Release v6.11

NOTE: Tests are skipped.

.github/FUNDING.yml

@@ -0,0 +1,13 @@
+# These are supported funding model platforms
+
+#github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
+#patreon: # Replace with a single Patreon username
+#open_collective: # Replace with a single Open Collective username
+#ko_fi: # Replace with a single Ko-fi username
+#tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
+#community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+#liberapay: # Replace with a single Liberapay username
+#issuehunt: # Replace with a single IssueHunt username
+#otechie: # Replace with a single Otechie username
+
+patreon: winestaging

.github/workflows/macOS.yml

@@ -0,0 +1,129 @@
+name: MacOS
+
+on:
+  push:
+  pull_request:
+  workflow_dispatch:
+
+jobs:
+  wine-staging:
+    runs-on:  macos-latest
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Install dependencies
+        run: |
+          brew update
+          brew install --cask xquartz
+          brew install  bison \
+                        faudio \
+                        gphoto2 \
+                        gst-plugins-base \
+                        jxrlib \
+                        little-cms2 \
+                        mingw-w64 \
+                        molten-vk \
+                        mpg123
+
+      - name: Add bison & krb5 to $PATH
+        run: |
+          set -eu
+          echo "$(brew --prefix bison)/bin" >> $GITHUB_PATH
+          echo "$(brew --prefix krb5)/bin" >> $GITHUB_PATH
+
+      - name: Get upstream-commit
+        run: |
+          mkdir $GITHUB_WORKSPACE/wine
+          cd wine
+          git init
+          git fetch git://source.winehq.org/git/wine.git $($GITHUB_WORKSPACE/patches/patchinstall.sh --upstream-commit) --depth=1
+          git checkout $($GITHUB_WORKSPACE/patches/patchinstall.sh --upstream-commit)
+
+      - name: Run patchinstall.sh --all
+        run: |
+          $GITHUB_WORKSPACE/patches/patchinstall.sh DESTDIR=$GITHUB_WORKSPACE/wine --all
+
+      - name: Configure wine64
+        env:
+          LDFLAGS: "-Wl,-rpath,/opt/X11/lib"
+          # Avoid weird linker errors with Xcode 10 and later
+          MACOSX_DEPLOYMENT_TARGET: "10.14"
+        run: |
+          cd $GITHUB_WORKSPACE/wine
+          ./configure   --enable-win64 \
+                        --without-alsa \
+                        --without-capi \
+                        --without-dbus \
+                        --without-inotify \
+                        --without-oss \
+                        --without-pulse \
+                        --without-udev \
+                        --without-v4l2 \
+                        --x-include=/opt/X11/include \
+                        --x-lib=/opt/X11/lib
+
+      - name: Build wine64
+        run: |
+          cd $GITHUB_WORKSPACE/wine
+          make -j$(sysctl -n hw.ncpu 2>/dev/null)
+
+  wine-devel:
+    runs-on:  macos-latest
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Install dependencies
+        run: |
+          brew update
+          brew install --cask xquartz
+          brew install  bison \
+                        faudio \
+                        gphoto2 \
+                        gst-plugins-base \
+                        jxrlib \
+                        little-cms2 \
+                        mingw-w64 \
+                        molten-vk \
+                        mpg123
+
+      - name: Add bison & krb5 to $PATH
+        run: |
+          set -eu
+          echo "$(brew --prefix bison)/bin" >> $GITHUB_PATH
+          echo "$(brew --prefix krb5)/bin" >> $GITHUB_PATH
+
+      - name: Get upstream-commit
+        run: |
+          mkdir $GITHUB_WORKSPACE/wine
+          cd wine
+          git init
+          git fetch git://source.winehq.org/git/wine.git $($GITHUB_WORKSPACE/patches/patchinstall.sh --upstream-commit) --depth=1
+          git checkout $($GITHUB_WORKSPACE/patches/patchinstall.sh --upstream-commit)
+
+      - name: Configure wine64
+        env:
+          LDFLAGS: "-Wl,-rpath,/opt/X11/lib"
+          # Avoid weird linker errors with Xcode 10 and later
+          MACOSX_DEPLOYMENT_TARGET: "10.14"
+        run: |
+          cd $GITHUB_WORKSPACE/wine
+
+          cd $GITHUB_WORKSPACE/wine
+          ./configure   --enable-win64 \
+                        --without-alsa \
+                        --without-capi \
+                        --without-dbus \
+                        --without-inotify \
+                        --without-oss \
+                        --without-pulse \
+                        --without-udev \
+                        --without-v4l2 \
+                        --x-include=/opt/X11/include \
+                        --x-lib=/opt/X11/lib
+
+      - name: Build wine64
+        run: |
+          cd $GITHUB_WORKSPACE/wine
+          make -j$(sysctl -n hw.ncpu 2>/dev/null)

patches/Compiler_Warnings/0033-ntdll-Avoid-implicit-cast-of-interface-pointer.patch

@@ -0,0 +1,34 @@
+From d94124650cd292dfdc364c43f117d35eecce39bf Mon Sep 17 00:00:00 2001
+From: Alistair Leslie-Hughes <leslie_alistair@hotmail.com>
+Date: Tue, 8 Jun 2021 09:10:37 +1000
+Subject: [PATCH] ntdll: Avoid implicit cast of interface pointer.
+
+---
+ dlls/ntdll/unix/virtual.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/dlls/ntdll/unix/virtual.c b/dlls/ntdll/unix/virtual.c
+index b7531c1bdb7..97c5b741776 100644
+--- a/dlls/ntdll/unix/virtual.c
++++ b/dlls/ntdll/unix/virtual.c
+@@ -3162,7 +3162,7 @@ NTSTATUS virtual_clear_tls_index( ULONG index )
+         server_enter_uninterrupted_section( &virtual_mutex, &sigset );
+         LIST_FOR_EACH_ENTRY( thread_data, &teb_list, struct ntdll_thread_data, entry )
+         {
+-            TEB *teb = CONTAINING_RECORD( thread_data, TEB, GdiTebBatch );
++            TEB *teb = CONTAINING_RECORD( (GDI_TEB_BATCH *)thread_data, TEB, GdiTebBatch );
+             teb->TlsSlots[index] = 0;
+         }
+         server_leave_uninterrupted_section( &virtual_mutex, &sigset );
+@@ -3176,7 +3176,7 @@ NTSTATUS virtual_clear_tls_index( ULONG index )
+         server_enter_uninterrupted_section( &virtual_mutex, &sigset );
+         LIST_FOR_EACH_ENTRY( thread_data, &teb_list, struct ntdll_thread_data, entry )
+         {
+-            TEB *teb = CONTAINING_RECORD( thread_data, TEB, GdiTebBatch );
++            TEB *teb = CONTAINING_RECORD( (GDI_TEB_BATCH *)thread_data, TEB, GdiTebBatch );
+             if (teb->TlsExpansionSlots) teb->TlsExpansionSlots[index] = 0;
+         }
+         server_leave_uninterrupted_section( &virtual_mutex, &sigset );
+-- 
+2.30.2
+

patches/Compiler_Warnings/0034-bcrypt-Stop-compile-error-when-HAVE_GNUTLS_CIPHER_IN.patch

@@ -0,0 +1,40 @@
+From 7784b62bd2b64aabd6bfef9ef39ac4f3e8c55c77 Mon Sep 17 00:00:00 2001
+From: Alistair Leslie-Hughes <leslie_alistair@hotmail.com>
+Date: Tue, 8 Jun 2021 08:56:40 +1000
+Subject: [PATCH] bcrypt: Stop compile error when HAVE_GNUTLS_CIPHER_INIT not
+ defined
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+In file included from dlls/bcrypt/gnutls.c:1916:
+include/windef.h:112:24: error: unknown type name ‘va_list’
+  112 | #  define __ms_va_list va_list
+      |                        ^~~~~~~
+include/winbase.h:2076:84: note: in expansion of macro ‘__ms_va_list’
+ 2076 | WINBASEAPI DWORD       WINAPI FormatMessageA(DWORD,LPCVOID,DWORD,DWORD,LPSTR,DWORD,__ms_va_list*);
+
+Signed-off-by: Alistair Leslie-Hughes <leslie_alistair@hotmail.com>
+---
+ dlls/bcrypt/gnutls.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/dlls/bcrypt/gnutls.c b/dlls/bcrypt/gnutls.c
+index 37a80bdc062..64825f5b99b 100644
+--- a/dlls/bcrypt/gnutls.c
++++ b/dlls/bcrypt/gnutls.c
+@@ -25,9 +25,10 @@
+ #include "config.h"
+ #include "wine/port.h"
+ 
++#include <stdarg.h>
++
+ #ifdef HAVE_GNUTLS_CIPHER_INIT
+ 
+-#include <stdarg.h>
+ #include <assert.h>
+ #include <gnutls/gnutls.h>
+ #include <gnutls/crypto.h>
+-- 
+2.30.2
+

patches/Compiler_Warnings/0035-d3d10-Avoid-implicit-cast-of-interface-pointer.patch

@@ -0,0 +1,61 @@
+From 990050ed436283fb820d4fe64b08dda3ac7ea9e2 Mon Sep 17 00:00:00 2001
+From: Alistair Leslie-Hughes <leslie_alistair@hotmail.com>
+Date: Tue, 8 Jun 2021 09:34:28 +1000
+Subject: [PATCH 2/2] d3d10: Avoid implicit cast of interface pointer.
+
+---
+ dlls/d3d10/effect.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/dlls/d3d10/effect.c b/dlls/d3d10/effect.c
+index 86ef50aac01..060fb69ce3e 100644
+--- a/dlls/d3d10/effect.c
++++ b/dlls/d3d10/effect.c
+@@ -126,7 +126,7 @@ static inline struct d3d10_effect_variable *impl_from_ID3D10EffectVariable(ID3D1
+ 
+ static inline struct d3d10_effect_variable *impl_from_ID3D10EffectShaderVariable(ID3D10EffectShaderVariable *iface)
+ {
+-    return CONTAINING_RECORD(iface, struct d3d10_effect_variable, ID3D10EffectVariable_iface);
++    return CONTAINING_RECORD((ID3D10EffectVariable*)iface, struct d3d10_effect_variable, ID3D10EffectVariable_iface);
+ }
+ 
+ struct d3d10_effect_state_property_info
+@@ -4665,7 +4665,7 @@ static void read_variable_array_from_buffer(struct d3d10_effect_variable *variab
+ 
+ static inline struct d3d10_effect_variable *impl_from_ID3D10EffectScalarVariable(ID3D10EffectScalarVariable *iface)
+ {
+-    return CONTAINING_RECORD(iface, struct d3d10_effect_variable, ID3D10EffectVariable_iface);
++    return CONTAINING_RECORD((ID3D10EffectVariable*)iface, struct d3d10_effect_variable, ID3D10EffectVariable_iface);
+ }
+ 
+ static BOOL STDMETHODCALLTYPE d3d10_effect_scalar_variable_IsValid(ID3D10EffectScalarVariable *iface)
+@@ -5001,7 +5001,7 @@ static const struct ID3D10EffectScalarVariableVtbl d3d10_effect_scalar_variable_
+ 
+ static inline struct d3d10_effect_variable *impl_from_ID3D10EffectVectorVariable(ID3D10EffectVectorVariable *iface)
+ {
+-    return CONTAINING_RECORD(iface, struct d3d10_effect_variable, ID3D10EffectVariable_iface);
++    return CONTAINING_RECORD((ID3D10EffectVariable*)iface, struct d3d10_effect_variable, ID3D10EffectVariable_iface);
+ }
+ 
+ static BOOL STDMETHODCALLTYPE d3d10_effect_vector_variable_IsValid(ID3D10EffectVectorVariable *iface)
+@@ -5488,7 +5488,7 @@ static void read_matrix_variable_array_from_buffer(struct d3d10_effect_variable
+ 
+ static inline struct d3d10_effect_variable *impl_from_ID3D10EffectMatrixVariable(ID3D10EffectMatrixVariable *iface)
+ {
+-    return CONTAINING_RECORD(iface, struct d3d10_effect_variable, ID3D10EffectVariable_iface);
++    return CONTAINING_RECORD((ID3D10EffectVariable*)iface, struct d3d10_effect_variable, ID3D10EffectVariable_iface);
+ }
+ 
+ static BOOL STDMETHODCALLTYPE d3d10_effect_matrix_variable_IsValid(ID3D10EffectMatrixVariable *iface)
+@@ -5995,7 +5995,7 @@ static void set_shader_resource_variable(ID3D10ShaderResourceView **src, ID3D10S
+ static inline struct d3d10_effect_variable *impl_from_ID3D10EffectShaderResourceVariable(
+         ID3D10EffectShaderResourceVariable *iface)
+ {
+-    return CONTAINING_RECORD(iface, struct d3d10_effect_variable, ID3D10EffectVariable_iface);
++    return CONTAINING_RECORD((ID3D10EffectVariable*)iface, struct d3d10_effect_variable, ID3D10EffectVariable_iface);
+ }
+ 
+ static BOOL STDMETHODCALLTYPE d3d10_effect_shader_resource_variable_IsValid(ID3D10EffectShaderResourceVariable *iface)
+-- 
+2.30.2
+

patches/Compiler_Warnings/0036-d2d1-Avoid-implicit-cast-of-interface-pointer.patch

@@ -0,0 +1,34 @@
+From dd8e8e98edf2f16a4fd4109cd283cf7949a3cb9b Mon Sep 17 00:00:00 2001
+From: Alistair Leslie-Hughes <leslie_alistair@hotmail.com>
+Date: Tue, 8 Jun 2021 09:39:56 +1000
+Subject: [PATCH] d2d1: Avoid implicit cast of interface pointer.
+
+---
+ dlls/d2d1/geometry.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/dlls/d2d1/geometry.c b/dlls/d2d1/geometry.c
+index eb353669030..3e00edfd1b3 100644
+--- a/dlls/d2d1/geometry.c
++++ b/dlls/d2d1/geometry.c
+@@ -3615,7 +3615,7 @@ void d2d_path_geometry_init(struct d2d_geometry *geometry, ID2D1Factory *factory
+ 
+ static inline struct d2d_geometry *impl_from_ID2D1EllipseGeometry(ID2D1EllipseGeometry *iface)
+ {
+-    return CONTAINING_RECORD(iface, struct d2d_geometry, ID2D1Geometry_iface);
++    return CONTAINING_RECORD((ID2D1Geometry*)iface, struct d2d_geometry, ID2D1Geometry_iface);
+ }
+ 
+ static HRESULT STDMETHODCALLTYPE d2d_ellipse_geometry_QueryInterface(ID2D1EllipseGeometry *iface,
+@@ -4237,7 +4237,7 @@ fail:
+ 
+ static inline struct d2d_geometry *impl_from_ID2D1RoundedRectangleGeometry(ID2D1RoundedRectangleGeometry *iface)
+ {
+-    return CONTAINING_RECORD(iface, struct d2d_geometry, ID2D1Geometry_iface);
++    return CONTAINING_RECORD((ID2D1Geometry*)iface, struct d2d_geometry, ID2D1Geometry_iface);
+ }
+ 
+ static HRESULT STDMETHODCALLTYPE d2d_rounded_rectangle_geometry_QueryInterface(ID2D1RoundedRectangleGeometry *iface,
+-- 
+2.30.2
+

patches/Compiler_Warnings/0037-dxgi-Avoid-implicit-cast-of-interface-pointer.patch

@@ -0,0 +1,25 @@
+From f8ce184f72c416a1ce249afe313b698013e961b3 Mon Sep 17 00:00:00 2001
+From: Alistair Leslie-Hughes <leslie_alistair@hotmail.com>
+Date: Tue, 8 Jun 2021 09:46:25 +1000
+Subject: [PATCH] dxgi: Avoid implicit cast of interface pointer.
+
+---
+ dlls/dxgi/output.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/dlls/dxgi/output.c b/dlls/dxgi/output.c
+index f341388766c..64f87202741 100644
+--- a/dlls/dxgi/output.c
++++ b/dlls/dxgi/output.c
+@@ -711,7 +711,7 @@ struct dxgi_output *unsafe_impl_from_IDXGIOutput(IDXGIOutput *iface)
+     if (!iface)
+         return NULL;
+     assert(iface->lpVtbl == (IDXGIOutputVtbl *)&dxgi_output_vtbl);
+-    return CONTAINING_RECORD(iface, struct dxgi_output, IDXGIOutput6_iface);
++    return CONTAINING_RECORD((IDXGIOutput6*)iface, struct dxgi_output, IDXGIOutput6_iface);
+ }
+ 
+ static void dxgi_output_init(struct dxgi_output *output, unsigned int output_idx,
+-- 
+2.30.2
+

patches/Compiler_Warnings/0038-msctf-Avoid-implicit-cast-of-interface-pointer.patch

@@ -0,0 +1,25 @@
+From 272753daf4f20b7fe3c646eae4fd78f1b254c9a6 Mon Sep 17 00:00:00 2001
+From: Alistair Leslie-Hughes <leslie_alistair@hotmail.com>
+Date: Tue, 8 Jun 2021 09:57:01 +1000
+Subject: [PATCH] msctf: Avoid implicit cast of interface pointer.
+
+---
+ dlls/msctf/range.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/dlls/msctf/range.c b/dlls/msctf/range.c
+index 9690a0a15c4..e15123eeb89 100644
+--- a/dlls/msctf/range.c
++++ b/dlls/msctf/range.c
+@@ -54,7 +54,7 @@ static inline Range *impl_from_ITfRangeACP(ITfRangeACP *iface)
+ 
+ static Range *unsafe_impl_from_ITfRange(ITfRange *iface)
+ {
+-    return CONTAINING_RECORD(iface, Range, ITfRangeACP_iface);
++    return CONTAINING_RECORD((ITfRangeACP*)iface, Range, ITfRangeACP_iface);
+ }
+ 
+ static void Range_Destructor(Range *This)
+-- 
+2.30.2
+

patches/Compiler_Warnings/0039-rpcrt4-Avoid-implicit-cast-of-interface-pointer.patch

@@ -0,0 +1,39 @@
+From f34ee38467781b2f7bae7e7f8a04a4210bf7d046 Mon Sep 17 00:00:00 2001
+From: Alistair Leslie-Hughes <leslie_alistair@hotmail.com>
+Date: Tue, 8 Jun 2021 11:22:48 +1000
+Subject: [PATCH] rpcrt4: Avoid implicit cast of interface pointer.
+
+---
+ dlls/rpcrt4/ndr_marshall.c | 2 +-
+ dlls/rpcrt4/ndr_typelib.c  | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/dlls/rpcrt4/ndr_marshall.c b/dlls/rpcrt4/ndr_marshall.c
+index 764b304a047..58ea128e8a4 100644
+--- a/dlls/rpcrt4/ndr_marshall.c
++++ b/dlls/rpcrt4/ndr_marshall.c
+@@ -6999,7 +6999,7 @@ static unsigned char *WINAPI NdrContextHandleMarshall(
+     }
+     else
+     {
+-        NDR_SCONTEXT ctxt = CONTAINING_RECORD(pMemory, struct _NDR_SCONTEXT, userContext);
++        NDR_SCONTEXT ctxt = CONTAINING_RECORD((void * const*)pMemory, struct _NDR_SCONTEXT, userContext);
+         NDR_RUNDOWN rundown = pStubMsg->StubDesc->apfnNdrRundownRoutines[pFormat[2]];
+         NdrServerContextNewMarshall(pStubMsg, ctxt, rundown, pFormat);
+     }
+diff --git a/dlls/rpcrt4/ndr_typelib.c b/dlls/rpcrt4/ndr_typelib.c
+index f1f25885b75..126e8ec8766 100644
+--- a/dlls/rpcrt4/ndr_typelib.c
++++ b/dlls/rpcrt4/ndr_typelib.c
+@@ -1452,7 +1452,7 @@ struct typelib_stub
+ 
+ static ULONG WINAPI typelib_stub_Release(IRpcStubBuffer *iface)
+ {
+-    struct typelib_stub *stub = CONTAINING_RECORD(iface, struct typelib_stub, stub.stub_buffer);
++    struct typelib_stub *stub = CONTAINING_RECORD((CStdStubBuffer *)iface, struct typelib_stub, stub.stub_buffer);
+     ULONG refcount = InterlockedDecrement(&stub->stub.stub_buffer.RefCount);
+ 
+     TRACE("(%p) decreasing refs to %d\n", stub, refcount);
+-- 
+2.30.2
+

patches/Compiler_Warnings/0040-wbemdisp-Avoid-implicit-cast-of-interface-pointer.patch

@@ -0,0 +1,34 @@
+From 4801b547b70654507cb8a25dcfd1efc862dcf467 Mon Sep 17 00:00:00 2001
+From: Alistair Leslie-Hughes <leslie_alistair@hotmail.com>
+Date: Tue, 8 Jun 2021 11:38:46 +1000
+Subject: [PATCH] wbemdisp: Avoid implicit cast of interface pointer.
+
+---
+ dlls/wbemdisp/locator.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/dlls/wbemdisp/locator.c b/dlls/wbemdisp/locator.c
+index e0a1872d38f..5bb2a187f2c 100644
+--- a/dlls/wbemdisp/locator.c
++++ b/dlls/wbemdisp/locator.c
+@@ -1751,7 +1751,7 @@ static struct object *unsafe_object_impl_from_IDispatch(IDispatch *iface)
+         FIXME( "External implementations are not supported.\n" );
+         return NULL;
+     }
+-    return CONTAINING_RECORD(iface, struct object, ISWbemObject_iface);
++    return CONTAINING_RECORD((ISWbemObject *)iface, struct object, ISWbemObject_iface);
+ }
+ 
+ static HRESULT SWbemObject_create( struct services *services, IWbemClassObject *wbem_object,
+@@ -3587,7 +3587,7 @@ static struct namedvalueset *unsafe_valueset_impl_from_IDispatch(IDispatch *ifac
+         FIXME( "External implementations are not supported.\n" );
+         return NULL;
+     }
+-    return CONTAINING_RECORD(iface, struct namedvalueset, ISWbemNamedValueSet_iface);
++    return CONTAINING_RECORD((ISWbemNamedValueSet*)iface, struct namedvalueset, ISWbemNamedValueSet_iface);
+ }
+ 
+ HRESULT SWbemNamedValueSet_create( void **obj )
+-- 
+2.30.2
+

patches/Staging/0001-kernel32-Add-winediag-message-to-show-warning-that-t.patch

@@ -1,15 +1,15 @@
-From 0cf6433af95363c5fbba2af482b2ba50b863dfb7 Mon Sep 17 00:00:00 2001
+From e51b05c3a9d03e4dd84a107a30841d95f8a519c3 Mon Sep 17 00:00:00 2001
 From: Sebastian Lackner <sebastian@fds-team.de>
 Date: Thu, 2 Oct 2014 19:44:31 +0200
 Subject: [PATCH] ntdll: Print a warning message specifying the wine-staging
  branch name and version.
 
 ---
- dlls/ntdll/loader.c | 15 +++++++++++++++
- 1 file changed, 15 insertions(+)
+ dlls/ntdll/loader.c | 16 ++++++++++++++++
+ 1 file changed, 16 insertions(+)
 
 diff --git a/dlls/ntdll/loader.c b/dlls/ntdll/loader.c
-index 20bc3f977d1..c2187a19397 100644
+index ee453700e51..c2d4b3c2f86 100644
 --- a/dlls/ntdll/loader.c
 +++ b/dlls/ntdll/loader.c
 @@ -44,6 +44,7 @@ WINE_DECLARE_DEBUG_CHANNEL(relay);
@@ -20,15 +20,15 @@ index 20bc3f977d1..c2187a19397 100644
  
  #ifdef _WIN64
  #define DEFAULT_SECURITY_COOKIE_64  (((ULONGLONG)0x00002b99 << 32) | 0x2ddfa232)
-@@ -3456,6 +3457,7 @@ static void process_breakpoint(void)
-     __ENDTRY
+@@ -3307,6 +3308,7 @@ void WINAPI LdrShutdownProcess(void)
+     process_detach();
  }
  
 +extern const char * CDECL wine_get_version(void);
  
  /******************************************************************
-  *		LdrInitializeThunk (NTDLL.@)
-@@ -3465,6 +3467,9 @@ static void process_breakpoint(void)
+  *		RtlExitUserProcess (NTDLL.@)
+@@ -3673,6 +3675,9 @@ static void init_wow64(void)
   */
  void WINAPI LdrInitializeThunk( CONTEXT *context, ULONG_PTR unknown2, ULONG_PTR unknown3, ULONG_PTR unknown4 )
  {
@@ -38,9 +38,9 @@ index 20bc3f977d1..c2187a19397 100644
      static int attach_done;
      int i;
      NTSTATUS status;
-@@ -3483,6 +3488,16 @@ void WINAPI LdrInitializeThunk( CONTEXT *context, ULONG_PTR unknown2, ULONG_PTR
-     entry = (void **)&context->u.s.X0;
- #endif
+@@ -3753,6 +3758,17 @@ void WINAPI LdrInitializeThunk( CONTEXT *context, ULONG_PTR unknown2, ULONG_PTR
+     }
+     else wm = get_modref( NtCurrentTeb()->Peb->ImageBaseAddress );
  
 +    RtlInitUnicodeString( &staging_event_string, L"\\__wine_staging_warn_event" );
 +    InitializeObjectAttributes( &staging_event_attr, &staging_event_string, OBJ_OPENIF, NULL, NULL );
@@ -52,9 +52,10 @@ index 20bc3f977d1..c2187a19397 100644
 +    else
 +        WARN_(winediag)("wine-staging %s is a testing version containing experimental patches.\n", wine_get_version());
 +
-     if (process_detaching) NtTerminateThread( GetCurrentThread(), 0 );
- 
-     RtlEnterCriticalSection( &loader_section );
++
+     RtlAcquirePebLock();
+     InsertHeadList( &tls_links, &NtCurrentTeb()->TlsLinks );
+     RtlReleasePebLock();
 -- 
-2.28.0
+2.30.2
 

patches/Staging/0002-winelib-Append-Staging-at-the-end-of-the-version-s.patch

@@ -1,15 +1,14 @@
-From ce5e1fc75139e4de9d92dfe27b4a513a96da013c Mon Sep 17 00:00:00 2001
+From cfcc687562d4fa68b507cbf2c29722ef523d26aa Mon Sep 17 00:00:00 2001
 From: Sebastian Lackner <sebastian@fds-team.de>
 Date: Thu, 2 Oct 2014 19:53:46 +0200
 Subject: [PATCH] winelib: Append '(Staging)' at the end of the version string.
 
 ---
- Makefile.in            | 2 +-
- dlls/ntdll/Makefile.in | 1 +
- 2 files changed, 2 insertions(+), 1 deletion(-)
+ Makefile.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/Makefile.in b/Makefile.in
-index 307a95b3b1a..61019fed949 100644
+index b52495f741f..d5a8cad20da 100644
 --- a/Makefile.in
 +++ b/Makefile.in
 @@ -116,7 +116,7 @@ install-manpages:: manpages
@@ -21,15 +20,6 @@ index 307a95b3b1a..61019fed949 100644
  
  programs/winetest/build.rc: dummy
  	@build="STRINGTABLE { 1 \"`GIT_DIR=$(srcdir)/.git git rev-parse HEAD 2>/dev/null`\" }" && (echo $$build | cmp -s - $@) || echo $$build >$@ || (rm -f $@ && exit 1)
-diff --git a/dlls/ntdll/Makefile.in b/dlls/ntdll/Makefile.in
-index f39ffb42c6f..67847bb9392 100644
---- a/dlls/ntdll/Makefile.in
-+++ b/dlls/ntdll/Makefile.in
-@@ -79,3 +79,4 @@ unix_loader_EXTRADEFS = \
- 	-DBINDIR=\"${bindir}\" \
- 	-DDLL_TO_BINDIR=\"`${MAKEDEP} -R ${dlldir} ${bindir}`\" \
- 	-DBIN_TO_DATADIR=\"`${MAKEDEP} -R ${bindir} ${datadir}/wine`\"
-+
 -- 
-2.28.0
+2.20.1
 

patches/Staging/definition

@@ -1 +0,0 @@
-#Depends: ntdll-FLS_Callbacks

patches/advapi32-LsaLookupPrivilegeName/0002-advapi32-Use-TRACE-for-LsaOpenPolicy-LsaClose.patch

@@ -1,34 +0,0 @@
-From 1941137bff72a2297812bbd05fb6f6a1578426b0 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
-Date: Sun, 5 Mar 2017 23:05:54 +0100
-Subject: advapi32: Use TRACE for LsaOpenPolicy/LsaClose.
-
----
- dlls/advapi32/lsa.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/dlls/advapi32/lsa.c b/dlls/advapi32/lsa.c
-index e5e3b1649c0..0f2167d19ab 100644
---- a/dlls/advapi32/lsa.c
-+++ b/dlls/advapi32/lsa.c
-@@ -136,7 +136,7 @@ NTSTATUS WINAPI LsaAddAccountRights(
-  */
- NTSTATUS WINAPI LsaClose(IN LSA_HANDLE ObjectHandle)
- {
--    FIXME("(%p) stub\n", ObjectHandle);
-+    TRACE("(%p) semi-stub\n", ObjectHandle);
-     return STATUS_SUCCESS;
- }
- 
-@@ -687,7 +687,7 @@ NTSTATUS WINAPI LsaOpenPolicy(
-     IN ACCESS_MASK DesiredAccess,
-     IN OUT PLSA_HANDLE PolicyHandle)
- {
--    FIXME("(%s,%p,0x%08x,%p) stub\n",
-+    TRACE("(%s,%p,0x%08x,%p) semi-stub\n",
-           SystemName?debugstr_w(SystemName->Buffer):"(null)",
-           ObjectAttributes, DesiredAccess, PolicyHandle);
- 
--- 
-2.11.0
-

patches/advapi32-Token_Integrity_Level/0002-server-Implement-token-elevation-information.patch

@@ -1,137 +0,0 @@
-From d2e98b2054a5af671fd81ded32f2cf60a062312c Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
-Date: Sat, 5 Aug 2017 00:26:03 +0200
-Subject: [PATCH] server: Implement token elevation information.
-
----
- dlls/ntdll/unix/security.c | 16 ++++++++++++----
- server/protocol.def        |  8 ++++++++
- server/token.c             | 22 +++++++++++++++++++---
- 3 files changed, 39 insertions(+), 7 deletions(-)
-
-diff --git a/dlls/ntdll/unix/security.c b/dlls/ntdll/unix/security.c
-index d063d43d6d4..03a81afa46e 100644
---- a/dlls/ntdll/unix/security.c
-+++ b/dlls/ntdll/unix/security.c
-@@ -390,19 +390,27 @@ NTSTATUS WINAPI NtQueryInformationToken( HANDLE token, TOKEN_INFORMATION_CLASS c
-         break;
- 
-     case TokenElevationType:
-+        SERVER_START_REQ( get_token_elevation_type )
-         {
-             TOKEN_ELEVATION_TYPE *type = info;
--            FIXME("QueryInformationToken( ..., TokenElevationType, ...) semi-stub\n");
--            *type = TokenElevationTypeFull;
-+            req->handle = wine_server_obj_handle( token );
-+            status = wine_server_call( req );
-+            if (status == STATUS_SUCCESS)
-+                *type = reply->elevation;
-         }
-+        SERVER_END_REQ;
-         break;
- 
-     case TokenElevation:
-+        SERVER_START_REQ( get_token_elevation_type )
-         {
-             TOKEN_ELEVATION *elevation = info;
--            FIXME("QueryInformationToken( ..., TokenElevation, ...) semi-stub\n");
--            elevation->TokenIsElevated = TRUE;
-+            req->handle = wine_server_obj_handle( token );
-+            status = wine_server_call( req );
-+            if (status == STATUS_SUCCESS)
-+                elevation->TokenIsElevated = (reply->elevation == TokenElevationTypeFull);
-         }
-+        SERVER_END_REQ;
-         break;
- 
-     case TokenSessionId:
-diff --git a/server/protocol.def b/server/protocol.def
-index ee07b1eca14..84f0b577d72 100644
---- a/server/protocol.def
-+++ b/server/protocol.def
-@@ -3566,6 +3566,14 @@ struct handle_info
- @END
- 
- 
-+/* Get elevation level of token */
-+@REQ(get_token_elevation_type)
-+    obj_handle_t   handle;        /* handle to the object */
-+@REPLY
-+    unsigned int   elevation;     /* elevation level */
-+@END
-+
-+
- /* Create I/O completion port */
- @REQ(create_completion)
-     unsigned int access;          /* desired access to a port */
-diff --git a/server/token.c b/server/token.c
-index 38a4c203d54..14343637af5 100644
---- a/server/token.c
-+++ b/server/token.c
-@@ -110,6 +110,7 @@ struct token
-     ACL           *default_dacl;    /* the default DACL to assign to objects created by this user */
-     TOKEN_SOURCE   source;          /* source of the token */
-     int            impersonation_level; /* impersonation level this token is capable of if non-primary token */
-+    TOKEN_ELEVATION_TYPE elevation; /* elevation level */
- };
- 
- struct privilege
-@@ -552,7 +553,7 @@ static struct token *create_token( unsigned primary, const SID *user,
-                                    const LUID_AND_ATTRIBUTES *privs, unsigned int priv_count,
-                                    const ACL *default_dacl, TOKEN_SOURCE source,
-                                    const luid_t *modified_id,
--                                   int impersonation_level )
-+                                   int impersonation_level, TOKEN_ELEVATION_TYPE elevation )
- {
-     struct token *token = alloc_object( &token_ops );
-     if (token)
-@@ -574,6 +575,7 @@ static struct token *create_token( unsigned primary, const SID *user,
-             token->impersonation_level = impersonation_level;
-         token->default_dacl = NULL;
-         token->primary_group = NULL;
-+        token->elevation = elevation;
- 
-         /* copy user */
-         token->user = memdup( user, security_sid_len( user ));
-@@ -689,7 +691,8 @@ struct token *token_duplicate( struct token *src_token, unsigned primary,
-     token = create_token( primary, src_token->user, NULL, 0,
-                           NULL, 0, src_token->default_dacl,
-                           src_token->source, modified_id,
--                          impersonation_level );
-+                          impersonation_level,
-+                          src_token->elevation );
-     if (!token) return token;
- 
-     /* copy groups */
-@@ -895,7 +898,7 @@ struct token *token_create_admin( void )
-         static const TOKEN_SOURCE admin_source = {"SeMgr", {0, 0}};
-         token = create_token( TRUE, user_sid, admin_groups, ARRAY_SIZE( admin_groups ),
-                               admin_privs, ARRAY_SIZE( admin_privs ), default_dacl,
--                              admin_source, NULL, -1 );
-+                              admin_source, NULL, -1, TokenElevationTypeFull );
-         /* we really need a primary group */
-         assert( token->primary_group );
-     }
-@@ -1634,6 +1637,19 @@ DECL_HANDLER(get_token_statistics)
-     }
- }
- 
-+DECL_HANDLER(get_token_elevation_type)
-+{
-+    struct token *token;
-+
-+    if ((token = (struct token *)get_handle_obj( current->process, req->handle,
-+                                                 TOKEN_QUERY,
-+                                                 &token_ops )))
-+    {
-+        reply->elevation = token->elevation;
-+        release_object( token );
-+    }
-+}
-+
- DECL_HANDLER(get_token_default_dacl)
- {
-     struct token *token;
--- 
-2.27.0
-

patches/advapi32-Token_Integrity_Level/0003-server-Correctly-treat-zero-access-mask-in-duplicate.patch

@@ -1,81 +0,0 @@
-From 7e73f449d158f0d6a6b6b421d073dbaf1741e1c7 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
-Date: Mon, 7 Aug 2017 02:22:11 +0200
-Subject: server: Correctly treat zero access mask in duplicate_token
- wineserver call.
-
----
- dlls/advapi32/tests/security.c | 14 +++++++-------
- server/token.c                 |  3 ++-
- 2 files changed, 9 insertions(+), 8 deletions(-)
-
-diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
-index 4a03db27e69..f1a64e29dea 100644
---- a/dlls/advapi32/tests/security.c
-+++ b/dlls/advapi32/tests/security.c
-@@ -7438,7 +7438,7 @@ static void test_token_security_descriptor(void)
-             ret = DuplicateTokenEx(token4, 0, NULL, SecurityImpersonation, TokenImpersonation, &token5);
-             ok(ret, "DuplicateTokenEx failed with error %u\n", GetLastError());
-             ret = SetThreadToken(NULL, token5);
--            todo_wine ok(ret, "SetThreadToken failed with error %u\n", GetLastError());
-+            ok(ret, "SetThreadToken failed with error %u\n", GetLastError());
-             CloseHandle(token4);
- 
-             /* Restrict current process token while impersonating a medium integrity token */
-@@ -7503,16 +7503,16 @@ static void test_token_security_descriptor(void)
- 
-             size = 0;
-             ret = GetKernelObjectSecurity(token6, LABEL_SECURITY_INFORMATION, NULL, 0, &size);
--            todo_wine ok(!ret && GetLastError() == ERROR_INSUFFICIENT_BUFFER,
-+            ok(!ret && GetLastError() == ERROR_INSUFFICIENT_BUFFER,
-                "Unexpected GetKernelObjectSecurity return value %u, error %u\n", ret, GetLastError());
- 
-             sd3 = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, size);
-             ret = GetKernelObjectSecurity(token6, LABEL_SECURITY_INFORMATION, sd3, size, &size);
--            todo_wine ok(ret, "GetKernelObjectSecurity failed with error %u\n", GetLastError());
-+            ok(ret, "GetKernelObjectSecurity failed with error %u\n", GetLastError());
- 
-             sacl = NULL;
-             ret = GetSecurityDescriptorSacl(sd3, &present, &sacl, &defaulted);
--            todo_wine ok(ret, "GetSecurityDescriptorSacl failed with error %u\n", GetLastError());
-+            ok(ret, "GetSecurityDescriptorSacl failed with error %u\n", GetLastError());
-             todo_wine ok(present, "No SACL in the security descriptor\n");
-             todo_wine ok(sacl != NULL, "NULL SACL in the security descriptor\n");
- 
-@@ -7606,16 +7606,16 @@ static void test_token_security_descriptor(void)
- 
-         size = 0;
-         ret = GetKernelObjectSecurity(token4, LABEL_SECURITY_INFORMATION, NULL, 0, &size);
--        todo_wine ok(!ret && GetLastError() == ERROR_INSUFFICIENT_BUFFER,
-+        ok(!ret && GetLastError() == ERROR_INSUFFICIENT_BUFFER,
-            "Unexpected GetKernelObjectSecurity return value %u, error %u\n", ret, GetLastError());
- 
-         sd3 = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, size);
-         ret = GetKernelObjectSecurity(token4, LABEL_SECURITY_INFORMATION, sd3, size, &size);
--        todo_wine ok(ret, "GetKernelObjectSecurity failed with error %u\n", GetLastError());
-+        ok(ret, "GetKernelObjectSecurity failed with error %u\n", GetLastError());
- 
-         sacl = NULL;
-         ret = GetSecurityDescriptorSacl(sd3, &present, &sacl, &defaulted);
--        todo_wine ok(ret, "GetSecurityDescriptorSacl failed with error %u\n", GetLastError());
-+        ok(ret, "GetSecurityDescriptorSacl failed with error %u\n", GetLastError());
-         todo_wine ok(present, "No SACL in the security descriptor\n");
-         todo_wine ok(sacl != NULL, "NULL SACL in the security descriptor\n");
- 
-diff --git a/server/token.c b/server/token.c
-index 6a1085bae12..292e1df80fd 100644
---- a/server/token.c
-+++ b/server/token.c
-@@ -1376,7 +1376,8 @@ DECL_HANDLER(duplicate_token)
-         struct token *token = token_duplicate( src_token, req->primary, req->impersonation_level, sd, NULL, 0, NULL, 0 );
-         if (token)
-         {
--            reply->new_handle = alloc_handle_no_access_check( current->process, token, req->access, objattr->attributes );
-+            unsigned int access = req->access ? req->access : get_handle_access( current->process, req->handle );
-+            reply->new_handle = alloc_handle_no_access_check( current->process, token, access, objattr->attributes );
-             release_object( token );
-         }
-         release_object( src_token );
--- 
-2.13.1
-

patches/advapi32-Token_Integrity_Level/0005-server-Use-all-group-attributes-in-create_token.patch

@@ -1,46 +0,0 @@
-From 48f4c131f9e8ffc091dde12437ad0772ed1c5ca6 Mon Sep 17 00:00:00 2001
-From: Sebastian Lackner <sebastian@fds-team.de>
-Date: Sun, 6 Aug 2017 15:16:33 +0200
-Subject: server: Use all group attributes in create_token.
-
----
- server/token.c | 14 +++++++-------
- 1 file changed, 7 insertions(+), 7 deletions(-)
-
-diff --git a/server/token.c b/server/token.c
-index 0019b3a..2a56664 100644
---- a/server/token.c
-+++ b/server/token.c
-@@ -592,13 +592,13 @@ static struct token *create_token( unsigned primary, const SID *user,
-                 return NULL;
-             }
-             memcpy( &group->sid, groups[i].Sid, security_sid_len( groups[i].Sid ));
--            group->enabled = TRUE;
--            group->def = TRUE;
--            group->logon = (groups[i].Attributes & SE_GROUP_LOGON_ID) != 0;
-             group->mandatory = (groups[i].Attributes & SE_GROUP_MANDATORY) != 0;
--            group->owner = (groups[i].Attributes & SE_GROUP_OWNER) != 0;
--            group->resource = FALSE;
--            group->deny_only = FALSE;
-+            group->def       = (groups[i].Attributes & SE_GROUP_ENABLED_BY_DEFAULT) != 0;
-+            group->enabled   = (groups[i].Attributes & SE_GROUP_ENABLED) != 0;
-+            group->owner     = (groups[i].Attributes & SE_GROUP_OWNER) != 0;
-+            group->deny_only = (groups[i].Attributes & SE_GROUP_USE_FOR_DENY_ONLY) != 0;
-+            group->logon     = (groups[i].Attributes & SE_GROUP_LOGON_ID) != 0;
-+            group->resource  = (groups[i].Attributes & SE_GROUP_RESOURCE) != 0;
-             list_add_tail( &token->groups, &group->entry );
-             /* Use first owner capable group as owner and primary group */
-             if (!token->primary_group && group->owner)
-@@ -1603,8 +1603,8 @@ DECL_HANDLER(get_token_groups)
-                     if (group->enabled) *attr_ptr |= SE_GROUP_ENABLED;
-                     if (group->owner) *attr_ptr |= SE_GROUP_OWNER;
-                     if (group->deny_only) *attr_ptr |= SE_GROUP_USE_FOR_DENY_ONLY;
--                    if (group->resource) *attr_ptr |= SE_GROUP_RESOURCE;
-                     if (group->logon) *attr_ptr |= SE_GROUP_LOGON_ID;
-+                    if (group->resource) *attr_ptr |= SE_GROUP_RESOURCE;
- 
-                     memcpy(sid_ptr, &group->sid, security_sid_len( &group->sid ));
- 
--- 
-2.7.4
-

patches/advapi32-Token_Integrity_Level/0006-ntdll-Add-function-to-create-new-tokens-for-elevatio.patch

@@ -1,219 +0,0 @@
-From c47977a8bbd739483589d1f01cfece435be1c100 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
-Date: Sat, 5 Aug 2017 01:45:29 +0200
-Subject: [PATCH] ntdll: Add function to create new tokens for elevation
- purposes.
-
----
- dlls/ntdll/ntdll.spec   |  3 ++
- dlls/ntdll/ntdll_misc.h |  3 ++
- dlls/ntdll/process.c    | 18 +++++++++
- server/protocol.def     |  8 ++++
- server/security.h       |  1 +
- server/token.c          | 84 +++++++++++++++++++++++++++++++++++++++++
- 6 files changed, 117 insertions(+)
-
-diff --git a/dlls/ntdll/ntdll.spec b/dlls/ntdll/ntdll.spec
-index 0997c310110..8e3786e1972 100644
---- a/dlls/ntdll/ntdll.spec
-+++ b/dlls/ntdll/ntdll.spec
-@@ -1600,6 +1600,9 @@
- # Virtual memory
- @ cdecl __wine_locked_recvmsg(long ptr long)
- 
-+# Token
-+@ cdecl __wine_create_default_token(long)
-+
- # Version
- @ cdecl wine_get_version()
- @ cdecl wine_get_build_id()
-diff --git a/dlls/ntdll/ntdll_misc.h b/dlls/ntdll/ntdll_misc.h
-index 63ceac42e94..5a98501381b 100644
---- a/dlls/ntdll/ntdll_misc.h
-+++ b/dlls/ntdll/ntdll_misc.h
-@@ -67,6 +67,9 @@ extern void init_user_process_params(void) DECLSPEC_HIDDEN;
- extern NTSTATUS restart_process( RTL_USER_PROCESS_PARAMETERS *params, NTSTATUS status ) DECLSPEC_HIDDEN;
- extern void CDECL DECLSPEC_NORETURN signal_start_thread( CONTEXT *ctx ) DECLSPEC_HIDDEN;
- 
-+/* token */
-+extern HANDLE CDECL __wine_create_default_token(BOOL admin);
-+
- /* server support */
- extern BOOL is_wow64 DECLSPEC_HIDDEN;
- 
-diff --git a/dlls/ntdll/process.c b/dlls/ntdll/process.c
-index 77ba5b371e2..3e91a1fa9c4 100644
---- a/dlls/ntdll/process.c
-+++ b/dlls/ntdll/process.c
-@@ -72,6 +72,24 @@ HANDLE CDECL __wine_make_process_system(void)
-     return ret;
- }
- 
-+/***********************************************************************
-+ *           __wine_create_default_token   (NTDLL.@)
-+ *
-+ * Creates a default limited or admin token.
-+ */
-+HANDLE CDECL __wine_create_default_token( BOOL admin )
-+{
-+    HANDLE ret = NULL;
-+    SERVER_START_REQ( create_token )
-+    {
-+        req->admin = admin;
-+        if (!wine_server_call( req ))
-+            ret = wine_server_ptr_handle( reply->token );
-+    }
-+    SERVER_END_REQ;
-+    return ret;
-+}
-+
- /***********************************************************************
-  *           restart_process
-  */
-diff --git a/server/protocol.def b/server/protocol.def
-index 30a102d7b82..a9308904afc 100644
---- a/server/protocol.def
-+++ b/server/protocol.def
-@@ -3481,6 +3481,14 @@ struct handle_info
- @END
- 
- 
-+/* Create a new token */
-+@REQ(create_token)
-+    unsigned int  admin;        /* admin or limited token */
-+@REPLY
-+    obj_handle_t  token;        /* handle for new token */
-+@END
-+
-+
- /* Create I/O completion port */
- @REQ(create_completion)
-     unsigned int access;          /* desired access to a port */
-diff --git a/server/security.h b/server/security.h
-index 6c337143c3d..21e90ccf23f 100644
---- a/server/security.h
-+++ b/server/security.h
-@@ -49,6 +49,7 @@ extern const PSID security_builtin_users_sid;
- extern const PSID security_builtin_admins_sid;
- extern const PSID security_domain_users_sid;
- extern const PSID security_high_label_sid;
-+extern const PSID security_medium_label_sid;
- 
- 
- /* token functions */
-diff --git a/server/token.c b/server/token.c
-index c4f1cd943c2..970ed1838da 100644
---- a/server/token.c
-+++ b/server/token.c
-@@ -77,6 +77,7 @@ static const SID anonymous_logon_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORIT
- static const SID authenticated_user_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_AUTHENTICATED_USER_RID } };
- static const SID local_system_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SYSTEM_RID } };
- static const SID high_label_sid = { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY }, { SECURITY_MANDATORY_HIGH_RID } };
-+static const SID medium_label_sid = { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY }, { SECURITY_MANDATORY_MEDIUM_RID } };
- static const SID_N(5) local_user_sid = { SID_REVISION, 5, { SECURITY_NT_AUTHORITY }, { SECURITY_NT_NON_UNIQUE, 0, 0, 0, 1000 } };
- static const SID_N(2) builtin_admins_sid = { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS } };
- static const SID_N(2) builtin_users_sid = { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_USERS } };
-@@ -93,6 +94,7 @@ const PSID security_builtin_admins_sid = (PSID)&builtin_admins_sid;
- const PSID security_builtin_users_sid = (PSID)&builtin_users_sid;
- const PSID security_domain_users_sid = (PSID)&domain_users_sid;
- const PSID security_high_label_sid = (PSID)&high_label_sid;
-+const PSID security_medium_label_sid = (PSID)&medium_label_sid;
- 
- static luid_t prev_luid_value = { 1000, 0 };
- 
-@@ -915,6 +917,64 @@ struct token *token_create_admin( void )
-     return token;
- }
- 
-+static struct token *token_create_limited( void )
-+{
-+    struct token *token = NULL;
-+    static const SID_IDENTIFIER_AUTHORITY nt_authority = { SECURITY_NT_AUTHORITY };
-+    static const unsigned int alias_admins_subauth[] = { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS };
-+    static const unsigned int alias_users_subauth[] = { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_USERS };
-+    /* on Windows, this value changes every time the user logs on */
-+    static const unsigned int logon_subauth[] = { SECURITY_LOGON_IDS_RID, 0, 1 /* FIXME: should be randomly generated when tokens are inherited by new processes */ };
-+    PSID alias_admins_sid;
-+    PSID alias_users_sid;
-+    PSID logon_sid;
-+    const SID *user_sid = security_unix_uid_to_sid( getuid() );
-+    ACL *default_dacl = create_default_dacl( user_sid );
-+
-+    alias_admins_sid = security_sid_alloc( &nt_authority, sizeof(alias_admins_subauth)/sizeof(alias_admins_subauth[0]),
-+                                           alias_admins_subauth );
-+    alias_users_sid = security_sid_alloc( &nt_authority, sizeof(alias_users_subauth)/sizeof(alias_users_subauth[0]),
-+                                          alias_users_subauth );
-+    logon_sid = security_sid_alloc( &nt_authority, sizeof(logon_subauth)/sizeof(logon_subauth[0]),
-+                                    logon_subauth );
-+
-+    if (alias_admins_sid && alias_users_sid && logon_sid && default_dacl)
-+    {
-+        const LUID_AND_ATTRIBUTES user_privs[] =
-+        {
-+            { SeChangeNotifyPrivilege        , SE_PRIVILEGE_ENABLED },
-+            { SeShutdownPrivilege            , 0                    },
-+            { SeUndockPrivilege              , 0                    },
-+        };
-+        /* note: we don't include non-builtin groups here for the user -
-+         * telling us these is the job of a client-side program */
-+        const SID_AND_ATTRIBUTES user_groups[] =
-+        {
-+            { security_world_sid, SE_GROUP_ENABLED|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_MANDATORY },
-+            { security_local_sid, SE_GROUP_ENABLED|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_MANDATORY },
-+            { security_interactive_sid, SE_GROUP_ENABLED|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_MANDATORY },
-+            { security_authenticated_user_sid, SE_GROUP_ENABLED|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_MANDATORY },
-+            { security_domain_users_sid, SE_GROUP_ENABLED|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_MANDATORY|SE_GROUP_OWNER },
-+            { alias_admins_sid, SE_GROUP_USE_FOR_DENY_ONLY },
-+            { alias_users_sid, SE_GROUP_ENABLED|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_MANDATORY },
-+            { logon_sid, SE_GROUP_ENABLED|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_MANDATORY|SE_GROUP_LOGON_ID },
-+        };
-+        static const TOKEN_SOURCE admin_source = {"SeMgr", {0, 0}};
-+        token = create_token( TRUE, user_sid, user_groups, sizeof(user_groups)/sizeof(user_groups[0]),
-+                              user_privs, sizeof(user_privs)/sizeof(user_privs[0]), default_dacl,
-+                              admin_source, NULL, -1, TokenElevationTypeLimited, &medium_label_sid );
-+        /* we really need a primary group */
-+        assert( token->primary_group );
-+    }
-+
-+    free( logon_sid );
-+    free( alias_admins_sid );
-+    free( alias_users_sid );
-+    free( default_dacl );
-+
-+    return token;
-+}
-+
- static struct privilege *token_find_privilege( struct token *token, const LUID *luid, int enabled_only )
- {
-     struct privilege *privilege;
-@@ -1720,3 +1780,27 @@ DECL_HANDLER(set_token_default_dacl)
-         release_object( token );
-     }
- }
-+
-+DECL_HANDLER(create_token)
-+{
-+    struct token *token;
-+    PSID label;
-+
-+    if (req->admin)
-+    {
-+        token = token_create_admin();
-+        label = security_high_label_sid;
-+    }
-+    else
-+    {
-+        token = token_create_limited();
-+        label = security_medium_label_sid;
-+    }
-+
-+    if (token)
-+    {
-+        if (token_assign_label( token, label ))
-+            reply->token = alloc_handle( current->process, token, TOKEN_ALL_ACCESS, 0 );
-+        release_object( token );
-+    }
-+}
--- 
-2.28.0
-

patches/advapi32-Token_Integrity_Level/0007-shell32-Implement-process-elevation-using-runas-verb.patch

@@ -1,66 +0,0 @@
-From cf24ca0854a5b0dca2055f0991fd9a932125c65e Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
-Date: Sat, 5 Aug 2017 02:03:20 +0200
-Subject: shell32: Implement process elevation using runas verb.
-
----
- dlls/shell32/shlexec.c | 22 ++++++++++++++++++++--
- 1 file changed, 20 insertions(+), 2 deletions(-)
-
-diff --git a/dlls/shell32/shlexec.c b/dlls/shell32/shlexec.c
-index 0cf112b6373..af50078dbca 100644
---- a/dlls/shell32/shlexec.c
-+++ b/dlls/shell32/shlexec.c
-@@ -50,6 +50,8 @@
- 
- WINE_DEFAULT_DEBUG_CHANNEL(exec);
- 
-+extern HANDLE CDECL __wine_create_default_token(BOOL admin);
-+
- static const WCHAR wszOpen[] = {'o','p','e','n',0};
- static const WCHAR wszExe[] = {'.','e','x','e',0};
- static const WCHAR wszILPtr[] = {':','%','p',0};
-@@ -312,6 +314,8 @@ static HRESULT SHELL_GetPathFromIDListForExecuteW(LPCITEMIDLIST pidl, LPWSTR psz
- static UINT_PTR SHELL_ExecuteW(const WCHAR *lpCmd, WCHAR *env, BOOL shWait,
- 			    const SHELLEXECUTEINFOW *psei, LPSHELLEXECUTEINFOW psei_out)
- {
-+    static WCHAR runasW[] = {'r','u','n','a','s',0};
-+    HANDLE token = NULL;
-     STARTUPINFOW  startup;
-     PROCESS_INFORMATION info;
-     UINT_PTR retval = SE_ERR_NOASSOC;
-@@ -344,8 +348,20 @@ static UINT_PTR SHELL_ExecuteW(const WCHAR *lpCmd, WCHAR *env, BOOL shWait,
-     dwCreationFlags = CREATE_UNICODE_ENVIRONMENT;
-     if (!(psei->fMask & SEE_MASK_NO_CONSOLE))
-         dwCreationFlags |= CREATE_NEW_CONSOLE;
--    if (CreateProcessW(NULL, (LPWSTR)lpCmd, NULL, NULL, FALSE, dwCreationFlags, env,
--                       lpDirectory, &startup, &info))
-+
-+    /* Spawning a process with runas verb means that the process should be
-+     * executed with admin rights. This function ignores the manifest data,
-+     * and allows programs to elevate rights on-demand. On Windows a complex
-+     * RPC menchanism is used, using CreateProcessAsUser would fail because
-+     * it can only be used to drop rights. */
-+    if (psei->lpVerb && !strcmpiW(psei->lpVerb, runasW))
-+    {
-+        if (!(token = __wine_create_default_token(TRUE)))
-+            ERR("Failed to create admin token\n");
-+    }
-+
-+    if (CreateProcessAsUserW(token, NULL, (LPWSTR)lpCmd, NULL, NULL, FALSE,
-+                             dwCreationFlags, env, lpDirectory, &startup, &info))
-     {
-         /* Give 30 seconds to the app to come up, if desired. Probably only needed
-            when starting app immediately before making a DDE connection. */
-@@ -365,6 +381,8 @@ static UINT_PTR SHELL_ExecuteW(const WCHAR *lpCmd, WCHAR *env, BOOL shWait,
-         retval = ERROR_BAD_FORMAT;
-     }
- 
-+    if (token) CloseHandle(token);
-+
-     TRACE("returning %lu\n", retval);
- 
-     psei_out->hInstApp = (HINSTANCE)retval;
--- 
-2.13.1
-

patches/advapi32-Token_Integrity_Level/0015-ntdll-Add-semi-stub-for-TokenLinkedToken-info-class.patch

@@ -1,67 +0,0 @@
-From e34d019222909281390f83149be755a4145024c4 Mon Sep 17 00:00:00 2001
-From: Sebastian Lackner <sebastian@fds-team.de>
-Date: Mon, 7 Aug 2017 15:28:33 +0200
-Subject: [PATCH] ntdll: Add semi-stub for TokenLinkedToken info class.
-
----
- dlls/ntdll/unix/security.c | 30 +++++++++++++++++++++++++++++-
- 1 file changed, 29 insertions(+), 1 deletion(-)
-
-diff --git a/dlls/ntdll/unix/security.c b/dlls/ntdll/unix/security.c
-index f0057116dee..2769e5f6a7b 100644
---- a/dlls/ntdll/unix/security.c
-+++ b/dlls/ntdll/unix/security.c
-@@ -138,6 +138,7 @@ NTSTATUS WINAPI NtDuplicateToken( HANDLE token, ACCESS_MASK access, OBJECT_ATTRI
-     return status;
- }
- 
-+extern HANDLE CDECL __wine_create_default_token(BOOL admin);
- 
- /***********************************************************************
-  *             NtQueryInformationToken  (NTDLL.@)
-@@ -166,7 +167,7 @@ NTSTATUS WINAPI NtQueryInformationToken( HANDLE token, TOKEN_INFORMATION_CLASS c
-         0,    /* TokenAuditPolicy */
-         0,    /* TokenOrigin */
-         sizeof(TOKEN_ELEVATION_TYPE), /* TokenElevationType */
--        0,    /* TokenLinkedToken */
-+        sizeof(TOKEN_LINKED_TOKEN), /* TokenLinkedToken */
-         sizeof(TOKEN_ELEVATION), /* TokenElevation */
-         0,    /* TokenHasRestrictions */
-         0,    /* TokenAccessInformation */
-@@ -401,6 +402,33 @@ NTSTATUS WINAPI NtQueryInformationToken( HANDLE token, TOKEN_INFORMATION_CLASS c
-         SERVER_END_REQ;
-         break;
- 
-+    case TokenLinkedToken:
-+        SERVER_START_REQ( get_token_elevation_type )
-+        {
-+            TOKEN_LINKED_TOKEN *linked_token = info;
-+            req->handle = wine_server_obj_handle( token );
-+            status = wine_server_call( req );
-+            if (status == STATUS_SUCCESS)
-+            {
-+                HANDLE token;
-+                /* FIXME: On Wine we do not have real linked tokens yet. Typically, a
-+                 * program running with admin privileges is linked to a limited token,
-+                 * and vice versa. We just create a new token instead of storing links
-+                 * on the wineserver side. Using TokenLinkedToken twice should return
-+                 * back the original token. */
-+                if ((reply->elevation == TokenElevationTypeFull || reply->elevation == TokenElevationTypeLimited) &&
-+                    (token = __wine_create_default_token( reply->elevation != TokenElevationTypeFull )))
-+                {
-+                    status = NtDuplicateToken( token, 0, NULL, SecurityIdentification, TokenImpersonation, &linked_token->LinkedToken );
-+                    NtClose( token );
-+                }
-+                else
-+                    status = STATUS_NO_TOKEN;
-+            }
-+        }
-+        SERVER_END_REQ;
-+        break;
-+
-     case TokenElevation:
-         SERVER_START_REQ( get_token_elevation_type )
-         {
--- 
-2.27.0
-