1berry/Inno-Setup-issrc
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Inno-Setup-issrc/whatsnew.htm
Martijn Laan 0785ee8b40
Merge branch 'main' into files-hash
2025-06-12 12:53:40 +02:00

242 lines
18 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<title>Inno Setup 6 Revision History</title>
<base href="https://jrsoftware.org/" />
<style type="text/css">
:root {
color-scheme: light dark;
--main-fg-color: light-dark(#282828, #d6d6d6);
--main-bg-color: light-dark(white, #1f1f1f);
--link-fg-color: light-dark(hsl(206, 100%, 37%), hsl(206, 100%, 50%));
--link-hover-fg-color: light-dark(hsl(206, 100%, 27%), hsl(206, 100%, 43%));
--code-bg-color: light-dark(#f0f0f0, #403e41);
}
body { font: calc(14rem/16)/1.5 "Segoe UI", sans-serif; color: var(--main-fg-color); background-color: var(--main-bg-color) }
a:link, a:visited { color: var(--link-fg-color); background-color: transparent; text-decoration: none }
a[href]:hover { color: var(--link-hover-fg-color); text-decoration: underline }
tt, pre { font: calc(13rem/16)/calc(21rem/16) monospace; color: inherit; background-color: var(--code-bg-color) }
tt { padding: 2px 4px; border-radius: 4px }
pre { line-height: normal; padding: 10px; border-radius: 6px }
li, div.limargins { margin-block: calc(5rem/16) }
div.bluehead { text-align: center; color: white; background-color: hsl(206, 100%, 30%); padding: 5px; font-weight: bold; line-height: normal }
.date { font-size: calc(11rem/16); font-weight: bold }
.head1 { font-size: calc(32rem/16) }
.head2 { font-size: calc(20rem/16) }
.ver { font-size: calc(20rem/16); font-weight: bold }
</style>
</head>
<body>
<div class="bluehead"><span class="head1">Inno Setup 6</span><br /><span class="head2">Revision History</span></div>
<p>Copyright © 1997-2025 <a href="./">Jordan Russell</a>. All rights reserved.<br />
Portions Copyright © 2000-2025 Martijn Laan. All rights reserved.<br />
For conditions of distribution and use, see <a href="files/is/license.txt">LICENSE.TXT</a>.
</p>
<p><b>Want to be notified by e-mail of new Inno Setup releases?</b> <a href="ismail.php">Subscribe</a> to the Inno Setup Mailing List!</p>
<p><a name="6.5.0"></a><span class="ver">6.5.0-dev </span><span class="date">(?)</span></p>
<span class="head2">Improved archive extraction</span>
<p>Support for extraction of downloaded archives has been improved. It's now possible to enable support for password-protected archives and for multiple archive formats other than .7z such as .zip. This can also be used to lower the memory requirements for extraction of .7z archives that contain large files. Additionally the <tt>[Files]</tt> section now supports archive extraction.</p>
<p>All of this is optional and does <i>not</i> increase the size of Setup if not used.</p>
<ul>
<li>Updated <tt>[Setup]</tt> and <tt>[Files]</tt> section:
<ul>
<li>Added new <tt>[Setup]</tt> section directive <tt>ArchiveExtraction</tt> to specify the method of archive extraction used by new <tt>[Files]</tt> section flag <tt>extractarchive</tt> (see below) and support functions <tt>ExtractArchive</tt> and <tt>CreateExtractionPage</tt>:
<ul>
<li><tt>basic</tt> (default) is the method introduced by Inno Setup 6.4.0. It only supports .7z archives that are not password-protected.</li>
<li><tt>enhanced/nopassword</tt> is a new method and internally uses 7zxr.dll from the 7-Zip source code by Igor Pavlov, as-is, except that it was recompiled, code-signed, and renamed to is7zxr.dll. Compared to <tt>basic</tt>, it has lower memory requirements for archives that contain large files but increases the size of the Setup file(s). It still only supports .7z archives that are not password-protected.</li>
<li><tt>enhanced</tt> uses 7zxa.dll instead of 7zxr.dll, recompiled, code-signed, and renamed to is7zxa.dll. It still only supports .7z archives, but they may be password-protected.</li>
<li><tt>full</tt> uses 7z.dll instead of 7zxa.dll, recompiled, code-signed, and renamed to is7z.dll. It supports multiple archive formats (.7z, .zip, .rar, and more), although not as many as the original 7z.dll, to reduce its size.</li>
</ul>
New documentation topic <a href="https://jrsoftware.org/ishelp/index.php?topic=setup_archiveextraction">ArchiveExtraction</a> has a table summarizing the differences between these methods.
</li>
<li>Added new <tt>[Files]</tt> section flag <tt>extractarchive</tt> and parameter <tt>ExtractArchivePassword</tt>, intended to enable the seamless integration and extraction of archives.
<ul>
<li>The supported archive formats, beyond .7z, and the support for password-protected archives, depend on the aforementioned <tt>ArchiveExtraction</tt> directive, that must not be set to <tt>basic</tt>.</li>
<li>Flag <tt>extractarchive</tt> must be combined with the <tt>external</tt> and <tt>ignoreversion</tt> flags. It is usually also combined with the <tt>recursesubdirs</tt> and <tt>createallsubdirs</tt> flags.</li>
<li>Using a solid archive is not recommended; extraction performance may degrade depending on the solid block size.</li>
<li>Archive extraction otherwise behaves the same as external file copying. For example, it supports automatic uninstallation of extracted files and can be combined with same other flags and parameters.</li>
<li>Example script:
<pre>[Setup]
ArchiveExtraction=enhanced/nopassword
[Files]
Source: "{tmp}\MyProg-ExtraReadmes.7z"; DestDir: "{app}"; \
Flags: external extractarchive recursesubdirs createallsubdirs ignoreversion</pre>
</li>
</ul>
</li>
<li>Updated example script <i>CodeDownloadFiles.iss</i> to demonstrate how to use a single <tt>[Files]</tt> entry to extract a downloaded archive.</li>
<li>Archive extraction now honors the file system redirection state set by 64-bit install mode, entry flags, and support function <tt>EnableFsRedirection</tt>.</li>
</ul>
</li>
<li>Updated Pascal Scripting:
<ul>
<li>New support function <tt>ExtractArchive</tt> replaces the deprecated <tt>Extract7ZipArchive</tt>. <tt>ExtractArchive</tt> includes an additional parameter to optionally specify a password.</li>
<li><tt>ExtractArchive</tt> and <tt>CreateExtractionPage</tt> now overwrite read-only files which already exist in the destination directory without prompting the user. Previously this would cause an extraction error.</li>
<li>Added new <tt>AddEx</tt> function to support class <tt>TExtractionWizardPage</tt> to add password-protected archives.</li>
</ul>
</li>
</ul>
<span class="head2">Improved file downloads</span>
<p>Support for downloading files has been improved: the <tt>[Files]</tt> section now supports file downloads. Writing Pascal Script to download a file is no longer necessary and is in fact less efficient since it requires an intermediate temporary file which this new download support doesn't.</p>
<ul>
<li>Updated <tt>[Files]</tt> section:
<ul>
<li>Added new <tt>[Files]</tt> section flag <tt>download</tt> and parameters <tt>DownloadUserName</tt> and <tt>DownloadPassword</tt>, intended to enable the seamless integration of downloaded files.</li>
<li>Supports HTTPS (but not expired or self-signed certificates) and HTTP. Redirects are automatically followed and proxy settings are automatically used. Safe to use from services.</li>
<li>Flag <tt>download</tt> must be combined with the <tt>external</tt> and <tt>ignoreversion</tt> flags. Additionally, the <tt>DestName</tt> and <tt>ExternalSize</tt> parameters must be set.<br/>
It can also be combined with the new <tt>issigverify</tt> flag (see below) for efficient and highly secure verification of the download file.<br/>
It cannot be combined with the <tt>comparetimestampalso</tt>, <tt>recursesubdirs</tt> and <tt>skipifsourcedoesntexist</tt> flags.</li>
<li>File download otherwise behaves the same as external file copying. For example, it supports automatic uninstallation of downloaded files and can be combined with same other flags and parameters.</li>
<li>Example script:
<pre>[Files]
Source: "https://jrsoftware.org/download.php/is.exe?dontcount=1"; DestName: "innosetup-latest.exe"; DestDir: "{app}"; \
ExternalSize: 7_000_000; Flags: external download ignoreversion</pre>
</li>
<li>Updated example script <i>CodeDownloadFiles.iss</i> to demonstrate how to use a single <tt>[Files]</tt> entry to download a file.</li>
</ul>
</li>
</ul>
<span class="head2">New signature-verification capability</span>
<p>Inno Setup now includes an integrated signature-verification capability that can be used to detect corruption or tampering in your files at compile time, before files are included in an installer being built, or during installation, before Setup copies external files onto a user's system.</p>
<p>Any type of file may be signed and verified, and creation of signatures does <i>not</i> require a certificate from a certificate authority. There is no cost involved.</p>
<p>Note, however, that these signatures cannot be used to eliminate an "Unknown publisher" warning message shown by Windows when an installer or other EXE file is started. That requires a completely different kind of signature (Authenticode) embedded inside the EXE file by a different tool (Microsoft's <tt>signtool.exe</tt>), and it does require a (usually expensive) code-signing certificate from a certificate authority.</p>
<p>A more detailed summary:</p>
<ul>
<li>New <tt>[ISSigKeys]</tt> section:
<ul>
<li>Added a new optional <tt>[ISSigKeys]</tt> section for defining keys used by the compiler and Setup to verify file signatures.</li>
<li>Supports parameters <tt>Name</tt> (required) and <tt>Group</tt> to identify keys, parameters <tt>KeyFile</tt>, <tt>PublicX</tt>, and <tt>PublicY</tt> to specify the key values, parameter <tt>KeyID</tt> to double-check the key values, and parameter <tt>RuntimeID</tt> for runtime identification of the key.</li>
<li>Key files are human-readable and can be created using Inno Setup Signature Tool (see below).</li>
<li>Example section:
<pre>[ISSigKeys]
Name: anna: KeyFile: "anna.ispublickey"; Group: exesigner
Name: ryan; KeyFile: "ryan.ispublickey"; Group: exesigner
Name: ivan; KeyFile: "ivan.ispublickey"; Group: docsigner
; max is trusted for both exe and doc signing
Name: max; KeyFile: "max.ispublickey"; Group: exesigner docsigner
; the boss also has a key
Name: bosskey; KeyFile: "boss.ispublickey"</pre>
</li>
</ul>
</li>
<li>Updated <tt>[Files]</tt> section:
<ul>
<li>Added a new <tt>issigverify</tt> flag for enforcing cryptographic signature verification of source files using a key from the <tt>[ISSigKeys]</tt> section, enhancing security during both compilation and installation.</li>
<li>When used without the <tt>external</tt> flag, verification is performed during compilation, aborting if it fails. When used with the <tt>external</tt> flag, verification occurs during installation, ensuring the integrity of files as they are copied.</li>
<li>Requires an <tt>.issig</tt> signature file to be present in the same directory as the source file. Signature files are human-readable files and can be created using the Inno Setup Signature Tool.</li>
<li>Has little performance impact since verification occurs while source files are being compressed/copied and each file's contents are only read once; the only extra I/O comes from reading the tiny <tt>.issig</tt> files. Only archives and downloaded files are read a second time.</li>
<li>The verification process is protected against the Time-Of-Check to Time-Of-Use (TOCTOU) problem.</li>
<li>Can be used to verify downloaded files, offering flexibility over SHA-256 checks as script changes aren't needed for file updates. See the updated <i>CodeDownloadFiles.iss</i> example script for an example.</li>
<li>Added a new and optional <tt>ISSigAllowedKeys</tt> parameter to restrict which keys or groups of keys from the <tt>[ISSigKeys]</tt> section are permitted for signature verification using the <tt>issigverify</tt> flag.</li>
<li>Note: The <tt>issigverify</tt> flag cannot be combined with the <tt>sign</tt> or <tt>signonce</tt> flags. Use <tt>signcheck</tt> instead.</li>
<li>Example section:
<pre>[Files]
Source: "MyProg.exe"; DestDir: "{app}"; \
ISSigAllowedKeys: "exesigner bosskey"; Flags: issigverify
Source: "MyProg.chm"; DestDir: "{app}"; \
ISSigAllowedKeys: "docsigner bosskey"; Flags: issigverify
Source: "{src}\Extra\*.chm"; DestDir: "{app}"; \
ISSigAllowedKeys: "docsigner bosskey"; Flags: issigverify external; \
Excludes: "*.issig"
Source: "https://jrsoftware.org/download.php/is.exe?dontcount=1"; DestDir: "{app}"; \
ISSigAllowedKeys: "exesigner bosskey"; Flags: issigverify external download ignoreversion; \
DestName: "innosetup-latest.exe"; ExternalSize: 7_000_000</pre>
</li>
</ul>
</li>
<li>New Inno Setup Signature Tool:
<ul>
<li>Added <tt>ISSigTool.exe</tt>, a new command-line utility designed to sign files using ECDSA P-256 cryptographic signatures.</li>
<li>Offers commands to sign and verify files, to export public keys and to generate private keys.</li>
<li>Example commands:
<pre>issigtool --key-file="MyKey.isprivatekey" generate-private-key
issigtool --key-file="MyKey.isprivatekey" sign "MyProg.dll"
issigtool --key-file="MyKey.isprivatekey" export-public-key "MyKey.ispublickey"
issigtool --key-file="MyKey.ispublickey" verify "MyProg.dll"</pre>
</li>
</ul>
</li>
<li>Updated documentation:
<ul>
<li>Added new <a href="https://jrsoftware.org/ishelp/index.php?topic=issigkeyssection">[ISSigKeys] section</a> topic.</li>
<li>Updated <a href="https://jrsoftware.org/ishelp/index.php?topic=filessection">[Files] section</a> topic.</li>
<li>Added new <a href="https://jrsoftware.org/ishelp/index.php?topic=issig">.issig Signatures: Introduction</a> topic.</li>
<li>Added new <a href="https://jrsoftware.org/ishelp/index.php?topic=issigtool">Inno Setup Signature Tool</a> topic.</li>
</ul>
</li>
<li>Other related changes:
<ul>
<li>The compiler now verifies that precompiled files like <i>SetupLdr.e32</i> and <i>Setup.e32</i> remain unchanged before using them. Can be disabled using new [Setup] section directive <tt>VerifyPrecompiledFiles</tt>. Doing so is <i>not</i> recommended.</li>
<li>Added new [Files] section parameter <tt>Hash</tt>. Instructs the compiler or Setup to do a simple SHA-256 hash check instead of a full signature verification, as an alternative to using the <tt>issigverify</tt> flag.<br/>
Example script:
<pre>[Files]
Source: "https://jrsoftware.org/download.php/iscrypt.dll?dontcount=1"; DestName: "ISCrypt.dll"; DestDir: "{app}"; \
Hash: "2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc"; \
ExternalSize: 2560; Flags: external download ignoreversion</pre>
</li>
<li>Pascal Scripting:
<ul>
<li>Added new <tt>ISSigVerify</tt> and <tt>DownloadTemporaryFileWithISSigVerify</tt> support functions.</li>
<li>Added new <tt>AddWithISSigVerify</tt> and <tt>AddExWithISSigVerify</tt> functions to support class <tt>TDownloadWizardPage</tt>. See updated example script <i>CodeDownloadFiles.iss</i> for an example.</li>
</ul>
</li>
</ul>
</li>
</ul>
<span class="head2">Other changes</span>
<ul>
<li>Compiler IDE:
<ul>
<li>The <i>Find in Files</i> result list will now update its line numbers when you add or delete lines.</li>
<li>The <i>Highlight occurrences of current word</i> option (which is disabled by default) no longer highlights a section's directive names, parameter names, or Pascal keywords. The <i>Highlight occurrences of current selection</i> option (which is enabled by default) still does.</li>
</ul>
</li>
<li><tt>[Files]</tt> section parameter <tt>Excludes</tt> can now be combined with the <tt>external</tt> flag.</li>
<li>Parameters <tt>ExternalSize</tt>, <tt>ExtraDiskSpaceRequired</tt>, and <tt>UninstallDisplaySize</tt> now support digit separators. Example: <tt>UninstallDisplaySize=1_073_741_824</tt>.<br/>
The same applies to <tt>[Registry]</tt> parameter <tt>ValueData</tt> if <tt>ValueType</tt> is set to <tt>qword</tt>.</li>
<li>ISPP changes:
<ul>
<li>Added predefined variable <tt>__DIR__</tt>. Returns the directory of the current include file.</li>
<li>Renamed predefined variables <tt>__FILE__</tt> to <tt>__FILENAME__</tt> and <tt>ISPPCC_INVOKED</tt> to <tt>ISCC_INVOKED</tt>. The old names still work.</li>
<li>Renamed support function <tt>RemoveBackslash</tt> to <tt>RemoveBackslashUnlessRoot</tt>. The old name still works.</li>
<li><i>Fix:</i> The return value of support function <tt>ExtractFilePath</tt> did not always include a trailing backslash as intended.</li>
</ul>
</li>
<li>Pascal Scripting change: Added new <tt>GetSHA256OfStream</tt> support function.</li>
<li>Inno Setup 6.4.3 increased the maximum width of all task dialogs by about 50%, which helps to keep long paths from being truncated with ellipses. It now only does this if the task dialog's content actually contains a path.</li>
<li>All translations which still had an UTF-8 BOM had their BOM removed. Using a BOM in UTF-8 encoded files is not needed and not recommended since Inno Setup 6.3.0.</li>
<li>Inno Setup is now built using Delphi 12.3 Athens instead of Delphi 12.1 Athens. Thanks to Ian Barker from Embarcadero for providing us with a license!</li>
<li>Documentation improvements.</li>
<li>Minor tweaks.</li>
</ul>
<p>Some messages have been removed and added in this version: (<a href="https://github.com/jrsoftware/issrc/commit/9224d13e">View differences in Default.isl</a>.)</p>
<ul>
<li><b>Removed messages:</b>
<ul>
<li>ErrorFileHash1, ErrorFileHash2.</li>
</ul>
</li>
<li><b>New messages:</b>
<ul>
<li>ArchiveIncorrectPassword, ArchiveIsCorrupted, ArchiveUnsupportedFormat.</li>
<li>StatusDownloadFiles.</li>
<li>SourceVerificationFailed, VerificationSignatureDoesntExist, VerificationSignatureInvalid, VerificationKeyNotFound, VerificationFileSizeIncorrect, VerificationFileHashIncorrect.</li>
<li>ErrorDownloading, ErrorExtracting.</li>
</ul>
</li>
</ul>
<p>Note: Not all official translations have been updated for these changes yet.</li>
<p><a href="files/is6.4-whatsnew.htm">Inno Setup 6.4 Revision History</a></p>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink