libusb-win32
libusb-win32 copied to clipboard
mcuee
Release plan discussion
We will use 1.2.7.x as snapshot release version. Probably the next formal version should be labeled as 1.2.8.0.
V1.2.7.3 (11/13/2021) - SNAPSHOT RELEASE
-
driver: sign the drivers using SHA1 as well as SHA256
-
driver: sign the drivers after microsoft and not before (win7 fix)
V1.2.7.2 (10/25/2021) - SNAPSHOT RELEASE
-
driver: sign the drivers using EV certificate: https://github.com/mcuee/libusb-win32/issues/24
-
driver: fix possible stack corruption: https://github.com/mcuee/libusb-win32/issues/19
-
lib: fix missing check for failed CloseHandle(): https://github.com/mcuee/libusb-win32/issues/12
V1.2.7.1 (09/18/2019) - SNAPSHOT RELEASE
- Removed support for IA64
- Removed support for W2K
- Properly allocate NX pool memory on Win8+
V1.2.6.0 (01/17/2012)
- Official release.
- Removed ISO maximum transfer size restrictions/transfer splitting.
- Fixed inf-wizard device notification issue.
@dontech Please also help to check those I marked as "wontfix" before you took over from Travis. If you think some of them are worth implementing, then please go ahead to remove the "wontfix" label. Thanks.
The following issues have been fixed. We are more or less ready for the next release.
- #19
- #21
- #25
- #27
As for the digital signature, now Windows 7 is already working. So we are already fine here.
- #24
Release related work to be done.
- update changelog
- including the change log in the installer
- create debug version of bin and installer
@dontech Please also help to check those I marked as "wontfix" before you took over from Travis. If you think some of them are worth implementing, then please go ahead to remove the "wontfix" label. Thanks.
I have removed most of the "wontfix" labels except a few like USB hub support.
@dontech I have changed to the libusb-win32 Sourceforge default download version from 1.2.6.0 release to 1.2.7.3 snapshot release so that the people out there can use the the updated version. It should work for Windows 7/8/8.1/10 so we should still be okay.
https://sourceforge.net/projects/libusb-win32/files/
@dontech For the next release, Windows 7 support may be difficult as the cross-certification expired in Dec 2021.
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x64> .\signtool.exe verify /v /kp C:\temp\libusb-win32-bin-1.2.7.3\bin\amd64\libusb0.sys
Verifying: C:\temp\libusb-win32-bin-1.2.7.3\bin\amd64\libusb0.sys
Signature Index: 0 (Primary Signature)
Hash of file (sha256): 2148A71E5EF84643B11A1A528E421B3860D2D07831FB7BCECA9D0E5DE7B4AC43
Signing Certificate Chain:
Issued to: Microsoft Root Certificate Authority 2010
Issued by: Microsoft Root Certificate Authority 2010
Expires: Sun Jun 24 06:04:01 2035
SHA1 hash: 3B1EFD3A66EA28B16697394703A72CA340A05BD5
Issued to: Microsoft Windows Third Party Component CA 2014
Issued by: Microsoft Root Certificate Authority 2010
Expires: Tue Oct 16 04:41:27 2029
SHA1 hash: 1906DCF62629B563252C826FDD874EFCEB6856C6
Issued to: Microsoft Windows Hardware Compatibility Publisher
Issued by: Microsoft Windows Third Party Component CA 2014
Expires: Fri Dec 03 06:25:28 2021
SHA1 hash: 984E03B613E8C2AE9C692F0DB2C031BF3EE3A0FA
The signature is timestamped: Sat Nov 13 19:54:14 2021
Timestamp Verified by:
Issued to: Microsoft Root Certificate Authority 2010
Issued by: Microsoft Root Certificate Authority 2010
Expires: Sun Jun 24 06:04:01 2035
SHA1 hash: 3B1EFD3A66EA28B16697394703A72CA340A05BD5
Issued to: Microsoft Time-Stamp PCA 2010
Issued by: Microsoft Root Certificate Authority 2010
Expires: Wed Jul 02 05:46:55 2025
SHA1 hash: 2AA752FE64C49ABE82913C463529CF10FF2F04EE
Issued to: Microsoft Time-Stamp Service
Issued by: Microsoft Time-Stamp PCA 2010
Expires: Thu Jan 13 01:28:25 2022
SHA1 hash: A04C15E8F4C630938C2935B1375329AF93CC90D4
Cross Certificate Chain:
Issued to: Microsoft Root Certificate Authority 2010
Issued by: Microsoft Root Certificate Authority 2010
Expires: Sun Jun 24 06:04:01 2035
SHA1 hash: 3B1EFD3A66EA28B16697394703A72CA340A05BD5
Issued to: Microsoft Windows Third Party Component CA 2014
Issued by: Microsoft Root Certificate Authority 2010
Expires: Tue Oct 16 04:41:27 2029
SHA1 hash: 1906DCF62629B563252C826FDD874EFCEB6856C6
Issued to: Microsoft Windows Hardware Compatibility Publisher
Issued by: Microsoft Windows Third Party Component CA 2014
Expires: Fri Dec 03 06:25:28 2021
SHA1 hash: 984E03B613E8C2AE9C692F0DB2C031BF3EE3A0FA
Successfully verified: C:\temp\libusb-win32-bin-1.2.7.3\bin\amd64\libusb0.sys
Number of files successfully Verified: 1
Number of warnings: 0
Number of errors: 0
Further discussions here. https://community.osr.com/discussion/293709/signing-driver-for-win7
If in the end there is no solution, we have to drop Windows 7 support.
@mcuee yes there clearly is a problem there. I have not been able to solve this either.
Either i am missing something or Microsoft made a huge backwards compability support blunder, which is problematic when you consider how many people still use that....
AFAIK drivers for Windows 7 can only be signed using their cross-certificate, and since they have stopped issueing those, then i fail to see how that would work.
They need to issue a new cross-certificate or patch up Windows-7 to ignore that check.... i guess the odds of any of those two are smaller than my odds of becoming the president of Mars.
So i think, unless something happens, that we have to drop support for Windows 7.
I would suggest that we announce that this is the last version supporting Windows 7, and then remove it in the next release. We can state in the release notes that it must be signed manually (local signing), or installed using the "disable driver signing" options.
@dontech I agree with you to annonuce libusb-win32 1.2.7.3 to be the last version to support Windows 7.
I have updated the github release page. https://github.com/mcuee/libusb-win32/releases/tag/snapshot_1.2.7.3
Or probably we should re-tag it as official 1.2.7.3 release and not call it a snapshot.
@dontech
I have just upload 1.2.7.3 again to Sourceforge as a formal release and mentioned it as the last release with Windows 7 support. https://sourceforge.net/projects/libusb-win32/files/libusb-win32-releases/1.2.7.3/
1.2.7.4 snapshot release: https://sourceforge.net/projects/libusb-win32/files/libusb-win32-snapshots/20230920/ https://github.com/mcuee/libusb-win32/releases/tag/snapshot_1.2.7.4
@dontech
Interesting that I saw SHA1 signature on the 1.2.7.4 release along with SHA256 signature. Are you able to sort the issue for Windows 7? Does 1.2.7.4 work under Windows 7? Thanks.
PS C:\Program Files (x86)\Windows Kits\10\bin\10.0.22000.0\x64> .\signtool.exe verify /v /kp C:\temp\libusb-win32-bin-1.2.7.4\bin\amd64\libusb0.sys
Verifying: C:\temp\libusb-win32-bin-1.2.7.4\bin\amd64\libusb0.sys
Signature Index: 0 (Primary Signature)
Hash of file (sha256): A6D943EDAC01563EA264101EA66B80F76EBC96809A20A7A7733C33449BC4091C
Signing Certificate Chain:
Issued to: Microsoft Root Certificate Authority 2010
Issued by: Microsoft Root Certificate Authority 2010
Expires: Sun Jun 24 06:04:01 2035
SHA1 hash: 3B1EFD3A66EA28B16697394703A72CA340A05BD5
Issued to: Microsoft Windows Third Party Component CA 2014
Issued by: Microsoft Root Certificate Authority 2010
Expires: Tue Oct 16 04:41:27 2029
SHA1 hash: 1906DCF62629B563252C826FDD874EFCEB6856C6
Issued to: Microsoft Windows Hardware Compatibility Publisher
Issued by: Microsoft Windows Third Party Component CA 2014
Expires: Thu Apr 04 03:16:30 2024
SHA1 hash: FAC666005546D6BE881A31C1267717879401A950
The signature is timestamped: Wed Sep 20 09:02:45 2023
Timestamp Verified by:
Issued to: Microsoft Root Certificate Authority 2010
Issued by: Microsoft Root Certificate Authority 2010
Expires: Sun Jun 24 06:04:01 2035
SHA1 hash: 3B1EFD3A66EA28B16697394703A72CA340A05BD5
Issued to: Microsoft Time-Stamp PCA 2010
Issued by: Microsoft Root Certificate Authority 2010
Expires: Tue Oct 01 02:32:25 2030
SHA1 hash: 36056A5662DCADECF82CC14C8B80EC5E0BCC59A6
Issued to: Microsoft Time-Stamp Service
Issued by: Microsoft Time-Stamp PCA 2010
Expires: Fri Feb 02 03:12:37 2024
SHA1 hash: 315BDBA2CC6DE1118F3DB8BDAEBBE5FE986FEB75
Cross Certificate Chain:
Issued to: Microsoft Root Certificate Authority 2010
Issued by: Microsoft Root Certificate Authority 2010
Expires: Sun Jun 24 06:04:01 2035
SHA1 hash: 3B1EFD3A66EA28B16697394703A72CA340A05BD5
Issued to: Microsoft Windows Third Party Component CA 2014
Issued by: Microsoft Root Certificate Authority 2010
Expires: Tue Oct 16 04:41:27 2029
SHA1 hash: 1906DCF62629B563252C826FDD874EFCEB6856C6
Issued to: Microsoft Windows Hardware Compatibility Publisher
Issued by: Microsoft Windows Third Party Component CA 2014
Expires: Thu Apr 04 03:16:30 2024
SHA1 hash: FAC666005546D6BE881A31C1267717879401A950
Successfully verified: C:\temp\libusb-win32-bin-1.2.7.4\bin\amd64\libusb0.sys
Number of files successfully Verified: 1
Number of warnings: 0
Number of errors: 0
What do we need to complete this.
@mcuee what do you think?
I think we are almost there.
Just two minor things for the installer.
- It would be nice to sign the installer. I think it will help to make Windows a bit happy.
- Add the changelog to the installer.
After the formal release, I will create a pull request to ask Pete to include it in the next official release of libwdi/Zadig.
Currently libwdi Zadig-2.8.exe has libusb-win32 1.2.7.3 release.
- https://github.com/pbatard/libwdi/pull/282
@dontech
I can not test Windows on ARM64 as I do not have the necessary hardware. I am not so sure if you can test Windows on ARM64 or not.
There is an issue with Zadig as of now. It does not work under Windows 11 on ARM64. Power users can of course disable driver signature enforcement, but this is not a solution for normal users.
- https://github.com/pbatard/libwdi/issues/289
There is an issue with Zadig as of now. It does not work under Windows 11 on ARM64. Power users can of course disable driver signature enforcement, but this is not a solution for normal users.
No, that sort of makes it useless for regular users. However, for companies that officially re-sign the driver with their own INF file i guess it is OK.
Why does the changelog say "Much smaller binaries"? At least in the case of amd64 all binaries are larger in 1.3.0.0 than in 1.2.7.4...
Why does the changelog say "Much smaller binaries"? At least in the case of amd64 all binaries are larger in 1.3.0.0 than in 1.2.7.4...
@tormodvolden That's a really good question. At some point I noticed that the binaries were smaller when switching to EWDK. I just never checked it again.
Maybe I configured the project differently at some point. Not sure. I think its OK now, but I agree that the release note is misleading. Maybe some of the project parameters can be tweaked.
- It would be nice to sign the installer. I think it will help to make Windows a bit happy.
Done. The latest update to the script signs all EXE and DLL files with SHA1 and SHA256 signature. The SYS and DLL files then additionally get signed by microsoft.
CHANGELOG.txt now a part of the archive, and should be updated with every release.
@mcuee We are ready for release. Please confirm and I will spin and sign test release
The changelog still has the dubious "Much smaller binaries due to newer compiler" ...