* If, for example, you have a truncated gz-compressed file and try to
write it to disk, bled_uncompress_with_handles() will return an error.
Previously, this was not reported back to the user.
* Closes#1040
* Add timestamp processing for nested signature and check for anomalous differences
* Also prevent attack scenarios that may attempt to leverage multiple nested signatures or countersigners
* Simplify code by using CryptDecodeObjectEx/WinVerifyTrustEx and improve timestamp reporting
* This commit effectively fixes https://www.kb.cert.org/vuls/id/403768 (CVE-2017-13083) as
it is described per its revision 11, which is the latest revision at the time of this commit,
by disabling Windows prompts, enacted during signature validation, that allow the user to
bypass the intended signature verification checks.
* It needs to be pointed out that the vulnerability ("allow(ing) the use of a self-signed
certificate"), which relies on the end-user actively ignoring a Windows prompt that tells
them that the update failed the signature validation whilst also advising against running it,
is being fully addressed, even as the update protocol remains HTTP.
* It also need to be pointed out that the extended delay (48 hours) between the time the
vulnerability was reported and the moment it is fixed in our codebase has to do with
the fact that the reporter chose to deviate from standard security practices by not
disclosing the details of the vulnerability with us, be it publicly or privately,
before creating the cert.org report. The only advance notification we received was a
generic note about the use of HTTP vs HTTPS, which, as have established, is not
immediately relevant to addressing the reported vulnerability.
* Closes#1009
* Note: The other vulnerability scenario described towards the end of #1009, which
doesn't have to do with the "lack of CA checking", will be addressed separately.
* Introduced in 369a392af0 because, of course when Microsoft has a
call that goes (###, param1, param2) they define a macro for it that goes (param2, param1)...
* Required to support Debian Live 9.1 in ISO mode
* Note that this only works if the efi.img boot files do not require
additional content besides the one extracted from the ISO.
Pete Batard
ip_gpu
embar-
Will Thompson
jzeferino
Andrea Wood
Roberto Pino
Ino-Bagaric
Feras n
Na Jiyoun
Jeroen Sack
Zia Azimi
Nikolaos Margaritis
Martin Kubánik
Krasimir Newenow