Release 2.2.

Also remove a broken link.

LICENSE.md

@@ -7,7 +7,7 @@ are part of **Wine Staging** and are licensed under the terms of the
 [LGPLv2.1](#gnu-lgpl-version-21), to stay compatible with Wine:
 
 ```
-Copyright (C) 2014-2016 the Wine Staging project authors.
+Copyright (C) 2014-2017 the Wine Staging project authors.
 
 Wine Staging is free software; you can redistribute it and/or
 modify it under the terms of the GNU Lesser General Public

patches/Compiler_Warnings/0026-dwrite-Avoid-implicit-cast-of-interface-pointer.patch

@@ -1,18 +1,18 @@
-From c695e014f25fd613ead12115a715cdb4303d632f Mon Sep 17 00:00:00 2001
+From 744549e1ecc76c3764079d337c09445d01a3527e Mon Sep 17 00:00:00 2001
 From: Sebastian Lackner <sebastian@fds-team.de>
 Date: Tue, 22 Mar 2016 21:58:40 +0100
 Subject: dwrite: Avoid implicit cast of interface pointer.
 
 ---
- dlls/dwrite/font.c   | 6 +++---
+ dlls/dwrite/font.c   | 4 ++--
  dlls/dwrite/layout.c | 2 +-
- 2 files changed, 4 insertions(+), 4 deletions(-)
+ 2 files changed, 3 insertions(+), 3 deletions(-)
 
 diff --git a/dlls/dwrite/font.c b/dlls/dwrite/font.c
-index ba97025..0a90c20 100644
+index d9ddce0..0a90c20 100644
 --- a/dlls/dwrite/font.c
 +++ b/dlls/dwrite/font.c
-@@ -1684,15 +1684,15 @@ static struct dwrite_font *unsafe_impl_from_IDWriteFont(IDWriteFont *iface)
+@@ -1684,7 +1684,7 @@ static struct dwrite_font *unsafe_impl_from_IDWriteFont(IDWriteFont *iface)
      if (!iface)
          return NULL;
      assert(iface->lpVtbl == (IDWriteFontVtbl*)&dwritefontvtbl);
@@ -21,12 +21,11 @@ index ba97025..0a90c20 100644
  }
  
  static struct dwrite_fontface *unsafe_impl_from_IDWriteFontFace(IDWriteFontFace *iface)
- {
+@@ -1692,7 +1692,7 @@ static struct dwrite_fontface *unsafe_impl_from_IDWriteFontFace(IDWriteFontFace
      if (!iface)
          return NULL;
--    assert(iface->lpVtbl = (IDWriteFontFaceVtbl*)&dwritefontfacevtbl);
+     assert(iface->lpVtbl == (IDWriteFontFaceVtbl*)&dwritefontfacevtbl);
 -    return CONTAINING_RECORD(iface, struct dwrite_fontface, IDWriteFontFace4_iface);
-+    assert(iface->lpVtbl == (IDWriteFontFaceVtbl*)&dwritefontfacevtbl);
 +    return CONTAINING_RECORD((IDWriteFontFace4 *)iface, struct dwrite_fontface, IDWriteFontFace4_iface);
  }
  

patches/Compiler_Warnings/definition

@@ -1 +0,0 @@
-Category: stable

patches/Staging/0001-kernel32-Add-winediag-message-to-show-warning-that-t.patch

@@ -1,4 +1,4 @@
-From a41dac0b19ec2ba3807da4ac42d77717d79f1115 Mon Sep 17 00:00:00 2001
+From 41ee5d7699182ea01c61223ab9d0a10473e16ac2 Mon Sep 17 00:00:00 2001
 From: Sebastian Lackner <sebastian@fds-team.de>
 Date: Thu, 2 Oct 2014 19:44:31 +0200
 Subject: kernel32: Add winediag message to show warning, that this isn't
@@ -9,7 +9,7 @@ Subject: kernel32: Add winediag message to show warning, that this isn't
  1 file changed, 9 insertions(+)
 
 diff --git a/dlls/kernel32/process.c b/dlls/kernel32/process.c
-index b0c06e3..a2c1d4c 100644
+index 6d0fc74cdf4..ed1d967ffdf 100644
 --- a/dlls/kernel32/process.c
 +++ b/dlls/kernel32/process.c
 @@ -65,6 +65,7 @@
@@ -20,7 +20,7 @@ index b0c06e3..a2c1d4c 100644
  
  #ifdef __APPLE__
  extern char **__wine_get_main_environment(void);
-@@ -1099,6 +1100,14 @@ static DWORD WINAPI start_process( PEB *peb )
+@@ -1104,6 +1105,14 @@ static DWORD WINAPI start_process( PEB *peb )
          DPRINTF( "%04x:Starting process %s (entryproc=%p)\n", GetCurrentThreadId(),
                   debugstr_w(peb->ProcessParameters->ImagePathName.Buffer), entry );
  
@@ -32,9 +32,9 @@ index b0c06e3..a2c1d4c 100644
 +    else
 +        WARN_(winediag)("Wine Staging %s is a testing version containing experimental patches.\n", wine_get_version());
 +
-     SetLastError( 0 );  /* clear error code */
-     if (peb->BeingDebugged) DbgBreakPoint();
-     return call_process_entry( peb, entry );
+     if (!CheckRemoteDebuggerPresent( GetCurrentProcess(), &being_debugged ))
+         being_debugged = FALSE;
+ 
 -- 
-2.5.1
+2.11.0
 

patches/Staging/definition

@@ -1 +0,0 @@
-Category: stable

patches/advapi32-GetExplicitEntriesFromAclW/0001-advapi32-Implement-GetExplicitEntriesFromAclW.patch

@@ -1,4 +1,4 @@
-From cb383abcb7d36d739092a93c1f276895622b6806 Mon Sep 17 00:00:00 2001
+From b4469d7a12637ef2b57df3f6aebbe65c9b52ef57 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
 Date: Sun, 28 Aug 2016 21:56:41 +0200
 Subject: advapi32: Implement GetExplicitEntriesFromAclW.
@@ -9,7 +9,7 @@ Subject: advapi32: Implement GetExplicitEntriesFromAclW.
  2 files changed, 221 insertions(+), 2 deletions(-)
 
 diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c
-index 92a1789..c60aa4e 100644
+index 7e41c0a7361..ccd0bf64cab 100644
 --- a/dlls/advapi32/security.c
 +++ b/dlls/advapi32/security.c
 @@ -4202,8 +4202,85 @@ DWORD WINAPI GetExplicitEntriesFromAclA( PACL pacl, PULONG pcCountOfExplicitEntr
@@ -101,7 +101,7 @@ index 92a1789..c60aa4e 100644
  
  /******************************************************************************
 diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
-index cf104ab..2bcb108 100644
+index c31dfbeace3..23cbff58117 100644
 --- a/dlls/advapi32/tests/security.c
 +++ b/dlls/advapi32/tests/security.c
 @@ -133,6 +133,7 @@ static BOOL     (WINAPI *pGetWindowsAccountDomainSid)(PSID,PSID,DWORD*);
@@ -120,8 +120,8 @@ index cf104ab..2bcb108 100644
  
      myARGC = winetest_get_mainargs( &myARGV );
  }
-@@ -6378,6 +6380,145 @@ static void test_pseudo_tokens(void)
-                  "Expected ERROR_NO_TOKEN, got %u\n", GetLastError());
+@@ -6451,6 +6453,145 @@ static void test_maximum_allowed(void)
+     CloseHandle(handle);
  }
  
 +static void test_GetExplicitEntriesFromAclW(void)
@@ -266,12 +266,12 @@ index cf104ab..2bcb108 100644
  START_TEST(security)
  {
      init();
-@@ -6424,4 +6565,5 @@ START_TEST(security)
-     test_system_security_access();
+@@ -6499,4 +6640,5 @@ START_TEST(security)
      test_GetSidIdentifierAuthority();
      test_pseudo_tokens();
+     test_maximum_allowed();
 +    test_GetExplicitEntriesFromAclW();
  }
 -- 
-2.9.0
+2.11.0
 

patches/advapi32-LookupSecurityDescriptorParts/0001-advapi32-add-LookupSecurityDescriptorPartsA-W-stubs.patch

@@ -0,0 +1,61 @@
+From bb079b53bc79d44987d5f7ac93d0e1d2c5b00698 Mon Sep 17 00:00:00 2001
+From: Austin English <austinenglish@gmail.com>
+Date: Wed, 9 Nov 2016 21:46:10 -0600
+Subject: advapi32: add LookupSecurityDescriptorPartsA/W stubs
+
+Fixes https://bugs.winehq.org/show_bug.cgi?id=41682
+---
+ dlls/advapi32/advapi32.spec |  4 ++--
+ dlls/advapi32/security.c    | 24 ++++++++++++++++++++++++
+ 2 files changed, 26 insertions(+), 2 deletions(-)
+
+diff --git a/dlls/advapi32/advapi32.spec b/dlls/advapi32/advapi32.spec
+index 6c57c88adf7..88d8634ef64 100644
+--- a/dlls/advapi32/advapi32.spec
++++ b/dlls/advapi32/advapi32.spec
+@@ -415,8 +415,8 @@
+ @ stdcall LookupPrivilegeNameW(wstr ptr ptr ptr)
+ @ stdcall LookupPrivilegeValueA(ptr ptr ptr)
+ @ stdcall LookupPrivilegeValueW(ptr ptr ptr)
+-# @ stub LookupSecurityDescriptorPartsA
+-# @ stub LookupSecurityDescriptorPartsW
++@ stdcall LookupSecurityDescriptorPartsA(ptr ptr ptr ptr ptr ptr ptr)
++@ stdcall LookupSecurityDescriptorPartsW(ptr ptr ptr ptr ptr ptr ptr)
+ @ stdcall LsaAddAccountRights(ptr ptr ptr long)
+ @ stub LsaAddPrivilegesToAccount
+ # @ stub LsaClearAuditLog
+diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c
+index 3b5d7a42b6f..01e8ea02706 100644
+--- a/dlls/advapi32/security.c
++++ b/dlls/advapi32/security.c
+@@ -6199,3 +6199,27 @@ BOOL WINAPI SaferSetLevelInformation(SAFER_LEVEL_HANDLE handle, SAFER_OBJECT_INF
+     FIXME("(%p %u %p %u) stub\n", handle, infotype, buffer, size);
+     return FALSE;
+ }
++
++/******************************************************************************
++ * LookupSecurityDescriptorPartsA   [ADVAPI32.@]
++ */
++DWORD WINAPI LookupSecurityDescriptorPartsA(TRUSTEEA *owner, TRUSTEEA *group, ULONG *access_count,
++                                            EXPLICIT_ACCESSA *access_list, ULONG *audit_count,
++                                            EXPLICIT_ACCESSA *audit_list, SECURITY_DESCRIPTOR *descriptor)
++{
++    FIXME("(%p %p %p %p %p %p %p) stub\n", owner, group, access_count,
++          access_list, audit_count, audit_list, descriptor);
++    return ERROR_CALL_NOT_IMPLEMENTED;
++}
++
++/******************************************************************************
++ * LookupSecurityDescriptorPartsW   [ADVAPI32.@]
++ */
++DWORD WINAPI LookupSecurityDescriptorPartsW(TRUSTEEW *owner, TRUSTEEW *group, ULONG *access_count,
++                                            EXPLICIT_ACCESSW *access_list, ULONG *audit_count,
++                                            EXPLICIT_ACCESSW *audit_list, SECURITY_DESCRIPTOR *descriptor)
++{
++    FIXME("(%p %p %p %p %p %p %p) stub\n", owner, group, access_count,
++          access_list, audit_count, audit_list, descriptor);
++    return ERROR_CALL_NOT_IMPLEMENTED;
++}
+-- 
+2.11.0
+

patches/advapi32-LookupSecurityDescriptorParts/definition

@@ -0,0 +1 @@
+Fixes: [41682] Add stub for advapi32.LookupSecurityDescriptorPartsA/W

patches/advapi32-LsaLookupSids/0004-advapi32-Fallback-to-Sid-string-when-LookupAccountSi.patch

@@ -1,4 +1,4 @@
-From 616c17cc58a4943d3a367704943e737d5713740d Mon Sep 17 00:00:00 2001
+From 77d43d721793edda9b419f7426442a35f0cb5918 Mon Sep 17 00:00:00 2001
 From: Qian Hong <qhong@codeweavers.com>
 Date: Tue, 7 Apr 2015 11:23:34 +0800
 Subject: advapi32: Fallback to Sid string when LookupAccountSid fails.
@@ -8,7 +8,7 @@ Subject: advapi32: Fallback to Sid string when LookupAccountSid fails.
  1 file changed, 31 insertions(+)
 
 diff --git a/dlls/advapi32/lsa.c b/dlls/advapi32/lsa.c
-index 258b8ca..93afa20 100644
+index 1b270a80829..b8dedbd6d58 100644
 --- a/dlls/advapi32/lsa.c
 +++ b/dlls/advapi32/lsa.c
 @@ -29,6 +29,7 @@
@@ -19,8 +19,8 @@ index 258b8ca..93afa20 100644
  #include "advapi32_misc.h"
  
  #include "wine/debug.h"
-@@ -554,6 +555,21 @@ NTSTATUS WINAPI LsaLookupSids(
-                 heap_free(name);
+@@ -562,6 +563,21 @@ NTSTATUS WINAPI LsaLookupSids(
+                 domain.MaximumLength = sizeof(WCHAR);
              }
          }
 +        else
@@ -41,9 +41,9 @@ index 258b8ca..93afa20 100644
      }
  
      /* now we have full length needed for both */
-@@ -593,6 +609,21 @@ NTSTATUS WINAPI LsaLookupSids(
-                 heap_free(domain.Buffer);
-             }
+@@ -605,6 +621,21 @@ NTSTATUS WINAPI LsaLookupSids(
+             (*Names)[i].DomainIndex = lsa_reflist_add_domain(*ReferencedDomains, &domain, &domain_data);
+             heap_free(domain.Buffer);
          }
 +        else
 +        {
@@ -64,5 +64,5 @@ index 258b8ca..93afa20 100644
          name_buffer += name_size;
      }
 -- 
-2.3.5
+2.11.0
 

patches/advapi32-WinBuiltinAnyPackageSid/0001-advapi32-SDDL-assigns-the-AC-abbreviation-to-WinBuil.patch

@@ -0,0 +1,26 @@
+From e71a9b9a10c2de28a617f9490c3d135b1e12adf1 Mon Sep 17 00:00:00 2001
+From: Dmitry Timoshkov <dmitry@baikal.ru>
+Date: Fri, 16 Dec 2016 13:20:32 +0800
+Subject: advapi32: SDDL assigns the "AC" abbreviation to
+ WinBuiltinAnyPackageSid.
+
+---
+ dlls/advapi32/security.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c
+index 28331df..3b585aa 100644
+--- a/dlls/advapi32/security.c
++++ b/dlls/advapi32/security.c
+@@ -135,7 +135,7 @@ static const WELLKNOWNSID WellKnownSids[] =
+     { {'M','E'}, WinMediumLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_MEDIUM_RID } } },
+     { {'H','I'}, WinHighLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_HIGH_RID } } },
+     { {'S','I'}, WinSystemLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_SYSTEM_RID } } },
+-    { {0,0}, WinBuiltinAnyPackageSid, { SID_REVISION, 2, { SECURITY_APP_PACKAGE_AUTHORITY }, { SECURITY_APP_PACKAGE_BASE_RID, SECURITY_BUILTIN_PACKAGE_ANY_PACKAGE } } },
++    { {'A','C'}, WinBuiltinAnyPackageSid, { SID_REVISION, 2, { SECURITY_APP_PACKAGE_AUTHORITY }, { SECURITY_APP_PACKAGE_BASE_RID, SECURITY_BUILTIN_PACKAGE_ANY_PACKAGE } } },
+ };
+ 
+ /* these SIDs must be constructed as relative to some domain - only the RID is well-known */
+-- 
+2.9.0
+

patches/advapi32-WinBuiltinAnyPackageSid/0002-advapi32-tests-Add-a-test-that-compares-a-well-known.patch

@@ -0,0 +1,227 @@
+From 13a60cc5ea59cc2f18ac19888fe51628f9f0774a Mon Sep 17 00:00:00 2001
+From: Dmitry Timoshkov <dmitry@baikal.ru>
+Date: Fri, 16 Dec 2016 13:23:15 +0800
+Subject: advapi32/tests: Add a test that compares a well-known SID to a SID
+ created from a SDDL abbreviation.
+
+---
+ dlls/advapi32/tests/security.c | 130 +++++++++++++++++++++++++++++------------
+ 1 file changed, 92 insertions(+), 38 deletions(-)
+
+diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
+index 18f4e04..4e1f53b 100644
+--- a/dlls/advapi32/tests/security.c
++++ b/dlls/advapi32/tests/security.c
+@@ -2,7 +2,7 @@
+  * Unit tests for security functions
+  *
+  * Copyright (c) 2004 Mike McCormack
+- * Copyright (c) 2011 Dmitry Timoshkov
++ * Copyright (c) 2011,2013,2014,2016 Dmitry Timoshkov
+  *
+  * This library is free software; you can redistribute it and/or
+  * modify it under the terms of the GNU Lesser General Public
+@@ -138,14 +138,6 @@ static HMODULE hmod;
+ static int     myARGC;
+ static char**  myARGV;
+ 
+-struct strsid_entry
+-{
+-    const char *str;
+-    DWORD flags;
+-};
+-#define STRSID_OK     0
+-#define STRSID_OPT    1
+-
+ #define SID_SLOTS 4
+ static char debugsid_str[SID_SLOTS][256];
+ static int debugsid_index = 0;
+@@ -175,12 +167,6 @@ static const char* debugstr_sid(PSID sid)
+     return res;
+ }
+ 
+-struct sidRef
+-{
+-    SID_IDENTIFIER_AUTHORITY auth;
+-    const char *refStr;
+-};
+-
+ static void init(void)
+ {
+     HMODULE hntdll;
+@@ -297,7 +283,11 @@ static void test_group_equal(HANDLE Handle, PSID expected, int line)
+ 
+ static void test_sid(void)
+ {
+-    struct sidRef refs[] = {
++    static struct
++    {
++        SID_IDENTIFIER_AUTHORITY auth;
++        const char *refStr;
++    } refs[] = {
+      { { {0x00,0x00,0x33,0x44,0x55,0x66} }, "S-1-860116326-1" },
+      { { {0x00,0x00,0x01,0x02,0x03,0x04} }, "S-1-16909060-1"  },
+      { { {0x00,0x00,0x00,0x01,0x02,0x03} }, "S-1-66051-1"     },
+@@ -305,24 +295,60 @@ static void test_sid(void)
+      { { {0x00,0x00,0x00,0x00,0x00,0x02} }, "S-1-2-1"         },
+      { { {0x00,0x00,0x00,0x00,0x00,0x0c} }, "S-1-12-1"        },
+     };
+-    struct strsid_entry strsid_table[] = {
+-        {"AO", STRSID_OK},  {"RU", STRSID_OK},  {"AN", STRSID_OK},  {"AU", STRSID_OK},
+-        {"BA", STRSID_OK},  {"BG", STRSID_OK},  {"BO", STRSID_OK},  {"BU", STRSID_OK},
+-        {"CA", STRSID_OPT}, {"CG", STRSID_OK},  {"CO", STRSID_OK},  {"DA", STRSID_OPT},
+-        {"DC", STRSID_OPT}, {"DD", STRSID_OPT}, {"DG", STRSID_OPT}, {"DU", STRSID_OPT},
+-        {"EA", STRSID_OPT}, {"ED", STRSID_OK},  {"WD", STRSID_OK},  {"PA", STRSID_OPT},
+-        {"IU", STRSID_OK},  {"LA", STRSID_OK},  {"LG", STRSID_OK},  {"LS", STRSID_OK},
+-        {"SY", STRSID_OK},  {"NU", STRSID_OK},  {"NO", STRSID_OK},  {"NS", STRSID_OK},
+-        {"PO", STRSID_OK},  {"PS", STRSID_OK},  {"PU", STRSID_OK},  {"RS", STRSID_OPT},
+-        {"RD", STRSID_OK},  {"RE", STRSID_OK},  {"RC", STRSID_OK},  {"SA", STRSID_OPT},
+-        {"SO", STRSID_OK},  {"SU", STRSID_OK}};
+-
++    static const struct
++    {
++        const char *str;
++        WELL_KNOWN_SID_TYPE sid_type;
++        BOOL optional;
++    } strsid_table[] = {
++        /* Please keep the list sorted. */
++        { "AC", WinBuiltinAnyPackageSid, TRUE },
++        { "AN", WinAnonymousSid },
++        { "AO", WinBuiltinAccountOperatorsSid },
++        { "AU", WinAuthenticatedUserSid },
++        { "BA", WinBuiltinAdministratorsSid },
++        { "BG", WinBuiltinGuestsSid },
++        { "BO", WinBuiltinBackupOperatorsSid },
++        { "BU", WinBuiltinUsersSid },
++        { "CA", WinAccountCertAdminsSid, TRUE},
++        { "CG", WinCreatorGroupSid },
++        { "CO", WinCreatorOwnerSid },
++        { "DA", WinAccountDomainAdminsSid, TRUE},
++        { "DC", WinAccountComputersSid, TRUE},
++        { "DD", WinAccountControllersSid, TRUE},
++        { "DG", WinAccountDomainGuestsSid, TRUE},
++        { "DU", WinAccountDomainUsersSid, TRUE},
++        { "EA", WinAccountEnterpriseAdminsSid, TRUE},
++        { "ED", WinEnterpriseControllersSid },
++        { "IU", WinInteractiveSid },
++        { "LA", WinAccountAdministratorSid },
++        { "LG", WinAccountGuestSid },
++        { "LS", WinLocalServiceSid },
++        { "NO", WinBuiltinNetworkConfigurationOperatorsSid },
++        { "NS", WinNetworkServiceSid },
++        { "NU", WinNetworkSid },
++        { "PA", WinAccountPolicyAdminsSid, TRUE},
++        { "PO", WinBuiltinPrintOperatorsSid },
++        { "PS", WinSelfSid },
++        { "PU", WinBuiltinPowerUsersSid },
++        { "RC", WinRestrictedCodeSid },
++        { "RD", WinBuiltinRemoteDesktopUsersSid },
++        { "RE", WinBuiltinReplicatorSid },
++        { "RS", WinAccountRasAndIasServersSid, TRUE },
++        { "RU", WinBuiltinPreWindows2000CompatibleAccessSid },
++        { "SA", WinAccountSchemaAdminsSid, TRUE },
++        { "SO", WinBuiltinSystemOperatorsSid },
++        { "SU", WinServiceSid },
++        { "SY", WinLocalSystemSid },
++        { "WD", WinWorldSid },
++    };
++    SID_IDENTIFIER_AUTHORITY domain_ident = { SECURITY_NT_AUTHORITY };
+     const char noSubAuthStr[] = "S-1-5";
+     unsigned int i;
+-    PSID psid = NULL;
++    PSID psid, domain_sid;
+     SID *pisid;
+     BOOL r;
+-    LPSTR str = NULL;
++    LPSTR str;
+ 
+     if( !pConvertSidToStringSidA || !pConvertStringSidToSidA )
+     {
+@@ -402,7 +428,7 @@ static void test_sid(void)
+     }
+ 
+     /* string constant format not supported before XP */
+-    r = pConvertStringSidToSidA(strsid_table[0].str, &psid);
++    r = pConvertStringSidToSidA("AN", &psid);
+     if(!r)
+     {
+         win_skip("String constant format not supported\n");
+@@ -410,25 +436,51 @@ static void test_sid(void)
+     }
+     LocalFree(psid);
+ 
++    AllocateAndInitializeSid(&domain_ident, 4, SECURITY_NT_NON_UNIQUE, 0, 0, 0, 0, 0, 0, 0, &domain_sid);
++
+     for(i = 0; i < sizeof(strsid_table) / sizeof(strsid_table[0]); i++)
+     {
+-        char *temp;
+-
+         SetLastError(0xdeadbeef);
+         r = pConvertStringSidToSidA(strsid_table[i].str, &psid);
+ 
+-        if (!(strsid_table[i].flags & STRSID_OPT))
++        if (!(strsid_table[i].optional))
+         {
+             ok(r, "%s: got %u\n", strsid_table[i].str, GetLastError());
+         }
+ 
+         if (r)
+         {
+-            if ((winetest_debug > 1) && (pConvertSidToStringSidA(psid, &temp)))
++            char buf[SECURITY_MAX_SID_SIZE];
++            char *sid_string, *well_known_sid_string;
++            DWORD n, size;
++
++            /* zero out domain id before comparison to simplify things */
++            if (strsid_table[i].sid_type == WinAccountAdministratorSid ||
++                strsid_table[i].sid_type == WinAccountGuestSid)
+             {
+-                trace(" %s: %s\n", strsid_table[i].str, temp);
+-                LocalFree(temp);
++                for (n = 1; n <= 3; n++)
++                    *GetSidSubAuthority(psid, n) = 0;
+             }
++
++            r = pConvertSidToStringSidA(psid, &sid_string);
++            ok(r, "%s: ConvertSidToStringSid error %u\n", strsid_table[i].str, GetLastError());
++            if (winetest_debug > 1)
++                trace("%s => %s\n", strsid_table[i].str, sid_string);
++
++            size = sizeof(buf);
++            r = pCreateWellKnownSid(strsid_table[i].sid_type, domain_sid, buf, &size);
++            ok(r, "%u: CreateWellKnownSid(%u) error %u\n", i, strsid_table[i].sid_type, GetLastError());
++
++            r = pConvertSidToStringSidA(buf, &well_known_sid_string);
++            ok(r, "%u: ConvertSidToStringSi(%u) error %u\n", i, strsid_table[i].sid_type, GetLastError());
++            if (winetest_debug > 1)
++                trace("%u => %s\n", strsid_table[i].sid_type, well_known_sid_string);
++
++            ok(strcmp(sid_string, well_known_sid_string) == 0,
++               "%u: (%u) expected %s, got %s\n", i, strsid_table[i].sid_type, well_known_sid_string, sid_string);
++
++            LocalFree(well_known_sid_string);
++            LocalFree(sid_string);
+             LocalFree(psid);
+         }
+         else
+@@ -439,6 +491,8 @@ static void test_sid(void)
+                 trace(" %s: couldn't be converted\n", strsid_table[i].str);
+         }
+     }
++
++    LocalFree(domain_sid);
+ }
+ 
+ static void test_trustee(void)
+@@ -2288,7 +2342,7 @@ static void test_LookupAccountSid(void)
+     if (pCreateWellKnownSid && pConvertSidToStringSidA)
+     {
+         trace("Well Known SIDs:\n");
+-        for (i = 0; i <= 60; i++)
++        for (i = 0; i <= 84; i++)
+         {
+             size = SECURITY_MAX_SID_SIZE;
+             if (pCreateWellKnownSid(i, NULL, &max_sid.sid, &size))
+-- 
+2.9.0
+

patches/advapi32-WinBuiltinAnyPackageSid/definition

@@ -0,0 +1 @@
+Fixes: [41934] Assigns the AC abbreviation to WinBuiltinAnyPackageSid

patches/api-ms-win-Stub_DLLs/0001-kernelbase-Add-dll-and-add-stub-for-QuirkIsEnabled.patch

@@ -1,4 +1,4 @@
-From 51fb5229fdb33887fe25440defc8df09d1623abb Mon Sep 17 00:00:00 2001
+From 306414ced0169b9ee4de34706e9235acb1bd93d6 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
 Date: Fri, 15 Jan 2016 13:01:15 +0100
 Subject: kernelbase: Add dll and add stub for QuirkIsEnabled.
@@ -13,7 +13,7 @@ Subject: kernelbase: Add dll and add stub for QuirkIsEnabled.
  create mode 100644 dlls/kernelbase/misc.c
 
 diff --git a/dlls/kernelbase/Makefile.in b/dlls/kernelbase/Makefile.in
-index b9caed0..2beb34b 100644
+index b9caed090b2..2beb34bafdb 100644
 --- a/dlls/kernelbase/Makefile.in
 +++ b/dlls/kernelbase/Makefile.in
 @@ -1 +1,4 @@
@@ -22,7 +22,7 @@ index b9caed0..2beb34b 100644
 +C_SRCS = \
 +	misc.c
 diff --git a/dlls/kernelbase/kernelbase.spec b/dlls/kernelbase/kernelbase.spec
-index f104030..e09112e 100644
+index f104030ab25..74ff728cbc8 100644
 --- a/dlls/kernelbase/kernelbase.spec
 +++ b/dlls/kernelbase/kernelbase.spec
 @@ -1,3 +1,6 @@
@@ -96,7 +96,7 @@ index f104030..e09112e 100644
 -@ stub BaseReleaseProcessDllPath
 -@ stub BaseReleaseProcessExePath
 +@ stub BaseDumpAppcompatCache
-+@ stub BaseFlushAppcompatCache
++@ stdcall BaseFlushAppcompatCache() kernel32.BaseFlushAppcompatCache
 +@ stub BaseFormatObjectAttributes
 +@ stub BaseFreeAppCompatDataForProcess
 +@ stub BaseGetNamedObjectDirectory
@@ -244,7 +244,7 @@ index f104030..e09112e 100644
 +@ stdcall CreateWaitableTimerW(ptr long wstr) kernel32.CreateWaitableTimerW
  @ stdcall CreateWellKnownSid(long ptr ptr ptr) advapi32.CreateWellKnownSid
 +@ stub CtrlRoutine
-+@ stdcall DeactivateActCtx(long ptr) kernel32.DeactivateActCtx
++@ stdcall DeactivateActCtx(long long) kernel32.DeactivateActCtx
 +@ stdcall DebugActiveProcess(long) kernel32.DebugActiveProcess
 +@ stdcall DebugActiveProcessStop(long) kernel32.DebugActiveProcessStop
  @ stdcall DebugBreak() kernel32.DebugBreak
@@ -433,7 +433,7 @@ index f104030..e09112e 100644
  @ stub GetCalendar
  @ stdcall GetCalendarInfoEx(wstr long ptr long ptr long ptr) kernel32.GetCalendarInfoEx
  @ stdcall GetCalendarInfoW(long long long ptr long ptr) kernel32.GetCalendarInfoW
-+@ stdcall GetCommConfig(long ptr long) kernel32.GetCommConfig
++@ stdcall GetCommConfig(long ptr ptr) kernel32.GetCommConfig
 +@ stdcall GetCommMask(long ptr) kernel32.GetCommMask
 +@ stdcall GetCommModemStatus(long ptr) kernel32.GetCommModemStatus
 +@ stdcall GetCommProperties(long ptr) kernel32.GetCommProperties
@@ -1354,7 +1354,7 @@ index f104030..e09112e 100644
 +@ stub SetClientTimeZoneInformation
 +@ stdcall SetCommBreak(long) kernel32.SetCommBreak
 +@ stdcall SetCommConfig(long ptr long) kernel32.SetCommConfig
-+@ stdcall SetCommMask(long ptr) kernel32.SetCommMask
++@ stdcall SetCommMask(long long) kernel32.SetCommMask
 +@ stdcall SetCommState(long ptr) kernel32.SetCommState
 +@ stdcall SetCommTimeouts(long ptr) kernel32.SetCommTimeouts
 +@ stdcall SetComputerNameA(str) kernel32.SetComputerNameA
@@ -1715,7 +1715,7 @@ index f104030..e09112e 100644
 +@ stub wprintf
 diff --git a/dlls/kernelbase/misc.c b/dlls/kernelbase/misc.c
 new file mode 100644
-index 0000000..be1591a
+index 00000000000..be1591aee7e
 --- /dev/null
 +++ b/dlls/kernelbase/misc.c
 @@ -0,0 +1,37 @@
@@ -1757,7 +1757,7 @@ index 0000000..be1591a
 +    return FALSE;
 +}
 diff --git a/dlls/shlwapi/shlwapi.spec b/dlls/shlwapi/shlwapi.spec
-index 6b6ead2..7c2a9d1 100644
+index 6b6ead26968..7c2a9d117e0 100644
 --- a/dlls/shlwapi/shlwapi.spec
 +++ b/dlls/shlwapi/shlwapi.spec
 @@ -417,7 +417,7 @@
@@ -1770,10 +1770,10 @@ index 6b6ead2..7c2a9d1 100644
  422 stdcall -noname SHGlobalCounterCreateNamedA(str long)
  423 stdcall -noname SHGlobalCounterCreateNamedW(wstr long)
 diff --git a/tools/make_specfiles b/tools/make_specfiles
-index 8e11529..eba8548 100755
+index 1e2400e4c7f..a245aefe406 100755
 --- a/tools/make_specfiles
 +++ b/tools/make_specfiles
-@@ -233,6 +233,7 @@ my @dll_groups =
+@@ -249,6 +249,7 @@ my @dll_groups =
   [
    "kernel32",
    "advapi32",
@@ -1782,5 +1782,5 @@ index 8e11529..eba8548 100755
    "kernelbase",
    "api-ms-win-core-bem-l1-1-0",
 -- 
-2.9.0
+2.11.0
 

patches/avifil32-AVIFileGetStream/0001-avifil32-AVIFileGetStream-should-set-stream-to-NULL-.patch

@@ -1,42 +0,0 @@
-From 64ce8c391c3706a2b3ce9b5f8f76710d5751a766 Mon Sep 17 00:00:00 2001
-From: Dmitry Timoshkov <dmitry@baikal.ru>
-Date: Thu, 20 Oct 2016 17:48:24 +0800
-Subject: avifil32: AVIFileGetStream should set stream to NULL in case of an
- error.
-
----
- dlls/avifil32/avifile.c   | 1 +
- dlls/avifil32/tests/api.c | 5 +++++
- 2 files changed, 6 insertions(+)
-
-diff --git a/dlls/avifil32/avifile.c b/dlls/avifil32/avifile.c
-index f649d05..7a4caaa 100644
---- a/dlls/avifil32/avifile.c
-+++ b/dlls/avifil32/avifile.c
-@@ -316,6 +316,7 @@ static HRESULT WINAPI IAVIFile_fnGetStream(IAVIFile *iface, IAVIStream **avis, D
-   }
- 
-   /* Sorry, but the specified stream doesn't exist */
-+  *avis = NULL;
-   return AVIERR_NODATA;
- }
- 
-diff --git a/dlls/avifil32/tests/api.c b/dlls/avifil32/tests/api.c
-index b3d822d..8a00865 100644
---- a/dlls/avifil32/tests/api.c
-+++ b/dlls/avifil32/tests/api.c
-@@ -373,6 +373,11 @@ static void test_default_data(void)
-     res = AVIFileOpenA(&pFile, filename, OF_SHARE_DENY_WRITE, 0L);
-     ok(res == 0, "Unable to open file: error=%u\n", res);
- 
-+    pStream0 = (void *)0xdeadbeef;
-+    res = AVIFileGetStream(pFile, &pStream0, ~0, 0);
-+    ok(res == AVIERR_NODATA, "expected AVIERR_NODATA, got %#x\n", res);
-+    ok(pStream0 == NULL, "AVIFileGetStream should set stream to NULL\n");
-+
-     res = AVIFileGetStream(pFile, &pStream0, 0, 0);
-     ok(res == 0, "Unable to open video stream: error=%u\n", res);
- 
--- 
-2.9.0
-

patches/avifil32-AVIFileGetStream/definition

@@ -1 +0,0 @@
-Fixes: [41579] AVIFileGetStream should set stream to NULL in case of an error

patches/bcrypt-Improvements/0002-bcrypt-Directly-implement-hmac-computation.patch

@@ -0,0 +1,469 @@
+From f527689b793100c79654ac5d6c1376d128ca3175 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
+Date: Mon, 19 Dec 2016 23:58:52 +0100
+Subject: bcrypt: Directly implement hmac computation.
+
+---
+ dlls/bcrypt/bcrypt_main.c | 277 +++++++++++++++++-----------------------------
+ 1 file changed, 104 insertions(+), 173 deletions(-)
+
+diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
+index 937bdf7..af2314a 100644
+--- a/dlls/bcrypt/bcrypt_main.c
++++ b/dlls/bcrypt/bcrypt_main.c
+@@ -60,9 +60,6 @@ MAKE_FUNCPTR(gnutls_global_set_log_level);
+ MAKE_FUNCPTR(gnutls_hash);
+ MAKE_FUNCPTR(gnutls_hash_deinit);
+ MAKE_FUNCPTR(gnutls_hash_init);
+-MAKE_FUNCPTR(gnutls_hmac);
+-MAKE_FUNCPTR(gnutls_hmac_deinit);
+-MAKE_FUNCPTR(gnutls_hmac_init);
+ MAKE_FUNCPTR(gnutls_perror);
+ #undef MAKE_FUNCPTR
+ 
+@@ -99,9 +96,6 @@ static BOOL gnutls_initialize(void)
+     LOAD_FUNCPTR(gnutls_hash);
+     LOAD_FUNCPTR(gnutls_hash_deinit);
+     LOAD_FUNCPTR(gnutls_hash_init);
+-    LOAD_FUNCPTR(gnutls_hmac);
+-    LOAD_FUNCPTR(gnutls_hmac_deinit);
+-    LOAD_FUNCPTR(gnutls_hmac_init);
+     LOAD_FUNCPTR(gnutls_perror)
+ #undef LOAD_FUNCPTR
+ 
+@@ -163,6 +157,8 @@ enum alg_id
+     ALG_ID_SHA512
+ };
+ 
++#define MAX_HASH_OUTPUT_BYTES 64
++
+ static const struct {
+     ULONG hash_length;
+     const WCHAR *alg_name;
+@@ -183,6 +179,19 @@ struct algorithm
+     BOOL hmac;
+ };
+ 
++#define MAX_HASH_BLOCK_BITS 1024
++
++int alg_block_bits[] =
++{
++    /* ALG_ID_AES    */    0,
++    /* ALG_ID_MD5    */  512,
++    /* ALG_ID_RNG    */    0,
++    /* ALG_ID_SHA1   */  512,
++    /* ALG_ID_SHA256 */  512,
++    /* ALG_ID_SHA384 */ 1024,
++    /* ALG_ID_SHA512 */ 1024
++};
++
+ NTSTATUS WINAPI BCryptGenRandom(BCRYPT_ALG_HANDLE handle, UCHAR *buffer, ULONG count, ULONG flags)
+ {
+     const DWORD supported_flags = BCRYPT_USE_SYSTEM_PREFERRED_RNG;
+@@ -289,24 +298,20 @@ NTSTATUS WINAPI BCryptGetFipsAlgorithmMode(BOOLEAN *enabled)
+ }
+ 
+ #ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H
+-struct hash
++struct hash_impl
+ {
+-    struct object hdr;
+-    enum alg_id   alg_id;
+-    BOOL hmac;
+     union
+     {
+         CC_MD5_CTX    md5_ctx;
+         CC_SHA1_CTX   sha1_ctx;
+         CC_SHA256_CTX sha256_ctx;
+         CC_SHA512_CTX sha512_ctx;
+-        CCHmacContext hmac_ctx;
+     } u;
+ };
+ 
+-static NTSTATUS hash_init( struct hash *hash )
++static NTSTATUS hash_init( struct hash_impl *hash, enum alg_id alg_id )
+ {
+-    switch (hash->alg_id)
++    switch (alg_id)
+     {
+     case ALG_ID_MD5:
+         CC_MD5_Init( &hash->u.md5_ctx );
+@@ -329,50 +334,16 @@ static NTSTATUS hash_init( struct hash *hash )
+         break;
+ 
+     default:
+-        ERR( "unhandled id %u\n", hash->alg_id );
++        ERR( "unhandled id %u\n", alg_id );
+         return STATUS_NOT_IMPLEMENTED;
+     }
+     return STATUS_SUCCESS;
+ }
+ 
+-static NTSTATUS hmac_init( struct hash *hash, UCHAR *key, ULONG key_size )
++static NTSTATUS hash_update( struct hash_impl *hash, enum alg_id alg_id,
++                             UCHAR *input, ULONG size )
+ {
+-    CCHmacAlgorithm cc_algorithm;
+-    switch (hash->alg_id)
+-    {
+-    case ALG_ID_MD5:
+-        cc_algorithm = kCCHmacAlgMD5;
+-        break;
+-
+-    case ALG_ID_SHA1:
+-        cc_algorithm = kCCHmacAlgSHA1;
+-        break;
+-
+-    case ALG_ID_SHA256:
+-        cc_algorithm = kCCHmacAlgSHA256;
+-        break;
+-
+-    case ALG_ID_SHA384:
+-        cc_algorithm = kCCHmacAlgSHA384;
+-        break;
+-
+-    case ALG_ID_SHA512:
+-        cc_algorithm = kCCHmacAlgSHA512;
+-        break;
+-
+-    default:
+-        ERR( "unhandled id %u\n", hash->alg_id );
+-        return STATUS_NOT_IMPLEMENTED;
+-    }
+-
+-    CCHmacInit( &hash->u.hmac_ctx, cc_algorithm, key, key_size );
+-    return STATUS_SUCCESS;
+-}
+-
+-
+-static NTSTATUS hash_update( struct hash *hash, UCHAR *input, ULONG size )
+-{
+-    switch (hash->alg_id)
++    switch (alg_id)
+     {
+     case ALG_ID_MD5:
+         CC_MD5_Update( &hash->u.md5_ctx, input, size );
+@@ -395,21 +366,16 @@ static NTSTATUS hash_update( struct hash *hash, UCHAR *input, ULONG size )
+         break;
+ 
+     default:
+-        ERR( "unhandled id %u\n", hash->alg_id );
++        ERR( "unhandled id %u\n", alg_id );
+         return STATUS_NOT_IMPLEMENTED;
+     }
+     return STATUS_SUCCESS;
+ }
+ 
+-static NTSTATUS hmac_update( struct hash *hash, UCHAR *input, ULONG size )
+-{
+-    CCHmacUpdate( &hash->u.hmac_ctx, input, size );
+-    return STATUS_SUCCESS;
+-}
+-
+-static NTSTATUS hash_finish( struct hash *hash, UCHAR *output, ULONG size )
++static NTSTATUS hash_finish( struct hash_impl *hash, enum alg_id alg_id,
++                             UCHAR *output, ULONG size )
+ {
+-    switch (hash->alg_id)
++    switch (alg_id)
+     {
+     case ALG_ID_MD5:
+         CC_MD5_Final( output, &hash->u.md5_ctx );
+@@ -432,37 +398,25 @@ static NTSTATUS hash_finish( struct hash *hash, UCHAR *output, ULONG size )
+         break;
+ 
+     default:
+-        ERR( "unhandled id %u\n", hash->alg_id );
++        ERR( "unhandled id %u\n", alg_id );
+         break;
+     }
+     return STATUS_SUCCESS;
+ }
+ 
+-static NTSTATUS hmac_finish( struct hash *hash, UCHAR *output, ULONG size )
+-{
+-    CCHmacFinal( &hash->u.hmac_ctx, output );
+-    return STATUS_SUCCESS;
+-}
+ #elif defined(HAVE_GNUTLS_HASH)
+-struct hash
++struct hash_impl
+ {
+-    struct object    hdr;
+-    enum alg_id      alg_id;
+-    BOOL hmac;
+-    union
+-    {
+-        gnutls_hash_hd_t hash_handle;
+-        gnutls_hmac_hd_t hmac_handle;
+-    } u;
++    gnutls_hash_hd_t hash_handle;
+ };
+ 
+-static NTSTATUS hash_init( struct hash *hash )
++static NTSTATUS hash_init( struct hash_impl *hash, enum alg_id alg_id )
+ {
+     gnutls_digest_algorithm_t alg;
+ 
+     if (!libgnutls_handle) return STATUS_INTERNAL_ERROR;
+ 
+-    switch (hash->alg_id)
++    switch (alg_id)
+     {
+     case ALG_ID_MD5:
+         alg = GNUTLS_DIG_MD5;
+@@ -484,117 +438,63 @@ static NTSTATUS hash_init( struct hash *hash )
+         break;
+ 
+     default:
+-        ERR( "unhandled id %u\n", hash->alg_id );
+-        return STATUS_NOT_IMPLEMENTED;
+-    }
+-
+-    if (pgnutls_hash_init( &hash->u.hash_handle, alg )) return STATUS_INTERNAL_ERROR;
+-    return STATUS_SUCCESS;
+-}
+-
+-static NTSTATUS hmac_init( struct hash *hash, UCHAR *key, ULONG key_size )
+-{
+-    gnutls_mac_algorithm_t alg;
+-
+-    if (!libgnutls_handle) return STATUS_INTERNAL_ERROR;
+-
+-    switch (hash->alg_id)
+-    {
+-    case ALG_ID_MD5:
+-        alg = GNUTLS_MAC_MD5;
+-        break;
+-    case ALG_ID_SHA1:
+-        alg = GNUTLS_MAC_SHA1;
+-        break;
+-
+-    case ALG_ID_SHA256:
+-        alg = GNUTLS_MAC_SHA256;
+-        break;
+-
+-    case ALG_ID_SHA384:
+-        alg = GNUTLS_MAC_SHA384;
+-        break;
+-
+-    case ALG_ID_SHA512:
+-        alg = GNUTLS_MAC_SHA512;
+-        break;
+-
+-    default:
+-        ERR( "unhandled id %u\n", hash->alg_id );
++        ERR( "unhandled id %u\n", alg_id );
+         return STATUS_NOT_IMPLEMENTED;
+     }
+ 
+-    if (pgnutls_hmac_init( &hash->u.hmac_handle, alg, key, key_size )) return STATUS_INTERNAL_ERROR;
+-    return STATUS_SUCCESS;
+-}
+-
+-static NTSTATUS hash_update( struct hash *hash, UCHAR *input, ULONG size )
+-{
+-    if (pgnutls_hash( hash->u.hash_handle, input, size )) return STATUS_INTERNAL_ERROR;
++    if (pgnutls_hash_init( &hash->hash_handle, alg )) return STATUS_INTERNAL_ERROR;
+     return STATUS_SUCCESS;
+ }
+ 
+-static NTSTATUS hmac_update( struct hash *hash, UCHAR *input, ULONG size )
++static NTSTATUS hash_update( struct hash_impl *hash, enum alg_id alg_id,
++                             UCHAR *input, ULONG size )
+ {
+-    if (pgnutls_hmac( hash->u.hmac_handle, input, size )) return STATUS_INTERNAL_ERROR;
++    if (pgnutls_hash( hash->hash_handle, input, size )) return STATUS_INTERNAL_ERROR;
+     return STATUS_SUCCESS;
+ }
+ 
+-static NTSTATUS hash_finish( struct hash *hash, UCHAR *output, ULONG size )
++static NTSTATUS hash_finish( struct hash_impl *hash, enum alg_id alg_id,
++                             UCHAR *output, ULONG size )
+ {
+-    pgnutls_hash_deinit( hash->u.hash_handle, output );
++    pgnutls_hash_deinit( hash->hash_handle, output );
+     return STATUS_SUCCESS;
+ }
+ 
+-static NTSTATUS hmac_finish( struct hash *hash, UCHAR *output, ULONG size )
+-{
+-    pgnutls_hmac_deinit( hash->u.hmac_handle, output );
+-    return STATUS_SUCCESS;
+-}
+ #else
+-struct hash
++struct hash_impl
+ {
+-    struct object hdr;
+-    BOOL hmac;
+-    enum alg_id   alg_id;
+-};
+ 
+-static NTSTATUS hash_init( struct hash *hash )
+-{
+-    ERR( "support for hashes not available at build time\n" );
+-    return STATUS_NOT_IMPLEMENTED;
+-}
+-
+-static NTSTATUS hmac_init( struct hash *hash, UCHAR *key, ULONG key_size )
+-{
+-    ERR( "support for hashes not available at build time\n" );
+-    return STATUS_NOT_IMPLEMENTED;
+-}
++};
+ 
+-static NTSTATUS hash_update( struct hash *hash, UCHAR *input, ULONG size )
++static NTSTATUS hash_init( struct hash_impl *hash, enum alg_id alg_id )
+ {
+     ERR( "support for hashes not available at build time\n" );
+     return STATUS_NOT_IMPLEMENTED;
+ }
+ 
+-static NTSTATUS hmac_update( struct hash *hash, UCHAR *input, ULONG size )
++static NTSTATUS hash_update( struct hash_impl *hash, enum alg_id alg_id,
++                             UCHAR *input, ULONG size )
+ {
+     ERR( "support for hashes not available at build time\n" );
+     return STATUS_NOT_IMPLEMENTED;
+ }
+ 
+-static NTSTATUS hash_finish( struct hash *hash, UCHAR *output, ULONG size )
++static NTSTATUS hash_finish( struct hash_impl *hash, enum alg_id alg_id,
++                             UCHAR *output, ULONG size )
+ {
+     ERR( "support for hashes not available at build time\n" );
+     return STATUS_NOT_IMPLEMENTED;
+ }
++#endif
+ 
+-static NTSTATUS hmac_finish( struct hash *hash, UCHAR *output, ULONG size )
++struct hash
+ {
+-    ERR( "support for hashes not available at build time\n" );
+-    return STATUS_NOT_IMPLEMENTED;
+-}
+-#endif
++    struct object    hdr;
++    enum alg_id      alg_id;
++    BOOL hmac;
++    struct hash_impl outer;
++    struct hash_impl inner;
++};
+ 
+ #ifdef _WIN64
+ #define OBJECT_LENGTH_AES       654
+@@ -787,8 +687,11 @@ NTSTATUS WINAPI BCryptCreateHash( BCRYPT_ALG_HANDLE algorithm, BCRYPT_HASH_HANDL
+                                   UCHAR *secret, ULONG secretlen, ULONG flags )
+ {
+     struct algorithm *alg = algorithm;
++    UCHAR buffer[MAX_HASH_BLOCK_BITS / 8];
+     struct hash *hash;
++    int block_bytes;
+     NTSTATUS status;
++    int i;
+ 
+     TRACE( "%p, %p, %p, %u, %p, %u, %08x - stub\n", algorithm, handle, object, objectlen,
+            secret, secretlen, flags );
+@@ -806,17 +709,45 @@ NTSTATUS WINAPI BCryptCreateHash( BCRYPT_ALG_HANDLE algorithm, BCRYPT_HASH_HANDL
+     hash->alg_id    = alg->id;
+     hash->hmac      = alg->hmac;
+ 
+-    if (hash->hmac)
++    status = hash_init( &hash->inner, hash->alg_id );
++    if (status || !hash->hmac) goto end;
++    status = hash_init( &hash->outer, hash->alg_id );
++    if (status) goto end;
++
++    /* reduce key size if too big */
++    block_bytes = alg_block_bits[hash->alg_id] / 8;
++    if (secretlen > block_bytes)
+     {
+-        status = hmac_init( hash, secret, secretlen );
++        struct hash_impl temp;
++        status = hash_init( &temp, hash->alg_id );
++        if (status) goto end;
++        status = hash_update( &temp, hash->alg_id, secret, secretlen );
++        if (status) goto end;
++        memset( buffer, 0, block_bytes );
++        status = hash_finish( &temp, hash->alg_id, buffer, alg_props[hash->alg_id].hash_length );
++        if (status) goto end;
+     }
+     else
+     {
+-        status = hash_init( hash );
++        memset( buffer, 0, block_bytes );
++        memcpy( buffer, secret, secretlen );
+     }
+ 
++    /* initialize outer hash */
++    for (i = 0; i < block_bytes; i++)
++        buffer[i] ^= 0x5c;
++    status = hash_update( &hash->outer, hash->alg_id, buffer, block_bytes );
++    if (status) goto end;
++
++    /* initialize inner hash */
++    for (i = 0; i < block_bytes; i++)
++        buffer[i] ^= (0x5c ^ 0x36);
++    status = hash_update( &hash->inner, hash->alg_id, buffer, block_bytes );
++
++end:
+     if (status != STATUS_SUCCESS)
+     {
++        /* FIXME: call hash_finish to release resources */
+         HeapFree( GetProcessHeap(), 0, hash );
+         return status;
+     }
+@@ -845,33 +776,33 @@ NTSTATUS WINAPI BCryptHashData( BCRYPT_HASH_HANDLE handle, UCHAR *input, ULONG s
+     if (!hash || hash->hdr.magic != MAGIC_HASH) return STATUS_INVALID_HANDLE;
+     if (!input) return STATUS_SUCCESS;
+ 
+-    if (hash->hmac)
+-    {
+-        return hmac_update( hash, input, size );
+-    }
+-    else
+-    {
+-        return hash_update( hash, input, size );
+-    }
++    return hash_update( &hash->inner, hash->alg_id, input, size );
+ }
+ 
+ NTSTATUS WINAPI BCryptFinishHash( BCRYPT_HASH_HANDLE handle, UCHAR *output, ULONG size, ULONG flags )
+ {
++    UCHAR buffer[MAX_HASH_OUTPUT_BYTES];
+     struct hash *hash = handle;
++    NTSTATUS status;
++    int hash_size;
+ 
+     TRACE( "%p, %p, %u, %08x\n", handle, output, size, flags );
+ 
+     if (!hash || hash->hdr.magic != MAGIC_HASH) return STATUS_INVALID_HANDLE;
+     if (!output) return STATUS_INVALID_PARAMETER;
+ 
+-    if (hash->hmac)
+-    {
+-        return hmac_finish( hash, output, size );
+-    }
+-    else
+-    {
+-        return hash_finish( hash, output, size );
+-    }
++    if (!hash->hmac)
++        return hash_finish( &hash->inner, hash->alg_id, output, size );
++
++    hash_size = alg_props[hash->alg_id].hash_length;
++
++    status = hash_finish( &hash->inner, hash->alg_id, buffer, hash_size);
++    if (status) return status;
++
++    status = hash_update( &hash->outer, hash->alg_id, buffer, hash_size);
++    if (status) return status;
++
++    return hash_finish( &hash->outer, hash->alg_id, output, size);
+ }
+ 
+ NTSTATUS WINAPI BCryptHash( BCRYPT_ALG_HANDLE algorithm, UCHAR *secret, ULONG secretlen,
+-- 
+2.9.0
+

patches/bcrypt-Improvements/0004-bcrypt-Use-hash-fallback-implementation-as-default-a.patch

@@ -0,0 +1,216 @@
+From ae04ece5f64a29a67e187d5aa32c6b8d3e399d61 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
+Date: Tue, 20 Dec 2016 02:39:26 +0100
+Subject: bcrypt: Use hash fallback implementation as default and remove gnutls
+ / commoncrypto hash implemetation.
+
+---
+ dlls/bcrypt/bcrypt_main.c | 171 ----------------------------------------------
+ 1 file changed, 171 deletions(-)
+
+diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
+index 9441cf0..3e2b22d 100644
+--- a/dlls/bcrypt/bcrypt_main.c
++++ b/dlls/bcrypt/bcrypt_main.c
+@@ -59,9 +59,6 @@ MAKE_FUNCPTR(gnutls_global_deinit);
+ MAKE_FUNCPTR(gnutls_global_init);
+ MAKE_FUNCPTR(gnutls_global_set_log_function);
+ MAKE_FUNCPTR(gnutls_global_set_log_level);
+-MAKE_FUNCPTR(gnutls_hash);
+-MAKE_FUNCPTR(gnutls_hash_deinit);
+-MAKE_FUNCPTR(gnutls_hash_init);
+ MAKE_FUNCPTR(gnutls_perror);
+ #undef MAKE_FUNCPTR
+ 
+@@ -95,9 +92,6 @@ static BOOL gnutls_initialize(void)
+     LOAD_FUNCPTR(gnutls_global_init)
+     LOAD_FUNCPTR(gnutls_global_set_log_function)
+     LOAD_FUNCPTR(gnutls_global_set_log_level)
+-    LOAD_FUNCPTR(gnutls_hash);
+-    LOAD_FUNCPTR(gnutls_hash_deinit);
+-    LOAD_FUNCPTR(gnutls_hash_init);
+     LOAD_FUNCPTR(gnutls_perror)
+ #undef LOAD_FUNCPTR
+ 
+@@ -299,170 +293,6 @@ NTSTATUS WINAPI BCryptGetFipsAlgorithmMode(BOOLEAN *enabled)
+     return STATUS_SUCCESS;
+ }
+ 
+-#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H
+-struct hash_impl
+-{
+-    union
+-    {
+-        CC_MD5_CTX    md5_ctx;
+-        CC_SHA1_CTX   sha1_ctx;
+-        CC_SHA256_CTX sha256_ctx;
+-        CC_SHA512_CTX sha512_ctx;
+-    } u;
+-};
+-
+-static NTSTATUS hash_init( struct hash_impl *hash, enum alg_id alg_id )
+-{
+-    switch (alg_id)
+-    {
+-    case ALG_ID_MD5:
+-        CC_MD5_Init( &hash->u.md5_ctx );
+-        break;
+-
+-    case ALG_ID_SHA1:
+-        CC_SHA1_Init( &hash->u.sha1_ctx );
+-        break;
+-
+-    case ALG_ID_SHA256:
+-        CC_SHA256_Init( &hash->u.sha256_ctx );
+-        break;
+-
+-    case ALG_ID_SHA384:
+-        CC_SHA384_Init( &hash->u.sha512_ctx );
+-        break;
+-
+-    case ALG_ID_SHA512:
+-        CC_SHA512_Init( &hash->u.sha512_ctx );
+-        break;
+-
+-    default:
+-        ERR( "unhandled id %u\n", alg_id );
+-        return STATUS_NOT_IMPLEMENTED;
+-    }
+-    return STATUS_SUCCESS;
+-}
+-
+-static NTSTATUS hash_update( struct hash_impl *hash, enum alg_id alg_id,
+-                             UCHAR *input, ULONG size )
+-{
+-    switch (alg_id)
+-    {
+-    case ALG_ID_MD5:
+-        CC_MD5_Update( &hash->u.md5_ctx, input, size );
+-        break;
+-
+-    case ALG_ID_SHA1:
+-        CC_SHA1_Update( &hash->u.sha1_ctx, input, size );
+-        break;
+-
+-    case ALG_ID_SHA256:
+-        CC_SHA256_Update( &hash->u.sha256_ctx, input, size );
+-        break;
+-
+-    case ALG_ID_SHA384:
+-        CC_SHA384_Update( &hash->u.sha512_ctx, input, size );
+-        break;
+-
+-    case ALG_ID_SHA512:
+-        CC_SHA512_Update( &hash->u.sha512_ctx, input, size );
+-        break;
+-
+-    default:
+-        ERR( "unhandled id %u\n", alg_id );
+-        return STATUS_NOT_IMPLEMENTED;
+-    }
+-    return STATUS_SUCCESS;
+-}
+-
+-static NTSTATUS hash_finish( struct hash_impl *hash, enum alg_id alg_id,
+-                             UCHAR *output, ULONG size )
+-{
+-    switch (alg_id)
+-    {
+-    case ALG_ID_MD5:
+-        CC_MD5_Final( output, &hash->u.md5_ctx );
+-        break;
+-
+-    case ALG_ID_SHA1:
+-        CC_SHA1_Final( output, &hash->u.sha1_ctx );
+-        break;
+-
+-    case ALG_ID_SHA256:
+-        CC_SHA256_Final( output, &hash->u.sha256_ctx );
+-        break;
+-
+-    case ALG_ID_SHA384:
+-        CC_SHA384_Final( output, &hash->u.sha512_ctx );
+-        break;
+-
+-    case ALG_ID_SHA512:
+-        CC_SHA512_Final( output, &hash->u.sha512_ctx );
+-        break;
+-
+-    default:
+-        ERR( "unhandled id %u\n", alg_id );
+-        break;
+-    }
+-    return STATUS_SUCCESS;
+-}
+-
+-#elif defined(HAVE_GNUTLS_HASH)
+-struct hash_impl
+-{
+-    gnutls_hash_hd_t hash_handle;
+-};
+-
+-static NTSTATUS hash_init( struct hash_impl *hash, enum alg_id alg_id )
+-{
+-    gnutls_digest_algorithm_t alg;
+-
+-    if (!libgnutls_handle) return STATUS_INTERNAL_ERROR;
+-
+-    switch (alg_id)
+-    {
+-    case ALG_ID_MD5:
+-        alg = GNUTLS_DIG_MD5;
+-        break;
+-    case ALG_ID_SHA1:
+-        alg = GNUTLS_DIG_SHA1;
+-        break;
+-
+-    case ALG_ID_SHA256:
+-        alg = GNUTLS_DIG_SHA256;
+-        break;
+-
+-    case ALG_ID_SHA384:
+-        alg = GNUTLS_DIG_SHA384;
+-        break;
+-
+-    case ALG_ID_SHA512:
+-        alg = GNUTLS_DIG_SHA512;
+-        break;
+-
+-    default:
+-        ERR( "unhandled id %u\n", alg_id );
+-        return STATUS_NOT_IMPLEMENTED;
+-    }
+-
+-    if (pgnutls_hash_init( &hash->hash_handle, alg )) return STATUS_INTERNAL_ERROR;
+-    return STATUS_SUCCESS;
+-}
+-
+-static NTSTATUS hash_update( struct hash_impl *hash, enum alg_id alg_id,
+-                             UCHAR *input, ULONG size )
+-{
+-    if (pgnutls_hash( hash->hash_handle, input, size )) return STATUS_INTERNAL_ERROR;
+-    return STATUS_SUCCESS;
+-}
+-
+-static NTSTATUS hash_finish( struct hash_impl *hash, enum alg_id alg_id,
+-                             UCHAR *output, ULONG size )
+-{
+-    pgnutls_hash_deinit( hash->hash_handle, output );
+-    return STATUS_SUCCESS;
+-}
+-
+-#else
+ struct hash_impl
+ {
+     union
+@@ -572,7 +402,6 @@ static NTSTATUS hash_finish( struct hash_impl *hash, enum alg_id alg_id,
+ 
+     return STATUS_SUCCESS;
+ }
+-#endif
+ 
+ struct hash
+ {
+-- 
+2.9.0
+

patches/bcrypt-Improvements/0005-bcrypt-Implement-BCryptDuplicateHash.patch

@@ -0,0 +1,70 @@
+From 3dc21336baced97a110773ac9e72db210a56af82 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
+Date: Tue, 20 Dec 2016 03:59:19 +0100
+Subject: bcrypt: Implement BCryptDuplicateHash.
+
+FIXME: Should we check for NULL pointers?
+---
+ dlls/bcrypt/bcrypt.spec   |  2 +-
+ dlls/bcrypt/bcrypt_main.c | 18 ++++++++++++++++++
+ dlls/ncrypt/ncrypt.spec   |  2 +-
+ 3 files changed, 20 insertions(+), 2 deletions(-)
+
+diff --git a/dlls/bcrypt/bcrypt.spec b/dlls/bcrypt/bcrypt.spec
+index 962953e509b..9ecd21d767c 100644
+--- a/dlls/bcrypt/bcrypt.spec
++++ b/dlls/bcrypt/bcrypt.spec
+@@ -11,7 +11,7 @@
+ @ stdcall BCryptDestroyHash(ptr)
+ @ stdcall BCryptDestroyKey(ptr)
+ @ stub BCryptDestroySecret
+-@ stub BCryptDuplicateHash
++@ stdcall BCryptDuplicateHash(ptr ptr ptr long long)
+ @ stub BCryptDuplicateKey
+ @ stdcall BCryptEncrypt(ptr ptr long ptr ptr long ptr long ptr long)
+ @ stdcall BCryptEnumAlgorithms(long ptr ptr long)
+diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
+index 4f09948096c..3eb0135b37c 100644
+--- a/dlls/bcrypt/bcrypt_main.c
++++ b/dlls/bcrypt/bcrypt_main.c
+@@ -672,6 +672,24 @@ end:
+     return STATUS_SUCCESS;
+ }
+ 
++NTSTATUS WINAPI BCryptDuplicateHash( BCRYPT_HASH_HANDLE handle, BCRYPT_HASH_HANDLE *handle_copy,
++                                     UCHAR *object, ULONG object_count, ULONG flags )
++{
++    struct hash *hash_orig = handle;
++    struct hash *hash_copy;
++
++    TRACE( "%p, %p, %p, %u, %u\n", handle, handle_copy, object, object_count, flags );
++
++    if (!hash_orig || hash_orig->hdr.magic != MAGIC_HASH) return STATUS_INVALID_HANDLE;
++    if (!(hash_copy = HeapAlloc( GetProcessHeap(), 0, sizeof(*hash_copy) )))
++        return STATUS_NO_MEMORY;
++
++    memcpy( hash_copy, hash_orig, sizeof(*hash_orig) );
++
++    *handle_copy = hash_copy;
++    return STATUS_SUCCESS;
++}
++
+ NTSTATUS WINAPI BCryptDestroyHash( BCRYPT_HASH_HANDLE handle )
+ {
+     struct hash *hash = handle;
+diff --git a/dlls/ncrypt/ncrypt.spec b/dlls/ncrypt/ncrypt.spec
+index 60b7eb37075..1a78853bf49 100644
+--- a/dlls/ncrypt/ncrypt.spec
++++ b/dlls/ncrypt/ncrypt.spec
+@@ -13,7 +13,7 @@
+ @ stdcall BCryptDestroyHash(ptr) bcrypt.BCryptDestroyHash
+ @ stdcall BCryptDestroyKey(ptr) bcrypt.BCryptDestroyKey
+ @ stub BCryptDestroySecret
+-@ stub BCryptDuplicateHash
++@ stdcall BCryptDuplicateHash(ptr ptr ptr long long) bcrypt.BCryptDuplicateHash
+ @ stub BCryptDuplicateKey
+ @ stdcall BCryptEncrypt(ptr ptr long ptr ptr long ptr long ptr long) bcrypt.BCryptEncrypt
+ @ stdcall BCryptEnumAlgorithms(long ptr ptr long) bcrypt.BCryptEnumAlgorithms
+-- 
+2.11.0
+