* The Nutanix phoenix.x86_64-fnd_5.6.1_patch-aos_6.8.1_ga.iso contains a GRUB bootloader that somehow stripped
the 'fshelp' source string from the fat module, and therefore prevents Rufus from detecting that FAT32 support
is available.
* As a result, since NTFS is also not supported, no file system able to be selected by the user for ISO mode,
and the media creation process fails with "Could Not Partition Drive".
* Fix this by only disabling FAT32 in ISO mode if NTFS is available, and producing a warning in the log if we
have to forcefully enable FAT32 even if we didn't detect FAT32 compatibility.
* Closes#2769.
* Also add the setup wrapper binaries produced from previous commit and harmonise the casing of WARNING messages.
* Requires the download of oscdimg.exe, courtesy of Microsoft's symbol servers.
* UDF only, since this is mostly intended for Windows and even with Joliet, Microsoft's
implementation of ISO-9660 is crippled (fails to use multi-extent for >4GB files, which
results in BROKEN ISO images) and too limited.
* Note that this is different from our other save to ISO feature (Alt-O), that dumped
the first optical media found on the system to an ISO.
* Also fix a Coverity warning as well as a possible crash in PopulateWindowsVersion()
when opening an invalid image (such as the ISO-9660 ones created by oscdimg).
* Per MS documentation, _mktime64() *ALTERS* the time being passed to first add/substract
the timezone offset before converting to an epoch.
* This resulted in our evaluated epoch from the DBX GitHub commit being a few hours more
recent than the epoch we store for our embedded files (which is UTC) for timezones that
are behind of UTC, since their epoch have an offset added to convert localtime to UTC.
* Fix this by using _mkgmtime64() that does not suffer an unwanted time manipulation.
* For safety, also use -u for epoch format conversion in our script just in case.
* Closes#2762.
* Also comment the "unsupported check; not verifying file integrity" warning for XZ
decompression, improve XZ ARM64 support and add an exception for some Samsung UFDs.
* With Microsoft having finally relinquished the terms of use of DBX binaries (where their
previous legalese pretty much made it illegal for anyone who wasn't an OS manufacturer to
download DBX for use in applications) we can now formally embed, as well as download the
DBXs when they are updated.
* This is accomplished by querying the https://github.com/microsoft/secureboot_objects
GitHub repo (which is now the official repository for the UEFI Forum's revocation files)
through api.github.com and checking the timestamps of the last commit on the relevant files.
If a more recent DBX is found than the one embedded (or a previously downloaded one), Rufus
will now prompt the user to download it, as part of its regular update check (if enabled).
* Note that, since there have been no official revocations for them yet, IA64, RISCV64 and
LoongArch64 are currently placeholders.
* Also note that we currently don't use this mechanism for Microsoft's SVN revocations, as
we already have a more efficient check for it through SBAT.
* Also fix the handling of the RISCV64 MD5Sum UEFI bootloader, whose offset was incorrect.
* Also fix SBAT not being properly parsed for PE32 executables.
* Also fix signature truncation in GetIssuerCertificateInfo() and fall back to
returning signer data if issuer is not available (which is typically the case
for GRUB signed bootloaders).
* Also fix status messages on user cancellation/proceeding.
* This aims at creating installation media that is compatible with systems where
'Microsoft Windows Production PCA 2011' has been revoked.
* Doesn't work, since the bootloaders being applied by the first stage installer come
from \sources\install.wim[#]\windows\system32\Recovery\Winre.wim[#]\Windows\Boot\
(instead of \sources\boot.wim[#]\Windows\Boot\ as one would naturally expect) and
Microsoft botched the ones they included there by using completely vulnerable (and
therefore revoked) ones.
See https://github.com/pbatard/rufus/issues/2244#issuecomment-2400380839.
* Still, I sure haven't gone through this excruciating ACL bullshit for nothing, so
you get an experimental option, behind the expert mode curtain.
* Per https://forums.mydigitallife.net/threads/win-11-boot-and-upgrade-fix-kit-v5-0-released.83724/
Windows 11 24H2 requires new registry bypasses to be applied to perform in-place upgrade on
non officially supported platforms, and those need to be enacted before running setup.exe.
* In order to streamline this, and because those registry bypasses require elevation, we rename
setup.exe to setup.dll and add our own setup.exe wrapper to set the registry and then call the
original setup.exe (through setup.dll).
* See https://github.com/pbatard/rufus/issues/2568
* Also fix some MinGW build warnings.
* Also fix the annoyance of TortoiseGit/Notepad++ altering the copyright symbol of rufus.rc.
* Looks like using the 'net user USERNAME /logonpasswordchg:yes" might have the side effect
of setting the main user account to expire after a few months. So to alleviate that, we'll
just set the system policy to use passwords that never expire.
* Also clean up the PE parsing code and fix 2 Coverity warnings.
* Also fix typos, misprints and ditch the UNRELIABLE timestamp.acs.microsoft.com server.
Pete Batard