Commit Graph

951 Commits

Author SHA1 Message Date
Mounir IDRASSI 7f24d98db2 Windows: warn when Secure Boot stops trusting the boot chain
Track Microsoft Windows Production PCA 2011 and Windows UEFI CA 2023 in the firmware db parser so the trust of the chainloaded Windows boot manager copy (bootmgfw_ms.vc) can be verified.

Add BootEncryption::GetEfiBootChainTrustStatus to check the installed VeraCrypt loader set and the bootmgfw_ms.vc signer against the active Secure Boot db, asserting nothing from malformed or partial firmware data.

Warn before reboot during Setup upgrade/repair and log a System Favorites service event when a boot chain component is no longer trusted, so Secure Boot certificate changes surface in Windows instead of as a pre-boot failure.

Refs #1655.
2026-07-07 13:14:31 +09:00
Mounir IDRASSI f6544a5b07 Windows: disable ordered flush barriers by default
Keep ordered flush barrier support available behind the new VC_DRIVER_CONFIG_ENABLE_ORDERED_FLUSH_BARRIERS driver configuration flag. With the flag clear, non-system IRP_MJ_FLUSH_BUFFERS requests complete successfully as they did before d1f73ce4 instead of entering EncryptedIoQueue.

This narrows the default Windows driver behavior while investigating 1.26.29 instability reports, but retains an opt-in path for targeted testing of ordered flush barriers. The close-time best-effort host flush is now gated by the same flag, so default close and dismount behavior also matches the pre-d1f73ce4 path.
2026-07-01 21:22:03 +09:00
Mounir IDRASSI 6a1bd9f3b1 Windows: Update LZMA SDK to version 26.02 2026-06-29 09:13:27 +09:00
Mounir IDRASSI b3fdbdb4ce Clarify Linux system encryption mount option text 2026-06-28 21:48:41 +09:00
Mounir IDRASSI 5ee47e549e Fix Linux mount options help menu path 2026-06-28 20:13:57 +09:00
Mounir IDRASSI 4f7d69be53 Move new macOS filesystem strings to end of language files 2026-06-22 07:15:20 +02:00
damianrickard 355b61f41a macOS: honor the CheckFilesystem repair flag (#1791)
CoreMacOSX::CheckFilesystem() ignored both its mountedVolume and repair
arguments and always just launched Disk Utility.app, so the "Check
Filesystem" and "Repair Filesystem" menu items behaved identically and
neither acted on the mounted volume. On Linux/BSD the same operation runs
fsck and honors the flag (passing -n only when repair is false).

Run diskutil on the VeraCrypt virtual device, choosing verifyVolume or
repairVolume per the flag (diskutil unmounts the inner filesystem itself
as needed). The Core layer has no GUI, so the result is shown in a
Terminal window via a temporary .command script; it falls back to
launching Disk Utility.app when no virtual device is available.

Run the macOS check in the unprivileged application process. VeraCrypt does
not need to create or launch the helper script from the elevated core
service: diskutil operates on the mounted virtual device and macOS handles
any device authorization requirements. Once a device-hosted mount has
started the elevated core service, every later service request is routed to
that root process. There it would create the helper script as root (0700)
and open a Terminal in the GUI session that the user could neither read nor
execute. CoreServiceProxy::CheckFilesystem now invokes the core
implementation directly on macOS instead of sending a service request, so
the script is always owned by the GUI user.

The device path is strictly validated as /dev/[r]diskN[sM] before being
single-quoted into the command. The helper script is created securely in
the per-user temp directory via mkstemps() (atomic O_EXCL/0600, fchmod
0700 by descriptor, close() checked for deferred write errors, unlinked on
any failure) rather than at a predictable, enumerable path in the
world-writable /tmp, guarding against a symlink/race on the executed
script. A trap removes the script on exit even if the window is closed
early, and it is also unlinked if launching Terminal fails. The script
captures $? so diskutil's result, including failures, is shown before the
script exits.

Replace the macOS pre-check message (which still told the user Disk
Utility would open and to pick Verify/Repair manually) with check- and
repair-specific text describing the new automatic diskutil flow.

Seed the two new strings into all translation files with the English
text so the XML key-completeness check passes; localization can follow.

Co-authored-by: Damian Rickard <damian@rickard.us>
2026-06-22 07:05:45 +02:00
Marius Kjærstad 0d375e9a6a Use HTML entities in translation files (#1787)
Normalize menu separators in language XML files
Replace raw > characters in language entry text with the XML entity &gt;,
and normalize remaining -> menu separators to > for consistency with the
existing language files.
The runtime text remains unchanged for escaped > characters because the
language parsers decode XML entities when loading strings.
2026-06-21 04:25:11 +02:00
Mounir IDRASSI 3650fdfca4 Windows: harden EFI Secure Boot CA fallback
Validate SecureBoot firmware data before trusting fallback selection and mark the unsupported-db helper as noreturn.

Record unsupported Secure Boot db refusals in EFI loader diagnostics, and avoid stale rescue-disk prompts after a refusal.

Reuse the central EFI loader selection policy for elevated signing-support checks instead of duplicating fallback/refusal logic.

Translate unsupported Secure Boot db failures across elevation without duplicate generic dialogs, surface stored-PIM refresh failures, and log unattended loader update failures.
2026-06-20 13:41:40 +09:00
Mounir IDRASSI 8bfe53b20f Windows: prevent unsupported EFI Secure Boot fallback
Detect whether the active firmware Secure Boot db trusts the Microsoft Corporation UEFI CA 2011 before selecting the 2011-signed EFI loader set.

Abort with a clear diagnostic when Secure Boot is enabled but neither the 2011 CA nor the required 2023 CA pair is trusted, and document the CA requirements.

Preserve positive CA detection when malformed db data appears only after a supported Microsoft CA set has already been found, while recording the parse error in diagnostics.

Refs #1778.
2026-06-17 14:07:28 +09:00
Mounir IDRASSI 330f1f8b29 Windows: notify users after EFI bootloader CA refresh
Record EFI bootloader resource set changes during PostOOBE refreshes and mark a machine-wide rescue disk reminder.

Show the reminder on VeraCrypt startup using the existing generic rescue disk prompt and Create Rescue Disk flow.
2026-06-15 22:57:28 +09:00
Mounir IDRASSI cb2f20ab94 Fix Argon2 hash alias for Windows CLI
Accept Argon2 and Argon2id aliases through HashGetIdByName so Windows mount parsing matches volume creation. Update Windows command-line documentation in English, Russian, and Chinese, and rebuild the CHM user guides.
2026-06-15 17:53:04 +09:00
Mounir IDRASSI a8a8e50ae8 Update bundled zlib to 1.3.2 2026-06-15 15:00:19 +09:00
Mounir IDRASSI c8a2b89044 Windows: Fix partial GUI translation due to exhausted translation data pool
The fixed-size data pool used by LoadLanguageData() in
src/Common/Language.c stores the embedded English XML strings plus the
selected language's XML strings. When AddPoolData() returns NULL
because the 1 MB DATA_POOL_CAPACITY is exhausted, LoadLanguageData()
aborts and returns FALSE. The callers ignore the return value, so the
dictionary is left partially populated: later XML entries (many
controls, warnings and newer dialogs) are missing while earlier
entries, including most menu items, remain translated.

Since 1.26.24 the XML language files have grown enough that several
languages now overflow the pool (e.g. Corsican, French, German and
Dutch).

Increase DATA_POOL_CAPACITY in src/Common/Dictionary.h from 1 MB to
4 MB to accommodate current and near-future translations.

This regression only affects the Windows version, which uses the
Win32/C localization path with this fixed pool. Linux and macOS use
wxWidgets/wxTranslations and do not use src/Common/Dictionary.c for
GUI localization.

Fixes: GH-1587
2026-06-14 10:36:53 +09:00
Mounir IDRASSI 3e058bd992 Remove TC_STR_RELEASE_DATE and build release string from numeric date defines
- Remove the redundant TC_STR_RELEASE_DATE define from Common/Tcdefs.h
- Add preprocessor helpers to convert TC_RELEASE_DATE_YEAR/MONTH/DAY into
  the same "Month Day, Year" wide string used by TC_STR_RELEASED_BY
- Update source_date_epoch.sh to derive SOURCE_DATE_EPOCH from the three
  numeric date defines only, removing the string-date parsing fallback
2026-06-13 12:04:02 +09:00
Mounir IDRASSI 80a126d04e Fix release date string to match actual TC_RELEASE_DATE_DAY value 2026-06-13 11:32:59 +09:00
Mounir IDRASSI ceea6052d9 Remove unused entry from XML language file following previous commit changes
Entry affected is "FAVORITE_PIM_CHANGED"
2026-06-13 11:07:11 +09:00
Mounir IDRASSI 75857757fe Reset PIM defaults when changing volume KDF
A SourceForge report pointed out that the password-change and header-KDF dialogs reused the current custom PIM when the user selected a different KDF. That was harmless when all choices used the same PBKDF2 PIM scale, but it is wrong with Argon2 because the same numeric PIM has different security and performance meaning.

Avoid silently carrying a custom PIM across KDF changes in both the Windows and wx dialogs. If the new KDF differs from the current one and the user has not explicitly opened the New PIM field, use the default PIM for the selected KDF instead. Keep preserving the current PIM when the KDF is unchanged.

Enable explicit New PIM entry in the header KDF-only flow, warn before resetting an existing custom PIM to the new KDF default, and validate explicitly entered KDF-only PIM values.

Report the new KDF from the Windows dialog as well as the new PIM so favorite volumes update both stored PIM and pinned KDF metadata after password or header KDF changes, including system favorites. Add translation fallbacks, documentation, and release notes for the new behavior.
2026-06-12 18:13:48 +09:00
Mounir IDRASSI 616e33fad8 Set release date to June 9th 2026 2026-06-09 19:29:01 +09:00
Mounir IDRASSI d26be95861 Update copyright year to 2026 2026-06-09 09:56:25 +09:00
Mounir IDRASSI 030be14a82 Increment version to 1.26.29.3. Update signed Windows drivers 2026-06-09 09:25:28 +09:00
Mounir IDRASSI 304088f908 Windows: stop auto-mount scan on mount cancellation
Add a cancel callback and batch abort flag so auto-mount-all stops after dialog cancellation.

Mark MountVolume ERR_USER_ABORT with ERROR_CANCELLED so external /cancelmount also stops the scan.
2026-06-08 20:19:47 +09:00
Mounir IDRASSI 1871765a76 Windows: allow cancelling long mount operations
Add a root-driver abort IOCTL that bypasses the mount control mutex and sets cooperative KDF abort flags for the active mount.

Restrict abort requests to privileged callers or to the user that initiated the pending mount, and retry early wait-dialog cancel requests until the driver has registered the cancellable mount context.

Wire the wait dialog Cancel button to send the abort request through a fresh driver handle, and propagate ERR_USER_ABORT through header/cache processing.

Add a /cancelmount command-line switch that sends the same abort request without displaying UI, so users can cancel hidden-wait-dialog mount operations from another process.
2026-06-07 23:39:52 +09:00
Mounir IDRASSI f77d0c0760 Build: replace fixed SOURCE_DATE_EPOCH fallback
Keep caller-provided SOURCE_DATE_EPOCH authoritative and derive the automatic default through a shared helper used by the Makefile, direct CMake/CPack packaging, and the deb packaging wrapper.

When repository metadata is available, use the HEAD commit timestamp without relying on git -C. Resolve the source root before probing Git so symlinked source paths still use the checkout HEAD. For source tarballs without .git, derive the fallback timestamp from the release date encoded in Common/Tcdefs.h instead of the stale 2020-01-01 constant.

Add TC_RELEASE_DATE_DAY and validate it together with TC_RELEASE_DATE_YEAR, TC_RELEASE_DATE_MONTH, and TC_STR_RELEASE_DATE. Abort when no valid timestamp can be derived.

For direct CMake invocation, initialize SOURCEPATH when the wrapper has not provided it, use the shared helper for derivation, validate the result, and export it for package targets. Also persist the configured epoch through CPACK_PROJECT_CONFIG_FILE so later standalone cpack --config runs export the same value before invoking package generators.

Document that automatic git-checkout builds and release-tarball builds intentionally use different epochs; release reproducers should build from the tarball or set SOURCE_DATE_EPOCH explicitly.
2026-06-05 23:51:51 +09:00
Mounir IDRASSI fd80bc0679 Windows: allow selecting KDFs in benchmark dialog
Add a KDF checklist to the Windows benchmark dialog while keeping all algorithms selected by default.

Filter KDF benchmark execution to the checked algorithms and silently skip when none are selected.

Reuse existing KDF localization strings and keep Language.xml unchanged.
2026-06-05 22:08:02 +09:00
Mounir IDRASSI 522a784bfc Update Release Notes. Set release date. 2026-06-04 21:45:44 +09:00
Mounir IDRASSI a24cbe55bd Fix Twofish x64 multiblock tail handling
Only call the one-block assembly helper when one block remains after the three-block loop.

This prevents zero-block and multiple-of-three requests from reading and writing one extra block past the caller buffer.

Add a Twofish multiblock self-test covering block counts 0 through 9.
2026-06-03 20:54:42 +09:00
Mounir IDRASSI 612bccbd1a Align key schedules and fix Camellia SSSE3 dispatch
Align CRYPTO_INFO primary and secondary key-schedule buffers so cipher implementations can safely use word-sized schedule access on VeraCrypt-managed storage.

Keep generic Camellia direct uint64 schedule indexing. Builds that define CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS use direct 64-bit key and block byte loads/stores; memcpy is retained only for strict-alignment builds.

Require SSSE3 before using the x64 AESNI 16-way Camellia path because the assembly uses pshufb in addition to AES and AVX.
2026-06-03 18:17:42 +09:00
Mounir IDRASSI c748b44b02 Windows driver: fix PBKDF XSTATE cleanup
Ensure SHA-256 and SHA-512 PBKDF cancellation paths restore saved extended processor state before cleanup. Remove unnecessary extended-state save/restore around BLAKE2s, which does not use AVX in the current implementation.
2026-06-03 14:55:57 +09:00
Mounir IDRASSI fcd430d659 Increment version to 1.26.29. Update signed Windows drivers 2026-06-03 14:55:49 +09:00
Mounir IDRASSI 689a59cd58 Merge commit from fork
Hidden volumes are forced to quick format to avoid rewriting the hidden data area. Keep that behavior while skipping the file-container allocation shortcut that writes plaintext zero sectors at 128 MiB intervals.

The allocation shortcut remains enabled for non-hidden file containers; hidden containers now use only the encrypted formatter write path for sectors that are written.
2026-06-03 14:32:17 +09:00
Mounir IDRASSI 3b27eb1acf Windows: fix security token foreach warning 2026-05-31 12:38:31 +09:00
Mounir IDRASSI d6220089ca Fix Unmount All access keys
Move the Unmount All mnemonic away from the single-volume Unmount action in the Windows resources and affected language files. This keeps the two main actions reachable through distinct keyboard accelerators across packaged translations.

Fixes https://github.com/veracrypt/VeraCrypt/issues/1751
2026-05-31 10:47:14 +09:00
Mounir IDRASSI 91a01826aa Windows: fix EFI DcsProp rewrite handling
Ensure ESP file writes have true replace semantics even when the operation is delegated to the elevated COM helper. This prevents shorter edits of EFI\VeraCrypt\DcsProp from leaving stale bytes at the end of the file.

Also XML-escape decoded EFI boot configuration values before serializing them, preserving values containing characters such as <, > and & during EfiBootConf save/update paths.

Fixes #954.
2026-05-31 00:12:06 +09:00
Mounir IDRASSI 19b3ebc0bb Windows: fix ReFS formatting during volume creation
Mount temporary ReFS volumes as fixed media, since Windows does not support ReFS on removable media. Use FMIFS_HARDDISK for the FormatEx fallback while preserving the removable-media path for NTFS and exFAT.

Also make the FormatEx DONE-with-failure status explicit and guard against a missing callback parameter.
2026-05-30 16:50:33 +09:00
Mounir IDRASSI 170dfa83ee Linux/macOS: fix hidden volume FAT size limit
The Unix volume creation wizard applied the FAT32 sector-count limit as a blanket check for device-hosted hidden-volume outer volumes. On 512e disks Linux reports 512-byte logical sectors, so this incorrectly rejected larger device-hosted outer volumes even when the selected outer filesystem was not FAT.

Compute the actual VeraCrypt filesystem/data area size through a shared helper and apply the FAT32 size limit only when FAT is selected. This preserves correct FAT validation while allowing non-FAT outer volumes to proceed to the existing hidden-volume size estimation flow.

Update text-mode creation so FAT is not offered when the selected size cannot support it, and default to the platform native filesystem in that case. Clarify the user-facing FAT limit wording to refer to logical sector size.

Fixes #262
2026-05-29 19:18:56 +09:00
Mounir IDRASSI ce20a24aa5 Fix hidden volume size estimate for exFAT outer volumes
On Unix and macOS, the hidden volume wizard estimates the available space for non-FAT outer filesystems using statvfs(). The previous calculation used f_bsize with f_bavail, which can overstate available bytes on macOS exFAT because f_bsize may be the preferred I/O size instead of the fragment size associated with the block counts.

Use f_frsize when it is reported, fall back to f_bsize, and clamp the non-FAT estimate to the actual outer VeraCrypt data size before applying the existing 80% safety heuristic.

Also harden hidden volume creation in both the cross-platform VolumeCreator path and the Windows/common formatting path by rejecting sizes that would exceed the hidden host data area and overlap volume header space.

Fixes #1037
2026-05-27 10:28:43 +02:00
Mounir IDRASSI 4ad36447b2 Linux: fix CentOS 6 build with GCC 4.4
CentOS 6 builds VeraCrypt with GCC 4.4.7 and -std=c++0x. That compiler does not support range-based for loops, and its libstdc++ does not provide std::string::back() or std::string::pop_back().

Avoid those constructs in the affected Unix/Linux code paths: use VeraCrypt's existing foreach helper when iterating PKCS#11 object handles, and use indexing plus erase() when trimming trailing slashes from PATH entries.

This keeps the code valid for newer Linux toolchains while restoring compatibility with the CentOS 6 build environment.
2026-05-26 21:04:52 +09:00
Mounir IDRASSI d0bc546614 OpenBSD: fix CLI build and PCSC exit handling
OpenBSD builds were relying on ggod to generate embedded resource
headers. That tool is not available on a stock OpenBSD 7.9 install,
and using base od directly is not a safe substitute because it emits
zero-padded decimal values such as 060 and 098. Those tokens are then
included in C++ source and parsed as octal constants, which either
changes values or fails compilation.

Use hexdump with an explicit unsigned-byte format for OpenBSD. It is
part of the base system and emits unpadded decimal byte values suitable
for the existing resource-header pipeline.

The text-mode binary also crashed on normal process exit on OpenBSD,
including after --version, --test, create, mount, list, and dismount.
GDB showed the crash in libpcsclite_real during SCardReleaseContext(),
called from the static SCardManager destructor. This happened even for
commands that did not use EMV or security-token support because the
static manager constructor eagerly initialized PC/SC at startup.

Avoid eager PC/SC initialization and exit-time finalization on OpenBSD.
The existing call sites still initialize PC/SC lazily when EMV/token
operations need it, while ordinary CLI commands no longer touch
pcsc-lite and no longer crash during static destruction.

Validated on OpenBSD 7.9 amd64 with:
- gmake NOGUI=1 -j2
- veracrypt --text --version
- veracrypt --text --test
- device-hosted create/mount/list/dismount smoke test through doas/vnd

Refs #1589.
Refs #1593.
2026-05-26 17:58:04 +09:00
Mounir IDRASSI 66ddd29c91 Windows: report missing EFI boot loader clearly
When preparing UEFI system encryption, check for the standard Windows bootmgfw.efi path before reading it. If it is absent, show the existing VeraCrypt diagnostic instead of surfacing a generic file-not-found error from the elevated COM path.
2026-05-25 17:06:10 +09:00
Mounir IDRASSI c3ce2db9ac Document fixed Argon2id header key size
Argon2id includes the requested output length in its computation, so deriving 192 bytes and using a prefix is not equivalent to deriving only the selected cipher's key material length. This differs from PBKDF2, where the prefix property made this detail invisible.

VeraCrypt derives the maximum header key material currently needed by the supported cipher/cascade set, which is 192 bytes, and then uses the required prefix for the selected encryption algorithm. For AES-XTS this means the first 64 bytes of the 192-byte Argon2id output are used.

Make this design rule explicit in code and documentation by introducing ARGON2_HEADER_KEYDATA_SIZE instead of relying implicitly on GetMaxPkcs5OutSize. If a future cipher or cascade requires more than 192 bytes, that must be handled as an explicit format/design change.

Document the 192-byte Argon2id header KDF output requirement so third-party implementations derive the same header key material.

References: https://github.com/veracrypt/VeraCrypt/issues/1614
2026-05-21 18:10:06 +09:00
Mounir IDRASSI aaffec8b5c Windows: support new Microsoft EFI CA bootloaders
Embed both Microsoft UEFI CA 2011 and 2023 signed DCS EFI sets and select the 2023 set only when the firmware db trusts the required 2023 third-party CAs.

Fall back to the 2011 EFI set when firmware db state cannot be determined, preserving pre-existing compatibility behavior and recording the reason in HKLM diagnostics.

Refresh installed ESP modules during PostOOBE repair, keep backups before replacing existing DCS modules, and use the selected EFI set when creating rescue media.

Record the selected EFI bootloader resource set and selection reason in HKLM, allow larger firmware db variables on systems with many Secure Boot certificates, and remove diagnostic registry keys on uninstall.

Fix MSI SetupDLL COM typelib version constants so unregister targets the current Main and Format COM typelib versions.

References: https://github.com/veracrypt/VeraCrypt/issues/1655
2026-05-20 14:07:47 +09:00
Mounir IDRASSI 6bef9e009c Linux: refine in-kernel NTFS driver selection
Keep the NTFS kernel-driver option as a generic in-kernel NTFS path rather than an ntfs3-specific path. Add --filesystem=kernel-ntfs and -m kernelntfs routes that select a registered or loadable kernel NTFS driver and mount with -i so mount.ntfs/ntfs-3g helpers are not invoked.

Preserve --filesystem=ntfs3 as a literal pin to the ntfs3 driver. Treat both ntfs3 and kernel-ntfs as mount-only selectors; volume creation continues to use filesystem type NTFS.

The preference and -m kernelntfs path only select an in-kernel NTFS driver when no explicit filesystem type was supplied and blkid detects NTFS.

Treat ntfs as the preferred in-kernel driver on Linux 7.1 and later, where the upstream read/write driver is expected. On earlier kernels, select ntfs only when module metadata identifies the standalone read/write driver and /sys/module confirms it loaded, avoiding ntfs3 read-only ntfs compatibility registrations. Fall back to ntfs3 otherwise, and report a generic kernel-driver error if neither supported driver is available or loadable.

Rename the internal preference/config field to MountNtfsWithKernelDriver, migrate the old MountNtfsWithNtfs3 preference key, and update UI strings, CLI help, documentation, release notes, and translation placeholders accordingly.

Reference: https://github.com/veracrypt/VeraCrypt/issues/1735
2026-05-18 22:19:23 +09:00
Mounir IDRASSI c2ba9b5333 Translations: add macOS device validation strings
Move the new English entries to the end of Language.xml and add English fallback entries to all tracked translation XML files.
2026-05-11 23:59:09 +09:00
Mounir IDRASSI 49c8fd3680 macOS: validate format wizard device targets
Keep device selection enumeration unchanged to avoid slow dialog loads.

In the format wizard, inspect only the selected target with diskutil info -plist and reject APFS synthesized devices, macOS system/support targets, read-only targets, and current APFS system stores. Add a read-only APFS hint for creation failures.
2026-05-11 23:47:20 +09:00
Mounir IDRASSI e6247fbf2a Windows: avoid duplicate tray notifications
Remove the duplicate Shell_NotifyIconW(NIM_MODIFY) call from the tray balloon helper. On Windows 11, the shell can queue the repeated NIF_INFO request and show the same unmount notification twice.

Fixes #1630
2026-05-11 11:28:56 +09:00
Mounir IDRASSI 404d72de2e Windows: Update LZMA SDK to version 26.01 2026-05-11 11:11:41 +09:00
Diogo Santos 504c94f12c Fix Off-By-One Stack Buffer Overflows in XML Parser (#1717)
* Off-By-One Null Byte Fix

* Add XML parser tests and improve XmlGetAttributeText handling

* Refactor XML testing: integrate XmlTest into AutoTestAlgorithms, add sentinel test for XmlGetNodeText insuficient output size.

* Remove no-op Tests.c change

---------

Co-authored-by: Mounir IDRASSI <mounir.idrassi@amcrypto.jp>
2026-05-10 10:41:10 +09:00
Mounir IDRASSI f6dcfa2b64 Harden TLV parser bounds checks
Reject empty or truncated TLV buffers, unsupported indefinite lengths, and declared value lengths that exceed the remaining input or uint16 node storage. Parse BER long-form lengths in big-endian order before copying value bytes.
2026-05-09 22:54:47 +09:00
Mounir IDRASSI f8837090b8 Linux/macOS: show volume creation finalization stages
Report explicit progress stages while writing volume data, writing backup headers, and flushing data to disk so the wizard does not appear stuck at 100%.

Keep the wizard in progress during Unix post-creation formatting and show status for temporary mount/device setup, mkfs invocation, and dismount.
2026-05-03 11:26:20 +09:00