| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
encountered by users
cf thread: https://sourceforge.net/p/veracrypt/discussion/general/thread/293d401a30
delays and sporadic crashes in some cases.
|
|
* refactor: use UNMOUNT instead of DISMOUNT in code
This change updates the term DISMOUNT in constants to UNMOUNT.
Other occurrences (e.g. variable names) are left alone for now.
* refactor(ui): use unmount instead of dismount
This change updates the GUI text and replaces dismount with unmount.
* docs: update term dismount -> unmount
* refactor(cmdline): add unmount
This change adds an argument 'unmount' for command line usage, while
trying to deprecate the old disnount argument.
The current dismount argument/flag will still work to not introduce
a breaking change.
* docs: mention that /dismount is deprecated
This change fixes the shorthand version of the argument /unmount
It also adds back the info for /dismount and that it is deprecated.
|
|
|
|
|
|
|
|
(CVE-2025-23021, reported by SivertPL @__tfr)
Added security checks to prevent mounting VeraCrypt volumes on system directories (like /usr/bin) or directories in the user's PATH, which could theoretically allow execution of malicious binaries instead of legitimate system binaries.
Key changes:
- Block mounting on protected system directories (/usr, /bin, /lib, etc.)
This restriction cannot be overridden
- Block mounting on directories present in user's PATH environment variable
This can be overridden with --allow-insecure-mount flag
- Add visual warnings (red border, "[INSECURE MODE]") when mounting on PATH directories is allowed
- Handle symlinks properly when checking paths
- Add new error messages for blocked mount points
To override PATH-based restrictions only (system directories remain protected):
veracrypt --allow-insecure-mount [options] volume mountpoint
Security Impact: Low to Medium
The attack requires either:
- User explicitly choosing a system directory as mount point instead of using VeraCrypt's default mount points
- Or attacker having both filesystem access to modify favorites configuration AND knowledge of the volume password
Default mount points are not affected by this vulnerability.
Security: CVE-2025-23021
|
|
Update Windows drivers.
|
|
Issue was caused by the fact that Microsoft signing certificate for driver file has changed.
We fix it by updating the SHA512 fingerprint of Microsoft code signing certificate.
|
|
|
|
|
|
|
|
instead of obsolete that were not working
This commit increases randomness quality by using more dynamic/varied sources of entropy.
PDH-based disk and network statistics collection in now added to random pool
- Introduced `GetDiskStatistics` to gather disk read/write performance data using PDH API.
- Introduced `GetNetworkStatistics` to gather network send/receive performance data using PDH API.
- Integrated high-resolution timestamps and random intervals to improve entropy in collected data.
- Updated `SlowPoll` function to utilize PDH-based disk and network statistics.
- Removed obsolete NetAPI32-based network statistics collection.
|
|
- Add IsWin10BuildAtLeast() helper function to check Windows 10 build numbers
- Replace direct build number comparison with IsWin10BuildAtLeast() for ReflectDrivers check
- Update error message to be more specific about Windows version requirement
|
|
To support this, we had to replace ExAllocatePool2 by ExAllocatePoolUninitialized.
|
|
during update
|
|
Windows upgrade
During a Windows upgrade, ownership of veracrypt.sys is set to TrustedInstaller, preventing VeraCrypt from accessing the file during an update.
This commit resolves the issue by temporarily taking ownership of the file to rename it, allowing the new file to be copied. The setup process now obtains additional privileges for this operation, which are properly dropped once the file copying is complete.
|
|
|
|
1024. Queue write IRPs.
- Made the maximum work items count configurable to allow flexibility based on system needs.
- Increased the default value of max work items count to 1024 to better handle high-throughput scenarios.
- Queue write IRPs in system worker thread to avoid potential deadlocks in write scenarios.
|
|
|
|
drivers.
|
|
since we are targeting Windows 10
|
|
derive_key_blake2s function
|
|
to inform compiler that pointer is unaligned.
This avoids issues with existing bootloaders
|
|
remove 32-bit EFI bootloader files.
We also fix intermediary files folder for Portable and Setup projects
|
|
|
|
|
|
Delete unused files.
|
|
used for them.
|
|
configuration for driver and binaries.
Only setup remains 32-bit to be compatible with both x64 and arm64 Windows.
|
|
|
|
a single return statement at the end
|
|
affecting NULL pointer
|
|
|
|
|
|
10. Simplify code and fix all warnings in driver.
|
|
generate secure random bytes
|
|
We always using Unicode functions to interact with UI. We convert UTF8 string to UTF16 and vis-versa.
Overwrite input string instead of using resize that caused old test to remain.
Fix case of readOnly by using correct message.
change position of OK/cancel button to match other dialogs.
Activate translation on this dialog.
|
|
with ERROR_INVALID_FUNCTION
Proposed by @kriegste on https://github.com/veracrypt/VeraCrypt/issues/360
|
|
not defined.
we now report that EFI is not support only when GetFirmwareEnvironmentVariable fails with error ERROR_INVALID_FUNCTION.
Proposed by @kriegste on https://github.com/veracrypt/VeraCrypt/issues/360
|
|
|
|
Visual Studio 2019
We also enable Control Flow Guard and Spectre Mitigation
|
|
removed instead
This started to cause issues after latest changes to disable privileges when they are no more needed.
Because of the bug, the privileges could not be enabled again because they were wrongly removed.
|
|
|
|
left from old versions. Increment version to 1.26.15.
|
|
|
|
changing password of volumes
|
|
Language.xx-yy.xml format)
|
|
|
