows.
+ This package includes a program loader for running unmodified Windows
+ executables as well as the Wine project's free version of the Windows API
+ for running programs ported from Windows.
  .
- This package is based on a recent Wine beta.  While many more applications will
- work, there may be some loss of functionality compared with the stable release
- provided by the regular wine package.
+ This package is based on a recent Wine beta.  While many more applications
+ will work, there may be some loss of functionality compared with the stable
+ release provided by the regular wine package.
 
 Package: wine-staging-dev
 Architecture: i386 amd64
@@ -217,7 +220,8 @@ Depends:    libc6-dev,
             wine-staging-amd64 (= ${binary:Version}) [amd64],
 Section: libdevel
 Priority: optional
-Description: The Staging Edition is a special build of the popular Wine software
+Description: special build of the popular Wine software
+ The Staging Edition is a special build of the popular Wine software
  with patches representing my current staging tree for Wine.
  .
  Microsoft Windows Compatibility Layer (Binary Emulator and Library)
@@ -238,7 +242,8 @@ Depends:    ${shlibs:Depends},
             wine-staging-amd64 (= ${binary:Version}) [amd64],
 Section: debug
 Priority: optional
-Description: The Staging Edition is a special build of the popular Wine software
+Description: special build of the popular Wine software
+ The Staging Edition is a special build of the popular Wine software
  with patches representing my current staging tree for Wine.
  .
  Microsoft Windows Compatibility Layer (Binary Emulator and Library)

debian/copyright

@@ -0,0 +1,226 @@
+Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: Wine Staging
+Source: http://www.winehq.com/ and http://www.wine-staging.com/
+
+Files: *
+Copyright: 1993-2015, the Wine project authors
+           2014-2015, the Wine Staging project authors
+License: LGPL-2.1
+
+Files: patches/fonts-Missing_Fonts/0001-fonts-Add-Liberation-Sans-as-an-Arial-replacement.patch
+Copyright: 2007, Red Hat
+License: LiberationFontLicense
+
+Files: patches/fonts-Missing_Fonts/0002-fonts-Add-WenQuanYi-Micro-Hei-as-a-Microsoft-Yahei-r.patch
+Copyright: 2008-2009, WenQuanYi Board of Trustees
+           2007, Google Corporation
+           2003-2004, Electronic Font Open Laboratory
+           1990-2003, Wada Laboratory, the University of Tokyo
+License: Apache-2 or GPL-3+ with font embedding exceptions
+
+Files: patches/fonts-Missing_Fonts/0003-fonts-Add-Courier-Prime-as-a-Courier-New-replacement
+Copyright: 2013, Quote-Unquote Apps
+License: OFL1.1
+
+License: LGPL-2.1
+ This software is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+ .
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ Lesser General Public License for more details.
+ .
+ On Debian systems, the complete text of the GNU Library General Public
+ License can be found in /usr/share/common-licenses/LGPL-2.1 file.
+
+License: LiberationFontLicense
+ LICENSE AGREEMENT AND LIMITED PRODUCT WARRANTY
+ LIBERATION FONT SOFTWARE
+ .
+ This agreement governs the use of the Software and any updates to the Software,
+ regardless of the delivery mechanism. Subject to the following terms, Red Hat,
+ Inc. ("Red Hat") grants to the user ("Client") a license to this work pursuant
+ to the GNU General Public License v.2 with the exceptions set forth below and
+ such other terms as our set forth in this End User License Agreement.
+ .
+ 1.The Software and License Exception. LIBERATION font software  (the "Software")
+ consists of TrueType-OpenType formatted font software for rendering LIBERATION
+ typefaces in sans serif, serif, and monospaced character styles. You are licensed
+ to use, modify, copy, and distribute the Software pursuant to the GNU General
+ Public License v.2 with the following exceptions:
+ (a)As a special exception, if you create a document which uses this font, and
+ embed this font or unaltered portions of this font into the document, this font
+ does not by itself cause the resulting document to be covered by the GNU General
+ Public License. This exception does not however invalidate any other reasons why
+ the document might be covered by the GNU General Public License. If you modify
+ this font, you may extend this exception to your version of the font, but you
+ are not obligated to do so. If you do not wish to do so, delete this exception
+ statement from your version.
+ (b)As a further exception, any distribution of the object code of the Software
+ in a physical product must provide you the right to access and modify the source
+ code for the Software and to reinstall that modified version of the Software in
+ object code form on the same physical product on which you received it.
+ 2.Intellectual Property Rights. The Software and each of its components,
+ including the source code, documentation, appearance, structure and organization
+ are owned by Red Hat and others and are protected under copyright and other laws.
+ Title to the Software and any component, or to any copy, modification, or merged
+ portion shall remain with the aforementioned, subject to the applicable license.
+ The "LIBERATION" trademark is a trademark of Red Hat, Inc. in the U.S. and other
+ countries. This agreement does not permit Client to distribute modified versions
+ of the Software using Red Hat's trademarks. If Client makes a redistribution of
+ a modified version of the Software, then Client must modify the files names to
+ remove any reference to the Red Hat trademarks and must not use the Red Hat
+ trademarks in any way to reference or promote the modified Software.
+ 3.Limited Warranty. To the maximum extent permitted under applicable law, the
+ Software is provided and licensed "as is" without warranty of any kind,
+ expressed or implied, including the implied warranties of merchantability,
+ non-infringement or fitness for a particular purpose. Red Hat does not warrant
+ that the functions contained in the Software will meet Client's requirements or
+ that the operation of the Software will be entirely error free or appear
+ precisely as described in the accompanying documentation.
+ 4.Limitation of Remedies and Liability. To the maximum extent permitted by
+ applicable law, Red Hat or any Red Hat authorized dealer will not be liable to
+ Client for any incidental or consequential damages, including lost profits or
+ lost savings arising out of the use or inability to use the Software, even if
+ Red Hat or such dealer has been advised of the possibility of such damages.
+ 5.General. If any provision of this agreement is held to be unenforceable, that
+ shall not affect the enforceability of the remaining provisions. This agreement
+ shall be governed by the laws of the State of North Carolina and of the United
+ States, without regard to any conflict of laws provisions, except that the
+ United Nations Convention on the International Sale of Goods shall not apply.
+ Copyright © 2007 Red Hat, Inc. All rights reserved. LIBERATION is a trademark
+ of Red Hat, Inc.
+
+License: GPL-3+ with font embedding exceptions
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+ .
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+ .
+ As a special exception, if you create a document which uses this font,
+ and embed this font or unaltered portions of this font into the
+ document, this font does not by itself cause the resulting document to
+ be covered by the GNU General Public License. This exception does not
+ however invalidate any other reasons why the document might be covered
+ by the GNU General Public License. If you modify this font, you may
+ extend this exception to your version of the font, but you are not
+ obligated to do so. If you do not wish to do so, delete this exception
+ statement from your version.
+ .
+ On Debian systems, the complete text of the GNU General Public License
+ version 3 can be found in /usr/share/common-licenses/GPL-3 file.
+
+License: OFL1.1
+ Copyright (c) 2013, Quote-Unquote Apps (http://quoteunquoteapps.com),
+ with Reserved Font Name Courier Prime.
+ .
+ This Font Software is licensed under the SIL Open Font License, Version 1.1.
+ This license is copied below, and is also available with a FAQ at:
+ http://scripts.sil.org/OFL
+ .
+ PREAMBLE
+ The goals of the Open Font License (OFL) are to stimulate worldwide
+ development of collaborative font projects, to support the font creation
+ efforts of academic and linguistic communities, and to provide a free and
+ open framework in which fonts may be shared and improved in partnership
+ with others.
+ .
+ The OFL allows the licensed fonts to be used, studied, modified and
+ redistributed freely as long as they are not sold by themselves. The
+ fonts, including any derivative works, can be bundled, embedded, 
+ redistributed and/or sold with any software provided that any reserved
+ names are not used by derivative works. The fonts and derivatives,
+ however, cannot be released under any other type of license. The
+ requirement for fonts to remain under this license does not apply
+ to any document created using the fonts or their derivatives.
+ .
+ DEFINITIONS
+ "Font Software" refers to the set of files released by the Copyright
+ Holder(s) under this license and clearly marked as such. This may
+ include source files, build scripts and documentation.
+ .
+ "Reserved Font Name" refers to any names specified as such after the
+ copyright statement(s).
+ .
+ "Original Version" refers to the collection of Font Software components as
+ distributed by the Copyright Holder(s).
+ .
+ "Modified Version" refers to any derivative made by adding to, deleting,
+ or substituting -- in part or in whole -- any of the components of the
+ Original Version, by changing formats or by porting the Font Software to a
+ new environment.
+ .
+ "Author" refers to any designer, engineer, programmer, technical
+ writer or other person who contributed to the Font Software.
+ .
+ PERMISSION & CONDITIONS
+ Permission is hereby granted, free of charge, to any person obtaining
+ a copy of the Font Software, to use, study, copy, merge, embed, modify,
+ redistribute, and sell modified and unmodified copies of the Font
+ Software, subject to the following conditions:
+ .
+ 1) Neither the Font Software nor any of its individual components,
+ in Original or Modified Versions, may be sold by itself.
+ .
+ 2) Original or Modified Versions of the Font Software may be bundled,
+ redistributed and/or sold with any software, provided that each copy
+ contains the above copyright notice and this license. These can be
+ included either as stand-alone text files, human-readable headers or
+ in the appropriate machine-readable metadata fields within text or
+ binary files as long as those fields can be easily viewed by the user.
+ .
+ 3) No Modified Version of the Font Software may use the Reserved Font
+ Name(s) unless explicit written permission is granted by the corresponding
+ Copyright Holder. This restriction only applies to the primary font name as
+ presented to the users.
+ .
+ 4) The name(s) of the Copyright Holder(s) or the Author(s) of the Font
+ Software shall not be used to promote, endorse or advertise any
+ Modified Version, except to acknowledge the contribution(s) of the
+ Copyright Holder(s) and the Author(s) or with their explicit written
+ permission.
+ .
+ 5) The Font Software, modified or unmodified, in part or in whole,
+ must be distributed entirely under this license, and must not be
+ distributed under any other license. The requirement for fonts to
+ remain under this license does not apply to any document created
+ using the Font Software.
+ .
+ TERMINATION
+ This license becomes null and void if any of the above conditions are
+ not met.
+ .
+ DISCLAIMER
+ THE FONT SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT
+ OF COPYRIGHT, PATENT, TRADEMARK, OR OTHER RIGHT. IN NO EVENT SHALL THE
+ COPYRIGHT HOLDER BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ INCLUDING ANY GENERAL, SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL
+ DAMAGES, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ FROM, OUT OF THE USE OR INABILITY TO USE THE FONT SOFTWARE OR FROM
+ OTHER DEALINGS IN THE FONT SOFTWARE.
+
+License: Apache-2
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ .
+ http://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ .
+ On Debian systems, the complete text of the Apache License 2.0 can be
+ found in /usr/share/common-licenses/Apache-2.0 file.

debian/source/format

@@ -0,0 +1 @@
+3.0 (native)

debian/wine-staging.docs

@@ -1,9 +1,4 @@
 documentation/README.*
 ANNOUNCE
 AUTHORS
-LICENSE
-COPYING.LIB
-COPYING.arial
-COPYING.cour
-COPYING.msyh
 README

patches/advapi32-ACL_Tests/0001-advapi32-tests-Add-tests-for-inheriting-ACL-attribut.patch

@@ -0,0 +1,78 @@
+From 55f59fd8586738ecb5afde3ec09d2216e2563c54 Mon Sep 17 00:00:00 2001
+From: "Erich E. Hoover" <erich.e.hoover@gmail.com>
+Date: Fri, 18 Apr 2014 14:08:36 -0600
+Subject: advapi32/tests: Add tests for inheriting ACL attributes.
+
+---
+ dlls/advapi32/tests/security.c | 45 +++++++++++++++++++++++++++++++++++++++++-
+ 1 file changed, 44 insertions(+), 1 deletion(-)
+
+diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
+index c256753..9e44a35 100644
+--- a/dlls/advapi32/tests/security.c
++++ b/dlls/advapi32/tests/security.c
+@@ -3118,10 +3118,11 @@ static void test_CreateDirectoryA(void)
+     ACL_SIZE_INFORMATION acl_size;
+     ACCESS_ALLOWED_ACE *ace;
+     SECURITY_ATTRIBUTES sa;
++    char tmpfile[MAX_PATH];
+     char tmpdir[MAX_PATH];
++    HANDLE token, hTemp;
+     struct _SID *owner;
+     BOOL bret = TRUE;
+-    HANDLE token;
+     DWORD error;
+     PACL pDacl;
+ 
+@@ -3214,6 +3215,48 @@ static void test_CreateDirectoryA(void)
+     }
+     LocalFree(pSD);
+ 
++    /* Test inheritance of ACLs */
++    strcpy(tmpfile, tmpdir);
++    lstrcatA(tmpfile, "/tmpfile");
++    hTemp = CreateFileA(tmpfile, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_NEW,
++                        FILE_FLAG_DELETE_ON_CLOSE, NULL);
++    error = pGetNamedSecurityInfoA(tmpfile, SE_FILE_OBJECT,
++                                   OWNER_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION, (PSID*)&owner,
++                                   NULL, &pDacl, NULL, &pSD);
++    ok(error == ERROR_SUCCESS, "Failed to get permissions on file.\n");
++    bret = pGetAclInformation(pDacl, &acl_size, sizeof(acl_size), AclSizeInformation);
++    ok(bret, "GetAclInformation failed\n");
++    todo_wine
++    ok(acl_size.AceCount == 2, "GetAclInformation returned unexpected entry count (%d != 2).\n",
++                               acl_size.AceCount);
++    if (acl_size.AceCount > 0)
++    {
++        bret = pGetAce(pDacl, 0, (VOID **)&ace);
++        ok(bret, "Inherited Failed to get Current User ACE.\n");
++        bret = EqualSid(&ace->SidStart, user_sid);
++        todo_wine
++        ok(bret, "Inherited Current User ACE != Current User SID.\n");
++        todo_wine
++        ok(((ACE_HEADER *)ace)->AceFlags == INHERITED_ACE,
++           "Inherited Current User ACE has unexpected flags (0x%x != 0x10)\n", ((ACE_HEADER *)ace)->AceFlags);
++        ok(ace->Mask == 0x1f01ff, "Current User ACE has unexpected mask (0x%x != 0x1f01ff)\n",
++                                  ace->Mask);
++    }
++    if (acl_size.AceCount > 1)
++    {
++        bret = pGetAce(pDacl, 1, (VOID **)&ace);
++        ok(bret, "Inherited Failed to get Administators Group ACE.\n");
++        bret = EqualSid(&ace->SidStart, admin_sid);
++        todo_wine
++        ok(bret, "Inherited Administators Group ACE != Administators Group SID.\n");
++        todo_wine
++        ok(((ACE_HEADER *)ace)->AceFlags == INHERITED_ACE,
++           "Inherited Administators Group ACE has unexpected flags (0x%x != 0x10)\n", ((ACE_HEADER *)ace)->AceFlags);
++        ok(ace->Mask == 0x1f01ff, "Administators Group ACE has unexpected mask (0x%x != 0x1f01ff)\n",
++                                  ace->Mask);
++    }
++    CloseHandle(hTemp);
++
+ done:
+     HeapFree(GetProcessHeap(), 0, user);
+     bret = RemoveDirectoryA(tmpdir);
+-- 
+2.3.3
+

patches/advapi32-ACL_Tests/0002-advapi32-tests-Repeat-ACL-inheritance-tests-for-NtCr.patch

@@ -0,0 +1,176 @@
+From 0a2fa63085713b6e9a05bb8094fd375370e3b7d9 Mon Sep 17 00:00:00 2001
+From: Sebastian Lackner <sebastian@fds-team.de>
+Date: Mon, 30 Mar 2015 06:19:39 +0200
+Subject: advapi32/tests: Repeat ACL inheritance tests for NtCreateFile.
+
+---
+ dlls/advapi32/tests/security.c | 104 ++++++++++++++++++++++++++++++++---------
+ 1 file changed, 81 insertions(+), 23 deletions(-)
+
+diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
+index 9e44a35..7769d74 100644
+--- a/dlls/advapi32/tests/security.c
++++ b/dlls/advapi32/tests/security.c
+@@ -27,6 +27,7 @@
+ #include "windef.h"
+ #include "winbase.h"
+ #include "winerror.h"
++#include "winternl.h"
+ #include "aclapi.h"
+ #include "winnt.h"
+ #include "sddl.h"
+@@ -59,29 +60,6 @@
+ #define THREAD_ALL_ACCESS_NT4 (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x3ff)
+ #define THREAD_ALL_ACCESS_VISTA (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0xffff)
+ 
+-/* copied from Wine winternl.h - not included in the Windows SDK */
+-typedef enum _OBJECT_INFORMATION_CLASS {
+-    ObjectBasicInformation,
+-    ObjectNameInformation,
+-    ObjectTypeInformation,
+-    ObjectAllInformation,
+-    ObjectDataInformation
+-} OBJECT_INFORMATION_CLASS, *POBJECT_INFORMATION_CLASS;
+-
+-typedef struct _OBJECT_BASIC_INFORMATION {
+-    ULONG  Attributes;
+-    ACCESS_MASK  GrantedAccess;
+-    ULONG  HandleCount;
+-    ULONG  PointerCount;
+-    ULONG  PagedPoolUsage;
+-    ULONG  NonPagedPoolUsage;
+-    ULONG  Reserved[3];
+-    ULONG  NameInformationLength;
+-    ULONG  TypeInformationLength;
+-    ULONG  SecurityDescriptorLength;
+-    LARGE_INTEGER  CreateTime;
+-} OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION;
+-
+ #define expect_eq(expr, value, type, format) { type ret_ = expr; ok((value) == ret_, #expr " expected " format "  got " format "\n", (value), (ret_)); }
+ 
+ static BOOL (WINAPI *pAddAccessAllowedAceEx)(PACL, DWORD, DWORD, DWORD, PSID);
+@@ -148,6 +126,9 @@ static BOOL (WINAPI *pCreateRestrictedToken)(HANDLE, DWORD, DWORD, PSID_AND_ATTR
+ static BOOL (WINAPI *pGetAclInformation)(PACL,LPVOID,DWORD,ACL_INFORMATION_CLASS);
+ static BOOL (WINAPI *pGetAce)(PACL,DWORD,LPVOID*);
+ static NTSTATUS (WINAPI *pNtSetSecurityObject)(HANDLE,SECURITY_INFORMATION,PSECURITY_DESCRIPTOR);
++static NTSTATUS (WINAPI *pNtCreateFile)(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES,PIO_STATUS_BLOCK,PLARGE_INTEGER,ULONG,ULONG,ULONG,ULONG,PVOID,ULONG);
++static BOOL     (WINAPI *pRtlDosPathNameToNtPathName_U)(LPCWSTR,PUNICODE_STRING,PWSTR*,CURDIR*);
++static NTSTATUS (WINAPI *pRtlAnsiStringToUnicodeString)(PUNICODE_STRING,PCANSI_STRING,BOOLEAN);
+ 
+ static HMODULE hmod;
+ static int     myARGC;
+@@ -175,6 +156,9 @@ static void init(void)
+     pNtQueryObject = (void *)GetProcAddress( hntdll, "NtQueryObject" );
+     pNtAccessCheck = (void *)GetProcAddress( hntdll, "NtAccessCheck" );
+     pNtSetSecurityObject = (void *)GetProcAddress(hntdll, "NtSetSecurityObject");
++    pNtCreateFile = (void *)GetProcAddress(hntdll, "NtCreateFile");
++    pRtlDosPathNameToNtPathName_U = (void *)GetProcAddress(hntdll, "RtlDosPathNameToNtPathName_U");
++    pRtlAnsiStringToUnicodeString = (void *)GetProcAddress(hntdll, "RtlAnsiStringToUnicodeString");
+ 
+     hmod = GetModuleHandleA("advapi32.dll");
+     pAddAccessAllowedAceEx = (void *)GetProcAddress(hmod, "AddAccessAllowedAceEx");
+@@ -3108,6 +3092,24 @@ static void test_SetEntriesInAclA(void)
+     HeapFree(GetProcessHeap(), 0, OldAcl);
+ }
+ 
++/* helper function for test_CreateDirectoryA */
++static void get_nt_pathW(const char *name, UNICODE_STRING *nameW)
++{
++    UNICODE_STRING strW;
++    ANSI_STRING str;
++    NTSTATUS status;
++    BOOLEAN ret;
++    RtlInitAnsiString(&str, name);
++
++    status = pRtlAnsiStringToUnicodeString(&strW, &str, TRUE);
++    ok(!status, "RtlAnsiStringToUnicodeString failed with %08x\n", status);
++
++    ret = pRtlDosPathNameToNtPathName_U(strW.Buffer, nameW, NULL, NULL);
++    ok(ret, "RtlDosPathNameToNtPathName_U failed\n");
++
++    RtlFreeUnicodeString(&strW);
++}
++
+ static void test_CreateDirectoryA(void)
+ {
+     char admin_ptr[sizeof(SID)+sizeof(ULONG)*SID_MAX_SUB_AUTHORITIES], *user;
+@@ -3116,13 +3118,17 @@ static void test_CreateDirectoryA(void)
+     char sd[SECURITY_DESCRIPTOR_MIN_LENGTH];
+     PSECURITY_DESCRIPTOR pSD = &sd;
+     ACL_SIZE_INFORMATION acl_size;
++    UNICODE_STRING tmpfileW;
+     ACCESS_ALLOWED_ACE *ace;
+     SECURITY_ATTRIBUTES sa;
++    OBJECT_ATTRIBUTES attr;
+     char tmpfile[MAX_PATH];
+     char tmpdir[MAX_PATH];
+     HANDLE token, hTemp;
++    IO_STATUS_BLOCK io;
+     struct _SID *owner;
+     BOOL bret = TRUE;
++    NTSTATUS status;
+     DWORD error;
+     PACL pDacl;
+ 
+@@ -3257,6 +3263,58 @@ static void test_CreateDirectoryA(void)
+     }
+     CloseHandle(hTemp);
+ 
++    /* Repeat the same test with ntdll functions */
++    strcpy(tmpfile, tmpdir);
++    lstrcatA(tmpfile, "/tmpfile");
++    get_nt_pathW(tmpfile, &tmpfileW);
++    attr.Length = sizeof(attr);
++    attr.RootDirectory = 0;
++    attr.ObjectName = &tmpfileW;
++    attr.Attributes = OBJ_CASE_INSENSITIVE;
++    attr.SecurityDescriptor = NULL;
++    attr.SecurityQualityOfService = NULL;
++    status = pNtCreateFile(&hTemp, GENERIC_WRITE | DELETE, &attr, &io, NULL, 0, FILE_SHARE_READ,
++                           FILE_CREATE, FILE_DELETE_ON_CLOSE, NULL, 0);
++    ok(!status, "NtCreateFile failed with %08x\n", status);
++    RtlFreeUnicodeString(&tmpfileW);
++
++    error = pGetNamedSecurityInfoA(tmpfile, SE_FILE_OBJECT,
++                                   OWNER_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION, (PSID*)&owner,
++                                   NULL, &pDacl, NULL, &pSD);
++    ok(error == ERROR_SUCCESS, "Failed to get permissions on file.\n");
++    bret = pGetAclInformation(pDacl, &acl_size, sizeof(acl_size), AclSizeInformation);
++    ok(bret, "GetAclInformation failed\n");
++    todo_wine
++    ok(acl_size.AceCount == 2, "GetAclInformation returned unexpected entry count (%d != 2).\n",
++                               acl_size.AceCount);
++    if (acl_size.AceCount > 0)
++    {
++        bret = pGetAce(pDacl, 0, (VOID **)&ace);
++        ok(bret, "Inherited Failed to get Current User ACE.\n");
++        bret = EqualSid(&ace->SidStart, user_sid);
++        todo_wine
++        ok(bret, "Inherited Current User ACE != Current User SID.\n");
++        todo_wine
++        ok(((ACE_HEADER *)ace)->AceFlags == INHERITED_ACE,
++           "Inherited Current User ACE has unexpected flags (0x%x != 0x10)\n", ((ACE_HEADER *)ace)->AceFlags);
++        ok(ace->Mask == 0x1f01ff, "Current User ACE has unexpected mask (0x%x != 0x1f01ff)\n",
++                                  ace->Mask);
++    }
++    if (acl_size.AceCount > 1)
++    {
++        bret = pGetAce(pDacl, 1, (VOID **)&ace);
++        ok(bret, "Inherited Failed to get Administators Group ACE.\n");
++        bret = EqualSid(&ace->SidStart, admin_sid);
++        todo_wine
++        ok(bret, "Inherited Administators Group ACE != Administators Group SID.\n");
++        todo_wine
++        ok(((ACE_HEADER *)ace)->AceFlags == INHERITED_ACE,
++           "Inherited Administators Group ACE has unexpected flags (0x%x != 0x10)\n", ((ACE_HEADER *)ace)->AceFlags);
++        ok(ace->Mask == 0x1f01ff, "Administators Group ACE has unexpected mask (0x%x != 0x1f01ff)\n",
++                                  ace->Mask);
++    }
++    CloseHandle(hTemp);
++
+ done:
+     HeapFree(GetProcessHeap(), 0, user);
+     bret = RemoveDirectoryA(tmpdir);
+-- 
+2.3.3
+

patches/advapi32-ACL_Tests/0003-advapi32-tests-Add-tests-for-PROTECTED_DACL_SECURITY.patch

@@ -0,0 +1,101 @@
+From 0e7514bba4464a3a7ed1f85b0fd69de93a7018d4 Mon Sep 17 00:00:00 2001
+From: "Erich E. Hoover" <erich.e.hoover@gmail.com>
+Date: Fri, 18 Apr 2014 14:10:49 -0600
+Subject: advapi32/tests: Add tests for PROTECTED_DACL_SECURITY_INFORMATION.
+
+---
+ dlls/advapi32/tests/security.c | 54 ++++++++++++++++++++++++++++++++++++++++++
+ include/winnt.h                |  7 +++---
+ 2 files changed, 58 insertions(+), 3 deletions(-)
+
+diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
+index 7769d74..0259b63 100644
+--- a/dlls/advapi32/tests/security.c
++++ b/dlls/advapi32/tests/security.c
+@@ -3604,6 +3604,60 @@ static void test_GetNamedSecurityInfoA(void)
+     HeapFree(GetProcessHeap(), 0, user);
+     CloseHandle(hTemp);
+ 
++    /* Create security descriptor with no inheritance and test that it comes back the same */
++    pSD = &sd;
++    pDacl = HeapAlloc(GetProcessHeap(), 0, 100);
++    InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION);
++    pCreateWellKnownSid(WinBuiltinAdministratorsSid, NULL, admin_sid, &sid_size);
++    bret = InitializeAcl(pDacl, 100, ACL_REVISION);
++    ok(bret, "Failed to initialize ACL.\n");
++    bret = pAddAccessAllowedAceEx(pDacl, ACL_REVISION, 0, GENERIC_ALL, user_sid);
++    ok(bret, "Failed to add Current User to ACL.\n");
++    bret = pAddAccessAllowedAceEx(pDacl, ACL_REVISION, 0, GENERIC_ALL, admin_sid);
++    ok(bret, "Failed to add Administrator Group to ACL.\n");
++    bret = SetSecurityDescriptorDacl(pSD, TRUE, pDacl, FALSE);
++    ok(bret, "Failed to add ACL to security desciptor.\n");
++    GetTempFileNameA(".", "foo", 0, tmpfile);
++    hTemp = CreateFileA(tmpfile, GENERIC_WRITE, FILE_SHARE_READ, NULL, OPEN_EXISTING,
++                        FILE_FLAG_DELETE_ON_CLOSE, NULL);
++    error = pSetNamedSecurityInfoA(tmpfile, SE_FILE_OBJECT,
++                                   DACL_SECURITY_INFORMATION|PROTECTED_DACL_SECURITY_INFORMATION,
++                                    NULL, NULL, pDacl, NULL);
++    HeapFree(GetProcessHeap(), 0, pDacl);
++    ok(!error, "SetNamedSecurityInfoA failed with error %d\n", error);
++    error = pGetNamedSecurityInfoA(tmpfile, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION,
++                                   NULL, NULL, &pDacl, NULL, &pSD);
++    ok(!error, "GetNamedSecurityInfo failed with error %d\n", error);
++
++    bret = pGetAclInformation(pDacl, &acl_size, sizeof(acl_size), AclSizeInformation);
++    ok(bret, "GetAclInformation failed\n");
++    if (acl_size.AceCount > 0)
++    {
++        bret = pGetAce(pDacl, 0, (VOID **)&ace);
++        ok(bret, "Failed to get Current User ACE.\n");
++        bret = EqualSid(&ace->SidStart, user_sid);
++        todo_wine
++        ok(bret, "Current User ACE != Current User SID.\n");
++        ok(((ACE_HEADER *)ace)->AceFlags == 0,
++           "Current User ACE has unexpected flags (0x%x != 0x0)\n", ((ACE_HEADER *)ace)->AceFlags);
++        ok(ace->Mask == 0x1f01ff, "Current User ACE has unexpected mask (0x%x != 0x1f01ff)\n",
++                                  ace->Mask);
++    }
++    if (acl_size.AceCount > 1)
++    {
++        bret = pGetAce(pDacl, 1, (VOID **)&ace);
++        ok(bret, "Failed to get Administators Group ACE.\n");
++        bret = EqualSid(&ace->SidStart, admin_sid);
++        ok(bret || broken(!bret) /* win2k */, "Administators Group ACE != Administators Group SID.\n");
++        ok(((ACE_HEADER *)ace)->AceFlags == 0,
++           "Administators Group ACE has unexpected flags (0x%x != 0x0)\n", ((ACE_HEADER *)ace)->AceFlags);
++        ok(ace->Mask == 0x1f01ff || broken(ace->Mask == GENERIC_ALL) /* win2k */,
++           "Administators Group ACE has unexpected mask (0x%x != 0x1f01ff)\n", ace->Mask);
++    }
++    LocalFree(pSD);
++    HeapFree(GetProcessHeap(), 0, pDacl);
++    CloseHandle(hTemp);
++
+     /* Test querying the ownership of a built-in registry key */
+     sid_size = sizeof(system_ptr);
+     pCreateWellKnownSid(WinLocalSystemSid, NULL, system_sid, &sid_size);
+diff --git a/include/winnt.h b/include/winnt.h
+index 4b06b2c..d575884 100644
+--- a/include/winnt.h
++++ b/include/winnt.h
+@@ -5078,14 +5078,15 @@ typedef struct _TAPE_GET_MEDIA_PARAMETERS {
+     BOOLEAN WriteProtected;
+ } TAPE_GET_MEDIA_PARAMETERS, *PTAPE_GET_MEDIA_PARAMETERS;
+ 
+-/* ----------------------------- begin registry ----------------------------- */
+-
+-/* Registry security values */
+ #define OWNER_SECURITY_INFORMATION	0x00000001
+ #define GROUP_SECURITY_INFORMATION	0x00000002
+ #define DACL_SECURITY_INFORMATION	0x00000004
+ #define SACL_SECURITY_INFORMATION	0x00000008
++#define PROTECTED_DACL_SECURITY_INFORMATION  0x80000000
+ 
++/* ----------------------------- begin registry ----------------------------- */
++
++/* Registry security values */
+ #define REG_OPTION_RESERVED		0x00000000
+ #define REG_OPTION_NON_VOLATILE		0x00000000
+ #define REG_OPTION_VOLATILE		0x00000001
+-- 
+2.3.3
+

patches/advapi32-ACL_Tests/definition

@@ -0,0 +1 @@
+Depends: server-Stored_ACLs

patches/advapi32-Revert_DACL/0001-Revert-advapi32-Add-DACL-inheritance-support-in-SetS.patch

@@ -0,0 +1,216 @@
+From 8ea5a805609c2a13199ffcaa8b9b24f413d00d8b Mon Sep 17 00:00:00 2001
+From: Sebastian Lackner <sebastian@fds-team.de>
+Date: Fri, 27 Mar 2015 15:32:04 +0100
+Subject: Revert "advapi32: Add DACL inheritance support in SetSecurityInfo."
+
+This reverts commit f974d726720eff4fcd7371bca95e6cdcc4b4a848.
+---
+ dlls/advapi32/security.c       | 130 +----------------------------------------
+ dlls/advapi32/tests/security.c |  23 ++++----
+ 2 files changed, 14 insertions(+), 139 deletions(-)
+
+diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c
+index 71a8c92..e8cdcc5 100644
+--- a/dlls/advapi32/security.c
++++ b/dlls/advapi32/security.c
+@@ -4052,8 +4052,6 @@ DWORD WINAPI SetNamedSecurityInfoW(LPWSTR pObjectName,
+         }
+         break;
+     case SE_FILE_OBJECT:
+-        if (SecurityInfo & DACL_SECURITY_INFORMATION)
+-            access |= READ_CONTROL;
+         if (!(err = get_security_file( pObjectName, access, &handle )))
+         {
+             err = SetSecurityInfo( handle, ObjectType, SecurityInfo, psidOwner, psidGroup, pDacl, pSacl );
+@@ -5731,7 +5729,6 @@ DWORD WINAPI SetSecurityInfo(HANDLE handle, SE_OBJECT_TYPE ObjectType,
+                       PSID psidGroup, PACL pDacl, PACL pSacl)
+ {
+     SECURITY_DESCRIPTOR sd;
+-    PACL dacl = pDacl;
+     NTSTATUS status;
+ 
+     if (!InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION))
+@@ -5742,130 +5739,7 @@ DWORD WINAPI SetSecurityInfo(HANDLE handle, SE_OBJECT_TYPE ObjectType,
+     if (SecurityInfo & GROUP_SECURITY_INFORMATION)
+         SetSecurityDescriptorGroup(&sd, psidGroup, FALSE);
+     if (SecurityInfo & DACL_SECURITY_INFORMATION)
+-    {
+-        if (ObjectType == SE_FILE_OBJECT)
+-        {
+-            SECURITY_DESCRIPTOR_CONTROL control;
+-            PSECURITY_DESCRIPTOR psd;
+-            OBJECT_NAME_INFORMATION *name_info;
+-            DWORD size, rev;
+-
+-            status = NtQuerySecurityObject(handle, SecurityInfo, NULL, 0, &size);
+-            if (status != STATUS_BUFFER_TOO_SMALL)
+-                return RtlNtStatusToDosError(status);
+-
+-            psd = heap_alloc(size);
+-            if (!psd)
+-                return ERROR_NOT_ENOUGH_MEMORY;
+-
+-            status = NtQuerySecurityObject(handle, SecurityInfo, psd, size, &size);
+-            if (status)
+-            {
+-                heap_free(psd);
+-                return RtlNtStatusToDosError(status);
+-            }
+-
+-            status = RtlGetControlSecurityDescriptor(psd, &control, &rev);
+-            heap_free(psd);
+-            if (status)
+-                return RtlNtStatusToDosError(status);
+-            /* TODO: copy some control flags to new sd */
+-
+-            /* inherit parent directory DACL */
+-            if (!(control & SE_DACL_PROTECTED))
+-            {
+-                status = NtQueryObject(handle, ObjectNameInformation, NULL, 0, &size);
+-                if (status != STATUS_INFO_LENGTH_MISMATCH)
+-                    return RtlNtStatusToDosError(status);
+-
+-                name_info = heap_alloc(size);
+-                if (!name_info)
+-                    return ERROR_NOT_ENOUGH_MEMORY;
+-
+-                status = NtQueryObject(handle, ObjectNameInformation, name_info, size, NULL);
+-                if (status)
+-                {
+-                    heap_free(name_info);
+-                    return RtlNtStatusToDosError(status);
+-                }
+-
+-                for (name_info->Name.Length-=2; name_info->Name.Length>0; name_info->Name.Length-=2)
+-                    if (name_info->Name.Buffer[name_info->Name.Length/2-1]=='\\' ||
+-                            name_info->Name.Buffer[name_info->Name.Length/2-1]=='/')
+-                        break;
+-                if (name_info->Name.Length)
+-                {
+-                    OBJECT_ATTRIBUTES attr;
+-                    IO_STATUS_BLOCK io;
+-                    HANDLE parent;
+-                    PSECURITY_DESCRIPTOR parent_sd;
+-                    ACL *parent_dacl;
+-                    DWORD err = ERROR_ACCESS_DENIED;
+-
+-                    name_info->Name.Buffer[name_info->Name.Length/2] = 0;
+-
+-                    attr.Length = sizeof(attr);
+-                    attr.RootDirectory = 0;
+-                    attr.Attributes = 0;
+-                    attr.ObjectName = &name_info->Name;
+-                    attr.SecurityDescriptor = NULL;
+-                    status = NtOpenFile(&parent, READ_CONTROL, &attr, &io,
+-                            FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
+-                            FILE_OPEN_FOR_BACKUP_INTENT);
+-                    heap_free(name_info);
+-                    if (!status)
+-                    {
+-                        err = GetSecurityInfo(parent, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION,
+-                                NULL, NULL, &parent_dacl, NULL, &parent_sd);
+-                        CloseHandle(parent);
+-                    }
+-
+-                    if (!err)
+-                    {
+-                        int i;
+-
+-                        dacl = heap_alloc_zero(pDacl->AclSize+parent_dacl->AclSize);
+-                        if (!dacl)
+-                        {
+-                            LocalFree(parent_sd);
+-                            return ERROR_NOT_ENOUGH_MEMORY;
+-                        }
+-                        memcpy(dacl, pDacl, pDacl->AclSize);
+-                        dacl->AclSize = pDacl->AclSize+parent_dacl->AclSize;
+-
+-                        for (i=0; i<parent_dacl->AceCount; i++)
+-                        {
+-                            ACE_HEADER *ace;
+-
+-                            if (!GetAce(parent_dacl, i, (void*)&ace))
+-                                continue;
+-                            if (!(ace->AceFlags & (OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE)))
+-                                continue;
+-                            if ((ace->AceFlags & (OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE)) !=
+-                                    (OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE))
+-                            {
+-                                FIXME("unsupported flags: %x\n", ace->AceFlags);
+-                                continue;
+-                            }
+-
+-                            if (ace->AceFlags & NO_PROPAGATE_INHERIT_ACE)
+-                                ace->AceFlags &= ~(OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE|NO_PROPAGATE_INHERIT_ACE);
+-                            ace->AceFlags &= ~INHERIT_ONLY_ACE;
+-                            ace->AceFlags |= INHERITED_ACE;
+-
+-                            if(!AddAce(dacl, ACL_REVISION, MAXDWORD, ace, ace->AceSize))
+-                                WARN("error adding inherited ACE\n");
+-                        }
+-                        LocalFree(parent_sd);
+-                    }
+-                }
+-                else
+-                    heap_free(name_info);
+-            }
+-        }
+-
+-        SetSecurityDescriptorDacl(&sd, TRUE, dacl, FALSE);
+-    }
++        SetSecurityDescriptorDacl(&sd, TRUE, pDacl, FALSE);
+     if (SecurityInfo & SACL_SECURITY_INFORMATION)
+         SetSecurityDescriptorSacl(&sd, TRUE, pSacl, FALSE);
+ 
+@@ -5879,8 +5753,6 @@ DWORD WINAPI SetSecurityInfo(HANDLE handle, SE_OBJECT_TYPE ObjectType,
+         status = NtSetSecurityObject(handle, SecurityInfo, &sd);
+         break;
+     }
+-    if (dacl != pDacl)
+-        heap_free(dacl);
+     return RtlNtStatusToDosError(status);
+ }
+ 
+diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
+index 10f3f8e..a10d781 100644
+--- a/dlls/advapi32/tests/security.c
++++ b/dlls/advapi32/tests/security.c
+@@ -3517,22 +3517,25 @@ static void test_GetNamedSecurityInfoA(void)
+ 
+     error = pGetNamedSecurityInfoA(tmpfile, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION,
+             NULL, NULL, &pDacl, NULL, &pSD);
+-    ok(!error, "GetNamedSecurityInfo failed with error %d\n", error);
++    todo_wine ok(!error, "GetNamedSecurityInfo failed with error %d\n", error);
+ 
+-    bret = pGetAclInformation(pDacl, &acl_size, sizeof(acl_size), AclSizeInformation);
+-    ok(bret, "GetAclInformation failed\n");
+-    if (acl_size.AceCount > 0)
++    if (!error)
+     {
+-        bret = pGetAce(pDacl, 0, (VOID **)&ace);
+-        ok(bret, "Failed to get ACE.\n");
+-        ok(((ACE_HEADER *)ace)->AceFlags & INHERITED_ACE,
+-           "ACE has unexpected flags: 0x%x\n", ((ACE_HEADER *)ace)->AceFlags);
++        bret = pGetAclInformation(pDacl, &acl_size, sizeof(acl_size), AclSizeInformation);
++        ok(bret, "GetAclInformation failed\n");
++        if (acl_size.AceCount > 0)
++        {
++            bret = pGetAce(pDacl, 0, (VOID **)&ace);
++            ok(bret, "Failed to get ACE.\n");
++            ok(((ACE_HEADER *)ace)->AceFlags & INHERITED_ACE,
++                    "ACE has unexpected flags: 0x%x\n", ((ACE_HEADER *)ace)->AceFlags);
++        }
++        LocalFree(pSD);
+     }
+-    LocalFree(pSD);
+ 
+     h = CreateFileA(tmpfile, GENERIC_READ, FILE_SHARE_DELETE|FILE_SHARE_WRITE|FILE_SHARE_READ,
+             NULL, OPEN_EXISTING, 0, NULL);
+-    ok(h != INVALID_HANDLE_VALUE, "CreateFile error %d\n", GetLastError());
++    todo_wine ok(h != INVALID_HANDLE_VALUE, "CreateFile error %d\n", GetLastError());
+     CloseHandle(h);
+ 
+     /* NtSetSecurityObject doesn't inherit DACL entries */
+-- 
+2.3.3
+

patches/advapi32-Revert_DACL/0002-Revert-advapi32-tests-Add-test-for-mapping-DACL-to-p.patch

@@ -0,0 +1,74 @@
+From d93bcd18c978d0d316c0c19a65d07f3d782479c4 Mon Sep 17 00:00:00 2001
+From: Sebastian Lackner <sebastian@fds-team.de>
+Date: Fri, 27 Mar 2015 15:32:17 +0100
+Subject: Revert "advapi32/tests: Add test for mapping DACL to permission."
+
+This reverts commit a4b12eb9f937202848b229ed15f2c7d1823b41da.
+---
+ dlls/advapi32/tests/security.c | 35 ++---------------------------------
+ 1 file changed, 2 insertions(+), 33 deletions(-)
+
+diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
+index a2e4c98..c3884bf 100644
+--- a/dlls/advapi32/tests/security.c
++++ b/dlls/advapi32/tests/security.c
+@@ -3505,6 +3505,7 @@ static void test_GetNamedSecurityInfoA(void)
+            "Administators Group ACE has unexpected mask (0x%x != 0x1f01ff)\n", ace->Mask);
+     }
+     LocalFree(pSD);
++    HeapFree(GetProcessHeap(), 0, user);
+ 
+     /* show that setting empty DACL is not removing all file permissions */
+     pDacl = HeapAlloc(GetProcessHeap(), 0, sizeof(ACL));
+@@ -3541,7 +3542,7 @@ static void test_GetNamedSecurityInfoA(void)
+     /* NtSetSecurityObject doesn't inherit DACL entries */
+     pSD = sd+sizeof(void*)-((ULONG_PTR)sd)%sizeof(void*);
+     InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION);
+-    pDacl = HeapAlloc(GetProcessHeap(), 0, 100);
++    pDacl = HeapAlloc(GetProcessHeap(), 0, sizeof(ACL));
+     bret = InitializeAcl(pDacl, sizeof(ACL), ACL_REVISION);
+     ok(bret, "Failed to initialize ACL.\n");
+     bret = SetSecurityDescriptorDacl(pSD, TRUE, pDacl, FALSE);
+@@ -3572,39 +3573,7 @@ static void test_GetNamedSecurityInfoA(void)
+             NULL, OPEN_EXISTING, 0, NULL);
+     ok(h == INVALID_HANDLE_VALUE, "CreateFile error %d\n", GetLastError());
+     CloseHandle(h);
+-
+-    /* test if DACL is properly mapped to permission */
+-    bret = InitializeAcl(pDacl, 100, ACL_REVISION);
+-    ok(bret, "Failed to initialize ACL.\n");
+-    bret = pAddAccessAllowedAceEx(pDacl, ACL_REVISION, 0, GENERIC_ALL, user_sid);
+-    ok(bret, "Failed to add Current User to ACL.\n");
+-    bret = pAddAccessDeniedAceEx(pDacl, ACL_REVISION, 0, GENERIC_ALL, user_sid);
+-    ok(bret, "Failed to add Current User to ACL.\n");
+-    bret = SetSecurityDescriptorDacl(pSD, TRUE, pDacl, FALSE);
+-    ok(bret, "Failed to add ACL to security desciptor.\n");
+-    status = pNtSetSecurityObject(hTemp, DACL_SECURITY_INFORMATION, pSD);
+-    ok(status == ERROR_SUCCESS, "NtSetSecurityObject returned %x\n", status);
+-
+-    h = CreateFileA(tmpfile, GENERIC_READ, FILE_SHARE_DELETE|FILE_SHARE_WRITE|FILE_SHARE_READ,
+-            NULL, OPEN_EXISTING, 0, NULL);
+-    todo_wine ok(h != INVALID_HANDLE_VALUE, "CreateFile error %d\n", GetLastError());
+-
+-    bret = InitializeAcl(pDacl, 100, ACL_REVISION);
+-    ok(bret, "Failed to initialize ACL.\n");
+-    bret = pAddAccessDeniedAceEx(pDacl, ACL_REVISION, 0, GENERIC_ALL, user_sid);
+-    ok(bret, "Failed to add Current User to ACL.\n");
+-    bret = pAddAccessAllowedAceEx(pDacl, ACL_REVISION, 0, GENERIC_ALL, user_sid);
+-    ok(bret, "Failed to add Current User to ACL.\n");
+-    bret = SetSecurityDescriptorDacl(pSD, TRUE, pDacl, FALSE);
+-    ok(bret, "Failed to add ACL to security desciptor.\n");
+-    status = pNtSetSecurityObject(hTemp, DACL_SECURITY_INFORMATION, pSD);
+-    ok(status == ERROR_SUCCESS, "NtSetSecurityObject returned %x\n", status);
+-
+-    h = CreateFileA(tmpfile, GENERIC_READ, FILE_SHARE_DELETE|FILE_SHARE_WRITE|FILE_SHARE_READ,
+-            NULL, OPEN_EXISTING, 0, NULL);
+-    ok(h == INVALID_HANDLE_VALUE, "CreateFile error %d\n", GetLastError());
+     HeapFree(GetProcessHeap(), 0, pDacl);
+-    HeapFree(GetProcessHeap(), 0, user);
+     CloseHandle(hTemp);
+ 
+     /* Create security descriptor with no inheritance and test that it comes back the same */
+-- 
+2.3.3
+

patches/advapi32-Revert_DACL/0003-Revert-advapi32-Add-SetNamedSecurityInfo-test-with-e.patch

@@ -0,0 +1,142 @@
+From 753dc1b6d8025271b487b4c4cc39a6f44a274cfd Mon Sep 17 00:00:00 2001
+From: Sebastian Lackner <sebastian@fds-team.de>
+Date: Fri, 27 Mar 2015 15:32:32 +0100
+Subject: Revert "advapi32: Add SetNamedSecurityInfo test with empty DACL."
+
+This reverts commit 02c4f5bd275d70d1dcb48bf95775efa376b50c22.
+---
+ dlls/advapi32/tests/security.c | 79 +++---------------------------------------
+ 1 file changed, 4 insertions(+), 75 deletions(-)
+
+diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
+index c3884bf..f98bf2b 100644
+--- a/dlls/advapi32/tests/security.c
++++ b/dlls/advapi32/tests/security.c
+@@ -125,7 +125,6 @@ static BOOL (WINAPI *pCreateRestrictedToken)(HANDLE, DWORD, DWORD, PSID_AND_ATTR
+                                              PLUID_AND_ATTRIBUTES, DWORD, PSID_AND_ATTRIBUTES, PHANDLE);
+ static BOOL (WINAPI *pGetAclInformation)(PACL,LPVOID,DWORD,ACL_INFORMATION_CLASS);
+ static BOOL (WINAPI *pGetAce)(PACL,DWORD,LPVOID*);
+-static NTSTATUS (WINAPI *pNtSetSecurityObject)(HANDLE,SECURITY_INFORMATION,PSECURITY_DESCRIPTOR);
+ static NTSTATUS (WINAPI *pNtCreateFile)(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES,PIO_STATUS_BLOCK,PLARGE_INTEGER,ULONG,ULONG,ULONG,ULONG,PVOID,ULONG);
+ static BOOL     (WINAPI *pRtlDosPathNameToNtPathName_U)(LPCWSTR,PUNICODE_STRING,PWSTR*,CURDIR*);
+ static NTSTATUS (WINAPI *pRtlAnsiStringToUnicodeString)(PUNICODE_STRING,PCANSI_STRING,BOOLEAN);
+@@ -155,7 +154,6 @@ static void init(void)
+     hntdll = GetModuleHandleA("ntdll.dll");
+     pNtQueryObject = (void *)GetProcAddress( hntdll, "NtQueryObject" );
+     pNtAccessCheck = (void *)GetProcAddress( hntdll, "NtAccessCheck" );
+-    pNtSetSecurityObject = (void *)GetProcAddress(hntdll, "NtSetSecurityObject");
+     pNtCreateFile = (void *)GetProcAddress(hntdll, "NtCreateFile");
+     pRtlDosPathNameToNtPathName_U = (void *)GetProcAddress(hntdll, "RtlDosPathNameToNtPathName_U");
+     pRtlAnsiStringToUnicodeString = (void *)GetProcAddress(hntdll, "RtlAnsiStringToUnicodeString");
+@@ -3332,7 +3330,7 @@ static void test_GetNamedSecurityInfoA(void)
+     char invalid_path[] = "/an invalid file path";
+     int users_ace_id = -1, admins_ace_id = -1, i;
+     char software_key[] = "MACHINE\\Software";
+-    char sd[SECURITY_DESCRIPTOR_MIN_LENGTH+sizeof(void*)];
++    char sd[SECURITY_DESCRIPTOR_MIN_LENGTH];
+     SECURITY_DESCRIPTOR_CONTROL control;
+     ACL_SIZE_INFORMATION acl_size;
+     CHAR windows_dir[MAX_PATH];
+@@ -3344,12 +3342,11 @@ static void test_GetNamedSecurityInfoA(void)
+     BOOL owner_defaulted;
+     BOOL group_defaulted;
+     BOOL dacl_defaulted;
+-    HANDLE token, hTemp, h;
++    HANDLE token, hTemp;
+     PSID owner, group;
+     BOOL dacl_present;
+     PACL pDacl;
+     BYTE flags;
+-    NTSTATUS status;
+ 
+     if (!pSetNamedSecurityInfoA || !pGetNamedSecurityInfoA || !pCreateWellKnownSid)
+     {
+@@ -3454,8 +3451,8 @@ static void test_GetNamedSecurityInfoA(void)
+     bret = SetSecurityDescriptorDacl(pSD, TRUE, pDacl, FALSE);
+     ok(bret, "Failed to add ACL to security desciptor.\n");
+     GetTempFileNameA(".", "foo", 0, tmpfile);
+-    hTemp = CreateFileA(tmpfile, WRITE_DAC|GENERIC_WRITE, FILE_SHARE_DELETE|FILE_SHARE_READ,
+-                        NULL, OPEN_EXISTING, FILE_FLAG_DELETE_ON_CLOSE, NULL);
++    hTemp = CreateFileA(tmpfile, GENERIC_WRITE, FILE_SHARE_READ, NULL, OPEN_EXISTING,
++                        FILE_FLAG_DELETE_ON_CLOSE, NULL);
+     SetLastError(0xdeadbeef);
+     error = pSetNamedSecurityInfoA(tmpfile, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL,
+                                    NULL, pDacl, NULL);
+@@ -3506,74 +3503,6 @@ static void test_GetNamedSecurityInfoA(void)
+     }
+     LocalFree(pSD);
+     HeapFree(GetProcessHeap(), 0, user);
+-
+-    /* show that setting empty DACL is not removing all file permissions */
+-    pDacl = HeapAlloc(GetProcessHeap(), 0, sizeof(ACL));
+-    bret = InitializeAcl(pDacl, sizeof(ACL), ACL_REVISION);
+-    ok(bret, "Failed to initialize ACL.\n");
+-    error =  pSetNamedSecurityInfoA(tmpfile, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION,
+-            NULL, NULL, pDacl, NULL);
+-    ok(!error, "SetNamedSecurityInfoA failed with error %d\n", error);
+-    HeapFree(GetProcessHeap(), 0, pDacl);
+-
+-    error = pGetNamedSecurityInfoA(tmpfile, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION,
+-            NULL, NULL, &pDacl, NULL, &pSD);
+-    todo_wine ok(!error, "GetNamedSecurityInfo failed with error %d\n", error);
+-
+-    if (!error)
+-    {
+-        bret = pGetAclInformation(pDacl, &acl_size, sizeof(acl_size), AclSizeInformation);
+-        ok(bret, "GetAclInformation failed\n");
+-        if (acl_size.AceCount > 0)
+-        {
+-            bret = pGetAce(pDacl, 0, (VOID **)&ace);
+-            ok(bret, "Failed to get ACE.\n");
+-            ok(((ACE_HEADER *)ace)->AceFlags & INHERITED_ACE,
+-                    "ACE has unexpected flags: 0x%x\n", ((ACE_HEADER *)ace)->AceFlags);
+-        }
+-        LocalFree(pSD);
+-    }
+-
+-    h = CreateFileA(tmpfile, GENERIC_READ, FILE_SHARE_DELETE|FILE_SHARE_WRITE|FILE_SHARE_READ,
+-            NULL, OPEN_EXISTING, 0, NULL);
+-    todo_wine ok(h != INVALID_HANDLE_VALUE, "CreateFile error %d\n", GetLastError());
+-    CloseHandle(h);
+-
+-    /* NtSetSecurityObject doesn't inherit DACL entries */
+-    pSD = sd+sizeof(void*)-((ULONG_PTR)sd)%sizeof(void*);
+-    InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION);
+-    pDacl = HeapAlloc(GetProcessHeap(), 0, sizeof(ACL));
+-    bret = InitializeAcl(pDacl, sizeof(ACL), ACL_REVISION);
+-    ok(bret, "Failed to initialize ACL.\n");
+-    bret = SetSecurityDescriptorDacl(pSD, TRUE, pDacl, FALSE);
+-    ok(bret, "Failed to add ACL to security desciptor.\n");
+-    status = pNtSetSecurityObject(hTemp, DACL_SECURITY_INFORMATION, pSD);
+-    ok(status == ERROR_SUCCESS, "NtSetSecurityObject returned %x\n", status);
+-
+-    h = CreateFileA(tmpfile, GENERIC_READ, FILE_SHARE_DELETE|FILE_SHARE_WRITE|FILE_SHARE_READ,
+-            NULL, OPEN_EXISTING, 0, NULL);
+-    ok(h == INVALID_HANDLE_VALUE, "CreateFile error %d\n", GetLastError());
+-    CloseHandle(h);
+-
+-    pSetSecurityDescriptorControl(pSD, SE_DACL_AUTO_INHERIT_REQ, SE_DACL_AUTO_INHERIT_REQ);
+-    status = pNtSetSecurityObject(hTemp, DACL_SECURITY_INFORMATION, pSD);
+-    ok(status == ERROR_SUCCESS, "NtSetSecurityObject returned %x\n", status);
+-
+-    h = CreateFileA(tmpfile, GENERIC_READ, FILE_SHARE_DELETE|FILE_SHARE_WRITE|FILE_SHARE_READ,
+-            NULL, OPEN_EXISTING, 0, NULL);
+-    ok(h == INVALID_HANDLE_VALUE, "CreateFile error %d\n", GetLastError());
+-    CloseHandle(h);
+-
+-    pSetSecurityDescriptorControl(pSD, SE_DACL_AUTO_INHERIT_REQ|SE_DACL_AUTO_INHERITED,
+-            SE_DACL_AUTO_INHERIT_REQ|SE_DACL_AUTO_INHERITED);
+-    status = pNtSetSecurityObject(hTemp, DACL_SECURITY_INFORMATION, pSD);
+-    ok(status == ERROR_SUCCESS, "NtSetSecurityObject returned %x\n", status);
+-
+-    h = CreateFileA(tmpfile, GENERIC_READ, FILE_SHARE_DELETE|FILE_SHARE_WRITE|FILE_SHARE_READ,
+-            NULL, OPEN_EXISTING, 0, NULL);
+-    ok(h == INVALID_HANDLE_VALUE, "CreateFile error %d\n", GetLastError());
+-    CloseHandle(h);
+-    HeapFree(GetProcessHeap(), 0, pDacl);
+     CloseHandle(hTemp);
+ 
+     /* Create security descriptor with no inheritance and test that it comes back the same */
+-- 
+2.3.3
+

patches/advapi32-Revert_DACL/0004-Revert-server-Make-directory-DACL-entries-inheritabl.patch

@@ -0,0 +1,53 @@
+From 815d8d20d0710dff782cb20cb286b32c23ee9f1e Mon Sep 17 00:00:00 2001
+From: Sebastian Lackner <sebastian@fds-team.de>
+Date: Fri, 27 Mar 2015 15:32:44 +0100
+Subject: Revert "server: Make directory DACL entries inheritable."
+
+This reverts commit 3eb448cf33b6b6635bac4e06ea7fddd190e26450.
+---
+ server/file.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/server/file.c b/server/file.c
+index a50276e..09b7811 100644
+--- a/server/file.c
++++ b/server/file.c
+@@ -442,7 +442,7 @@ struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID
+     aaa = (ACCESS_ALLOWED_ACE *)(dacl + 1);
+     current_ace = &aaa->Header;
+     aaa->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
+-    aaa->Header.AceFlags = (mode & S_IFDIR) ? OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE : 0;
++    aaa->Header.AceFlags = 0;
+     aaa->Header.AceSize = FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart) + security_sid_len( local_system_sid );
+     aaa->Mask = FILE_ALL_ACCESS;
+     sid = (SID *)&aaa->SidStart;
+@@ -454,7 +454,7 @@ struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID
+         aaa = (ACCESS_ALLOWED_ACE *)ace_next( current_ace );
+         current_ace = &aaa->Header;
+         aaa->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
+-        aaa->Header.AceFlags = (mode & S_IFDIR) ? OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE : 0;
++        aaa->Header.AceFlags = 0;
+         aaa->Header.AceSize = FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart) + security_sid_len( user );
+         aaa->Mask = WRITE_DAC | WRITE_OWNER;
+         if (mode & S_IRUSR)
+@@ -472,7 +472,7 @@ struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID
+         ACCESS_DENIED_ACE *ada = (ACCESS_DENIED_ACE *)ace_next( current_ace );
+         current_ace = &ada->Header;
+         ada->Header.AceType = ACCESS_DENIED_ACE_TYPE;
+-        ada->Header.AceFlags = (mode & S_IFDIR) ? OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE : 0;
++        ada->Header.AceFlags = 0;
+         ada->Header.AceSize = FIELD_OFFSET(ACCESS_DENIED_ACE, SidStart) + security_sid_len( user );
+         ada->Mask = 0;
+         if (!(mode & S_IRUSR) && (mode & (S_IRGRP|S_IROTH)))
+@@ -489,7 +489,7 @@ struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID
+         aaa = (ACCESS_ALLOWED_ACE *)ace_next( current_ace );
+         current_ace = &aaa->Header;
+         aaa->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
+-        aaa->Header.AceFlags = (mode & S_IFDIR) ? OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE : 0;
++        aaa->Header.AceFlags = 0;
+         aaa->Header.AceSize = FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart) + security_sid_len( world_sid );
+         aaa->Mask = 0;
+         if (mode & S_IROTH)
+-- 
+2.3.3
+

patches/advapi32-Revert_DACL/0005-Revert-advapi-Don-t-use-CreateFile-when-opening-file.patch

@@ -0,0 +1,77 @@
+From 1140e8684c3857c4ccb484cd8cd08c6fbe426066 Mon Sep 17 00:00:00 2001
+From: Sebastian Lackner <sebastian@fds-team.de>
+Date: Fri, 27 Mar 2015 15:32:56 +0100
+Subject: Revert "advapi: Don't use CreateFile when opening file with possibly
+ empty DACL."
+
+This reverts commit f956bb4caa442ccde1ddaf483c5cb619bbf4049a.
+---
+ dlls/advapi32/security.c | 22 +++++++++-------------
+ 1 file changed, 9 insertions(+), 13 deletions(-)
+
+diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c
+index e8cdcc5..097b0da 100644
+--- a/dlls/advapi32/security.c
++++ b/dlls/advapi32/security.c
+@@ -397,7 +397,7 @@ static inline BOOL set_ntstatus( NTSTATUS status )
+ }
+ 
+ /* helper function for SE_FILE_OBJECT objects in [Get|Set]NamedSecurityInfo */
+-static inline DWORD get_security_file( LPCWSTR full_file_name, DWORD access, HANDLE *file )
++static inline DWORD get_security_file( LPWSTR full_file_name, DWORD access, HANDLE *file )
+ {
+     UNICODE_STRING file_nameW;
+     OBJECT_ATTRIBUTES attr;
+@@ -2029,7 +2029,7 @@ GetFileSecurityW( LPCWSTR lpFileName,
+ {
+     HANDLE hfile;
+     NTSTATUS status;
+-    DWORD access = 0, err;
++    DWORD access = 0;
+ 
+     TRACE("(%s,%d,%p,%d,%p)\n", debugstr_w(lpFileName),
+           RequestedInformation, pSecurityDescriptor,
+@@ -2041,12 +2041,10 @@ GetFileSecurityW( LPCWSTR lpFileName,
+     if (RequestedInformation & SACL_SECURITY_INFORMATION)
+         access |= ACCESS_SYSTEM_SECURITY;
+ 
+-    err = get_security_file( lpFileName, access, &hfile);
+-    if (err)
+-    {
+-        SetLastError(err);
++    hfile = CreateFileW( lpFileName, access, FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
++                         NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, 0 );
++    if ( hfile == INVALID_HANDLE_VALUE )
+         return FALSE;
+-    }
+ 
+     status = NtQuerySecurityObject( hfile, RequestedInformation, pSecurityDescriptor,
+                                     nLength, lpnLengthNeeded );
+@@ -2327,7 +2325,7 @@ SetFileSecurityW( LPCWSTR lpFileName,
+                     PSECURITY_DESCRIPTOR pSecurityDescriptor )
+ {
+     HANDLE file;
+-    DWORD access = 0, err;
++    DWORD access = 0;
+     NTSTATUS status;
+ 
+     TRACE("(%s, 0x%x, %p)\n", debugstr_w(lpFileName), RequestedInformation,
+@@ -2341,12 +2339,10 @@ SetFileSecurityW( LPCWSTR lpFileName,
+     if (RequestedInformation & DACL_SECURITY_INFORMATION)
+         access |= WRITE_DAC;
+ 
+-    err = get_security_file( lpFileName, access, &file);
+-    if (err)
+-    {
+-        SetLastError(err);
++    file = CreateFileW( lpFileName, access, FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
++                        NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, NULL );
++    if (file == INVALID_HANDLE_VALUE)
+         return FALSE;
+-    }
+ 
+     status = NtSetSecurityObject( file, RequestedInformation, pSecurityDescriptor );
+     CloseHandle( file );
+-- 
+2.3.3
+

patches/advapi32-Revert_DACL/definition

@@ -0,0 +1 @@
+Depends: advapi32-ACL_Tests

patches/browseui-Race_Conditions/0001-browseui-Avoid-race-conditions-when-progress-dialog-.patch

@@ -1,48 +0,0 @@
-From da4415d947b792fc5e0de978cf22e68d2b6b8601 Mon Sep 17 00:00:00 2001
-From: Sebastian Lackner <sebastian@fds-team.de>
-Date: Sun, 1 Mar 2015 03:52:06 +0100
-Subject: browseui: Avoid race-conditions when progress dialog is released
- before thread terminates.
-
----
- dlls/browseui/progressdlg.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/dlls/browseui/progressdlg.c b/dlls/browseui/progressdlg.c
-index e61a4cc..7d07ee9 100644
---- a/dlls/browseui/progressdlg.c
-+++ b/dlls/browseui/progressdlg.c
-@@ -235,6 +235,7 @@ static DWORD WINAPI dialog_thread(LPVOID lpParameter)
-     /* Note: until we set the hEvent in WM_INITDIALOG, the ProgressDialog object
-      * is protected by the critical section held by StartProgress */
-     struct create_params *params = lpParameter;
-+    ProgressDialog *This = params->This;
-     HWND hwnd;
-     MSG msg;
- 
-@@ -252,6 +253,7 @@ static DWORD WINAPI dialog_thread(LPVOID lpParameter)
-         }
-     }
- 
-+    IProgressDialog_Release(&This->IProgressDialog_iface);
-     return 0;
- }
- 
-@@ -341,10 +343,14 @@ static HRESULT WINAPI ProgressDialog_StartProgressDialog(IProgressDialog *iface,
-         return S_OK;  /* as on XP */
-     }
-     This->dwFlags = dwFlags;
-+
-     params.This = This;
-     params.hwndParent = hwndParent;
-     params.hEvent = CreateEventW(NULL, TRUE, FALSE, NULL);
- 
-+    /* thread holds one reference to ensure clean shutdown */
-+    IProgressDialog_AddRef(&This->IProgressDialog_iface);
-+
-     hThread = CreateThread(NULL, 0, dialog_thread, &params, 0, NULL);
-     WaitForSingleObject(params.hEvent, INFINITE);
-     CloseHandle(params.hEvent);
--- 
-2.3.0
-

patches/d3dx9_36-D3DXStubs/0004-d3dx9_36-Add-stub-for-D3DXComputeNormalMap.patch

@@ -17,7 +17,7 @@ index 4a473e6..8a66668 100644
  @ stub D3DXComputeIMTFromSignal(ptr long long long long ptr ptr ptr ptr ptr)
  @ stub D3DXComputeIMTFromTexture(ptr ptr long long ptr ptr ptr)
 -@ stub D3DXComputeNormalMap(ptr ptr ptr long long long)
-+@ stdcall D3DXComputeNormalMap(ptr ptr ptr long long long)
++@ stdcall D3DXComputeNormalMap(ptr ptr ptr long long float)
  @ stdcall D3DXComputeNormals(ptr ptr)
  @ stub D3DXComputeTangent(ptr long long long long ptr)
  @ stub D3DXComputeTangentFrame(ptr long)

patches/ddraw-Palette/0001-ddraw-Update-the-palette-before-presents-to-the-NULL.patch

@@ -1,26 +0,0 @@
-From 8b42b214de22c117d61f2e59f2f3708046e9c9d6 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Stefan=20D=C3=B6singer?= <stefan@codeweavers.com>
-Date: Fri, 20 Mar 2015 12:47:10 +0100
-Subject: ddraw: Update the palette before presents to the NULL window.
-
-This fixes bug 38248.
----
- dlls/ddraw/surface.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/dlls/ddraw/surface.c b/dlls/ddraw/surface.c
-index b8c9872..0d2d731 100644
---- a/dlls/ddraw/surface.c
-+++ b/dlls/ddraw/surface.c
-@@ -81,6 +81,8 @@ HRESULT ddraw_surface_update_frontbuffer(struct ddraw_surface *surface, const RE
-         ERR("Failed to get surface DC, hr %#x.\n", hr);
-         return hr;
-     }
-+    if (surface->palette)
-+        wined3d_palette_apply_to_dc(surface->palette->wineD3DPalette, surface_dc);
- 
-     if (!(screen_dc = GetDC(NULL)))
-     {
--- 
-2.3.2
-