Keep device selection enumeration unchanged to avoid slow dialog loads.
In the format wizard, inspect only the selected target with diskutil info -plist and reject APFS synthesized devices, macOS system/support targets, read-only targets, and current APFS system stores. Add a read-only APFS hint for creation failures.
Remove the duplicate Shell_NotifyIconW(NIM_MODIFY) call from the tray balloon helper. On Windows 11, the shell can queue the repeated NIF_INFO request and show the same unmount notification twice.
Fixes#1630
* Update Language.ro_1.26.28.xml
* Update Language.ro_1.26.28.xml
I corrected the signaled problems, where was the case and where I did not it was because of misinterpretation of AI.
* Update Language.ro_1.26.28.xml
Final version, for now.
* Update Language.ro_1.26.28.xml
Corrected PIM_ARGON2_SMALL_WARNING
Reject empty or truncated TLV buffers, unsupported indefinite lengths, and declared value lengths that exceed the remaining input or uint16 node storage. Parse BER long-form lengths in big-endian order before copying value bytes.
Report explicit progress stages while writing volume data, writing backup headers, and flushing data to disk so the wizard does not appear stuck at 100%.
Keep the wizard in progress during Unix post-creation formatting and show status for temporary mount/device setup, mkfs invocation, and dismount.
When normal filesystem unmount fails, the Linux path could stop before cleaning VeraCrypt mapper, loop and FUSE objects. Add an explicit emergency dismount request that is only reached after interactive confirmation.
The recovery path lazy-detaches mounted filesystems, uses deferred dmsetup removal for VeraCrypt mapper devices, detaches loop devices, and keeps normal force/ignoreOpenFiles behavior unchanged.
Validate SecRegion password cache offsets before use.
Wipe decrypted SecRegion password-cache data even when cache validation fails.
Clamp encrypted I/O work item counts and check allocation sizing.
Reject invalid boot drive sector writes and initialize decoy wipe data unit.
Validate hidden-system boot offsets and remap arithmetic before use.
Verify restored EFI Microsoft and fallback boot loader paths after system decryption.
Show clearer recovery guidance when EFI file restoration or NVRAM cleanup remains incomplete.
Add a GPT-only EFI boot loader repair menu action for already decrypted systems.
The read loop that captures stderr from the sudo child process used
`vector<char> buffer(4096); buffer.clear();` followed by
`read(fd, &buffer[0], buffer.capacity())`. This has two instances of
undefined behavior:
1. `operator[](0)` on a vector with `size() == 0` violates the C++
standard precondition `n < size()`. libstdc++ built with
`-D_GLIBCXX_ASSERTIONS` aborts the process with:
stl_vector.h:1128: Assertion '__n < this->size()' failed.
2. `buffer.begin() + bytesRead` on the same empty vector constructs
an iterator past `end()`, also UB.
`-D_GLIBCXX_ASSERTIONS` is in the default build flags of Arch Linux,
Fedora, and several other distributions. On those systems, the
unprivileged helper process aborts as soon as sudo writes anything
to stderr (a password prompt, a 'user is not in the sudoers file'
error, etc.). The main process then sees EOF on the service output
pipe, and throws `InsufficientData`, which renders to the user as
'Not enough data available'. A second mount attempt fails at
`File::Write` because the helper is dead and the pipe is broken,
producing the bare message 'VeraCrypt::File::Write:395'.
Fix by replacing `buffer` with a plain `char[4096]` and using
`reserve(4096)` on `errOutput` to preserve the original
pre-allocation intent. No behavioral change on systems where the UB
happened to work; aborts are eliminated on systems where the
assertions fire.
Reported-by: multiple users, see veracrypt/VeraCrypt#1550,
veracrypt/VeraCrypt#1446, veracrypt/VeraCrypt#844
Co-authored-by: rabbit <rabbit@github>
Make /aux-device-info readable for SMB, verify that FUSE records hdiutil device info after mount and recover missing virtual devices from hdiutil before dismounting auxiliary mounts.
Add statfs metadata for the auxiliary FUSE mount, keep /control read-only by sending hdiutil device data through /aux-device-info and tolerate delayed SMB rediscovery during mount completion. Log final control-file retry failures for diagnostics.
