* With Microsoft having finally relinquished the terms of use of DBX binaries (where their
previous legalese pretty much made it illegal for anyone who wasn't an OS manufacturer to
download DBX for use in applications) we can now formally embed, as well as download the
DBXs when they are updated.
* This is accomplished by querying the https://github.com/microsoft/secureboot_objects
GitHub repo (which is now the official repository for the UEFI Forum's revocation files)
through api.github.com and checking the timestamps of the last commit on the relevant files.
If a more recent DBX is found than the one embedded (or a previously downloaded one), Rufus
will now prompt the user to download it, as part of its regular update check (if enabled).
* Note that, since there have been no official revocations for them yet, IA64, RISCV64 and
LoongArch64 are currently placeholders.
* Also note that we currently don't use this mechanism for Microsoft's SVN revocations, as
we already have a more efficient check for it through SBAT.
* Also fix the handling of the RISCV64 MD5Sum UEFI bootloader, whose offset was incorrect.
* Also fix SBAT not being properly parsed for PE32 executables.
* Also fix signature truncation in GetIssuerCertificateInfo() and fall back to
returning signer data if issuer is not available (which is typically the case
for GRUB signed bootloaders).
* Also fix status messages on user cancellation/proceeding.
* This aims at creating installation media that is compatible with systems where
'Microsoft Windows Production PCA 2011' has been revoked.
* Doesn't work, since the bootloaders being applied by the first stage installer come
from \sources\install.wim[#]\windows\system32\Recovery\Winre.wim[#]\Windows\Boot\
(instead of \sources\boot.wim[#]\Windows\Boot\ as one would naturally expect) and
Microsoft botched the ones they included there by using completely vulnerable (and
therefore revoked) ones.
See https://github.com/pbatard/rufus/issues/2244#issuecomment-2400380839.
* Still, I sure haven't gone through this excruciating ACL bullshit for nothing, so
you get an experimental option, behind the expert mode curtain.
* Per https://forums.mydigitallife.net/threads/win-11-boot-and-upgrade-fix-kit-v5-0-released.83724/
Windows 11 24H2 requires new registry bypasses to be applied to perform in-place upgrade on
non officially supported platforms, and those need to be enacted before running setup.exe.
* In order to streamline this, and because those registry bypasses require elevation, we rename
setup.exe to setup.dll and add our own setup.exe wrapper to set the registry and then call the
original setup.exe (through setup.dll).
* See https://github.com/pbatard/rufus/issues/2568
* Also fix some MinGW build warnings.
* Also fix the annoyance of TortoiseGit/Notepad++ altering the copyright symbol of rufus.rc.
* Looks like using the 'net user USERNAME /logonpasswordchg:yes" might have the side effect
of setting the main user account to expire after a few months. So to alleviate that, we'll
just set the system policy to use passwords that never expire.
* Also clean up the PE parsing code and fix 2 Coverity warnings.
* Also fix typos, misprints and ditch the UNRELIABLE timestamp.acs.microsoft.com server.
* The static_/safe_ string macros were not properly designed to handle the case where
an expression such as strlen() rather than a static value was passed for the count,
leading to unexpected results, such as excessive truncation of strings. Fix that.
* Also fix a buffer overflow in GetDevices() due to using a wrong string length.
