[Bug 24654] New: windows codec installer fails
http://bugs.winehq.org/show_bug.cgi?id=24654 Summary: windows codec installer fails Product: Wine Version: 1.3.4 Platform: x86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: crypt32 AssignedTo: wine-bugs(a)winehq.org ReportedBy: austinenglish(a)gmail.com Created an attachment (id=31164) --> (http://bugs.winehq.org/attachment.cgi?id=31164) terminal output austin(a)midna:~/wine-git$ git bisect bad 966d722752b659a12ffa355a1e559f94907cd66d is the first bad commit commit 966d722752b659a12ffa355a1e559f94907cd66d Author: Juan Lang <juan.lang(a)gmail.com> Date: Mon Oct 4 18:16:16 2010 -0700 crypt32: Improve error checking for the base policy. :040000 040000 f9ebbde6e36c9d0b061daf58553171e60903c5b8 f4af24892b8e82f2d4f8c3083cf712a89df83694 M dlls can be reproduced with 'winetricks -q wic' Yes, the regression test is right. I didn't believe it either, but reverting that patch fixes it. Terminal output attached. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=24654 Austin English <austinenglish(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download, Installer, | |regression --- Comment #1 from Austin English <austinenglish(a)gmail.com> 2010-10-07 04:22:09 CDT --- I'm using 'winetricks -q wic', btw. Didn't try in gui mode, though I suspect it fails as well. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=24654 Austin English <austinenglish(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |juan_lang(a)yahoo.com -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=24654 --- Comment #2 from Austin English <austinenglish(a)gmail.com> 2010-10-07 04:22:43 CDT --- Created an attachment (id=31165) --> (http://bugs.winehq.org/attachment.cgi?id=31165) +crypt,+chain -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=24654 --- Comment #3 from Juan Lang <juan_lang(a)yahoo.com> 2010-10-07 07:34:44 CDT --- The chain is being failed because it's expired (CERT_E_EXPIRED), whereas before it wouldn't. I'll attach a hack patch that'll probably work around it, though it obviously isn't correct as-is. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=24654 --- Comment #4 from Juan Lang <juan_lang(a)yahoo.com> 2010-10-07 07:35:27 CDT --- Created an attachment (id=31168) --> (http://bugs.winehq.org/attachment.cgi?id=31168) Hack: disable failing expired certs Does this work for you? -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=24654 --- Comment #5 from Juan Lang <juan_lang(a)yahoo.com> 2010-10-07 08:00:23 CDT --- Created an attachment (id=31169) --> (http://bugs.winehq.org/attachment.cgi?id=31169) Patch: Trace certificate chain verification parameters Could you also apply this patch and attach a fresh +crypt,+chain log with it? It'll give me a little more information about what the installer is doing. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=24654 --- Comment #6 from Juan Lang <juan_lang(a)yahoo.com> 2010-10-07 08:17:11 CDT --- (In reply to comment #5)
Could you also apply this patch and attach a fresh +crypt,+chain log with it?
Belay that, it's so easy to reproduce I got my own. Here's the bit I was interested in: trace:crypt:CertVerifyCertificateChainPolicy (#0002, 0x13b430, 0x33b2e4, 0x33b2d0) trace:chain:dump_policy_para cbSize = 12 trace:chain:dump_policy_para dwFlags = 00000000 trace:chain:dump_policy_para pvExtraPolicyPara = (nil) trace:crypt:CertVerifyCertificateChainPolicy returning 1 (800b0101) I was wondering whether the pvExtraPolicyPara might have specified something else. It doesn't. Here's another curious thing, with an additional trace I added: trace:chain:CertGetCertificateChain checking chain at time 1601-01-01 What the heck? My guess at this point is that the authenticode policy (#0002) is supposed to ignore time validity even when not explicitly stated. Tests needed for that, of course. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=24654 --- Comment #7 from Juan Lang <juan_lang(a)yahoo.com> 2010-10-08 07:18:14 CDT --- (In reply to comment #6)
My guess at this point is that the authenticode policy (#0002) is supposed to ignore time validity even when not explicitly stated. Tests needed for that, of course.
Tests show this surmise is incorrect, and that the change is itself correct. So the question is where that bad date is coming from. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=24654 Juan Lang <juan_lang(a)yahoo.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |madewokherd(a)gmail.com --- Comment #8 from Juan Lang <juan_lang(a)yahoo.com> 2010-10-14 16:25:51 CDT --- *** Bug 24735 has been marked as a duplicate of this bug. *** -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=24654 Juan Lang <juan_lang(a)yahoo.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Component|crypt32 |wintrust --- Comment #9 from Juan Lang <juan_lang(a)yahoo.com> 2010-10-14 16:30:37 CDT --- Like I said, the changes to crypt32 were correct. The true problem was in wintrust, which was using the file time as the time to verify, rather than checking for a timestamp within the file signature. Patch sent: http://www.winehq.org/pipermail/wine-patches/2010-October/094535.html The timestamp is still unverified with this patch. Verifying it probably requires implementing CryptMsgVerifyCounterSignatureEncoded(Ex), but it's probably not that important while bug 24160 is still open. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=24654 Juan Lang <juan_lang(a)yahoo.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #31168|0 |1 is obsolete| | -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=24654 Juan Lang <juan_lang(a)yahoo.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED --- Comment #10 from Juan Lang <juan_lang(a)yahoo.com> 2010-10-15 10:49:31 CDT --- Fixed by commit 68fceb5e5b4c345dd6d7f77d2d250f1e8a779007 . -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=24654 Alexandre Julliard <julliard(a)winehq.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #11 from Alexandre Julliard <julliard(a)winehq.org> 2010-10-15 12:50:42 CDT --- Closing bugs fixed in 1.3.5. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
participants (1)
-
wine-bugs@winehq.org