Release v3.7

Rebase against 9fecb7499531ddbcde7970b4d98df92dbc1bc010
Rebase against d6654dbf2b38d02f3c6e0ede706a0388cd7cd4a6
2025-04-13 14:42:51 -07:00 · 2018-04-29 08:16:14 +10:00 · 2018-04-27 16:30:13 -05:00 · 2018-04-27 09:26:33 +10:00 · 2018-04-27 09:26:22 +10:00 · 2018-04-27 09:26:22 +10:00
559 changed files with 4507 additions and 44483 deletions
--- a/LICENSE.md
+++ b/LICENSE.md
@@ -8,6 +8,7 @@ are part of **Wine Staging** and are licensed under the terms of the

 ```
 Copyright (C) 2014-2017 the Wine Staging project authors.
+Copyright (C) 2018 Alistair Leslie-Hughes

 Wine Staging is free software; you can redistribute it and/or
 modify it under the terms of the GNU Lesser General Public
--- a/patches/Compiler_Warnings/0020-amstream-Avoid-implicit-cast-of-interface-pointer.patch
+++ b/patches/Compiler_Warnings/0020-amstream-Avoid-implicit-cast-of-interface-pointer.patch
@@ -1,4 +1,4 @@
-From 83d96cdd81553544c79527c2aed329e96938af64 Mon Sep 17 00:00:00 2001
+From bd48f0d6b1476a77520f0bf5f82ac08e9dbf9acd Mon Sep 17 00:00:00 2001
 From: Sebastian Lackner <sebastian@fds-team.de>
 Date: Tue, 22 Mar 2016 21:54:01 +0100
 Subject: amstream: Avoid implicit cast of interface pointer.
@@ -8,10 +8,10 @@ Subject: amstream: Avoid implicit cast of interface pointer.
 1 file changed, 1 insertion(+), 1 deletion(-)

 diff --git a/dlls/amstream/mediastreamfilter.c b/dlls/amstream/mediastreamfilter.c
-index d0c6714..3f0397a 100644
+index 5abcb2f..a7ff6e8 100644
 --- a/dlls/amstream/mediastreamfilter.c
 +++ b/dlls/amstream/mediastreamfilter.c
-@@ -70,7 +70,7 @@ typedef struct {
+@@ -42,7 +42,7 @@ typedef struct {
 
 static inline IMediaStreamFilterImpl *impl_from_IMediaStreamFilter(IMediaStreamFilter *iface)
 {
@@ -19,7 +19,7 @@ index d0c6714..3f0397a 100644
 +    return CONTAINING_RECORD((IBaseFilter *)iface, IMediaStreamFilterImpl, filter.IBaseFilter_iface);
 }
 
- static HRESULT WINAPI BasePinImpl_CheckMediaType(BasePin *This, const AM_MEDIA_TYPE *pmt)
+ /*** IUnknown methods ***/
 -- 
-2.7.1
+2.7.4

--- a/patches/Compiler_Warnings/0024-d3d9-Avoid-implicit-cast-of-interface-pointer.patch
+++ b/patches/Compiler_Warnings/0024-d3d9-Avoid-implicit-cast-of-interface-pointer.patch
@@ -1,14 +1,14 @@
-From cd3c63b259a711abf4e6e06f975e47f82b5b3e1b Mon Sep 17 00:00:00 2001
+From 3dd0480317fe0ed3951daf1cf5757204d11a1ae5 Mon Sep 17 00:00:00 2001
 From: Sebastian Lackner <sebastian@fds-team.de>
 Date: Tue, 22 Mar 2016 21:55:12 +0100
-Subject: d3d9: Avoid implicit cast of interface pointer.
+Subject: [PATCH] d3d9: Avoid implicit cast of interface pointer.

 ---
 dlls/d3d9/texture.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

 diff --git a/dlls/d3d9/texture.c b/dlls/d3d9/texture.c
-index 07bd83e..4e50093 100644
+index d3662f8..ebc3413 100644
 --- a/dlls/d3d9/texture.c
 +++ b/dlls/d3d9/texture.c
@@ -25,17 +25,17 @@ WINE_DEFAULT_DEBUG_CHANNEL(d3d9);
@@ -31,7 +31,7 @@ index 07bd83e..4e50093 100644
 +    return CONTAINING_RECORD((IDirect3DBaseTexture9 *)iface, struct d3d9_texture, IDirect3DBaseTexture9_iface);
 }
 
- static HRESULT WINAPI d3d9_texture_2d_QueryInterface(IDirect3DTexture9 *iface, REFIID riid, void **out)
+ static void STDMETHODCALLTYPE srv_wined3d_object_destroyed(void *parent)
 -- 
-2.7.1
+1.9.1

--- a/patches/Pipelight/0003-wined3d-allow-changing-strict-drawing-through-an-exp.patch
+++ b/patches/Pipelight/0003-wined3d-allow-changing-strict-drawing-through-an-exp.patch
@@ -1,42 +0,0 @@
-From b0a0388503a1576fb9b1b91ca764251b30f7dd3e Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
-Date: Sun, 20 Jul 2014 22:22:14 +0200
-Subject: wined3d: allow changing strict drawing through an exported function
-
---
- dlls/wined3d/wined3d.spec   | 2 ++
- dlls/wined3d/wined3d_main.c | 5 +++++
- 2 files changed, 7 insertions(+)
-
-diff --git a/dlls/wined3d/wined3d.spec b/dlls/wined3d/wined3d.spec
-index bbd2fb5..2fd0c0e 100644
--- a/dlls/wined3d/wined3d.spec
-+++ b/dlls/wined3d/wined3d.spec
-@@ -220,6 +220,8 @@
- @ cdecl wined3d_stateblock_decref(ptr)
- @ cdecl wined3d_stateblock_incref(ptr)
- 
-+@ cdecl wined3d_strictdrawing_set(long)
-+
- @ cdecl wined3d_swapchain_create(ptr ptr ptr ptr ptr)
- @ cdecl wined3d_swapchain_decref(ptr)
- @ cdecl wined3d_swapchain_get_back_buffer(ptr long)
-diff --git a/dlls/wined3d/wined3d_main.c b/dlls/wined3d/wined3d_main.c
-index 0543d97..6a62697 100644
--- a/dlls/wined3d/wined3d_main.c
-+++ b/dlls/wined3d/wined3d_main.c
-@@ -515,6 +515,11 @@ void wined3d_unregister_window(HWND window)
-     wined3d_wndproc_mutex_unlock();
- }
- 
-+void CDECL wined3d_strictdrawing_set(int value)
-+{
-+    wined3d_settings.strict_draw_ordering = value;
-+}
-+
- /* At process attach */
- BOOL WINAPI DllMain(HINSTANCE inst, DWORD reason, void *reserved)
- {
-- 
-2.7.1
-
--- a/patches/Pipelight/0004-winex11.drv-Indicate-direct-rendering-through-OpenGL.patch
+++ b/patches/Pipelight/0004-winex11.drv-Indicate-direct-rendering-through-OpenGL.patch
@@ -11,7 +11,7 @@ diff --git a/dlls/winex11.drv/opengl.c b/dlls/winex11.drv/opengl.c
 index 71af3db..966d32d 100644
 --- a/dlls/winex11.drv/opengl.c
 +++ b/dlls/winex11.drv/opengl.c
-@@ -440,6 +440,7 @@ static int GLXErrorHandler(Display *dpy, XErrorEvent *event, void *arg)
+@@ -440,6 +440,7 @@ static int GLXErrorHandler(Display *dpy,
 static BOOL X11DRV_WineGL_InitOpenglInfo(void)
 {
     static const char legacy_extensions[] = " WGL_EXT_extensions_string WGL_EXT_swap_control";
@@ -19,30 +19,26 @@ index 71af3db..966d32d 100644
 
     int screen = DefaultScreen(gdi_display);
     Window win = 0, root = 0;
-@@ -491,10 +492,13 @@ static BOOL X11DRV_WineGL_InitOpenglInfo(void)
+@@ -493,16 +494,18 @@ static BOOL X11DRV_WineGL_InitOpenglInfo
     }
     gl_renderer = (const char *)opengl_funcs.gl.p_glGetString(GL_RENDERER);
-     WineGLInfo.glVersion = (const char *) opengl_funcs.gl.p_glGetString(GL_VERSION);
-+    WineGLInfo.glxDirect = pglXIsDirect(gdi_display, ctx);
+     gl_version  = (const char *)opengl_funcs.gl.p_glGetString(GL_VERSION);
+    glx_direct = pglXIsDirect(gdi_display, ctx);
     str = (const char *) opengl_funcs.gl.p_glGetString(GL_EXTENSIONS);
-    WineGLInfo.glExtensions = HeapAlloc(GetProcessHeap(), 0, strlen(str)+sizeof(legacy_extensions));
-+    WineGLInfo.glExtensions = HeapAlloc(GetProcessHeap(), 0, strlen(str)+sizeof(legacy_extensions)+sizeof(direct_extension));
-     strcpy(WineGLInfo.glExtensions, str);
-     strcat(WineGLInfo.glExtensions, legacy_extensions);
-+    if (WineGLInfo.glxDirect)
-+        strcat(WineGLInfo.glExtensions, direct_extension);
+-    glExtensions = HeapAlloc(GetProcessHeap(), 0, strlen(str)+sizeof(legacy_extensions));
+    glExtensions = HeapAlloc(GetProcessHeap(), 0, strlen(str)+sizeof(legacy_extensions)+sizeof(direct_extension));
+     strcpy(glExtensions, str);
+     strcat(glExtensions, legacy_extensions);
+    if (glx_direct)
+        strcat(glExtensions, direct_extension);
 
     /* Get the common GLX version supported by GLX client and server ( major/minor) */
-     pglXQueryVersion(gdi_display, &WineGLInfo.glxVersion[0], &WineGLInfo.glxVersion[1]);
-@@ -508,7 +512,7 @@ static BOOL X11DRV_WineGL_InitOpenglInfo(void)
-     WineGLInfo.glxClientExtensions = pglXGetClientString(gdi_display, GLX_EXTENSIONS);
+     pglXQueryVersion(gdi_display, &glxVersion[0], &glxVersion[1]);
 
-     WineGLInfo.glxExtensions = pglXQueryExtensionsString(gdi_display, screen);
-    WineGLInfo.glxDirect = pglXIsDirect(gdi_display, ctx);
-+
+     glxExtensions = pglXQueryExtensionsString(gdi_display, screen);
+-    glx_direct = pglXIsDirect(gdi_display, ctx);
 
-     TRACE("GL version             : %s.\n", WineGLInfo.glVersion);
+     TRACE("GL version             : %s.\n", gl_version);
     TRACE("GL renderer            : %s.\n", gl_renderer);
 -- 
 1.7.9.5
-
--- a/patches/Staging/0001-kernel32-Add-winediag-message-to-show-warning-that-t.patch
+++ b/patches/Staging/0001-kernel32-Add-winediag-message-to-show-warning-that-t.patch
@@ -1,40 +1,41 @@
-From 41ee5d7699182ea01c61223ab9d0a10473e16ac2 Mon Sep 17 00:00:00 2001
+From ee1533db82fa2a955765b6a00f5300900350d2fe Mon Sep 17 00:00:00 2001
 From: Sebastian Lackner <sebastian@fds-team.de>
 Date: Thu, 2 Oct 2014 19:44:31 +0200
-Subject: kernel32: Add winediag message to show warning, that this isn't
- vanilla wine.
+Subject: [PATCH] kernel32: Add winediag message to show warning, that this
+ isn't vanilla wine.

 ---
- dlls/kernel32/process.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
+ dlls/kernel32/process.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)

 diff --git a/dlls/kernel32/process.c b/dlls/kernel32/process.c
-index 6d0fc74cdf4..ed1d967ffdf 100644
+index 0a3fd70..206224f 100644
 --- a/dlls/kernel32/process.c
 +++ b/dlls/kernel32/process.c
@@ -65,6 +65,7 @@
+ 
 WINE_DEFAULT_DEBUG_CHANNEL(process);
- WINE_DECLARE_DEBUG_CHANNEL(file);
 WINE_DECLARE_DEBUG_CHANNEL(relay);
 +WINE_DECLARE_DEBUG_CHANNEL(winediag);
 
 #ifdef __APPLE__
 extern char **__wine_get_main_environment(void);
-@@ -1104,6 +1105,14 @@ static DWORD WINAPI start_process( PEB *peb )
-         DPRINTF( "%04x:Starting process %s (entryproc=%p)\n", GetCurrentThreadId(),
-                  debugstr_w(peb->ProcessParameters->ImagePathName.Buffer), entry );
+@@ -1090,6 +1091,15 @@ void WINAPI start_process( LPTHREAD_START_ROUTINE entry, PEB *peb )
 
-+    if (CreateEventA(0, 0, 0, "__winestaging_warn_event") && GetLastError() != ERROR_ALREADY_EXISTS)
-+    {
-+        FIXME_(winediag)("Wine Staging %s is a testing version containing experimental patches.\n", wine_get_version());
-+        FIXME_(winediag)("Please mention your exact version when filing bug reports on winehq.org.\n");
-+    }
-+    else
-+        WARN_(winediag)("Wine Staging %s is a testing version containing experimental patches.\n", wine_get_version());
+     __TRY
+     {
+        if (CreateEventA(0, 0, 0, "__winestaging_warn_event") && GetLastError() != ERROR_ALREADY_EXISTS)
+        {
+            FIXME_(winediag)("Wine Staging %s is a testing version containing experimental patches.\n", wine_get_version());
+            FIXME_(winediag)("Please mention your exact version when filing bug reports on winehq.org.\n");
+        }
+        else
+            WARN_(winediag)("Wine Staging %s is a testing version containing experimental patches.\n", wine_get_version());
 +
-     if (!CheckRemoteDebuggerPresent( GetCurrentProcess(), &being_debugged ))
-         being_debugged = FALSE;
+
+         if (!CheckRemoteDebuggerPresent( GetCurrentProcess(), &being_debugged ))
+             being_debugged = FALSE;
 
 -- 
-2.11.0
+1.9.1

--- a/patches/advapi-LsaLookupPrivilegeName/0001-advapi32-Fix-error-code-when-calling-LsaOpenPolicy-f.patch
+++ b/patches/advapi-LsaLookupPrivilegeName/0001-advapi32-Fix-error-code-when-calling-LsaOpenPolicy-f.patch
@@ -1,4 +1,4 @@
-From ce0ab0ccd6e4953a9673d15e00cf602668469c2c Mon Sep 17 00:00:00 2001
+From 971cfbe9ab8a7cb62c5b3e62fe4fe0bfc4518889 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
 Date: Sun, 5 Mar 2017 23:04:36 +0100
 Subject: advapi32: Fix error code when calling LsaOpenPolicy for non existing
@@ -10,10 +10,10 @@ Subject: advapi32: Fix error code when calling LsaOpenPolicy for non existing
 2 files changed, 11 insertions(+), 1 deletion(-)

 diff --git a/dlls/advapi32/lsa.c b/dlls/advapi32/lsa.c
-index b8dedbd6d58..e5e3b1649c0 100644
+index bfd879bbc73..2e021a1ec2d 100644
 --- a/dlls/advapi32/lsa.c
 +++ b/dlls/advapi32/lsa.c
-@@ -692,7 +692,7 @@ NTSTATUS WINAPI LsaOpenPolicy(
+@@ -659,7 +659,7 @@ NTSTATUS WINAPI LsaOpenPolicy(
           ObjectAttributes, DesiredAccess, PolicyHandle);
 
     ADVAPI_ForceLocalComputer(SystemName ? SystemName->Buffer : NULL,
@@ -23,10 +23,10 @@ index b8dedbd6d58..e5e3b1649c0 100644
 
     if(PolicyHandle) *PolicyHandle = (LSA_HANDLE)0xcafe;
 diff --git a/dlls/advapi32/tests/lsa.c b/dlls/advapi32/tests/lsa.c
-index 4daf75f58d1..7ddda731be2 100644
+index 861fea0525e..bb291e65a71 100644
 --- a/dlls/advapi32/tests/lsa.c
 +++ b/dlls/advapi32/tests/lsa.c
-@@ -70,6 +70,8 @@ static BOOL init(void)
+@@ -39,6 +39,8 @@ DEFINE_GUID(GUID_NULL,0,0,0,0,0,0,0,0,0,0,0);
 
 static void test_lsa(void)
 {
@@ -35,7 +35,7 @@ index 4daf75f58d1..7ddda731be2 100644
     NTSTATUS status;
     LSA_HANDLE handle;
     LSA_OBJECT_ATTRIBUTES object_attributes;
-@@ -77,6 +79,14 @@ static void test_lsa(void)
+@@ -46,6 +48,14 @@ static void test_lsa(void)
     ZeroMemory(&object_attributes, sizeof(object_attributes));
     object_attributes.Length = sizeof(object_attributes);
 
@@ -43,13 +43,13 @@ index 4daf75f58d1..7ddda731be2 100644
 +    machine.Length = sizeof(machineW) - 2;
 +    machine.MaximumLength = sizeof(machineW);
 +
-+    status = pLsaOpenPolicy( &machine, &object_attributes, POLICY_LOOKUP_NAMES, &handle);
+    status = LsaOpenPolicy( &machine, &object_attributes, POLICY_LOOKUP_NAMES, &handle);
 +    ok(status == RPC_NT_SERVER_UNAVAILABLE,
 +       "LsaOpenPolicy(POLICY_LOOKUP_NAMES) for invalid machine returned 0x%08x\n", status);
 +
-     status = pLsaOpenPolicy( NULL, &object_attributes, POLICY_ALL_ACCESS, &handle);
+     status = LsaOpenPolicy( NULL, &object_attributes, POLICY_ALL_ACCESS, &handle);
     ok(status == STATUS_SUCCESS || status == STATUS_ACCESS_DENIED,
        "LsaOpenPolicy(POLICY_ALL_ACCESS) returned 0x%08x\n", status);
 -- 
-2.11.0
+2.14.2

--- a/patches/advapi-LsaLookupPrivilegeName/0003-advapi32-Implement-LsaLookupPrivilegeName.patch
+++ b/patches/advapi-LsaLookupPrivilegeName/0003-advapi32-Implement-LsaLookupPrivilegeName.patch
@@ -1,141 +0,0 @@
-From ca415799729a5330fc9def2df8fb9c4ffef80448 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
-Date: Sun, 5 Mar 2017 23:50:06 +0100
-Subject: advapi32: Implement LsaLookupPrivilegeName.
-
---
- dlls/advapi32/advapi32_misc.h |  2 ++
- dlls/advapi32/lsa.c           | 30 ++++++++++++++++++++++++++++--
- dlls/advapi32/security.c      | 27 ++++++++++++++++++---------
- include/ntsecapi.h            |  1 +
- 4 files changed, 49 insertions(+), 11 deletions(-)
-
-diff --git a/dlls/advapi32/advapi32_misc.h b/dlls/advapi32/advapi32_misc.h
-index d116ecb836e..ecb07f635a6 100644
--- a/dlls/advapi32/advapi32_misc.h
-+++ b/dlls/advapi32/advapi32_misc.h
-@@ -68,4 +68,6 @@ static inline WCHAR *strdupAW( const char *src )
-     return dst;
- }
- 
-+const WCHAR * const WellKnownPrivNames[SE_MAX_WELL_KNOWN_PRIVILEGE + 1];
-+
- #endif /* __WINE_ADVAPI32MISC_H */
-diff --git a/dlls/advapi32/lsa.c b/dlls/advapi32/lsa.c
-index 61c91f497eb..e6f88d2fa73 100644
--- a/dlls/advapi32/lsa.c
-+++ b/dlls/advapi32/lsa.c
-@@ -983,6 +983,32 @@ NTSTATUS WINAPI LsaLookupPrivilegeName(
-     LUID *luid,
-     UNICODE_STRING **name)
- {
-    FIXME("(%p,%p,%p) stub\n", handle, luid, name);
-    return STATUS_NO_SUCH_PRIVILEGE;
-+    UNICODE_STRING *priv_unicode;
-+    size_t priv_size;
-+    WCHAR *strW;
-+
-+    TRACE("(%p, %p, %p)\n", handle, luid, name);
-+
-+    if (!handle)
-+        return STATUS_INVALID_HANDLE;
-+
-+    if (!name)
-+        return STATUS_INVALID_PARAMETER;
-+
-+    if (luid->HighPart ||
-+        (luid->LowPart < SE_MIN_WELL_KNOWN_PRIVILEGE ||
-+         luid->LowPart > SE_MAX_WELL_KNOWN_PRIVILEGE ||
-+         !WellKnownPrivNames[luid->LowPart]))
-+        return STATUS_NO_SUCH_PRIVILEGE;
-+
-+    priv_size = (strlenW(WellKnownPrivNames[luid->LowPart]) + 1) * sizeof(WCHAR);
-+    priv_unicode = heap_alloc(sizeof(*priv_unicode) + priv_size);
-+    if (!priv_unicode) return STATUS_NO_MEMORY;
-+
-+    strW = (WCHAR *)(priv_unicode + 1);
-+    strcpyW(strW, WellKnownPrivNames[luid->LowPart]);
-+    RtlInitUnicodeString(priv_unicode, strW);
-+
-+    *name = priv_unicode;
-+    return STATUS_SUCCESS;
- }
-diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c
-index e36792cff4b..3bc8f48b19c 100644
--- a/dlls/advapi32/security.c
-+++ b/dlls/advapi32/security.c
-@@ -1840,7 +1840,7 @@ static const WCHAR SE_IMPERSONATE_NAME_W[] =
- static const WCHAR SE_CREATE_GLOBAL_NAME_W[] =
-  { 'S','e','C','r','e','a','t','e','G','l','o','b','a','l','P','r','i','v','i','l','e','g','e',0 };
- 
-static const WCHAR * const WellKnownPrivNames[SE_MAX_WELL_KNOWN_PRIVILEGE + 1] =
-+const WCHAR * const WellKnownPrivNames[SE_MAX_WELL_KNOWN_PRIVILEGE + 1] =
- {
-     NULL,
-     NULL,
-@@ -2043,33 +2043,42 @@ BOOL WINAPI
- LookupPrivilegeNameW( LPCWSTR lpSystemName, PLUID lpLuid, LPWSTR lpName,
-  LPDWORD cchName)
- {
-+    UNICODE_STRING system_name, *priv;
-+    LSA_HANDLE lsa;
-+    NTSTATUS status;
-     size_t privNameLen;
- 
-     TRACE("%s,%p,%p,%p\n",debugstr_w(lpSystemName), lpLuid, lpName, cchName);
- 
-    if (!ADVAPI_IsLocalComputer(lpSystemName))
-+    RtlInitUnicodeString(&system_name, lpSystemName);
-+    status = LsaOpenPolicy(&system_name, NULL, POLICY_LOOKUP_NAMES, &lsa);
-+    if (status)
-     {
-        SetLastError(RPC_S_SERVER_UNAVAILABLE);
-+        SetLastError(LsaNtStatusToWinError(status));
-         return FALSE;
-     }
-    if (lpLuid->HighPart || (lpLuid->LowPart < SE_MIN_WELL_KNOWN_PRIVILEGE ||
-     lpLuid->LowPart > SE_MAX_WELL_KNOWN_PRIVILEGE))
-+
-+    status = LsaLookupPrivilegeName(&lsa, lpLuid, &priv);
-+    LsaClose(lsa);
-+    if (status)
-     {
-        SetLastError(ERROR_NO_SUCH_PRIVILEGE);
-+        SetLastError(LsaNtStatusToWinError(status));
-         return FALSE;
-     }
-    privNameLen = strlenW(WellKnownPrivNames[lpLuid->LowPart]);
-    /* Windows crashes if cchName is NULL, so will I */
-+
-+    privNameLen = priv->Length / sizeof(WCHAR);
-     if (*cchName <= privNameLen)
-     {
-         *cchName = privNameLen + 1;
-+        LsaFreeMemory(priv);
-         SetLastError(ERROR_INSUFFICIENT_BUFFER);
-         return FALSE;
-     }
-     else
-     {
-        strcpyW(lpName, WellKnownPrivNames[lpLuid->LowPart]);
-+        strcpyW(lpName, priv->Buffer);
-         *cchName = privNameLen;
-+        LsaFreeMemory(priv);
-         return TRUE;
-     }
- }
-diff --git a/include/ntsecapi.h b/include/ntsecapi.h
-index 2bb3d312e43..0bf0eca43ed 100644
--- a/include/ntsecapi.h
-+++ b/include/ntsecapi.h
-@@ -370,6 +370,7 @@ NTSTATUS WINAPI LsaLookupNames(LSA_HANDLE,ULONG,PLSA_UNICODE_STRING,PLSA_REFEREN
-                                PLSA_TRANSLATED_SID*);
- NTSTATUS WINAPI LsaLookupNames2(LSA_HANDLE,ULONG,ULONG,PLSA_UNICODE_STRING,PLSA_REFERENCED_DOMAIN_LIST*,
-                                 PLSA_TRANSLATED_SID2*);
-+NTSTATUS WINAPI LsaLookupPrivilegeName(LSA_HANDLE,PLUID,PUNICODE_STRING*);
- NTSTATUS WINAPI LsaLookupSids(LSA_HANDLE,ULONG,PSID *,PLSA_REFERENCED_DOMAIN_LIST *,PLSA_TRANSLATED_NAME *);
- ULONG WINAPI LsaNtStatusToWinError(NTSTATUS);
- NTSTATUS WINAPI LsaOpenPolicy(PLSA_UNICODE_STRING,PLSA_OBJECT_ATTRIBUTES,ACCESS_MASK,PLSA_HANDLE);
-- 
-2.14.1
-
--- a/patches/advapi-LsaLookupPrivilegeName/0004-advapi32-Add-stub-for-LsaLookupPrivilegeDisplayName.patch
+++ b/patches/advapi-LsaLookupPrivilegeName/0004-advapi32-Add-stub-for-LsaLookupPrivilegeDisplayName.patch
@@ -1,62 +0,0 @@
-From 63d642a1af3ccc579123cb8fd13959ab5e9136dd Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
-Date: Mon, 6 Mar 2017 00:01:53 +0100
-Subject: advapi32: Add stub for LsaLookupPrivilegeDisplayName.
-
---
- dlls/advapi32/advapi32.spec |  2 +-
- dlls/advapi32/lsa.c         | 21 +++++++++++++++++++++
- 2 files changed, 22 insertions(+), 1 deletion(-)
-
-diff --git a/dlls/advapi32/advapi32.spec b/dlls/advapi32/advapi32.spec
-index 124f527282..0b03cec3f5 100644
--- a/dlls/advapi32/advapi32.spec
-+++ b/dlls/advapi32/advapi32.spec
-@@ -468,7 +468,7 @@
- # @ stub LsaICLookupSidsWithCreds
- @ stdcall LsaLookupNames(long long ptr ptr ptr)
- @ stdcall LsaLookupNames2(ptr long long ptr ptr ptr)
-@ stub LsaLookupPrivilegeDisplayName
-+@ stdcall LsaLookupPrivilegeDisplayName(long ptr ptr ptr)
- @ stdcall LsaLookupPrivilegeName(long ptr ptr)
- # @ stub LsaLookupPrivilegeValue
- @ stdcall LsaLookupSids(ptr long ptr ptr ptr)
-diff --git a/dlls/advapi32/lsa.c b/dlls/advapi32/lsa.c
-index ceb3b05c05..c2e02fb462 100644
--- a/dlls/advapi32/lsa.c
-+++ b/dlls/advapi32/lsa.c
-@@ -44,6 +44,12 @@ WINE_DEFAULT_DEBUG_CHANNEL(advapi);
-         return FailureCode; \
- }
- 
-+static LPCSTR debugstr_us( const UNICODE_STRING *us )
-+{
-+    if (!us) return "(null)";
-+    return debugstr_wn(us->Buffer, us->Length / sizeof(WCHAR));
-+}
-+
- static void dumpLsaAttributes(const LSA_OBJECT_ATTRIBUTES *oa)
- {
-     if (oa)
-@@ -1011,3 +1017,18 @@ NTSTATUS WINAPI LsaLookupPrivilegeName(
-     *name = priv_unicode;
-     return STATUS_SUCCESS;
- }
-+
-+/******************************************************************************
-+ * LsaLookupPrivilegeDisplayName [ADVAPI32.@]
-+ *
-+ */
-+NTSTATUS WINAPI LsaLookupPrivilegeDisplayName(
-+    LSA_HANDLE handle,
-+    PLSA_UNICODE_STRING name,
-+    PLSA_UNICODE_STRING *dispname,
-+    SHORT *language)
-+{
-+    FIXME("(%p, %s, %p, %p)\n", handle, debugstr_us(name), dispname, language);
-+
-+    return STATUS_NO_SUCH_PRIVILEGE;
-+}
-- 
-2.11.0
-
--- a/patches/advapi-LsaLookupPrivilegeName/definition
+++ b/patches/advapi-LsaLookupPrivilegeName/definition
@@ -1 +0,0 @@
-Fixes: [43316] Add LsaLookupPrivilege[Display]Name stubs
--- a/patches/advapi32-BuildSecurityDescriptor/0001-advapi32-Implement-BuildSecurityDescriptorW.patch
+++ b/patches/advapi32-BuildSecurityDescriptor/0001-advapi32-Implement-BuildSecurityDescriptorW.patch
@@ -1,268 +0,0 @@
-From 994fe46f1b68d851d285a29cce904bd9f22540ea Mon Sep 17 00:00:00 2001
-From: Andrew Wesie <awesie@gmail.com>
-Date: Tue, 2 May 2017 00:59:49 -0500
-Subject: advapi32: Implement BuildSecurityDescriptorW.
-
---
- dlls/advapi32/security.c | 218 +++++++++++++++++++++++++++++++++++------------
- 1 file changed, 164 insertions(+), 54 deletions(-)
-
-diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c
-index 24ec3099713..82bb6689d43 100644
--- a/dlls/advapi32/security.c
-+++ b/dlls/advapi32/security.c
-@@ -58,6 +58,7 @@ static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(
-     SECURITY_DESCRIPTOR_RELATIVE* SecurityDescriptor,
-     LPDWORD cBytes);
- static DWORD ParseAclStringFlags(LPCWSTR* StringAcl);
-+static DWORD trustee_to_sid(DWORD nDestinationSidLength, PSID pDestinationSid, PTRUSTEEW pTrustee);
- 
- typedef struct _ACEFLAG
- {
-@@ -1264,16 +1265,122 @@ DWORD WINAPI BuildSecurityDescriptorW(
-     IN ULONG cCountOfAccessEntries,
-     IN PEXPLICIT_ACCESSW pListOfAccessEntries,
-     IN ULONG cCountOfAuditEntries,
-    IN PEXPLICIT_ACCESSW pListofAuditEntries,
-+    IN PEXPLICIT_ACCESSW pListOfAuditEntries,
-     IN PSECURITY_DESCRIPTOR pOldSD,
-     IN OUT PULONG lpdwBufferLength,
-     OUT PSECURITY_DESCRIPTOR* pNewSD)
- { 
-    FIXME("(%p,%p,%d,%p,%d,%p,%p,%p,%p) stub!\n",pOwner,pGroup,
-          cCountOfAccessEntries,pListOfAccessEntries,cCountOfAuditEntries,
-          pListofAuditEntries,pOldSD,lpdwBufferLength,pNewSD);
-+    SECURITY_DESCRIPTOR desc;
-+    NTSTATUS status;
-+    DWORD ret = ERROR_SUCCESS;
-+
-+    TRACE("(%p,%p,%d,%p,%d,%p,%p,%p,%p)\n", pOwner, pGroup,
-+          cCountOfAccessEntries, pListOfAccessEntries, cCountOfAuditEntries,
-+          pListOfAuditEntries, pOldSD, lpdwBufferLength, pNewSD);
-  
-    return ERROR_CALL_NOT_IMPLEMENTED;
-+    if (pOldSD)
-+    {
-+        SECURITY_DESCRIPTOR_CONTROL control;
-+        DWORD desc_size, dacl_size = 0, sacl_size = 0, owner_size = 0, group_size = 0;
-+        PACL dacl = NULL, sacl = NULL;
-+        PSID owner = NULL, group = NULL;
-+        DWORD revision;
-+
-+        if ((status = RtlGetControlSecurityDescriptor( pOldSD, &control, &revision )) != STATUS_SUCCESS)
-+            return RtlNtStatusToDosError( status );
-+        if (!(control & SE_SELF_RELATIVE))
-+            return ERROR_INVALID_SECURITY_DESCR;
-+
-+        desc_size = sizeof(desc);
-+        status = RtlSelfRelativeToAbsoluteSD( pOldSD, &desc, &desc_size, dacl, &dacl_size, sacl, &sacl_size,
-+                                              owner, &owner_size, group, &group_size );
-+        if (status == STATUS_BUFFER_TOO_SMALL)
-+        {
-+            if (dacl_size)
-+                dacl = LocalAlloc( LMEM_FIXED, dacl_size );
-+            if (sacl_size)
-+                sacl = LocalAlloc( LMEM_FIXED, sacl_size );
-+            if (owner_size)
-+                owner = LocalAlloc( LMEM_FIXED, owner_size );
-+            if (group_size)
-+                group = LocalAlloc( LMEM_FIXED, group_size );
-+
-+            desc_size = sizeof(desc);
-+            status = RtlSelfRelativeToAbsoluteSD( pOldSD, &desc, &desc_size, dacl, &dacl_size, sacl, &sacl_size,
-+                                                  owner, &owner_size, group, &group_size );
-+        }
-+        if (status != STATUS_SUCCESS)
-+        {
-+            LocalFree( dacl );
-+            LocalFree( sacl );
-+            LocalFree( owner );
-+            LocalFree( group );
-+            return RtlNtStatusToDosError( status );
-+        }
-+    }
-+    else
-+    {
-+        if ((status = RtlCreateSecurityDescriptor( &desc, SECURITY_DESCRIPTOR_REVISION )) != STATUS_SUCCESS)
-+            return RtlNtStatusToDosError( status );
-+    }
-+
-+    if (pOwner)
-+    {
-+        LocalFree( desc.Owner );
-+        desc.Owner = LocalAlloc( LMEM_FIXED, sizeof(MAX_SID) );
-+        if ((ret = trustee_to_sid( sizeof(MAX_SID), desc.Owner, pOwner )))
-+            goto done;
-+    }
-+
-+    if (pGroup)
-+    {
-+        LocalFree( desc.Group );
-+        desc.Group = LocalAlloc( LMEM_FIXED, sizeof(MAX_SID) );
-+        if ((ret = trustee_to_sid( sizeof(MAX_SID), desc.Group, pGroup )))
-+            goto done;
-+    }
-+
-+    if (pListOfAccessEntries)
-+    {
-+        PACL new_dacl;
-+
-+        if ((ret = SetEntriesInAclW( cCountOfAccessEntries, pListOfAccessEntries, desc.Dacl, &new_dacl )))
-+            goto done;
-+
-+        LocalFree( desc.Dacl );
-+        desc.Dacl = new_dacl;
-+        desc.Control |= SE_DACL_PRESENT;
-+    }
-+
-+    if (pListOfAuditEntries)
-+    {
-+        PACL new_sacl;
-+
-+        if ((ret = SetEntriesInAclW( cCountOfAuditEntries, pListOfAuditEntries, desc.Sacl, &new_sacl )))
-+            goto done;
-+
-+        LocalFree( desc.Sacl );
-+        desc.Sacl = new_sacl;
-+        desc.Control |= SE_SACL_PRESENT;
-+    }
-+
-+    *lpdwBufferLength = RtlLengthSecurityDescriptor( &desc );
-+    *pNewSD = LocalAlloc( LMEM_FIXED, *lpdwBufferLength );
-+
-+    if ((status = RtlMakeSelfRelativeSD( &desc, *pNewSD, lpdwBufferLength )) != STATUS_SUCCESS)
-+    {
-+        ret = RtlNtStatusToDosError( status );
-+        LocalFree( *pNewSD );
-+        *pNewSD = NULL;
-+    }
-+
-+done:
-+    /* free absolute descriptor */
-+    LocalFree( desc.Owner );
-+    LocalFree( desc.Group );
-+    LocalFree( desc.Sacl );
-+    LocalFree( desc.Dacl );
-+    return ret;
- } 
- 
- /******************************************************************************
-@@ -3766,6 +3873,56 @@ static void free_trustee_name(TRUSTEE_FORM form, WCHAR *trustee_nameW)
-     }
- }
- 
-+static DWORD trustee_to_sid( DWORD nDestinationSidLength, PSID pDestinationSid, PTRUSTEEW pTrustee )
-+{
-+    if (pTrustee->MultipleTrusteeOperation == TRUSTEE_IS_IMPERSONATE)
-+    {
-+        WARN("bad multiple trustee operation %d\n", pTrustee->MultipleTrusteeOperation);
-+        return ERROR_INVALID_PARAMETER;
-+    }
-+
-+    switch (pTrustee->TrusteeForm)
-+    {
-+    case TRUSTEE_IS_SID:
-+        if (!CopySid(nDestinationSidLength, pDestinationSid, pTrustee->ptstrName))
-+        {
-+            WARN("bad sid %p\n", pTrustee->ptstrName);
-+            return ERROR_INVALID_PARAMETER;
-+        }
-+        break;
-+    case TRUSTEE_IS_NAME:
-+    {
-+        DWORD sid_size = nDestinationSidLength;
-+        DWORD domain_size = MAX_COMPUTERNAME_LENGTH + 1;
-+        SID_NAME_USE use;
-+        if (!strcmpW( pTrustee->ptstrName, CURRENT_USER ))
-+        {
-+            if (!lookup_user_account_name( pDestinationSid, &sid_size, NULL, &domain_size, &use ))
-+            {
-+                return GetLastError();
-+            }
-+        }
-+        else if (!LookupAccountNameW(NULL, pTrustee->ptstrName, pDestinationSid, &sid_size, NULL, &domain_size, &use))
-+        {
-+            WARN("bad user name %s\n", debugstr_w(pTrustee->ptstrName));
-+            return ERROR_INVALID_PARAMETER;
-+        }
-+        break;
-+    }
-+    case TRUSTEE_IS_OBJECTS_AND_SID:
-+        FIXME("TRUSTEE_IS_OBJECTS_AND_SID unimplemented\n");
-+        break;
-+    case TRUSTEE_IS_OBJECTS_AND_NAME:
-+        FIXME("TRUSTEE_IS_OBJECTS_AND_NAME unimplemented\n");
-+        break;
-+    default:
-+        WARN("bad trustee form %d\n", pTrustee->TrusteeForm);
-+        return ERROR_INVALID_PARAMETER;
-+    }
-+
-+    return ERROR_SUCCESS;
-+}
-+
- /******************************************************************************
-  * SetEntriesInAclA [ADVAPI32.@]
-  */
-@@ -3861,56 +4018,9 @@ DWORD WINAPI SetEntriesInAclW( ULONG count, PEXPLICIT_ACCESSW pEntries,
-               pEntries[i].Trustee.TrusteeForm, pEntries[i].Trustee.TrusteeType,
-               pEntries[i].Trustee.ptstrName);
- 
-        if (pEntries[i].Trustee.MultipleTrusteeOperation == TRUSTEE_IS_IMPERSONATE)
-        {
-            WARN("bad multiple trustee operation %d for trustee %d\n", pEntries[i].Trustee.MultipleTrusteeOperation, i);
-            ret = ERROR_INVALID_PARAMETER;
-            goto exit;
-        }
-
-        switch (pEntries[i].Trustee.TrusteeForm)
-        {
-        case TRUSTEE_IS_SID:
-            if (!CopySid(FIELD_OFFSET(SID, SubAuthority[SID_MAX_SUB_AUTHORITIES]),
-                         ppsid[i], pEntries[i].Trustee.ptstrName))
-            {
-                WARN("bad sid %p for trustee %d\n", pEntries[i].Trustee.ptstrName, i);
-                ret = ERROR_INVALID_PARAMETER;
-                goto exit;
-            }
-            break;
-        case TRUSTEE_IS_NAME:
-        {
-            DWORD sid_size = FIELD_OFFSET(SID, SubAuthority[SID_MAX_SUB_AUTHORITIES]);
-            DWORD domain_size = MAX_COMPUTERNAME_LENGTH + 1;
-            SID_NAME_USE use;
-            if (!strcmpW( pEntries[i].Trustee.ptstrName, CURRENT_USER ))
-            {
-                if (!lookup_user_account_name( ppsid[i], &sid_size, NULL, &domain_size, &use ))
-                {
-                    ret = GetLastError();
-                    goto exit;
-                }
-            }
-            else if (!LookupAccountNameW(NULL, pEntries[i].Trustee.ptstrName, ppsid[i], &sid_size, NULL, &domain_size, &use))
-            {
-                WARN("bad user name %s for trustee %d\n", debugstr_w(pEntries[i].Trustee.ptstrName), i);
-                ret = ERROR_INVALID_PARAMETER;
-                goto exit;
-            }
-            break;
-        }
-        case TRUSTEE_IS_OBJECTS_AND_SID:
-            FIXME("TRUSTEE_IS_OBJECTS_AND_SID unimplemented\n");
-            break;
-        case TRUSTEE_IS_OBJECTS_AND_NAME:
-            FIXME("TRUSTEE_IS_OBJECTS_AND_NAME unimplemented\n");
-            break;
-        default:
-            WARN("bad trustee form %d for trustee %d\n", pEntries[i].Trustee.TrusteeForm, i);
-            ret = ERROR_INVALID_PARAMETER;
-+        ret = trustee_to_sid( FIELD_OFFSET(SID, SubAuthority[SID_MAX_SUB_AUTHORITIES]), ppsid[i], &pEntries[i].Trustee);
-+        if (ret)
-             goto exit;
-        }
- 
-         /* Note: we overestimate the ACL size here as a tradeoff between
-          * instructions (simplicity) and memory */
-- 
-2.12.2
-
--- a/patches/advapi32-BuildSecurityDescriptor/0002-advapi32-tests-Add-basic-tests-for-BuildSecurityDesc.patch
+++ b/patches/advapi32-BuildSecurityDescriptor/0002-advapi32-tests-Add-basic-tests-for-BuildSecurityDesc.patch
@@ -1,69 +0,0 @@
-From 09d62cfc4fa999eacc89af2ad414810e22c910a9 Mon Sep 17 00:00:00 2001
-From: Sebastian Lackner <sebastian@fds-team.de>
-Date: Fri, 5 May 2017 00:18:50 +0200
-Subject: advapi32/tests: Add basic tests for BuildSecurityDescriptor.
-
---
- dlls/advapi32/tests/security.c | 39 +++++++++++++++++++++++++++++++++++++++
- 1 file changed, 39 insertions(+)
-
-diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
-index ca5edffae5..db5a0f934c 100644
--- a/dlls/advapi32/tests/security.c
-+++ b/dlls/advapi32/tests/security.c
-@@ -7217,6 +7217,44 @@ static void test_GetExplicitEntriesFromAclW(void)
-     HeapFree(GetProcessHeap(), 0, old_acl);
- }
- 
-+static void test_BuildSecurityDescriptorW(void)
-+{
-+    SECURITY_DESCRIPTOR old_sd, *new_sd, *rel_sd;
-+    ULONG new_sd_size;
-+    DWORD buf_size;
-+    char buf[1024];
-+    BOOL success;
-+    DWORD ret;
-+
-+    InitializeSecurityDescriptor(&old_sd, SECURITY_DESCRIPTOR_REVISION);
-+
-+    buf_size = sizeof(buf);
-+    rel_sd = (SECURITY_DESCRIPTOR *)buf;
-+    success = MakeSelfRelativeSD(&old_sd, rel_sd, &buf_size);
-+    ok(success, "MakeSelfRelativeSD failed with %u\n", GetLastError());
-+
-+    new_sd = NULL;
-+    new_sd_size = 0;
-+    ret = BuildSecurityDescriptorW(NULL, NULL, 0, NULL, 0, NULL, NULL, &new_sd_size, (void **)&new_sd);
-+    ok(ret == ERROR_SUCCESS, "BuildSecurityDescriptor failed with %u\n", ret);
-+    ok(new_sd != NULL, "expected new_sd != NULL\n");
-+    ok(new_sd_size == sizeof(old_sd), "expected new_sd_size == sizeof(old_sd), got %u\n", new_sd_size);
-+    LocalFree(new_sd);
-+
-+    new_sd = (void *)0xdeadbeef;
-+    ret = BuildSecurityDescriptorW(NULL, NULL, 0, NULL, 0, NULL, &old_sd, &new_sd_size, (void **)&new_sd);
-+    ok(ret == ERROR_INVALID_SECURITY_DESCR, "expected ERROR_INVALID_SECURITY_DESCR, got %u\n", ret);
-+    ok(new_sd == (void *)0xdeadbeef, "expected new_sd == 0xdeadbeef, got %p\n", new_sd);
-+
-+    new_sd = NULL;
-+    new_sd_size = 0;
-+    ret = BuildSecurityDescriptorW(NULL, NULL, 0, NULL, 0, NULL, rel_sd, &new_sd_size, (void **)&new_sd);
-+    ok(ret == ERROR_SUCCESS, "BuildSecurityDescriptor failed with %u\n", ret);
-+    ok(new_sd != NULL, "expected new_sd != NULL\n");
-+    ok(new_sd_size == sizeof(old_sd), "expected new_sd_size == sizeof(old_sd), got %u\n", new_sd_size);
-+    LocalFree(new_sd);
-+}
-+
- START_TEST(security)
- {
-     init();
-@@ -7271,6 +7309,7 @@ START_TEST(security)
-     test_maximum_allowed();
-     test_token_label();
-     test_GetExplicitEntriesFromAclW();
-+    test_BuildSecurityDescriptorW();
- 
-     /* Must be the last test, modifies process token */
-     test_token_security_descriptor();
-- 
-2.13.1
-
--- a/patches/advapi32-BuildSecurityDescriptor/definition
+++ b/patches/advapi32-BuildSecurityDescriptor/definition
@@ -1,2 +0,0 @@
-Fixes: Initial implementation of advapi32.BuildSecurityDescriptorW
-Depends: advapi32-GetExplicitEntriesFromAclW
--- a/patches/advapi32-CreateRestrictedToken/definition
+++ b/patches/advapi32-CreateRestrictedToken/definition
@@ -1 +1 @@
-Fixes: Implement advapi32.CreateRestrictedToken
+Fixes: [25834] Implement advapi32.CreateRestrictedToken
--- a/patches/advapi32-GetExplicitEntriesFromAclW/0001-advapi32-Implement-GetExplicitEntriesFromAclW.patch
+++ b/patches/advapi32-GetExplicitEntriesFromAclW/0001-advapi32-Implement-GetExplicitEntriesFromAclW.patch
@@ -1,279 +0,0 @@
-From 510d9f43f441bc3a9723aabfd2c1cdc8737d6dcc Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
-Date: Sun, 28 Aug 2016 21:56:41 +0200
-Subject: advapi32: Implement GetExplicitEntriesFromAclW.
-
---
- dlls/advapi32/security.c       |  81 ++++++++++++++++++++++-
- dlls/advapi32/tests/security.c | 142 +++++++++++++++++++++++++++++++++++++++++
- 2 files changed, 221 insertions(+), 2 deletions(-)
-
-diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c
-index e36792cff4..b305947347 100644
--- a/dlls/advapi32/security.c
-+++ b/dlls/advapi32/security.c
-@@ -4205,8 +4205,85 @@ DWORD WINAPI GetExplicitEntriesFromAclA( PACL pacl, PULONG pcCountOfExplicitEntr
- DWORD WINAPI GetExplicitEntriesFromAclW( PACL pacl, PULONG pcCountOfExplicitEntries,
-         PEXPLICIT_ACCESSW* pListOfExplicitEntries)
- {
-    FIXME("%p %p %p\n",pacl, pcCountOfExplicitEntries, pListOfExplicitEntries);
-    return ERROR_CALL_NOT_IMPLEMENTED;
-+    ACL_SIZE_INFORMATION sizeinfo;
-+    EXPLICIT_ACCESSW* entries;
-+    MAX_SID *sid_entries;
-+    ACE_HEADER *ace;
-+    NTSTATUS status;
-+    int i;
-+
-+    FIXME("%p %p %p: semi-stub\n",pacl, pcCountOfExplicitEntries, pListOfExplicitEntries);
-+
-+    if (!pcCountOfExplicitEntries || !pListOfExplicitEntries)
-+        return ERROR_INVALID_PARAMETER;
-+
-+    status = RtlQueryInformationAcl(pacl, &sizeinfo, sizeof(sizeinfo), AclSizeInformation);
-+    if (status) return RtlNtStatusToDosError(status);
-+
-+    if (!sizeinfo.AceCount)
-+    {
-+        *pcCountOfExplicitEntries = 0;
-+        *pListOfExplicitEntries = NULL;
-+        return ERROR_SUCCESS;
-+    }
-+
-+    entries = LocalAlloc(LMEM_FIXED | LMEM_ZEROINIT, (sizeof(EXPLICIT_ACCESSW) + sizeof(MAX_SID)) * sizeinfo.AceCount);
-+    if (!entries) return ERROR_OUTOFMEMORY;
-+    sid_entries = (MAX_SID*)((char*)entries + sizeof(EXPLICIT_ACCESSW) * sizeinfo.AceCount);
-+
-+    for (i = 0; i < sizeinfo.AceCount; i++)
-+    {
-+        status = RtlGetAce(pacl, i, (void**)&ace);
-+        if (status) goto error;
-+
-+        switch (ace->AceType)
-+        {
-+            case ACCESS_ALLOWED_ACE_TYPE:
-+            {
-+                ACCESS_ALLOWED_ACE *allow = (ACCESS_ALLOWED_ACE *)ace;
-+                entries[i].grfAccessMode = GRANT_ACCESS;
-+                entries[i].grfInheritance = ace->AceFlags;
-+                entries[i].grfAccessPermissions = allow->Mask;
-+
-+                CopySid(sizeof(MAX_SID), (PSID)&sid_entries[i], (PSID)&allow->SidStart);
-+                entries[i].Trustee.pMultipleTrustee = NULL;
-+                entries[i].Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
-+                entries[i].Trustee.TrusteeForm = TRUSTEE_IS_SID;
-+                entries[i].Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN;
-+                entries[i].Trustee.ptstrName = (WCHAR *)&sid_entries[i];
-+                break;
-+            }
-+
-+            case ACCESS_DENIED_ACE_TYPE:
-+            {
-+                ACCESS_DENIED_ACE *deny = (ACCESS_DENIED_ACE *)ace;
-+                entries[i].grfAccessMode = DENY_ACCESS;
-+                entries[i].grfInheritance = ace->AceFlags;
-+                entries[i].grfAccessPermissions = deny->Mask;
-+
-+                CopySid(sizeof(MAX_SID), (PSID)&sid_entries[i], (PSID)&deny->SidStart);
-+                entries[i].Trustee.pMultipleTrustee = NULL;
-+                entries[i].Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
-+                entries[i].Trustee.TrusteeForm = TRUSTEE_IS_SID;
-+                entries[i].Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN;
-+                entries[i].Trustee.ptstrName = (WCHAR *)&sid_entries[i];
-+                break;
-+            }
-+
-+            default:
-+                FIXME("Unhandled ace type %d\n", ace->AceType);
-+                entries[i].grfAccessMode = NOT_USED_ACCESS;
-+                continue;
-+        }
-+    }
-+
-+    *pcCountOfExplicitEntries = sizeinfo.AceCount;
-+    *pListOfExplicitEntries = entries;
-+    return ERROR_SUCCESS;
-+
-+error:
-+    LocalFree(entries);
-+    return RtlNtStatusToDosError(status);
- }
- 
- /******************************************************************************
-diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
-index 3c68205922..ca5edffae5 100644
--- a/dlls/advapi32/tests/security.c
-+++ b/dlls/advapi32/tests/security.c
-@@ -134,6 +134,7 @@ static BOOL     (WINAPI *pGetWindowsAccountDomainSid)(PSID,PSID,DWORD*);
- static void     (WINAPI *pRtlInitAnsiString)(PANSI_STRING,PCSZ);
- static NTSTATUS (WINAPI *pRtlFreeUnicodeString)(PUNICODE_STRING);
- static PSID_IDENTIFIER_AUTHORITY (WINAPI *pGetSidIdentifierAuthority)(PSID);
-+static DWORD    (WINAPI *pGetExplicitEntriesFromAclW)(PACL,PULONG,PEXPLICIT_ACCESSW*);
- 
- static HMODULE hmod;
- static int     myARGC;
-@@ -230,6 +231,7 @@ static void init(void)
-     pGetWindowsAccountDomainSid = (void *)GetProcAddress(hmod, "GetWindowsAccountDomainSid");
-     pGetSidIdentifierAuthority = (void *)GetProcAddress(hmod, "GetSidIdentifierAuthority");
-     pDuplicateTokenEx = (void *)GetProcAddress(hmod, "DuplicateTokenEx");
-+    pGetExplicitEntriesFromAclW = (void *)GetProcAddress(hmod, "GetExplicitEntriesFromAclW");
- 
-     myARGC = winetest_get_mainargs( &myARGV );
- }
-@@ -7076,6 +7078,145 @@ static void test_child_token_sd(void)
-     HeapFree(GetProcessHeap(), 0, sd);
- }
- 
-+static void test_GetExplicitEntriesFromAclW(void)
-+{
-+    static const WCHAR wszCurrentUser[] = { 'C','U','R','R','E','N','T','_','U','S','E','R','\0'};
-+    SID_IDENTIFIER_AUTHORITY SIDAuthWorld = { SECURITY_WORLD_SID_AUTHORITY };
-+    SID_IDENTIFIER_AUTHORITY SIDAuthNT = { SECURITY_NT_AUTHORITY };
-+    PSID everyone_sid = NULL, users_sid = NULL;
-+    EXPLICIT_ACCESSW access;
-+    EXPLICIT_ACCESSW *access2;
-+    PACL new_acl, old_acl = NULL;
-+    ULONG count;
-+    DWORD res;
-+
-+    if (!pGetExplicitEntriesFromAclW)
-+    {
-+        win_skip("GetExplicitEntriesFromAclW is not available\n");
-+        return;
-+    }
-+
-+    if (!pSetEntriesInAclW)
-+    {
-+        win_skip("SetEntriesInAclW is not available\n");
-+        return;
-+    }
-+
-+    old_acl = HeapAlloc(GetProcessHeap(), 0, 256);
-+    res = InitializeAcl(old_acl, 256, ACL_REVISION);
-+    if(!res && GetLastError() == ERROR_CALL_NOT_IMPLEMENTED)
-+    {
-+        win_skip("ACLs not implemented - skipping tests\n");
-+        HeapFree(GetProcessHeap(), 0, old_acl);
-+        return;
-+    }
-+    ok(res, "InitializeAcl failed with error %d\n", GetLastError());
-+
-+    res = AllocateAndInitializeSid(&SIDAuthWorld, 1, SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &everyone_sid);
-+    ok(res, "AllocateAndInitializeSid failed with error %d\n", GetLastError());
-+
-+    res = AllocateAndInitializeSid(&SIDAuthNT, 2, SECURITY_BUILTIN_DOMAIN_RID,
-+                                   DOMAIN_ALIAS_RID_USERS, 0, 0, 0, 0, 0, 0, &users_sid);
-+    ok(res, "AllocateAndInitializeSid failed with error %d\n", GetLastError());
-+
-+    res = AddAccessAllowedAce(old_acl, ACL_REVISION, KEY_READ, users_sid);
-+    ok(res, "AddAccessAllowedAce failed with error %d\n", GetLastError());
-+
-+    access2 = NULL;
-+    res = pGetExplicitEntriesFromAclW(old_acl, &count, &access2);
-+    ok(res == ERROR_SUCCESS, "GetExplicitEntriesFromAclW failed with error %d\n", GetLastError());
-+    ok(count == 1, "Expected count == 1, got %d\n", count);
-+    ok(access2[0].grfAccessMode == GRANT_ACCESS, "Expected GRANT_ACCESS, got %d\n", access2[0].grfAccessMode);
-+    ok(access2[0].grfAccessPermissions == KEY_READ, "Expected KEY_READ, got %d\n", access2[0].grfAccessPermissions);
-+    ok(access2[0].Trustee.TrusteeForm == TRUSTEE_IS_SID, "Expected SID trustee, got %d\n", access2[0].Trustee.TrusteeForm);
-+    ok(access2[0].grfInheritance == NO_INHERITANCE, "Expected NO_INHERITANCE, got %x\n", access2[0].grfInheritance);
-+    ok(EqualSid(access2[0].Trustee.ptstrName, users_sid), "Expected equal SIDs\n");
-+    LocalFree(access2);
-+
-+    access.Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
-+    access.Trustee.pMultipleTrustee = NULL;
-+
-+    access.grfAccessPermissions = KEY_WRITE;
-+    access.grfAccessMode = GRANT_ACCESS;
-+    access.grfInheritance = NO_INHERITANCE;
-+    access.Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
-+    access.Trustee.TrusteeForm = TRUSTEE_IS_SID;
-+    access.Trustee.ptstrName = everyone_sid;
-+    res = pSetEntriesInAclW(1, &access, old_acl, &new_acl);
-+    ok(res == ERROR_SUCCESS, "SetEntriesInAclW failed: %u\n", res);
-+    ok(new_acl != NULL, "returned acl was NULL\n");
-+
-+    access2 = NULL;
-+    res = pGetExplicitEntriesFromAclW(new_acl, &count, &access2);
-+    ok(res == ERROR_SUCCESS, "GetExplicitEntriesFromAclW failed with error %d\n", GetLastError());
-+    ok(count == 2, "Expected count == 2, got %d\n", count);
-+    ok(access2[0].grfAccessMode == GRANT_ACCESS, "Expected GRANT_ACCESS, got %d\n", access2[0].grfAccessMode);
-+    ok(access2[0].grfAccessPermissions == KEY_WRITE, "Expected KEY_WRITE, got %d\n", access2[0].grfAccessPermissions);
-+    ok(access2[0].Trustee.TrusteeType == TRUSTEE_IS_UNKNOWN,
-+       "Expected TRUSTEE_IS_UNKNOWN trustee type, got %d\n", access2[0].Trustee.TrusteeType);
-+    ok(access2[0].Trustee.TrusteeForm == TRUSTEE_IS_SID, "Expected SID trustee, got %d\n", access2[0].Trustee.TrusteeForm);
-+    ok(access2[0].grfInheritance == NO_INHERITANCE, "Expected NO_INHERITANCE, got %x\n", access2[0].grfInheritance);
-+    ok(EqualSid(access2[0].Trustee.ptstrName, everyone_sid), "Expected equal SIDs\n");
-+    LocalFree(access2);
-+    LocalFree(new_acl);
-+
-+    access.Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN;
-+    res = pSetEntriesInAclW(1, &access, old_acl, &new_acl);
-+    ok(res == ERROR_SUCCESS, "SetEntriesInAclW failed: %u\n", res);
-+    ok(new_acl != NULL, "returned acl was NULL\n");
-+
-+    access2 = NULL;
-+    res = pGetExplicitEntriesFromAclW(new_acl, &count, &access2);
-+    ok(res == ERROR_SUCCESS, "GetExplicitEntriesFromAclW failed with error %d\n", GetLastError());
-+    ok(count == 2, "Expected count == 2, got %d\n", count);
-+    ok(access2[0].grfAccessMode == GRANT_ACCESS, "Expected GRANT_ACCESS, got %d\n", access2[0].grfAccessMode);
-+    ok(access2[0].grfAccessPermissions == KEY_WRITE, "Expected KEY_WRITE, got %d\n", access2[0].grfAccessPermissions);
-+    ok(access2[0].Trustee.TrusteeType == TRUSTEE_IS_UNKNOWN,
-+       "Expected TRUSTEE_IS_UNKNOWN trustee type, got %d\n", access2[0].Trustee.TrusteeType);
-+    ok(access2[0].Trustee.TrusteeForm == TRUSTEE_IS_SID, "Expected SID trustee, got %d\n", access2[0].Trustee.TrusteeForm);
-+    ok(access2[0].grfInheritance == NO_INHERITANCE, "Expected NO_INHERITANCE, got %x\n", access2[0].grfInheritance);
-+    ok(EqualSid(access2[0].Trustee.ptstrName, everyone_sid), "Expected equal SIDs\n");
-+    LocalFree(access2);
-+    LocalFree(new_acl);
-+
-+    access.Trustee.TrusteeForm = TRUSTEE_IS_NAME;
-+    access.Trustee.ptstrName = (LPWSTR)wszCurrentUser;
-+    res = pSetEntriesInAclW(1, &access, old_acl, &new_acl);
-+    ok(res == ERROR_SUCCESS, "SetEntriesInAclW failed: %u\n", res);
-+    ok(new_acl != NULL, "returned acl was NULL\n");
-+
-+    access2 = NULL;
-+    res = pGetExplicitEntriesFromAclW(new_acl, &count, &access2);
-+    ok(res == ERROR_SUCCESS, "GetExplicitEntriesFromAclW failed with error %d\n", GetLastError());
-+    ok(count == 2, "Expected count == 2, got %d\n", count);
-+    ok(access2[0].grfAccessMode == GRANT_ACCESS, "Expected GRANT_ACCESS, got %d\n", access2[0].grfAccessMode);
-+    ok(access2[0].grfAccessPermissions == KEY_WRITE, "Expected KEY_WRITE, got %d\n", access2[0].grfAccessPermissions);
-+    ok(access2[0].Trustee.TrusteeType == TRUSTEE_IS_UNKNOWN,
-+       "Expected TRUSTEE_IS_UNKNOWN trustee type, got %d\n", access2[0].Trustee.TrusteeType);
-+    ok(access2[0].Trustee.TrusteeForm == TRUSTEE_IS_SID, "Expected SID trustee, got %d\n", access2[0].Trustee.TrusteeForm);
-+    ok(access2[0].grfInheritance == NO_INHERITANCE, "Expected NO_INHERITANCE, got %x\n", access2[0].grfInheritance);
-+    LocalFree(access2);
-+    LocalFree(new_acl);
-+
-+    access.grfAccessMode = REVOKE_ACCESS;
-+    access.Trustee.TrusteeForm = TRUSTEE_IS_SID;
-+    access.Trustee.ptstrName = users_sid;
-+    res = pSetEntriesInAclW(1, &access, old_acl, &new_acl);
-+    ok(res == ERROR_SUCCESS, "SetEntriesInAclW failed: %u\n", res);
-+    ok(new_acl != NULL, "returned acl was NULL\n");
-+
-+    access2 = (void *)0xdeadbeef;
-+    res = pGetExplicitEntriesFromAclW(new_acl, &count, &access2);
-+    ok(res == ERROR_SUCCESS, "GetExplicitEntriesFromAclW failed with error %d\n", GetLastError());
-+    ok(count == 0, "Expected count == 0, got %d\n", count);
-+    ok(access2 == NULL, "access2 was not NULL\n");
-+    LocalFree(new_acl);
-+
-+    FreeSid(users_sid);
-+    FreeSid(everyone_sid);
-+    HeapFree(GetProcessHeap(), 0, old_acl);
-+}
-+
- START_TEST(security)
- {
-     init();
-@@ -7129,6 +7270,7 @@ START_TEST(security)
-     test_pseudo_tokens();
-     test_maximum_allowed();
-     test_token_label();
-+    test_GetExplicitEntriesFromAclW();
- 
-     /* Must be the last test, modifies process token */
-     test_token_security_descriptor();
-- 
-2.13.1
-
--- a/patches/advapi32-GetExplicitEntriesFromAclW/definition
+++ b/patches/advapi32-GetExplicitEntriesFromAclW/definition
@@ -1 +0,0 @@
-Fixes: Implement semi-stub for advapi32.GetExplicitEntriesFromAclW
--- a/patches/advapi32-Token_Integrity_Level/0004-server-Implement-token-integrity-level.patch
+++ b/patches/advapi32-Token_Integrity_Level/0004-server-Implement-token-integrity-level.patch
@@ -1,7 +1,7 @@
-From 3092c9de3ac89e77a139db97a33b8b15f9a12eac Mon Sep 17 00:00:00 2001
+From 971789f2af6149998e54382522569b3790309cf2 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
 Date: Mon, 7 Aug 2017 02:28:35 +0200
-Subject: server: Implement token integrity level.
+Subject: [PATCH] server: Implement token integrity level.

 ---
 dlls/ntdll/nt.c     | 23 ++++++++++++++---------
@@ -10,10 +10,10 @@ Subject: server: Implement token integrity level.
 3 files changed, 48 insertions(+), 12 deletions(-)

 diff --git a/dlls/ntdll/nt.c b/dlls/ntdll/nt.c
-index dda6cabe1cf..6f2b24e6ba4 100644
+index 9e60196..59c6e49 100644
 --- a/dlls/ntdll/nt.c
 +++ b/dlls/ntdll/nt.c
-@@ -372,7 +372,7 @@ NTSTATUS WINAPI NtQueryInformationToken(
+@@ -340,7 +340,7 @@ NTSTATUS WINAPI NtQueryInformationToken(
         0,    /* TokenAccessInformation */
         0,    /* TokenVirtualizationAllowed */
         0,    /* TokenVirtualizationEnabled */
@@ -21,8 +21,8 @@ index dda6cabe1cf..6f2b24e6ba4 100644
 +        0,    /* TokenIntegrityLevel */
         0,    /* TokenUIAccess */
         0,    /* TokenMandatoryPolicy */
-         sizeof(TOKEN_GROUPS) + sizeof(logon_sid), /* TokenLogonSid */
-@@ -625,18 +625,23 @@ NTSTATUS WINAPI NtQueryInformationToken(
+         0,    /* TokenLogonSid */
+@@ -593,18 +593,23 @@ NTSTATUS WINAPI NtQueryInformationToken(
         }
         break;
     case TokenIntegrityLevel:
@@ -55,10 +55,10 @@ index dda6cabe1cf..6f2b24e6ba4 100644
     case TokenAppContainerSid:
         {
 diff --git a/server/protocol.def b/server/protocol.def
-index 33f1d5f0ab8..ac2e2242511 100644
+index c961eaf..0bb04cd 100644
 --- a/server/protocol.def
 +++ b/server/protocol.def
-@@ -3424,6 +3424,13 @@ enum caret_state
+@@ -3388,6 +3388,13 @@ enum caret_state
     VARARG(sid,SID);              /* the sid specified by which_sid from the token */
 @END
 
@@ -73,10 +73,10 @@ index 33f1d5f0ab8..ac2e2242511 100644
     obj_handle_t    handle;       /* handle to the token */
 @REPLY
 diff --git a/server/token.c b/server/token.c
-index 292e1df80fd..8d2de6ab58e 100644
+index 355a523..1ed994a 100644
 --- a/server/token.c
 +++ b/server/token.c
-@@ -127,6 +127,7 @@ struct token
+@@ -112,6 +112,7 @@ struct token
     TOKEN_SOURCE   source;          /* source of the token */
     int            impersonation_level; /* impersonation level this token is capable of if non-primary token */
     TOKEN_ELEVATION_TYPE elevation; /* elevation level */
@@ -84,7 +84,7 @@ index 292e1df80fd..8d2de6ab58e 100644
 };
 
 struct privilege
-@@ -567,7 +568,8 @@ static struct token *create_token( unsigned primary, const SID *user,
+@@ -544,7 +545,8 @@ static struct token *create_token( unsigned primary, const SID *user,
                                    const LUID_AND_ATTRIBUTES *privs, unsigned int priv_count,
                                    const ACL *default_dacl, TOKEN_SOURCE source,
                                    const luid_t *modified_id,
@@ -94,7 +94,7 @@ index 292e1df80fd..8d2de6ab58e 100644
 {
     struct token *token = alloc_object( &token_ops );
     if (token)
-@@ -648,6 +650,7 @@ static struct token *create_token( unsigned primary, const SID *user,
+@@ -625,6 +627,7 @@ static struct token *create_token( unsigned primary, const SID *user,
         }
 
         token->source = source;
@@ -102,7 +102,7 @@ index 292e1df80fd..8d2de6ab58e 100644
     }
     return token;
 }
-@@ -703,7 +706,8 @@ struct token *token_duplicate( struct token *src_token, unsigned primary,
+@@ -680,7 +683,8 @@ struct token *token_duplicate( struct token *src_token, unsigned primary,
                           NULL, 0, src_token->default_dacl,
                           src_token->source, modified_id,
                           impersonation_level,
@@ -112,7 +112,7 @@ index 292e1df80fd..8d2de6ab58e 100644
     if (!token) return token;
 
     /* copy groups */
-@@ -907,7 +911,7 @@ struct token *token_create_admin( void )
+@@ -884,7 +888,7 @@ struct token *token_create_admin( void )
         static const TOKEN_SOURCE admin_source = {"SeMgr", {0, 0}};
         token = create_token( TRUE, user_sid, admin_groups, sizeof(admin_groups)/sizeof(admin_groups[0]),
                               admin_privs, sizeof(admin_privs)/sizeof(admin_privs[0]), default_dacl,
@@ -121,7 +121,7 @@ index 292e1df80fd..8d2de6ab58e 100644
         /* we really need a primary group */
         assert( token->primary_group );
     }
-@@ -1550,6 +1554,26 @@ DECL_HANDLER(get_token_sid)
+@@ -1530,6 +1534,26 @@ DECL_HANDLER(get_token_sid)
     }
 }
 
@@ -149,5 +149,5 @@ index 292e1df80fd..8d2de6ab58e 100644
 DECL_HANDLER(get_token_groups)
 {
 -- 
-2.13.1
+1.9.1

--- a/patches/advapi32-Token_Integrity_Level/0006-ntdll-Add-function-to-create-new-tokens-for-elevatio.patch
+++ b/patches/advapi32-Token_Integrity_Level/0006-ntdll-Add-function-to-create-new-tokens-for-elevatio.patch
@@ -1,7 +1,8 @@
-From 6444094c9ef4f30a253bcee9e873ed511bda222c Mon Sep 17 00:00:00 2001
+From d67d7293a17592b580d284fa68881a613e61f591 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
 Date: Sat, 5 Aug 2017 01:45:29 +0200
-Subject: ntdll: Add function to create new tokens for elevation purposes.
+Subject: [PATCH] ntdll: Add function to create new tokens for elevation
+ purposes.

 ---
 dlls/ntdll/ntdll.spec   |  3 ++
@@ -13,10 +14,10 @@ Subject: ntdll: Add function to create new tokens for elevation purposes.
 6 files changed, 117 insertions(+)

 diff --git a/dlls/ntdll/ntdll.spec b/dlls/ntdll/ntdll.spec
-index c814f405017..eb84cc97bf8 100644
+index dbead5e..586b504 100644
 --- a/dlls/ntdll/ntdll.spec
 +++ b/dlls/ntdll/ntdll.spec
-@@ -1483,6 +1483,9 @@
+@@ -1482,6 +1482,9 @@
 # Virtual memory
 @ cdecl __wine_locked_recvmsg(long ptr long)
 
@@ -27,10 +28,10 @@ index c814f405017..eb84cc97bf8 100644
 @ cdecl wine_get_version() NTDLL_wine_get_version
 @ cdecl wine_get_patches() NTDLL_wine_get_patches
 diff --git a/dlls/ntdll/ntdll_misc.h b/dlls/ntdll/ntdll_misc.h
-index 907bbdd2d95..a7810f716ad 100644
+index 8a64338..137a22d 100644
 --- a/dlls/ntdll/ntdll_misc.h
 +++ b/dlls/ntdll/ntdll_misc.h
-@@ -77,6 +77,9 @@ extern void virtual_init_threading(void) DECLSPEC_HIDDEN;
+@@ -80,6 +80,9 @@ extern void virtual_init_threading(void) DECLSPEC_HIDDEN;
 extern void fill_cpu_info(void) DECLSPEC_HIDDEN;
 extern void heap_set_debug_flags( HANDLE handle ) DECLSPEC_HIDDEN;
 
@@ -41,7 +42,7 @@ index 907bbdd2d95..a7810f716ad 100644
 extern timeout_t server_start_time DECLSPEC_HIDDEN;
 extern unsigned int server_cpus DECLSPEC_HIDDEN;
 diff --git a/dlls/ntdll/process.c b/dlls/ntdll/process.c
-index f615ce2fea7..77048003ace 100644
+index 40034b4..1ebbb79 100644
 --- a/dlls/ntdll/process.c
 +++ b/dlls/ntdll/process.c
@@ -99,6 +99,24 @@ HANDLE CDECL __wine_make_process_system(void)
@@ -70,10 +71,10 @@ index f615ce2fea7..77048003ace 100644
 
 #define UNIMPLEMENTED_INFO_CLASS(c) \
 diff --git a/server/protocol.def b/server/protocol.def
-index c8ab4bf8c36..59fe9aec7a8 100644
+index 0bb04cd..f2deca6 100644
 --- a/server/protocol.def
 +++ b/server/protocol.def
-@@ -3628,6 +3628,14 @@ struct handle_info
+@@ -3641,6 +3641,14 @@ struct handle_info
 @END
 
 
@@ -89,7 +90,7 @@ index c8ab4bf8c36..59fe9aec7a8 100644
 @REQ(create_completion)
     unsigned int access;          /* desired access to a port */
 diff --git a/server/security.h b/server/security.h
-index 6c337143c3d..21e90ccf23f 100644
+index 6c33714..21e90cc 100644
 --- a/server/security.h
 +++ b/server/security.h
@@ -49,6 +49,7 @@ extern const PSID security_builtin_users_sid;
@@ -101,18 +102,18 @@ index 6c337143c3d..21e90ccf23f 100644
 
 /* token functions */
 diff --git a/server/token.c b/server/token.c
-index 3301283ee25..7abd92386ea 100644
+index 7776cbe..64ab565 100644
 --- a/server/token.c
 +++ b/server/token.c
-@@ -71,6 +71,7 @@ static const SID anonymous_logon_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORIT
+@@ -79,6 +79,7 @@ static const SID anonymous_logon_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORIT
 static const SID authenticated_user_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_AUTHENTICATED_USER_RID } };
 static const SID local_system_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SYSTEM_RID } };
 static const SID high_label_sid = { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY }, { SECURITY_MANDATORY_HIGH_RID } };
 +static const SID medium_label_sid = { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY }, { SECURITY_MANDATORY_MEDIUM_RID } };
- static const struct /* same fields as struct SID */
- {
-     BYTE Revision;
-@@ -110,6 +111,7 @@ const PSID security_builtin_admins_sid = (PSID)&builtin_admins_sid;
+ static const SID_N(5) local_user_sid = { SID_REVISION, 5, { SECURITY_NT_AUTHORITY }, { SECURITY_NT_NON_UNIQUE, 0, 0, 0, 1000 } };
+ static const SID_N(2) builtin_admins_sid = { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS } };
+ static const SID_N(2) builtin_users_sid = { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_USERS } };
+@@ -95,6 +96,7 @@ const PSID security_builtin_admins_sid = (PSID)&builtin_admins_sid;
 const PSID security_builtin_users_sid = (PSID)&builtin_users_sid;
 const PSID security_domain_users_sid = (PSID)&domain_users_sid;
 const PSID security_high_label_sid = (PSID)&high_label_sid;
@@ -120,7 +121,7 @@ index 3301283ee25..7abd92386ea 100644
 
 static luid_t prev_luid_value = { 1000, 0 };
 
-@@ -915,6 +917,64 @@ struct token *token_create_admin( void )
+@@ -901,6 +903,64 @@ struct token *token_create_admin( void )
     return token;
 }
 
@@ -185,7 +186,7 @@ index 3301283ee25..7abd92386ea 100644
 static struct privilege *token_find_privilege( struct token *token, const LUID *luid, int enabled_only )
 {
     struct privilege *privilege;
-@@ -1729,3 +1789,27 @@ DECL_HANDLER(set_token_default_dacl)
+@@ -1718,3 +1778,27 @@ DECL_HANDLER(set_token_default_dacl)
         release_object( token );
     }
 }
@@ -214,5 +215,5 @@ index 3301283ee25..7abd92386ea 100644
 +    }
 +}
 -- 
-2.14.1
+1.9.1

--- a/patches/advapi32-Token_Integrity_Level/0008-ntdll-Implement-process-token-elevation-through-mani.patch
+++ b/patches/advapi32-Token_Integrity_Level/0008-ntdll-Implement-process-token-elevation-through-mani.patch
@@ -1,7 +1,7 @@
-From e15be9d22652dbf7ef027ce5f3ef3faa42139c7a Mon Sep 17 00:00:00 2001
+From 3ff546b9cbde1d0f5ea43c5cbb92ac8dc2028676 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
 Date: Sat, 5 Aug 2017 03:39:55 +0200
-Subject: ntdll: Implement process token elevation through manifests.
+Subject: [PATCH] ntdll: Implement process token elevation through manifests.

 ---
 dlls/ntdll/loader.c | 37 +++++++++++++++++++++++++++++++++++++
@@ -12,10 +12,10 @@ Subject: ntdll: Implement process token elevation through manifests.
 5 files changed, 67 insertions(+)

 diff --git a/dlls/ntdll/loader.c b/dlls/ntdll/loader.c
-index cdf8d586c36..5162e2fc0ec 100644
+index 3fcbbf77a5..2399f1246e 100644
 --- a/dlls/ntdll/loader.c
 +++ b/dlls/ntdll/loader.c
-@@ -3095,6 +3095,32 @@ static void load_global_options(void)
+@@ -3054,6 +3054,32 @@ NTSTATUS attach_dlls( CONTEXT *context )
 }
 
 
@@ -46,18 +46,18 @@ index cdf8d586c36..5162e2fc0ec 100644
 +
 +
 /***********************************************************************
-  *           start_process
+  *           load_global_options
  */
-@@ -3111,6 +3137,7 @@ void WINAPI LdrInitializeThunk( void *kernel_start, ULONG_PTR unknown2,
+@@ -3115,6 +3141,7 @@ void WINAPI LdrInitializeThunk( void *kernel_start, ULONG_PTR unknown2,
                                 ULONG_PTR unknown3, ULONG_PTR unknown4 )
 {
     static const WCHAR globalflagW[] = {'G','l','o','b','a','l','F','l','a','g',0};
 +    ACTIVATION_CONTEXT_RUN_LEVEL_INFORMATION runlevel;
-     LARGE_INTEGER timeout;
     NTSTATUS status;
     WINE_MODREF *wm;
-@@ -3154,6 +3181,16 @@ void WINAPI LdrInitializeThunk( void *kernel_start, ULONG_PTR unknown2,
-     if ((status = fixup_imports( wm, load_path )) != STATUS_SUCCESS) goto error;
+     PEB *peb = NtCurrentTeb()->Peb;
+@@ -3142,6 +3169,16 @@ void WINAPI LdrInitializeThunk( void *kernel_start, ULONG_PTR unknown2,
+                                        REG_DWORD, &peb->NtGlobalFlag, sizeof(peb->NtGlobalFlag), NULL );
     heap_set_debug_flags( GetProcessHeap() );
 
 +    /* elevate process if necessary */
@@ -70,14 +70,14 @@ index cdf8d586c36..5162e2fc0ec 100644
 +        elevate_process();  /* FIXME: the process exists with a wrong token for a short time */
 +    }
 +
-     status = wine_call_on_stack( attach_process_dlls, wm, (char *)NtCurrentTeb()->Tib.StackBase - page_size );
-     if (status != STATUS_SUCCESS) goto error;
- 
+     /* the main exe needs to be the first in the load order list */
+     RemoveEntryList( &wm->ldr.InLoadOrderModuleList );
+     InsertHeadList( &peb->LdrData->InLoadOrderModuleList, &wm->ldr.InLoadOrderModuleList );
 diff --git a/server/process.c b/server/process.c
-index f8969433ede..10cf39d8962 100644
+index ee85249bd4..81cea2f1ba 100644
 --- a/server/process.c
 +++ b/server/process.c
-@@ -1136,6 +1136,14 @@ struct process_snapshot *process_snap( int *count )
+@@ -1133,6 +1133,14 @@ struct process_snapshot *process_snap( int *count )
     return snapshot;
 }
 
@@ -93,10 +93,10 @@ index f8969433ede..10cf39d8962 100644
 DECL_HANDLER(new_process)
 {
 diff --git a/server/process.h b/server/process.h
-index 548796f9c22..262eb59627b 100644
+index f22c128f07..78e88ec350 100644
 --- a/server/process.h
 +++ b/server/process.h
-@@ -137,6 +137,7 @@ extern void break_process( struct process *process );
+@@ -136,6 +136,7 @@ extern void break_process( struct process *process );
 extern void detach_debugged_processes( struct thread *debugger );
 extern struct process_snapshot *process_snap( int *count );
 extern void enum_processes( int (*cb)(struct process*, void*), void *user);
@@ -105,10 +105,10 @@ index 548796f9c22..262eb59627b 100644
 /* console functions */
 extern void inherit_console(struct thread *parent_thread, struct process *process, obj_handle_t hconin);
 diff --git a/server/protocol.def b/server/protocol.def
-index 7590541ac8a..55cc768d21a 100644
+index 0abd1683f0..5fb6e38ea5 100644
 --- a/server/protocol.def
 +++ b/server/protocol.def
-@@ -3610,6 +3610,13 @@ struct handle_info
+@@ -3654,6 +3654,13 @@ struct handle_info
 @END
 
 
@@ -123,10 +123,10 @@ index 7590541ac8a..55cc768d21a 100644
 @REQ(create_completion)
     unsigned int access;          /* desired access to a port */
 diff --git a/server/token.c b/server/token.c
-index 7abd92386ea..49e84362a83 100644
+index 64ab565a95..52fa10d52e 100644
 --- a/server/token.c
 +++ b/server/token.c
-@@ -1813,3 +1813,17 @@ DECL_HANDLER(create_token)
+@@ -1802,3 +1802,17 @@ DECL_HANDLER(create_token)
         release_object( token );
     }
 }
@@ -145,5 +145,5 @@ index 7abd92386ea..49e84362a83 100644
 +    }
 +}
 -- 
-2.14.1
+2.16.1

--- a/patches/advapi32-Token_Integrity_Level/0009-kernel32-Implement-CreateProcessInternalW.patch
+++ b/patches/advapi32-Token_Integrity_Level/0009-kernel32-Implement-CreateProcessInternalW.patch
@@ -1,7 +1,7 @@
-From 1546d28f3e52363ad805a1c1df1a3163d65afbed Mon Sep 17 00:00:00 2001
+From 796879e9a1840f7b893933d37821751cf1d35048 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
 Date: Sat, 5 Aug 2017 04:02:16 +0200
-Subject: kernel32: Implement CreateProcessInternalW.
+Subject: [PATCH] kernel32: Implement CreateProcessInternalW.

 ---
 dlls/kernel32/kernel32.spec     |  2 +-
@@ -11,7 +11,7 @@ Subject: kernel32: Implement CreateProcessInternalW.
 4 files changed, 17 insertions(+), 12 deletions(-)

 diff --git a/dlls/kernel32/kernel32.spec b/dlls/kernel32/kernel32.spec
-index c60c5d6e532..7b5397a126e 100644
+index 60809f4..59915f9 100644
 --- a/dlls/kernel32/kernel32.spec
 +++ b/dlls/kernel32/kernel32.spec
@@ -315,7 +315,7 @@
@@ -24,10 +24,10 @@ index c60c5d6e532..7b5397a126e 100644
 @ stdcall CreateProcessW(wstr wstr ptr ptr long long ptr wstr ptr ptr)
 @ stdcall CreateRemoteThread(long ptr long ptr long long ptr)
 diff --git a/dlls/kernel32/process.c b/dlls/kernel32/process.c
-index 46449c9bf34..6cae911fdfb 100644
+index e7f9fd9..d37003c 100644
 --- a/dlls/kernel32/process.c
 +++ b/dlls/kernel32/process.c
-@@ -2441,12 +2441,13 @@ static LPWSTR get_file_name( LPCWSTR appname, LPWSTR cmdline, LPWSTR buffer,
+@@ -2432,12 +2432,13 @@ static LPWSTR get_file_name( LPCWSTR appname, LPWSTR cmdline, LPWSTR buffer,
     return ret;
 }
 
@@ -47,7 +47,7 @@ index 46449c9bf34..6cae911fdfb 100644
 {
     BOOL retv = FALSE;
     HANDLE hFile = 0;
-@@ -2459,6 +2460,9 @@ static BOOL create_process_impl( LPCWSTR app_name, LPWSTR cmd_line, LPSECURITY_A
+@@ -2450,6 +2451,9 @@ static BOOL create_process_impl( LPCWSTR app_name, LPWSTR cmd_line, LPSECURITY_A
 
     TRACE("app %s cmdline %s\n", debugstr_w(app_name), debugstr_w(cmd_line) );
 
@@ -57,7 +57,7 @@ index 46449c9bf34..6cae911fdfb 100644
     if (!(tidy_cmdline = get_file_name( app_name, cmd_line, name, sizeof(name)/sizeof(WCHAR),
                                         &hFile, &binary_info )))
         return FALSE;
-@@ -2610,8 +2614,8 @@ BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessA( LPCSTR app_name, LPSTR cmd_line, L
+@@ -2601,8 +2605,8 @@ BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessA( LPCSTR app_name, LPSTR cmd_line, L
       FIXME("StartupInfo.lpReserved is used, please report (%s)\n",
             debugstr_a(startup_info->lpReserved));
 
@@ -68,7 +68,7 @@ index 46449c9bf34..6cae911fdfb 100644
 done:
     HeapFree( GetProcessHeap(), 0, app_nameW );
     HeapFree( GetProcessHeap(), 0, cmd_lineW );
-@@ -2630,8 +2634,8 @@ BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessW( LPCWSTR app_name, LPWSTR cmd_line,
+@@ -2621,8 +2625,8 @@ BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessW( LPCWSTR app_name, LPWSTR cmd_line,
                                               LPVOID env, LPCWSTR cur_dir, LPSTARTUPINFOW startup_info,
                                               LPPROCESS_INFORMATION info )
 {
@@ -80,7 +80,7 @@ index 46449c9bf34..6cae911fdfb 100644
 
 
 diff --git a/dlls/kernelbase/kernelbase.spec b/dlls/kernelbase/kernelbase.spec
-index bf254155aab..7b8c8c44161 100644
+index 1a6f1ff..8d2b722 100644
 --- a/dlls/kernelbase/kernelbase.spec
 +++ b/dlls/kernelbase/kernelbase.spec
@@ -209,7 +209,7 @@
@@ -91,12 +91,12 @@ index bf254155aab..7b8c8c44161 100644
 +@ stdcall CreateProcessInternalW(long wstr wstr ptr ptr long long ptr wstr ptr ptr ptr) kernel32.CreateProcessInternalW
 @ stdcall CreateProcessW(wstr wstr ptr ptr long long ptr wstr ptr ptr) kernel32.CreateProcessW
 @ stdcall CreateRemoteThread(long ptr long ptr long long ptr) kernel32.CreateRemoteThread
- @ stdcall CreateRemoteThreadEx(long ptr long ptr long long ptr ptr) kernel32.CreateRemoteThreadEx
+ @ stdcall CreateRemoteThreadEx(long ptr long ptr ptr long ptr ptr) kernel32.CreateRemoteThreadEx
 diff --git a/include/winbase.h b/include/winbase.h
-index 24efbd865ab..7982fa4a070 100644
+index 8d65d78..35a2213 100644
 --- a/include/winbase.h
 +++ b/include/winbase.h
-@@ -1847,6 +1847,7 @@ WINBASEAPI BOOL        WINAPI CreateProcessW(LPCWSTR,LPWSTR,LPSECURITY_ATTRIBUTE
+@@ -1856,6 +1856,7 @@ WINBASEAPI BOOL        WINAPI CreateProcessW(LPCWSTR,LPWSTR,LPSECURITY_ATTRIBUTE
 WINADVAPI  BOOL        WINAPI CreateProcessAsUserA(HANDLE,LPCSTR,LPSTR,LPSECURITY_ATTRIBUTES,LPSECURITY_ATTRIBUTES,BOOL,DWORD,LPVOID,LPCSTR,LPSTARTUPINFOA,LPPROCESS_INFORMATION);
 WINADVAPI  BOOL        WINAPI CreateProcessAsUserW(HANDLE,LPCWSTR,LPWSTR,LPSECURITY_ATTRIBUTES,LPSECURITY_ATTRIBUTES,BOOL,DWORD,LPVOID,LPCWSTR,LPSTARTUPINFOW,LPPROCESS_INFORMATION);
 #define                       CreateProcessAsUser WINELIB_NAME_AW(CreateProcessAsUser)
@@ -105,5 +105,5 @@ index 24efbd865ab..7982fa4a070 100644
 WINBASEAPI HANDLE      WINAPI CreateRemoteThread(HANDLE,LPSECURITY_ATTRIBUTES,SIZE_T,LPTHREAD_START_ROUTINE,LPVOID,DWORD,LPDWORD);
 WINBASEAPI HANDLE      WINAPI CreateRemoteThreadEx(HANDLE,LPSECURITY_ATTRIBUTES,SIZE_T,LPTHREAD_START_ROUTINE,LPVOID,DWORD,LPPROC_THREAD_ATTRIBUTE_LIST,LPDWORD);
 -- 
-2.13.1
+1.9.1

--- a/Show More
+++ b/Show More
				`@@ -1 +0,0 @@`
				`Fixes: [43316] Add LsaLookupPrivilege[Display]Name stubs`
				`@@ -1 +0,0 @@`
				`Fixes: Implement semi-stub for advapi32.GetExplicitEntriesFromAclW`