Permalink
Commits on Feb 14, 2018
Commits on Dec 24, 2017
  1. [loc] improve Japanese Translation

    ryo-a authored and pbatard committed Dec 23, 2017
    * Closes #1075
Commits on Dec 6, 2017
  1. [loc] update Brazilian Portuguese translation

    trinaldi authored and pbatard committed Dec 6, 2017
    * Closes #1067
  2. [loc] update Norwegian translation

    The2rB authored and pbatard committed Dec 1, 2017
    * Closes #1063
Commits on Nov 20, 2017
Commits on Nov 17, 2017
  1. [misc] fix SDK path

    pbatard committed Nov 17, 2017
Commits on Nov 13, 2017
Commits on Nov 11, 2017
Commits on Nov 7, 2017
  1. v2.18 (build 1213)

    pbatard committed Nov 7, 2017
Commits on Nov 3, 2017
  1. [arm] add Visual Studio ARM64 compilation support

    pbatard committed Nov 3, 2017
    * Windows 10 ARM users *WILL* be able to run Rufus natively
      the very same day they got their new device!
Commits on Nov 2, 2017
Commits on Nov 1, 2017
  1. [iso] make the lookup for updatable .cfg file more generic

    pbatard committed Nov 1, 2017
    * For ESET and other ISOs, such as Arch derivatives
    * Closes #1013
Commits on Oct 28, 2017
  1. [misc] fix a potential resource leak

    ip-gpu authored and pbatard committed Oct 27, 2017
    * IsFontAvailable() could exit without releasing its 'hDC' handle resulting in a resource leak
    * Fix V773 from PSV-Studio
    * Closes #1050
Commits on Oct 23, 2017
Commits on Oct 13, 2017
  1. [loc] update Lithuanian translation

    embar- authored and pbatard committed Sep 9, 2017
    * Closes #1034
  2. [cmp] propagate decompression errors from bled

    wjt authored and pbatard committed Oct 12, 2017
    * If, for example, you have a truncated gz-compressed file and try to
      write it to disk, bled_uncompress_with_handles() will return an error.
      Previously, this was not reported back to the user.
    * Closes #1040
Commits on Oct 3, 2017
  1. [loc] fix some Portuguese (Portugal) translation

    jzeferino authored and pbatard committed Oct 2, 2017
    * Closes #1032
Commits on Sep 28, 2017
  1. [loc] update Danish translation to latest

    Andrea Wood authored and pbatard committed Sep 28, 2017
Commits on Sep 15, 2017
  1. [core] add a cheat mode to reset the current USB device (cycle port)

    pbatard committed Sep 15, 2017
    * Will not work on Vista, Windows 7 or Server 2008
    * Also update Windows version info
Commits on Sep 14, 2017
  1. [misc] fix VS2017 code analysis warnings

    pbatard committed Sep 14, 2017
    * Also set rufus-next to 2.18
Commits on Sep 12, 2017
  1. v2.17 (build 1198)

    pbatard committed Sep 12, 2017
Commits on Sep 11, 2017
  1. [iso] add a warning for unsupported multi-extent ISO-9660 files

    pbatard committed Sep 11, 2017
    * This is related to issue #1007, which libcdio still needs to fix.
  2. [pki] add country code validation on signature check

    pbatard committed Sep 11, 2017
    * Also validate against the CN rather than the simple name, and require an exact match
Commits on Sep 8, 2017
  1. [loc] update Dutch translation to latest

    rcpa authored and pbatard committed Sep 8, 2017
  2. [misc] display image and disk size in the log

    pbatard committed Sep 8, 2017
    * Also fix 2 Coverity warnings
    * Also remove unneeded LFs in drive.c
Commits on Sep 6, 2017
  1. [core] allow the use of A: and B: as drive letters and fix in-use det…

    pbatard committed Sep 6, 2017
    …ection for Z:
    
    * Closes #1016
    * Also expand support for Arch Linux derivatives Syslinux config files
Commits on Sep 5, 2017
Commits on Sep 4, 2017
  1. [pki] improve ASN.1 parser

    pbatard committed Sep 4, 2017
    * Enable search from OIDs expressed as strings and ignore non UNIVERSAL classes
Commits on Sep 3, 2017
  1. [pki] timestamp validation improvements

    pbatard committed Sep 3, 2017
    * Add timestamp processing for nested signature and check for anomalous differences
    * Also prevent attack scenarios that may attempt to leverage multiple nested signatures or countersigners
    * Simplify code by using CryptDecodeObjectEx/WinVerifyTrustEx and improve timestamp reporting
Commits on Sep 2, 2017
  1. [pki] check timestamp chronology during update validation

    pbatard committed Sep 1, 2017
    * Done to address the second "vulnerability" proposed in #1009, independently
      of the protocol used.
Commits on Aug 31, 2017
  1. [pki] fix https://www.kb.cert.org/vuls/id/403768

    pbatard committed Aug 31, 2017
    * This commit effectively fixes https://www.kb.cert.org/vuls/id/403768 (CVE-2017-13083) as
      it is described per its revision 11, which is the latest revision at the time of this commit,
      by disabling Windows prompts, enacted during signature validation, that allow the user to
      bypass the intended signature verification checks.
    * It needs to be pointed out that the vulnerability ("allow(ing) the use of a self-signed
      certificate"), which relies on the end-user actively ignoring a Windows prompt that tells
      them that the update failed the signature validation whilst also advising against running it,
      is being fully addressed, even as the update protocol remains HTTP.
    * It also need to be pointed out that the extended delay (48 hours) between the time the
      vulnerability was reported and the moment it is fixed in our codebase has to do with
      the fact that the reporter chose to deviate from standard security practices by not
      disclosing the details of the vulnerability with us, be it publicly or privately,
      before creating the cert.org report. The only advance notification we received was a
      generic note about the use of HTTP vs HTTPS, which, as have established, is not
      immediately relevant to addressing the reported vulnerability.
    * Closes #1009
    * Note: The other vulnerability scenario described towards the end of #1009, which
      doesn't have to do with the "lack of CA checking", will be addressed separately.