Release v3.17

Also fix wined3d-Indexed_Vertex_Blending rebase, again.

patches/Compiler_Warnings/0009-ws2_32-tests-Work-around-an-incorrect-detection-in-G.patch

@@ -1,24 +0,0 @@
-From 560a25c662f7b56d2b895759be1ea65c64d0f5af Mon Sep 17 00:00:00 2001
-From: Sebastian Lackner <sebastian@fds-team.de>
-Date: Sun, 4 Jun 2017 12:57:17 +0200
-Subject: ws2_32/tests: Work around an incorrect detection in GCC 7.
-
----
- dlls/ws2_32/tests/sock.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/dlls/ws2_32/tests/sock.c b/dlls/ws2_32/tests/sock.c
-index 677a750ec6b..65c82e36524 100644
---- a/dlls/ws2_32/tests/sock.c
-+++ b/dlls/ws2_32/tests/sock.c
-@@ -3601,6 +3601,7 @@ static DWORD WINAPI SelectReadThread(void *param)
-     struct sockaddr_in addr;
-     struct timeval select_timeout;
- 
-+    memset(&readfds, 0, sizeof(readfds));
-     FD_ZERO(&readfds);
-     FD_SET(par->s, &readfds);
-     select_timeout.tv_sec=5;
--- 
-2.13.0
-

patches/Compiler_Warnings/0018-Appease-the-blessed-version-of-gcc-4.5-when-Werror-i.patch

@@ -1,67 +0,0 @@
-From cd34de81164087b3593d0ec9416e2f157a5df40d Mon Sep 17 00:00:00 2001
-From: "Erich E. Hoover" <erich.e.hoover@gmail.com>
-Date: Fri, 8 Aug 2014 19:33:14 -0600
-Subject: Appease the blessed version of gcc (4.5) when -Werror is enabled.
-
----
- dlls/d3d9/tests/visual.c   | 2 +-
- dlls/netapi32/netapi32.c   | 2 +-
- dlls/wined3d/glsl_shader.c | 2 +-
- tools/makedep.c            | 2 +-
- 4 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/dlls/d3d9/tests/visual.c b/dlls/d3d9/tests/visual.c
-index c8a6a1fa5a8..0261d3708e6 100644
---- a/dlls/d3d9/tests/visual.c
-+++ b/dlls/d3d9/tests/visual.c
-@@ -12304,7 +12304,7 @@ static void yuv_layout_test(void)
-     IDirect3D9 *d3d;
-     D3DCOLOR color;
-     DWORD ref_color;
--    BYTE *buf, *chroma_buf, *u_buf, *v_buf;
-+    BYTE *buf, *chroma_buf, *u_buf = NULL, *v_buf = NULL;
-     UINT width = 20, height = 16;
-     IDirect3DDevice9 *device;
-     ULONG refcount;
-diff --git a/dlls/netapi32/netapi32.c b/dlls/netapi32/netapi32.c
-index 278d4528b01..1c5f110b828 100644
---- a/dlls/netapi32/netapi32.c
-+++ b/dlls/netapi32/netapi32.c
-@@ -780,7 +780,7 @@ static NET_API_STATUS share_info_to_samba( DWORD level, const BYTE *buf, unsigne
- static NET_API_STATUS share_add( LMSTR servername, DWORD level, LPBYTE buf, LPDWORD parm_err )
- {
-     char *server = NULL;
--    unsigned char *info;
-+    unsigned char *info = NULL;
-     NET_API_STATUS status;
- 
-     if (servername && !(server = strdup_unixcp( servername ))) return ERROR_OUTOFMEMORY;
-diff --git a/dlls/wined3d/glsl_shader.c b/dlls/wined3d/glsl_shader.c
-index f96f48d97d1..8fe3318cd78 100644
---- a/dlls/wined3d/glsl_shader.c
-+++ b/dlls/wined3d/glsl_shader.c
-@@ -9721,7 +9721,7 @@ static void set_glsl_shader_program(const struct wined3d_context *context, const
-     GLuint ds_id = 0;
-     GLuint gs_id = 0;
-     GLuint ps_id = 0;
--    struct list *ps_list, *vs_list;
-+    struct list *ps_list = NULL, *vs_list = NULL;
-     WORD attribs_map;
-     struct wined3d_string_buffer *tmp_name;
- 
-diff --git a/tools/makedep.c b/tools/makedep.c
-index 296356b0a57..5a2873b56f1 100644
---- a/tools/makedep.c
-+++ b/tools/makedep.c
-@@ -1608,7 +1608,7 @@ static const char *get_make_variable( const struct makefile *make, const char *n
- static char *get_expanded_make_variable( const struct makefile *make, const char *name )
- {
-     const char *var;
--    char *p, *end, *expand, *tmp;
-+    char *p, *end, *expand, *tmp = NULL;
- 
-     var = get_make_variable( make, name );
-     if (!var) return NULL;
--- 
-2.13.1
-

patches/Compiler_Warnings/0021-d2d1-Avoid-implicit-cast-of-interface-pointer.patch

@@ -1,4 +1,4 @@
-From 79ff79dba6d5c8008c53e4bcf5e38c3a54271091 Mon Sep 17 00:00:00 2001
+From e8bc998c7b00a18a724f6cfd2823aefcd8b1b15c Mon Sep 17 00:00:00 2001
 From: Sebastian Lackner <sebastian@fds-team.de>
 Date: Tue, 22 Mar 2016 21:54:26 +0100
 Subject: d2d1: Avoid implicit cast of interface pointer.
@@ -9,10 +9,10 @@ Subject: d2d1: Avoid implicit cast of interface pointer.
  2 files changed, 7 insertions(+), 7 deletions(-)
 
 diff --git a/dlls/d2d1/brush.c b/dlls/d2d1/brush.c
-index 7f4c7bbb763..30d25fec4b4 100644
+index b03af89..319a188 100644
 --- a/dlls/d2d1/brush.c
 +++ b/dlls/d2d1/brush.c
-@@ -251,7 +251,7 @@ static void d2d_brush_init(struct d2d_brush *brush, ID2D1Factory *factory,
+@@ -256,7 +256,7 @@ static void d2d_brush_init(struct d2d_brush *brush, ID2D1Factory *factory,
  
  static inline struct d2d_brush *impl_from_ID2D1SolidColorBrush(ID2D1SolidColorBrush *iface)
  {
@@ -21,7 +21,7 @@ index 7f4c7bbb763..30d25fec4b4 100644
  }
  
  static HRESULT STDMETHODCALLTYPE d2d_solid_color_brush_QueryInterface(ID2D1SolidColorBrush *iface,
-@@ -394,7 +394,7 @@ HRESULT d2d_solid_color_brush_create(ID2D1Factory *factory, const D2D1_COLOR_F *
+@@ -399,7 +399,7 @@ HRESULT d2d_solid_color_brush_create(ID2D1Factory *factory, const D2D1_COLOR_F *
  
  static inline struct d2d_brush *impl_from_ID2D1LinearGradientBrush(ID2D1LinearGradientBrush *iface)
  {
@@ -30,7 +30,7 @@ index 7f4c7bbb763..30d25fec4b4 100644
  }
  
  static HRESULT STDMETHODCALLTYPE d2d_linear_gradient_brush_QueryInterface(ID2D1LinearGradientBrush *iface,
-@@ -580,7 +580,7 @@ HRESULT d2d_linear_gradient_brush_create(ID2D1Factory *factory, const D2D1_LINEA
+@@ -586,7 +586,7 @@ HRESULT d2d_linear_gradient_brush_create(ID2D1Factory *factory,
  
  static inline struct d2d_brush *impl_from_ID2D1RadialGradientBrush(ID2D1RadialGradientBrush *iface)
  {
@@ -39,20 +39,20 @@ index 7f4c7bbb763..30d25fec4b4 100644
  }
  
  static HRESULT STDMETHODCALLTYPE d2d_radial_gradient_brush_QueryInterface(ID2D1RadialGradientBrush *iface,
-@@ -776,7 +776,7 @@ HRESULT d2d_radial_gradient_brush_create(ID2D1Factory *factory, const D2D1_BRUSH
+@@ -818,7 +818,7 @@ HRESULT d2d_radial_gradient_brush_create(ID2D1Factory *factory,
  
- static inline struct d2d_brush *impl_from_ID2D1BitmapBrush(ID2D1BitmapBrush *iface)
+ static inline struct d2d_brush *impl_from_ID2D1BitmapBrush1(ID2D1BitmapBrush1 *iface)
  {
 -    return CONTAINING_RECORD(iface, struct d2d_brush, ID2D1Brush_iface);
 +    return CONTAINING_RECORD((ID2D1Brush *)iface, struct d2d_brush, ID2D1Brush_iface);
  }
  
- static HRESULT STDMETHODCALLTYPE d2d_bitmap_brush_QueryInterface(ID2D1BitmapBrush *iface,
+ static HRESULT STDMETHODCALLTYPE d2d_bitmap_brush_QueryInterface(ID2D1BitmapBrush1 *iface,
 diff --git a/dlls/d2d1/geometry.c b/dlls/d2d1/geometry.c
-index a9588985642..b8457a9e1ea 100644
+index d716fb1..18d8deb 100644
 --- a/dlls/d2d1/geometry.c
 +++ b/dlls/d2d1/geometry.c
-@@ -3024,7 +3024,7 @@ static const struct ID2D1GeometrySinkVtbl d2d_geometry_sink_vtbl =
+@@ -2987,7 +2987,7 @@ static const struct ID2D1GeometrySinkVtbl d2d_geometry_sink_vtbl =
  
  static inline struct d2d_geometry *impl_from_ID2D1PathGeometry(ID2D1PathGeometry *iface)
  {
@@ -61,7 +61,7 @@ index a9588985642..b8457a9e1ea 100644
  }
  
  static HRESULT STDMETHODCALLTYPE d2d_path_geometry_QueryInterface(ID2D1PathGeometry *iface, REFIID iid, void **out)
-@@ -3540,7 +3540,7 @@ void d2d_path_geometry_init(struct d2d_geometry *geometry, ID2D1Factory *factory
+@@ -3503,7 +3503,7 @@ void d2d_path_geometry_init(struct d2d_geometry *geometry, ID2D1Factory *factory
  
  static inline struct d2d_geometry *impl_from_ID2D1RectangleGeometry(ID2D1RectangleGeometry *iface)
  {
@@ -70,7 +70,7 @@ index a9588985642..b8457a9e1ea 100644
  }
  
  static HRESULT STDMETHODCALLTYPE d2d_rectangle_geometry_QueryInterface(ID2D1RectangleGeometry *iface,
-@@ -3876,7 +3876,7 @@ fail:
+@@ -3839,7 +3839,7 @@ fail:
  
  static inline struct d2d_geometry *impl_from_ID2D1TransformedGeometry(ID2D1TransformedGeometry *iface)
  {
@@ -80,5 +80,5 @@ index a9588985642..b8457a9e1ea 100644
  
  static HRESULT STDMETHODCALLTYPE d2d_transformed_geometry_QueryInterface(ID2D1TransformedGeometry *iface,
 -- 
-2.14.1
+2.7.4
 

patches/advapi32-LsaLookupSids/definition

@@ -1,2 +1 @@
 Depends: server-Misc_ACL
-Depends: server-CreateProcess_ACLs

patches/advapi32-Token_Integrity_Level/0009-kernel32-Implement-CreateProcessInternalW.patch

@@ -1,4 +1,4 @@
-From a7af0ee96959aab299e543e9d6938e2533780c47 Mon Sep 17 00:00:00 2001
+From 6dc2138136a0699c8e8d1337b646a09b93cd8b0f Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
 Date: Sat, 5 Aug 2017 04:02:16 +0200
 Subject: [PATCH] kernel32: Implement CreateProcessInternalW.
@@ -11,7 +11,7 @@ Subject: [PATCH] kernel32: Implement CreateProcessInternalW.
  4 files changed, 17 insertions(+), 12 deletions(-)
 
 diff --git a/dlls/kernel32/kernel32.spec b/dlls/kernel32/kernel32.spec
-index e78c1ca..fde5f18 100644
+index cb9c73a..98d5000 100644
 --- a/dlls/kernel32/kernel32.spec
 +++ b/dlls/kernel32/kernel32.spec
 @@ -315,7 +315,7 @@
@@ -24,10 +24,10 @@ index e78c1ca..fde5f18 100644
  @ stdcall CreateProcessW(wstr wstr ptr ptr long long ptr wstr ptr ptr)
  @ stdcall CreateRemoteThread(long ptr long ptr long long ptr)
 diff --git a/dlls/kernel32/process.c b/dlls/kernel32/process.c
-index 2075dfd..f9606be 100644
+index 658a0b1..15460aa 100644
 --- a/dlls/kernel32/process.c
 +++ b/dlls/kernel32/process.c
-@@ -2436,12 +2436,13 @@ static LPWSTR get_file_name( LPCWSTR appname, LPWSTR cmdline, LPWSTR buffer,
+@@ -2588,12 +2588,13 @@ static LPWSTR get_file_name( LPCWSTR appname, LPWSTR cmdline, LPWSTR buffer,
      return ret;
  }
  
@@ -47,17 +47,17 @@ index 2075dfd..f9606be 100644
  {
      BOOL retv = FALSE;
      HANDLE hFile = 0;
-@@ -2454,6 +2455,9 @@ static BOOL create_process_impl( LPCWSTR app_name, LPWSTR cmd_line, LPSECURITY_A
+@@ -2608,6 +2609,9 @@ static BOOL create_process_impl( LPCWSTR app_name, LPWSTR cmd_line, LPSECURITY_A
  
      TRACE("app %s cmdline %s\n", debugstr_w(app_name), debugstr_w(cmd_line) );
  
 +    if (token) FIXME("Creating a process with a token is not yet implemented\n");
 +    if (new_token) FIXME("No support for returning created process token\n");
 +
-     if (!(tidy_cmdline = get_file_name( app_name, cmd_line, name, sizeof(name)/sizeof(WCHAR),
-                                         &hFile, &binary_info )))
+     if (!(tidy_cmdline = get_file_name( app_name, cmd_line, name, ARRAY_SIZE( name ), &hFile, &is_64bit )))
          return FALSE;
-@@ -2605,8 +2609,8 @@ BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessA( LPCSTR app_name, LPSTR cmd_line, L
+     if (hFile == INVALID_HANDLE_VALUE) goto done;
+@@ -2774,8 +2778,8 @@ BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessA( LPCSTR app_name, LPSTR cmd_line, L
        FIXME("StartupInfo.lpReserved is used, please report (%s)\n",
              debugstr_a(startup_info->lpReserved));
  
@@ -68,7 +68,7 @@ index 2075dfd..f9606be 100644
  done:
      HeapFree( GetProcessHeap(), 0, app_nameW );
      HeapFree( GetProcessHeap(), 0, cmd_lineW );
-@@ -2625,8 +2629,8 @@ BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessW( LPCWSTR app_name, LPWSTR cmd_line,
+@@ -2794,8 +2798,8 @@ BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessW( LPCWSTR app_name, LPWSTR cmd_line,
                                                LPVOID env, LPCWSTR cur_dir, LPSTARTUPINFOW startup_info,
                                                LPPROCESS_INFORMATION info )
  {
@@ -80,7 +80,7 @@ index 2075dfd..f9606be 100644
  
  
 diff --git a/dlls/kernelbase/kernelbase.spec b/dlls/kernelbase/kernelbase.spec
-index 8cac67f..e8fd7aa 100644
+index 7d8439f..cfc3bec 100644
 --- a/dlls/kernelbase/kernelbase.spec
 +++ b/dlls/kernelbase/kernelbase.spec
 @@ -209,7 +209,7 @@
@@ -93,10 +93,10 @@ index 8cac67f..e8fd7aa 100644
  @ stdcall CreateRemoteThread(long ptr long ptr long long ptr) kernel32.CreateRemoteThread
  @ stdcall CreateRemoteThreadEx(long ptr long ptr ptr long ptr ptr) kernel32.CreateRemoteThreadEx
 diff --git a/include/winbase.h b/include/winbase.h
-index 4ddc1d3..e21cf6e 100644
+index de52e5a..99e761e 100644
 --- a/include/winbase.h
 +++ b/include/winbase.h
-@@ -1856,6 +1856,7 @@ WINBASEAPI BOOL        WINAPI CreateProcessW(LPCWSTR,LPWSTR,LPSECURITY_ATTRIBUTE
+@@ -1863,6 +1863,7 @@ WINBASEAPI BOOL        WINAPI CreateProcessW(LPCWSTR,LPWSTR,LPSECURITY_ATTRIBUTE
  WINADVAPI  BOOL        WINAPI CreateProcessAsUserA(HANDLE,LPCSTR,LPSTR,LPSECURITY_ATTRIBUTES,LPSECURITY_ATTRIBUTES,BOOL,DWORD,LPVOID,LPCSTR,LPSTARTUPINFOA,LPPROCESS_INFORMATION);
  WINADVAPI  BOOL        WINAPI CreateProcessAsUserW(HANDLE,LPCWSTR,LPWSTR,LPSECURITY_ATTRIBUTES,LPSECURITY_ATTRIBUTES,BOOL,DWORD,LPVOID,LPCWSTR,LPSTARTUPINFOW,LPPROCESS_INFORMATION);
  #define                       CreateProcessAsUser WINELIB_NAME_AW(CreateProcessAsUser)
@@ -105,5 +105,5 @@ index 4ddc1d3..e21cf6e 100644
  WINBASEAPI HANDLE      WINAPI CreateRemoteThread(HANDLE,LPSECURITY_ATTRIBUTES,SIZE_T,LPTHREAD_START_ROUTINE,LPVOID,DWORD,LPDWORD);
  WINBASEAPI HANDLE      WINAPI CreateRemoteThreadEx(HANDLE,LPSECURITY_ATTRIBUTES,SIZE_T,LPTHREAD_START_ROUTINE,LPVOID,DWORD,LPPROC_THREAD_ATTRIBUTE_LIST,LPDWORD);
 -- 
-1.9.1
+2.7.4
 

patches/advapi32-Token_Integrity_Level/0010-server-Implement-support-for-creating-processes-usin.patch

@@ -1,4 +1,4 @@
-From 23181e8cbe07ac0fd3b6effd04624122a6b0024f Mon Sep 17 00:00:00 2001
+From ed2822f9c9c1178b78872b13aa5d5df1a397bd35 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
 Date: Sun, 6 Aug 2017 02:08:05 +0200
 Subject: [PATCH] server: Implement support for creating processes using a
@@ -15,10 +15,10 @@ Subject: [PATCH] server: Implement support for creating processes using a
  7 files changed, 59 insertions(+), 21 deletions(-)
 
 diff --git a/dlls/kernel32/process.c b/dlls/kernel32/process.c
-index f9606be..c0b89f9 100644
+index e9d10ee..4ea7f1d 100644
 --- a/dlls/kernel32/process.c
 +++ b/dlls/kernel32/process.c
-@@ -2034,7 +2034,7 @@ static NTSTATUS create_struct_sd(PSECURITY_DESCRIPTOR nt_sd, struct security_des
+@@ -2203,7 +2203,7 @@ static NTSTATUS alloc_object_attributes( const SECURITY_ATTRIBUTES *attr, struct
   * Create a new process. If hFile is a valid handle we have an exe
   * file, otherwise it is a Winelib app.
   */
@@ -27,15 +27,15 @@ index f9606be..c0b89f9 100644
                              LPCWSTR cur_dir, LPSECURITY_ATTRIBUTES psa, LPSECURITY_ATTRIBUTES tsa,
                              BOOL inherit, DWORD flags, LPSTARTUPINFOW startup,
                              LPPROCESS_INFORMATION info, LPCSTR unixdir,
-@@ -2180,6 +2180,7 @@ static BOOL create_process( HANDLE hFile, LPCWSTR filename, LPWSTR cmd_line, LPW
+@@ -2316,6 +2316,7 @@ static BOOL create_process( HANDLE hFile, LPCWSTR filename, LPWSTR cmd_line, LPW
+         req->access         = PROCESS_ALL_ACCESS;
+         req->cpu            = cpu;
          req->info_size      = startup_info_size;
-         req->env_size       = (env_end - env) * sizeof(WCHAR);
-         req->process_sd_size = process_sd_size;
 +        req->token          = wine_server_obj_handle( token );
- 
+         wine_server_add_data( req, objattr, attr_len );
          wine_server_add_data( req, startup_info, startup_info_size );
          wine_server_add_data( req, env, (env_end - env) * sizeof(WCHAR) );
-@@ -2280,7 +2281,7 @@ error:
+@@ -2432,7 +2433,7 @@ error:
   *
   * Create a new VDM process for a 16-bit or DOS application.
   */
@@ -43,17 +43,17 @@ index f9606be..c0b89f9 100644
 +static BOOL create_vdm_process( HANDLE token, LPCWSTR filename, LPWSTR cmd_line, LPWSTR env, LPCWSTR cur_dir,
                                  LPSECURITY_ATTRIBUTES psa, LPSECURITY_ATTRIBUTES tsa,
                                  BOOL inherit, DWORD flags, LPSTARTUPINFOW startup,
-                                 LPPROCESS_INFORMATION info, LPCSTR unixdir,
-@@ -2304,7 +2305,7 @@ static BOOL create_vdm_process( LPCWSTR filename, LPWSTR cmd_line, LPWSTR env, L
-         return FALSE;
-     }
+                                 LPPROCESS_INFORMATION info, LPCSTR unixdir, int exec_only )
+@@ -2458,7 +2459,7 @@ static BOOL create_vdm_process( LPCWSTR filename, LPWSTR cmd_line, LPWSTR env, L
      sprintfW(new_cmd_line, argsW, winevdmW, buffer, cmd_line);
+     memset( &pe_info, 0, sizeof(pe_info) );
+     pe_info.machine = IMAGE_FILE_MACHINE_I386;
 -    ret = create_process( 0, winevdmW, new_cmd_line, env, cur_dir, psa, tsa, inherit,
 +    ret = create_process( token, 0, winevdmW, new_cmd_line, env, cur_dir, psa, tsa, inherit,
-                           flags, startup, info, unixdir, binary_info, exec_only );
+                           flags, startup, info, unixdir, &pe_info, exec_only );
      HeapFree( GetProcessHeap(), 0, new_cmd_line );
      return ret;
-@@ -2316,7 +2317,7 @@ static BOOL create_vdm_process( LPCWSTR filename, LPWSTR cmd_line, LPWSTR env, L
+@@ -2470,7 +2471,7 @@ static BOOL create_vdm_process( LPCWSTR filename, LPWSTR cmd_line, LPWSTR env, L
   *
   * Create a new cmd shell process for a .BAT file.
   */
@@ -62,7 +62,7 @@ index f9606be..c0b89f9 100644
                                  LPSECURITY_ATTRIBUTES psa, LPSECURITY_ATTRIBUTES tsa,
                                  BOOL inherit, DWORD flags, LPSTARTUPINFOW startup,
                                  LPPROCESS_INFORMATION info )
-@@ -2344,8 +2345,8 @@ static BOOL create_cmd_process( LPCWSTR filename, LPWSTR cmd_line, LPVOID env, L
+@@ -2498,8 +2499,8 @@ static BOOL create_cmd_process( LPCWSTR filename, LPWSTR cmd_line, LPVOID env, L
      strcatW( newcmdline, quotW );
      strcatW( newcmdline, cmd_line );
      strcatW( newcmdline, quotW );
@@ -73,7 +73,7 @@ index f9606be..c0b89f9 100644
      HeapFree( GetProcessHeap(), 0, newcmdline );
      return ret;
  }
-@@ -2455,7 +2456,9 @@ BOOL WINAPI CreateProcessInternalW( HANDLE token, LPCWSTR app_name, LPWSTR cmd_l
+@@ -2611,7 +2612,9 @@ BOOL WINAPI CreateProcessInternalW( HANDLE token, LPCWSTR app_name, LPWSTR cmd_l
  
      TRACE("app %s cmdline %s\n", debugstr_w(app_name), debugstr_w(cmd_line) );
  
@@ -83,41 +83,38 @@ index f9606be..c0b89f9 100644
 +
      if (new_token) FIXME("No support for returning created process token\n");
  
-     if (!(tidy_cmdline = get_file_name( app_name, cmd_line, name, sizeof(name)/sizeof(WCHAR),
-@@ -2513,20 +2516,20 @@ BOOL WINAPI CreateProcessInternalW( HANDLE token, LPCWSTR app_name, LPWSTR cmd_l
-                debugstr_w(name), (binary_info.flags & BINARY_FLAG_64BIT) ? 64 : 32,
-                wine_dbgstr_longlong(binary_info.res_start), wine_dbgstr_longlong(binary_info.res_end),
-                binary_info.arch, (binary_info.flags & BINARY_FLAG_FAKEDLL) ? ", fakedll" : "" );
+     if (!(tidy_cmdline = get_file_name( app_name, cmd_line, name, ARRAY_SIZE( name ), &hFile, &is_64bit )))
+@@ -2688,18 +2691,18 @@ BOOL WINAPI CreateProcessInternalW( HANDLE token, LPCWSTR app_name, LPWSTR cmd_l
+                debugstr_w(name), is_64bit_arch(pe_info.machine) ? 64 : 32,
+                wine_dbgstr_longlong(pe_info.base), wine_dbgstr_longlong(pe_info.base + pe_info.map_size),
+                pe_info.machine );
 -        retv = create_process( hFile, name, tidy_cmdline, envW, cur_dir, process_attr, thread_attr,
 +        retv = create_process( token, hFile, name, tidy_cmdline, envW, cur_dir, process_attr, thread_attr,
-                                inherit, flags, startup_info, info, unixdir, &binary_info, FALSE );
+                                inherit, flags, startup_info, info, unixdir, &pe_info, FALSE );
          break;
-     case BINARY_OS216:
      case BINARY_WIN16:
-     case BINARY_DOS:
          TRACE( "starting %s as Win16/DOS binary\n", debugstr_w(name) );
 -        retv = create_vdm_process( name, tidy_cmdline, envW, cur_dir, process_attr, thread_attr,
 +        retv = create_vdm_process( token, name, tidy_cmdline, envW, cur_dir, process_attr, thread_attr,
-                                    inherit, flags, startup_info, info, unixdir, &binary_info, FALSE );
+                                    inherit, flags, startup_info, info, unixdir, FALSE );
          break;
      case BINARY_UNIX_LIB:
          TRACE( "starting %s as %d-bit Winelib app\n",
-                debugstr_w(name), (binary_info.flags & BINARY_FLAG_64BIT) ? 64 : 32 );
+                debugstr_w(name), is_64bit_arch(pe_info.machine) ? 64 : 32 );
 -        retv = create_process( hFile, name, tidy_cmdline, envW, cur_dir, process_attr, thread_attr,
 +        retv = create_process( token, hFile, name, tidy_cmdline, envW, cur_dir, process_attr, thread_attr,
-                                inherit, flags, startup_info, info, unixdir, &binary_info, FALSE );
+                                inherit, flags, startup_info, info, unixdir, &pe_info, FALSE );
          break;
      case BINARY_UNKNOWN:
-@@ -2538,7 +2541,7 @@ BOOL WINAPI CreateProcessInternalW( HANDLE token, LPCWSTR app_name, LPWSTR cmd_l
+@@ -2709,14 +2712,14 @@ BOOL WINAPI CreateProcessInternalW( HANDLE token, LPCWSTR app_name, LPWSTR cmd_l
+             if (!strcmpiW( p, comW ) || !strcmpiW( p, pifW ))
+             {
                  TRACE( "starting %s as DOS binary\n", debugstr_w(name) );
-                 binary_info.type = BINARY_DOS;
-                 binary_info.arch = IMAGE_FILE_MACHINE_I386;
 -                retv = create_vdm_process( name, tidy_cmdline, envW, cur_dir, process_attr, thread_attr,
 +                retv = create_vdm_process( token, name, tidy_cmdline, envW, cur_dir, process_attr, thread_attr,
-                                            inherit, flags, startup_info, info, unixdir,
-                                            &binary_info, FALSE );
+                                            inherit, flags, startup_info, info, unixdir, FALSE );
                  break;
-@@ -2546,7 +2549,7 @@ BOOL WINAPI CreateProcessInternalW( HANDLE token, LPCWSTR app_name, LPWSTR cmd_l
+             }
              if (!strcmpiW( p, batW ) || !strcmpiW( p, cmdW ) )
              {
                  TRACE( "starting %s as batch binary\n", debugstr_w(name) );
@@ -126,44 +123,44 @@ index f9606be..c0b89f9 100644
                                             inherit, flags, startup_info, info );
                  break;
              }
-@@ -2666,12 +2669,12 @@ static void exec_process( LPCWSTR name )
-                debugstr_w(name), (binary_info.flags & BINARY_FLAG_64BIT) ? 64 : 32,
-                wine_dbgstr_longlong(binary_info.res_start), wine_dbgstr_longlong(binary_info.res_end),
-                binary_info.arch );
+@@ -2832,12 +2835,12 @@ static void exec_process( LPCWSTR name )
+                debugstr_w(name), is_64bit_arch(pe_info.machine) ? 64 : 32,
+                wine_dbgstr_longlong(pe_info.base), wine_dbgstr_longlong(pe_info.base + pe_info.map_size),
+                pe_info.machine );
 -        create_process( hFile, name, GetCommandLineW(), NULL, NULL, NULL, NULL,
 +        create_process( NULL, hFile, name, GetCommandLineW(), NULL, NULL, NULL, NULL,
-                         FALSE, 0, &startup_info, &info, NULL, &binary_info, TRUE );
+                         FALSE, 0, &startup_info, &info, NULL, &pe_info, TRUE );
          break;
      case BINARY_UNIX_LIB:
          TRACE( "%s is a Unix library, starting as Winelib app\n", debugstr_w(name) );
 -        create_process( hFile, name, GetCommandLineW(), NULL, NULL, NULL, NULL,
 +        create_process( NULL, hFile, name, GetCommandLineW(), NULL, NULL, NULL, NULL,
-                         FALSE, 0, &startup_info, &info, NULL, &binary_info, TRUE );
+                         FALSE, 0, &startup_info, &info, NULL, &pe_info, TRUE );
          break;
      case BINARY_UNKNOWN:
-@@ -2685,7 +2688,7 @@ static void exec_process( LPCWSTR name )
+@@ -2847,7 +2850,7 @@ static void exec_process( LPCWSTR name )
+         /* fall through */
      case BINARY_WIN16:
-     case BINARY_DOS:
          TRACE( "starting %s as Win16/DOS binary\n", debugstr_w(name) );
 -        create_vdm_process( name, GetCommandLineW(), NULL, NULL, NULL, NULL,
 +        create_vdm_process( NULL, name, GetCommandLineW(), NULL, NULL, NULL, NULL,
-                             FALSE, 0, &startup_info, &info, NULL, &binary_info, TRUE );
+                             FALSE, 0, &startup_info, &info, NULL, TRUE );
          break;
      default:
 diff --git a/server/process.c b/server/process.c
-index 81cea2f..7d2206f 100644
+index 653e513..2bb49e2 100644
 --- a/server/process.c
 +++ b/server/process.c
-@@ -496,7 +496,7 @@ static void start_sigkill_timer( struct process *process )
- 
- /* create a new process and its main thread */
+@@ -486,7 +486,7 @@ static void start_sigkill_timer( struct process *process )
+ /* create a new process */
  /* if the function fails the fd is closed */
--struct thread *create_process( int fd, struct thread *parent_thread, int inherit_all )
-+struct thread *create_process( int fd, struct thread *parent_thread, int inherit_all, struct token *token )
+ struct process *create_process( int fd, struct thread *parent_thread, int inherit_all,
+-                                const struct security_descriptor *sd )
++                                const struct security_descriptor *sd, struct token *token )
  {
      struct process *process;
-     struct thread *thread = NULL;
-@@ -567,7 +567,7 @@ struct thread *create_process( int fd, struct thread *parent_thread, int inherit
+ 
+@@ -562,7 +562,7 @@ struct process *create_process( int fd, struct thread *parent_thread, int inheri
                                         : alloc_handle_table( process, 0 );
          /* Note: for security reasons, starting a new process does not attempt
           * to use the current impersonation token for the new process */
@@ -172,15 +169,15 @@ index 81cea2f..7d2206f 100644
          process->affinity = parent->affinity;
      }
      if (!process->handles || !process->token) goto error;
-@@ -1147,6 +1147,7 @@ DECL_HANDLER(new_process)
-     struct startup_info *info;
-     struct thread *thread;
-     struct process *process;
+@@ -1128,6 +1128,7 @@ DECL_HANDLER(new_process)
+     const struct security_descriptor *sd;
+     const struct object_attributes *objattr = get_req_object_attributes( &sd, &name, NULL );
+     struct process *process = NULL;
 +    struct token *token = NULL;
      struct process *parent = current->process;
      int socket_fd = thread_get_inflight_fd( current, req->socket_fd );
-     const struct security_descriptor *process_sd = NULL, *thread_sd = NULL;
-@@ -1182,9 +1183,27 @@ DECL_HANDLER(new_process)
+ 
+@@ -1168,13 +1169,31 @@ DECL_HANDLER(new_process)
          return;
      }
  
@@ -203,75 +200,79 @@ index 81cea2f..7d2206f 100644
 +
      if (!req->info_size)  /* create an orphaned process */
      {
--        create_process( socket_fd, NULL, 0 );
-+        create_process( socket_fd, NULL, 0, token );
+-        if ((process = create_process( socket_fd, NULL, 0, sd )))
++        if ((process = create_process( socket_fd, NULL, 0, sd, token )))
+         {
+             create_thread( -1, process, NULL );
+             release_object( process );
+         }
 +        if (token) release_object( token );
          return;
      }
  
-@@ -1192,6 +1211,7 @@ DECL_HANDLER(new_process)
+@@ -1182,6 +1201,7 @@ DECL_HANDLER(new_process)
      if (!(info = alloc_object( &startup_info_ops )))
      {
          close( socket_fd );
 +        if (token) release_object( token );
          return;
      }
-     info->exe_file = NULL;
-@@ -1274,7 +1294,7 @@ DECL_HANDLER(new_process)
-         }
+     info->process  = NULL;
+@@ -1228,7 +1248,7 @@ DECL_HANDLER(new_process)
+ #undef FIXUP_LEN
      }
  
--    if (!(thread = create_process( socket_fd, current, req->inherit_all ))) goto done;
-+    if (!(thread = create_process( socket_fd, current, req->inherit_all, token ))) goto done;
-     process = thread->process;
+-    if (!(process = create_process( socket_fd, current, req->inherit_all, sd ))) goto done;
++    if (!(process = create_process( socket_fd, current, req->inherit_all, sd, token ))) goto done;
+ 
      process->startup_info = (struct startup_info *)grab_object( info );
  
-@@ -1356,6 +1376,7 @@ DECL_HANDLER(new_process)
-     }
+@@ -1290,6 +1310,7 @@ DECL_HANDLER(new_process)
+     reply->handle = alloc_handle_no_access_check( parent, process, req->access, objattr->attributes );
  
   done:
 +    if (token) release_object( token );
+     if (process) release_object( process );
      release_object( info );
  }
- 
 diff --git a/server/process.h b/server/process.h
-index 78e88ec..313c36a 100644
+index 1128dba..ec44e02 100644
 --- a/server/process.h
 +++ b/server/process.h
-@@ -114,7 +114,7 @@ struct process_snapshot
- extern unsigned int alloc_ptid( void *ptr );
+@@ -116,7 +116,7 @@ extern unsigned int alloc_ptid( void *ptr );
  extern void free_ptid( unsigned int id );
  extern void *get_ptid_entry( unsigned int id );
--extern struct thread *create_process( int fd, struct thread *parent_thread, int inherit_all );
-+extern struct thread *create_process( int fd, struct thread *parent_thread, int inherit_all, struct token *token );
+ extern struct process *create_process( int fd, struct thread *parent_thread, int inherit_all,
+-                                       const struct security_descriptor *sd );
++                                       const struct security_descriptor *sd, struct token *token );
  extern data_size_t init_process( struct thread *thread );
  extern struct thread *get_process_first_thread( struct process *process );
  extern struct process *get_process_from_id( process_id_t id );
 diff --git a/server/protocol.def b/server/protocol.def
-index 5fb6e38..f0bc83b 100644
+index 2ddc62f..897aa2b 100644
 --- a/server/protocol.def
 +++ b/server/protocol.def
-@@ -748,6 +748,7 @@ struct rawinput_device
+@@ -743,6 +743,7 @@ struct rawinput_device
+     unsigned int access;         /* access rights for process object */
+     cpu_type_t   cpu;            /* CPU that the new process will use */
      data_size_t  info_size;      /* size of startup info */
-     data_size_t  env_size;       /* size of the environment */
-     data_size_t  process_sd_size;/* size of the process security descriptor */
 +    obj_handle_t token;          /* token for the new process */
+     VARARG(objattr,object_attributes);   /* object attributes */
      VARARG(info,startup_info,info_size); /* startup information */
-     VARARG(env,unicode_str,env_size);                       /* environment for new process */
-     VARARG(process_sd,security_descriptor,process_sd_size); /* security descriptor to set on the process */
+     VARARG(env,unicode_str);     /* environment for new process */
 diff --git a/server/request.c b/server/request.c
-index 6120bc5..a648c30 100644
+index c10c4e6..86f293f 100644
 --- a/server/request.c
 +++ b/server/request.c
-@@ -570,7 +570,7 @@ static void master_socket_poll_event( struct fd *fd, int event )
+@@ -577,7 +577,7 @@ static void master_socket_poll_event( struct fd *fd, int event )
          int client = accept( get_unix_fd( master_socket->fd ), (struct sockaddr *) &dummy, &len );
          if (client == -1) return;
          fcntl( client, F_SETFL, O_NONBLOCK );
--        create_process( client, NULL, 0 );
-+        create_process( client, NULL, 0, NULL );
-     }
- }
- 
+-        if ((process = create_process( client, NULL, 0, NULL )))
++        if ((process = create_process( client, NULL, 0, NULL, NULL )))
+         {
+             create_thread( -1, process, NULL );
+             release_object( process );
 diff --git a/server/security.h b/server/security.h
 index 21e90cc..32dfe5f 100644
 --- a/server/security.h
@@ -286,7 +287,7 @@ index 21e90cc..32dfe5f 100644
  static inline const ACE_HEADER *ace_next( const ACE_HEADER *ace )
  {
 diff --git a/server/token.c b/server/token.c
-index de1d624..2804247 100644
+index 1184241..5db97b4 100644
 --- a/server/token.c
 +++ b/server/token.c
 @@ -836,6 +836,12 @@ int token_assign_label( struct token *token, PSID label )
@@ -302,7 +303,7 @@ index de1d624..2804247 100644
  struct token *token_create_admin( void )
  {
      struct token *token = NULL;
-@@ -1263,6 +1269,11 @@ const SID *token_get_primary_group( struct token *token )
+@@ -1262,6 +1268,11 @@ const SID *token_get_primary_group( struct token *token )
      return token->primary_group;
  }
  
@@ -315,5 +316,5 @@ index de1d624..2804247 100644
  {
      GENERIC_MAPPING mapping;
 -- 
-1.9.1
+2.7.4
 

patches/advapi32-Token_Integrity_Level/0012-user32-Start-explorer.exe-using-limited-rights.patch

@@ -1,7 +1,7 @@
-From 31a5f689a12c1db6edcc86dcd8e81f38a5f19fc5 Mon Sep 17 00:00:00 2001
+From baff5c160cf7f1ac0011bf8f55d506bf0346e1fd Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
 Date: Mon, 7 Aug 2017 02:53:06 +0200
-Subject: user32: Start explorer.exe using limited rights.
+Subject: [PATCH] user32: Start explorer.exe using limited rights.
 
 ---
  dlls/advapi32/tests/security.c |  4 ++--
@@ -9,10 +9,10 @@ Subject: user32: Start explorer.exe using limited rights.
  2 files changed, 12 insertions(+), 4 deletions(-)
 
 diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
-index f1a64e29dea..52524ee6fe2 100644
+index f27642e7a7..0271cd72e0 100644
 --- a/dlls/advapi32/tests/security.c
 +++ b/dlls/advapi32/tests/security.c
-@@ -7387,7 +7387,7 @@ static void test_token_security_descriptor(void)
+@@ -7313,7 +7313,7 @@ static void test_token_security_descriptor(void)
              ret = GetTokenInformation(token4, TokenIntegrityLevel, buffer_integrity, sizeof(buffer_integrity), &size);
              ok(ret, "GetTokenInformation failed with error %u\n", GetLastError());
              tml = (TOKEN_MANDATORY_LABEL *)buffer_integrity;
@@ -21,7 +21,7 @@ index f1a64e29dea..52524ee6fe2 100644
  
              size = 0;
              ret = GetKernelObjectSecurity(token4, LABEL_SECURITY_INFORMATION, NULL, 0, &size);
-@@ -7841,7 +7841,7 @@ static void test_child_token_sd_medium(void)
+@@ -7768,7 +7768,7 @@ static void test_child_token_sd_medium(void)
      ret = GetTokenInformation(token, TokenIntegrityLevel, buffer_integrity, sizeof(buffer_integrity), &size);
      ok(ret, "GetTokenInformation failed with error %u\n", GetLastError());
      tml = (TOKEN_MANDATORY_LABEL *)buffer_integrity;
@@ -31,7 +31,7 @@ index f1a64e29dea..52524ee6fe2 100644
      HeapFree(GetProcessHeap(), 0, sd);
  }
 diff --git a/dlls/user32/win.c b/dlls/user32/win.c
-index cbf22374374..ea116b9d139 100644
+index cbfd8bb14a..8039f54fb0 100644
 --- a/dlls/user32/win.c
 +++ b/dlls/user32/win.c
 @@ -43,6 +43,8 @@ WINE_DEFAULT_DEBUG_CHANNEL(win);
@@ -43,15 +43,15 @@ index cbf22374374..ea116b9d139 100644
  static DWORD process_layout = ~0u;
  
  static struct list window_surfaces = LIST_INIT( window_surfaces );
-@@ -2067,6 +2069,7 @@ HWND WINAPI GetDesktopWindow(void)
-         WCHAR app[MAX_PATH + sizeof(explorer)/sizeof(WCHAR)];
-         WCHAR cmdline[MAX_PATH + (sizeof(explorer) + sizeof(args))/sizeof(WCHAR)];
+@@ -2052,6 +2054,7 @@ HWND WINAPI GetDesktopWindow(void)
+         WCHAR app[MAX_PATH + ARRAY_SIZE( explorer )];
+         WCHAR cmdline[MAX_PATH + ARRAY_SIZE( explorer ) + ARRAY_SIZE( args )];
          WCHAR desktop[MAX_PATH];
 +        HANDLE token;
          void *redir;
  
          SERVER_START_REQ( set_user_object_info )
-@@ -2099,9 +2102,12 @@ HWND WINAPI GetDesktopWindow(void)
+@@ -2084,9 +2087,12 @@ HWND WINAPI GetDesktopWindow(void)
          strcpyW( cmdline, app );
          strcatW( cmdline, args );
  
@@ -66,7 +66,7 @@ index cbf22374374..ea116b9d139 100644
          {
              TRACE( "started explorer pid %04x tid %04x\n", pi.dwProcessId, pi.dwThreadId );
              WaitForInputIdle( pi.hProcess, 10000 );
-@@ -2111,6 +2117,8 @@ HWND WINAPI GetDesktopWindow(void)
+@@ -2096,6 +2102,8 @@ HWND WINAPI GetDesktopWindow(void)
          else WARN( "failed to start explorer, err %d\n", GetLastError() );
          Wow64RevertWow64FsRedirection( redir );
  
@@ -76,5 +76,5 @@ index cbf22374374..ea116b9d139 100644
          {
              req->force = 1;
 -- 
-2.13.1
+2.18.0
 

patches/advapi32-Token_Integrity_Level/0013-server-Correctly-assign-security-labels-for-tokens.patch

@@ -1,7 +1,7 @@
-From 71366dad7ac934b2e24cfcf19104b4589b91652a Mon Sep 17 00:00:00 2001
+From 6d8fd34cabbcbc64062675be610fb8704fcdc3ec Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
 Date: Mon, 7 Aug 2017 03:33:26 +0200
-Subject: server: Correctly assign security labels for tokens.
+Subject: [PATCH] server: Correctly assign security labels for tokens.
 
 ---
  dlls/advapi32/tests/security.c | 21 ++++++++++-----------
@@ -11,10 +11,10 @@ Subject: server: Correctly assign security labels for tokens.
  4 files changed, 36 insertions(+), 36 deletions(-)
 
 diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
-index 52524ee6fe2..a35baab0e25 100644
+index bf4161c..0610ec7 100644
 --- a/dlls/advapi32/tests/security.c
 +++ b/dlls/advapi32/tests/security.c
-@@ -7289,7 +7289,6 @@ static void test_token_security_descriptor(void)
+@@ -7186,7 +7186,6 @@ static void test_token_security_descriptor(void)
      defaulted = TRUE;
      ret = GetSecurityDescriptorDacl(sd2, &present, &acl2, &defaulted);
      ok(ret, "GetSecurityDescriptorDacl failed with error %u\n", GetLastError());
@@ -22,7 +22,7 @@ index 52524ee6fe2..a35baab0e25 100644
      ok(present, "DACL not present\n");
  
      if (present)
-@@ -7410,7 +7409,7 @@ static void test_token_security_descriptor(void)
+@@ -7307,7 +7306,7 @@ static void test_token_security_descriptor(void)
                  ok(ret, "GetAce failed with error %u\n", GetLastError());
                  ok(ace->Header.AceType == SYSTEM_MANDATORY_LABEL_ACE_TYPE,
                     "Unexpected ACE type %#x\n", ace->Header.AceType);
@@ -31,7 +31,7 @@ index 52524ee6fe2..a35baab0e25 100644
                     "Expected medium integrity level\n");
              }
  
-@@ -7463,8 +7462,8 @@ static void test_token_security_descriptor(void)
+@@ -7360,8 +7359,8 @@ static void test_token_security_descriptor(void)
              sacl = NULL;
              ret = GetSecurityDescriptorSacl(sd3, &present, &sacl, &defaulted);
              ok(ret, "GetSecurityDescriptorSacl failed with error %u\n", GetLastError());
@@ -42,7 +42,7 @@ index 52524ee6fe2..a35baab0e25 100644
  
              if (sacl)
              {
-@@ -7513,8 +7512,8 @@ static void test_token_security_descriptor(void)
+@@ -7410,8 +7409,8 @@ static void test_token_security_descriptor(void)
              sacl = NULL;
              ret = GetSecurityDescriptorSacl(sd3, &present, &sacl, &defaulted);
              ok(ret, "GetSecurityDescriptorSacl failed with error %u\n", GetLastError());
@@ -53,7 +53,7 @@ index 52524ee6fe2..a35baab0e25 100644
  
              if (sacl)
              {
-@@ -7578,8 +7577,8 @@ static void test_token_security_descriptor(void)
+@@ -7475,8 +7474,8 @@ static void test_token_security_descriptor(void)
  
          ret = GetSecurityDescriptorSacl(sd3, &present, &sacl, &defaulted);
          ok(ret, "GetSecurityDescriptorSacl failed with error %u\n", GetLastError());
@@ -64,7 +64,7 @@ index 52524ee6fe2..a35baab0e25 100644
  
          if (sacl)
          {
-@@ -7616,8 +7615,8 @@ static void test_token_security_descriptor(void)
+@@ -7513,8 +7512,8 @@ static void test_token_security_descriptor(void)
          sacl = NULL;
          ret = GetSecurityDescriptorSacl(sd3, &present, &sacl, &defaulted);
          ok(ret, "GetSecurityDescriptorSacl failed with error %u\n", GetLastError());
@@ -75,7 +75,7 @@ index 52524ee6fe2..a35baab0e25 100644
  
          if (sacl)
          {
-@@ -7834,7 +7833,7 @@ static void test_child_token_sd_medium(void)
+@@ -7732,7 +7731,7 @@ static void test_child_token_sd_medium(void)
      ok(ret, "GetAce failed with error %u\n", GetLastError());
      ok(ace_label->Header.AceType == SYSTEM_MANDATORY_LABEL_ACE_TYPE,
         "Unexpected ACE type %#x\n", ace_label->Header.AceType);
@@ -85,10 +85,10 @@ index 52524ee6fe2..a35baab0e25 100644
  
      memset(buffer_integrity, 0, sizeof(buffer_integrity));
 diff --git a/server/process.c b/server/process.c
-index ef2452fb8fb..ae998ab80b9 100644
+index b7c9da3..250f777 100644
 --- a/server/process.c
 +++ b/server/process.c
-@@ -571,17 +571,11 @@ struct thread *create_process( int fd, struct thread *parent_thread, int inherit
+@@ -562,17 +562,11 @@ struct process *create_process( int fd, struct thread *parent_thread, int inheri
                                         : alloc_handle_table( process, 0 );
          /* Note: for security reasons, starting a new process does not attempt
           * to use the current impersonation token for the new process */
@@ -104,11 +104,11 @@ index ef2452fb8fb..ae998ab80b9 100644
 -    if (!token_assign_label( process->token, security_high_label_sid ))
 -        goto error;
 -
-     /* create the main thread */
-     if (pipe( request_pipe ) == -1)
-     {
+     set_fd_events( process->msg_fd, POLLIN );  /* start listening to events */
+     return process;
+ 
 diff --git a/server/security.h b/server/security.h
-index 32dfe5f8db9..87377ccd673 100644
+index 32dfe5f..87377cc 100644
 --- a/server/security.h
 +++ b/server/security.h
 @@ -59,7 +59,7 @@ extern int token_assign_label( struct token *token, PSID label );
@@ -121,10 +121,10 @@ index 32dfe5f8db9..87377ccd673 100644
                                     const LUID_AND_ATTRIBUTES *reqprivs,
                                     unsigned int count, LUID_AND_ATTRIBUTES *usedprivs);
 diff --git a/server/token.c b/server/token.c
-index c507294b49d..c6b0f0d39d3 100644
+index 5db97b4..bd251c7 100644
 --- a/server/token.c
 +++ b/server/token.c
-@@ -686,7 +686,7 @@ static int filter_privilege( struct privilege *privilege, const LUID_AND_ATTRIBU
+@@ -668,7 +668,7 @@ static int filter_privilege( struct privilege *privilege, const LUID_AND_ATTRIBU
  struct token *token_duplicate( struct token *src_token, unsigned primary,
                                 int impersonation_level, const struct security_descriptor *sd,
                                 const LUID_AND_ATTRIBUTES *filter_privileges, unsigned int priv_count,
@@ -133,7 +133,7 @@ index c507294b49d..c6b0f0d39d3 100644
  {
      const luid_t *modified_id =
          primary || (impersonation_level == src_token->impersonation_level) ?
-@@ -750,6 +750,12 @@ struct token *token_duplicate( struct token *src_token, unsigned primary,
+@@ -735,6 +735,12 @@ struct token *token_duplicate( struct token *src_token, unsigned primary,
      if (sd) default_set_sd( &token->obj, sd, OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
                              DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION );
  
@@ -146,7 +146,7 @@ index c507294b49d..c6b0f0d39d3 100644
      return token;
  }
  
-@@ -922,6 +928,12 @@ struct token *token_create_admin( void )
+@@ -906,6 +912,12 @@ struct token *token_create_admin( void )
                                admin_source, NULL, -1, TokenElevationTypeFull, &high_label_sid );
          /* we really need a primary group */
          assert( token->primary_group );
@@ -159,7 +159,7 @@ index c507294b49d..c6b0f0d39d3 100644
      }
  
      free( logon_sid );
-@@ -980,6 +992,12 @@ static struct token *token_create_limited( void )
+@@ -964,6 +976,12 @@ static struct token *token_create_limited( void )
                                admin_source, NULL, -1, TokenElevationTypeLimited, &medium_label_sid );
          /* we really need a primary group */
          assert( token->primary_group );
@@ -172,7 +172,7 @@ index c507294b49d..c6b0f0d39d3 100644
      }
  
      free( logon_sid );
-@@ -1448,7 +1466,8 @@ DECL_HANDLER(duplicate_token)
+@@ -1432,7 +1450,8 @@ DECL_HANDLER(duplicate_token)
                                                       TOKEN_DUPLICATE,
                                                       &token_ops )))
      {
@@ -182,7 +182,7 @@ index c507294b49d..c6b0f0d39d3 100644
          if (token)
          {
              unsigned int access = req->access ? req->access : get_handle_access( current->process, req->handle );
-@@ -1478,7 +1497,7 @@ DECL_HANDLER(filter_token)
+@@ -1462,7 +1481,7 @@ DECL_HANDLER(filter_token)
          group_count = get_sid_count( filter_groups, get_req_data_size() - priv_count * sizeof(LUID_AND_ATTRIBUTES) );
  
          token = token_duplicate( src_token, src_token->primary, src_token->impersonation_level, NULL,
@@ -191,7 +191,7 @@ index c507294b49d..c6b0f0d39d3 100644
          if (token)
          {
              unsigned int access = get_handle_access( current->process, req->handle );
-@@ -1813,23 +1832,11 @@ DECL_HANDLER(set_token_default_dacl)
+@@ -1788,23 +1807,11 @@ DECL_HANDLER(set_token_default_dacl)
  DECL_HANDLER(create_token)
  {
      struct token *token;
@@ -218,5 +218,5 @@ index c507294b49d..c6b0f0d39d3 100644
      }
  }
 -- 
-2.13.1
+2.7.4
 

patches/advapi32-Token_Integrity_Level/definition

@@ -1,7 +1,5 @@
 Fixes: [40613] Basic implementation for token integrity levels and UAC handling
 Fixes: [39262] Run explorer.exe as unevaluated process
 Depends: advapi32-CreateRestrictedToken
-Depends: kernel32-COMSPEC
-Depends: server-CreateProcess_ACLs
 Depends: server-Misc_ACL
 Depends: Staging

patches/bcrypt-BCryptDeriveKeyPBKDF2/definition

@@ -1,2 +1 @@
 Fixes: [42704] Implement BCryptDeriveKeyPBKDF2
-Depends: crypt32-ECDSA_Cert_Chains

patches/bcrypt-BCryptGenerateKeyPair/definition

@@ -1,2 +1 @@
 Fixes: [45312] Fix issue for Assassin's Creed : Syndicate
-Depends: crypt32-ECDSA_Cert_Chains

patches/crypt32-Certificate_Check/0001-crypt32-Properly-check-root-certificate-in-CERT_CHAI.patch

@@ -1,43 +0,0 @@
-From bba53bba66f4ca7b8726424e8215854a657c024a Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
-Date: Tue, 15 Nov 2016 23:50:23 +0100
-Subject: crypt32: Properly check root certificate in
- CERT_CHAIN_REVOCATION_CHECK_CHAIN.
-
-CA certificates do not have a parent which defines a CRL, but Windows seems to require
-that CA certificates are self signed. We therefore should set pIssuerCert to the
-CA certificate itself before calling CertVerifyRevocation. On windows the function
-does not seem to fail if no CRL could be found, so ignore this error for now.
----
- dlls/crypt32/chain.c | 12 +++++++++++-
- 1 file changed, 11 insertions(+), 1 deletion(-)
-
-diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c
-index aab2e91..80b6513 100644
---- a/dlls/crypt32/chain.c
-+++ b/dlls/crypt32/chain.c
-@@ -2704,10 +2704,20 @@ static void CRYPT_VerifyChainRevocation(PCERT_CHAIN_CONTEXT chain,
-                     revocationPara.pIssuerCert =
-                      chain->rgpChain[i]->rgpElement[j + 1]->pCertContext;
-                 else
--                    revocationPara.pIssuerCert = NULL;
-+                    revocationPara.pIssuerCert = certToCheck;
-+
-                 ret = CertVerifyRevocation(X509_ASN_ENCODING,
-                  CERT_CONTEXT_REVOCATION_TYPE, 1, (void **)&certToCheck,
-                  revocationFlags, &revocationPara, &revocationStatus);
-+
-+                if (!ret && revocationStatus.dwError == CRYPT_E_NO_REVOCATION_CHECK &&
-+                    revocationPara.pIssuerCert == certToCheck)
-+                {
-+                    FIXME("Unable to find CRL for CA certificate\n");
-+                    ret = TRUE;
-+                    revocationStatus.dwError = 0;
-+                }
-+
-                 if (!ret)
-                 {
-                     PCERT_CHAIN_ELEMENT element = CRYPT_FindIthElementInChain(
--- 
-2.9.0
-

patches/crypt32-Certificate_Check/definition

@@ -1 +0,0 @@
-Fixes: [41652] Fix root certificate check in CERT_CHAIN_REVOCATION_CHECK_CHAIN

patches/crypt32-CryptUnprotectMemory/0001-crypt32-Print-CryptUnprotectMemory-FIXME-only-once.patch

@@ -1,25 +0,0 @@
-From 29ac40e7943195bda7acbc0ffa5cc966d8c1a40a Mon Sep 17 00:00:00 2001
-From: Christian Costa <titan.costa@gmail.com>
-Date: Mon, 31 Aug 2015 22:54:59 -0300
-Subject: crypt32: Print CryptUnprotectMemory FIXME only once.
-
----
- dlls/crypt32/main.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/dlls/crypt32/main.c b/dlls/crypt32/main.c
-index 241a1d9..696195a 100644
---- a/dlls/crypt32/main.c
-+++ b/dlls/crypt32/main.c
-@@ -259,6 +259,7 @@ BOOL WINAPI CryptProtectMemory(void *data, DWORD len, DWORD flags)
- 
- BOOL WINAPI CryptUnprotectMemory(void *data, DWORD len, DWORD flags)
- {
--    FIXME("(%p %u %08x): stub\n", data, len, flags);
-+    static int fixme_once;
-+    if (!fixme_once++) FIXME("(%p %u %08x): stub\n", data, len, flags);
-     return TRUE;
- }
--- 
-2.5.0
-

patches/crypt32-ECDSA_Cert_Chains/0006-crypt32-tests-Basic-tests-for-decoding-ECDSA-signed-.patch

@@ -1,196 +0,0 @@
-From 484fbc0054dadaf4a410ae3497ccf3338ef7d81c Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
-Date: Wed, 27 Sep 2017 18:31:07 +0200
-Subject: crypt32/tests: Basic tests for decoding ECDSA signed certificate.
-
----
- dlls/crypt32/tests/encode.c | 168 ++++++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 168 insertions(+)
-
-diff --git a/dlls/crypt32/tests/encode.c b/dlls/crypt32/tests/encode.c
-index a4daec0..729f3e4 100644
---- a/dlls/crypt32/tests/encode.c
-+++ b/dlls/crypt32/tests/encode.c
-@@ -8509,6 +8509,173 @@ static void testPortPublicKeyInfo(void)
-     ok(ret,"CryptAcquireContextA failed\n");
- }
- 
-+static const BYTE eccCert[] = {
-+0x30,0x82,0x01,0x46,0x30,0x81,0xec,0x02,0x09,0x00,0xe7,0x6b,
-+0x26,0x86,0x0a,0x82,0xff,0xe9,0x30,0x0a,0x06,0x08,0x2a,0x86,
-+0x48,0xce,0x3d,0x04,0x03,0x02,0x30,0x2b,0x31,0x0b,0x30,0x09,
-+0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x44,0x45,0x31,0x0d,0x30,
-+0x0b,0x06,0x03,0x55,0x04,0x0a,0x0c,0x04,0x57,0x69,0x6e,0x65,
-+0x31,0x0d,0x30,0x0b,0x06,0x03,0x55,0x04,0x03,0x0c,0x04,0x57,
-+0x69,0x6e,0x65,0x30,0x1e,0x17,0x0d,0x31,0x37,0x30,0x39,0x32,
-+0x37,0x31,0x33,0x34,0x31,0x30,0x34,0x5a,0x17,0x0d,0x32,0x37,
-+0x30,0x39,0x32,0x35,0x31,0x33,0x34,0x31,0x30,0x34,0x5a,0x30,
-+0x2b,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,
-+0x44,0x45,0x31,0x0d,0x30,0x0b,0x06,0x03,0x55,0x04,0x0a,0x0c,
-+0x04,0x54,0x65,0x73,0x74,0x31,0x0d,0x30,0x0b,0x06,0x03,0x55,
-+0x04,0x03,0x0c,0x04,0x54,0x65,0x73,0x74,0x30,0x59,0x30,0x13,
-+0x06,0x07,0x2a,0x86,0x48,0xce,0x3d,0x02,0x01,0x06,0x08,0x2a,
-+0x86,0x48,0xce,0x3d,0x03,0x01,0x07,0x03,0x42,0x00,0x04,0xed,
-+0xfc,0x77,0xd8,0xb9,0xe7,0xf3,0xf8,0xce,0x13,0xb8,0x7f,0x0f,
-+0x78,0xea,0x73,0x87,0x29,0x10,0xe1,0x6d,0x10,0xce,0x57,0x60,
-+0x3b,0x3e,0xb4,0x5f,0x0d,0x20,0xc1,0xeb,0x6d,0x74,0xe9,0x7b,
-+0x11,0x51,0x9a,0x00,0xe8,0xe9,0x12,0x84,0xb9,0x07,0x7e,0x7b,
-+0x62,0x67,0x12,0x67,0x08,0xe5,0x2e,0x27,0xce,0xa2,0x57,0x15,
-+0xad,0xc5,0x1f,0x30,0x0a,0x06,0x08,0x2a,0x86,0x48,0xce,0x3d,
-+0x04,0x03,0x02,0x03,0x49,0x00,0x30,0x46,0x02,0x21,0x00,0xd7,
-+0x29,0xce,0x5a,0xef,0x74,0x85,0xd1,0x18,0x5f,0x6e,0xf1,0xba,
-+0x53,0xd4,0xcd,0xdd,0xe0,0x5d,0xf1,0x5e,0x48,0x51,0xea,0x63,
-+0xc0,0xe8,0xe2,0xf6,0xfa,0x4c,0xaf,0x02,0x21,0x00,0xe3,0x94,
-+0x15,0x3b,0x6c,0x71,0x6e,0x44,0x22,0xcb,0xa0,0x88,0xcd,0x0a,
-+0x5a,0x50,0x29,0x7c,0x5c,0xd6,0x6c,0xd2,0xe0,0x7f,0xcd,0x02,
-+0x92,0x21,0x4c,0x2c,0x92,0xee };
-+static const BYTE ecdsaSig[] = {
-+0x30,0x46,0x02,0x21,0x00,0xd7,0x29,0xce,0x5a,0xef,0x74,0x85,
-+0xd1,0x18,0x5f,0x6e,0xf1,0xba,0x53,0xd4,0xcd,0xdd,0xe0,0x5d,
-+0xf1,0x5e,0x48,0x51,0xea,0x63,0xc0,0xe8,0xe2,0xf6,0xfa,0x4c,
-+0xaf,0x02,0x21,0x00,0xe3,0x94,0x15,0x3b,0x6c,0x71,0x6e,0x44,
-+0x22,0xcb,0xa0,0x88,0xcd,0x0a,0x5a,0x50,0x29,0x7c,0x5c,0xd6,
-+0x6c,0xd2,0xe0,0x7f,0xcd,0x02,0x92,0x21,0x4c,0x2c,0x92,0xee };
-+static const BYTE eccPubKey[] = {
-+0x30,0x59,0x30,0x13,0x06,0x07,0x2a,0x86,0x48,0xce,0x3d,0x02,
-+0x01,0x06,0x08,0x2a,0x86,0x48,0xce,0x3d,0x03,0x01,0x07,0x03,
-+0x42,0x00,0x04,0xed,0xfc,0x77,0xd8,0xb9,0xe7,0xf3,0xf8,0xce,
-+0x13,0xb8,0x7f,0x0f,0x78,0xea,0x73,0x87,0x29,0x10,0xe1,0x6d,
-+0x10,0xce,0x57,0x60,0x3b,0x3e,0xb4,0x5f,0x0d,0x20,0xc1,0xeb,
-+0x6d,0x74,0xe9,0x7b,0x11,0x51,0x9a,0x00,0xe8,0xe9,0x12,0x84,
-+0xb9,0x07,0x7e,0x7b,0x62,0x67,0x12,0x67,0x08,0xe5,0x2e,0x27,
-+0xce,0xa2,0x57,0x15,0xad,0xc5,0x1f };
-+
-+static void testECDSACert(void)
-+{
-+    DWORD decode_flags = CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NO_SIGNATURE_BYTE_REVERSAL_FLAG;
-+    CERT_SIGNED_CONTENT_INFO *info;
-+    CERT_PUBLIC_KEY_INFO *pubkey;
-+    CERT_ECC_SIGNATURE *ecc_sig;
-+    LPSTR *ecc_curve;
-+    DWORD size;
-+    BOOL ret;
-+    int i;
-+
-+    info = NULL;
-+    ret = pCryptDecodeObjectEx(X509_ASN_ENCODING, X509_CERT, eccCert, sizeof(eccCert), decode_flags,
-+                               NULL, &info, &size);
-+    ok(ret, "CryptDecodeObjectEx failed with %d\n", GetLastError());
-+
-+    ok(!strcmp(info->SignatureAlgorithm.pszObjId, szOID_ECDSA_SHA256),
-+       "Expected 1.2.840.10045.4.3.2, got %s\n", info->SignatureAlgorithm.pszObjId);
-+    ok(!info->SignatureAlgorithm.Parameters.cbData,
-+       "Expected no parameter data, got %d bytes\n", info->SignatureAlgorithm.Parameters.cbData);
-+    ok(!info->SignatureAlgorithm.Parameters.pbData,
-+       "Expected no parameter data, got %p pointer\n", info->SignatureAlgorithm.Parameters.pbData);
-+
-+    ok(info->Signature.cbData == sizeof(ecdsaSig),
-+       "Expected %d bytes, got %d\n", (int)sizeof(ecdsaSig), info->Signature.cbData);
-+    ok(info->Signature.pbData != NULL, "Got NULL pointer\n");
-+    ok(!info->Signature.cUnusedBits, "Expected no unused bytes, got %d\n", info->Signature.cUnusedBits);
-+    for (i = 0; i < info->Signature.cbData; i++)
-+    {
-+        ok(ecdsaSig[i] == info->Signature.pbData[i], "Expected %02x, got %02x at offset %d\n",
-+           ecdsaSig[i], info->Signature.pbData[i], i);
-+    }
-+
-+    ecc_sig = NULL;
-+    ret = pCryptDecodeObjectEx(X509_ASN_ENCODING, X509_ECC_SIGNATURE, info->Signature.pbData,
-+                               info->Signature.cbData, decode_flags, NULL, &ecc_sig, &size);
-+    todo_wine ok(ret, "CryptDecodeObjectEx failed with %d\n", GetLastError());
-+    if (ret)
-+    {
-+        ok(ecc_sig->r.cbData == 32, "Expected 32 bytes, got %d\n", ecc_sig->r.cbData);
-+        ok(ecc_sig->r.pbData != NULL, "Got NULL pointer\n");
-+        ok(ecc_sig->s.cbData == 32, "Expected 32 bytes, got %d\n", ecc_sig->s.cbData);
-+        ok(ecc_sig->s.pbData != NULL, "Got NULL pointer\n");
-+        for (i = 0; i < ecc_sig->r.cbData; i++)
-+        {
-+            ok(ecdsaSig[4+32-i] == ecc_sig->r.pbData[i], "Expected %02x, got %02x at offset %d\n",
-+               ecdsaSig[4+32-i], ecc_sig->r.pbData[i], i);
-+        }
-+        for (i = 0; i < ecc_sig->s.cbData; i++)
-+        {
-+            ok(ecdsaSig[4+35+32-i] == ecc_sig->s.pbData[i], "Expected %02x, got %02x at offset %d\n",
-+               ecdsaSig[4+35+32-i], ecc_sig->s.pbData[i], i);
-+        }
-+        LocalFree(ecc_sig);
-+    }
-+
-+    LocalFree(info);
-+
-+    info = NULL;
-+    decode_flags &= ~CRYPT_DECODE_NO_SIGNATURE_BYTE_REVERSAL_FLAG;
-+    ret = pCryptDecodeObjectEx(X509_ASN_ENCODING, X509_CERT, eccCert, sizeof(eccCert), decode_flags,
-+                               NULL, &info, &size);
-+    ok(ret, "CryptDecodeObjectEx failed with %d\n", GetLastError());
-+
-+    ok(info->Signature.cbData == sizeof(ecdsaSig),
-+       "Expected %d bytes, got %d\n", (int)sizeof(ecdsaSig), info->Signature.cbData);
-+    ok(info->Signature.pbData != NULL, "Got NULL pointer\n");
-+    ok(!info->Signature.cUnusedBits, "Expected no unused bytes, got %d\n", info->Signature.cUnusedBits);
-+    for (i = 0; i < info->Signature.cbData; i++)
-+    {
-+        ok(ecdsaSig[sizeof(ecdsaSig)-i-1] == info->Signature.pbData[i], "Expected %02x, got %02x at offset %d\n",
-+           ecdsaSig[sizeof(ecdsaSig)-i-1], info->Signature.pbData[i], i);
-+    }
-+
-+    LocalFree(info);
-+
-+    pubkey = NULL;
-+    ret = pCryptDecodeObjectEx(X509_ASN_ENCODING, X509_PUBLIC_KEY_INFO, eccPubKey, sizeof(eccPubKey),
-+                               decode_flags, NULL, &pubkey, &size);
-+    ok(ret, "CryptDecodeObjectEx failed with %d\n", GetLastError());
-+
-+    ok(!strcmp(pubkey->Algorithm.pszObjId, szOID_ECC_PUBLIC_KEY),
-+       "Expected 1.2.840.10045.2.1, got %s\n", pubkey->Algorithm.pszObjId);
-+    ok(pubkey->Algorithm.Parameters.cbData == 10,
-+       "Expected 10 bytes parameters, got %d bytes\n", pubkey->Algorithm.Parameters.cbData);
-+    ok(pubkey->Algorithm.Parameters.pbData != NULL,
-+       "Expected pointer to parameters, got NULL\n");
-+
-+    ecc_curve = NULL;
-+    ret = pCryptDecodeObjectEx(X509_ASN_ENCODING, X509_OBJECT_IDENTIFIER, pubkey->Algorithm.Parameters.pbData,
-+                               pubkey->Algorithm.Parameters.cbData, decode_flags, NULL, &ecc_curve, &size);
-+    todo_wine ok(ret || broken(GetLastError() == ERROR_FILE_NOT_FOUND /* < Vista */),
-+                 "CryptDecodeObjectEx failed with %d\n", GetLastError());
-+    if (ret)
-+    {
-+        ok(!strcmp(*ecc_curve, szOID_ECC_CURVE_P256), "Expected 1.2.840.10045.3.1.7, got %s\n", *ecc_curve);
-+        LocalFree(ecc_curve);
-+    }
-+
-+    ecc_curve = NULL;
-+    ret = pCryptDecodeObjectEx(X509_ASN_ENCODING, szOID_ECC_PUBLIC_KEY, pubkey->Algorithm.Parameters.pbData,
-+                               pubkey->Algorithm.Parameters.cbData, decode_flags, NULL, &ecc_curve, &size);
-+    todo_wine ok(ret || broken(GetLastError() == ERROR_FILE_NOT_FOUND /* < Vista */),
-+                 "CryptDecodeObjectEx failed with %d\n", GetLastError());
-+    if (ret)
-+    {
-+        ok(!strcmp(*ecc_curve, szOID_ECC_CURVE_P256), "Expected 1.2.840.10045.3.1.7, got %s\n", *ecc_curve);
-+        LocalFree(ecc_curve);
-+    }
-+
-+    ok(pubkey->PublicKey.cbData == 65, "Expected 32 bytes parameters, got %d bytes\n", pubkey->PublicKey.cbData);
-+    ok(pubkey->PublicKey.pbData != NULL, "Expected pointer to parameters, got NULL\n");
-+    for (i = 0; i < pubkey->PublicKey.cbData; i++)
-+    {
-+        ok(eccPubKey[26+i] == pubkey->PublicKey.pbData[i], "Expected %02x, got %02x at offset %d\n",
-+           eccPubKey[26+i], pubkey->PublicKey.pbData[i], i);
-+    }
-+
-+    LocalFree(pubkey);
-+}
-+
- START_TEST(encode)
- {
-     static const DWORD encodings[] = { X509_ASN_ENCODING, PKCS_7_ASN_ENCODING,
-@@ -8602,4 +8769,5 @@ START_TEST(encode)
-         test_decodeRsaPrivateKey(encodings[i]);
-     }
-     testPortPublicKeyInfo();
-+    testECDSACert();
- }
--- 
-2.7.4
-

patches/crypt32-ECDSA_Cert_Chains/0012-crypt32-tets-Add-test-for-verifying-an-ecdsa-chain.patch

@@ -1,128 +0,0 @@
-From a1989f6e804cd11efe4da438939b481ef430cd4c Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
-Date: Sat, 30 Sep 2017 03:08:58 +0200
-Subject: crypt32/tets: Add test for verifying an ecdsa chain.
-
----
- dlls/crypt32/tests/chain.c | 84 ++++++++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 84 insertions(+)
-
-diff --git a/dlls/crypt32/tests/chain.c b/dlls/crypt32/tests/chain.c
-index 0839fc73976..1279735e496 100644
---- a/dlls/crypt32/tests/chain.c
-+++ b/dlls/crypt32/tests/chain.c
-@@ -2889,6 +2889,59 @@ static const BYTE chain31_1[] = {
- 0x43,0x08,0xe5,0x78,0x2b,0x95,0xf3,0x75,0xb6,0x88,0xf0,0x6b,0x5c,0x5b,0x50,
- 0x04,0x91,0x3b,0x89,0x5a,0x60,0x1f,0xfc,0x36,0x53,0x32,0x36,0x0a,0x4d,0x03,
- 0x2c,0xd7 };
-+static const BYTE ecc_crt[] = {
-+0x30,0x82,0x01,0x46,0x30,0x81,0xec,0x02,0x09,0x00,0xe7,0x6b,0x26,0x86,0x0a,
-+0x82,0xff,0xe9,0x30,0x0a,0x06,0x08,0x2a,0x86,0x48,0xce,0x3d,0x04,0x03,0x02,
-+0x30,0x2b,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x44,0x45,
-+0x31,0x0d,0x30,0x0b,0x06,0x03,0x55,0x04,0x0a,0x0c,0x04,0x57,0x69,0x6e,0x65,
-+0x31,0x0d,0x30,0x0b,0x06,0x03,0x55,0x04,0x03,0x0c,0x04,0x57,0x69,0x6e,0x65,
-+0x30,0x1e,0x17,0x0d,0x31,0x37,0x30,0x39,0x32,0x37,0x31,0x33,0x34,0x31,0x30,
-+0x34,0x5a,0x17,0x0d,0x32,0x37,0x30,0x39,0x32,0x35,0x31,0x33,0x34,0x31,0x30,
-+0x34,0x5a,0x30,0x2b,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,
-+0x44,0x45,0x31,0x0d,0x30,0x0b,0x06,0x03,0x55,0x04,0x0a,0x0c,0x04,0x54,0x65,
-+0x73,0x74,0x31,0x0d,0x30,0x0b,0x06,0x03,0x55,0x04,0x03,0x0c,0x04,0x54,0x65,
-+0x73,0x74,0x30,0x59,0x30,0x13,0x06,0x07,0x2a,0x86,0x48,0xce,0x3d,0x02,0x01,
-+0x06,0x08,0x2a,0x86,0x48,0xce,0x3d,0x03,0x01,0x07,0x03,0x42,0x00,0x04,0xed,
-+0xfc,0x77,0xd8,0xb9,0xe7,0xf3,0xf8,0xce,0x13,0xb8,0x7f,0x0f,0x78,0xea,0x73,
-+0x87,0x29,0x10,0xe1,0x6d,0x10,0xce,0x57,0x60,0x3b,0x3e,0xb4,0x5f,0x0d,0x20,
-+0xc1,0xeb,0x6d,0x74,0xe9,0x7b,0x11,0x51,0x9a,0x00,0xe8,0xe9,0x12,0x84,0xb9,
-+0x07,0x7e,0x7b,0x62,0x67,0x12,0x67,0x08,0xe5,0x2e,0x27,0xce,0xa2,0x57,0x15,
-+0xad,0xc5,0x1f,0x30,0x0a,0x06,0x08,0x2a,0x86,0x48,0xce,0x3d,0x04,0x03,0x02,
-+0x03,0x49,0x00,0x30,0x46,0x02,0x21,0x00,0xd7,0x29,0xce,0x5a,0xef,0x74,0x85,
-+0xd1,0x18,0x5f,0x6e,0xf1,0xba,0x53,0xd4,0xcd,0xdd,0xe0,0x5d,0xf1,0x5e,0x48,
-+0x51,0xea,0x63,0xc0,0xe8,0xe2,0xf6,0xfa,0x4c,0xaf,0x02,0x21,0x00,0xe3,0x94,
-+0x15,0x3b,0x6c,0x71,0x6e,0x44,0x22,0xcb,0xa0,0x88,0xcd,0x0a,0x5a,0x50,0x29,
-+0x7c,0x5c,0xd6,0x6c,0xd2,0xe0,0x7f,0xcd,0x02,0x92,0x21,0x4c,0x2c,0x92,0xee };
-+static const BYTE ecc_ca[] = {
-+0x30,0x82,0x01,0x9f,0x30,0x82,0x01,0x46,0xa0,0x03,0x02,0x01,0x02,0x02,0x09,
-+0x00,0xf1,0x54,0xae,0x21,0x2e,0x4d,0x31,0x9f,0x30,0x0a,0x06,0x08,0x2a,0x86,
-+0x48,0xce,0x3d,0x04,0x03,0x02,0x30,0x2b,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,
-+0x04,0x06,0x13,0x02,0x44,0x45,0x31,0x0d,0x30,0x0b,0x06,0x03,0x55,0x04,0x0a,
-+0x0c,0x04,0x57,0x69,0x6e,0x65,0x31,0x0d,0x30,0x0b,0x06,0x03,0x55,0x04,0x03,
-+0x0c,0x04,0x57,0x69,0x6e,0x65,0x30,0x1e,0x17,0x0d,0x31,0x37,0x30,0x39,0x32,
-+0x37,0x31,0x33,0x33,0x39,0x31,0x35,0x5a,0x17,0x0d,0x32,0x37,0x30,0x39,0x32,
-+0x35,0x31,0x33,0x33,0x39,0x31,0x35,0x5a,0x30,0x2b,0x31,0x0b,0x30,0x09,0x06,
-+0x03,0x55,0x04,0x06,0x13,0x02,0x44,0x45,0x31,0x0d,0x30,0x0b,0x06,0x03,0x55,
-+0x04,0x0a,0x0c,0x04,0x57,0x69,0x6e,0x65,0x31,0x0d,0x30,0x0b,0x06,0x03,0x55,
-+0x04,0x03,0x0c,0x04,0x57,0x69,0x6e,0x65,0x30,0x59,0x30,0x13,0x06,0x07,0x2a,
-+0x86,0x48,0xce,0x3d,0x02,0x01,0x06,0x08,0x2a,0x86,0x48,0xce,0x3d,0x03,0x01,
-+0x07,0x03,0x42,0x00,0x04,0x3b,0x3c,0x34,0xc8,0x3f,0x15,0xea,0x02,0x68,0x46,
-+0x69,0xdf,0x0c,0xa6,0xee,0x7a,0xd9,0x82,0x08,0x9b,0x37,0x53,0x42,0xf3,0x13,
-+0x63,0xda,0x65,0x79,0xe8,0x04,0x9e,0x8c,0x77,0xc4,0x33,0x77,0xd9,0x5a,0x7f,
-+0x60,0x7b,0x98,0xce,0xf3,0x96,0x56,0xd6,0xb5,0x8d,0x87,0x7a,0x00,0x2b,0xf3,
-+0x70,0xb3,0x90,0x73,0xa0,0x56,0x06,0x3b,0x22,0xa3,0x53,0x30,0x51,0x30,0x1d,
-+0x06,0x03,0x55,0x1d,0x0e,0x04,0x16,0x04,0x14,0x26,0xef,0x6f,0xe4,0xb5,0x24,
-+0x2f,0x68,0x49,0x84,0xd9,0x89,0xa6,0xab,0x0c,0xf8,0x6d,0xf5,0xe5,0x0c,0x30,
-+0x1f,0x06,0x03,0x55,0x1d,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0x26,0xef,0x6f,
-+0xe4,0xb5,0x24,0x2f,0x68,0x49,0x84,0xd9,0x89,0xa6,0xab,0x0c,0xf8,0x6d,0xf5,
-+0xe5,0x0c,0x30,0x0f,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x05,0x30,
-+0x03,0x01,0x01,0xff,0x30,0x0a,0x06,0x08,0x2a,0x86,0x48,0xce,0x3d,0x04,0x03,
-+0x02,0x03,0x47,0x00,0x30,0x44,0x02,0x20,0x2b,0x6b,0x23,0x42,0x32,0xf2,0xcb,
-+0x71,0xd7,0x5c,0xfa,0x5e,0x6c,0x19,0x31,0xd6,0x74,0xf7,0xc0,0xf8,0xc6,0x39,
-+0x38,0xe9,0x79,0x4d,0x84,0x44,0x40,0x13,0x8e,0x43,0x02,0x20,0x34,0xc7,0x61,
-+0xbb,0x18,0x1c,0x85,0x34,0xe3,0x4c,0x30,0x28,0x42,0x0e,0x06,0x65,0x68,0x1d,
-+0x76,0x53,0x24,0xa0,0x27,0xa5,0x84,0x3b,0x2d,0xf3,0xec,0x27,0x60,0xb2 };
-+
- 
- typedef struct _CONST_DATA_BLOB
- {
-@@ -3086,6 +3139,8 @@ static SYSTEMTIME jun2013 = { 2013, 6, 5, 6, 0, 0, 0, 0 };
- static SYSTEMTIME oct2016 = { 2016, 10, 6, 1, 0, 0, 0, 0 };
- /* Wednesday, Nov 17, 2016 */
- static SYSTEMTIME nov2016 = { 2016, 11, 3, 17, 0, 0, 0, 0 };
-+/* Wednesday, Nov 17, 2017 */
-+static SYSTEMTIME nov2017 = { 2017, 11, 3, 17, 0, 0, 0, 0 };
- 
- typedef struct _ChainCheck
- {
-@@ -3873,6 +3928,25 @@ static ChainCheck chainCheckEmbeddedNullBroken = {
-      CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS },
-    1, simpleStatus27Broken },
-  0 };
-+static CONST_DATA_BLOB chainECDSA[] = {
-+ { sizeof(ecc_ca), ecc_ca },
-+ { sizeof(ecc_crt), ecc_crt },
-+};
-+static const CERT_TRUST_STATUS elementStatusECDSA[] = {
-+ { CERT_TRUST_NO_ERROR, CERT_TRUST_HAS_NAME_MATCH_ISSUER },
-+ { CERT_TRUST_IS_UNTRUSTED_ROOT, CERT_TRUST_HAS_KEY_MATCH_ISSUER | CERT_TRUST_IS_SELF_SIGNED },
-+};
-+static const SimpleChainStatusCheck simpleStatusECDSA[] = {
-+ { sizeof(elementStatusECDSA) / sizeof(elementStatusECDSA[0]), elementStatusECDSA },
-+};
-+static ChainCheck chainCheckECDSA = {
-+ { sizeof(chainECDSA) / sizeof(chainECDSA[0]), chainECDSA },
-+ {
-+   { CERT_TRUST_IS_UNTRUSTED_ROOT, CERT_TRUST_HAS_PREFERRED_ISSUER },
-+   { CERT_TRUST_IS_UNTRUSTED_ROOT, 0 },
-+   1, simpleStatusECDSA
-+ }, TODO_ERROR
-+};
- 
- #define test_name_blob(a,b) _test_name_blob(__LINE__,a,b)
- static void _test_name_blob(unsigned line, CERT_NAME_BLOB *blob, const char *exdata)
-@@ -4148,6 +4222,16 @@ static void testGetCertChain(void)
- 
-     pCertFreeCertificateChain(chain);
- 
-+    /* Test with ECDSA certificate */
-+    chain = getChain(NULL, &chainCheckECDSA.certs, 0, TRUE, &nov2017, FALSE, 0);
-+    if (chain)
-+    {
-+        todo_wine ok(chain->TrustStatus.dwErrorStatus == CERT_TRUST_IS_UNTRUSTED_ROOT,
-+           "unexpected chain error status %08x\n", chain->TrustStatus.dwErrorStatus);
-+        checkChainStatus(chain, &chainCheckECDSA.status, chainCheckECDSA.todo, "chainCheckECDSA", 0);
-+        pCertFreeCertificateChain(chain);
-+    }
-+
-     /* Test HCCE_LOCAL_MACHINE */
-     ret = CertGetCertificateChain(HCCE_LOCAL_MACHINE, cert, &fileTime, store, &para, 0, NULL, &chain);
-     ok(ret, "CertGetCertificateChain failed: %u\n", GetLastError());
--- 
-2.14.1
-

patches/crypt32-ECDSA_Cert_Chains/definition

@@ -1 +0,0 @@
-Fixes: [35902] Implement support for validating ECDSA certificate chains

patches/d3d11-Depth_Bias/0006-wined3d-Add-support-for-depth-bias-clamping.patch

@@ -1,12 +1,12 @@
-From a93e855c484c622efedfe9696eac72c32007621d Mon Sep 17 00:00:00 2001
+From 04bb8bf7196efb6f7c0a3c5f7524ac8aefc645b6 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
 Date: Sat, 7 Oct 2017 00:52:34 +0200
 Subject: wined3d: Add support for depth bias clamping.
 
 ---
  dlls/d3d11/device.c       |  5 ++++-
+ dlls/wined3d/adapter_gl.c |  3 +++
  dlls/wined3d/cs.c         |  1 +
- dlls/wined3d/directx.c    |  3 +++
  dlls/wined3d/state.c      | 17 +++++++++++++++--
  dlls/wined3d/stateblock.c |  2 ++
  dlls/wined3d/utils.c      |  1 +
@@ -15,10 +15,10 @@ Subject: wined3d: Add support for depth bias clamping.
  8 files changed, 29 insertions(+), 4 deletions(-)
 
 diff --git a/dlls/d3d11/device.c b/dlls/d3d11/device.c
-index 68d6cf0..9854906 100644
+index e6ba31c..f0ff7b3 100644
 --- a/dlls/d3d11/device.c
 +++ b/dlls/d3d11/device.c
-@@ -920,7 +920,7 @@ static void STDMETHODCALLTYPE d3d11_immediate_context_RSSetState(ID3D11DeviceCon
+@@ -933,7 +933,7 @@ static void STDMETHODCALLTYPE d3d11_immediate_context_RSSetState(ID3D11DeviceCon
      {
          DWORD d;
          float f;
@@ -27,7 +27,7 @@ index 68d6cf0..9854906 100644
  
      TRACE("iface %p, rasterizer_state %p.\n", iface, rasterizer_state);
  
-@@ -932,6 +932,7 @@ static void STDMETHODCALLTYPE d3d11_immediate_context_RSSetState(ID3D11DeviceCon
+@@ -945,6 +945,7 @@ static void STDMETHODCALLTYPE d3d11_immediate_context_RSSetState(ID3D11DeviceCon
          wined3d_device_set_render_state(device->wined3d_device, WINED3D_RS_CULLMODE, WINED3D_CULL_BACK);
          wined3d_device_set_render_state(device->wined3d_device, WINED3D_RS_SLOPESCALEDEPTHBIAS, 0);
          wined3d_device_set_render_state(device->wined3d_device, WINED3D_RS_DEPTHBIAS, 0);
@@ -35,7 +35,7 @@ index 68d6cf0..9854906 100644
          wined3d_device_set_render_state(device->wined3d_device, WINED3D_RS_SCISSORTESTENABLE, FALSE);
          wined3d_device_set_render_state(device->wined3d_device, WINED3D_RS_MULTISAMPLEANTIALIAS, FALSE);
          wined3d_device_set_render_state(device->wined3d_device, WINED3D_RS_ANTIALIASEDLINEENABLE, FALSE);
-@@ -946,8 +947,10 @@ static void STDMETHODCALLTYPE d3d11_immediate_context_RSSetState(ID3D11DeviceCon
+@@ -959,8 +960,10 @@ static void STDMETHODCALLTYPE d3d11_immediate_context_RSSetState(ID3D11DeviceCon
      wined3d_device_set_render_state(device->wined3d_device, WINED3D_RS_CULLMODE, desc->CullMode);
      scale_bias.f = desc->SlopeScaledDepthBias;
      const_bias.f = desc->DepthBias;
@@ -46,23 +46,11 @@ index 68d6cf0..9854906 100644
      wined3d_device_set_render_state(device->wined3d_device, WINED3D_RS_SCISSORTESTENABLE, desc->ScissorEnable);
      wined3d_device_set_render_state(device->wined3d_device, WINED3D_RS_MULTISAMPLEANTIALIAS, desc->MultisampleEnable);
      wined3d_device_set_render_state(device->wined3d_device,
-diff --git a/dlls/wined3d/cs.c b/dlls/wined3d/cs.c
-index 3f1ca8c..aea2cdf 100644
---- a/dlls/wined3d/cs.c
-+++ b/dlls/wined3d/cs.c
-@@ -1065,6 +1065,7 @@ static void wined3d_cs_exec_set_depth_stencil_view(struct wined3d_cs *cs, const
-         device_invalidate_state(device, STATE_RENDER(WINED3D_RS_STENCILENABLE));
-         device_invalidate_state(device, STATE_RENDER(WINED3D_RS_STENCILWRITEMASK));
-         device_invalidate_state(device, STATE_RENDER(WINED3D_RS_DEPTHBIAS));
-+        device_invalidate_state(device, STATE_RENDER(WINED3D_RS_DEPTHBIASCLAMP));
-     }
-     else if (prev && prev->format->depth_bias_scale != op->view->format->depth_bias_scale)
-     {
-diff --git a/dlls/wined3d/directx.c b/dlls/wined3d/directx.c
-index a4e4a0c..e595da5 100644
---- a/dlls/wined3d/directx.c
-+++ b/dlls/wined3d/directx.c
-@@ -233,6 +233,7 @@ static const struct wined3d_extension_map gl_extension_map[] =
+diff --git a/dlls/wined3d/adapter_gl.c b/dlls/wined3d/adapter_gl.c
+index 686c79a..dc49c88 100644
+--- a/dlls/wined3d/adapter_gl.c
++++ b/dlls/wined3d/adapter_gl.c
+@@ -180,6 +180,7 @@ static const struct wined3d_extension_map gl_extension_map[] =
      {"GL_EXT_packed_depth_stencil",         EXT_PACKED_DEPTH_STENCIL      },
      {"GL_EXT_packed_float",                 EXT_PACKED_FLOAT              },
      {"GL_EXT_point_parameters",             EXT_POINT_PARAMETERS          },
@@ -70,7 +58,7 @@ index a4e4a0c..e595da5 100644
      {"GL_EXT_provoking_vertex",             EXT_PROVOKING_VERTEX          },
      {"GL_EXT_secondary_color",              EXT_SECONDARY_COLOR           },
      {"GL_EXT_stencil_two_side",             EXT_STENCIL_TWO_SIDE          },
-@@ -3117,6 +3118,8 @@ static void load_gl_funcs(struct wined3d_gl_info *gl_info)
+@@ -2473,6 +2474,8 @@ static void load_gl_funcs(struct wined3d_gl_info *gl_info)
      /* GL_EXT_point_parameters */
      USE_GL_FUNC(glPointParameterfEXT)
      USE_GL_FUNC(glPointParameterfvEXT)
@@ -79,6 +67,18 @@ index a4e4a0c..e595da5 100644
      /* GL_EXT_provoking_vertex */
      USE_GL_FUNC(glProvokingVertexEXT)
      /* GL_EXT_secondary_color */
+diff --git a/dlls/wined3d/cs.c b/dlls/wined3d/cs.c
+index d6bc739..515982c 100644
+--- a/dlls/wined3d/cs.c
++++ b/dlls/wined3d/cs.c
+@@ -1124,6 +1124,7 @@ static void wined3d_cs_exec_set_depth_stencil_view(struct wined3d_cs *cs, const
+         device_invalidate_state(device, STATE_RENDER(WINED3D_RS_STENCILENABLE));
+         device_invalidate_state(device, STATE_RENDER(WINED3D_RS_STENCILWRITEMASK));
+         device_invalidate_state(device, STATE_RENDER(WINED3D_RS_DEPTHBIAS));
++        device_invalidate_state(device, STATE_RENDER(WINED3D_RS_DEPTHBIASCLAMP));
+     }
+     else if (prev && prev->format->depth_bias_scale != op->view->format->depth_bias_scale)
+     {
 diff --git a/dlls/wined3d/state.c b/dlls/wined3d/state.c
 index 3b2f845..2dd6ac2 100644
 --- a/dlls/wined3d/state.c
@@ -138,10 +138,10 @@ index b4d1751..093c740 100644
      state->render_states[WINED3D_RS_WRAP9] = 0;
      state->render_states[WINED3D_RS_WRAP10] = 0;
 diff --git a/dlls/wined3d/utils.c b/dlls/wined3d/utils.c
-index 7cecd8c..0152879 100644
+index 861f169..b46f67f 100644
 --- a/dlls/wined3d/utils.c
 +++ b/dlls/wined3d/utils.c
-@@ -4425,6 +4425,7 @@ const char *debug_d3drenderstate(enum wined3d_render_state state)
+@@ -4652,6 +4652,7 @@ const char *debug_d3drenderstate(enum wined3d_render_state state)
          D3DSTATE_TO_STR(WINED3D_RS_BLENDFACTOR);
          D3DSTATE_TO_STR(WINED3D_RS_SRGBWRITEENABLE);
          D3DSTATE_TO_STR(WINED3D_RS_DEPTHBIAS);
@@ -162,10 +162,10 @@ index 525c298..883faaa 100644
      EXT_SECONDARY_COLOR,
      EXT_STENCIL_TWO_SIDE,
 diff --git a/include/wine/wined3d.h b/include/wine/wined3d.h
-index bb4ad48..4a5d0dd 100644
+index 239ccd8..884e824 100644
 --- a/include/wine/wined3d.h
 +++ b/include/wine/wined3d.h
-@@ -386,8 +386,9 @@ enum wined3d_render_state
+@@ -399,8 +399,9 @@ enum wined3d_render_state
      WINED3D_RS_SRCBLENDALPHA                = 207,
      WINED3D_RS_DESTBLENDALPHA               = 208,
      WINED3D_RS_BLENDOPALPHA                 = 209,