Release v5.16

Two patches have been disabled and I think they need to rewritten to use the
PS_ATTRIBUTE_TOKEN attribute instead of calling the RtlCreateUserProcess directly.

README.md

@@ -79,4 +79,32 @@ Contributing
 
 For information on contributing to Wine-Staging, please see
 <https://wiki.winehq.org/Wine-Staging_Contributing>. Note that GitHub pull
-requests are strongly dispreferred, especially for patches.
+requests are strongly dispreferred, especially for patches.
+
+Donations
+---------
+
+wine-staging is a large set of experimental patches which provide various
+improvements to WINE, but are not quite suitable for upstreaming. This set of
+patches has been continuously managed for many years by a small group of
+volunteers. The way this works is that we often review patches attached to
+various bug reports found at https://bugs.winehq.org/ which may fix bugs, but
+may not be quite suitable to be upstreamed due to needing some cleanup or more
+proper implementation. In the event that this happens, we add the patches to
+wine-staging instead, and keep them updated and maintained as well as attempt to
+clean them up to be upstreamed. We also both write and verify patches which fix
+various bugs that may not have patches, and in turn allow them run better using
+WINE. This includes testing on various hardware, games, and applications.
+
+Any expenses for applications, games, or hardware which we do not own comes out
+of pocket. In order to alleviate these expenses, we are now accepting donations.
+This in turn allows us to continue to perform testing, provide fixes, and get
+them upstreamed, ultimately aiming to provide a better experience for all WINE
+users. All of our work is provided publicly for free and can be found at
+<https://github.com/wine-staging/wine-staging>. We do not expect to be paid for
+any of the work provided, nor will donators receive any special benefits or
+compensation.
+
+Donations are recieved through Patreon. Anyone interested may donate here:
+
+https://www.patreon.com/winestaging

patches/Compiler_Warnings/0031-include-Check-element-type-in-CONTAINING_RECORD-and-.patch

@@ -1,4 +1,4 @@
-From 494fc3abe1eddabcf7cede677ee907284e89eea8 Mon Sep 17 00:00:00 2001
+From a349cc8bdcc3a083ea507dbbdeba9053e3a338e4 Mon Sep 17 00:00:00 2001
 From: Sebastian Lackner <sebastian@fds-team.de>
 Date: Tue, 22 Mar 2016 23:08:30 +0100
 Subject: [PATCH] include: Check element type in CONTAINING_RECORD and similar
@@ -11,7 +11,7 @@ Subject: [PATCH] include: Check element type in CONTAINING_RECORD and similar
  3 files changed, 24 insertions(+), 6 deletions(-)
 
 diff --git a/include/wine/list.h b/include/wine/list.h
-index b4d681fe..287ad394 100644
+index b4d681fe0f3..287ad394fae 100644
 --- a/include/wine/list.h
 +++ b/include/wine/list.h
 @@ -228,7 +228,13 @@ static inline void list_move_head( struct list *dst, struct list *src )
@@ -31,7 +31,7 @@ index b4d681fe..287ad394 100644
  
  #endif  /* __WINE_SERVER_LIST_H */
 diff --git a/include/wine/rbtree.h b/include/wine/rbtree.h
-index dc50b5e7..8130deb5 100644
+index 8aae29c8c10..330b3e8fbc9 100644
 --- a/include/wine/rbtree.h
 +++ b/include/wine/rbtree.h
 @@ -23,8 +23,14 @@
@@ -52,10 +52,10 @@ index dc50b5e7..8130deb5 100644
  struct wine_rb_entry
  {
 diff --git a/include/winnt.h b/include/winnt.h
-index 2b489382..a156efc4 100644
+index 46e17c546a7..d5c65d2017b 100644
 --- a/include/winnt.h
 +++ b/include/winnt.h
-@@ -760,8 +760,14 @@ typedef struct _MEMORY_BASIC_INFORMATION
+@@ -793,8 +793,14 @@ typedef struct _MEMORY_BASIC_INFORMATION
  #define RTL_FIELD_SIZE(type, field) (sizeof(((type *)0)->field))
  #define RTL_SIZEOF_THROUGH_FIELD(type, field) (FIELD_OFFSET(type, field) + RTL_FIELD_SIZE(type, field))
  
@@ -70,8 +70,8 @@ index 2b489382..a156efc4 100644
 +   ((type *)((PCHAR)(address) - offsetof(type, field)))
 +#endif
  
+ #define ARRAYSIZE(x) (sizeof(x) / sizeof((x)[0]))
  #ifdef __WINESRC__
- # define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
 -- 
-2.20.1
+2.26.2
 

patches/Staging/0001-kernel32-Add-winediag-message-to-show-warning-that-t.patch

@@ -1,18 +1,18 @@
-From 9e585de1f2f28e1ef18c1edca875779c491375cb Mon Sep 17 00:00:00 2001
+From aa9cb874b1fb89601d6a5a735b442b8a7aa7b3aa Mon Sep 17 00:00:00 2001
 From: Sebastian Lackner <sebastian@fds-team.de>
 Date: Thu, 2 Oct 2014 19:44:31 +0200
 Subject: [PATCH] kernel32: Add winediag message to show warning, that this
  isn't vanilla wine.
 
 ---
- dlls/kernel32/process.c | 10 ++++++++++
- 1 file changed, 10 insertions(+)
+ dlls/kernel32/process.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
 
 diff --git a/dlls/kernel32/process.c b/dlls/kernel32/process.c
-index 36ed82bff8c..b8a677c5485 100644
+index 8f506fcf1320..45bfe7fe7b5d 100644
 --- a/dlls/kernel32/process.c
 +++ b/dlls/kernel32/process.c
-@@ -65,6 +65,7 @@
+@@ -60,6 +60,7 @@
  
  WINE_DEFAULT_DEBUG_CHANNEL(process);
  WINE_DECLARE_DEBUG_CHANNEL(relay);
@@ -20,7 +20,15 @@ index 36ed82bff8c..b8a677c5485 100644
  
  typedef struct
  {
-@@ -997,6 +998,15 @@ void WINAPI start_process( LPTHREAD_START_ROUTINE entry, PEB *peb )
+@@ -125,6 +126,7 @@ static inline DWORD call_process_entry( PEB *peb, LPTHREAD_START_ROUTINE entry )
+ }
+ #endif
+ 
++extern const char * CDECL wine_get_version(void);
+ /***********************************************************************
+  *           __wine_start_process
+  *
+@@ -150,6 +152,15 @@ void CDECL __wine_start_process( LPTHREAD_START_ROUTINE entry, PEB *peb )
  
      __TRY
      {
@@ -37,5 +45,5 @@ index 36ed82bff8c..b8a677c5485 100644
              being_debugged = FALSE;
  
 -- 
-2.23.0
+2.26.2
 

patches/Staging/0002-winelib-Append-Staging-at-the-end-of-the-version-s.patch

@@ -1,17 +1,31 @@
-From 05ca39b029f8f710ca53aeafc36384fd39fd6b89 Mon Sep 17 00:00:00 2001
+From c097870c69720ece3874ad4ff987408a8c24ffb2 Mon Sep 17 00:00:00 2001
 From: Sebastian Lackner <sebastian@fds-team.de>
 Date: Thu, 2 Oct 2014 19:53:46 +0200
 Subject: [PATCH] winelib: Append '(Staging)' at the end of the version string.
 
 ---
- libs/wine/Makefile.in | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
+ dlls/ntdll/Makefile.in | 2 +-
+ libs/wine/Makefile.in  | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
 
+diff --git a/dlls/ntdll/Makefile.in b/dlls/ntdll/Makefile.in
+index ebf607e9d43..de93445d4e3 100644
+--- a/dlls/ntdll/Makefile.in
++++ b/dlls/ntdll/Makefile.in
+@@ -69,7 +69,7 @@ server_EXTRADEFS = \
+ 	-DBIN_TO_DATADIR=\"`$(MAKEDEP) -R ${bindir} ${datadir}/wine`\"
+ 
+ unix/version.c: dummy
+-	version=`(GIT_DIR=$(top_srcdir)/.git git describe HEAD 2>/dev/null || echo "wine-$(PACKAGE_VERSION)") | sed -n -e '$$s/\(.*\)/const char wine_build[] = "\1";/p'` && (echo $$version | cmp -s - $@) || echo $$version >$@ || (rm -f $@ && exit 1)
++	version=`(GIT_DIR=$(top_srcdir)/.git git describe HEAD 2>/dev/null || echo "wine-$(PACKAGE_VERSION)") | sed -n -e '$$s/\(.*\)/const char wine_build[] = "\1 (Staging)";/p'` && (echo $$version | cmp -s - $@) || echo $$version >$@ || (rm -f $@ && exit 1)
+ 
+ dummy:
+ .PHONY: dummy
 diff --git a/libs/wine/Makefile.in b/libs/wine/Makefile.in
-index 4833eb5..3cfa4f4 100644
+index fe2a2b45e58..1e55a6b1f46 100644
 --- a/libs/wine/Makefile.in
 +++ b/libs/wine/Makefile.in
-@@ -31,7 +31,7 @@ libwine_LDFLAGS = $(LIBWINE_LDFLAGS)
+@@ -100,7 +100,7 @@ libwine_LDFLAGS = $(LIBWINE_LDFLAGS)
  libwine_DEPS = $(LIBWINE_DEPENDS)
  
  version.c: dummy
@@ -21,5 +35,5 @@ index 4833eb5..3cfa4f4 100644
  dummy:
  .PHONY: dummy
 -- 
-1.9.1
+2.26.2
 

patches/Staging/0003-loader-Add-commandline-option-patches-to-show-the-pa.patch

@@ -1,66 +1,33 @@
-From 63d2046a8f4388fbc7c12a07ae5f412fccc1b202 Mon Sep 17 00:00:00 2001
+From eea7dea0e9488f8afc56b880d3d5f67d0b3d9f5c Mon Sep 17 00:00:00 2001
 From: Sebastian Lackner <sebastian@fds-team.de>
 Date: Thu, 29 May 2014 23:43:45 +0200
 Subject: [PATCH] loader: Add commandline option --patches to show the patch
  list.
 
 ---
- dlls/ntdll/misc.c      |  8 ++++++++
- dlls/ntdll/ntdll.spec  |  1 +
  include/wine/library.h |  1 +
  libs/wine/config.c     |  6 ++++++
  libs/wine/wine.map     |  1 +
  loader/main.c          | 42 +++++++++++++++++++++++++++++++++++++++++-
- 6 files changed, 58 insertions(+), 1 deletion(-)
+ 4 files changed, 49 insertions(+), 1 deletion(-)
 
-diff --git a/dlls/ntdll/misc.c b/dlls/ntdll/misc.c
-index c29a1c26c26..8906e194272 100644
---- a/dlls/ntdll/misc.c
-+++ b/dlls/ntdll/misc.c
-@@ -60,6 +60,14 @@ const char * CDECL NTDLL_wine_get_version(void)
-     return wine_get_version();
- }
- 
-+/*********************************************************************
-+ *                  wine_get_patches   (NTDLL.@)
-+ */
-+const void * CDECL NTDLL_wine_get_patches(void)
-+{
-+    return wine_get_patches();
-+}
-+
- /*********************************************************************
-  *                  wine_get_build_id   (NTDLL.@)
-  */
-diff --git a/dlls/ntdll/ntdll.spec b/dlls/ntdll/ntdll.spec
-index e61a2578da5..52db67fd978 100644
---- a/dlls/ntdll/ntdll.spec
-+++ b/dlls/ntdll/ntdll.spec
-@@ -1571,6 +1571,7 @@
- 
- # Version
- @ cdecl wine_get_version() NTDLL_wine_get_version
-+@ cdecl wine_get_patches() NTDLL_wine_get_patches
- @ cdecl wine_get_build_id() NTDLL_wine_get_build_id
- @ cdecl wine_get_host_version(ptr ptr) NTDLL_wine_get_host_version
- 
 diff --git a/include/wine/library.h b/include/wine/library.h
-index f338c4da190..1f992da6062 100644
+index 405ce0d9da3..eecb770b455 100644
 --- a/include/wine/library.h
 +++ b/include/wine/library.h
-@@ -47,6 +47,7 @@ extern const char *wine_get_data_dir(void);
- extern const char *wine_get_server_dir(void);
- extern const char *wine_get_user_name(void);
- extern const char *wine_get_version(void);
+@@ -41,6 +41,7 @@ extern "C" {
+ 
+ /* configuration */
+ 
 +extern const void *wine_get_patches(void);
- extern const char *wine_get_build_id(void);
  extern void wine_init_argv0_path( const char *argv0 );
  extern void wine_exec_wine_binary( const char *name, char **argv, const char *env_var );
+ 
 diff --git a/libs/wine/config.c b/libs/wine/config.c
-index 2a3314cbfda..5b66c063db6 100644
+index f5b4c0de9af..e52739d55ad 100644
 --- a/libs/wine/config.c
 +++ b/libs/wine/config.c
-@@ -504,6 +504,12 @@ const char *wine_get_version(void)
+@@ -515,6 +515,12 @@ const char *wine_get_version(void)
      return PACKAGE_VERSION;
  }
  
@@ -74,22 +41,22 @@ index 2a3314cbfda..5b66c063db6 100644
  const char *wine_get_build_id(void)
  {
 diff --git a/libs/wine/wine.map b/libs/wine/wine.map
-index 7ea849b908e..a7359ee7872 100644
+index 1143b129734..55f874d3e74 100644
 --- a/libs/wine/wine.map
 +++ b/libs/wine/wine.map
-@@ -22,6 +22,7 @@ WINE_1.0
-     wine_get_server_dir;
-     wine_get_user_name;
+@@ -13,6 +13,7 @@ WINE_1.0
+     wine_exec_wine_binary;
+     wine_get_build_id;
      wine_get_version;
 +    wine_get_patches;
      wine_init;
      wine_init_argv0_path;
      wine_mmap_add_reserved_area;
 diff --git a/loader/main.c b/loader/main.c
-index 407c897892d..d97d6b28bf8 100644
+index a92276fa412..00b02e23c26 100644
 --- a/loader/main.c
 +++ b/loader/main.c
-@@ -53,7 +53,8 @@ static void check_command_line( int argc, char *argv[] )
+@@ -57,7 +57,8 @@ static void check_command_line( int argc, char *argv[] )
      static const char usage[] =
          "Usage: wine PROGRAM [ARGUMENTS...]   Run the specified program\n"
          "       wine --help                   Display this help and exit\n"
@@ -99,7 +66,7 @@ index 407c897892d..d97d6b28bf8 100644
  
      if (argc <= 1)
      {
-@@ -70,6 +71,45 @@ static void check_command_line( int argc, char *argv[] )
+@@ -74,6 +75,45 @@ static void check_command_line( int argc, char *argv[] )
          printf( "%s\n", wine_get_build_id() );
          exit(0);
      }
@@ -146,5 +113,5 @@ index 407c897892d..d97d6b28bf8 100644
  
  
 -- 
-2.25.1
+2.28.0
 

patches/advapi32-CreateRestrictedToken/0001-ntdll-Implement-NtFilterToken.patch

@@ -1,29 +1,43 @@
-From 1eb8acd819f9eee8fdf154d0ef43881008265916 Mon Sep 17 00:00:00 2001
+From 1b222275e7faf71ae1e5c94e297004055ec6f82f Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
 Date: Fri, 4 Aug 2017 02:33:14 +0200
-Subject: ntdll: Implement NtFilterToken.
+Subject: [PATCH] ntdll: Implement NtFilterToken.
 
 ---
- dlls/ntdll/nt.c       | 59 ++++++++++++++++++++++++++++++++++++
- dlls/ntdll/ntdll.spec |  2 +-
- include/winnt.h       |  5 +++
- include/winternl.h    |  1 +
- server/process.c      |  2 +-
- server/protocol.def   | 10 ++++++
- server/security.h     |  4 ++-
- server/token.c        | 84 +++++++++++++++++++++++++++++++++++++++++++++++++--
- 8 files changed, 162 insertions(+), 5 deletions(-)
+ dlls/ntdll/ntdll.spec      |  2 +-
+ dlls/ntdll/unix/security.c | 64 +++++++++++++++++++++++++++++
+ include/winnt.h            |  5 +++
+ include/winternl.h         |  1 +
+ server/named_pipe.c        |  2 +-
+ server/process.c           |  2 +-
+ server/protocol.def        | 10 +++++
+ server/security.h          |  4 +-
+ server/token.c             | 84 +++++++++++++++++++++++++++++++++++++-
+ 9 files changed, 168 insertions(+), 6 deletions(-)
 
-diff --git a/dlls/ntdll/nt.c b/dlls/ntdll/nt.c
-index c3f5df3..59a08de 100644
---- a/dlls/ntdll/nt.c
-+++ b/dlls/ntdll/nt.c
-@@ -119,6 +119,65 @@ NTSTATUS WINAPI NtDuplicateToken(
+diff --git a/dlls/ntdll/ntdll.spec b/dlls/ntdll/ntdll.spec
+index a3bc57716da..f604c8a3c35 100644
+--- a/dlls/ntdll/ntdll.spec
++++ b/dlls/ntdll/ntdll.spec
+@@ -208,7 +208,7 @@
+ # @ stub NtEnumerateSystemEnvironmentValuesEx
+ @ stdcall -syscall NtEnumerateValueKey(long long long ptr long ptr)
+ @ stub NtExtendSection
+-# @ stub NtFilterToken
++@ stdcall -syscall NtFilterToken(long long ptr ptr ptr ptr)
+ @ stdcall -syscall NtFindAtom(ptr long ptr)
+ @ stdcall -syscall NtFlushBuffersFile(long ptr)
+ @ stdcall -syscall NtFlushInstructionCache(long ptr long)
+diff --git a/dlls/ntdll/unix/security.c b/dlls/ntdll/unix/security.c
+index daecc5e0591..d063d43d6d4 100644
+--- a/dlls/ntdll/unix/security.c
++++ b/dlls/ntdll/unix/security.c
+@@ -604,6 +604,70 @@ NTSTATUS WINAPI NtAdjustPrivilegesToken( HANDLE token, BOOLEAN disable, TOKEN_PR
  }
  
- /******************************************************************************
-+ *  NtFilterToken        [NTDLL.@]
-+ *  ZwFilterToken        [NTDLL.@]
+ 
++/***********************************************************************
++ *             NtFilterToken  (NTDLL.@)
 + */
 +NTSTATUS WINAPI NtFilterToken( HANDLE token, ULONG flags, TOKEN_GROUPS *disable_sids,
 +                               TOKEN_PRIVILEGES *privileges, TOKEN_GROUPS *restrict_sids,
@@ -52,14 +66,18 @@ index c3f5df3..59a08de 100644
 +        BYTE *tmp;
 +
 +        for (i = 0; i < disable_sids->GroupCount; i++)
-+            sids_len += RtlLengthSid( disable_sids->Groups[i].Sid );
++        {
++            SID *sid = disable_sids->Groups[i].Sid;
++            sids_len += offsetof( SID, SubAuthority[sid->SubAuthorityCount] );
++        }
 +
-+        sids = RtlAllocateHeap( GetProcessHeap(), 0, sids_len );
++        sids = malloc( sids_len );
 +        if (!sids) return STATUS_NO_MEMORY;
 +
 +        for (i = 0, tmp = (BYTE *)sids; i < disable_sids->GroupCount; i++, tmp += len)
 +        {
-+            len = RtlLengthSid( disable_sids->Groups[i].Sid );
++            SID *sid = disable_sids->Groups[i].Sid;
++            len = offsetof( SID, SubAuthority[sid->SubAuthorityCount] );
 +            memcpy( tmp, disable_sids->Groups[i].Sid, len );
 +        }
 +    }
@@ -76,32 +94,20 @@ index c3f5df3..59a08de 100644
 +    }
 +    SERVER_END_REQ;
 +
-+    RtlFreeHeap( GetProcessHeap(), 0, sids );
++    free( sids );
 +    return status;
 +}
 +
-+/******************************************************************************
-  *  NtOpenProcessToken		[NTDLL.@]
-  *  ZwOpenProcessToken		[NTDLL.@]
++
++
+ /***********************************************************************
+  *             NtPrivilegeCheck  (NTDLL.@)
   */
-diff --git a/dlls/ntdll/ntdll.spec b/dlls/ntdll/ntdll.spec
-index c260b0d..3c5e69c 100644
---- a/dlls/ntdll/ntdll.spec
-+++ b/dlls/ntdll/ntdll.spec
-@@ -176,7 +176,7 @@
- # @ stub NtEnumerateSystemEnvironmentValuesEx
- @ stdcall NtEnumerateValueKey(long long long ptr long ptr)
- @ stub NtExtendSection
--# @ stub NtFilterToken
-+@ stdcall NtFilterToken(long long ptr ptr ptr ptr)
- @ stdcall NtFindAtom(ptr long ptr)
- @ stdcall NtFlushBuffersFile(long ptr)
- @ stdcall NtFlushInstructionCache(long ptr long)
 diff --git a/include/winnt.h b/include/winnt.h
-index 16d96d8..4e238f9 100644
+index e1cf78420a6..da17fe3e330 100644
 --- a/include/winnt.h
 +++ b/include/winnt.h
-@@ -3904,6 +3904,11 @@ typedef enum _TOKEN_INFORMATION_CLASS {
+@@ -4221,6 +4221,11 @@ typedef enum _TOKEN_INFORMATION_CLASS {
  					TOKEN_ADJUST_SESSIONID | \
  					TOKEN_ADJUST_DEFAULT )
  
@@ -114,10 +120,10 @@ index 16d96d8..4e238f9 100644
  #define _SECURITY_DEFINED
  
 diff --git a/include/winternl.h b/include/winternl.h
-index c84e6d7..288f93e 100644
+index b3fbb90feff..4687a410ca4 100644
 --- a/include/winternl.h
 +++ b/include/winternl.h
-@@ -2303,6 +2303,7 @@ NTSYSAPI NTSTATUS  WINAPI NtDuplicateToken(HANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES
+@@ -2749,6 +2749,7 @@ NTSYSAPI NTSTATUS  WINAPI NtDuplicateToken(HANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES
  NTSYSAPI NTSTATUS  WINAPI NtEnumerateKey(HANDLE,ULONG,KEY_INFORMATION_CLASS,void *,DWORD,DWORD *);
  NTSYSAPI NTSTATUS  WINAPI NtEnumerateValueKey(HANDLE,ULONG,KEY_VALUE_INFORMATION_CLASS,PVOID,ULONG,PULONG);
  NTSYSAPI NTSTATUS  WINAPI NtExtendSection(HANDLE,PLARGE_INTEGER);
@@ -125,11 +131,24 @@ index c84e6d7..288f93e 100644
  NTSYSAPI NTSTATUS  WINAPI NtFindAtom(const WCHAR*,ULONG,RTL_ATOM*);
  NTSYSAPI NTSTATUS  WINAPI NtFlushBuffersFile(HANDLE,IO_STATUS_BLOCK*);
  NTSYSAPI NTSTATUS  WINAPI NtFlushInstructionCache(HANDLE,LPCVOID,SIZE_T);
+diff --git a/server/named_pipe.c b/server/named_pipe.c
+index b259abb8de4..4cd4d7dc4a8 100644
+--- a/server/named_pipe.c
++++ b/server/named_pipe.c
+@@ -1142,7 +1142,7 @@ static int pipe_server_ioctl( struct fd *fd, ioctl_code_t code, struct async *as
+         if (current->process->token) /* FIXME: use the client token */
+         {
+             struct token *token;
+-            if (!(token = token_duplicate( current->process->token, 0, SecurityImpersonation, NULL )))
++            if (!(token = token_duplicate( current->process->token, 0, SecurityImpersonation, NULL, NULL, 0, NULL, 0 )))
+                 return 0;
+             if (current->token) release_object( current->token );
+             current->token = token;
 diff --git a/server/process.c b/server/process.c
-index f8739d0..71d9d6d 100644
+index 5e587b28cbe..406167e825b 100644
 --- a/server/process.c
 +++ b/server/process.c
-@@ -566,7 +566,7 @@ struct thread *create_process( int fd, struct thread *parent_thread, int inherit
+@@ -577,7 +577,7 @@ struct process *create_process( int fd, struct process *parent, int inherit_all,
                                         : alloc_handle_table( process, 0 );
          /* Note: for security reasons, starting a new process does not attempt
           * to use the current impersonation token for the new process */
@@ -139,10 +158,10 @@ index f8739d0..71d9d6d 100644
      }
      if (!process->handles || !process->token) goto error;
 diff --git a/server/protocol.def b/server/protocol.def
-index 35824ae..6ee6d28 100644
+index a121c371c19..ee07b1eca14 100644
 --- a/server/protocol.def
 +++ b/server/protocol.def
-@@ -3356,6 +3356,16 @@ enum caret_state
+@@ -3263,6 +3263,16 @@ enum caret_state
      obj_handle_t  new_handle; /* duplicated handle */
  @END
  
@@ -160,10 +179,10 @@ index 35824ae..6ee6d28 100644
      obj_handle_t    handle; /* handle to the token */
      unsigned int    desired_access; /* desired access to the object */
 diff --git a/server/security.h b/server/security.h
-index 873bbc6..bc4a8f6 100644
+index 606dbb2ab2c..6c337143c3d 100644
 --- a/server/security.h
 +++ b/server/security.h
-@@ -55,7 +55,9 @@ extern const PSID security_high_label_sid;
+@@ -56,7 +56,9 @@ extern const PSID security_high_label_sid;
  extern struct token *token_create_admin(void);
  extern int token_assign_label( struct token *token, PSID label );
  extern struct token *token_duplicate( struct token *src_token, unsigned primary,
@@ -175,10 +194,10 @@ index 873bbc6..bc4a8f6 100644
                                     const LUID_AND_ATTRIBUTES *reqprivs,
                                     unsigned int count, LUID_AND_ATTRIBUTES *usedprivs);
 diff --git a/server/token.c b/server/token.c
-index 0810a61..2f6a467 100644
+index 2fa95e17aaf..38a4c203d54 100644
 --- a/server/token.c
 +++ b/server/token.c
-@@ -276,6 +276,19 @@ static int acl_is_valid( const ACL *acl, data_size_t size )
+@@ -285,6 +285,19 @@ static int acl_is_valid( const ACL *acl, data_size_t size )
      return TRUE;
  }
  
@@ -198,7 +217,7 @@ index 0810a61..2f6a467 100644
  /* checks whether all members of a security descriptor fit inside the size
   * of memory specified */
  int sd_is_valid( const struct security_descriptor *sd, data_size_t size )
-@@ -619,8 +632,36 @@ static struct token *create_token( unsigned primary, const SID *user,
+@@ -626,8 +639,36 @@ static struct token *create_token( unsigned primary, const SID *user,
      return token;
  }
  
@@ -236,7 +255,7 @@ index 0810a61..2f6a467 100644
  {
      const luid_t *modified_id =
          primary || (impersonation_level == src_token->impersonation_level) ?
-@@ -656,6 +697,12 @@ struct token *token_duplicate( struct token *src_token, unsigned primary,
+@@ -663,6 +704,12 @@ struct token *token_duplicate( struct token *src_token, unsigned primary,
              return NULL;
          }
          memcpy( newgroup, group, size );
@@ -249,7 +268,7 @@ index 0810a61..2f6a467 100644
          list_add_tail( &token->groups, &newgroup->entry );
          if (src_token->primary_group == &group->sid)
          {
-@@ -667,11 +714,14 @@ struct token *token_duplicate( struct token *src_token, unsigned primary,
+@@ -674,11 +721,14 @@ struct token *token_duplicate( struct token *src_token, unsigned primary,
  
      /* copy privileges */
      LIST_FOR_EACH_ENTRY( privilege, &src_token->privileges, struct privilege, entry )
@@ -264,7 +283,7 @@ index 0810a61..2f6a467 100644
  
      if (sd) default_set_sd( &token->obj, sd, OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
                              DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION );
-@@ -1304,7 +1354,7 @@ DECL_HANDLER(duplicate_token)
+@@ -1311,7 +1361,7 @@ DECL_HANDLER(duplicate_token)
                                                       TOKEN_DUPLICATE,
                                                       &token_ops )))
      {
@@ -273,7 +292,7 @@ index 0810a61..2f6a467 100644
          if (token)
          {
              reply->new_handle = alloc_handle_no_access_check( current->process, token, req->access, objattr->attributes );
-@@ -1314,6 +1364,36 @@ DECL_HANDLER(duplicate_token)
+@@ -1321,6 +1371,36 @@ DECL_HANDLER(duplicate_token)
      }
  }
  
@@ -311,5 +330,5 @@ index 0810a61..2f6a467 100644
  DECL_HANDLER(check_token_privileges)
  {
 -- 
-2.7.4
+2.27.0
 

patches/advapi32-Token_Integrity_Level/0002-server-Implement-token-elevation-information.patch

@@ -1,38 +1,39 @@
-From c8dc0ec6406e8449b59c219ede2e9bd88d8a56fa Mon Sep 17 00:00:00 2001
+From d2e98b2054a5af671fd81ded32f2cf60a062312c Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
 Date: Sat, 5 Aug 2017 00:26:03 +0200
 Subject: [PATCH] server: Implement token elevation information.
 
 ---
- dlls/ntdll/nt.c     | 16 ++++++++++++----
- server/protocol.def |  8 ++++++++
- server/token.c      | 22 +++++++++++++++++++---
+ dlls/ntdll/unix/security.c | 16 ++++++++++++----
+ server/protocol.def        |  8 ++++++++
+ server/token.c             | 22 +++++++++++++++++++---
  3 files changed, 39 insertions(+), 7 deletions(-)
 
-diff --git a/dlls/ntdll/nt.c b/dlls/ntdll/nt.c
-index cd271fde9c..b1dd999cf5 100644
---- a/dlls/ntdll/nt.c
-+++ b/dlls/ntdll/nt.c
-@@ -625,18 +625,26 @@ NTSTATUS WINAPI NtQueryInformationToken(
-         SERVER_END_REQ;
+diff --git a/dlls/ntdll/unix/security.c b/dlls/ntdll/unix/security.c
+index d063d43d6d4..03a81afa46e 100644
+--- a/dlls/ntdll/unix/security.c
++++ b/dlls/ntdll/unix/security.c
+@@ -390,19 +390,27 @@ NTSTATUS WINAPI NtQueryInformationToken( HANDLE token, TOKEN_INFORMATION_CLASS c
          break;
+ 
      case TokenElevationType:
 +        SERVER_START_REQ( get_token_elevation_type )
          {
-             TOKEN_ELEVATION_TYPE *elevation_type = tokeninfo;
+             TOKEN_ELEVATION_TYPE *type = info;
 -            FIXME("QueryInformationToken( ..., TokenElevationType, ...) semi-stub\n");
--            *elevation_type = TokenElevationTypeFull;
+-            *type = TokenElevationTypeFull;
 +            req->handle = wine_server_obj_handle( token );
 +            status = wine_server_call( req );
 +            if (status == STATUS_SUCCESS)
-+                *elevation_type = reply->elevation;
++                *type = reply->elevation;
          }
 +        SERVER_END_REQ;
          break;
+ 
      case TokenElevation:
 +        SERVER_START_REQ( get_token_elevation_type )
          {
-             TOKEN_ELEVATION *elevation = tokeninfo;
+             TOKEN_ELEVATION *elevation = info;
 -            FIXME("QueryInformationToken( ..., TokenElevation, ...) semi-stub\n");
 -            elevation->TokenIsElevated = TRUE;
 +            req->handle = wine_server_obj_handle( token );
@@ -42,13 +43,13 @@ index cd271fde9c..b1dd999cf5 100644
          }
 +        SERVER_END_REQ;
          break;
+ 
      case TokenSessionId:
-         {
 diff --git a/server/protocol.def b/server/protocol.def
-index 90af9df7f4..93afaabca1 100644
+index ee07b1eca14..84f0b577d72 100644
 --- a/server/protocol.def
 +++ b/server/protocol.def
-@@ -3643,6 +3643,14 @@ struct handle_info
+@@ -3566,6 +3566,14 @@ struct handle_info
  @END
  
  
@@ -64,10 +65,10 @@ index 90af9df7f4..93afaabca1 100644
  @REQ(create_completion)
      unsigned int access;          /* desired access to a port */
 diff --git a/server/token.c b/server/token.c
-index 6d193603b4..64f20e1b57 100644
+index 38a4c203d54..14343637af5 100644
 --- a/server/token.c
 +++ b/server/token.c
-@@ -112,6 +112,7 @@ struct token
+@@ -110,6 +110,7 @@ struct token
      ACL           *default_dacl;    /* the default DACL to assign to objects created by this user */
      TOKEN_SOURCE   source;          /* source of the token */
      int            impersonation_level; /* impersonation level this token is capable of if non-primary token */
@@ -75,7 +76,7 @@ index 6d193603b4..64f20e1b57 100644
  };
  
  struct privilege
-@@ -545,7 +546,7 @@ static struct token *create_token( unsigned primary, const SID *user,
+@@ -552,7 +553,7 @@ static struct token *create_token( unsigned primary, const SID *user,
                                     const LUID_AND_ATTRIBUTES *privs, unsigned int priv_count,
                                     const ACL *default_dacl, TOKEN_SOURCE source,
                                     const luid_t *modified_id,
@@ -84,7 +85,7 @@ index 6d193603b4..64f20e1b57 100644
  {
      struct token *token = alloc_object( &token_ops );
      if (token)
-@@ -567,6 +568,7 @@ static struct token *create_token( unsigned primary, const SID *user,
+@@ -574,6 +575,7 @@ static struct token *create_token( unsigned primary, const SID *user,
              token->impersonation_level = impersonation_level;
          token->default_dacl = NULL;
          token->primary_group = NULL;
@@ -92,7 +93,7 @@ index 6d193603b4..64f20e1b57 100644
  
          /* copy user */
          token->user = memdup( user, security_sid_len( user ));
-@@ -682,7 +684,8 @@ struct token *token_duplicate( struct token *src_token, unsigned primary,
+@@ -689,7 +691,8 @@ struct token *token_duplicate( struct token *src_token, unsigned primary,
      token = create_token( primary, src_token->user, NULL, 0,
                            NULL, 0, src_token->default_dacl,
                            src_token->source, modified_id,
@@ -102,7 +103,7 @@ index 6d193603b4..64f20e1b57 100644
      if (!token) return token;
  
      /* copy groups */
-@@ -888,7 +891,7 @@ struct token *token_create_admin( void )
+@@ -895,7 +898,7 @@ struct token *token_create_admin( void )
          static const TOKEN_SOURCE admin_source = {"SeMgr", {0, 0}};
          token = create_token( TRUE, user_sid, admin_groups, ARRAY_SIZE( admin_groups ),
                                admin_privs, ARRAY_SIZE( admin_privs ), default_dacl,
@@ -111,7 +112,7 @@ index 6d193603b4..64f20e1b57 100644
          /* we really need a primary group */
          assert( token->primary_group );
      }
-@@ -1627,6 +1630,19 @@ DECL_HANDLER(get_token_statistics)
+@@ -1634,6 +1637,19 @@ DECL_HANDLER(get_token_statistics)
      }
  }
  
@@ -132,5 +133,5 @@ index 6d193603b4..64f20e1b57 100644
  {
      struct token *token;
 -- 
-2.19.1
+2.27.0
 

patches/advapi32-Token_Integrity_Level/0004-server-Implement-token-integrity-level.patch

@@ -1,19 +1,19 @@
-From ae503e8e7eb8f4fcb9bf3e642458c2a1bba6ccaa Mon Sep 17 00:00:00 2001
+From 6dc1b7d9e533379133857629bb9c09e1045a9020 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
 Date: Mon, 7 Aug 2017 02:28:35 +0200
 Subject: [PATCH] server: Implement token integrity level.
 
 ---
- dlls/ntdll/nt.c     | 23 ++++++++++++++---------
- server/protocol.def |  7 +++++++
- server/token.c      | 30 +++++++++++++++++++++++++++---
+ dlls/ntdll/unix/security.c | 23 ++++++++++++++---------
+ server/protocol.def        |  7 +++++++
+ server/token.c             | 30 +++++++++++++++++++++++++++---
  3 files changed, 48 insertions(+), 12 deletions(-)
 
-diff --git a/dlls/ntdll/nt.c b/dlls/ntdll/nt.c
-index ca26ab15..8aab0a48 100644
---- a/dlls/ntdll/nt.c
-+++ b/dlls/ntdll/nt.c
-@@ -400,7 +400,7 @@ NTSTATUS WINAPI NtQueryInformationToken(
+diff --git a/dlls/ntdll/unix/security.c b/dlls/ntdll/unix/security.c
+index 03a81afa46e..f0057116dee 100644
+--- a/dlls/ntdll/unix/security.c
++++ b/dlls/ntdll/unix/security.c
+@@ -172,7 +172,7 @@ NTSTATUS WINAPI NtQueryInformationToken( HANDLE token, TOKEN_INFORMATION_CLASS c
          0,    /* TokenAccessInformation */
          0,    /* TokenVirtualizationAllowed */
          sizeof(DWORD), /* TokenVirtualizationEnabled */
@@ -22,9 +22,9 @@ index ca26ab15..8aab0a48 100644
          0,    /* TokenUIAccess */
          0,    /* TokenMandatoryPolicy */
          0,    /* TokenLogonSid */
-@@ -659,18 +659,23 @@ NTSTATUS WINAPI NtQueryInformationToken(
-         }
+@@ -428,18 +428,23 @@ NTSTATUS WINAPI NtQueryInformationToken( HANDLE token, TOKEN_INFORMATION_CLASS c
          break;
+ 
      case TokenIntegrityLevel:
 +        SERVER_START_REQ( get_token_integrity )
          {
@@ -32,14 +32,14 @@ index ca26ab15..8aab0a48 100644
 -            static const SID high_level = {SID_REVISION, 1, {SECURITY_MANDATORY_LABEL_AUTHORITY},
 -                                                            {SECURITY_MANDATORY_HIGH_RID}};
 -
-             TOKEN_MANDATORY_LABEL *tml = tokeninfo;
+             TOKEN_MANDATORY_LABEL *tml = info;
 -            PSID psid = tml + 1;
 +            PSID sid = tml + 1;
-+            DWORD sid_len = tokeninfolength < sizeof(*tml) ? 0 : tokeninfolength - sizeof(*tml);
++            DWORD sid_len = length < sizeof(*tml) ? 0 : length - sizeof(*tml);
  
 -            tml->Label.Sid = psid;
 -            tml->Label.Attributes = SE_GROUP_INTEGRITY | SE_GROUP_INTEGRITY_ENABLED;
--            memcpy(psid, &high_level, sizeof(SID));
+-            memcpy( psid, &high_level, sizeof(SID) );
 +            req->handle = wine_server_obj_handle( token );
 +            wine_server_set_reply( req, sid, sid_len );
 +            status = wine_server_call( req );
@@ -52,13 +52,13 @@ index ca26ab15..8aab0a48 100644
          }
 +        SERVER_END_REQ;
          break;
+ 
      case TokenAppContainerSid:
-         {
 diff --git a/server/protocol.def b/server/protocol.def
-index 11221d7d..1bfe3234 100644
+index 84f0b577d72..4d37a0df348 100644
 --- a/server/protocol.def
 +++ b/server/protocol.def
-@@ -3405,6 +3405,13 @@ enum caret_state
+@@ -3296,6 +3296,13 @@ enum caret_state
      VARARG(sid,SID);              /* the sid specified by which_sid from the token */
  @END
  
@@ -73,10 +73,10 @@ index 11221d7d..1bfe3234 100644
      obj_handle_t    handle;       /* handle to the token */
  @REPLY
 diff --git a/server/token.c b/server/token.c
-index ccde0c2d..2d81118a 100644
+index 7c510fbdad9..d267991f751 100644
 --- a/server/token.c
 +++ b/server/token.c
-@@ -113,6 +113,7 @@ struct token
+@@ -111,6 +111,7 @@ struct token
      TOKEN_SOURCE   source;          /* source of the token */
      int            impersonation_level; /* impersonation level this token is capable of if non-primary token */
      TOKEN_ELEVATION_TYPE elevation; /* elevation level */
@@ -84,7 +84,7 @@ index ccde0c2d..2d81118a 100644
  };
  
  struct privilege
-@@ -546,7 +547,8 @@ static struct token *create_token( unsigned primary, const SID *user,
+@@ -553,7 +554,8 @@ static struct token *create_token( unsigned primary, const SID *user,
                                     const LUID_AND_ATTRIBUTES *privs, unsigned int priv_count,
                                     const ACL *default_dacl, TOKEN_SOURCE source,
                                     const luid_t *modified_id,
@@ -94,7 +94,7 @@ index ccde0c2d..2d81118a 100644
  {
      struct token *token = alloc_object( &token_ops );
      if (token)
-@@ -630,6 +632,7 @@ static struct token *create_token( unsigned primary, const SID *user,
+@@ -637,6 +639,7 @@ static struct token *create_token( unsigned primary, const SID *user,
          }
  
          token->source = source;
@@ -102,7 +102,7 @@ index ccde0c2d..2d81118a 100644
      }
      return token;
  }
-@@ -685,7 +688,8 @@ struct token *token_duplicate( struct token *src_token, unsigned primary,
+@@ -692,7 +695,8 @@ struct token *token_duplicate( struct token *src_token, unsigned primary,
                            NULL, 0, src_token->default_dacl,
                            src_token->source, modified_id,
                            impersonation_level,
@@ -112,7 +112,7 @@ index ccde0c2d..2d81118a 100644
      if (!token) return token;
  
      /* copy groups */
-@@ -890,7 +894,7 @@ struct token *token_create_admin( void )
+@@ -898,7 +902,7 @@ struct token *token_create_admin( void )
          static const TOKEN_SOURCE admin_source = {"SeMgr", {0, 0}};
          token = create_token( TRUE, user_sid, admin_groups, ARRAY_SIZE( admin_groups ),
                                admin_privs, ARRAY_SIZE( admin_privs ), default_dacl,
@@ -121,7 +121,7 @@ index ccde0c2d..2d81118a 100644
          /* we really need a primary group */
          assert( token->primary_group );
      }
-@@ -1524,6 +1528,26 @@ DECL_HANDLER(get_token_sid)
+@@ -1532,6 +1536,26 @@ DECL_HANDLER(get_token_sid)
      }
  }
  
@@ -149,5 +149,5 @@ index ccde0c2d..2d81118a 100644
  DECL_HANDLER(get_token_groups)
  {
 -- 
-2.19.1
+2.27.0
 

patches/advapi32-Token_Integrity_Level/0006-ntdll-Add-function-to-create-new-tokens-for-elevatio.patch

@@ -1,4 +1,4 @@
-From 8fe522dadc480b57415a7b63e0752de113851231 Mon Sep 17 00:00:00 2001
+From c47977a8bbd739483589d1f01cfece435be1c100 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
 Date: Sat, 5 Aug 2017 01:45:29 +0200
 Subject: [PATCH] ntdll: Add function to create new tokens for elevation
@@ -14,10 +14,10 @@ Subject: [PATCH] ntdll: Add function to create new tokens for elevation
  6 files changed, 117 insertions(+)
 
 diff --git a/dlls/ntdll/ntdll.spec b/dlls/ntdll/ntdll.spec
-index 853da5c3fcf..33c1355c8b5 100644
+index 0997c310110..8e3786e1972 100644
 --- a/dlls/ntdll/ntdll.spec
 +++ b/dlls/ntdll/ntdll.spec
-@@ -1569,6 +1569,9 @@
+@@ -1600,6 +1600,9 @@
  # Virtual memory
  @ cdecl __wine_locked_recvmsg(long ptr long)
  
@@ -25,27 +25,27 @@ index 853da5c3fcf..33c1355c8b5 100644
 +@ cdecl __wine_create_default_token(long)
 +
  # Version
- @ cdecl wine_get_version() NTDLL_wine_get_version
- @ cdecl wine_get_patches() NTDLL_wine_get_patches
+ @ cdecl wine_get_version()
+ @ cdecl wine_get_build_id()
 diff --git a/dlls/ntdll/ntdll_misc.h b/dlls/ntdll/ntdll_misc.h
-index b62239de5b4..d494dc71263 100644
+index 63ceac42e94..5a98501381b 100644
 --- a/dlls/ntdll/ntdll_misc.h
 +++ b/dlls/ntdll/ntdll_misc.h
-@@ -96,6 +96,9 @@ extern int __wine_main_argc;
- extern char **__wine_main_argv;
- extern WCHAR **__wine_main_wargv;
+@@ -67,6 +67,9 @@ extern void init_user_process_params(void) DECLSPEC_HIDDEN;
+ extern NTSTATUS restart_process( RTL_USER_PROCESS_PARAMETERS *params, NTSTATUS status ) DECLSPEC_HIDDEN;
+ extern void CDECL DECLSPEC_NORETURN signal_start_thread( CONTEXT *ctx ) DECLSPEC_HIDDEN;
  
 +/* token */
 +extern HANDLE CDECL __wine_create_default_token(BOOL admin);
 +
  /* server support */
- extern timeout_t server_start_time DECLSPEC_HIDDEN;
- extern unsigned int server_cpus DECLSPEC_HIDDEN;
+ extern BOOL is_wow64 DECLSPEC_HIDDEN;
+ 
 diff --git a/dlls/ntdll/process.c b/dlls/ntdll/process.c
-index 6d506c85306..9940e6cf7c9 100644
+index 77ba5b371e2..3e91a1fa9c4 100644
 --- a/dlls/ntdll/process.c
 +++ b/dlls/ntdll/process.c
-@@ -124,6 +124,24 @@ HANDLE CDECL __wine_make_process_system(void)
+@@ -72,6 +72,24 @@ HANDLE CDECL __wine_make_process_system(void)
      return ret;
  }
  
@@ -67,14 +67,14 @@ index 6d506c85306..9940e6cf7c9 100644
 +    return ret;
 +}
 +
- static UINT process_error_mode;
- 
- #define UNIMPLEMENTED_INFO_CLASS(c) \
+ /***********************************************************************
+  *           restart_process
+  */
 diff --git a/server/protocol.def b/server/protocol.def
-index efacadac42b..434cd11baf0 100644
+index 30a102d7b82..a9308904afc 100644
 --- a/server/protocol.def
 +++ b/server/protocol.def
-@@ -3749,6 +3749,14 @@ struct handle_info
+@@ -3481,6 +3481,14 @@ struct handle_info
  @END
  
  
@@ -215,5 +215,5 @@ index c4f1cd943c2..970ed1838da 100644
 +    }
 +}
 -- 
-2.26.0
+2.28.0
 

patches/advapi32-Token_Integrity_Level/0008-ntdll-Implement-process-token-elevation-through-mani.patch

@@ -1,4 +1,4 @@
-From 6a09d34647aa517e45bc0bb20a92d0d94a1da888 Mon Sep 17 00:00:00 2001
+From 51cde3dff5de27d1aebc964a4802758534d56773 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
 Date: Sat, 5 Aug 2017 03:39:55 +0200
 Subject: [PATCH] ntdll: Implement process token elevation through manifests.
@@ -12,10 +12,10 @@ Subject: [PATCH] ntdll: Implement process token elevation through manifests.
  5 files changed, 67 insertions(+)
 
 diff --git a/dlls/ntdll/loader.c b/dlls/ntdll/loader.c
-index 2f203447e..7c5dd308b 100644
+index 6290cbcb4e6..9a8f13901b2 100644
 --- a/dlls/ntdll/loader.c
 +++ b/dlls/ntdll/loader.c
-@@ -3804,6 +3804,32 @@ void WINAPI LdrInitializeThunk( CONTEXT *context, void **entry, ULONG_PTR unknow
+@@ -3489,6 +3489,32 @@ void WINAPI LdrInitializeThunk( CONTEXT *context, void **entry, ULONG_PTR unknow
  }
  
  
@@ -48,17 +48,17 @@ index 2f203447e..7c5dd308b 100644
  /***********************************************************************
   *           load_global_options
   */
-@@ -4233,6 +4259,7 @@ void __wine_process_init(void)
-                                       's','y','s','t','e','m','3','2','\\',
+@@ -3900,6 +3926,7 @@ void __wine_process_init(void)
                                        'k','e','r','n','e','l','3','2','.','d','l','l',0};
+     void (WINAPI *kernel32_start_process)(LPTHREAD_START_ROUTINE,void*) = NULL;
      RTL_USER_PROCESS_PARAMETERS *params;
 +    ACTIVATION_CONTEXT_RUN_LEVEL_INFORMATION runlevel;
      WINE_MODREF *wm;
      NTSTATUS status;
      ANSI_STRING func_name;
-@@ -4324,6 +4351,16 @@ void __wine_process_init(void)
- 
-     virtual_set_large_address_space();
+@@ -4021,6 +4048,16 @@ void __wine_process_init(void)
+     }
+ #endif
  
 +    /* elevate process if necessary */
 +    status = RtlQueryInformationActivationContext( 0, NULL, 0, RunlevelInformationInActivationContext,
@@ -71,14 +71,14 @@ index 2f203447e..7c5dd308b 100644
 +    }
 +
      /* the main exe needs to be the first in the load order list */
-     RemoveEntryList( &wm->ldr.InLoadOrderModuleList );
-     InsertHeadList( &peb->LdrData->InLoadOrderModuleList, &wm->ldr.InLoadOrderModuleList );
+     RemoveEntryList( &wm->ldr.InLoadOrderLinks );
+     InsertHeadList( &peb->LdrData->InLoadOrderModuleList, &wm->ldr.InLoadOrderLinks );
 diff --git a/server/process.c b/server/process.c
-index 4c7da9223..d6f71a774 100644
+index fa8495511e0..df72efdecc8 100644
 --- a/server/process.c
 +++ b/server/process.c
-@@ -1107,6 +1107,14 @@ struct process_snapshot *process_snap( int *count )
-     return snapshot;
+@@ -1086,6 +1086,14 @@ int set_process_debug_flag( struct process *process, int flag )
+     return write_process_memory( process, process->peb + 2, 1, &data );
  }
  
 +/* replace the token of a process */
@@ -93,22 +93,22 @@ index 4c7da9223..d6f71a774 100644
  DECL_HANDLER(new_process)
  {
 diff --git a/server/process.h b/server/process.h
-index 5b83e111a..dfe5c4e52 100644
+index 0fdf070b78e..43e8cc1ad7e 100644
 --- a/server/process.h
 +++ b/server/process.h
-@@ -139,6 +139,7 @@ extern void kill_debugged_processes( struct thread *debugger, int exit_code );
+@@ -129,6 +129,7 @@ extern void kill_console_processes( struct thread *renderer, int exit_code );
+ extern void kill_debugged_processes( struct thread *debugger, int exit_code );
  extern void detach_debugged_processes( struct thread *debugger );
- extern struct process_snapshot *process_snap( int *count );
  extern void enum_processes( int (*cb)(struct process*, void*), void *user);
 +extern void replace_process_token( struct process *process, struct token *token );
  
  /* console functions */
- extern void inherit_console( struct thread *parent_thread, struct process *parent,
+ extern obj_handle_t inherit_console( struct thread *parent_thread, obj_handle_t handle,
 diff --git a/server/protocol.def b/server/protocol.def
-index 6022e1715..45ab670ea 100644
+index a9308904afc..8c40fba8d0a 100644
 --- a/server/protocol.def
 +++ b/server/protocol.def
-@@ -3755,6 +3755,13 @@ struct handle_info
+@@ -3489,6 +3489,13 @@ struct handle_info
  @END
  
  
@@ -123,10 +123,10 @@ index 6022e1715..45ab670ea 100644
  @REQ(create_completion)
      unsigned int access;          /* desired access to a port */
 diff --git a/server/token.c b/server/token.c
-index fcab79955..181219d21 100644
+index 970ed1838da..1c1d49989b3 100644
 --- a/server/token.c
 +++ b/server/token.c
-@@ -1806,3 +1806,17 @@ DECL_HANDLER(create_token)
+@@ -1804,3 +1804,17 @@ DECL_HANDLER(create_token)
          release_object( token );
      }
  }
@@ -145,5 +145,5 @@ index fcab79955..181219d21 100644
 +    }
 +}
 -- 
-2.24.0
+2.28.0
 

patches/advapi32-Token_Integrity_Level/0015-ntdll-Add-semi-stub-for-TokenLinkedToken-info-class.patch

@@ -1,17 +1,25 @@
-From 6d4621ddba8139747345c05f6251bae9b3c68e39 Mon Sep 17 00:00:00 2001
+From e34d019222909281390f83149be755a4145024c4 Mon Sep 17 00:00:00 2001
 From: Sebastian Lackner <sebastian@fds-team.de>
 Date: Mon, 7 Aug 2017 15:28:33 +0200
-Subject: ntdll: Add semi-stub for TokenLinkedToken info class.
+Subject: [PATCH] ntdll: Add semi-stub for TokenLinkedToken info class.
 
 ---
- dlls/ntdll/nt.c | 28 +++++++++++++++++++++++++++-
- 1 file changed, 27 insertions(+), 1 deletion(-)
+ dlls/ntdll/unix/security.c | 30 +++++++++++++++++++++++++++++-
+ 1 file changed, 29 insertions(+), 1 deletion(-)
 
-diff --git a/dlls/ntdll/nt.c b/dlls/ntdll/nt.c
-index 6f2b24e6ba4..99dba58b426 100644
---- a/dlls/ntdll/nt.c
-+++ b/dlls/ntdll/nt.c
-@@ -366,7 +366,7 @@ NTSTATUS WINAPI NtQueryInformationToken(
+diff --git a/dlls/ntdll/unix/security.c b/dlls/ntdll/unix/security.c
+index f0057116dee..2769e5f6a7b 100644
+--- a/dlls/ntdll/unix/security.c
++++ b/dlls/ntdll/unix/security.c
+@@ -138,6 +138,7 @@ NTSTATUS WINAPI NtDuplicateToken( HANDLE token, ACCESS_MASK access, OBJECT_ATTRI
+     return status;
+ }
+ 
++extern HANDLE CDECL __wine_create_default_token(BOOL admin);
+ 
+ /***********************************************************************
+  *             NtQueryInformationToken  (NTDLL.@)
+@@ -166,7 +167,7 @@ NTSTATUS WINAPI NtQueryInformationToken( HANDLE token, TOKEN_INFORMATION_CLASS c
          0,    /* TokenAuditPolicy */
          0,    /* TokenOrigin */
          sizeof(TOKEN_ELEVATION_TYPE), /* TokenElevationType */
@@ -20,14 +28,14 @@ index 6f2b24e6ba4..99dba58b426 100644
          sizeof(TOKEN_ELEVATION), /* TokenElevation */
          0,    /* TokenHasRestrictions */
          0,    /* TokenAccessInformation */
-@@ -607,6 +607,32 @@ NTSTATUS WINAPI NtQueryInformationToken(
-         }
+@@ -401,6 +402,33 @@ NTSTATUS WINAPI NtQueryInformationToken( HANDLE token, TOKEN_INFORMATION_CLASS c
          SERVER_END_REQ;
          break;
+ 
 +    case TokenLinkedToken:
 +        SERVER_START_REQ( get_token_elevation_type )
 +        {
-+            TOKEN_LINKED_TOKEN *linked_token = tokeninfo;
++            TOKEN_LINKED_TOKEN *linked_token = info;
 +            req->handle = wine_server_obj_handle( token );
 +            status = wine_server_call( req );
 +            if (status == STATUS_SUCCESS)
@@ -50,9 +58,10 @@ index 6f2b24e6ba4..99dba58b426 100644
 +        }
 +        SERVER_END_REQ;
 +        break;
++
      case TokenElevation:
          SERVER_START_REQ( get_token_elevation_type )
          {
 -- 
-2.13.1
+2.27.0
 

patches/advapi32-Token_Integrity_Level/XX10-server-Implement-support-for-creating-processes-usin.patch

@@ -1,4 +1,4 @@
-From 51830c6683b199e79cb9e782ee51555054a4da7c Mon Sep 17 00:00:00 2001
+From 9c61f6acfa2c43e43f07fae1a5cd447573b9529b Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
 Date: Sun, 6 Aug 2017 02:08:05 +0200
 Subject: [PATCH] server: Implement support for creating processes using a
@@ -6,20 +6,20 @@ Subject: [PATCH] server: Implement support for creating processes using a
 
 ---
  dlls/kernelbase/process.c | 24 +++++++++++++-----------
- dlls/ntdll/process.c      |  3 ++-
+ dlls/ntdll/unix/process.c |  1 +
  server/process.c          | 39 +++++++++++++++++++++++++++++++++++----
  server/process.h          |  2 +-
  server/protocol.def       |  1 +
  server/request.c          |  2 +-
  server/security.h         |  2 ++
  server/token.c            | 11 +++++++++++
- 8 files changed, 66 insertions(+), 18 deletions(-)
+ 8 files changed, 65 insertions(+), 17 deletions(-)
 
 diff --git a/dlls/kernelbase/process.c b/dlls/kernelbase/process.c
-index a07dddb1f..99985ab89 100644
+index a3b168543fc..b5c8b47239d 100644
 --- a/dlls/kernelbase/process.c
 +++ b/dlls/kernelbase/process.c
-@@ -242,7 +242,7 @@ static RTL_USER_PROCESS_PARAMETERS *create_process_params( const WCHAR *filename
+@@ -244,7 +244,7 @@ static RTL_USER_PROCESS_PARAMETERS *create_process_params( const WCHAR *filename
  /***********************************************************************
   *           create_nt_process
   */
@@ -28,7 +28,7 @@ index a07dddb1f..99985ab89 100644
                                     BOOL inherit, DWORD flags, RTL_USER_PROCESS_PARAMETERS *params,
                                     RTL_USER_PROCESS_INFORMATION *info, HANDLE parent )
  {
-@@ -257,7 +257,7 @@ static NTSTATUS create_nt_process( SECURITY_ATTRIBUTES *psa, SECURITY_ATTRIBUTES
+@@ -259,7 +259,7 @@ static NTSTATUS create_nt_process( SECURITY_ATTRIBUTES *psa, SECURITY_ATTRIBUTES
          status = RtlCreateUserProcess( &nameW, OBJ_CASE_INSENSITIVE, params,
                                         psa ? psa->lpSecurityDescriptor : NULL,
                                         tsa ? tsa->lpSecurityDescriptor : NULL,
@@ -37,7 +37,7 @@ index a07dddb1f..99985ab89 100644
          RtlFreeUnicodeString( &nameW );
      }
      return status;
-@@ -267,7 +267,7 @@ static NTSTATUS create_nt_process( SECURITY_ATTRIBUTES *psa, SECURITY_ATTRIBUTES
+@@ -269,7 +269,7 @@ static NTSTATUS create_nt_process( SECURITY_ATTRIBUTES *psa, SECURITY_ATTRIBUTES
  /***********************************************************************
   *           create_vdm_process
   */
@@ -46,7 +46,7 @@ index a07dddb1f..99985ab89 100644
                                      BOOL inherit, DWORD flags, RTL_USER_PROCESS_PARAMETERS *params,
                                      RTL_USER_PROCESS_INFORMATION *info )
  {
-@@ -288,7 +288,7 @@ static NTSTATUS create_vdm_process( SECURITY_ATTRIBUTES *psa, SECURITY_ATTRIBUTE
+@@ -290,7 +290,7 @@ static NTSTATUS create_vdm_process( SECURITY_ATTRIBUTES *psa, SECURITY_ATTRIBUTE
                winevdm, params->ImagePathName.Buffer, params->CommandLine.Buffer );
      RtlInitUnicodeString( &params->ImagePathName, winevdm );
      RtlInitUnicodeString( &params->CommandLine, newcmdline );
@@ -55,7 +55,7 @@ index a07dddb1f..99985ab89 100644
      HeapFree( GetProcessHeap(), 0, newcmdline );
      return status;
  }
-@@ -297,7 +297,7 @@ static NTSTATUS create_vdm_process( SECURITY_ATTRIBUTES *psa, SECURITY_ATTRIBUTE
+@@ -299,7 +299,7 @@ static NTSTATUS create_vdm_process( SECURITY_ATTRIBUTES *psa, SECURITY_ATTRIBUTE
  /***********************************************************************
   *           create_cmd_process
   */
@@ -64,7 +64,7 @@ index a07dddb1f..99985ab89 100644
                                      BOOL inherit, DWORD flags, RTL_USER_PROCESS_PARAMETERS *params,
                                      RTL_USER_PROCESS_INFORMATION *info )
  {
-@@ -316,7 +316,7 @@ static NTSTATUS create_cmd_process( SECURITY_ATTRIBUTES *psa, SECURITY_ATTRIBUTE
+@@ -318,7 +318,7 @@ static NTSTATUS create_cmd_process( SECURITY_ATTRIBUTES *psa, SECURITY_ATTRIBUTE
      swprintf( newcmdline, len, L"%s /s/c \"%s\"", comspec, params->CommandLine.Buffer );
      RtlInitUnicodeString( &params->ImagePathName, comspec );
      RtlInitUnicodeString( &params->CommandLine, newcmdline );
@@ -73,7 +73,7 @@ index a07dddb1f..99985ab89 100644
      RtlFreeHeap( GetProcessHeap(), 0, newcmdline );
      return status;
  }
-@@ -448,7 +448,9 @@ BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessInternalW( HANDLE token, const WCHAR
+@@ -450,7 +450,9 @@ BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessInternalW( HANDLE token, const WCHAR
  
      TRACE( "app %s cmdline %s\n", debugstr_w(app_name), debugstr_w(cmd_line) );
  
@@ -84,7 +84,7 @@ index a07dddb1f..99985ab89 100644
      if (new_token) FIXME( "No support for returning created process token\n" );
  
      if (app_name)
-@@ -521,7 +523,7 @@ BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessInternalW( HANDLE token, const WCHAR
+@@ -523,7 +525,7 @@ BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessInternalW( HANDLE token, const WCHAR
          }
      }
  
@@ -93,7 +93,7 @@ index a07dddb1f..99985ab89 100644
      switch (status)
      {
      case STATUS_SUCCESS:
-@@ -530,7 +532,7 @@ BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessInternalW( HANDLE token, const WCHAR
+@@ -532,7 +534,7 @@ BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessInternalW( HANDLE token, const WCHAR
      case STATUS_INVALID_IMAGE_NE_FORMAT:
      case STATUS_INVALID_IMAGE_PROTECT:
          TRACE( "starting %s as Win16/DOS binary\n", debugstr_w(app_name) );
@@ -102,7 +102,7 @@ index a07dddb1f..99985ab89 100644
          break;
      case STATUS_INVALID_IMAGE_NOT_MZ:
          /* check for .com or .bat extension */
-@@ -538,12 +540,12 @@ BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessInternalW( HANDLE token, const WCHAR
+@@ -540,12 +542,12 @@ BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessInternalW( HANDLE token, const WCHAR
          if (!wcsicmp( p, L".com" ) || !wcsicmp( p, L".pif" ))
          {
              TRACE( "starting %s as DOS binary\n", debugstr_w(app_name) );
@@ -117,21 +117,12 @@ index a07dddb1f..99985ab89 100644
          }
          break;
      }
-diff --git a/dlls/ntdll/process.c b/dlls/ntdll/process.c
-index f3d9079f8..2fa553091 100644
---- a/dlls/ntdll/process.c
-+++ b/dlls/ntdll/process.c
-@@ -1667,7 +1667,7 @@ NTSTATUS WINAPI RtlCreateUserProcess( UNICODE_STRING *path, ULONG attributes,
-                                       RTL_USER_PROCESS_PARAMETERS *params,
-                                       SECURITY_DESCRIPTOR *process_descr,
-                                       SECURITY_DESCRIPTOR *thread_descr,
--                                      HANDLE parent, BOOLEAN inherit, HANDLE debug, HANDLE exception,
-+                                      HANDLE parent, BOOLEAN inherit, HANDLE debug, HANDLE token,
-                                       RTL_USER_PROCESS_INFORMATION *info )
- {
-     NTSTATUS status;
-@@ -1735,6 +1735,7 @@ NTSTATUS WINAPI RtlCreateUserProcess( UNICODE_STRING *path, ULONG attributes,
-         req->access         = PROCESS_ALL_ACCESS;
+diff --git a/dlls/ntdll/unix/process.c b/dlls/ntdll/unix/process.c
+index cca6c2747bf..379a0036b63 100644
+--- a/dlls/ntdll/unix/process.c
++++ b/dlls/ntdll/unix/process.c
+@@ -827,6 +827,7 @@ NTSTATUS WINAPI NtCreateUserProcess( HANDLE *process_handle_ptr, HANDLE *thread_
+         req->access         = process_access;
          req->cpu            = pe_info.cpu;
          req->info_size      = startup_info_size;
 +        req->token          = wine_server_obj_handle( token );
@@ -139,10 +130,10 @@ index f3d9079f8..2fa553091 100644
          wine_server_add_data( req, startup_info, startup_info_size );
          wine_server_add_data( req, params->Environment, env_size );
 diff --git a/server/process.c b/server/process.c
-index d6f71a774..aa66814d8 100644
+index 52604ec4d61..047916ffd09 100644
 --- a/server/process.c
 +++ b/server/process.c
-@@ -491,7 +491,7 @@ static void start_sigkill_timer( struct process *process )
+@@ -499,7 +499,7 @@ static void start_sigkill_timer( struct process *process )
  /* create a new process */
  /* if the function fails the fd is closed */
  struct process *create_process( int fd, struct process *parent, int inherit_all,
@@ -151,7 +142,7 @@ index d6f71a774..aa66814d8 100644
  {
      struct process *process;
  
-@@ -568,7 +568,7 @@ struct process *create_process( int fd, struct process *parent, int inherit_all,
+@@ -576,7 +576,7 @@ struct process *create_process( int fd, struct process *parent, int inherit_all,
                                         : alloc_handle_table( process, 0 );
          /* Note: for security reasons, starting a new process does not attempt
           * to use the current impersonation token for the new process */
@@ -160,7 +151,7 @@ index d6f71a774..aa66814d8 100644
          process->affinity = parent->affinity;
      }
      if (!process->handles || !process->token) goto error;
-@@ -1124,6 +1124,7 @@ DECL_HANDLER(new_process)
+@@ -1132,6 +1132,7 @@ DECL_HANDLER(new_process)
      const struct security_descriptor *sd;
      const struct object_attributes *objattr = get_req_object_attributes( &sd, &name, NULL );
      struct process *process = NULL;
@@ -168,7 +159,7 @@ index d6f71a774..aa66814d8 100644
      struct process *parent;
      struct thread *parent_thread = current;
      int socket_fd = thread_get_inflight_fd( current, req->socket_fd );
-@@ -1177,10 +1178,39 @@ DECL_HANDLER(new_process)
+@@ -1185,10 +1186,39 @@ DECL_HANDLER(new_process)
          return;
      }
  
@@ -208,7 +199,7 @@ index d6f71a774..aa66814d8 100644
          release_object( parent );
          return;
      }
-@@ -1228,7 +1258,7 @@ DECL_HANDLER(new_process)
+@@ -1236,7 +1266,7 @@ DECL_HANDLER(new_process)
  #undef FIXUP_LEN
      }
  
@@ -217,7 +208,7 @@ index d6f71a774..aa66814d8 100644
  
      process->startup_info = (struct startup_info *)grab_object( info );
  
-@@ -1289,6 +1319,7 @@ DECL_HANDLER(new_process)
+@@ -1297,6 +1327,7 @@ DECL_HANDLER(new_process)
      reply->handle = alloc_handle_no_access_check( current->process, process, req->access, objattr->attributes );
  
   done:
@@ -225,7 +216,7 @@ index d6f71a774..aa66814d8 100644
      if (process) release_object( process );
      release_object( parent );
      release_object( info );
-@@ -1322,7 +1353,7 @@ DECL_HANDLER(exec_process)
+@@ -1330,7 +1361,7 @@ DECL_HANDLER(exec_process)
          close( socket_fd );
          return;
      }
@@ -235,7 +226,7 @@ index d6f71a774..aa66814d8 100644
      release_object( process );
  }
 diff --git a/server/process.h b/server/process.h
-index dfe5c4e52..61b83abf6 100644
+index dfe5c4e52d8..61b83abf693 100644
 --- a/server/process.h
 +++ b/server/process.h
 @@ -118,7 +118,7 @@ extern unsigned int alloc_ptid( void *ptr );
@@ -248,10 +239,10 @@ index dfe5c4e52..61b83abf6 100644
  extern struct thread *get_process_first_thread( struct process *process );
  extern struct process *get_process_from_id( process_id_t id );
 diff --git a/server/protocol.def b/server/protocol.def
-index 45ab670ea..c763da4ca 100644
+index 901c380b721..8c86967609f 100644
 --- a/server/protocol.def
 +++ b/server/protocol.def
-@@ -791,6 +791,7 @@ struct rawinput_device
+@@ -801,6 +801,7 @@ struct rawinput_device
      unsigned int access;         /* access rights for process object */
      client_cpu_t cpu;            /* CPU that the new process will use */
      data_size_t  info_size;      /* size of startup info */
@@ -260,7 +251,7 @@ index 45ab670ea..c763da4ca 100644
      VARARG(info,startup_info,info_size); /* startup information */
      VARARG(env,unicode_str);     /* environment for new process */
 diff --git a/server/request.c b/server/request.c
-index 200c2697d..f743b720a 100644
+index 4c1f30a5fe7..321bb6cfa81 100644
 --- a/server/request.c
 +++ b/server/request.c
 @@ -582,7 +582,7 @@ static void master_socket_poll_event( struct fd *fd, int event )
@@ -273,7 +264,7 @@ index 200c2697d..f743b720a 100644
              create_thread( -1, process, NULL );
              release_object( process );
 diff --git a/server/security.h b/server/security.h
-index 21e90ccf2..32dfe5f8d 100644
+index 21e90ccf23f..32dfe5f8db9 100644
 --- a/server/security.h
 +++ b/server/security.h
 @@ -67,6 +67,8 @@ extern const ACL *token_get_default_dacl( struct token *token );
@@ -286,10 +277,10 @@ index 21e90ccf2..32dfe5f8d 100644
  static inline const ACE_HEADER *ace_next( const ACE_HEADER *ace )
  {
 diff --git a/server/token.c b/server/token.c
-index 181219d21..858ec25d7 100644
+index 1c1d49989b3..2f466aa1b25 100644
 --- a/server/token.c
 +++ b/server/token.c
-@@ -845,6 +845,12 @@ int token_assign_label( struct token *token, PSID label )
+@@ -843,6 +843,12 @@ int token_assign_label( struct token *token, PSID label )
      return ret;
  }
  
@@ -302,7 +293,7 @@ index 181219d21..858ec25d7 100644
  struct token *token_create_admin( void )
  {
      struct token *token = NULL;
-@@ -1271,6 +1277,11 @@ const SID *token_get_primary_group( struct token *token )
+@@ -1269,6 +1275,11 @@ const SID *token_get_primary_group( struct token *token )
      return token->primary_group;
  }
  
@@ -315,5 +306,5 @@ index 181219d21..858ec25d7 100644
  {
      GENERIC_MAPPING mapping;
 -- 
-2.24.0
+2.27.0
 

patches/advapi32-Token_Integrity_Level/XX13-server-Correctly-assign-security-labels-for-tokens.patch

@@ -1,20 +1,21 @@
-From 6d8fd34cabbcbc64062675be610fb8704fcdc3ec Mon Sep 17 00:00:00 2001
+From a8915b8ebd4c06b0216fc82d1ba8d958a677eccf Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
 Date: Mon, 7 Aug 2017 03:33:26 +0200
 Subject: [PATCH] server: Correctly assign security labels for tokens.
 
 ---
- dlls/advapi32/tests/security.c | 21 ++++++++++-----------
- server/process.c               |  8 +-------
+ dlls/advapi32/tests/security.c | 21 +++++++++--------
+ server/named_pipe.c            |  2 +-
+ server/process.c               |  8 +------
  server/security.h              |  2 +-
- server/token.c                 | 41 ++++++++++++++++++++++++-----------------
- 4 files changed, 36 insertions(+), 36 deletions(-)
+ server/token.c                 | 41 ++++++++++++++++++++--------------
+ 5 files changed, 37 insertions(+), 37 deletions(-)
 
 diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
-index bf4161c..0610ec7 100644
+index 94f3ea4601a..ab572421a73 100644
 --- a/dlls/advapi32/tests/security.c
 +++ b/dlls/advapi32/tests/security.c
-@@ -7186,7 +7186,6 @@ static void test_token_security_descriptor(void)
+@@ -7105,7 +7105,6 @@ static void test_token_security_descriptor(void)
      defaulted = TRUE;
      ret = GetSecurityDescriptorDacl(sd2, &present, &acl2, &defaulted);
      ok(ret, "GetSecurityDescriptorDacl failed with error %u\n", GetLastError());
@@ -22,7 +23,7 @@ index bf4161c..0610ec7 100644
      ok(present, "DACL not present\n");
  
      if (present)
-@@ -7307,7 +7306,7 @@ static void test_token_security_descriptor(void)
+@@ -7226,7 +7225,7 @@ static void test_token_security_descriptor(void)
                  ok(ret, "GetAce failed with error %u\n", GetLastError());
                  ok(ace->Header.AceType == SYSTEM_MANDATORY_LABEL_ACE_TYPE,
                     "Unexpected ACE type %#x\n", ace->Header.AceType);
@@ -31,7 +32,7 @@ index bf4161c..0610ec7 100644
                     "Expected medium integrity level\n");
              }
  
-@@ -7360,8 +7359,8 @@ static void test_token_security_descriptor(void)
+@@ -7279,8 +7278,8 @@ static void test_token_security_descriptor(void)
              sacl = NULL;
              ret = GetSecurityDescriptorSacl(sd3, &present, &sacl, &defaulted);
              ok(ret, "GetSecurityDescriptorSacl failed with error %u\n", GetLastError());
@@ -42,7 +43,7 @@ index bf4161c..0610ec7 100644
  
              if (sacl)
              {
-@@ -7410,8 +7409,8 @@ static void test_token_security_descriptor(void)
+@@ -7329,8 +7328,8 @@ static void test_token_security_descriptor(void)
              sacl = NULL;
              ret = GetSecurityDescriptorSacl(sd3, &present, &sacl, &defaulted);
              ok(ret, "GetSecurityDescriptorSacl failed with error %u\n", GetLastError());
@@ -53,7 +54,7 @@ index bf4161c..0610ec7 100644
  
              if (sacl)
              {
-@@ -7475,8 +7474,8 @@ static void test_token_security_descriptor(void)
+@@ -7394,8 +7393,8 @@ static void test_token_security_descriptor(void)
  
          ret = GetSecurityDescriptorSacl(sd3, &present, &sacl, &defaulted);
          ok(ret, "GetSecurityDescriptorSacl failed with error %u\n", GetLastError());
@@ -64,7 +65,7 @@ index bf4161c..0610ec7 100644
  
          if (sacl)
          {
-@@ -7513,8 +7512,8 @@ static void test_token_security_descriptor(void)
+@@ -7432,8 +7431,8 @@ static void test_token_security_descriptor(void)
          sacl = NULL;
          ret = GetSecurityDescriptorSacl(sd3, &present, &sacl, &defaulted);
          ok(ret, "GetSecurityDescriptorSacl failed with error %u\n", GetLastError());
@@ -75,7 +76,7 @@ index bf4161c..0610ec7 100644
  
          if (sacl)
          {
-@@ -7732,7 +7731,7 @@ static void test_child_token_sd_medium(void)
+@@ -7652,7 +7651,7 @@ static void test_child_token_sd_medium(void)
      ok(ret, "GetAce failed with error %u\n", GetLastError());
      ok(ace_label->Header.AceType == SYSTEM_MANDATORY_LABEL_ACE_TYPE,
         "Unexpected ACE type %#x\n", ace_label->Header.AceType);
@@ -84,11 +85,24 @@ index bf4161c..0610ec7 100644
         "Expected medium integrity level\n");
  
      memset(buffer_integrity, 0, sizeof(buffer_integrity));
+diff --git a/server/named_pipe.c b/server/named_pipe.c
+index 4cd4d7dc4a8..06bf8402aea 100644
+--- a/server/named_pipe.c
++++ b/server/named_pipe.c
+@@ -1142,7 +1142,7 @@ static int pipe_server_ioctl( struct fd *fd, ioctl_code_t code, struct async *as
+         if (current->process->token) /* FIXME: use the client token */
+         {
+             struct token *token;
+-            if (!(token = token_duplicate( current->process->token, 0, SecurityImpersonation, NULL, NULL, 0, NULL, 0 )))
++            if (!(token = token_duplicate( current->process->token, 0, SecurityImpersonation, NULL, NULL, 0, NULL, 0, NULL )))
+                 return 0;
+             if (current->token) release_object( current->token );
+             current->token = token;
 diff --git a/server/process.c b/server/process.c
-index b7c9da3..250f777 100644
+index 31d5b96a25d..2c485831e33 100644
 --- a/server/process.c
 +++ b/server/process.c
-@@ -562,17 +562,11 @@ struct process *create_process( int fd, struct thread *parent_thread, int inheri
+@@ -577,17 +577,11 @@ struct process *create_process( int fd, struct process *parent, int inherit_all,
                                         : alloc_handle_table( process, 0 );
          /* Note: for security reasons, starting a new process does not attempt
           * to use the current impersonation token for the new process */
@@ -108,7 +122,7 @@ index b7c9da3..250f777 100644
      return process;
  
 diff --git a/server/security.h b/server/security.h
-index 32dfe5f..87377cc 100644
+index 32dfe5f8db9..87377ccd673 100644
 --- a/server/security.h
 +++ b/server/security.h
 @@ -59,7 +59,7 @@ extern int token_assign_label( struct token *token, PSID label );
@@ -121,10 +135,10 @@ index 32dfe5f..87377cc 100644
                                     const LUID_AND_ATTRIBUTES *reqprivs,
                                     unsigned int count, LUID_AND_ATTRIBUTES *usedprivs);
 diff --git a/server/token.c b/server/token.c
-index 5db97b4..bd251c7 100644
+index 2f466aa1b25..23bc1cc13f7 100644
 --- a/server/token.c
 +++ b/server/token.c
-@@ -668,7 +668,7 @@ static int filter_privilege( struct privilege *privilege, const LUID_AND_ATTRIBU
+@@ -675,7 +675,7 @@ static int filter_privilege( struct privilege *privilege, const LUID_AND_ATTRIBU
  struct token *token_duplicate( struct token *src_token, unsigned primary,
                                 int impersonation_level, const struct security_descriptor *sd,
                                 const LUID_AND_ATTRIBUTES *filter_privileges, unsigned int priv_count,
@@ -133,7 +147,7 @@ index 5db97b4..bd251c7 100644
  {
      const luid_t *modified_id =
          primary || (impersonation_level == src_token->impersonation_level) ?
-@@ -735,6 +735,12 @@ struct token *token_duplicate( struct token *src_token, unsigned primary,
+@@ -742,6 +742,12 @@ struct token *token_duplicate( struct token *src_token, unsigned primary,
      if (sd) default_set_sd( &token->obj, sd, OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
                              DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION );
  
@@ -146,7 +160,7 @@ index 5db97b4..bd251c7 100644
      return token;
  }
  
-@@ -906,6 +912,12 @@ struct token *token_create_admin( void )
+@@ -913,6 +919,12 @@ struct token *token_create_admin( void )
                                admin_source, NULL, -1, TokenElevationTypeFull, &high_label_sid );
          /* we really need a primary group */
          assert( token->primary_group );
@@ -159,7 +173,7 @@ index 5db97b4..bd251c7 100644
      }
  
      free( logon_sid );
-@@ -964,6 +976,12 @@ static struct token *token_create_limited( void )
+@@ -971,6 +983,12 @@ static struct token *token_create_limited( void )
                                admin_source, NULL, -1, TokenElevationTypeLimited, &medium_label_sid );
          /* we really need a primary group */
          assert( token->primary_group );
@@ -172,7 +186,7 @@ index 5db97b4..bd251c7 100644
      }
  
      free( logon_sid );
-@@ -1432,7 +1450,8 @@ DECL_HANDLER(duplicate_token)
+@@ -1439,7 +1457,8 @@ DECL_HANDLER(duplicate_token)
                                                       TOKEN_DUPLICATE,
                                                       &token_ops )))
      {
@@ -182,7 +196,7 @@ index 5db97b4..bd251c7 100644
          if (token)
          {
              unsigned int access = req->access ? req->access : get_handle_access( current->process, req->handle );
-@@ -1462,7 +1481,7 @@ DECL_HANDLER(filter_token)
+@@ -1469,7 +1488,7 @@ DECL_HANDLER(filter_token)
          group_count = get_sid_count( filter_groups, get_req_data_size() - priv_count * sizeof(LUID_AND_ATTRIBUTES) );
  
          token = token_duplicate( src_token, src_token->primary, src_token->impersonation_level, NULL,
@@ -191,7 +205,7 @@ index 5db97b4..bd251c7 100644
          if (token)
          {
              unsigned int access = get_handle_access( current->process, req->handle );
-@@ -1788,23 +1807,11 @@ DECL_HANDLER(set_token_default_dacl)
+@@ -1795,23 +1814,11 @@ DECL_HANDLER(set_token_default_dacl)
  DECL_HANDLER(create_token)
  {
      struct token *token;
@@ -218,5 +232,5 @@ index 5db97b4..bd251c7 100644
      }
  }
 -- 
-2.7.4
+2.27.0
 

patches/advapi32-Token_Integrity_Level/definition

@@ -2,3 +2,7 @@ Fixes: [40613] Basic implementation for token integrity levels and UAC handling
 Fixes: [39262] Run explorer.exe as unevaluated process
 Depends: advapi32-CreateRestrictedToken
 Depends: Staging
+# Broken due to ntdll.so <- ntdll.dll imports. This isn't particularly difficult
+# to fix, but it was already broken for some more obscure reason, and the whole
+# patch set needs to be rewritten anyway.
+Disabled: true

patches/bcrypt-ECDHSecretAgreement/0001-bcrypt-Implement-BCryptSecretAgreement-with-libgcryp.patch

@@ -1,4 +1,4 @@
-From 830d2641a7e23474b3ef4ee52e42e6b4f2cd388b Mon Sep 17 00:00:00 2001
+From 2674bbd626b4a9e46e5ab729cb47c81950efefea Mon Sep 17 00:00:00 2001
 From: Derek Lesho <dlesho@codeweavers.com>
 Date: Tue, 7 Jan 2020 14:22:49 -0600
 Subject: [PATCH] bcrypt: Implement BCryptSecretAgreement with libgcrypt.
@@ -7,20 +7,20 @@ Signed-off-by: Derek Lesho <dlesho@codeweavers.com>
 ---
  configure.ac                  |  14 ++
  dlls/bcrypt/Makefile.in       |   1 +
- dlls/bcrypt/bcrypt_internal.h |  13 ++
- dlls/bcrypt/bcrypt_main.c     |  86 +++++++++--
+ dlls/bcrypt/bcrypt_internal.h |   6 +
+ dlls/bcrypt/bcrypt_main.c     |  54 ++++++-
  dlls/bcrypt/gcrypt.c          | 264 ++++++++++++++++++++++++++++++++++
  dlls/bcrypt/gnutls.c          |   9 ++
  dlls/bcrypt/macos.c           |   6 +
  dlls/bcrypt/tests/bcrypt.c    |   2 +-
- 8 files changed, 384 insertions(+), 11 deletions(-)
+ 8 files changed, 350 insertions(+), 6 deletions(-)
  create mode 100644 dlls/bcrypt/gcrypt.c
 
 diff --git a/configure.ac b/configure.ac
-index 47d2b750c01..2dfa2ebcb51 100644
+index 928f8ebd1b1..f9db147e7d5 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -46,6 +46,7 @@ AC_ARG_WITH(faudio,    AS_HELP_STRING([--without-faudio],[do not use FAudio (XAu
+@@ -47,6 +47,7 @@ AC_ARG_WITH(faudio,    AS_HELP_STRING([--without-faudio],[do not use FAudio (XAu
  AC_ARG_WITH(float-abi, AS_HELP_STRING([--with-float-abi=abi],[specify the ABI (soft|softfp|hard) for ARM platforms]))
  AC_ARG_WITH(fontconfig,AS_HELP_STRING([--without-fontconfig],[do not use fontconfig]))
  AC_ARG_WITH(freetype,  AS_HELP_STRING([--without-freetype],[do not use the FreeType library]))
@@ -28,7 +28,7 @@ index 47d2b750c01..2dfa2ebcb51 100644
  AC_ARG_WITH(gettext,   AS_HELP_STRING([--without-gettext],[do not use gettext]))
  AC_ARG_WITH(gettextpo, AS_HELP_STRING([--with-gettextpo],[use the GetTextPO library to rebuild po files]),
              [if test "x$withval" = "xno"; then ac_cv_header_gettext_po_h=no; fi])
-@@ -1989,6 +1990,19 @@ WINE_NOTICE_WITH(vkd3d,[test "x$ac_cv_lib_soname_vkd3d" = "x"],
+@@ -2033,6 +2034,19 @@ WINE_NOTICE_WITH(vkd3d,[test "x$ac_cv_lib_soname_vkd3d" = "x"],
                   [vkd3d ${notice_platform}development files not found (or too old), Direct3D 12 won't be supported.])
  test "x$ac_cv_lib_soname_vkd3d" != "x" || enable_d3d12=${enable_d3d12:-no}
  
@@ -61,7 +61,7 @@ index dd6d4a76640..ea3486a4002 100644
  	macos.c \
  	md2.c \
 diff --git a/dlls/bcrypt/bcrypt_internal.h b/dlls/bcrypt/bcrypt_internal.h
-index 5cc2c249da8..b16dfbdcd2b 100644
+index 43be170d77f..6c93ed78389 100644
 --- a/dlls/bcrypt/bcrypt_internal.h
 +++ b/dlls/bcrypt/bcrypt_internal.h
 @@ -25,6 +25,9 @@
@@ -74,40 +74,28 @@ index 5cc2c249da8..b16dfbdcd2b 100644
  #elif HAVE_COMMONCRYPTO_COMMONCRYPTOR_H
  #include <AvailabilityMacros.h>
  #include <CommonCrypto/CommonCryptor.h>
-@@ -157,6 +160,12 @@ struct algorithm
-     ULONG         flags;
- };
- 
-+struct secret
-+{
+@@ -243,6 +246,8 @@ struct key
+ struct secret
+ {
+     struct object hdr;
 +    UCHAR *data;
 +    ULONG len;
-+};
-+
- #if defined(HAVE_GNUTLS_CIPHER_INIT)
- struct key_symmetric
- {
-@@ -251,6 +260,7 @@ NTSTATUS key_destroy( struct key * ) DECLSPEC_HIDDEN;
- BOOL key_is_symmetric( struct key * ) DECLSPEC_HIDDEN;
+ };
+ 
+ NTSTATUS get_alg_property( const struct algorithm *, const WCHAR *, UCHAR *, ULONG, ULONG * ) DECLSPEC_HIDDEN;
+@@ -264,6 +269,7 @@ NTSTATUS key_export_dsa_capi( struct key *, UCHAR *, ULONG, ULONG * ) DECLSPEC_H
  NTSTATUS key_export_ecc( struct key *, UCHAR *, ULONG, ULONG * ) DECLSPEC_HIDDEN;
+ NTSTATUS key_import_dsa_capi( struct key *, UCHAR *, ULONG ) DECLSPEC_HIDDEN;
  NTSTATUS key_import_ecc( struct key *, UCHAR *, ULONG ) DECLSPEC_HIDDEN;
 +NTSTATUS compute_secret_ecc (struct key *pubkey_in, struct key *privkey_in, struct secret *secret) DECLSPEC_HIDDEN;
  
  BOOL is_zero_vector( const UCHAR *, ULONG ) DECLSPEC_HIDDEN;
  BOOL is_equal_vector( const UCHAR *, ULONG, const UCHAR *, ULONG ) DECLSPEC_HIDDEN;
-@@ -258,4 +268,7 @@ BOOL is_equal_vector( const UCHAR *, ULONG, const UCHAR *, ULONG ) DECLSPEC_HIDD
- BOOL gnutls_initialize(void) DECLSPEC_HIDDEN;
- void gnutls_uninitialize(void) DECLSPEC_HIDDEN;
- 
-+BOOL gcrypt_initialize(void) DECLSPEC_HIDDEN;
-+void gcrypt_uninitialize(void) DECLSPEC_HIDDEN;
-+
- #endif /* __BCRYPT_INTERNAL_H */
 diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
-index c2939ea815a..15b934247d8 100644
+index bea2001a677..65c28ca63e2 100644
 --- a/dlls/bcrypt/bcrypt_main.c
 +++ b/dlls/bcrypt/bcrypt_main.c
-@@ -1349,6 +1349,12 @@ NTSTATUS key_import_ecc( struct key *key, UCHAR *input, ULONG len )
+@@ -1421,6 +1421,12 @@ NTSTATUS key_import_ecc( struct key *key, UCHAR *input, ULONG len )
      ERR( "support for keys not available at build time\n" );
      return STATUS_NOT_IMPLEMENTED;
  }
@@ -120,74 +108,60 @@ index c2939ea815a..15b934247d8 100644
  #endif
  
  NTSTATUS WINAPI BCryptGenerateSymmetricKey( BCRYPT_ALG_HANDLE algorithm, BCRYPT_KEY_HANDLE *handle,
-@@ -1714,27 +1720,81 @@ NTSTATUS WINAPI BCryptDeriveKeyPBKDF2( BCRYPT_ALG_HANDLE handle, UCHAR *pwd, ULO
-     return STATUS_SUCCESS;
- }
- 
--NTSTATUS WINAPI BCryptSecretAgreement(BCRYPT_KEY_HANDLE handle, BCRYPT_KEY_HANDLE key, BCRYPT_SECRET_HANDLE *secret, ULONG flags)
-+NTSTATUS WINAPI BCryptSecretAgreement(BCRYPT_KEY_HANDLE hPrivKey, BCRYPT_KEY_HANDLE hPubKey, BCRYPT_SECRET_HANDLE *secret_out, ULONG flags)
- {
--    FIXME( "%p, %p, %p, %08x\n", handle, key, secret, flags );
-+    struct key *privkey = hPrivKey;
-+    struct key *pubkey = hPubKey;
-+    struct secret *secret;
+@@ -1838,8 +1844,9 @@ NTSTATUS WINAPI BCryptSecretAgreement(BCRYPT_KEY_HANDLE privatekey, BCRYPT_KEY_H
+     struct key *privkey = privatekey;
+     struct key *pubkey = publickey;
+     struct secret *secret;
 +    NTSTATUS status;
  
--    if(secret)
--        *secret = (BCRYPT_SECRET_HANDLE *)0xDEADFEED;
-+    TRACE( "%p, %p, %p, %08x\n", hPrivKey, hPubKey, secret_out, flags );
+-    FIXME( "%p, %p, %p, %08x\n", privatekey, publickey, handle, flags );
++    TRACE( "%p, %p, %p, %08x\n", privatekey, publickey, handle, flags );
  
--    return STATUS_SUCCESS;
-+    secret = heap_alloc( sizeof(*secret) );
-+
-+    if ((status = compute_secret_ecc(privkey, pubkey, secret)))
+     if (!privkey || privkey->hdr.magic != MAGIC_KEY) return STATUS_INVALID_HANDLE;
+     if (!pubkey || pubkey->hdr.magic != MAGIC_KEY) return STATUS_INVALID_HANDLE;
+@@ -1848,7 +1855,16 @@ NTSTATUS WINAPI BCryptSecretAgreement(BCRYPT_KEY_HANDLE privatekey, BCRYPT_KEY_H
+     if (!(secret = heap_alloc_zero( sizeof(*secret) ))) return STATUS_NO_MEMORY;
+     secret->hdr.magic = MAGIC_SECRET;
+ 
+-    *handle = secret;
++    if ((status = compute_secret_ecc( privkey, pubkey, secret )))
 +    {
-+        heap_free(secret);
-+        *secret_out = NULL;
++        heap_free( secret );
++        *handle = NULL;
 +    }
 +    else
 +    {
-+        *secret_out = secret;
++        *handle = secret;
 +    }
-+
-+    return status;
- }
- 
--NTSTATUS WINAPI BCryptDestroySecret(BCRYPT_SECRET_HANDLE secret)
-+NTSTATUS WINAPI BCryptDestroySecret(BCRYPT_SECRET_HANDLE hSecret)
- {
--    FIXME( "%p\n", secret );
-+    struct secret *secret = hSecret;
-+
-+    TRACE( "%p\n", hSecret );
-+
-+    if (!hSecret)
-+    {
-+        return STATUS_INVALID_HANDLE;
-+    }
-+
-+    heap_free(secret->data);
-+    heap_free(secret);
 +
      return STATUS_SUCCESS;
  }
  
--NTSTATUS WINAPI BCryptDeriveKey(BCRYPT_SECRET_HANDLE secret, LPCWSTR kdf, BCryptBufferDesc *parameter,
-+NTSTATUS WINAPI BCryptDeriveKey(BCRYPT_SECRET_HANDLE hSecret, LPCWSTR deriv_func, BCryptBufferDesc *parameter,
-         PUCHAR derived, ULONG derived_size, ULONG *result, ULONG flags)
+@@ -1856,10 +1872,11 @@ NTSTATUS WINAPI BCryptDestroySecret(BCRYPT_SECRET_HANDLE handle)
  {
+     struct secret *secret = handle;
+ 
+-    FIXME( "%p\n", handle );
++    TRACE( "%p\n", handle );
+ 
+     if (!secret || secret->hdr.magic != MAGIC_SECRET) return STATUS_INVALID_HANDLE;
+     secret->hdr.magic = 0;
++    heap_free( secret->data );
+     heap_free( secret );
+     return STATUS_SUCCESS;
+ }
+@@ -1869,12 +1886,33 @@ NTSTATUS WINAPI BCryptDeriveKey(BCRYPT_SECRET_HANDLE handle, LPCWSTR kdf, BCrypt
+ {
+     struct secret *secret = handle;
+ 
 -    FIXME( "%p, %s, %p, %p, %d, %p, %08x\n", secret, debugstr_w(kdf), parameter, derived, derived_size, result, flags );
++    TRACE( "%p, %s, %p, %p, %d, %p, %08x\n", secret, debugstr_w(kdf), parameter, derived, derived_size, result, flags );
+ 
+     if (!secret || secret->hdr.magic != MAGIC_SECRET) return STATUS_INVALID_HANDLE;
+     if (!kdf) return STATUS_INVALID_PARAMETER;
+ 
 -    return STATUS_INTERNAL_ERROR;
-+    struct secret *secret = hSecret;
-+
-+    TRACE( "%p, %s, %p, %p, %d, %p, %08x\n", secret, debugstr_w(deriv_func), parameter, derived, derived_size, result, flags );
-+
-+    if (!hSecret)
-+    {
-+        return STATUS_INVALID_HANDLE;
-+    }
-+
-+    if (!(strcmpW(deriv_func, BCRYPT_KDF_RAW_SECRET)))
++    if (!(strcmpW( kdf, BCRYPT_KDF_RAW_SECRET )))
 +    {
 +        ULONG n;
 +        ULONG secret_length = secret->len;
@@ -207,12 +181,12 @@ index c2939ea815a..15b934247d8 100644
 +        *result = n;
 +        return STATUS_SUCCESS;
 +    }
-+    FIXME( "Derivation function %s not supported.\n", debugstr_w(deriv_func) );
++    FIXME( "Derivation function %s not supported.\n", debugstr_w(kdf) );
 +    return STATUS_NOT_IMPLEMENTED;
  }
  
  BOOL WINAPI DllMain( HINSTANCE hinst, DWORD reason, LPVOID reserved )
-@@ -1746,6 +1806,9 @@ BOOL WINAPI DllMain( HINSTANCE hinst, DWORD reason, LPVOID reserved )
+@@ -1886,6 +1924,9 @@ BOOL WINAPI DllMain( HINSTANCE hinst, DWORD reason, LPVOID reserved )
          DisableThreadLibraryCalls( hinst );
  #ifdef HAVE_GNUTLS_CIPHER_INIT
          gnutls_initialize();
@@ -222,7 +196,7 @@ index c2939ea815a..15b934247d8 100644
  #endif
          break;
  
-@@ -1753,6 +1816,9 @@ BOOL WINAPI DllMain( HINSTANCE hinst, DWORD reason, LPVOID reserved )
+@@ -1893,6 +1934,9 @@ BOOL WINAPI DllMain( HINSTANCE hinst, DWORD reason, LPVOID reserved )
          if (reserved) break;
  #ifdef HAVE_GNUTLS_CIPHER_INIT
          gnutls_uninitialize();
@@ -234,7 +208,7 @@ index c2939ea815a..15b934247d8 100644
      }
 diff --git a/dlls/bcrypt/gcrypt.c b/dlls/bcrypt/gcrypt.c
 new file mode 100644
-index 00000000000..d7ed6eeddf3
+index 00000000000..f882d61def8
 --- /dev/null
 +++ b/dlls/bcrypt/gcrypt.c
 @@ -0,0 +1,264 @@
@@ -503,10 +477,10 @@ index 00000000000..d7ed6eeddf3
 +}
 +#endif
 diff --git a/dlls/bcrypt/gnutls.c b/dlls/bcrypt/gnutls.c
-index 1d78b9f4d1f..59c98eed0cc 100644
+index 19a00e2ee25..1e075fe9994 100644
 --- a/dlls/bcrypt/gnutls.c
 +++ b/dlls/bcrypt/gnutls.c
-@@ -1297,4 +1297,13 @@ NTSTATUS key_destroy( struct key *key )
+@@ -1585,4 +1585,13 @@ NTSTATUS key_destroy( struct key *key )
      heap_free( key );
      return STATUS_SUCCESS;
  }
@@ -521,10 +495,10 @@ index 1d78b9f4d1f..59c98eed0cc 100644
 +
  #endif
 diff --git a/dlls/bcrypt/macos.c b/dlls/bcrypt/macos.c
-index 9ff9772c15a..4851603819c 100644
+index 7f902535b8f..6c2a41a0725 100644
 --- a/dlls/bcrypt/macos.c
 +++ b/dlls/bcrypt/macos.c
-@@ -268,4 +268,10 @@ NTSTATUS key_destroy( struct key *key )
+@@ -279,4 +279,10 @@ NTSTATUS key_destroy( struct key *key )
      heap_free( key );
      return STATUS_SUCCESS;
  }
@@ -536,10 +510,10 @@ index 9ff9772c15a..4851603819c 100644
 +}
  #endif
 diff --git a/dlls/bcrypt/tests/bcrypt.c b/dlls/bcrypt/tests/bcrypt.c
-index f7404057fa8..d9509f2c49b 100644
+index eb7a72e0ff4..a351aacf1f5 100644
 --- a/dlls/bcrypt/tests/bcrypt.c
 +++ b/dlls/bcrypt/tests/bcrypt.c
-@@ -2067,7 +2067,7 @@ static void test_ECDH(void)
+@@ -2068,7 +2068,7 @@ static void test_ECDH(void)
          goto raw_secret_end;
      }
  
@@ -549,5 +523,5 @@ index f7404057fa8..d9509f2c49b 100644
      if (status != STATUS_SUCCESS)
      {
 -- 
-2.17.1
+2.27.0
 

patches/bcrypt-ECDHSecretAgreement/0002-bcrypt-Implement-BCRYPT_KDF_HASH.patch

@@ -1,4 +1,4 @@
-From d0c4ac467f5e85e29ae407b29b6a93c85f375fd3 Mon Sep 17 00:00:00 2001
+From d232882c571a14f4da8a134071a2125805ebd41f Mon Sep 17 00:00:00 2001
 From: Derek Lesho <dlesho@codeweavers.com>
 Date: Tue, 7 Jan 2020 14:22:49 -0600
 Subject: [PATCH] bcrypt: Implement BCRYPT_KDF_HASH.
@@ -6,24 +6,22 @@ Subject: [PATCH] bcrypt: Implement BCRYPT_KDF_HASH.
 Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=47699
 Signed-off-by: Derek Lesho <dlesho at codeweavers.com>
 ---
- dlls/bcrypt/bcrypt_main.c  | 110 +++++++++++++++++++++++++++++++++++++
+ dlls/bcrypt/bcrypt_main.c  | 108 ++++++++++++++++++++++++++++++++++++-
  dlls/bcrypt/tests/bcrypt.c |   2 +-
- 2 files changed, 111 insertions(+), 1 deletion(-)
+ 2 files changed, 108 insertions(+), 2 deletions(-)
 
 diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
-index 15b934247d..57d552a4c0 100644
+index 65c28ca63e2..6e7b52e93b0 100644
 --- a/dlls/bcrypt/bcrypt_main.c
 +++ b/dlls/bcrypt/bcrypt_main.c
-@@ -1773,6 +1773,116 @@ NTSTATUS WINAPI BCryptDeriveKey(BCRYPT_SECRET_HANDLE hSecret, LPCWSTR deriv_func
-         return STATUS_INVALID_HANDLE;
-     }
+@@ -1891,7 +1891,113 @@ NTSTATUS WINAPI BCryptDeriveKey(BCRYPT_SECRET_HANDLE handle, LPCWSTR kdf, BCrypt
+     if (!secret || secret->hdr.magic != MAGIC_SECRET) return STATUS_INVALID_HANDLE;
+     if (!kdf) return STATUS_INVALID_PARAMETER;
  
-+    if (flags)
-+    {
-+        FIXME("flags ignored: %08x\n", flags);
-+    }
+-    if (!(strcmpW( kdf, BCRYPT_KDF_RAW_SECRET )))
++    if (flags) FIXME("flags ignored: %08x\n", flags);
 +
-+    if (!(strcmpW(deriv_func, BCRYPT_KDF_HASH)))
++    if (!(strcmpW( kdf, BCRYPT_KDF_HASH )))
 +    {
 +        unsigned int i;
 +        BCryptBuffer *hash_algorithm = NULL;
@@ -127,15 +125,15 @@ index 15b934247d..57d552a4c0 100644
 +
 +        return STATUS_SUCCESS;
 +    }
-+    else
-     if (!(strcmpW(deriv_func, BCRYPT_KDF_RAW_SECRET)))
++    else if (!(strcmpW( kdf, BCRYPT_KDF_RAW_SECRET )))
      {
          ULONG n;
+         ULONG secret_length = secret->len;
 diff --git a/dlls/bcrypt/tests/bcrypt.c b/dlls/bcrypt/tests/bcrypt.c
-index d9509f2c49..edc59a8a97 100644
+index a351aacf1f5..5333b879817 100644
 --- a/dlls/bcrypt/tests/bcrypt.c
 +++ b/dlls/bcrypt/tests/bcrypt.c
-@@ -2084,7 +2084,7 @@ static void test_ECDH(void)
+@@ -2085,7 +2085,7 @@ static void test_ECDH(void)
      raw_secret_end:
  
      status = pBCryptDeriveKey(secret, BCRYPT_KDF_HASH, &hash_params, NULL, 0, &size, 0);
@@ -145,5 +143,5 @@ index d9509f2c49..edc59a8a97 100644
      if (status != STATUS_SUCCESS)
      {
 -- 
-2.24.1
+2.27.0
 

patches/comctl32-Listview_DrawItem/0001-comctl32-Preserve-custom-colors-between-subitems.patch

@@ -1,27 +1,26 @@
-From ddc5f6fd9dde7a5cdde0be59d4a9db9e086400a9 Mon Sep 17 00:00:00 2001
+From 3497a2faa4ebab67b65bcf99d4ed56baa70ddf96 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
 Date: Sat, 12 Jul 2014 23:58:19 +0200
-Subject: comctl32: Preserve custom colors between subitems. (v2)
+Subject: [PATCH] comctl32: Preserve custom colors between subitems. (v2)
 
 ---
- dlls/comctl32/listview.c       | 20 +++++++++-----------
- dlls/comctl32/tests/listview.c | 23 ++++++++++++++++++++---
- 2 files changed, 29 insertions(+), 14 deletions(-)
+ dlls/comctl32/listview.c | 15 +++++++++------
+ 1 file changed, 9 insertions(+), 6 deletions(-)
 
 diff --git a/dlls/comctl32/listview.c b/dlls/comctl32/listview.c
-index 56e2563..a35f5f2 100644
+index dba16d13a4c..35cab333b7b 100644
 --- a/dlls/comctl32/listview.c
 +++ b/dlls/comctl32/listview.c
-@@ -1072,7 +1072,7 @@ static void prepaint_setup (const LISTVIEW_INFO *infoPtr, HDC hdc, NMLVCUSTOMDRA
-     COLORREF backcolor, textcolor;
+@@ -1063,7 +1063,7 @@ static void prepaint_setup (const LISTVIEW_INFO *infoPtr, HDC hdc, const NMLVCUS
+     textcolor = cd->clrText;
  
      /* apparently, for selected items, we have to override the returned values */
 -    if (!SubItem)
 +    if (!SubItem || (infoPtr->dwLvExStyle & LVS_EX_FULLROWSELECT))
      {
-         if (lpnmlvcd->nmcd.uItemState & CDIS_SELECTED)
+         if (cd->nmcd.uItemState & CDIS_SELECTED)
          {
-@@ -4784,6 +4784,7 @@ static BOOL LISTVIEW_DrawItem(LISTVIEW_INFO *infoPtr, HDC hdc, INT nItem, ITERAT
+@@ -4786,6 +4786,7 @@ static BOOL LISTVIEW_DrawItem(LISTVIEW_INFO *infoPtr, HDC hdc, INT nItem, ITERAT
          while (iterator_next(subitems))
          {
              DWORD subitemstage = CDRF_DODEFAULT;
@@ -29,15 +28,9 @@ index 56e2563..a35f5f2 100644
  
              /* We need to query for each subitem, item's data (subitem == 0) is already here at this point */
              if (subitems->nItem)
-@@ -4810,19 +4811,16 @@ static BOOL LISTVIEW_DrawItem(LISTVIEW_INFO *infoPtr, HDC hdc, INT nItem, ITERAT
- 
+@@ -4813,13 +4814,15 @@ static BOOL LISTVIEW_DrawItem(LISTVIEW_INFO *infoPtr, HDC hdc, INT nItem, ITERAT
              if (cdsubitemmode & CDRF_NOTIFYSUBITEMDRAW)
                  subitemstage = notify_customdraw(infoPtr, CDDS_SUBITEM | CDDS_ITEMPREPAINT, &nmlvcd);
--            else
--            {
--                nmlvcd.clrTextBk = infoPtr->clrTextBk;
--                nmlvcd.clrText   = infoPtr->clrText;
--            }
  
 -            if (subitems->nItem == 0 || (cdmode & CDRF_NOTIFYITEMDRAW))
 -                prepaint_setup(infoPtr, hdc, &nmlvcd, FALSE);
@@ -57,5 +50,5 @@ index 56e2563..a35f5f2 100644
              if (subitemstage & CDRF_NOTIFYPOSTPAINT)
                  subitemstage = notify_customdraw(infoPtr, CDDS_SUBITEM | CDDS_ITEMPOSTPAINT, &nmlvcd);
 -- 
-2.9.0
+2.27.0
 

patches/configure-Absolute_RPATH/0001-configure-Also-add-the-absolute-RPATH-when-linking-a.patch

@@ -1,4 +1,4 @@
-From 8a5768bc4dc64dd9a0df5d7b781a569622b8c9b6 Mon Sep 17 00:00:00 2001
+From 38d4fa059ffd4ecba4e7d04e2a5edd2bcff3c7df Mon Sep 17 00:00:00 2001
 From: Sebastian Lackner <sebastian@fds-team.de>
 Date: Wed, 27 Aug 2014 00:31:23 +0200
 Subject: [PATCH] configure: Also add the absolute RPATH when linking against
@@ -9,11 +9,11 @@ Subject: [PATCH] configure: Also add the absolute RPATH when linking against
  1 file changed, 2 insertions(+), 2 deletions(-)
 
 diff --git a/configure.ac b/configure.ac
-index e6acb786a4d..bd3fe968839 100644
+index c88013910af..a7f1866bf0d 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -956,10 +956,10 @@ case $host_os in
-       WINEPRELOADER_LDFLAGS="-static -nostartfiles -nodefaultlibs -Wl,-Ttext=0x7c400000"
+@@ -969,10 +969,10 @@ case $host_os in
+       WINEPRELOADER_LDFLAGS="-static -nostartfiles -nodefaultlibs -Wl,-Ttext=0x7d400000"
  
        WINE_TRY_CFLAGS([-Wl,--rpath,\$ORIGIN/../lib],
 -                      [LDRPATH_INSTALL="-Wl,--rpath,\\\$\$ORIGIN/\`\$(MAKEDEP) -R \${bindir} \${libdir}\`"
@@ -26,5 +26,5 @@ index e6acb786a4d..bd3fe968839 100644
  
        WINE_TRY_CFLAGS([-Wl,--enable-new-dtags],
 -- 
-2.20.1
+2.27.0
 

patches/d3d11-Deferred_Context/0043-d3d11-tests-Add-a-basic-test-for-drawing-with-deferr.patch

@@ -1,4 +1,4 @@
-From c01cbb5811cb9de58a0c3fa7822382f45900b435 Mon Sep 17 00:00:00 2001
+From 929513c89e71d0675dd2c80a29ddf94f2c331dd8 Mon Sep 17 00:00:00 2001
 From: Paul Gofman <gofmanp@gmail.com>
 Date: Fri, 27 Sep 2019 16:26:04 +0300
 Subject: [PATCH] d3d11/tests: Add a basic test for drawing with deferred
@@ -9,10 +9,10 @@ Subject: [PATCH] d3d11/tests: Add a basic test for drawing with deferred
  1 file changed, 81 insertions(+), 19 deletions(-)
 
 diff --git a/dlls/d3d11/tests/d3d11.c b/dlls/d3d11/tests/d3d11.c
-index 7f11a59d0cb..c63bae8bbab 100644
+index 214b9b164988..26c9f8555ff6 100644
 --- a/dlls/d3d11/tests/d3d11.c
 +++ b/dlls/d3d11/tests/d3d11.c
-@@ -1692,10 +1692,11 @@ static void release_test_context_(unsigned int line, struct d3d11_test_context *
+@@ -1691,10 +1691,11 @@ static void release_test_context_(unsigned int line, struct d3d11_test_context *
      ok_(__FILE__, line)(!ref, "Device has %u references left.\n", ref);
  }
  
@@ -27,7 +27,7 @@ index 7f11a59d0cb..c63bae8bbab 100644
  {
      static const D3D11_INPUT_ELEMENT_DESC default_layout_desc[] =
      {
-@@ -1764,14 +1765,14 @@ static void draw_quad_vs_(unsigned int line, struct d3d11_test_context *context,
+@@ -1763,14 +1764,14 @@ static void draw_quad_vs_(unsigned int line, struct d3d11_test_context *context,
      if (!context->vb)
          context->vb = create_buffer(device, D3D11_BIND_VERTEX_BUFFER, sizeof(quad), quad);
  
@@ -47,7 +47,7 @@ index 7f11a59d0cb..c63bae8bbab 100644
  }
  
  #define draw_quad_z(context, z) draw_quad_z_(__LINE__, context, z)
-@@ -1807,19 +1808,27 @@ static void draw_quad_z_(unsigned int line, struct d3d11_test_context *context,
+@@ -1806,19 +1807,27 @@ static void draw_quad_z_(unsigned int line, struct d3d11_test_context *context,
              (ID3D11Resource *)context->vs_cb, 0, NULL, &data, 0, 0);
  
      ID3D11DeviceContext_VSSetConstantBuffers(context->immediate_context, 0, 1, &context->vs_cb);
@@ -81,7 +81,7 @@ index 7f11a59d0cb..c63bae8bbab 100644
  {
      static const DWORD ps_color_code[] =
      {
-@@ -1856,12 +1865,12 @@ static void draw_color_quad_(unsigned int line, struct d3d11_test_context *conte
+@@ -1855,12 +1864,12 @@ static void draw_color_quad_(unsigned int line, struct d3d11_test_context *conte
      if (!context->ps_cb)
          context->ps_cb = create_buffer(device, D3D11_BIND_CONSTANT_BUFFER, sizeof(*color), NULL);
  
@@ -98,7 +98,7 @@ index 7f11a59d0cb..c63bae8bbab 100644
  }
  
  static void test_create_device(void)
-@@ -2088,6 +2097,59 @@ static void test_create_device(void)
+@@ -2087,6 +2096,59 @@ static void test_create_device(void)
      DestroyWindow(window);
  }
  
@@ -158,19 +158,19 @@ index 7f11a59d0cb..c63bae8bbab 100644
  static void test_device_interfaces(const D3D_FEATURE_LEVEL feature_level)
  {
      struct device_desc device_desc;
-@@ -29639,11 +29701,11 @@ START_TEST(d3d11)
+@@ -30114,11 +30176,11 @@ START_TEST(d3d11)
      }
  
      print_adapter_info();
 -
      queue_test(test_create_device);
      queue_for_each_feature_level(test_device_interfaces);
-     queue_test(test_get_immediate_context);
+     queue_test(test_immediate_context);
      queue_test(test_create_deferred_context);
 +    queue_test(test_draw_deferred_context);
      queue_test(test_create_texture1d);
      queue_test(test_texture1d_interfaces);
      queue_test(test_create_texture2d);
 -- 
-2.17.1
+2.26.2