* ensure reproducible builds
* improve patch
* improve patch
* Narrow reproducibility scope to legacy and DEB
Keep the verified Linux legacy Makefile and DEB reproducibility paths, but remove the unverified RPM/openSUSE timestamp changes and AppImage reproducibility behavior from this PR.
The CPack mtime/mode clamp is now installed only for Debian/Ubuntu packaging, matching the scope covered by the provided reproducibility logs.
Retain umask 022 in the RPM/openSUSE wrappers so staged package permissions do not depend on a restrictive caller umask.
* Harden reproducible build cleanup
Validate SOURCE_DATE_EPOCH before interpolating it into Make, CMake or shell packaging paths.
Refuse live DESTDIR values in the CPack mtime clamp and pass makeself options through normal argv construction instead of eval.
---------
Co-authored-by: curious-rabbit <curious-rabbit@local>
Co-authored-by: Mounir IDRASSI <mounir.idrassi@amcrypto.jp>
Replace the Linux ntfs3 help icon paint lambda with a small wxWindow
subclass and regular paint event handler.
GCC 4.4, used on CentOS 6, builds with -std=c++0x but does not support
the lambda syntax used in PreferencesDialog.cpp, causing compilation to
fail at the ntfs3 help icon handler.
The drawing behavior is unchanged.
Keep the executable requirement at CMake 2.8.12 for legacy CentOS 6 package builders while using the version-range syntax to declare policy compatibility up to 3.10. Newer CMake versions use the policy maximum to avoid CMake 4 failures, and older CMake versions ignore the suffix and continue to configure as before.
Enable use_ino for Linux FUSE mounts so stable inode numbers returned by getattr and readdir are reported to userspace. For FUSE3, set fuse_config.use_ino from init; for FUSE2, pass -o use_ino because there is no fuse_config init hook.
Also map otherwise unhandled FUSE exceptions to EIO instead of EINTR, since these failures are not signal interruptions and should not encourage retry loops.
Prefer hdiutil plist entities that carry a mount-point when recording the virtual device. This fixes APFS images where the first dev-entry is not the mounted volume.
Add a macOS mounted-volume refresh hook that recovers VirtualDevice and MountPoint from hdiutil info when FUSE-T SMB auxiliary metadata is missing or stale.
APFS volume creation can still fail with Permission denied after preparing the raw and block device aliases because newfs_apfs performs privileged APFS container and volume operations beyond opening the device nodes.
Route APFS formatting through the elevated CoreService path for non-root macOS runs. Keep the elevated interface narrow by sending only the target device and invoking user UID/GID, validate the device path on the privileged side, rebuild the formatter arguments there, and execute /sbin/newfs_apfs by absolute path to avoid PATH shadowing.
Pass -U/-G so the created filesystem preserves the invoking user ownership. Apply the same path to GUI and text-mode creation.
When creating an APFS filesystem inside a newly created device-hosted volume, VeraCrypt prepared only the raw hdiutil device path before invoking newfs_apfs. On macOS, newfs_apfs may resolve or reopen the corresponding block device path, which can fail with Permission denied for non-root GUI runs.
Prepare both raw and block aliases for the temporary formatter device, restore changed owners afterward, and share the helper between GUI and text-mode volume creation. Restore each changed alias independently so one restore failure does not skip the rest.
Add a -t option to build_veracrypt_macosx.sh so VC_OSX_TARGET can be set explicitly while preserving the existing defaults for source and Homebrew builds.
Fixes#1726.
Keep device selection enumeration unchanged to avoid slow dialog loads.
In the format wizard, inspect only the selected target with diskutil info -plist and reject APFS synthesized devices, macOS system/support targets, read-only targets, and current APFS system stores. Add a read-only APFS hint for creation failures.
Remove the duplicate Shell_NotifyIconW(NIM_MODIFY) call from the tray balloon helper. On Windows 11, the shell can queue the repeated NIF_INFO request and show the same unmount notification twice.
Fixes#1630
* Update Language.ro_1.26.28.xml
* Update Language.ro_1.26.28.xml
I corrected the signaled problems, where was the case and where I did not it was because of misinterpretation of AI.
* Update Language.ro_1.26.28.xml
Final version, for now.
* Update Language.ro_1.26.28.xml
Corrected PIM_ARGON2_SMALL_WARNING
Reject empty or truncated TLV buffers, unsupported indefinite lengths, and declared value lengths that exceed the remaining input or uint16 node storage. Parse BER long-form lengths in big-endian order before copying value bytes.
Report explicit progress stages while writing volume data, writing backup headers, and flushing data to disk so the wizard does not appear stuck at 100%.
Keep the wizard in progress during Unix post-creation formatting and show status for temporary mount/device setup, mkfs invocation, and dismount.
When normal filesystem unmount fails, the Linux path could stop before cleaning VeraCrypt mapper, loop and FUSE objects. Add an explicit emergency dismount request that is only reached after interactive confirmation.
The recovery path lazy-detaches mounted filesystems, uses deferred dmsetup removal for VeraCrypt mapper devices, detaches loop devices, and keeps normal force/ignoreOpenFiles behavior unchanged.
