Recent Commits to VeraCrypt:master

31/01/2025 19:18

refactor: use the term unmount instead of dismount (#1478)

refactor: use the term unmount instead of dismount (#1478)

* refactor: use UNMOUNT instead of DISMOUNT in code

This change updates the term DISMOUNT in constants to UNMOUNT.
Other occurrences (e.g. variable names) are left alone for now.

* refactor(ui): use unmount instead of dismount

This change updates the GUI text and replaces dismount with unmount.

* docs: update term dismount -> unmount

* refactor(cmdline): add unmount

This change adds an argument 'unmount' for command line usage, while
trying to deprecate the old disnount argument.
The current dismount argument/flag will still work to not introduce
a breaking change.

* docs: mention that /dismount is deprecated

This change fixes the shorthand version of the argument /unmount
It also adds back the info for /dismount and that it is deprecated.

30/01/2025 5:53

Enable AESNI only on x86 (#1479)

Enable AESNI only on x86 (#1479)

This helps building on riscv which does not have immintrin.h.

26/01/2025 17:25

Update Language.pl.xml (#1471)

p0k33m0n
```
Update Language.pl.xml (#1471)

Improved formatting.
```
26/01/2025 12:21

Implement SHA256 acceleration on ARM64 platforms using CPU instructions

idrassi
```
Implement SHA256 acceleration on ARM64 platforms using CPU instructions
```
24/01/2025 21:04

Linux: simpler and more robust approach to detect active sudo session…

idrassi
```
Linux: simpler and more robust approach to detect active sudo session (#1473)
```
24/01/2025 21:02

Translation: Update Russian translation of Release Notes (by Dmitry Y…

idrassi
```
Translation: Update Russian translation of Release Notes (by Dmitry Yerokhin)
```
23/01/2025 13:29

Fix Github action failure by moving upload-artifact to v4

idrassi
```
Fix Github action failure by moving upload-artifact to v4
```
23/01/2025 13:18

macOS: fix wxWidgets 3.2.6 assert for undefined switch use-dummy-sudo…

idrassi
```
macOS: fix wxWidgets 3.2.6 assert for undefined switch use-dummy-sudo-password (GH #1470)
```
22/01/2025 14:37

Increment version to 1.26.19. Update Release Notes.

idrassi
```
Increment version to 1.26.19. Update Release Notes.
```
22/01/2025 13:52

Update copyright date to 2025

idrassi
```
Update copyright date to 2025
```
22/01/2025 13:48

macOS: Fix regression in dismount caused by wrong umount path (#1467)

idrassi
```
macOS: Fix regression in dismount caused by wrong umount path (#1467)
```

20/01/2025 9:51

macOS: Fix packaging error due to template dmg being too small.

macOS: Fix packaging error due to template dmg being too small.

To fix it, we resized the template dmg using hdiutil resize --size 16M

20/01/2025 9:49

MacOSX: Fix erroneous preprocessor directive

idrassi
```
MacOSX: Fix erroneous preprocessor directive
```
19/01/2025 10:06

Update release notes and release date.

idrassi
```
Update release notes and release date.
```
19/01/2025 9:54

Translations: Update French translation

idrassi
```
Translations: Update French translation
```
19/01/2025 7:11

Updated translation: pt-br.

idrassi
```
Updated translation: pt-br.
```
Tags: 🇧🇷
18/01/2025 12:37

Linux: Add missing header in ARM64 build. Add .oarmv8crypto to .gitig…

idrassi
```
Linux: Add missing header in ARM64 build. Add .oarmv8crypto to .gitignore
```
17/01/2025 3:44

Update Release Notes. Set version to 1.26.18. Update signed Windows d…

idrassi
```
Update Release Notes. Set version to 1.26.18. Update signed Windows drivers.
```
16/01/2025 20:58

Windows/Linux/macOS: implement AES hardware support on ARM64 (ARMv8)

idrassi
```
Windows/Linux/macOS: implement AES hardware support on ARM64 (ARMv8)
```
14/01/2025 11:52

Update Release Notes about fixed CVEs

idrassi
```
Update Release Notes about fixed CVEs
```
14/01/2025 10:59

Translations: Update translations of newly added fields

idrassi
```
Translations: Update translations of newly added fields
```

14/01/2025 10:59

Linux/FreeBSD: Prevent mounting volumes on system directories and PAT…

Linux/FreeBSD: Prevent mounting volumes on system directories and PATH (CVE-2025-23021, reported by SivertPL @__tfr)

Added security checks to prevent mounting VeraCrypt volumes on system directories (like /usr/bin) or directories in the user's PATH, which could theoretically allow execution of malicious binaries instead of legitimate system binaries.

Key changes:
- Block mounting on protected system directories (/usr, /bin, /lib, etc.)
  This restriction cannot be overridden
- Block mounting on directories present in user's PATH environment variable
  This can be overridden with --allow-insecure-mount flag
- Add visual warnings (red border, "[INSECURE MODE]") when mounting on PATH directories is allowed
- Handle symlinks properly when checking paths
- Add new error messages for blocked mount points

To override PATH-based restrictions only (system directories remain protected):
veracrypt --allow-insecure-mount [options] volume mountpoint

Security Impact: Low to Medium
The attack requires either:
- User explicitly choosing a system directory as mount point instead of using VeraCrypt's default mount points
- Or attacker having both filesystem access to modify favorites configuration AND knowledge of the volume password
Default mount points are not affected by this vulnerability.

Security: CVE-2025-23021

Tags: ⭐️

14/01/2025 10:59

Linux/FreeBSD: Add absolute paths for system binaries to prevent path…

Linux/FreeBSD: Add absolute paths for system binaries to prevent path hijacking (CVE-2024-54187, collaboration with SivertPL @__tfr)

This commit fixes a critical security vulnerability where VeraCrypt could be tricked into executing malicious binaries with elevated privileges. The vulnerability has two severe implications:

1. When sudo's secure_path option is disabled, attackers could execute malicious binaries with root privileges by placing them in user-writable PATH directories (e.g., making "sudo mount" execute a malicious mount binary)

2. By placing a malicious sudo binary in PATH, attackers could intercept and steal the user's password when VeraCrypt prompts for sudo authentication

The vulnerability allowed attackers to place malicious binaries in user-writable directories that appear in PATH before system directories, potentially leading to privilege escalation and credential theft.

Key changes:
- Implement FindSystemBinary() to locate executables in secure system paths
- Replace all relative binary paths with absolute paths for system commands
- Add security checks for executable permissions
- Update process execution to use absolute paths for:
  * sudo
  * mount
  * fsck
  * terminal emulators
  * file managers
  * system utilities (hdiutil, mdconfig, vnconfig, lofiadm)

The fix ensures all system binaries are called using their absolute paths from secure system directories, preventing both privilege escalation through PATH manipulation and password theft through sudo hijacking.

Security: CVE-2024-54187

Tags: ⭐️

14/01/2025 8:26

Increment version to 1.26.18. Update copyright date. Update Release N…

Increment version to 1.26.18. Update copyright date. Update Release Notes. Update Windows drivers.

12/01/2025 21:02

Windows: Fix regression in Traveler Disk creation (#886)

Windows: Fix regression in Traveler Disk creation (#886)

Issue was caused by the fact that Microsoft signing certificate for driver file has changed.
We fix it by updating the SHA512 fingerprint of Microsoft code signing certificate.

11/01/2025 12:23

Linux Debian/Ubuntu: use a distro-specific version string to avoid AP…

Linux Debian/Ubuntu: use a distro-specific version string to avoid APT repository conflicts

In a Debian-style APT repository, the pool/ directory groups packages primarily by source package name and binary package name, version, architecture, etc. If two distinct .deb files have identical name and version (as seen in their control file) and same architecture, reprepro will report a conflict when adding one after the other.

So, we need to append distro-specific string to the existing version in order to avoid such conflict when creating VeraCrypt APT repository.

06/01/2025 7:50

Update donation HTML page to use new PayPal donation links

Update donation HTML page to use new PayPal donation links

We add javascript code to the page to handle dynamic selection of donation currency

06/01/2025 7:46

Windows: Add missing file entry to Zip project after libzip update

idrassi
```
Windows: Add missing file entry to Zip project after libzip update
```
01/01/2025 6:37

Windows: Update libzip to version 1.11.2

idrassi
```
Windows: Update libzip to version 1.11.2
```
01/01/2025 6:37

Windows: Update LZMA SDK to version 24.09

idrassi
```
Windows: Update LZMA SDK to version 24.09
```

← December 2024

February 2025 →