1
1
Fork 0
mirror of https://github.com/pbatard/rufus.git synced 2024-08-14 23:57:05 +00:00
Commit graph

2020 commits

Author SHA1 Message Date
Pete Batard
9073962faf
[wue] add automatic local account creation and regional settings duplication
* Local account is created with the same name as the current user along with an *empty* password
  (which we force the user to change on next logon). This is done to assuage users who might be
  weary of entering a password in a third party application, and has the benefit of enabling
  autologon when the install is complete.
* Note that the creation of a local account through an answer file prevents Windows 11 22H2
  from bugging users about MSA *even with an active network connection*.
* For convenience reasons, only duplication of the current username is enabled. We *may* add a
  dialog to enter any random username in a future version, but for 3.20, this is all you get.
* Likewise, the locale duplication is only carried out during OOBE and *not* WinPE (which means
  that you still get the initial "Windows setup language and user preferences" prompt). This is
  intentional as otherwise the default screen and "Repair Windows" options are not presented.
* It's not my fault that the Windows password change screen is super ill conceived, whereas it
  doesn't hide the current password field as it should when the current password is blank, and
  one needs to click on a very small arrow to get the changes applied, instead of a PROMINENT
  button that should intuitively have been positioned right next to "Cancel".
* If you want to complain that we should just "present the user with XYZ and be done with it",
  please bear in mind that we can't add new dialogs to Rufus as willy-nilly as you believe we
  can. *ANY* new UI interface requires major planning, which is the reason why, for the time
  being, we are limited to reusing a simple dissociated list of checkboxes for all WUE options.
2022-07-19 19:11:06 +01:00
Pete Batard
5117a3b4a8
[wue] fix MSA bypass not being applied unless SB/TPM or RAM/Disk bypass is also selected
* In a manner that defies logic, Microsoft designed Windows setup to parse Autounattend.xml
  for windowsPE tasks in the PE environment, but only carry out the copying of that file
  to %WINDIR%\Panther for subsequent processing with the other passes *IF* there exist an
  actual windowsPE section.
* In short, when using the Autounattend.xml method, Microsoft have made all passes there
  dependent on the existence of a windowsPE pass, regardless of whether that pass has any
  use or not.
* Working around this would be fine and all (just add an empty windowsPE pass so that the
  later passes get executed) if the absence of a windowsPE pass didn't also determine
  whether the user will be presented with the default Windows setup screens that include
  the "Repair your computer" option or a completely different set of screens (c.f. #1971).
* This means that, to keep users happy, we need to add yet another method to carry out
  tasks that should have remained the realm of boot.wim's Autounattend.xml, and instead
  create a \sources\$OEM$\$$\Panther\unattend.xml when there are no windowsPE tasks (on
  account that setup copies anything found under \sources\$OEM$\$$\ to %WINDIR%\).
  Only through this can we have the specialize and oobeSystem tasks actually carried out
  (for bypassing MSA requirements of skipping the data collection screens) while keeping
  the original Windows Setup look and feel.
* Closes #1981
2022-07-13 18:31:11 +01:00
Pete Batard
2b7b81808f
[misc] improve/factorize '/' ↔ '\' conversions 2022-07-09 18:16:42 +01:00
Pete Batard
14f19e5275
[wue] revert to inserting the bypass registry keys directly where possible
* The use of an unattend.xml to create the TPM/Secure Boot/Disk/RAM bypass keys was
  prompted by Microsoft restricting the ability of Windows Store app from manipulating
  offline registry hives.
* However, the use of a windowsPE phase in unattend.xml to insert the keys results in
  a windows command prompt briefly appearing when setup launches, as well as slightly
  different Windows setup screens from the default.
* So we are now reverting to trying to edit the boot.wim registry hive offline (which
  should work for the non Store version of Rufus) while falling back to using a PE
  unattend section if that doesn't work.
* Closes #1971
2022-07-08 18:48:02 +01:00
Pete Batard
2be4470bc5
[iso] add workaround for ISOs that have a syslinux symbolic link to isolinux
* This is for Knoppix images that have a /boot/syslinux that links to /boot/isolinux/
  with EFI Syslinux trying to use /boot/syslinux/syslnx[32|64].cfg as its config file.
* Note to Knoppix devs, you could have ensured EFI File System transposition by using
  the same approach as we do here, which is to create non-symlinked /boot/syslinux
  config files that point back to the isolinux ones.
2022-07-08 13:34:34 +01:00
Pete Batard
f17e287e39
[wue] make WUE choices persist between sessions 2022-07-07 11:22:39 +01:00
Pete Batard
d9a7a03834
[vhd] improve mounting/unmounting of WIM
* Also fix wininet not having been removed from DelayLoadDLLs except x64.
2022-07-07 11:20:30 +01:00
Pete Batard
110f4025b7
[wue] fix Windows User Experience dialog appearing twice with Windows To Go
* Issue was introduced with the fix for #1956
* Closes #1968
* Also set rufus-next to 3.20
2022-07-05 14:09:41 +01:00
Pete Batard
8fb602b8ee
[mbr] use 80x25:16 text mode rather than 640x480:16 VGA mode
* This should produce the same output while improving compatibility with systems that have a broken VGA implementation.
* Also fix an LD error with newer gcc toolchains.
2022-07-04 15:08:55 +01:00
Pete Batard
3cf41abf2e
v3.19 (Build 1911) 2022-07-01 22:42:02 +01:00
jb66
8c25bf4b69
[loc] fix typos in French translation
* Closes #1961
2022-06-30 11:27:56 +01:00
Marcos Mello
6c8432ebf6
[loc] update Brazilian Portuguese translation to latest
* Closes #1948
2022-06-28 00:16:50 +01:00
Thomas Schmitt
ae377ae8ca
[iso] fix support for multi-extent files when Joliet is in use
* See https://lists.gnu.org/archive/html/libcdio-devel/2022-06/msg00000.html
* This partially fixes ISO mode support for Gentoo Live, though, since the Gentoo
  maintainers appear not to have a kernel NTFS driver in the current images, the
  installer still fails to mount the installation media.
2022-06-27 20:42:41 +01:00
Pete Batard
d457a0bafe
[ui] fix Windows 11 customization options not appearing with MBR
* Fixes #1956
2022-06-25 15:39:05 +01:00
Pete Batard
65f05f4d58
[loc] update French translation to latest
* Also update ChangeLog for Rufus 3.19 BETA
2022-06-24 18:32:49 +01:00
Pete Batard
e043a49fa7
[ui] add option to set internal drives offline for Windows 11 To Go
* This is enabled by default for Windows 11 images and is done to prevent the
  annoying behaviour of Windows 11 *automatically* upgrading all ReFS drives
  it sees to latest version, thereby instantly preventing you from accessing
  these drives ever again with Windows 10.
* See: https://gist.github.com/0xbadfca11/da0598e47dd643d933dc#Mountability.
2022-06-24 17:47:08 +01:00
Pete Batard
a25af06b3c
[ui] drop the option to remove the "unsupported hardware" watermark
* I've never seen that watermark in the first place, therefore can't test if the option is
  working, and, as opposed to the other options, users can deal with it post install anyway.
* Also ensure that we prompt for customization when selecting an install.wim.
2022-06-24 14:27:02 +01:00
dependabot[bot]
7391b342db
[misc] update dependabot dependencies
* Closes #1952
* Closes #1953
2022-06-23 14:26:39 +01:00
Pete Batard
43761aba43
[misc] add dependabot.yml 2022-06-23 14:17:40 +01:00
Pete Batard
d0844bfc70
[misc] minor update to pollock
* Also reinstate CodeQL since github/codeql-action#850 is supposed to be fixed.
* Also fix a false Coverity warning.
2022-06-23 14:05:52 +01:00
Pete Batard
a0d669232c
[ui] add a new selection dialog for Windows 11 setup customization
* This moves the extended Windows 11 options (bypass TPM & Secure Boot) away from
  "Image options" into a new explicit dialog, along with supplementary customization
  such as enabling offline account (for Windows 11 22H2) and skipping all data
  collection questions.
* This customization is now enacted through an unattend.xml file rather than offline
  registry manipulation, so that this *should* also work with the Windows Store version.
* Also update arch detection and rework/reorganize upcoming translation changes.
* Note: The 'Remove "unsupported hardware" desktop watermark' option is *UNTESTED*.
2022-06-23 13:34:24 +01:00
Pete Batard
9690742d91
[ui] extend SelectionDialog() to support checkbox selection 2022-06-20 13:47:43 +01:00
Pete Batard
a9a97b6f10
[efi] update UEFI:NTFS's NTFS drivers to latest
* Now uses read-only NTFS drivers v1.3 from https://github.com/pbatard/ntfs-3g.
* Like previous ones, aa64, ia32 and x64 versions are Secure Boot signed (but not arm).
* Fixes the recent potential vulnerabilities found in https://github.com/tuxera/ntfs-3g.
* Note that we have asked Microsoft to add the previous signed NTFS drivers to the UEFI
  Revocation List, even as we believe that the ntfs-3g vulnerabilities are not exploitable
  in the limited context of UEFI:NTFS.
2022-06-16 11:54:00 +01:00
Pete Batard
cd9d3737b1
[core] add the ability to ignore USBs through VID:PID
* This enables the provision of Registry/Settings key IgnoreUsb01 to IgnoreUsb08 where
  one can specify a USB device to ignore by providing its VID:PID as a 32-bit hex value.
* Closes #1879.
* Also update rufus.ini sample for current Rufus version.
* Also fix status display for Alt-Q.
2022-06-14 23:29:33 +01:00
Pete Batard
d8af83dd14
[core] use Linux Data GUID for ext GPT partitions
* Also add an IS_EXT() macro
2022-06-08 19:37:24 +01:00
Pete Batard
c2cd5185a3
[iso] enforce DD mode for Proxmox ISOHybrid images 2022-06-07 16:39:03 +01:00
Maison
df5cfe94c1
[loc] update Brazilian Portuguese translation
* Closes #1940
2022-06-07 16:30:00 +01:00
Marcos Mello
591bec3cbe
[iso] add versions 9.x for Red Hat derivative exceptions
* Closes #1943
2022-06-07 16:19:47 +01:00
Pete Batard
746f91acc7
[core] work around Windows refusing to mount Linux MBR partitions on FIXED drives
* Fixes #1922.
* Also fix a typo and apply minor updates for GitHub Actions workflows.
2022-05-31 16:30:19 +01:00
Pete Batard
c76327f96e
[ui] list drives by increasing order of size
* Also silence MSVC and MinGW obnoxious warnings about bidirectional Unicode characters.
2022-05-25 13:22:47 +01:00
Pete Batard
1dcfd69dee
[ext2fs] return a more explicit error on directory corruption 2022-05-14 10:19:36 +02:00
Pete Batard
4cdbad283a
[loc] update Polish translation
* Closes #1916
* Also removes wininet.dll from MSVC vcxproj.
2022-05-02 11:21:16 +01:00
Pete Batard
cc293c0512
[core] add exception for LaCie XtremKey USB 3.0
* Closes #1912
2022-04-27 11:36:59 +01:00
Pete Batard
a3c75e480e
[core] revert to direct-hooking into wininet.dll
* This reverts 3194a4dac4 on account that MinGW's delay loading of
  wininet.dll causes the application to prematurely close.
* Yet another episode of the never ending #1877 saga...
2022-04-27 10:41:19 +01:00
Vlad
48574f10d6
[loc] update Ukrainian translation
* This fixes multibyte indexes
* Closes #1908
2022-04-26 00:00:32 +01:00
Pete Batard
f5abae6442
[core] fix Boot selection dropdown not being reset on unsupported images
* Closes #1903
2022-04-15 11:43:22 +01:00
Pete Batard
d029551929
[core] drop direct hooking into dwmapi DLL and use delay-loading instead
* Now that we can delay-load DLLs for both MinGW and MSVC, we can also remove
  the direct DLL hook that was added into dwmapi.dll due to side loading and
  revert to using a direct API call instead.
* This reverts part of e1d864f755.
* Also attempt to silence that damn Coverity warning.
2022-04-12 13:55:33 +01:00
Pete Batard
3194a4dac4
[net] drop direct hooking into wininet DLL and use delay-loading instead
* Now that we can delay-load DLLs for both MinGW and MSVC, we can remove the
  cumbersome direct DLL hooks into wininet.dll (which is vulnerable to side
  loading when not delay-loaded) and revert to using direct API calls instead.
* This reverts part of e1d864f755.
* Also attempt to silence a Coverity warning.
2022-04-12 13:35:41 +01:00
Pete Batard
e7b66e7e4c
[mingw] use delay loading for DLLs that are subject to side loading
* This reverts much of commits f6ac559f4d and 1947266837
  so that we call the Windows APIs directly again, while ensuring that, by the time we load the DLLs,
  sideloading mitigation has already been applied by the application.
* This is a continuation of #1877, and should help prevent re-introducing side-loading issues when we
  link against new libraries, as well as allow us to drop some of the manual DLL hooking we've been
  doing to prevent it, to clean up the code.
* Note that this is a bit more complex than what the stackoverflow post suggests, because we need to
  create delayloaded libs for both 32-bit and 64-bit, which use a different calling convention and
  therefore need to use different .def files. So there's a lot of gymkhana involved, with Makefiles
  and whatnot, to get us there.
* Also simplify the use of CM_Get_DevNode_Registry_PropertyA() in dev.c since recent versions of
  MinGW now have support for it.
* Also fix 2 small issues in net.c (potential overflow) and format.c (memory leak).
2022-04-12 11:09:59 +01:00
Pete Batard
3528ca773d
[iso] add support for distros using a NONSTANDARD GRUB 2.0 prefix directory
* Looking at you, openSUSE Live and GeckoLinux!
2022-04-07 01:58:22 +01:00
Pete Batard
f669f05403
[iso] add ISOHybrid "CD" partition and ISO9660 file system detection
* Notably for openSUSE-Leap-15.3-XFCE-Live-x86_64-Build9.427-Media.iso
2022-04-05 18:31:03 +01:00
Dinis Medeiros
50d81af6cf
[loc] update Portuguese translation
* Add MSG_322, 323, 324
* Closes #1886
2022-04-01 13:03:59 +01:00
Pete Batard
8ec570570f
[core] reassign a letter for drives written in DD mode that don't have an ESP
* This should help with the CoreELEC usage case described in #1842
* Also add MBR handling for ESP ↔ FAT cheat mode (Alt-P)
* Also set rufus-next to 3.19
2022-03-24 17:24:39 +00:00
Pete Batard
0de209ee53
v3.18 (Build 1877)
* Formally disable Windows 11 bypass for Windows 7 and AppStore version since it can't be applied.
2022-03-11 16:51:59 +00:00
Pete Batard
1947266837
[pki] don't link with wintrust.lib
* WinTrust.lib is responsible for the MSASN1.dll sideloading issue described in #1877,
  so, since we only use it for WinVerifyTrustEx(), hook into that function manually.
* Closes #1877 for the MinGW side.
* Note that we will probably try to use the method suggested by @assarbad and documented at
  https://stackoverflow.com/questions/1851267/mingw-gcc-delay-loaded-dll-equivalent/70416894#70416894
  to try to put an end to the problem of DLL side loading.
2022-03-03 17:41:43 +00:00
Pete Batard
d07ec87b3a
[mingw] fix compilation breakage due to MinGW header screwup
* See https://github.com/pbatard/rufus/actions/runs/1900092904
* Guys, I know VDS is fundamentally broken... but that's no reason to break it further!
2022-02-28 22:00:41 +00:00
Pete Batard
cef651c52c
[msvc] actually apply DLL delay loading to the Release builds
* ef2ff7179d was supposed to apply delay loading to our DLLs, for all MSVC builds,
  thereby preventing sideloading attacks, but the patch actually only set the DelayLoadDLLs
  property for Debug builds and not Release builds, with the result that side loading could
  still be triggered for the Release executables, as demonstrated in #1877.
* This patch therefore properly sets the DelayLoadDLLs for all builds, which should take care
  of the side loading vulnerability at least for MSVC executables.
* A subsequent patch will still be needed for MinGW, since there is no equivalent to DelayLoadDLLs.
* This addresses part of #1877.
2022-02-25 18:05:49 +00:00
Pete Batard
42483d23ed
[dos] update FreeDOS to version 1.3
* FreeDOS 1.3 has just been released. Yay! :)
* Closes #1740
* Also addresses 2 warnings reported by Coverity.
2022-02-21 20:02:53 +00:00
Pete Batard
89db56acbc
[net] add fallback to InternetGetConnectedState() when INetworkListManager service dependencies are missing
* INetworkListManager appears to depend on specific services to be able to work,
  which one can actually disable while still getting full Internet connectivity.
* If that is the case, HRESULT_FROM_WIN32(ERROR_SERVICE_DEPENDENCY_FAIL) will be
  returned, therefore we add a fallback to using InternetGetConnectedState(), which
  does not have such dependencies (but has other limitations per b2492908be)
  when we detect a dependency error.
* Also take this opportunity to switch to using INetworkListManager::get_IsConnectedToInternet().
* Also fix Coverity breakage due to Synopsys having upgraded their toolchain.
* Closes #1801
2022-02-18 17:18:34 +00:00
Pete Batard
209fb18b1c
[iso] add bypass of Windows 11 restrictions for in-place upgrades 2022-02-16 17:25:43 +00:00