1
1
Fork 0
mirror of https://github.com/pbatard/rufus.git synced 2026-07-09 06:55:39 +00:00
Commit graph

2,314 commits

Author SHA1 Message Date
Pete Batard
cac828621a
Rufus 4.12 (Build 2314) v4.12
* Restore credits for Korean translators, that were removed by mistake.
2026-01-30 13:08:10 +00:00
Pete Batard
fb9dd17fe6
Fix a Coverity warning
* Also harmonize / improve code readability.
2026-01-22 18:31:17 +00:00
Pete Batard
460cc5768a
[net] fix local privilege escalation via TOCTOU race condition in Fido script handling (CVE-2026-23988)
* Because PowerShell forces us to close the script we downloaded prior to execution, it is possible for a
  malicious background process (running unprivileged, as the same user that launches Rufus) to replace the
  Fido script after we downloaded and validated it, but before we actually execute the PowerShell command
  to run it.
* See https://github.com/pbatard/rufus/security/advisories/GHSA-hcx5-hrhj-xhq9, which led to CVE-2026-23988.
* To mitigate this, we now use a security descriptor, to force the script to be saved with Administrator
  and System access only so that an unprivileged user process does not have the capability to replace it
  before execution.
* Issue discovered and responsibly disclosed by @independent-arg.
* Fix also suggested by @independent-arg.
2026-01-22 18:23:20 +00:00
Pete Batard
de12649c99
[core] add hash validation for diskcopy.dll and oscdimg.exe usage
* Whereas their location in AppData should prevent other users from replacing these files,
  it is still possible for an unprivileged app ran by the same user to alter them after
  they have been downloaded.
* To prevent this (as well as more elaborate TOCTOUs on these specific files) we now open
  a read-only handle (with *no* file sharing rights), then validate the SHA256 hash (since
  these files are known at the time of compilation) and only once validated (but without
  relinquishing the exclusive handle) run or access the content of the file.
* Also add an arch suffix to the oscdimg.exe, so that we don't run into a situation where
  x86 and x64 Rufus may complain about a previously downloaded exe.
* Also improve error handling from SaveImage() and fully qualify the dism.exe calls.
2026-01-17 16:30:36 +00:00
Pete Batard
6e5bd4424f
[hash] add FileMatchesHash() and BufferMatchedHash() calls
* Also improve our hex string conversion function and make it public.
2026-01-17 16:30:33 +00:00
Pete Batard
913fd56fb5
[process] don't report read-only access from explorer.exe in potentially conflicting processes 2026-01-17 15:15:22 +00:00
Pete Batard
06c2924296
[dev] filter out the new Bitdefender VHDs
* It appears that Bitdefender now mounts a 32 MB VHD on the system where it is installed, so filter it out.
* For reference, this is how it is otherwise detected by Rufus:
Found VHD device 'Microsoft Virtual Disk'
Disk type: FIXED, Disk size: 33 MB, Sector size: 512 bytes
Cylinders: 4, Tracks per cylinder: 255, Sectors per track: 63
Partition type: GPT, NB Partitions: 1
Disk GUID: {3A182634-ECAF-4D9C-9CE0-9E61EC7A093A}
Max parts: 128, Start Offset: 17408, Usable = 33520128 bytes
Partition 1:
  Type: Microsoft Basic Data Partition
  Name: 'Bitdefender Partition'
  Detected File System: NTFS
  ID: {BA5FBC33-B5DD-4468-B9FB-349269EF43B8}
  Size: 31.9 MB (33488896 bytes)
  Start Sector: 64, Attributes: 0x8000000000000001
2026-01-15 18:21:05 +00:00
Pete Batard
1efb25b06b
[iso] fix Rufus saving images as FFU instead of ISO, when FFU is not supported
* Our image type selection forgot to shift the actual type to ISO when FFU is not supported,
  leading to dism being invoked instead of oscdimg.
* Closes #2889.
* Also make sure the UDF label is no more than 32 characters.
* Also increase the oscdimg.exe commandline size as 256 characters may not be enough with long paths.
* Also try to report 'oscdimg.exe` errors in the log instead of silencing them.
* Also fix devices with (non-USB-compliant) VID 0000 being ignored by default.
2026-01-14 23:38:14 +00:00
Pete Batard
46f9c9ec60
[process] improve the process search
* Factorise the PROCESS_BASIC_INFORMATION for 32 and 64 bit.
* Add a (currently unused) GetPPID() function.
* Increase the size of the buffer for reporting processes and their parameters.
* Don't report stale/killed processes in our main process conflict report.
2026-01-14 23:28:11 +00:00
Fabrice
385cb93744
[loc] update French translation
* Closes #2887.
2026-01-12 12:24:41 +00:00
Pete Batard
2476a92d70
[dev] try to support non USB compliant devices that use VID 0000
* This is meant to address #2894.
* Also update copyright year.
2026-01-12 12:21:11 +00:00
Pete Batard
79b0425c57
[dev] Increase the Hardware ID buffer size
* Some (newer) SSD devices appear to have very long Hardware IDs, with tons of underscore
  (eg: "SCSI\DiskNVMe______________________________NVME_SSD_512GBS1111H0L")
* Because of this, and because Hardware ID is a REG_SZ, where entries can be repeated many
  times, our static MAX_PATH buffer can be too small, preventing UAS disks from being
  properly listed.
* Fix this by bumping our buffer to 4 KB, as well as reporting errors on Hardware ID fetch
  in enum debug mode.
* Closes #2894.
2026-01-11 11:45:15 +00:00
Pete Batard
2fa14b0d45
[iso] fix logic for Nutanix workaround
* 1a4175891b added a workaround for the Nutanix GRUB situation, but we forgot an extra file system check.
* Closes #2884.
2025-12-22 14:02:06 +00:00
Pete Batard
3607f5cec8
[iso] add a workaround for umbrelOS ISOs
* The folks at umbrelOS seem to have mastered their ISO in a way where the /usr/lib/systemd/system/system-systemd/ directory
  is not declared (or not declared with attribute _STAT_DIR) on the ISO-9660 file system, which results in Rufus producing an
  error when trying to create the /usr/lib/systemd/system/system-systemd/x2dcryptsetup.slice file.
* To fix this, add a workaround to create missing directories if we encounter ERROR_PATH_NOT_FOUND during ISO-9660 extraction.
2025-12-20 23:19:39 +00:00
Pete Batard
fec6051000
[wue] filter disallowed characters in local account names
* Per https://learn.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/microsoft-windows-shell-setup-useraccounts-localaccounts-localaccount-name
* Also add 'NONE' to the list of prohibited local account names, and add '.' to the list of disallowed characters based on user report.
* Also update actions/upload-artifact to latest.
* Closes #2878.
* Closes #2879.
2025-12-20 13:36:06 +00:00
Martin Kuschnik
be95fd0e00
[core] improve Microsoft Dev Drive detection
* The `IsMsDevDrive` function is refactored to use the `FSCTL_QUERY_PERSISTENT_VOLUME_STATE` control code
  for detecting Microsoft Dev Drives.
  This replaces the previous approach of analyzing drive layout which was not always correct.
* Closes #2873.
2025-12-18 16:41:14 +00:00
Pete Batard
a8c745d2a9
[internal] do not UPX compress the appstore executables
* UPX compressing exes makes it impossible to reference the PDB when debugging
  which means that, ever since we switched to using the MSVC executables for
  both standalone and appstore in 4adfa4f37e the
  appstore dumps we get on crashes have become basically unusable for debug :(
* We therefore revert to producing non UPX compressed executable for MSVC by
  default, so that we can resume investigating appstore crashes on next release.
* At the same time, on release builds, we add new UPX compressed executables to
  the GitHub Actions artifacts.
* Also update actions/checkout to v6 and close #2868.
2025-11-26 22:43:12 +00:00
Pete Batard
6a7fb939d5
[efi] update UEFI:NTFS to latest
* This improves the error message on arch mismatch, since this appears to be a common user mistake.
* Also fix a handful of MinGW warnings.
2025-11-20 13:07:40 +00:00
Valdemar
c4d6a00c28
[loc] fix typos in Russian translation
* Closes #2859.
2025-11-12 17:42:34 +00:00
Mr-Update
2af24e460e
[loc] fix typos and improve German translation
* Also remove typos in English .loc comments and MSG_355 that's a duplicate of MSG_036.
* Closes #2851.
2025-11-12 17:34:53 +00:00
Grant
b2fd426028
[misc] correct the spelling of 'zstd' in ChangeLog.txt
* Closes #2860.
2025-11-12 17:19:39 +00:00
dependabot[bot]
d755303a10
[internal] bump actions/upload-artifact from 4 to 5
* Closes #2847.
2025-11-12 17:18:27 +00:00
Pete Batard
9d074f8591
[core] strengthen the pre-formatting partition cleanup code
* This aims at reducing errors with Windows and other apps trying to keep a hook into
  existing ESPs and other partitions, thereby causing access errors.
* This is expected to potentially help with #2776 and similar issues.
* Closes #2776.
2025-11-12 17:16:05 +00:00
Pete Batard
6629ef0941
[wue] fix wimlib not being able to modify boot.wim's larger than 2 GB
* Thank the C standard for choosing not to "standardize" the size of long (as
  one would rightfully expect from a *standard*) and instead going for a
  "should be at least" super vague definition, that led to lseek() on Windows
  and UNIX effectively using different offset sizes, and programmers everywhere
  getting bitten when taking a UNIX codebase and porting it to Windows...
* Closes #2837.
2025-10-20 13:44:33 +01:00
Pete Batard
af58b1cecd
[dbx] update DBXs to latest
* Also add 1% to projected size due to user-reported "no space on disk"
  errors when using Windows 11 25H2 against 8 "GB" UFDs.
2025-10-16 17:52:04 +01:00
Pete Batard
05526d4e6a
[iso] improve error reporting on ISO extraction issues
* Also disable NTFS cluster size that no longer work in recent versions of Windows.
2025-10-16 14:03:13 +01:00
Pete Batard
920a4c5c90
[ui] persist the toggle dark mode setting
* Note that if you use this toggle even once, then you will no longer be able to use
  system settings to toggle Dark Mode, unless you *MANUALLY* delete the registry key.
* Closes #2821.
* Also update github/codeql-action to v4.
* Closes #2833.
2025-10-14 13:22:59 +01:00
Pete Batard
90370405ad
[iso] disable splitting for ESDs
* Closes #2823.
* Also silence a MinGW warning in stdlg.c.
2025-10-13 16:48:43 +01:00
Pete Batard
fda1362eb0
[iso] fix saving to an ISO path that contains spaces
* Closes #2829.
* Also set rufus-next to 4.12.
2025-10-11 16:54:51 +01:00
Pete Batard
10694ae42e
Rufus 4.11 (Build 2285) v4.11
* Alter the WUE CA 2023 option text and remove duplicate translation for "ISO Image".
* Force cache-only when invoking CertGetCertificateChain (This should address #2781).
2025-10-02 17:53:22 +01:00
Pete Batard
56b4b9f249
[dbx] update SBAT/SVN to latest and improve reporting
* Explicitly report the SVN/SBAT number comparison in the log.
* Also don't perform revocation checks on unsigned bootloaders.
* Also add provision for CRLF handling when parsing our remote SBAT.
2025-10-01 13:08:58 +01:00
Pete Batard
2a8c066b72
[core] fix an application crash when the platform has a missing/failed dynamic disk
* With massive thanks to @amoki455 for helping figure that one out!
* Closes #2794.
* Also make sure we release pDisk on all conditions.
2025-10-01 11:42:25 +01:00
Pete Batard
bb11c037d7
[ui] add Ctrl-Alt-D cheat mode to toggle between Dark Mode and Light Mode
* Closes #2814.
2025-09-30 18:42:25 +01:00
Pete Batard
0de4db13d8
[ui] fix some GRUB/Syslinux downloads popups only showing a 'Close' button
* Because of Dark Mode support, and the fact that Microsoft does not offer system
  dialogs that support Dark Mode (even the more "modern" Task Dialog is a joke in
  that respect, with people having to resort to using detours to fix this massive
  letdown from Microsoft. See https://github.com/SFTRS/DarkTaskDialog), we had to
  switch to use our own custom dialogs instead of using MessageBox().
* And of course, since we had to recreate the whole smorgasbord of what Microsoft
  offers in terms of button configuration, it's unsurprising that we forgot to add
  support for one conf (MB_YESNOCANCEL) that some of the download prompts use.
* Closes #2813.
2025-09-26 13:50:12 +01:00
Pete Batard
6a1c2b4087
[wue] fix assert being triggered when using the CA 2023 option on its own...
...or with an option that doesn't require poking into boot.wim.

* Closes #2815.
* Also report the use of the CA 2023 option in the log.
* Also set rufus-next to 4.11.
2025-09-26 13:38:59 +01:00
Pete Batard
1c201cc01f
Rufus 4.10 (Build 2279) v4.10
* Improve persistence support for Linux Mint.
* Closes #2807.
* Also fix the Swedish translation.
2025-09-24 12:26:56 +01:00
Pete Batard
329e9705e2
[wue] remove an unneeded condition
* Also update ChangeLog.txt for BETA.
2025-09-10 13:30:08 +01:00
VenusGirl❤
3619bad538
[loc] update Korean translation
* Closes #2792.
2025-09-10 13:06:25 +01:00
Pete Batard
1740def709
[wue] finally add a working WUE option for creating Windows CA 2023 compatible installation media
* Requires Windows 11 25H2 or later.
2025-09-10 11:55:29 +01:00
Pete Batard
3ec2ac3aab
[vhd] fix no error being reported back when there's an issue with saving to VHD
* Closes #2799.
* Also fix some more Coverity warnings.
2025-09-08 13:45:58 +01:00
Pete Batard
10fc6727da
[ui] Use our own Dark Mode compatible Notification() instead of MessageBox()
* Also fix return values for Notification() and add MB_ABORTRETRYIGNORE support.
* Also fix one last Coverity warning with size_t and printf.
2025-09-05 20:06:07 +01:00
Pete Batard
7b8ddbe3ec
[ui] improve notification dialog handling
* Use MessageBox()'s MB_ constants instead of redefining our own.
* Fix the *BROKEN* 200% scaling that Microsoft uses for warnings, that includes a pixel
  that should have been set to transparent but that instead was set to white.
* This'll allow us to switch to using our Dark Mode compatible notifications dialogs in
  a future commit, instead of relying on the non Dark Mode compatible MessageBox().
2025-09-03 20:51:53 +01:00
Pete Batard
99c04a9f46
[misc] fix various printf issues
* Also bump actions/checkout to v5.
* Closes #2791.
2025-09-03 11:32:12 +01:00
ozone10
8ec08c1f9e
[ui ] fix broken dark mode on old Windows 10 builds
* Closes #2780.
* Closes #2766.
2025-07-29 17:57:36 +01:00
Kazkans
00f7bd193f
[vhd] return an error if there is not enough space on disk to save VHD/VHDX
* Closes #2779.
2025-07-29 16:52:21 +01:00
Pete Batard
e43d6bbc8a
[core] fix crash when trying to open a Windows ISO with a very long path
* The current wimlib code makes repeated attempts to close stdin (0) on cleanup when a WIM cannot
  be opened, which doesn't sit too well with MSFT's _close() as it invokes an invalid parameter
  exception handler that can make the application crash...
* This may happen when we try to open the WIM from an ISO that has been truncated because it
  resides on a path that is longer than MAX_PATH on account that wimlib repeatedly attempts to
  close the phantom stdin fd's it sees assigned to its internal (and unused) WIMStruct after it
  errors out on trying to open the image.
* So we declare stdin as invalid for use with Visual Studio compiled apps.
* For good measure we also increase the size of the string arrays we used for WIM paths to 1024
  UTF-8 characters, and add explicit asserts in case we have to truncate these paths (since we
  are quite curious about real-life scenarios where people need paths longer than 1024).
* Closes #2777.
* Also improve the safe_strcp() and safe_sprintf() macros and fix some unwarranted "Command was
  terminated by user" messages introduced in commit ea01cd41c0.
2025-07-25 17:52:42 +01:00
Pete Batard
c93793092a
[internal] rename the if_not_assert() macro to a more explicit if_assert_fails()
* Also add a new if_assert_succeeds() macro.
2025-07-25 14:56:22 +01:00
Pete Batard
1a4175891b
[iso] fix a situation where no file system might be proposed in ISO mode
* The Nutanix phoenix.x86_64-fnd_5.6.1_patch-aos_6.8.1_ga.iso contains a GRUB bootloader that somehow stripped
  the 'fshelp' source string from the fat module, and therefore prevents Rufus from detecting that FAT32 support
  is available.
* As a result, since NTFS is also not supported, no file system able to be selected by the user for ISO mode,
  and the media creation process fails with "Could Not Partition Drive".
* Fix this by only disabling FAT32 in ISO mode if NTFS is available, and producing a warning in the log if we
  have to forcefully enable FAT32 even if we didn't detect FAT32 compatibility.
* Closes #2769.
* Also add the setup wrapper binaries produced from previous commit and harmonise the casing of WARNING messages.
2025-07-16 14:07:24 +01:00
Pete Batard
3bbdd6624e
[wue] cd to wrapper directory before looking for setup.dll
* Closes #2757.
2025-07-10 10:52:17 +01:00
Pete Batard
c6a85b09ae
[ui] fix wrong colour for disabled text in dark mode
* Closes #2764.
* Also fix signature not being properly applied to MinGW GitHub Actions ALPHA builds.
2025-07-03 22:28:42 +02:00