Release v3.18

Also fix wined3d-Indexed_Vertex_Blending rebase, again.

README.md

@@ -22,7 +22,7 @@ parallel. If this is the case for your distribution, you will have to type
 `/opt/wine-staging/bin/wine` instead of just `wine`. The same also applies for
 other wine-specific programs like `winecfg`. To learn more about how to use
 Wine Staging, please take a look at the
-[usage instructions](https://github.com/wine-compholio/wine-staging/wiki/Usage).
+[usage instructions](https://wiki.winehq.org/Wine-Staging_Usage).
 
 Building
 --------
@@ -73,7 +73,7 @@ Before you proceed with the compilation, please make sure that you installed all
 additional build dependencies required for the Wine Staging features you are
 interested in (check output of `./configure`). More information about building
 Wine Staging, optional build dependencies, and hints for packagers are collected
-in our [Wiki](https://github.com/wine-compholio/wine-staging/wiki/Packaging).
+in our [Wiki](https://wiki.winehq.org/Wine-Staging).
 
 Contributing
 ------------

patches/Compiler_Warnings/0001-windowscodecs-Avoid-implicit-cast-of-interface-point.patch

@@ -0,0 +1,61 @@
+From fc5c0462f64e0976d596bd726da4d7f0e4857384 Mon Sep 17 00:00:00 2001
+From: Alistair Leslie-Hughes <leslie_alistair@hotmail.com>
+Date: Wed, 19 Sep 2018 09:03:19 +1000
+Subject: [PATCH] windowscodecs: Avoid implicit cast of interface pointer.
+
+---
+ dlls/windowscodecs/info.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/dlls/windowscodecs/info.c b/dlls/windowscodecs/info.c
+index 0a86266..8c81574 100644
+--- a/dlls/windowscodecs/info.c
++++ b/dlls/windowscodecs/info.c
+@@ -222,7 +222,7 @@ typedef struct {
+ 
+ static inline BitmapDecoderInfo *impl_from_IWICBitmapDecoderInfo(IWICBitmapDecoderInfo *iface)
+ {
+-    return CONTAINING_RECORD(iface, BitmapDecoderInfo, base.IWICComponentInfo_iface);
++    return CONTAINING_RECORD((IWICComponentInfo*)iface, BitmapDecoderInfo, base.IWICComponentInfo_iface);
+ }
+ 
+ static HRESULT WINAPI BitmapDecoderInfo_QueryInterface(IWICBitmapDecoderInfo *iface, REFIID iid,
+@@ -713,7 +713,7 @@ typedef struct {
+ 
+ static inline BitmapEncoderInfo *impl_from_IWICBitmapEncoderInfo(IWICBitmapEncoderInfo *iface)
+ {
+-    return CONTAINING_RECORD(iface, BitmapEncoderInfo, base.IWICComponentInfo_iface);
++    return CONTAINING_RECORD((IWICComponentInfo*)iface, BitmapEncoderInfo, base.IWICComponentInfo_iface);
+ }
+ 
+ static HRESULT WINAPI BitmapEncoderInfo_QueryInterface(IWICBitmapEncoderInfo *iface, REFIID iid,
+@@ -1005,7 +1005,7 @@ typedef struct {
+ 
+ static inline FormatConverterInfo *impl_from_IWICFormatConverterInfo(IWICFormatConverterInfo *iface)
+ {
+-    return CONTAINING_RECORD(iface, FormatConverterInfo, base.IWICComponentInfo_iface);
++    return CONTAINING_RECORD((IWICComponentInfo*)iface, FormatConverterInfo, base.IWICComponentInfo_iface);
+ }
+ 
+ static HRESULT WINAPI FormatConverterInfo_QueryInterface(IWICFormatConverterInfo *iface, REFIID iid,
+@@ -1219,7 +1219,7 @@ typedef struct {
+ 
+ static inline PixelFormatInfo *impl_from_IWICPixelFormatInfo2(IWICPixelFormatInfo2 *iface)
+ {
+-    return CONTAINING_RECORD(iface, PixelFormatInfo, base.IWICComponentInfo_iface);
++    return CONTAINING_RECORD((IWICComponentInfo*)iface, PixelFormatInfo, base.IWICComponentInfo_iface);
+ }
+ 
+ static HRESULT WINAPI PixelFormatInfo_QueryInterface(IWICPixelFormatInfo2 *iface, REFIID iid,
+@@ -1531,7 +1531,7 @@ static struct metadata_container *get_metadata_container(MetadataReaderInfo *inf
+ 
+ static inline MetadataReaderInfo *impl_from_IWICMetadataReaderInfo(IWICMetadataReaderInfo *iface)
+ {
+-    return CONTAINING_RECORD(iface, MetadataReaderInfo, base.IWICComponentInfo_iface);
++    return CONTAINING_RECORD((IWICComponentInfo*)iface, MetadataReaderInfo, base.IWICComponentInfo_iface);
+ }
+ 
+ static HRESULT WINAPI MetadataReaderInfo_QueryInterface(IWICMetadataReaderInfo *iface,
+-- 
+1.9.1
+

patches/Compiler_Warnings/0009-ws2_32-tests-Work-around-an-incorrect-detection-in-G.patch

@@ -1,24 +0,0 @@
-From 560a25c662f7b56d2b895759be1ea65c64d0f5af Mon Sep 17 00:00:00 2001
-From: Sebastian Lackner <sebastian@fds-team.de>
-Date: Sun, 4 Jun 2017 12:57:17 +0200
-Subject: ws2_32/tests: Work around an incorrect detection in GCC 7.
-
----
- dlls/ws2_32/tests/sock.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/dlls/ws2_32/tests/sock.c b/dlls/ws2_32/tests/sock.c
-index 677a750ec6b..65c82e36524 100644
---- a/dlls/ws2_32/tests/sock.c
-+++ b/dlls/ws2_32/tests/sock.c
-@@ -3601,6 +3601,7 @@ static DWORD WINAPI SelectReadThread(void *param)
-     struct sockaddr_in addr;
-     struct timeval select_timeout;
- 
-+    memset(&readfds, 0, sizeof(readfds));
-     FD_ZERO(&readfds);
-     FD_SET(par->s, &readfds);
-     select_timeout.tv_sec=5;
--- 
-2.13.0
-

patches/Compiler_Warnings/0018-Appease-the-blessed-version-of-gcc-4.5-when-Werror-i.patch

@@ -1,67 +0,0 @@
-From cd34de81164087b3593d0ec9416e2f157a5df40d Mon Sep 17 00:00:00 2001
-From: "Erich E. Hoover" <erich.e.hoover@gmail.com>
-Date: Fri, 8 Aug 2014 19:33:14 -0600
-Subject: Appease the blessed version of gcc (4.5) when -Werror is enabled.
-
----
- dlls/d3d9/tests/visual.c   | 2 +-
- dlls/netapi32/netapi32.c   | 2 +-
- dlls/wined3d/glsl_shader.c | 2 +-
- tools/makedep.c            | 2 +-
- 4 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/dlls/d3d9/tests/visual.c b/dlls/d3d9/tests/visual.c
-index c8a6a1fa5a8..0261d3708e6 100644
---- a/dlls/d3d9/tests/visual.c
-+++ b/dlls/d3d9/tests/visual.c
-@@ -12304,7 +12304,7 @@ static void yuv_layout_test(void)
-     IDirect3D9 *d3d;
-     D3DCOLOR color;
-     DWORD ref_color;
--    BYTE *buf, *chroma_buf, *u_buf, *v_buf;
-+    BYTE *buf, *chroma_buf, *u_buf = NULL, *v_buf = NULL;
-     UINT width = 20, height = 16;
-     IDirect3DDevice9 *device;
-     ULONG refcount;
-diff --git a/dlls/netapi32/netapi32.c b/dlls/netapi32/netapi32.c
-index 278d4528b01..1c5f110b828 100644
---- a/dlls/netapi32/netapi32.c
-+++ b/dlls/netapi32/netapi32.c
-@@ -780,7 +780,7 @@ static NET_API_STATUS share_info_to_samba( DWORD level, const BYTE *buf, unsigne
- static NET_API_STATUS share_add( LMSTR servername, DWORD level, LPBYTE buf, LPDWORD parm_err )
- {
-     char *server = NULL;
--    unsigned char *info;
-+    unsigned char *info = NULL;
-     NET_API_STATUS status;
- 
-     if (servername && !(server = strdup_unixcp( servername ))) return ERROR_OUTOFMEMORY;
-diff --git a/dlls/wined3d/glsl_shader.c b/dlls/wined3d/glsl_shader.c
-index f96f48d97d1..8fe3318cd78 100644
---- a/dlls/wined3d/glsl_shader.c
-+++ b/dlls/wined3d/glsl_shader.c
-@@ -9721,7 +9721,7 @@ static void set_glsl_shader_program(const struct wined3d_context *context, const
-     GLuint ds_id = 0;
-     GLuint gs_id = 0;
-     GLuint ps_id = 0;
--    struct list *ps_list, *vs_list;
-+    struct list *ps_list = NULL, *vs_list = NULL;
-     WORD attribs_map;
-     struct wined3d_string_buffer *tmp_name;
- 
-diff --git a/tools/makedep.c b/tools/makedep.c
-index 296356b0a57..5a2873b56f1 100644
---- a/tools/makedep.c
-+++ b/tools/makedep.c
-@@ -1608,7 +1608,7 @@ static const char *get_make_variable( const struct makefile *make, const char *n
- static char *get_expanded_make_variable( const struct makefile *make, const char *name )
- {
-     const char *var;
--    char *p, *end, *expand, *tmp;
-+    char *p, *end, *expand, *tmp = NULL;
- 
-     var = get_make_variable( make, name );
-     if (!var) return NULL;
--- 
-2.13.1
-

patches/Compiler_Warnings/0021-d2d1-Avoid-implicit-cast-of-interface-pointer.patch

@@ -1,18 +1,34 @@
-From 79ff79dba6d5c8008c53e4bcf5e38c3a54271091 Mon Sep 17 00:00:00 2001
+From 2aeb3a9e57142c3f4ff86cb81b206bdbc146552d Mon Sep 17 00:00:00 2001
 From: Sebastian Lackner <sebastian@fds-team.de>
 Date: Tue, 22 Mar 2016 21:54:26 +0100
-Subject: d2d1: Avoid implicit cast of interface pointer.
+Subject: [PATCH] d2d1: Avoid implicit cast of interface pointer.
 
 ---
- dlls/d2d1/brush.c    | 8 ++++----
- dlls/d2d1/geometry.c | 6 +++---
- 2 files changed, 7 insertions(+), 7 deletions(-)
+ dlls/d2d1/bitmap.c             | 2 +-
+ dlls/d2d1/brush.c              | 8 ++++----
+ dlls/d2d1/dc_render_target.c   | 2 +-
+ dlls/d2d1/device.c             | 2 +-
+ dlls/d2d1/geometry.c           | 6 +++---
+ dlls/d2d1/hwnd_render_target.c | 2 +-
+ dlls/d2d1/state_block.c        | 2 +-
+ 7 files changed, 12 insertions(+), 12 deletions(-)
 
+diff --git a/dlls/d2d1/bitmap.c b/dlls/d2d1/bitmap.c
+index c0aef3c..8a4b517 100644
+--- a/dlls/d2d1/bitmap.c
++++ b/dlls/d2d1/bitmap.c
+@@ -626,5 +626,5 @@ struct d2d_bitmap *unsafe_impl_from_ID2D1Bitmap(ID2D1Bitmap *iface)
+     if (!iface)
+         return NULL;
+     assert(iface->lpVtbl == (ID2D1BitmapVtbl *)&d2d_bitmap_vtbl);
+-    return CONTAINING_RECORD(iface, struct d2d_bitmap, ID2D1Bitmap1_iface);
++    return CONTAINING_RECORD((ID2D1Bitmap1*)iface, struct d2d_bitmap, ID2D1Bitmap1_iface);
+ }
 diff --git a/dlls/d2d1/brush.c b/dlls/d2d1/brush.c
-index 7f4c7bbb763..30d25fec4b4 100644
+index 9c73ae1..a748669 100644
 --- a/dlls/d2d1/brush.c
 +++ b/dlls/d2d1/brush.c
-@@ -251,7 +251,7 @@ static void d2d_brush_init(struct d2d_brush *brush, ID2D1Factory *factory,
+@@ -256,7 +256,7 @@ static void d2d_brush_init(struct d2d_brush *brush, ID2D1Factory *factory,
  
  static inline struct d2d_brush *impl_from_ID2D1SolidColorBrush(ID2D1SolidColorBrush *iface)
  {
@@ -21,7 +37,7 @@ index 7f4c7bbb763..30d25fec4b4 100644
  }
  
  static HRESULT STDMETHODCALLTYPE d2d_solid_color_brush_QueryInterface(ID2D1SolidColorBrush *iface,
-@@ -394,7 +394,7 @@ HRESULT d2d_solid_color_brush_create(ID2D1Factory *factory, const D2D1_COLOR_F *
+@@ -399,7 +399,7 @@ HRESULT d2d_solid_color_brush_create(ID2D1Factory *factory, const D2D1_COLOR_F *
  
  static inline struct d2d_brush *impl_from_ID2D1LinearGradientBrush(ID2D1LinearGradientBrush *iface)
  {
@@ -30,7 +46,7 @@ index 7f4c7bbb763..30d25fec4b4 100644
  }
  
  static HRESULT STDMETHODCALLTYPE d2d_linear_gradient_brush_QueryInterface(ID2D1LinearGradientBrush *iface,
-@@ -580,7 +580,7 @@ HRESULT d2d_linear_gradient_brush_create(ID2D1Factory *factory, const D2D1_LINEA
+@@ -586,7 +586,7 @@ HRESULT d2d_linear_gradient_brush_create(ID2D1Factory *factory,
  
  static inline struct d2d_brush *impl_from_ID2D1RadialGradientBrush(ID2D1RadialGradientBrush *iface)
  {
@@ -39,20 +55,46 @@ index 7f4c7bbb763..30d25fec4b4 100644
  }
  
  static HRESULT STDMETHODCALLTYPE d2d_radial_gradient_brush_QueryInterface(ID2D1RadialGradientBrush *iface,
-@@ -776,7 +776,7 @@ HRESULT d2d_radial_gradient_brush_create(ID2D1Factory *factory, const D2D1_BRUSH
+@@ -818,7 +818,7 @@ HRESULT d2d_radial_gradient_brush_create(ID2D1Factory *factory,
  
- static inline struct d2d_brush *impl_from_ID2D1BitmapBrush(ID2D1BitmapBrush *iface)
+ static inline struct d2d_brush *impl_from_ID2D1BitmapBrush1(ID2D1BitmapBrush1 *iface)
  {
 -    return CONTAINING_RECORD(iface, struct d2d_brush, ID2D1Brush_iface);
 +    return CONTAINING_RECORD((ID2D1Brush *)iface, struct d2d_brush, ID2D1Brush_iface);
  }
  
- static HRESULT STDMETHODCALLTYPE d2d_bitmap_brush_QueryInterface(ID2D1BitmapBrush *iface,
+ static HRESULT STDMETHODCALLTYPE d2d_bitmap_brush_QueryInterface(ID2D1BitmapBrush1 *iface,
+diff --git a/dlls/d2d1/dc_render_target.c b/dlls/d2d1/dc_render_target.c
+index b095008..6030826 100644
+--- a/dlls/d2d1/dc_render_target.c
++++ b/dlls/d2d1/dc_render_target.c
+@@ -26,7 +26,7 @@ WINE_DEFAULT_DEBUG_CHANNEL(d2d);
+ 
+ static inline struct d2d_dc_render_target *impl_from_IUnknown(IUnknown *iface)
+ {
+-    return CONTAINING_RECORD(iface, struct d2d_dc_render_target, ID2D1DCRenderTarget_iface);
++    return CONTAINING_RECORD((ID2D1DCRenderTarget*)iface, struct d2d_dc_render_target, ID2D1DCRenderTarget_iface);
+ }
+ 
+ static HRESULT d2d_dc_render_target_present(IUnknown *outer_unknown)
+diff --git a/dlls/d2d1/device.c b/dlls/d2d1/device.c
+index 45b2258..bf32c23 100644
+--- a/dlls/d2d1/device.c
++++ b/dlls/d2d1/device.c
+@@ -207,7 +207,7 @@ static inline struct d2d_device_context *impl_from_ID2D1DeviceContext(ID2D1Devic
+ 
+ static inline struct d2d_device_context *impl_from_ID2D1RenderTarget(ID2D1RenderTarget *iface)
+ {
+-    return CONTAINING_RECORD(iface, struct d2d_device_context, ID2D1DeviceContext_iface);
++    return CONTAINING_RECORD((ID2D1DeviceContext*)iface, struct d2d_device_context, ID2D1DeviceContext_iface);
+ }
+ 
+ static HRESULT STDMETHODCALLTYPE d2d_device_context_inner_QueryInterface(IUnknown *iface, REFIID iid, void **out)
 diff --git a/dlls/d2d1/geometry.c b/dlls/d2d1/geometry.c
-index a9588985642..b8457a9e1ea 100644
+index 421ba2b..f8db51c 100644
 --- a/dlls/d2d1/geometry.c
 +++ b/dlls/d2d1/geometry.c
-@@ -3024,7 +3024,7 @@ static const struct ID2D1GeometrySinkVtbl d2d_geometry_sink_vtbl =
+@@ -2987,7 +2987,7 @@ static const struct ID2D1GeometrySinkVtbl d2d_geometry_sink_vtbl =
  
  static inline struct d2d_geometry *impl_from_ID2D1PathGeometry(ID2D1PathGeometry *iface)
  {
@@ -61,7 +103,7 @@ index a9588985642..b8457a9e1ea 100644
  }
  
  static HRESULT STDMETHODCALLTYPE d2d_path_geometry_QueryInterface(ID2D1PathGeometry *iface, REFIID iid, void **out)
-@@ -3540,7 +3540,7 @@ void d2d_path_geometry_init(struct d2d_geometry *geometry, ID2D1Factory *factory
+@@ -3503,7 +3503,7 @@ void d2d_path_geometry_init(struct d2d_geometry *geometry, ID2D1Factory *factory
  
  static inline struct d2d_geometry *impl_from_ID2D1RectangleGeometry(ID2D1RectangleGeometry *iface)
  {
@@ -70,7 +112,7 @@ index a9588985642..b8457a9e1ea 100644
  }
  
  static HRESULT STDMETHODCALLTYPE d2d_rectangle_geometry_QueryInterface(ID2D1RectangleGeometry *iface,
-@@ -3876,7 +3876,7 @@ fail:
+@@ -3838,7 +3838,7 @@ fail:
  
  static inline struct d2d_geometry *impl_from_ID2D1TransformedGeometry(ID2D1TransformedGeometry *iface)
  {
@@ -79,6 +121,30 @@ index a9588985642..b8457a9e1ea 100644
  }
  
  static HRESULT STDMETHODCALLTYPE d2d_transformed_geometry_QueryInterface(ID2D1TransformedGeometry *iface,
+diff --git a/dlls/d2d1/hwnd_render_target.c b/dlls/d2d1/hwnd_render_target.c
+index d0b9695..429561e 100644
+--- a/dlls/d2d1/hwnd_render_target.c
++++ b/dlls/d2d1/hwnd_render_target.c
+@@ -26,7 +26,7 @@ WINE_DEFAULT_DEBUG_CHANNEL(d2d);
+ 
+ static inline struct d2d_hwnd_render_target *impl_from_IUnknown(IUnknown *iface)
+ {
+-    return CONTAINING_RECORD(iface, struct d2d_hwnd_render_target, ID2D1HwndRenderTarget_iface);
++    return CONTAINING_RECORD((ID2D1HwndRenderTarget*)iface, struct d2d_hwnd_render_target, ID2D1HwndRenderTarget_iface);
+ }
+ 
+ static HRESULT d2d_hwnd_render_target_present(IUnknown *outer_unknown)
+diff --git a/dlls/d2d1/state_block.c b/dlls/d2d1/state_block.c
+index b15384e..4e7e34b 100644
+--- a/dlls/d2d1/state_block.c
++++ b/dlls/d2d1/state_block.c
+@@ -190,5 +190,5 @@ struct d2d_state_block *unsafe_impl_from_ID2D1DrawingStateBlock(ID2D1DrawingStat
+     if (!iface)
+         return NULL;
+     assert(iface->lpVtbl == (ID2D1DrawingStateBlockVtbl *)&d2d_state_block_vtbl);
+-    return CONTAINING_RECORD(iface, struct d2d_state_block, ID2D1DrawingStateBlock1_iface);
++    return CONTAINING_RECORD((ID2D1DrawingStateBlock1*)iface, struct d2d_state_block, ID2D1DrawingStateBlock1_iface);
+ }
 -- 
-2.14.1
+1.9.1
 

patches/advapi32-LsaLookupSids/definition

@@ -1,2 +1 @@
 Depends: server-Misc_ACL
-Depends: server-CreateProcess_ACLs

patches/advapi32-Token_Integrity_Level/0009-kernel32-Implement-CreateProcessInternalW.patch

@@ -1,4 +1,4 @@
-From a7af0ee96959aab299e543e9d6938e2533780c47 Mon Sep 17 00:00:00 2001
+From 6dc2138136a0699c8e8d1337b646a09b93cd8b0f Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
 Date: Sat, 5 Aug 2017 04:02:16 +0200
 Subject: [PATCH] kernel32: Implement CreateProcessInternalW.
@@ -11,7 +11,7 @@ Subject: [PATCH] kernel32: Implement CreateProcessInternalW.
  4 files changed, 17 insertions(+), 12 deletions(-)
 
 diff --git a/dlls/kernel32/kernel32.spec b/dlls/kernel32/kernel32.spec
-index e78c1ca..fde5f18 100644
+index cb9c73a..98d5000 100644
 --- a/dlls/kernel32/kernel32.spec
 +++ b/dlls/kernel32/kernel32.spec
 @@ -315,7 +315,7 @@
@@ -24,10 +24,10 @@ index e78c1ca..fde5f18 100644
  @ stdcall CreateProcessW(wstr wstr ptr ptr long long ptr wstr ptr ptr)
  @ stdcall CreateRemoteThread(long ptr long ptr long long ptr)
 diff --git a/dlls/kernel32/process.c b/dlls/kernel32/process.c
-index 2075dfd..f9606be 100644
+index 658a0b1..15460aa 100644
 --- a/dlls/kernel32/process.c
 +++ b/dlls/kernel32/process.c
-@@ -2436,12 +2436,13 @@ static LPWSTR get_file_name( LPCWSTR appname, LPWSTR cmdline, LPWSTR buffer,
+@@ -2588,12 +2588,13 @@ static LPWSTR get_file_name( LPCWSTR appname, LPWSTR cmdline, LPWSTR buffer,
      return ret;
  }
  
@@ -47,17 +47,17 @@ index 2075dfd..f9606be 100644
  {
      BOOL retv = FALSE;
      HANDLE hFile = 0;
-@@ -2454,6 +2455,9 @@ static BOOL create_process_impl( LPCWSTR app_name, LPWSTR cmd_line, LPSECURITY_A
+@@ -2608,6 +2609,9 @@ static BOOL create_process_impl( LPCWSTR app_name, LPWSTR cmd_line, LPSECURITY_A
  
      TRACE("app %s cmdline %s\n", debugstr_w(app_name), debugstr_w(cmd_line) );
  
 +    if (token) FIXME("Creating a process with a token is not yet implemented\n");
 +    if (new_token) FIXME("No support for returning created process token\n");
 +
-     if (!(tidy_cmdline = get_file_name( app_name, cmd_line, name, sizeof(name)/sizeof(WCHAR),
-                                         &hFile, &binary_info )))
+     if (!(tidy_cmdline = get_file_name( app_name, cmd_line, name, ARRAY_SIZE( name ), &hFile, &is_64bit )))
          return FALSE;
-@@ -2605,8 +2609,8 @@ BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessA( LPCSTR app_name, LPSTR cmd_line, L
+     if (hFile == INVALID_HANDLE_VALUE) goto done;
+@@ -2774,8 +2778,8 @@ BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessA( LPCSTR app_name, LPSTR cmd_line, L
        FIXME("StartupInfo.lpReserved is used, please report (%s)\n",
              debugstr_a(startup_info->lpReserved));
  
@@ -68,7 +68,7 @@ index 2075dfd..f9606be 100644
  done:
      HeapFree( GetProcessHeap(), 0, app_nameW );
      HeapFree( GetProcessHeap(), 0, cmd_lineW );
-@@ -2625,8 +2629,8 @@ BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessW( LPCWSTR app_name, LPWSTR cmd_line,
+@@ -2794,8 +2798,8 @@ BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessW( LPCWSTR app_name, LPWSTR cmd_line,
                                                LPVOID env, LPCWSTR cur_dir, LPSTARTUPINFOW startup_info,
                                                LPPROCESS_INFORMATION info )
  {
@@ -80,7 +80,7 @@ index 2075dfd..f9606be 100644
  
  
 diff --git a/dlls/kernelbase/kernelbase.spec b/dlls/kernelbase/kernelbase.spec
-index 8cac67f..e8fd7aa 100644
+index 7d8439f..cfc3bec 100644
 --- a/dlls/kernelbase/kernelbase.spec
 +++ b/dlls/kernelbase/kernelbase.spec
 @@ -209,7 +209,7 @@
@@ -93,10 +93,10 @@ index 8cac67f..e8fd7aa 100644
  @ stdcall CreateRemoteThread(long ptr long ptr long long ptr) kernel32.CreateRemoteThread
  @ stdcall CreateRemoteThreadEx(long ptr long ptr ptr long ptr ptr) kernel32.CreateRemoteThreadEx
 diff --git a/include/winbase.h b/include/winbase.h
-index 4ddc1d3..e21cf6e 100644
+index de52e5a..99e761e 100644
 --- a/include/winbase.h
 +++ b/include/winbase.h
-@@ -1856,6 +1856,7 @@ WINBASEAPI BOOL        WINAPI CreateProcessW(LPCWSTR,LPWSTR,LPSECURITY_ATTRIBUTE
+@@ -1863,6 +1863,7 @@ WINBASEAPI BOOL        WINAPI CreateProcessW(LPCWSTR,LPWSTR,LPSECURITY_ATTRIBUTE
  WINADVAPI  BOOL        WINAPI CreateProcessAsUserA(HANDLE,LPCSTR,LPSTR,LPSECURITY_ATTRIBUTES,LPSECURITY_ATTRIBUTES,BOOL,DWORD,LPVOID,LPCSTR,LPSTARTUPINFOA,LPPROCESS_INFORMATION);
  WINADVAPI  BOOL        WINAPI CreateProcessAsUserW(HANDLE,LPCWSTR,LPWSTR,LPSECURITY_ATTRIBUTES,LPSECURITY_ATTRIBUTES,BOOL,DWORD,LPVOID,LPCWSTR,LPSTARTUPINFOW,LPPROCESS_INFORMATION);
  #define                       CreateProcessAsUser WINELIB_NAME_AW(CreateProcessAsUser)
@@ -105,5 +105,5 @@ index 4ddc1d3..e21cf6e 100644
  WINBASEAPI HANDLE      WINAPI CreateRemoteThread(HANDLE,LPSECURITY_ATTRIBUTES,SIZE_T,LPTHREAD_START_ROUTINE,LPVOID,DWORD,LPDWORD);
  WINBASEAPI HANDLE      WINAPI CreateRemoteThreadEx(HANDLE,LPSECURITY_ATTRIBUTES,SIZE_T,LPTHREAD_START_ROUTINE,LPVOID,DWORD,LPPROC_THREAD_ATTRIBUTE_LIST,LPDWORD);
 -- 
-1.9.1
+2.7.4
 

patches/advapi32-Token_Integrity_Level/0010-server-Implement-support-for-creating-processes-usin.patch

@@ -1,4 +1,4 @@
-From 23181e8cbe07ac0fd3b6effd04624122a6b0024f Mon Sep 17 00:00:00 2001
+From 5128e0ff8263d52792c16c465869a90736ec76de Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
 Date: Sun, 6 Aug 2017 02:08:05 +0200
 Subject: [PATCH] server: Implement support for creating processes using a
@@ -15,10 +15,10 @@ Subject: [PATCH] server: Implement support for creating processes using a
  7 files changed, 59 insertions(+), 21 deletions(-)
 
 diff --git a/dlls/kernel32/process.c b/dlls/kernel32/process.c
-index f9606be..c0b89f9 100644
+index c2042b0..5e94fb0 100644
 --- a/dlls/kernel32/process.c
 +++ b/dlls/kernel32/process.c
-@@ -2034,7 +2034,7 @@ static NTSTATUS create_struct_sd(PSECURITY_DESCRIPTOR nt_sd, struct security_des
+@@ -2207,7 +2207,7 @@ static NTSTATUS alloc_object_attributes( const SECURITY_ATTRIBUTES *attr, struct
   * Create a new process. If hFile is a valid handle we have an exe
   * file, otherwise it is a Winelib app.
   */
@@ -27,15 +27,15 @@ index f9606be..c0b89f9 100644
                              LPCWSTR cur_dir, LPSECURITY_ATTRIBUTES psa, LPSECURITY_ATTRIBUTES tsa,
                              BOOL inherit, DWORD flags, LPSTARTUPINFOW startup,
                              LPPROCESS_INFORMATION info, LPCSTR unixdir,
-@@ -2180,6 +2180,7 @@ static BOOL create_process( HANDLE hFile, LPCWSTR filename, LPWSTR cmd_line, LPW
+@@ -2314,6 +2314,7 @@ static BOOL create_process( HANDLE hFile, LPCWSTR filename, LPWSTR cmd_line, LPW
+         req->access         = PROCESS_ALL_ACCESS;
+         req->cpu            = pe_info->cpu;
          req->info_size      = startup_info_size;
-         req->env_size       = (env_end - env) * sizeof(WCHAR);
-         req->process_sd_size = process_sd_size;
 +        req->token          = wine_server_obj_handle( token );
- 
+         wine_server_add_data( req, objattr, attr_len );
          wine_server_add_data( req, startup_info, startup_info_size );
-         wine_server_add_data( req, env, (env_end - env) * sizeof(WCHAR) );
-@@ -2280,7 +2281,7 @@ error:
+         wine_server_add_data( req, params->Environment, (env_end - params->Environment) * sizeof(WCHAR) );
+@@ -2431,7 +2432,7 @@ error:
   *
   * Create a new VDM process for a 16-bit or DOS application.
   */
@@ -43,17 +43,17 @@ index f9606be..c0b89f9 100644
 +static BOOL create_vdm_process( HANDLE token, LPCWSTR filename, LPWSTR cmd_line, LPWSTR env, LPCWSTR cur_dir,
                                  LPSECURITY_ATTRIBUTES psa, LPSECURITY_ATTRIBUTES tsa,
                                  BOOL inherit, DWORD flags, LPSTARTUPINFOW startup,
-                                 LPPROCESS_INFORMATION info, LPCSTR unixdir,
-@@ -2304,7 +2305,7 @@ static BOOL create_vdm_process( LPCWSTR filename, LPWSTR cmd_line, LPWSTR env, L
-         return FALSE;
-     }
-     sprintfW(new_cmd_line, argsW, winevdmW, buffer, cmd_line);
--    ret = create_process( 0, winevdmW, new_cmd_line, env, cur_dir, psa, tsa, inherit,
-+    ret = create_process( token, 0, winevdmW, new_cmd_line, env, cur_dir, psa, tsa, inherit,
-                           flags, startup, info, unixdir, binary_info, exec_only );
+                                 LPPROCESS_INFORMATION info, LPCSTR unixdir, int exec_only )
+@@ -2456,7 +2457,7 @@ static BOOL create_vdm_process( LPCWSTR filename, LPWSTR cmd_line, LPWSTR env, L
+     sprintfW(new_cmd_line, argsW, winevdm, buffer, cmd_line);
+     memset( &pe_info, 0, sizeof(pe_info) );
+     pe_info.cpu = CPU_x86;
+-    ret = create_process( 0, winevdm, new_cmd_line, env, cur_dir, psa, tsa, inherit,
++    ret = create_process( token, 0, winevdm, new_cmd_line, env, cur_dir, psa, tsa, inherit,
+                           flags, startup, info, unixdir, &pe_info, exec_only );
      HeapFree( GetProcessHeap(), 0, new_cmd_line );
      return ret;
-@@ -2316,7 +2317,7 @@ static BOOL create_vdm_process( LPCWSTR filename, LPWSTR cmd_line, LPWSTR env, L
+@@ -2468,7 +2469,7 @@ static BOOL create_vdm_process( LPCWSTR filename, LPWSTR cmd_line, LPWSTR env, L
   *
   * Create a new cmd shell process for a .BAT file.
   */
@@ -62,7 +62,7 @@ index f9606be..c0b89f9 100644
                                  LPSECURITY_ATTRIBUTES psa, LPSECURITY_ATTRIBUTES tsa,
                                  BOOL inherit, DWORD flags, LPSTARTUPINFOW startup,
                                  LPPROCESS_INFORMATION info )
-@@ -2344,8 +2345,8 @@ static BOOL create_cmd_process( LPCWSTR filename, LPWSTR cmd_line, LPVOID env, L
+@@ -2496,8 +2497,8 @@ static BOOL create_cmd_process( LPCWSTR filename, LPWSTR cmd_line, LPVOID env, L
      strcatW( newcmdline, quotW );
      strcatW( newcmdline, cmd_line );
      strcatW( newcmdline, quotW );
@@ -73,7 +73,7 @@ index f9606be..c0b89f9 100644
      HeapFree( GetProcessHeap(), 0, newcmdline );
      return ret;
  }
-@@ -2455,7 +2456,9 @@ BOOL WINAPI CreateProcessInternalW( HANDLE token, LPCWSTR app_name, LPWSTR cmd_l
+@@ -2609,7 +2610,9 @@ BOOL WINAPI CreateProcessInternalW( HANDLE token, LPCWSTR app_name, LPWSTR cmd_l
  
      TRACE("app %s cmdline %s\n", debugstr_w(app_name), debugstr_w(cmd_line) );
  
@@ -83,41 +83,38 @@ index f9606be..c0b89f9 100644
 +
      if (new_token) FIXME("No support for returning created process token\n");
  
-     if (!(tidy_cmdline = get_file_name( app_name, cmd_line, name, sizeof(name)/sizeof(WCHAR),
-@@ -2513,20 +2516,20 @@ BOOL WINAPI CreateProcessInternalW( HANDLE token, LPCWSTR app_name, LPWSTR cmd_l
-                debugstr_w(name), (binary_info.flags & BINARY_FLAG_64BIT) ? 64 : 32,
-                wine_dbgstr_longlong(binary_info.res_start), wine_dbgstr_longlong(binary_info.res_end),
-                binary_info.arch, (binary_info.flags & BINARY_FLAG_FAKEDLL) ? ", fakedll" : "" );
+     if (!(tidy_cmdline = get_file_name( app_name, cmd_line, name, ARRAY_SIZE( name ), &hFile, &is_64bit )))
+@@ -2696,18 +2699,18 @@ BOOL WINAPI CreateProcessInternalW( HANDLE token, LPCWSTR app_name, LPWSTR cmd_l
+                debugstr_w(name), is_64bit_arch(pe_info.cpu) ? 64 : 32,
+                wine_dbgstr_longlong(pe_info.base), wine_dbgstr_longlong(pe_info.base + pe_info.map_size),
+                cpu_names[pe_info.cpu] );
 -        retv = create_process( hFile, name, tidy_cmdline, envW, cur_dir, process_attr, thread_attr,
-+        retv = create_process( token, hFile, name, tidy_cmdline, envW, cur_dir, process_attr, thread_attr,
-                                inherit, flags, startup_info, info, unixdir, &binary_info, FALSE );
++        retv = create_process( NULL, hFile, name, tidy_cmdline, envW, cur_dir, process_attr, thread_attr,
+                                inherit, flags, startup_info, info, unixdir, &pe_info, FALSE );
          break;
-     case BINARY_OS216:
      case BINARY_WIN16:
-     case BINARY_DOS:
          TRACE( "starting %s as Win16/DOS binary\n", debugstr_w(name) );
 -        retv = create_vdm_process( name, tidy_cmdline, envW, cur_dir, process_attr, thread_attr,
 +        retv = create_vdm_process( token, name, tidy_cmdline, envW, cur_dir, process_attr, thread_attr,
-                                    inherit, flags, startup_info, info, unixdir, &binary_info, FALSE );
+                                    inherit, flags, startup_info, info, unixdir, FALSE );
          break;
      case BINARY_UNIX_LIB:
          TRACE( "starting %s as %d-bit Winelib app\n",
-                debugstr_w(name), (binary_info.flags & BINARY_FLAG_64BIT) ? 64 : 32 );
+                debugstr_w(name), is_64bit_arch(pe_info.cpu) ? 64 : 32 );
 -        retv = create_process( hFile, name, tidy_cmdline, envW, cur_dir, process_attr, thread_attr,
 +        retv = create_process( token, hFile, name, tidy_cmdline, envW, cur_dir, process_attr, thread_attr,
-                                inherit, flags, startup_info, info, unixdir, &binary_info, FALSE );
+                                inherit, flags, startup_info, info, unixdir, &pe_info, FALSE );
          break;
      case BINARY_UNKNOWN:
-@@ -2538,7 +2541,7 @@ BOOL WINAPI CreateProcessInternalW( HANDLE token, LPCWSTR app_name, LPWSTR cmd_l
+@@ -2717,14 +2720,14 @@ BOOL WINAPI CreateProcessInternalW( HANDLE token, LPCWSTR app_name, LPWSTR cmd_l
+             if (!strcmpiW( p, comW ) || !strcmpiW( p, pifW ))
+             {
                  TRACE( "starting %s as DOS binary\n", debugstr_w(name) );
-                 binary_info.type = BINARY_DOS;
-                 binary_info.arch = IMAGE_FILE_MACHINE_I386;
 -                retv = create_vdm_process( name, tidy_cmdline, envW, cur_dir, process_attr, thread_attr,
 +                retv = create_vdm_process( token, name, tidy_cmdline, envW, cur_dir, process_attr, thread_attr,
-                                            inherit, flags, startup_info, info, unixdir,
-                                            &binary_info, FALSE );
+                                            inherit, flags, startup_info, info, unixdir, FALSE );
                  break;
-@@ -2546,7 +2549,7 @@ BOOL WINAPI CreateProcessInternalW( HANDLE token, LPCWSTR app_name, LPWSTR cmd_l
+             }
              if (!strcmpiW( p, batW ) || !strcmpiW( p, cmdW ) )
              {
                  TRACE( "starting %s as batch binary\n", debugstr_w(name) );
@@ -126,44 +123,44 @@ index f9606be..c0b89f9 100644
                                             inherit, flags, startup_info, info );
                  break;
              }
-@@ -2666,12 +2669,12 @@ static void exec_process( LPCWSTR name )
-                debugstr_w(name), (binary_info.flags & BINARY_FLAG_64BIT) ? 64 : 32,
-                wine_dbgstr_longlong(binary_info.res_start), wine_dbgstr_longlong(binary_info.res_end),
-                binary_info.arch );
+@@ -2840,12 +2843,12 @@ static void exec_process( LPCWSTR name )
+                debugstr_w(name), is_64bit_arch(pe_info.cpu) ? 64 : 32,
+                wine_dbgstr_longlong(pe_info.base), wine_dbgstr_longlong(pe_info.base + pe_info.map_size),
+                cpu_names[pe_info.cpu] );
 -        create_process( hFile, name, GetCommandLineW(), NULL, NULL, NULL, NULL,
 +        create_process( NULL, hFile, name, GetCommandLineW(), NULL, NULL, NULL, NULL,
-                         FALSE, 0, &startup_info, &info, NULL, &binary_info, TRUE );
+                         FALSE, 0, &startup_info, &info, NULL, &pe_info, TRUE );
          break;
      case BINARY_UNIX_LIB:
          TRACE( "%s is a Unix library, starting as Winelib app\n", debugstr_w(name) );
 -        create_process( hFile, name, GetCommandLineW(), NULL, NULL, NULL, NULL,
 +        create_process( NULL, hFile, name, GetCommandLineW(), NULL, NULL, NULL, NULL,
-                         FALSE, 0, &startup_info, &info, NULL, &binary_info, TRUE );
+                         FALSE, 0, &startup_info, &info, NULL, &pe_info, TRUE );
          break;
      case BINARY_UNKNOWN:
-@@ -2685,7 +2688,7 @@ static void exec_process( LPCWSTR name )
+@@ -2855,7 +2858,7 @@ static void exec_process( LPCWSTR name )
+         /* fall through */
      case BINARY_WIN16:
-     case BINARY_DOS:
          TRACE( "starting %s as Win16/DOS binary\n", debugstr_w(name) );
 -        create_vdm_process( name, GetCommandLineW(), NULL, NULL, NULL, NULL,
 +        create_vdm_process( NULL, name, GetCommandLineW(), NULL, NULL, NULL, NULL,
-                             FALSE, 0, &startup_info, &info, NULL, &binary_info, TRUE );
+                             FALSE, 0, &startup_info, &info, NULL, TRUE );
          break;
      default:
 diff --git a/server/process.c b/server/process.c
-index 81cea2f..7d2206f 100644
+index 653e513..2bb49e2 100644
 --- a/server/process.c
 +++ b/server/process.c
-@@ -496,7 +496,7 @@ static void start_sigkill_timer( struct process *process )
- 
- /* create a new process and its main thread */
+@@ -486,7 +486,7 @@ static void start_sigkill_timer( struct process *process )
+ /* create a new process */
  /* if the function fails the fd is closed */
--struct thread *create_process( int fd, struct thread *parent_thread, int inherit_all )
-+struct thread *create_process( int fd, struct thread *parent_thread, int inherit_all, struct token *token )
+ struct process *create_process( int fd, struct thread *parent_thread, int inherit_all,
+-                                const struct security_descriptor *sd )
++                                const struct security_descriptor *sd, struct token *token )
  {
      struct process *process;
-     struct thread *thread = NULL;
-@@ -567,7 +567,7 @@ struct thread *create_process( int fd, struct thread *parent_thread, int inherit
+ 
+@@ -562,7 +562,7 @@ struct process *create_process( int fd, struct thread *parent_thread, int inheri
                                         : alloc_handle_table( process, 0 );
          /* Note: for security reasons, starting a new process does not attempt
           * to use the current impersonation token for the new process */
@@ -172,15 +169,15 @@ index 81cea2f..7d2206f 100644
          process->affinity = parent->affinity;
      }
      if (!process->handles || !process->token) goto error;
-@@ -1147,6 +1147,7 @@ DECL_HANDLER(new_process)
-     struct startup_info *info;
-     struct thread *thread;
-     struct process *process;
+@@ -1128,6 +1128,7 @@ DECL_HANDLER(new_process)
+     const struct security_descriptor *sd;
+     const struct object_attributes *objattr = get_req_object_attributes( &sd, &name, NULL );
+     struct process *process = NULL;
 +    struct token *token = NULL;
      struct process *parent = current->process;
      int socket_fd = thread_get_inflight_fd( current, req->socket_fd );
-     const struct security_descriptor *process_sd = NULL, *thread_sd = NULL;
-@@ -1182,9 +1183,27 @@ DECL_HANDLER(new_process)
+ 
+@@ -1168,13 +1169,31 @@ DECL_HANDLER(new_process)
          return;
      }
  
@@ -203,75 +200,79 @@ index 81cea2f..7d2206f 100644
 +
      if (!req->info_size)  /* create an orphaned process */
      {
--        create_process( socket_fd, NULL, 0 );
-+        create_process( socket_fd, NULL, 0, token );
+-        if ((process = create_process( socket_fd, NULL, 0, sd )))
++        if ((process = create_process( socket_fd, NULL, 0, sd, token )))
+         {
+             create_thread( -1, process, NULL );
+             release_object( process );
+         }
 +        if (token) release_object( token );
          return;
      }
  
-@@ -1192,6 +1211,7 @@ DECL_HANDLER(new_process)
+@@ -1182,6 +1201,7 @@ DECL_HANDLER(new_process)
      if (!(info = alloc_object( &startup_info_ops )))
      {
          close( socket_fd );
 +        if (token) release_object( token );
          return;
      }
-     info->exe_file = NULL;
-@@ -1274,7 +1294,7 @@ DECL_HANDLER(new_process)
-         }
+     info->process  = NULL;
+@@ -1228,7 +1248,7 @@ DECL_HANDLER(new_process)
+ #undef FIXUP_LEN
      }
  
--    if (!(thread = create_process( socket_fd, current, req->inherit_all ))) goto done;
-+    if (!(thread = create_process( socket_fd, current, req->inherit_all, token ))) goto done;
-     process = thread->process;
+-    if (!(process = create_process( socket_fd, current, req->inherit_all, sd ))) goto done;
++    if (!(process = create_process( socket_fd, current, req->inherit_all, sd, token ))) goto done;
+ 
      process->startup_info = (struct startup_info *)grab_object( info );
  
-@@ -1356,6 +1376,7 @@ DECL_HANDLER(new_process)
-     }
+@@ -1290,6 +1310,7 @@ DECL_HANDLER(new_process)
+     reply->handle = alloc_handle_no_access_check( parent, process, req->access, objattr->attributes );
  
   done:
 +    if (token) release_object( token );
+     if (process) release_object( process );
      release_object( info );
  }
- 
 diff --git a/server/process.h b/server/process.h
-index 78e88ec..313c36a 100644
+index 1128dba..ec44e02 100644
 --- a/server/process.h
 +++ b/server/process.h
-@@ -114,7 +114,7 @@ struct process_snapshot
- extern unsigned int alloc_ptid( void *ptr );
+@@ -116,7 +116,7 @@ extern unsigned int alloc_ptid( void *ptr );
  extern void free_ptid( unsigned int id );
  extern void *get_ptid_entry( unsigned int id );
--extern struct thread *create_process( int fd, struct thread *parent_thread, int inherit_all );
-+extern struct thread *create_process( int fd, struct thread *parent_thread, int inherit_all, struct token *token );
+ extern struct process *create_process( int fd, struct thread *parent_thread, int inherit_all,
+-                                       const struct security_descriptor *sd );
++                                       const struct security_descriptor *sd, struct token *token );
  extern data_size_t init_process( struct thread *thread );
  extern struct thread *get_process_first_thread( struct process *process );
  extern struct process *get_process_from_id( process_id_t id );
 diff --git a/server/protocol.def b/server/protocol.def
-index 5fb6e38..f0bc83b 100644
+index aebac70..3dc82b3 100644
 --- a/server/protocol.def
 +++ b/server/protocol.def
-@@ -748,6 +748,7 @@ struct rawinput_device
+@@ -744,6 +744,7 @@ struct rawinput_device
+     unsigned int access;         /* access rights for process object */
+     cpu_type_t   cpu;            /* CPU that the new process will use */
      data_size_t  info_size;      /* size of startup info */
-     data_size_t  env_size;       /* size of the environment */
-     data_size_t  process_sd_size;/* size of the process security descriptor */
 +    obj_handle_t token;          /* token for the new process */
+     VARARG(objattr,object_attributes);   /* object attributes */
      VARARG(info,startup_info,info_size); /* startup information */
-     VARARG(env,unicode_str,env_size);                       /* environment for new process */
-     VARARG(process_sd,security_descriptor,process_sd_size); /* security descriptor to set on the process */
+     VARARG(env,unicode_str);     /* environment for new process */
 diff --git a/server/request.c b/server/request.c
-index 6120bc5..a648c30 100644
+index c10c4e6..86f293f 100644
 --- a/server/request.c
 +++ b/server/request.c
-@@ -570,7 +570,7 @@ static void master_socket_poll_event( struct fd *fd, int event )
+@@ -577,7 +577,7 @@ static void master_socket_poll_event( struct fd *fd, int event )
          int client = accept( get_unix_fd( master_socket->fd ), (struct sockaddr *) &dummy, &len );
          if (client == -1) return;
          fcntl( client, F_SETFL, O_NONBLOCK );
--        create_process( client, NULL, 0 );
-+        create_process( client, NULL, 0, NULL );
-     }
- }
- 
+-        if ((process = create_process( client, NULL, 0, NULL )))
++        if ((process = create_process( client, NULL, 0, NULL, NULL )))
+         {
+             create_thread( -1, process, NULL );
+             release_object( process );
 diff --git a/server/security.h b/server/security.h
 index 21e90cc..32dfe5f 100644
 --- a/server/security.h

patches/advapi32-Token_Integrity_Level/0012-user32-Start-explorer.exe-using-limited-rights.patch

@@ -1,7 +1,7 @@
-From 31a5f689a12c1db6edcc86dcd8e81f38a5f19fc5 Mon Sep 17 00:00:00 2001
+From baff5c160cf7f1ac0011bf8f55d506bf0346e1fd Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
 Date: Mon, 7 Aug 2017 02:53:06 +0200
-Subject: user32: Start explorer.exe using limited rights.
+Subject: [PATCH] user32: Start explorer.exe using limited rights.
 
 ---
  dlls/advapi32/tests/security.c |  4 ++--
@@ -9,10 +9,10 @@ Subject: user32: Start explorer.exe using limited rights.
  2 files changed, 12 insertions(+), 4 deletions(-)
 
 diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
-index f1a64e29dea..52524ee6fe2 100644
+index f27642e7a7..0271cd72e0 100644
 --- a/dlls/advapi32/tests/security.c
 +++ b/dlls/advapi32/tests/security.c
-@@ -7387,7 +7387,7 @@ static void test_token_security_descriptor(void)
+@@ -7313,7 +7313,7 @@ static void test_token_security_descriptor(void)
              ret = GetTokenInformation(token4, TokenIntegrityLevel, buffer_integrity, sizeof(buffer_integrity), &size);
              ok(ret, "GetTokenInformation failed with error %u\n", GetLastError());
              tml = (TOKEN_MANDATORY_LABEL *)buffer_integrity;
@@ -21,7 +21,7 @@ index f1a64e29dea..52524ee6fe2 100644
  
              size = 0;
              ret = GetKernelObjectSecurity(token4, LABEL_SECURITY_INFORMATION, NULL, 0, &size);
-@@ -7841,7 +7841,7 @@ static void test_child_token_sd_medium(void)
+@@ -7768,7 +7768,7 @@ static void test_child_token_sd_medium(void)
      ret = GetTokenInformation(token, TokenIntegrityLevel, buffer_integrity, sizeof(buffer_integrity), &size);
      ok(ret, "GetTokenInformation failed with error %u\n", GetLastError());
      tml = (TOKEN_MANDATORY_LABEL *)buffer_integrity;
@@ -31,7 +31,7 @@ index f1a64e29dea..52524ee6fe2 100644
      HeapFree(GetProcessHeap(), 0, sd);
  }
 diff --git a/dlls/user32/win.c b/dlls/user32/win.c
-index cbf22374374..ea116b9d139 100644
+index cbfd8bb14a..8039f54fb0 100644
 --- a/dlls/user32/win.c
 +++ b/dlls/user32/win.c
 @@ -43,6 +43,8 @@ WINE_DEFAULT_DEBUG_CHANNEL(win);
@@ -43,15 +43,15 @@ index cbf22374374..ea116b9d139 100644
  static DWORD process_layout = ~0u;
  
  static struct list window_surfaces = LIST_INIT( window_surfaces );
-@@ -2067,6 +2069,7 @@ HWND WINAPI GetDesktopWindow(void)
-         WCHAR app[MAX_PATH + sizeof(explorer)/sizeof(WCHAR)];
-         WCHAR cmdline[MAX_PATH + (sizeof(explorer) + sizeof(args))/sizeof(WCHAR)];
+@@ -2052,6 +2054,7 @@ HWND WINAPI GetDesktopWindow(void)
+         WCHAR app[MAX_PATH + ARRAY_SIZE( explorer )];
+         WCHAR cmdline[MAX_PATH + ARRAY_SIZE( explorer ) + ARRAY_SIZE( args )];
          WCHAR desktop[MAX_PATH];
 +        HANDLE token;
          void *redir;
  
          SERVER_START_REQ( set_user_object_info )
-@@ -2099,9 +2102,12 @@ HWND WINAPI GetDesktopWindow(void)
+@@ -2084,9 +2087,12 @@ HWND WINAPI GetDesktopWindow(void)
          strcpyW( cmdline, app );
          strcatW( cmdline, args );
  
@@ -66,7 +66,7 @@ index cbf22374374..ea116b9d139 100644
          {
              TRACE( "started explorer pid %04x tid %04x\n", pi.dwProcessId, pi.dwThreadId );
              WaitForInputIdle( pi.hProcess, 10000 );
-@@ -2111,6 +2117,8 @@ HWND WINAPI GetDesktopWindow(void)
+@@ -2096,6 +2102,8 @@ HWND WINAPI GetDesktopWindow(void)
          else WARN( "failed to start explorer, err %d\n", GetLastError() );
          Wow64RevertWow64FsRedirection( redir );
  
@@ -76,5 +76,5 @@ index cbf22374374..ea116b9d139 100644
          {
              req->force = 1;
 -- 
-2.13.1
+2.18.0
 

patches/advapi32-Token_Integrity_Level/0013-server-Correctly-assign-security-labels-for-tokens.patch

@@ -1,7 +1,7 @@
-From 71366dad7ac934b2e24cfcf19104b4589b91652a Mon Sep 17 00:00:00 2001
+From 6d8fd34cabbcbc64062675be610fb8704fcdc3ec Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
 Date: Mon, 7 Aug 2017 03:33:26 +0200
-Subject: server: Correctly assign security labels for tokens.
+Subject: [PATCH] server: Correctly assign security labels for tokens.
 
 ---
  dlls/advapi32/tests/security.c | 21 ++++++++++-----------
@@ -11,10 +11,10 @@ Subject: server: Correctly assign security labels for tokens.
  4 files changed, 36 insertions(+), 36 deletions(-)
 
 diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
-index 52524ee6fe2..a35baab0e25 100644
+index bf4161c..0610ec7 100644
 --- a/dlls/advapi32/tests/security.c
 +++ b/dlls/advapi32/tests/security.c
-@@ -7289,7 +7289,6 @@ static void test_token_security_descriptor(void)
+@@ -7186,7 +7186,6 @@ static void test_token_security_descriptor(void)
      defaulted = TRUE;
      ret = GetSecurityDescriptorDacl(sd2, &present, &acl2, &defaulted);
      ok(ret, "GetSecurityDescriptorDacl failed with error %u\n", GetLastError());
@@ -22,7 +22,7 @@ index 52524ee6fe2..a35baab0e25 100644
      ok(present, "DACL not present\n");
  
      if (present)
-@@ -7410,7 +7409,7 @@ static void test_token_security_descriptor(void)
+@@ -7307,7 +7306,7 @@ static void test_token_security_descriptor(void)
                  ok(ret, "GetAce failed with error %u\n", GetLastError());
                  ok(ace->Header.AceType == SYSTEM_MANDATORY_LABEL_ACE_TYPE,
                     "Unexpected ACE type %#x\n", ace->Header.AceType);
@@ -31,7 +31,7 @@ index 52524ee6fe2..a35baab0e25 100644
                     "Expected medium integrity level\n");
              }
  
-@@ -7463,8 +7462,8 @@ static void test_token_security_descriptor(void)
+@@ -7360,8 +7359,8 @@ static void test_token_security_descriptor(void)
              sacl = NULL;
              ret = GetSecurityDescriptorSacl(sd3, &present, &sacl, &defaulted);
              ok(ret, "GetSecurityDescriptorSacl failed with error %u\n", GetLastError());
@@ -42,7 +42,7 @@ index 52524ee6fe2..a35baab0e25 100644
  
              if (sacl)
              {
-@@ -7513,8 +7512,8 @@ static void test_token_security_descriptor(void)
+@@ -7410,8 +7409,8 @@ static void test_token_security_descriptor(void)
              sacl = NULL;
              ret = GetSecurityDescriptorSacl(sd3, &present, &sacl, &defaulted);
              ok(ret, "GetSecurityDescriptorSacl failed with error %u\n", GetLastError());
@@ -53,7 +53,7 @@ index 52524ee6fe2..a35baab0e25 100644
  
              if (sacl)
              {
-@@ -7578,8 +7577,8 @@ static void test_token_security_descriptor(void)
+@@ -7475,8 +7474,8 @@ static void test_token_security_descriptor(void)
  
          ret = GetSecurityDescriptorSacl(sd3, &present, &sacl, &defaulted);
          ok(ret, "GetSecurityDescriptorSacl failed with error %u\n", GetLastError());
@@ -64,7 +64,7 @@ index 52524ee6fe2..a35baab0e25 100644
  
          if (sacl)
          {
-@@ -7616,8 +7615,8 @@ static void test_token_security_descriptor(void)
+@@ -7513,8 +7512,8 @@ static void test_token_security_descriptor(void)
          sacl = NULL;
          ret = GetSecurityDescriptorSacl(sd3, &present, &sacl, &defaulted);
          ok(ret, "GetSecurityDescriptorSacl failed with error %u\n", GetLastError());
@@ -75,7 +75,7 @@ index 52524ee6fe2..a35baab0e25 100644
  
          if (sacl)
          {
-@@ -7834,7 +7833,7 @@ static void test_child_token_sd_medium(void)
+@@ -7732,7 +7731,7 @@ static void test_child_token_sd_medium(void)
      ok(ret, "GetAce failed with error %u\n", GetLastError());
      ok(ace_label->Header.AceType == SYSTEM_MANDATORY_LABEL_ACE_TYPE,
         "Unexpected ACE type %#x\n", ace_label->Header.AceType);
@@ -85,10 +85,10 @@ index 52524ee6fe2..a35baab0e25 100644
  
      memset(buffer_integrity, 0, sizeof(buffer_integrity));
 diff --git a/server/process.c b/server/process.c
-index ef2452fb8fb..ae998ab80b9 100644
+index b7c9da3..250f777 100644
 --- a/server/process.c
 +++ b/server/process.c
-@@ -571,17 +571,11 @@ struct thread *create_process( int fd, struct thread *parent_thread, int inherit
+@@ -562,17 +562,11 @@ struct process *create_process( int fd, struct thread *parent_thread, int inheri
                                         : alloc_handle_table( process, 0 );
          /* Note: for security reasons, starting a new process does not attempt
           * to use the current impersonation token for the new process */
@@ -104,11 +104,11 @@ index ef2452fb8fb..ae998ab80b9 100644
 -    if (!token_assign_label( process->token, security_high_label_sid ))
 -        goto error;
 -
-     /* create the main thread */
-     if (pipe( request_pipe ) == -1)
-     {
+     set_fd_events( process->msg_fd, POLLIN );  /* start listening to events */
+     return process;
+ 
 diff --git a/server/security.h b/server/security.h
-index 32dfe5f8db9..87377ccd673 100644
+index 32dfe5f..87377cc 100644
 --- a/server/security.h
 +++ b/server/security.h
 @@ -59,7 +59,7 @@ extern int token_assign_label( struct token *token, PSID label );
@@ -121,10 +121,10 @@ index 32dfe5f8db9..87377ccd673 100644
                                     const LUID_AND_ATTRIBUTES *reqprivs,
                                     unsigned int count, LUID_AND_ATTRIBUTES *usedprivs);
 diff --git a/server/token.c b/server/token.c
-index c507294b49d..c6b0f0d39d3 100644
+index 5db97b4..bd251c7 100644
 --- a/server/token.c
 +++ b/server/token.c
-@@ -686,7 +686,7 @@ static int filter_privilege( struct privilege *privilege, const LUID_AND_ATTRIBU
+@@ -668,7 +668,7 @@ static int filter_privilege( struct privilege *privilege, const LUID_AND_ATTRIBU
  struct token *token_duplicate( struct token *src_token, unsigned primary,
                                 int impersonation_level, const struct security_descriptor *sd,
                                 const LUID_AND_ATTRIBUTES *filter_privileges, unsigned int priv_count,
@@ -133,7 +133,7 @@ index c507294b49d..c6b0f0d39d3 100644
  {
      const luid_t *modified_id =
          primary || (impersonation_level == src_token->impersonation_level) ?
-@@ -750,6 +750,12 @@ struct token *token_duplicate( struct token *src_token, unsigned primary,
+@@ -735,6 +735,12 @@ struct token *token_duplicate( struct token *src_token, unsigned primary,
      if (sd) default_set_sd( &token->obj, sd, OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
                              DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION );
  
@@ -146,7 +146,7 @@ index c507294b49d..c6b0f0d39d3 100644
      return token;
  }
  
-@@ -922,6 +928,12 @@ struct token *token_create_admin( void )
+@@ -906,6 +912,12 @@ struct token *token_create_admin( void )
                                admin_source, NULL, -1, TokenElevationTypeFull, &high_label_sid );
          /* we really need a primary group */
          assert( token->primary_group );
@@ -159,7 +159,7 @@ index c507294b49d..c6b0f0d39d3 100644
      }
  
      free( logon_sid );
-@@ -980,6 +992,12 @@ static struct token *token_create_limited( void )
+@@ -964,6 +976,12 @@ static struct token *token_create_limited( void )
                                admin_source, NULL, -1, TokenElevationTypeLimited, &medium_label_sid );
          /* we really need a primary group */
          assert( token->primary_group );
@@ -172,7 +172,7 @@ index c507294b49d..c6b0f0d39d3 100644
      }
  
      free( logon_sid );
-@@ -1448,7 +1466,8 @@ DECL_HANDLER(duplicate_token)
+@@ -1432,7 +1450,8 @@ DECL_HANDLER(duplicate_token)
                                                       TOKEN_DUPLICATE,
                                                       &token_ops )))
      {
@@ -182,7 +182,7 @@ index c507294b49d..c6b0f0d39d3 100644
          if (token)
          {
              unsigned int access = req->access ? req->access : get_handle_access( current->process, req->handle );
-@@ -1478,7 +1497,7 @@ DECL_HANDLER(filter_token)
+@@ -1462,7 +1481,7 @@ DECL_HANDLER(filter_token)
          group_count = get_sid_count( filter_groups, get_req_data_size() - priv_count * sizeof(LUID_AND_ATTRIBUTES) );
  
          token = token_duplicate( src_token, src_token->primary, src_token->impersonation_level, NULL,
@@ -191,7 +191,7 @@ index c507294b49d..c6b0f0d39d3 100644
          if (token)
          {
              unsigned int access = get_handle_access( current->process, req->handle );
-@@ -1813,23 +1832,11 @@ DECL_HANDLER(set_token_default_dacl)
+@@ -1788,23 +1807,11 @@ DECL_HANDLER(set_token_default_dacl)
  DECL_HANDLER(create_token)
  {
      struct token *token;
@@ -218,5 +218,5 @@ index c507294b49d..c6b0f0d39d3 100644
      }
  }
 -- 
-2.13.1
+2.7.4
 

patches/advapi32-Token_Integrity_Level/definition

@@ -1,7 +1,5 @@
 Fixes: [40613] Basic implementation for token integrity levels and UAC handling
 Fixes: [39262] Run explorer.exe as unevaluated process
 Depends: advapi32-CreateRestrictedToken
-Depends: kernel32-COMSPEC
-Depends: server-CreateProcess_ACLs
 Depends: server-Misc_ACL
 Depends: Staging

patches/advapi32-WinBuiltinAnyPackageSid/0001-advapi32-SDDL-assigns-the-AC-abbreviation-to-WinBuil.patch

@@ -1,26 +0,0 @@
-From e71a9b9a10c2de28a617f9490c3d135b1e12adf1 Mon Sep 17 00:00:00 2001
-From: Dmitry Timoshkov <dmitry@baikal.ru>
-Date: Fri, 16 Dec 2016 13:20:32 +0800
-Subject: advapi32: SDDL assigns the "AC" abbreviation to
- WinBuiltinAnyPackageSid.
-
----
- dlls/advapi32/security.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c
-index 28331df..3b585aa 100644
---- a/dlls/advapi32/security.c
-+++ b/dlls/advapi32/security.c
-@@ -135,7 +135,7 @@ static const WELLKNOWNSID WellKnownSids[] =
-     { {'M','E'}, WinMediumLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_MEDIUM_RID } } },
-     { {'H','I'}, WinHighLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_HIGH_RID } } },
-     { {'S','I'}, WinSystemLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_SYSTEM_RID } } },
--    { {0,0}, WinBuiltinAnyPackageSid, { SID_REVISION, 2, { SECURITY_APP_PACKAGE_AUTHORITY }, { SECURITY_APP_PACKAGE_BASE_RID, SECURITY_BUILTIN_PACKAGE_ANY_PACKAGE } } },
-+    { {'A','C'}, WinBuiltinAnyPackageSid, { SID_REVISION, 2, { SECURITY_APP_PACKAGE_AUTHORITY }, { SECURITY_APP_PACKAGE_BASE_RID, SECURITY_BUILTIN_PACKAGE_ANY_PACKAGE } } },
- };
- 
- /* these SIDs must be constructed as relative to some domain - only the RID is well-known */
--- 
-2.9.0
-

patches/advapi32-WinBuiltinAnyPackageSid/0002-advapi32-tests-Add-a-test-that-compares-a-well-known.patch

@@ -1,227 +0,0 @@
-From 393f8906d8b26414fb4fc89c692cb5247be6b4c2 Mon Sep 17 00:00:00 2001
-From: Dmitry Timoshkov <dmitry@baikal.ru>
-Date: Fri, 16 Dec 2016 13:23:15 +0800
-Subject: advapi32/tests: Add a test that compares a well-known SID to a SID
- created from a SDDL abbreviation.
-
----
- dlls/advapi32/tests/security.c | 130 +++++++++++++++++++++++++++++------------
- 1 file changed, 92 insertions(+), 38 deletions(-)
-
-diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
-index dfe2f871d42..808547ddbc0 100644
---- a/dlls/advapi32/tests/security.c
-+++ b/dlls/advapi32/tests/security.c
-@@ -2,7 +2,7 @@
-  * Unit tests for security functions
-  *
-  * Copyright (c) 2004 Mike McCormack
-- * Copyright (c) 2011 Dmitry Timoshkov
-+ * Copyright (c) 2011,2013,2014,2016 Dmitry Timoshkov
-  *
-  * This library is free software; you can redistribute it and/or
-  * modify it under the terms of the GNU Lesser General Public
-@@ -138,14 +138,6 @@ static HMODULE hmod;
- static int     myARGC;
- static char**  myARGV;
- 
--struct strsid_entry
--{
--    const char *str;
--    DWORD flags;
--};
--#define STRSID_OK     0
--#define STRSID_OPT    1
--
- #define SID_SLOTS 4
- static char debugsid_str[SID_SLOTS][256];
- static int debugsid_index = 0;
-@@ -174,12 +166,6 @@ static const char* debugstr_sid(PSID sid)
-     return res;
- }
- 
--struct sidRef
--{
--    SID_IDENTIFIER_AUTHORITY auth;
--    const char *refStr;
--};
--
- static void init(void)
- {
-     HMODULE hntdll;
-@@ -297,7 +283,11 @@ static void test_group_equal(HANDLE Handle, PSID expected, int line)
- 
- static void test_sid(void)
- {
--    struct sidRef refs[] = {
-+    static struct
-+    {
-+        SID_IDENTIFIER_AUTHORITY auth;
-+        const char *refStr;
-+    } refs[] = {
-      { { {0x00,0x00,0x33,0x44,0x55,0x66} }, "S-1-860116326-1" },
-      { { {0x00,0x00,0x01,0x02,0x03,0x04} }, "S-1-16909060-1"  },
-      { { {0x00,0x00,0x00,0x01,0x02,0x03} }, "S-1-66051-1"     },
-@@ -305,24 +295,60 @@ static void test_sid(void)
-      { { {0x00,0x00,0x00,0x00,0x00,0x02} }, "S-1-2-1"         },
-      { { {0x00,0x00,0x00,0x00,0x00,0x0c} }, "S-1-12-1"        },
-     };
--    struct strsid_entry strsid_table[] = {
--        {"AO", STRSID_OK},  {"RU", STRSID_OK},  {"AN", STRSID_OK},  {"AU", STRSID_OK},
--        {"BA", STRSID_OK},  {"BG", STRSID_OK},  {"BO", STRSID_OK},  {"BU", STRSID_OK},
--        {"CA", STRSID_OPT}, {"CG", STRSID_OK},  {"CO", STRSID_OK},  {"DA", STRSID_OPT},
--        {"DC", STRSID_OPT}, {"DD", STRSID_OPT}, {"DG", STRSID_OPT}, {"DU", STRSID_OPT},
--        {"EA", STRSID_OPT}, {"ED", STRSID_OK},  {"WD", STRSID_OK},  {"PA", STRSID_OPT},
--        {"IU", STRSID_OK},  {"LA", STRSID_OK},  {"LG", STRSID_OK},  {"LS", STRSID_OK},
--        {"SY", STRSID_OK},  {"NU", STRSID_OK},  {"NO", STRSID_OK},  {"NS", STRSID_OK},
--        {"PO", STRSID_OK},  {"PS", STRSID_OK},  {"PU", STRSID_OK},  {"RS", STRSID_OPT},
--        {"RD", STRSID_OK},  {"RE", STRSID_OK},  {"RC", STRSID_OK},  {"SA", STRSID_OPT},
--        {"SO", STRSID_OK},  {"SU", STRSID_OK}};
--
-+    static const struct
-+    {
-+        const char *str;
-+        WELL_KNOWN_SID_TYPE sid_type;
-+        BOOL optional;
-+    } strsid_table[] = {
-+        /* Please keep the list sorted. */
-+        { "AC", WinBuiltinAnyPackageSid, TRUE },
-+        { "AN", WinAnonymousSid },
-+        { "AO", WinBuiltinAccountOperatorsSid },
-+        { "AU", WinAuthenticatedUserSid },
-+        { "BA", WinBuiltinAdministratorsSid },
-+        { "BG", WinBuiltinGuestsSid },
-+        { "BO", WinBuiltinBackupOperatorsSid },
-+        { "BU", WinBuiltinUsersSid },
-+        { "CA", WinAccountCertAdminsSid, TRUE},
-+        { "CG", WinCreatorGroupSid },
-+        { "CO", WinCreatorOwnerSid },
-+        { "DA", WinAccountDomainAdminsSid, TRUE},
-+        { "DC", WinAccountComputersSid, TRUE},
-+        { "DD", WinAccountControllersSid, TRUE},
-+        { "DG", WinAccountDomainGuestsSid, TRUE},
-+        { "DU", WinAccountDomainUsersSid, TRUE},
-+        { "EA", WinAccountEnterpriseAdminsSid, TRUE},
-+        { "ED", WinEnterpriseControllersSid },
-+        { "IU", WinInteractiveSid },
-+        { "LA", WinAccountAdministratorSid },
-+        { "LG", WinAccountGuestSid },
-+        { "LS", WinLocalServiceSid },
-+        { "NO", WinBuiltinNetworkConfigurationOperatorsSid },
-+        { "NS", WinNetworkServiceSid },
-+        { "NU", WinNetworkSid },
-+        { "PA", WinAccountPolicyAdminsSid, TRUE},
-+        { "PO", WinBuiltinPrintOperatorsSid },
-+        { "PS", WinSelfSid },
-+        { "PU", WinBuiltinPowerUsersSid },
-+        { "RC", WinRestrictedCodeSid },
-+        { "RD", WinBuiltinRemoteDesktopUsersSid },
-+        { "RE", WinBuiltinReplicatorSid },
-+        { "RS", WinAccountRasAndIasServersSid, TRUE },
-+        { "RU", WinBuiltinPreWindows2000CompatibleAccessSid },
-+        { "SA", WinAccountSchemaAdminsSid, TRUE },
-+        { "SO", WinBuiltinSystemOperatorsSid },
-+        { "SU", WinServiceSid },
-+        { "SY", WinLocalSystemSid },
-+        { "WD", WinWorldSid },
-+    };
-+    SID_IDENTIFIER_AUTHORITY domain_ident = { SECURITY_NT_AUTHORITY };
-     const char noSubAuthStr[] = "S-1-5";
-     unsigned int i;
--    PSID psid = NULL;
-+    PSID psid, domain_sid;
-     SID *pisid;
-     BOOL r;
--    LPSTR str = NULL;
-+    LPSTR str;
- 
-     if( !pConvertStringSidToSidA )
-     {
-@@ -402,7 +428,7 @@ static void test_sid(void)
-     }
- 
-     /* string constant format not supported before XP */
--    r = pConvertStringSidToSidA(strsid_table[0].str, &psid);
-+    r = pConvertStringSidToSidA("AN", &psid);
-     if(!r)
-     {
-         win_skip("String constant format not supported\n");
-@@ -410,25 +436,51 @@ static void test_sid(void)
-     }
-     LocalFree(psid);
- 
-+    AllocateAndInitializeSid(&domain_ident, 4, SECURITY_NT_NON_UNIQUE, 0, 0, 0, 0, 0, 0, 0, &domain_sid);
-+
-     for(i = 0; i < ARRAY_SIZE(strsid_table); i++)
-     {
--        char *temp;
--
-         SetLastError(0xdeadbeef);
-         r = pConvertStringSidToSidA(strsid_table[i].str, &psid);
- 
--        if (!(strsid_table[i].flags & STRSID_OPT))
-+        if (!(strsid_table[i].optional))
-         {
-             ok(r, "%s: got %u\n", strsid_table[i].str, GetLastError());
-         }
- 
-         if (r)
-         {
--            if ((winetest_debug > 1) && (ConvertSidToStringSidA(psid, &temp)))
-+            char buf[SECURITY_MAX_SID_SIZE];
-+            char *sid_string, *well_known_sid_string;
-+            DWORD n, size;
-+
-+            /* zero out domain id before comparison to simplify things */
-+            if (strsid_table[i].sid_type == WinAccountAdministratorSid ||
-+                strsid_table[i].sid_type == WinAccountGuestSid)
-             {
--                trace(" %s: %s\n", strsid_table[i].str, temp);
--                LocalFree(temp);
-+                for (n = 1; n <= 3; n++)
-+                    *GetSidSubAuthority(psid, n) = 0;
-             }
-+
-+            r = ConvertSidToStringSidA(psid, &sid_string);
-+            ok(r, "%s: ConvertSidToStringSid error %u\n", strsid_table[i].str, GetLastError());
-+            if (winetest_debug > 1)
-+                trace("%s => %s\n", strsid_table[i].str, sid_string);
-+
-+            size = sizeof(buf);
-+            r = pCreateWellKnownSid(strsid_table[i].sid_type, domain_sid, buf, &size);
-+            ok(r, "%u: CreateWellKnownSid(%u) error %u\n", i, strsid_table[i].sid_type, GetLastError());
-+
-+            r = ConvertSidToStringSidA(buf, &well_known_sid_string);
-+            ok(r, "%u: ConvertSidToStringSi(%u) error %u\n", i, strsid_table[i].sid_type, GetLastError());
-+            if (winetest_debug > 1)
-+                trace("%u => %s\n", strsid_table[i].sid_type, well_known_sid_string);
-+
-+            ok(strcmp(sid_string, well_known_sid_string) == 0,
-+               "%u: (%u) expected %s, got %s\n", i, strsid_table[i].sid_type, well_known_sid_string, sid_string);
-+
-+            LocalFree(well_known_sid_string);
-+            LocalFree(sid_string);
-             LocalFree(psid);
-         }
-         else
-@@ -439,6 +491,8 @@ static void test_sid(void)
-                 trace(" %s: couldn't be converted\n", strsid_table[i].str);
-         }
-     }
-+
-+    LocalFree(domain_sid);
- }
- 
- static void test_trustee(void)
-@@ -2288,7 +2342,7 @@ static void test_LookupAccountSid(void)
-     if (pCreateWellKnownSid)
-     {
-         trace("Well Known SIDs:\n");
--        for (i = 0; i <= 60; i++)
-+        for (i = 0; i <= 84; i++)
-         {
-             size = SECURITY_MAX_SID_SIZE;
-             if (pCreateWellKnownSid(i, NULL, &max_sid.sid, &size))
--- 
-2.13.1
-

patches/advapi32-WinBuiltinAnyPackageSid/definition

@@ -1 +0,0 @@
-Fixes: [41934] Assigns the AC abbreviation to WinBuiltinAnyPackageSid

patches/bcrypt-BCryptDeriveKeyPBKDF2/definition

@@ -1,2 +1 @@
 Fixes: [42704] Implement BCryptDeriveKeyPBKDF2
-Depends: crypt32-ECDSA_Cert_Chains

patches/bcrypt-BCryptGenerateKeyPair/definition

@@ -1,2 +1 @@
 Fixes: [45312] Fix issue for Assassin's Creed : Syndicate
-Depends: crypt32-ECDSA_Cert_Chains

patches/crypt32-Certificate_Check/0001-crypt32-Properly-check-root-certificate-in-CERT_CHAI.patch

@@ -1,43 +0,0 @@
-From bba53bba66f4ca7b8726424e8215854a657c024a Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
-Date: Tue, 15 Nov 2016 23:50:23 +0100
-Subject: crypt32: Properly check root certificate in
- CERT_CHAIN_REVOCATION_CHECK_CHAIN.
-
-CA certificates do not have a parent which defines a CRL, but Windows seems to require
-that CA certificates are self signed. We therefore should set pIssuerCert to the
-CA certificate itself before calling CertVerifyRevocation. On windows the function
-does not seem to fail if no CRL could be found, so ignore this error for now.
----
- dlls/crypt32/chain.c | 12 +++++++++++-
- 1 file changed, 11 insertions(+), 1 deletion(-)
-
-diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c
-index aab2e91..80b6513 100644
---- a/dlls/crypt32/chain.c
-+++ b/dlls/crypt32/chain.c
-@@ -2704,10 +2704,20 @@ static void CRYPT_VerifyChainRevocation(PCERT_CHAIN_CONTEXT chain,
-                     revocationPara.pIssuerCert =
-                      chain->rgpChain[i]->rgpElement[j + 1]->pCertContext;
-                 else
--                    revocationPara.pIssuerCert = NULL;
-+                    revocationPara.pIssuerCert = certToCheck;
-+
-                 ret = CertVerifyRevocation(X509_ASN_ENCODING,
-                  CERT_CONTEXT_REVOCATION_TYPE, 1, (void **)&certToCheck,
-                  revocationFlags, &revocationPara, &revocationStatus);
-+
-+                if (!ret && revocationStatus.dwError == CRYPT_E_NO_REVOCATION_CHECK &&
-+                    revocationPara.pIssuerCert == certToCheck)
-+                {
-+                    FIXME("Unable to find CRL for CA certificate\n");
-+                    ret = TRUE;
-+                    revocationStatus.dwError = 0;
-+                }
-+
-                 if (!ret)
-                 {
-                     PCERT_CHAIN_ELEMENT element = CRYPT_FindIthElementInChain(
--- 
-2.9.0
-

patches/crypt32-Certificate_Check/definition

@@ -1 +0,0 @@
-Fixes: [41652] Fix root certificate check in CERT_CHAIN_REVOCATION_CHECK_CHAIN

patches/crypt32-CryptUnprotectMemory/0001-crypt32-Print-CryptUnprotectMemory-FIXME-only-once.patch

@@ -1,25 +0,0 @@
-From 29ac40e7943195bda7acbc0ffa5cc966d8c1a40a Mon Sep 17 00:00:00 2001
-From: Christian Costa <titan.costa@gmail.com>
-Date: Mon, 31 Aug 2015 22:54:59 -0300
-Subject: crypt32: Print CryptUnprotectMemory FIXME only once.
-
----
- dlls/crypt32/main.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/dlls/crypt32/main.c b/dlls/crypt32/main.c
-index 241a1d9..696195a 100644
---- a/dlls/crypt32/main.c
-+++ b/dlls/crypt32/main.c
-@@ -259,6 +259,7 @@ BOOL WINAPI CryptProtectMemory(void *data, DWORD len, DWORD flags)
- 
- BOOL WINAPI CryptUnprotectMemory(void *data, DWORD len, DWORD flags)
- {
--    FIXME("(%p %u %08x): stub\n", data, len, flags);
-+    static int fixme_once;
-+    if (!fixme_once++) FIXME("(%p %u %08x): stub\n", data, len, flags);
-     return TRUE;
- }
--- 
-2.5.0
-

patches/crypt32-ECDSA_Cert_Chains/0006-crypt32-tests-Basic-tests-for-decoding-ECDSA-signed-.patch

@@ -1,196 +0,0 @@
-From 484fbc0054dadaf4a410ae3497ccf3338ef7d81c Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
-Date: Wed, 27 Sep 2017 18:31:07 +0200
-Subject: crypt32/tests: Basic tests for decoding ECDSA signed certificate.
-
----
- dlls/crypt32/tests/encode.c | 168 ++++++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 168 insertions(+)
-
-diff --git a/dlls/crypt32/tests/encode.c b/dlls/crypt32/tests/encode.c
-index a4daec0..729f3e4 100644
---- a/dlls/crypt32/tests/encode.c
-+++ b/dlls/crypt32/tests/encode.c
-@@ -8509,6 +8509,173 @@ static void testPortPublicKeyInfo(void)
-     ok(ret,"CryptAcquireContextA failed\n");
- }
- 
-+static const BYTE eccCert[] = {
-+0x30,0x82,0x01,0x46,0x30,0x81,0xec,0x02,0x09,0x00,0xe7,0x6b,
-+0x26,0x86,0x0a,0x82,0xff,0xe9,0x30,0x0a,0x06,0x08,0x2a,0x86,
-+0x48,0xce,0x3d,0x04,0x03,0x02,0x30,0x2b,0x31,0x0b,0x30,0x09,
-+0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x44,0x45,0x31,0x0d,0x30,
-+0x0b,0x06,0x03,0x55,0x04,0x0a,0x0c,0x04,0x57,0x69,0x6e,0x65,
-+0x31,0x0d,0x30,0x0b,0x06,0x03,0x55,0x04,0x03,0x0c,0x04,0x57,
-+0x69,0x6e,0x65,0x30,0x1e,0x17,0x0d,0x31,0x37,0x30,0x39,0x32,
-+0x37,0x31,0x33,0x34,0x31,0x30,0x34,0x5a,0x17,0x0d,0x32,0x37,
-+0x30,0x39,0x32,0x35,0x31,0x33,0x34,0x31,0x30,0x34,0x5a,0x30,
-+0x2b,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,
-+0x44,0x45,0x31,0x0d,0x30,0x0b,0x06,0x03,0x55,0x04,0x0a,0x0c,
-+0x04,0x54,0x65,0x73,0x74,0x31,0x0d,0x30,0x0b,0x06,0x03,0x55,
-+0x04,0x03,0x0c,0x04,0x54,0x65,0x73,0x74,0x30,0x59,0x30,0x13,
-+0x06,0x07,0x2a,0x86,0x48,0xce,0x3d,0x02,0x01,0x06,0x08,0x2a,
-+0x86,0x48,0xce,0x3d,0x03,0x01,0x07,0x03,0x42,0x00,0x04,0xed,
-+0xfc,0x77,0xd8,0xb9,0xe7,0xf3,0xf8,0xce,0x13,0xb8,0x7f,0x0f,
-+0x78,0xea,0x73,0x87,0x29,0x10,0xe1,0x6d,0x10,0xce,0x57,0x60,
-+0x3b,0x3e,0xb4,0x5f,0x0d,0x20,0xc1,0xeb,0x6d,0x74,0xe9,0x7b,
-+0x11,0x51,0x9a,0x00,0xe8,0xe9,0x12,0x84,0xb9,0x07,0x7e,0x7b,
-+0x62,0x67,0x12,0x67,0x08,0xe5,0x2e,0x27,0xce,0xa2,0x57,0x15,
-+0xad,0xc5,0x1f,0x30,0x0a,0x06,0x08,0x2a,0x86,0x48,0xce,0x3d,
-+0x04,0x03,0x02,0x03,0x49,0x00,0x30,0x46,0x02,0x21,0x00,0xd7,
-+0x29,0xce,0x5a,0xef,0x74,0x85,0xd1,0x18,0x5f,0x6e,0xf1,0xba,
-+0x53,0xd4,0xcd,0xdd,0xe0,0x5d,0xf1,0x5e,0x48,0x51,0xea,0x63,
-+0xc0,0xe8,0xe2,0xf6,0xfa,0x4c,0xaf,0x02,0x21,0x00,0xe3,0x94,
-+0x15,0x3b,0x6c,0x71,0x6e,0x44,0x22,0xcb,0xa0,0x88,0xcd,0x0a,
-+0x5a,0x50,0x29,0x7c,0x5c,0xd6,0x6c,0xd2,0xe0,0x7f,0xcd,0x02,
-+0x92,0x21,0x4c,0x2c,0x92,0xee };
-+static const BYTE ecdsaSig[] = {
-+0x30,0x46,0x02,0x21,0x00,0xd7,0x29,0xce,0x5a,0xef,0x74,0x85,
-+0xd1,0x18,0x5f,0x6e,0xf1,0xba,0x53,0xd4,0xcd,0xdd,0xe0,0x5d,
-+0xf1,0x5e,0x48,0x51,0xea,0x63,0xc0,0xe8,0xe2,0xf6,0xfa,0x4c,
-+0xaf,0x02,0x21,0x00,0xe3,0x94,0x15,0x3b,0x6c,0x71,0x6e,0x44,
-+0x22,0xcb,0xa0,0x88,0xcd,0x0a,0x5a,0x50,0x29,0x7c,0x5c,0xd6,
-+0x6c,0xd2,0xe0,0x7f,0xcd,0x02,0x92,0x21,0x4c,0x2c,0x92,0xee };
-+static const BYTE eccPubKey[] = {
-+0x30,0x59,0x30,0x13,0x06,0x07,0x2a,0x86,0x48,0xce,0x3d,0x02,
-+0x01,0x06,0x08,0x2a,0x86,0x48,0xce,0x3d,0x03,0x01,0x07,0x03,
-+0x42,0x00,0x04,0xed,0xfc,0x77,0xd8,0xb9,0xe7,0xf3,0xf8,0xce,
-+0x13,0xb8,0x7f,0x0f,0x78,0xea,0x73,0x87,0x29,0x10,0xe1,0x6d,
-+0x10,0xce,0x57,0x60,0x3b,0x3e,0xb4,0x5f,0x0d,0x20,0xc1,0xeb,
-+0x6d,0x74,0xe9,0x7b,0x11,0x51,0x9a,0x00,0xe8,0xe9,0x12,0x84,
-+0xb9,0x07,0x7e,0x7b,0x62,0x67,0x12,0x67,0x08,0xe5,0x2e,0x27,
-+0xce,0xa2,0x57,0x15,0xad,0xc5,0x1f };
-+
-+static void testECDSACert(void)
-+{
-+    DWORD decode_flags = CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NO_SIGNATURE_BYTE_REVERSAL_FLAG;
-+    CERT_SIGNED_CONTENT_INFO *info;
-+    CERT_PUBLIC_KEY_INFO *pubkey;
-+    CERT_ECC_SIGNATURE *ecc_sig;
-+    LPSTR *ecc_curve;
-+    DWORD size;
-+    BOOL ret;
-+    int i;
-+
-+    info = NULL;
-+    ret = pCryptDecodeObjectEx(X509_ASN_ENCODING, X509_CERT, eccCert, sizeof(eccCert), decode_flags,
-+                               NULL, &info, &size);
-+    ok(ret, "CryptDecodeObjectEx failed with %d\n", GetLastError());
-+
-+    ok(!strcmp(info->SignatureAlgorithm.pszObjId, szOID_ECDSA_SHA256),
-+       "Expected 1.2.840.10045.4.3.2, got %s\n", info->SignatureAlgorithm.pszObjId);
-+    ok(!info->SignatureAlgorithm.Parameters.cbData,
-+       "Expected no parameter data, got %d bytes\n", info->SignatureAlgorithm.Parameters.cbData);
-+    ok(!info->SignatureAlgorithm.Parameters.pbData,
-+       "Expected no parameter data, got %p pointer\n", info->SignatureAlgorithm.Parameters.pbData);
-+
-+    ok(info->Signature.cbData == sizeof(ecdsaSig),
-+       "Expected %d bytes, got %d\n", (int)sizeof(ecdsaSig), info->Signature.cbData);
-+    ok(info->Signature.pbData != NULL, "Got NULL pointer\n");
-+    ok(!info->Signature.cUnusedBits, "Expected no unused bytes, got %d\n", info->Signature.cUnusedBits);
-+    for (i = 0; i < info->Signature.cbData; i++)
-+    {
-+        ok(ecdsaSig[i] == info->Signature.pbData[i], "Expected %02x, got %02x at offset %d\n",
-+           ecdsaSig[i], info->Signature.pbData[i], i);
-+    }
-+
-+    ecc_sig = NULL;
-+    ret = pCryptDecodeObjectEx(X509_ASN_ENCODING, X509_ECC_SIGNATURE, info->Signature.pbData,
-+                               info->Signature.cbData, decode_flags, NULL, &ecc_sig, &size);
-+    todo_wine ok(ret, "CryptDecodeObjectEx failed with %d\n", GetLastError());
-+    if (ret)
-+    {
-+        ok(ecc_sig->r.cbData == 32, "Expected 32 bytes, got %d\n", ecc_sig->r.cbData);
-+        ok(ecc_sig->r.pbData != NULL, "Got NULL pointer\n");
-+        ok(ecc_sig->s.cbData == 32, "Expected 32 bytes, got %d\n", ecc_sig->s.cbData);
-+        ok(ecc_sig->s.pbData != NULL, "Got NULL pointer\n");
-+        for (i = 0; i < ecc_sig->r.cbData; i++)
-+        {
-+            ok(ecdsaSig[4+32-i] == ecc_sig->r.pbData[i], "Expected %02x, got %02x at offset %d\n",
-+               ecdsaSig[4+32-i], ecc_sig->r.pbData[i], i);
-+        }
-+        for (i = 0; i < ecc_sig->s.cbData; i++)
-+        {
-+            ok(ecdsaSig[4+35+32-i] == ecc_sig->s.pbData[i], "Expected %02x, got %02x at offset %d\n",
-+               ecdsaSig[4+35+32-i], ecc_sig->s.pbData[i], i);
-+        }
-+        LocalFree(ecc_sig);
-+    }
-+
-+    LocalFree(info);
-+
-+    info = NULL;
-+    decode_flags &= ~CRYPT_DECODE_NO_SIGNATURE_BYTE_REVERSAL_FLAG;
-+    ret = pCryptDecodeObjectEx(X509_ASN_ENCODING, X509_CERT, eccCert, sizeof(eccCert), decode_flags,
-+                               NULL, &info, &size);
-+    ok(ret, "CryptDecodeObjectEx failed with %d\n", GetLastError());
-+
-+    ok(info->Signature.cbData == sizeof(ecdsaSig),
-+       "Expected %d bytes, got %d\n", (int)sizeof(ecdsaSig), info->Signature.cbData);
-+    ok(info->Signature.pbData != NULL, "Got NULL pointer\n");
-+    ok(!info->Signature.cUnusedBits, "Expected no unused bytes, got %d\n", info->Signature.cUnusedBits);
-+    for (i = 0; i < info->Signature.cbData; i++)
-+    {
-+        ok(ecdsaSig[sizeof(ecdsaSig)-i-1] == info->Signature.pbData[i], "Expected %02x, got %02x at offset %d\n",
-+           ecdsaSig[sizeof(ecdsaSig)-i-1], info->Signature.pbData[i], i);
-+    }
-+
-+    LocalFree(info);
-+
-+    pubkey = NULL;
-+    ret = pCryptDecodeObjectEx(X509_ASN_ENCODING, X509_PUBLIC_KEY_INFO, eccPubKey, sizeof(eccPubKey),
-+                               decode_flags, NULL, &pubkey, &size);
-+    ok(ret, "CryptDecodeObjectEx failed with %d\n", GetLastError());
-+
-+    ok(!strcmp(pubkey->Algorithm.pszObjId, szOID_ECC_PUBLIC_KEY),
-+       "Expected 1.2.840.10045.2.1, got %s\n", pubkey->Algorithm.pszObjId);
-+    ok(pubkey->Algorithm.Parameters.cbData == 10,
-+       "Expected 10 bytes parameters, got %d bytes\n", pubkey->Algorithm.Parameters.cbData);
-+    ok(pubkey->Algorithm.Parameters.pbData != NULL,
-+       "Expected pointer to parameters, got NULL\n");
-+
-+    ecc_curve = NULL;
-+    ret = pCryptDecodeObjectEx(X509_ASN_ENCODING, X509_OBJECT_IDENTIFIER, pubkey->Algorithm.Parameters.pbData,
-+                               pubkey->Algorithm.Parameters.cbData, decode_flags, NULL, &ecc_curve, &size);
-+    todo_wine ok(ret || broken(GetLastError() == ERROR_FILE_NOT_FOUND /* < Vista */),
-+                 "CryptDecodeObjectEx failed with %d\n", GetLastError());
-+    if (ret)
-+    {
-+        ok(!strcmp(*ecc_curve, szOID_ECC_CURVE_P256), "Expected 1.2.840.10045.3.1.7, got %s\n", *ecc_curve);
-+        LocalFree(ecc_curve);
-+    }
-+
-+    ecc_curve = NULL;
-+    ret = pCryptDecodeObjectEx(X509_ASN_ENCODING, szOID_ECC_PUBLIC_KEY, pubkey->Algorithm.Parameters.pbData,
-+                               pubkey->Algorithm.Parameters.cbData, decode_flags, NULL, &ecc_curve, &size);
-+    todo_wine ok(ret || broken(GetLastError() == ERROR_FILE_NOT_FOUND /* < Vista */),
-+                 "CryptDecodeObjectEx failed with %d\n", GetLastError());
-+    if (ret)
-+    {
-+        ok(!strcmp(*ecc_curve, szOID_ECC_CURVE_P256), "Expected 1.2.840.10045.3.1.7, got %s\n", *ecc_curve);
-+        LocalFree(ecc_curve);
-+    }
-+
-+    ok(pubkey->PublicKey.cbData == 65, "Expected 32 bytes parameters, got %d bytes\n", pubkey->PublicKey.cbData);
-+    ok(pubkey->PublicKey.pbData != NULL, "Expected pointer to parameters, got NULL\n");
-+    for (i = 0; i < pubkey->PublicKey.cbData; i++)
-+    {
-+        ok(eccPubKey[26+i] == pubkey->PublicKey.pbData[i], "Expected %02x, got %02x at offset %d\n",
-+           eccPubKey[26+i], pubkey->PublicKey.pbData[i], i);
-+    }
-+
-+    LocalFree(pubkey);
-+}
-+
- START_TEST(encode)
- {
-     static const DWORD encodings[] = { X509_ASN_ENCODING, PKCS_7_ASN_ENCODING,
-@@ -8602,4 +8769,5 @@ START_TEST(encode)
-         test_decodeRsaPrivateKey(encodings[i]);
-     }
-     testPortPublicKeyInfo();
-+    testECDSACert();
- }
--- 
-2.7.4
-