Allow reproducible makeself finalization to run with Python 2.6+ or Python 3 by avoiding Python 3-only syntax and probing python3, python, then python2.
Return a structured internal result for favorite mount batches instead of combining a BOOL return value with optional out parameters.
Keep the public MountFavoriteVolumes API unchanged and preserve favorite-on-arrival cancellation and drive-letter handling semantics.
Add a cancel callback and batch abort flag so auto-mount-all stops after dialog cancellation.
Mark MountVolume ERR_USER_ABORT with ERROR_CANCELLED so external /cancelmount also stops the scan.
Add a root-driver abort IOCTL that bypasses the mount control mutex and sets cooperative KDF abort flags for the active mount.
Restrict abort requests to privileged callers or to the user that initiated the pending mount, and retry early wait-dialog cancel requests until the driver has registered the cancellable mount context.
Wire the wait dialog Cancel button to send the abort request through a fresh driver handle, and propagate ERR_USER_ABORT through header/cache processing.
Add a /cancelmount command-line switch that sends the same abort request without displaying UI, so users can cancel hidden-wait-dialog mount operations from another process.
Run the install(SCRIPT) mtime/mode clamp for every CPack generator instead of
only the DEB branch, so the RPM payload staging tree is normalised the same way
before rpmbuild sees it. Payload file timestamps and permissions are therefore
reproducible on any rpm version.
For the RPM header, set the spec %defines that pin BuildTime to
SOURCE_DATE_EPOCH (use_source_date_epoch_as_buildtime, which consumes the
exported environment variable) and BuildHost to a fixed value (_buildhost), and
clamp payload mtimes through both the legacy clamp_mtime_to_source_date_epoch
macro and its modern build_mtime_policy replacement. source_date_epoch_from_changelog
is disabled so CPack's placeholder changelog date cannot hijack the epoch.
These macros only exist on rpm >= 4.14 (buildtime/mtime) and >= 4.18
(buildhost). To make the two header fields reproducible on older rpm as well
(CentOS/RHEL 7, rpm < 4.14), add a small libc-interposition shim
(Build/Tools/repro_buildstamp.c) that pins time() and the build hostname,
LD_PRELOAD'ed onto cpack's rpmbuild child by the RPM packaging wrappers. The
shim calls the real uname() and overwrites only nodename, leaving architecture
detection intact, never overrides monotonic clocks, and defers to the real
time() when SOURCE_DATE_EPOCH is unset so a missing epoch is a no-op rather than
a frozen 1970 clock. It is enabled only after it compiles and loads cleanly;
otherwise packaging proceeds without it, because a preload that fails to load
would emit an ld.so error that rpm's check-buildroot script turns into a fatal
%install error.
Derive and export SOURCE_DATE_EPOCH in the rpm and openSUSE wrappers the same
way the deb wrapper already does, mark both wrappers executable, and note in the
README that .deb and .rpm packages are reproducible including on older rpm.
Keep caller-provided SOURCE_DATE_EPOCH authoritative and derive the automatic default through a shared helper used by the Makefile, direct CMake/CPack packaging, and the deb packaging wrapper.
When repository metadata is available, use the HEAD commit timestamp without relying on git -C. Resolve the source root before probing Git so symlinked source paths still use the checkout HEAD. For source tarballs without .git, derive the fallback timestamp from the release date encoded in Common/Tcdefs.h instead of the stale 2020-01-01 constant.
Add TC_RELEASE_DATE_DAY and validate it together with TC_RELEASE_DATE_YEAR, TC_RELEASE_DATE_MONTH, and TC_STR_RELEASE_DATE. Abort when no valid timestamp can be derived.
For direct CMake invocation, initialize SOURCEPATH when the wrapper has not provided it, use the shared helper for derivation, validate the result, and export it for package targets. Also persist the configured epoch through CPACK_PROJECT_CONFIG_FILE so later standalone cpack --config runs export the same value before invoking package generators.
Document that automatic git-checkout builds and release-tarball builds intentionally use different epochs; release reproducers should build from the tarball or set SOURCE_DATE_EPOCH explicitly.
Add a KDF checklist to the Windows benchmark dialog while keeping all algorithms selected by default.
Filter KDF benchmark execution to the checked algorithms and silently skip when none are selected.
Reuse existing KDF localization strings and keep Language.xml unchanged.
Guard BLAKE2s x86 SIMD dispatch on compiled SSE2 intrinsic support so NOSSE2 builds do not reference missing compressor symbols.
Make Argon2 AVX2/SSE2 stubs fall back to the next available implementation instead of returning ARGON2_INCORRECT_PARAMETER when runtime CPU flags outpace build capabilities.
Emit NASM-compatible .pdata/.xdata records for the x64 table AES routines and AES-NI 32-block paths.
Describe the nonvolatile GP and XMM6-XMM15 saves so kernel stack unwinding can cross these routines reliably.
Gate the metadata on win64 output so ELF and Mach-O builds keep their existing assembly paths.
Only call the one-block assembly helper when one block remains after the three-block loop.
This prevents zero-block and multiple-of-three requests from reading and writing one extra block past the caller buffer.
Add a Twofish multiblock self-test covering block counts 0 through 9.
Align CRYPTO_INFO primary and secondary key-schedule buffers so cipher implementations can safely use word-sized schedule access on VeraCrypt-managed storage.
Keep generic Camellia direct uint64 schedule indexing. Builds that define CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS use direct 64-bit key and block byte loads/stores; memcpy is retained only for strict-alignment builds.
Require SSSE3 before using the x64 AESNI 16-way Camellia path because the assembly uses pshufb in addition to AES and AVX.
CRYPTOPP_BOOL_X64 is defined as 0 on non-x64 builds, so #ifdef made HasSSE2() and HasISSE() always true. Use #if so non-x64 builds follow runtime feature detection and DisableCPUExtendedFeatures().
Ensure SHA-256 and SHA-512 PBKDF cancellation paths restore saved extended processor state before cleanup. Remove unnecessary extended-state save/restore around BLAKE2s, which does not use AVX in the current implementation.
Hidden volumes are forced to quick format to avoid rewriting the hidden data area. Keep that behavior while skipping the file-container allocation shortcut that writes plaintext zero sectors at 128 MiB intervals.
The allocation shortcut remains enabled for non-hidden file containers; hidden containers now use only the encrypted formatter write path for sectors that are written.
Enhance build_msi_x64.bat to enumerate installed Windows Kits 10 SDK bin directories matching 10.* and select the newest x86 path that contains the MSI tools.
Keep VC_DIR_PLATFORMSDK as the first override and preserve the existing fixed SDK fallback paths for older installations.
Require MsiInfo.exe during discovery as well as msitran.exe and msidb.exe so the selected SDK path supports the final MSI metadata step.
Replace outdated Visual Studio 2010/2019 and legacy Windows SDK 7.1, WDK 7.1, and Windows 8.1 SDK guidance with the current Visual Studio 2022/v143 toolchain, Windows 10/11 SDK, and WDK requirements.
Document NASM, YASM, WiX Toolset v3.x, signtool.exe, and optional legacy BIOS bootloader tools separately. Update the build flow for x64, ARM64, Win32 setup/helper projects, and explicit Driver project builds.
Align the zh-cn and ru translated guides with the updated English content while preserving their existing translation style. Fix test certificate paths to use src/Signing/TestCertificate.
Route Linux GUI mounted-volume opens through Windows Explorer when WSL interop is available, before falling back to xdg-open and known file managers.
Detect WSL by checking for /usr/bin/wslinfo and /usr/bin/wslpath, build the target path from the WSL root UNC so /mnt/<drive> mount points stay in the WSL VFS overlay, and launch Explorer directly so the folder argument is preserved.
BMI2 support is advertised by CPUID leaf 7, subleaf 0, EBX bit 8. The previous early assignment used CPUID leaf 1 EBX bit 8, which is not the BMI2 feature bit and could leave a bogus fallback value before vendor-specific leaf 7 detection.
Keep BMI2 detection based on the leaf 7 result only. Unlike AVX2, BMI2 is GPR-only and does not require an OS/XCR0 state gate.
Also save the max basic CPUID leaf immediately after CPUID leaf 0. The AMD/Hygon path reuses the cpuid buffer for leaf 0x80000005 before checking whether leaf 7 is available, so using the saved max basic leaf prevents RDSEED, AVX2, and BMI2 detection from being skipped because that buffer was clobbered.
AVX2 support is advertised by CPUID leaf 7, subleaf 0, EBX bit 5. The previous early assignment used cpuid1[1] bit 5, which is CPUID leaf 1 EBX and is not the AVX2 feature bit.
Record the leaf 7 AVX2 bit separately and assign g_hasAVX2 only after vendor-specific detection has completed. The final value is now gated by g_hasAVX, which reflects the OS/XCR0 AVX state check, so AVX2 code is not selected unless both the CPU and OS state support it.
Move the Unmount All mnemonic away from the single-volume Unmount action in the Windows resources and affected language files. This keeps the two main actions reachable through distinct keyboard accelerators across packaged translations.
Fixes https://github.com/veracrypt/VeraCrypt/issues/1751
Ensure ESP file writes have true replace semantics even when the operation is delegated to the elevated COM helper. This prevents shorter edits of EFI\VeraCrypt\DcsProp from leaving stale bytes at the end of the file.
Also XML-escape decoded EFI boot configuration values before serializing them, preserving values containing characters such as <, > and & during EfiBootConf save/update paths.
Fixes#954.
Mount temporary ReFS volumes as fixed media, since Windows does not support ReFS on removable media. Use FMIFS_HARDDISK for the FormatEx fallback while preserving the removable-media path for NTFS and exFAT.
Also make the FormatEx DONE-with-failure status explicit and guard against a missing callback parameter.
The GUI single-instance lock was previously created through wxSingleInstanceChecker without an explicit Unix path, causing wxWidgets to place .VeraCrypt-lock-$USER directly in the user home directory.
Resolve a private lock directory before constructing wxSingleInstanceChecker. Prefer $XDG_RUNTIME_DIR/VeraCrypt, then $XDG_CACHE_HOME/VeraCrypt, then ~/.cache/VeraCrypt, and keep the previous home-directory behavior only as a final fallback if no XDG location can be used.
Update stale-lock cleanup to remove the lock from the same resolved directory, so false-positive cleanup continues to work after moving the lock out of $HOME.
Fixes https://github.com/veracrypt/VeraCrypt/issues/819
The Unix volume creation wizard applied the FAT32 sector-count limit as a blanket check for device-hosted hidden-volume outer volumes. On 512e disks Linux reports 512-byte logical sectors, so this incorrectly rejected larger device-hosted outer volumes even when the selected outer filesystem was not FAT.
Compute the actual VeraCrypt filesystem/data area size through a shared helper and apply the FAT32 size limit only when FAT is selected. This preserves correct FAT validation while allowing non-FAT outer volumes to proceed to the existing hidden-volume size estimation flow.
Update text-mode creation so FAT is not offered when the selected size cannot support it, and default to the platform native filesystem in that case. Clarify the user-facing FAT limit wording to refer to logical sector size.
Fixes#262
On macOS, the same whole disk can be addressed as both /dev/diskN and /dev/rdiskN. The GUI creation wizard only compared the selected path against the enumerated raw device path, so manually entering the block-device alias could bypass the existing DEVICE_PARTITIONS_ERR guard and allow formatting a disk that still had partitions.
Add a shared macOS device-path comparison helper that normalizes paths to their raw-device form before comparison. Use it in the GUI wizard so /dev/diskN and /dev/rdiskN are treated as the same whole-disk target while partition paths remain distinct.
Apply the same partitioned whole-device guard in the text/CLI creation path as well, including the macOS alias normalization, so command-line creation cannot format a partitioned top-level disk through an alternate device alias.
Fixes#728
Remove the remaining generated-form alignment flag that wxWidgets ignores in box sizers: the language page system-default button bottom alignment combined with wxEXPAND. Preserve the Legal Notices OK button centering and keep Forms.cpp and TrueCrypt.fbp in sync.
Keep the existing global sizer consistency check suppressions in place pending additional testing.
Follow-up to issue #49.
Install a macOS-specific secure text field hotkey handler so Command-A selects the full contents of password controls when Cocoa does not route the shortcut through wxWidgets accelerators. Keep the existing wxWidgets accelerator handler for Command-V and Command-A, and recognize the standard paste/select-all IDs when they do reach the C++ event path.
Add Objective-C++ compilation support for the macOS helper and include it in the GUI target only on macOS.
Fixes https://github.com/veracrypt/VeraCrypt/issues/1567
Pass -R to newfs_exfat in both GUI and text-mode volume creation so macOS derives a fresh exFAT layout instead of preserving stale geometry from an existing exFAT boot region. This matches Finder/Disk Utility erase behavior.
Validated on Windows 11: chkdsk no longer reports boot-region corruption on volumes formatted this way.
Fixes#1021.
The volume size page populates the unit wxChoice after the generated base class has already fit the empty control. On macOS this can leave the closed choice too narrow, truncating MiB to .... Measure the localized unit labels after appending them and set a sufficient minimum width.
On Unix and macOS, the hidden volume wizard estimates the available space for non-FAT outer filesystems using statvfs(). The previous calculation used f_bsize with f_bavail, which can overstate available bytes on macOS exFAT because f_bsize may be the preferred I/O size instead of the fragment size associated with the block counts.
Use f_frsize when it is reported, fall back to f_bsize, and clamp the non-FAT estimate to the actual outer VeraCrypt data size before applying the existing 80% safety heuristic.
Also harden hidden volume creation in both the cross-platform VolumeCreator path and the Windows/common formatting path by rejecting sizes that would exceed the hidden host data area and overlap volume header space.
Fixes#1037
Mounir IDRASSI
VastBlast
Ganeron11
nkh0472
Patriccollu
Mounir IDRASSI