Replaced hardcoded 0x56455241 ('VERA') with TC_HEADER_MAGIC for better readability and maintainability.
Also replaced 0x5645524142455854 with TC_BOOT_DRIVE_FILTER_EXTENSION_MAGIC and added 'ULL' suffix for 64-bit safety.
This commit updates several strings in the Italian language file
based on an expert review.
The changes focus on:
- Using more idiomatic phrasing (e.g., "negazione plausibile").
- Employing standard IT terminology (e.g., "Codice di errore").
- Adjusting formality for better UX (e.g., informal commands, recommendations).
- Improving sentence structure for system messages (e.g., impersonal "si").
This patch moves away from gnome-terminal -e options which is deprecated
and subject to possibly be removed in the future. The -- option is nearly
equivalent in behaviour. Also ensures that uninstallation script has correct
privileges, adds window title to xmessage and ensures correct files are
used during installation.
The method GetNodes implementation didn't parse multiple attributes correctly and it failed with Hungarian XML because of the presence of '>' character in an attribute value.
Issue reported in https://github.com/veracrypt/VeraCrypt/pull/1516
Now we properly honor the AllowDefrag configuration.
This regression introduced other issues because, in order to allow defragmentation, we must provide Windows with an actual physical disk number. As a result, we assign the number of the physical disk where the VeraCrypt volume resides. This, in turn, causes Windows to send IOCTLs directly to this disk instead of to VeraCrypt. If these IOCTLs return values and properties not supported by VeraCrypt, inconsistencies arise, leading to failures.
- matching the phases used in Chinese Traditional Windows
- resolved conflicts introduced in 498dff9013
- minor formatting correction
- translated new entries staring from line 1459
* refactor: use UNMOUNT instead of DISMOUNT in code
This change updates the term DISMOUNT in constants to UNMOUNT.
Other occurrences (e.g. variable names) are left alone for now.
* refactor(ui): use unmount instead of dismount
This change updates the GUI text and replaces dismount with unmount.
* docs: update term dismount -> unmount
* refactor(cmdline): add unmount
This change adds an argument 'unmount' for command line usage, while
trying to deprecate the old disnount argument.
The current dismount argument/flag will still work to not introduce
a breaking change.
* docs: mention that /dismount is deprecated
This change fixes the shorthand version of the argument /unmount
It also adds back the info for /dismount and that it is deprecated.
Added security checks to prevent mounting VeraCrypt volumes on system directories (like /usr/bin) or directories in the user's PATH, which could theoretically allow execution of malicious binaries instead of legitimate system binaries.
Key changes:
- Block mounting on protected system directories (/usr, /bin, /lib, etc.)
This restriction cannot be overridden
- Block mounting on directories present in user's PATH environment variable
This can be overridden with --allow-insecure-mount flag
- Add visual warnings (red border, "[INSECURE MODE]") when mounting on PATH directories is allowed
- Handle symlinks properly when checking paths
- Add new error messages for blocked mount points
To override PATH-based restrictions only (system directories remain protected):
veracrypt --allow-insecure-mount [options] volume mountpoint
Security Impact: Low to Medium
The attack requires either:
- User explicitly choosing a system directory as mount point instead of using VeraCrypt's default mount points
- Or attacker having both filesystem access to modify favorites configuration AND knowledge of the volume password
Default mount points are not affected by this vulnerability.
Security: CVE-2025-23021
