* This commit effectively fixes https://www.kb.cert.org/vuls/id/403768 (CVE-2017-13083) as
it is described per its revision 11, which is the latest revision at the time of this commit,
by disabling Windows prompts, enacted during signature validation, that allow the user to
bypass the intended signature verification checks.
* It needs to be pointed out that the vulnerability ("allow(ing) the use of a self-signed
certificate"), which relies on the end-user actively ignoring a Windows prompt that tells
them that the update failed the signature validation whilst also advising against running it,
is being fully addressed, even as the update protocol remains HTTP.
* It also need to be pointed out that the extended delay (48 hours) between the time the
vulnerability was reported and the moment it is fixed in our codebase has to do with
the fact that the reporter chose to deviate from standard security practices by not
disclosing the details of the vulnerability with us, be it publicly or privately,
before creating the cert.org report. The only advance notification we received was a
generic note about the use of HTTP vs HTTPS, which, as have established, is not
immediately relevant to addressing the reported vulnerability.
* Closes#1009
* Note: The other vulnerability scenario described towards the end of #1009, which
doesn't have to do with the "lack of CA checking", will be addressed separately.
* Rufus now checks for processes with handles opened on the drives/volumes before
starting the format operation and asks the user if they want to continue.
* This mimics Windows' behaviour when formatting drives, and actually uses the
same message as the one from shell32.dll.mui.
* Closes#773
* Tooltips can only be manipulated from the same thread as the one that created their parent
* Also increase the SetLGP() timeout as this seems to be problematic
* Closes#764
* When compiled with MinGW, this was always disabled due to forcing XP as
the lowest common denominator and using #ifdefs
* This should also help with OFN_NOCHANGEDIR seemingly being ignored
* Sadly, this change also adds ~20KB to our *compressed* size... :(
* MSG_002 doesn't display in RTL
* Update Policy dialog loses RTL setting after the first paragraph
* Some text displayed in native Windows message boxes is not using RTL
(even as the Message Box itself will display the rest of the UI elements as RTL)
* Detect if the relevant language pack is installed and use MessageBoxEx to
display native message box buttons using the selected language.
* All theses issues are part of #621
* Also remove trailing whitespaces
* Since Microsoft forces our hand, we hack away into our compiled RC
resources and change dialog attributes on the fly so that:
- we can switch between LTR & RTL
- change the font for Windows XP
* Note that the base RC font has been changed to "Segoe UI Symbols"
so that it looks the same in the editor (at least for English) but
can accommodate the length required for "MS Shell Dlg"
* Fix Quick Format option overlapping boot option dropdown
* Fix vertical spacing between "Create bootable disk" and "Create extended label and icon files"
* Fix vertical spacing of progress bar in non advanced mode
* Align and resize Advanced Options button
* Align and resize Select Image button
* Fix vertical centering of Status text
* Add 64x64px icon so that the About dialog looks better at 200% size
* Ensure that focus is set back to a button after some operations
* Remove a confusing forced focus on Start after boot type dropdown selection
* Ensure that the Advanced Options and Select Image buttons have a label that
can be picked up by screen readers such as nvda
* Closes#243
* Closes#499