Commit Graph

2925 Commits

Author SHA1 Message Date
Mounir IDRASSI cbcf5339f6 Windows: fix work item pool cleanup on allocation failure and queue restart
Zero the preallocated work item pool before the shared error cleanup can scan it, since driver TCalloc uses uninitialized pool memory. Also clear WorkItemPool after EncryptedIoQueueStop frees it so a reused queue cannot retry cleanup through a stale pointer on a later start failure.
2026-07-02 21:20:18 +09:00
Mounir IDRASSI f6544a5b07 Windows: disable ordered flush barriers by default
Keep ordered flush barrier support available behind the new VC_DRIVER_CONFIG_ENABLE_ORDERED_FLUSH_BARRIERS driver configuration flag. With the flag clear, non-system IRP_MJ_FLUSH_BUFFERS requests complete successfully as they did before d1f73ce4 instead of entering EncryptedIoQueue.

This narrows the default Windows driver behavior while investigating 1.26.29 instability reports, but retains an opt-in path for targeted testing of ordered flush barriers. The close-time best-effort host flush is now gated by the same flag, so default close and dismount behavior also matches the pre-d1f73ce4 path.
2026-07-01 21:22:03 +09:00
Mounir IDRASSI c947e56b6e Windows: revert CriticalWorkQueue IRP completion dispatch
Revert the IRP completion dispatch changes from a7ebddc5 while keeping later ordered flush barrier handling intact. This restores the previous model where ordinary early completions are completed directly and queued final completions use DelayedWorkQueue.

The CriticalWorkQueue dependency was introduced as a follow-up to the deferred completion deadlock fix, but current Windows instability reports point to it as a likely regression risk. Returning to the 1.26.24-style completion path narrows the driver behavior change while preserving the documented deadlock mitigation architecture.
2026-07-01 21:21:58 +09:00
Nick 9ba3ca9897 Update Swedish translation (#1805)
* Update Swedish translation

* Update Language.sv.xml

* Update Language.sv.xml
2026-06-30 17:52:22 +09:00
Mounir IDRASSI a730550497 Unix: harden doas startup fd handling
Move child pipe descriptors away from stdio slots before remapping them, avoiding collisions when 0/1/2 are closed.

On OpenBSD, wait for authentication-terminal output before writing the doas password, avoiding prompt text matching while keeping the startup timeout as the upper bound.
2026-06-30 16:59:32 +09:00
Mounir IDRASSI 5381c1b365 Unix: harden OpenBSD doas authentication startup
Keep OpenBSD doas stderr on the private authentication PTY because doas requires stderr to be a terminal while prompting.

Capture authentication-terminal diagnostics, strip prompts from user-facing errors, and fail promptly on explicit authentication denial.

Wait for actual prompt bytes before sending the password so OpenBSD PTY POLLIN|POLLHUP before slave open cannot race with readpassphrase terminal flushing.
2026-06-30 16:59:31 +09:00
Mounir IDRASSI 409d349856 Unix: harden elevated service fd inheritance
Set close-on-exec on elevated-service startup pipes before fork and centralize duplication onto standard descriptors.

Clear FD_CLOEXEC on descriptors intentionally kept across exec, including dup2(fd, fd) no-op cases.
2026-06-30 16:59:31 +09:00
Mounir IDRASSI 44843c47b8 Unix: fix doas auth PTY opening on OpenBSD
OpenBSD defines O_CLOEXEC, but rejects it in posix_openpt() with EINVAL. Retry with the POSIX pseudoterminal flags and then set FD_CLOEXEC explicitly so doas authentication can create its private PTY.
2026-06-30 16:59:25 +09:00
Mounir IDRASSI 6a1bd9f3b1 Windows: Update LZMA SDK to version 26.02 2026-06-29 09:13:27 +09:00
TigerxWood 9af44986ec Update Language.ro.xml (#1802)
* Update Language.ro.xml

1. Made some more corrections.
2. Also on line 1543 there is an 'Options &gt;' &gt; ... I did not find anywhere 'Options &gt;' is this maybe about key="IDC_MOUNT_OPTIONS">Mount Opti&amp;ons...</entry>

* Update Language.ro.xml

* Update Language.ro.xml

Final edit
2026-06-28 22:18:05 +09:00
Mounir IDRASSI b3fdbdb4ce Clarify Linux system encryption mount option text 2026-06-28 21:48:41 +09:00
Mounir IDRASSI 78dc2eaa76 Update various translations 2026-06-28 21:02:11 +09:00
Mounir IDRASSI 5ee47e549e Fix Linux mount options help menu path 2026-06-28 20:13:57 +09:00
TigerxWood 3e700eec68 Update Language.ro.xml (#1800)
* Update Language.ro.xml

Version 1.26.29

* Update Language.ro.xml

version 1.26.29
2026-06-28 15:59:34 +09:00
Marius Kjærstad 21dba20af4 Update Norwegian Bokmål translation (#1799)
* Update Norwegian Bokmål translation

* Fix for two issues
2026-06-26 12:19:38 +09:00
Mounir IDRASSI a9a6fa4a06 Update translations 2026-06-25 22:52:01 +09:00
Mounir IDRASSI c3f2096aea Update Swedish translation 2026-06-25 21:31:00 +09:00
Nick ac0b56a872 Update Swedish translation (#1798)
* Update Swedish translation
2026-06-25 21:17:42 +09:00
Matthaiks c4ced61572 Update Polish translation (#1797)
* Update Polish translation

* Update Polish translation
2026-06-25 18:11:37 +09:00
Thomas De Rocker eee81dc268 Update Language.nl.xml (#1796) 2026-06-25 15:56:50 +09:00
Patriccollu dff7f2bbfb Update Corsican translation on 2026-06 (3rd) (#1795) 2026-06-25 15:56:23 +09:00
Mounir IDRASSI 47786ddce8 Unix: add doas elevation support
Prefer sudo when available and fall back to doas on Unix. Run doas authentication through a PTY while keeping service communication on stdin/stdout pipes, and use a no-fork service mode for the doas path.

Keep doas authentication terminal descriptors close-on-exec and close the slave descriptor after attaching it as the controlling terminal. Preserve startup diagnostics through stderr until service synchronization completes, then redirect no-fork service stderr away from the closed parent pipe.

Use noninteractive privilege-helper auth checks for both sudo and doas so cached, nopass, or persisted sessions do not need an unnecessary VeraCrypt password prompt. Keep the PTY password path for doas when authentication is required.

Use a shared Unix DOAS_USER helper for FUSE and mount ownership, backed by getpwnam_r and guarded so non-OpenBSD platforms only trust it for VeraCrypt's internal doas no-fork service path. Detach asynchronous child-reaper threads to avoid leaking joinable pthread handles.
2026-06-25 14:40:34 +09:00
Mounir IDRASSI 26adb5e882 Linux: retry auto FAT mounts with blkid
Keep the historical auto-mount behavior as the first attempt when the user did not request a filesystem type. If that mount fails on Linux, detect the filesystem with blkid and retry only for FAT-family types that minimal mount implementations may not auto-probe.

Leave explicit filesystem types and NTFS kernel-driver resolution unchanged.
2026-06-25 14:40:34 +09:00
Mounir IDRASSI f1a6e23734 Unix: make Pipe::Close idempotent 2026-06-25 14:40:33 +09:00
Mounir IDRASSI d25bd3d7e5 Unix: honor configured pthread stack size 2026-06-25 14:40:10 +09:00
Mounir IDRASSI 4f7d69be53 Move new macOS filesystem strings to end of language files 2026-06-22 07:15:20 +02:00
damianrickard 355b61f41a macOS: honor the CheckFilesystem repair flag (#1791)
CoreMacOSX::CheckFilesystem() ignored both its mountedVolume and repair
arguments and always just launched Disk Utility.app, so the "Check
Filesystem" and "Repair Filesystem" menu items behaved identically and
neither acted on the mounted volume. On Linux/BSD the same operation runs
fsck and honors the flag (passing -n only when repair is false).

Run diskutil on the VeraCrypt virtual device, choosing verifyVolume or
repairVolume per the flag (diskutil unmounts the inner filesystem itself
as needed). The Core layer has no GUI, so the result is shown in a
Terminal window via a temporary .command script; it falls back to
launching Disk Utility.app when no virtual device is available.

Run the macOS check in the unprivileged application process. VeraCrypt does
not need to create or launch the helper script from the elevated core
service: diskutil operates on the mounted virtual device and macOS handles
any device authorization requirements. Once a device-hosted mount has
started the elevated core service, every later service request is routed to
that root process. There it would create the helper script as root (0700)
and open a Terminal in the GUI session that the user could neither read nor
execute. CoreServiceProxy::CheckFilesystem now invokes the core
implementation directly on macOS instead of sending a service request, so
the script is always owned by the GUI user.

The device path is strictly validated as /dev/[r]diskN[sM] before being
single-quoted into the command. The helper script is created securely in
the per-user temp directory via mkstemps() (atomic O_EXCL/0600, fchmod
0700 by descriptor, close() checked for deferred write errors, unlinked on
any failure) rather than at a predictable, enumerable path in the
world-writable /tmp, guarding against a symlink/race on the executed
script. A trap removes the script on exit even if the window is closed
early, and it is also unlinked if launching Terminal fails. The script
captures $? so diskutil's result, including failures, is shown before the
script exits.

Replace the macOS pre-check message (which still told the user Disk
Utility would open and to pick Verify/Repair manually) with check- and
repair-specific text describing the new automatic diskutil flow.

Seed the two new strings into all translation files with the English
text so the XML key-completeness check passes; localization can follow.

Co-authored-by: Damian Rickard <damian@rickard.us>
2026-06-22 07:05:45 +02:00
b0rj4 94fabdd0b7 Typo fix in Spanish translation (#1794) 2026-06-22 09:24:06 +09:00
damianrickard 3e231010dc macOS: search system directories before /usr/local/bin for binaries (#1790)
On macOS, Process::FindSystemBinary() searched /usr/local/bin first, so a
user-writable /usr/local/bin (the default on Homebrew installs) could
shadow system tools.

This resolver is also used to locate privileged binaries during privilege
elevation: CoreService.cpp resolves "sudo" (and "true") through it both
when probing for an active sudo session and when launching the elevated
helper, and the admin password is written to that sudo process's stdin.
On a typical Homebrew install /usr/local is owned by the (non-root) user,
so a planted /usr/local/bin/sudo would be selected ahead of /usr/bin/sudo
and could capture the admin password, leading to privilege escalation.

Reorder the macOS list to {/usr/bin, /bin, /usr/sbin, /sbin,
/usr/local/bin} so system locations always win. The binaries actually
resolved through this function on macOS (sudo, true, fsck, the terminal
helper used for filesystem checks and its dependencies, and non-APFS
formatters) live in system directories, so /usr/local/bin is kept only as
a last-resort fallback and can no longer shadow them. (diskutil, hdiutil
and newfs_apfs are invoked via absolute paths and were never affected.)

Co-authored-by: Damian Rickard <damian@rickard.us>
2026-06-22 09:05:29 +09:00
Mounir IDRASSI e6eb1d9f57 macOS: add screen protection preference
Persist a macOS-only preference for disabling wx content protection while keeping protection enabled by default.

Add a Preferences checkbox that reuses IDC_DISABLE_SCREEN_PROTECTION and reapply the protection state after preference changes.

Apply content-protection updates to all current top-level wx windows so changing the preference while a modal dialog is active does not leave the main frame or other windows with stale protection state.
2026-06-21 14:24:20 +02:00
Mounir IDRASSI adac089fd6 Linux/macOS: surface post-sudo elevation errors
Separate sudo authentication success from elevated request execution state by acknowledging when the elevated core service starts successfully.

Once that channel is available, propagate later failures instead of showing repeated administrator password dialogs. Initialize the sudo dummy-password flag consistently on macOS, avoiding an uninitialized read of UseDummySudoPassword.

Register admin-password cleanup before elevation attempts so plaintext sudo credentials are erased on early-return and post-sudo failure paths.

References #1788.
2026-06-21 04:29:32 +02:00
Marius Kjærstad 0d375e9a6a Use HTML entities in translation files (#1787)
Normalize menu separators in language XML files
Replace raw > characters in language entry text with the XML entity &gt;,
and normalize remaining -> menu separators to > for consistency with the
existing language files.
The runtime text remains unchanged for escaped > characters because the
language parsers decode XML entities when loading strings.
2026-06-21 04:25:11 +02:00
Mounir IDRASSI ee0d67ad16 Linux/FreeBSD: stop installing symbolic app icon
Do not package veracrypt-symbolic.svg under hicolor symbolic icons, as KDE may prefer it for AppIndicator tray items and render a black monochrome icon.

Remove the obsolete symbolic icon during generic installer upgrades and refresh the hicolor icon cache after install or uninstall cleanup.
2026-06-20 14:45:46 +09:00
Mounir IDRASSI 3650fdfca4 Windows: harden EFI Secure Boot CA fallback
Validate SecureBoot firmware data before trusting fallback selection and mark the unsupported-db helper as noreturn.

Record unsupported Secure Boot db refusals in EFI loader diagnostics, and avoid stale rescue-disk prompts after a refusal.

Reuse the central EFI loader selection policy for elevated signing-support checks instead of duplicating fallback/refusal logic.

Translate unsupported Secure Boot db failures across elevation without duplicate generic dialogs, surface stored-PIM refresh failures, and log unattended loader update failures.
2026-06-20 13:41:40 +09:00
Mounir IDRASSI 8a60f152ab Windows: fix favorite mount-on-arrival drive conflicts
Favorite auto-mount on arrival could repeatedly report an unavailable drive letter when the configured letter was occupied by a non-VeraCrypt device. Classify this case before entering the mount path and use a non-modal notification during arrival scans.

Track letter conflicts separately from successfully mounted arrival favorites so a failed mount is suppressed while the host remains connected without being treated as mounted, and without triggering a delayed mount just because the letter is later freed.

Snapshot the arrival favorites list before mount attempts because modal UI can process device-change messages that reload favorites. Also fix a device-removal pointer typo that advanced the broadcast-volume pointer instead of the mounted-volume path.
2026-06-19 16:51:42 +09:00
Mounir IDRASSI 762d965f2d Linux : make desktop cache updates optional in installers
Skip desktop/MIME cache refresh for console installers, where no desktop integration files are installed.

Guard update-mime-database and update-desktop-database calls so minimal systems without desktop-file-utils do not print post-install errors.

Apply the same best-effort cache refresh behavior to FreeBSD generic scripts for parity.

Also fix the FreeBSD uninstall script to remove the per-resolution PNG icons from /usr/local/share/icons, matching where they are installed.
2026-06-19 11:29:03 +09:00
Mounir IDRASSI 50daadb548 Update translated language files 2026-06-19 11:27:14 +09:00
Patriccollu 492493bcc5 Update Corsican translation on 2026-06 (2nd) (#1784) 2026-06-18 20:44:29 +09:00
Matthaiks 6a44eee89c Update Polish translation (#1781) 2026-06-18 17:24:32 +09:00
Marius Kjærstad ee7afc96d9 Update Norwegian Bokmål translation (#1782) 2026-06-18 17:08:28 +09:00
Mounir IDRASSI a05c8534c3 docs: update supported operating systems 2026-06-17 16:46:00 +09:00
Mounir IDRASSI 8bfe53b20f Windows: prevent unsupported EFI Secure Boot fallback
Detect whether the active firmware Secure Boot db trusts the Microsoft Corporation UEFI CA 2011 before selecting the 2011-signed EFI loader set.

Abort with a clear diagnostic when Secure Boot is enabled but neither the 2011 CA nor the required 2023 CA pair is trusted, and document the CA requirements.

Preserve positive CA detection when malformed db data appears only after a supported Microsoft CA set has already been found, while recording the parse error in diagnostics.

Refs #1778.
2026-06-17 14:07:28 +09:00
Mounir IDRASSI 9a85a53731 Windows: accept 'n' as a disable argument for /protectScreen and /protectMemory 2026-06-17 10:09:36 +09:00
nkh0472 e8307b3e08 Translate English entries to Chinese in XML (#1769)
* Translate English entries to Chinese in XML

* Update PIM reset confirmation message in Chinese
2026-06-16 20:24:29 +09:00
Patriccollu 666687ff22 Update Corsican translation on 2026-06 (#1774)
* Update Corsican translation on 2026-06

* Update Corsican translation on 2026-06
2026-06-16 18:36:12 +09:00
Mounir IDRASSI f8513cdfa8 Linux: fix install on merged usr systems
Install staged /usr child directories by merging their contents into existing destination directories instead of replacing them. This preserves /usr/sbin symlinks to bin on merged-/usr distributions while keeping traditional layouts working.

Fixes issue: https://github.com/veracrypt/VeraCrypt/issues/1764
2026-06-16 14:05:40 +09:00
damianrickard 37412adf04 macOS: parse hdiutil -plist output via CoreFoundation instead of string scanning (#1776)
The hdiutil `-plist` output used for mount/dismount device discovery
(MountAuxVolumeImage and UpdateMountedVolumeInfo) was parsed with a
hand-rolled string scanner that assumed the value always follows the
requested key and that <key>/<string> pairs appear in a fixed order.

Replace it with the CoreFoundation property-list API
(CFPropertyListCreateWithData + dictionary/array navigation), which is
correct by construction and robust to hdiutil output ordering/variation.
An RAII helper (CFHolder) ensures CFRelease on every path.

Behavior is preserved: prefer the system-entity that carries a
mount-point, otherwise fall back to the first dev-entry, and match disk
images by normalized image-path. CoreFoundation is already linked on
macOS (via Cocoa), so no build changes are needed.

Verified end-to-end on Apple Silicon: mounting parses `hdiutil attach`
output and dismount parses `hdiutil info` output correctly.

Co-authored-by: Damian Rickard <damian@rickard.us>
2026-06-16 06:54:58 +02:00
Marius Kjærstad 40f6473c90 Some formatting changes to README.md (#1777) 2026-06-16 10:05:24 +09:00
Mr-Update 9b931e6cff Update Language.de.xml (#1771)
* Update Language.de.xml

* Update Language.de.xml
2026-06-16 08:45:56 +09:00
Marius Kjærstad 667e7417ea Update Norwegian Bokmål translation (#1770)
* Update Norwegian Bokmål translation

* Idrassi found some more issues

* A few more changes
2026-06-16 08:28:30 +09:00