v0.12.3 — Security & correctness bug fixes (33 bugs)

CRITICAL: 10 data race and security fixes — backup.go mutex coverage
(C1-C4), IsSystemDisk 12-bit major/minor (C5), /dev/ path validation
(C6), extractName traversal (C7), TargetPath/DestinationPath against
registered paths (C8-C9), ParseComposeHDDMounts Clean-before-prefix (C10).

HIGH: 17 logic/resource fixes — ValidateDump bufio.Scanner (H1), single
appDirSize() with 30s timeout (H2/H3), snapshot ID regex (H4), cross-drive
restic prune (H5), temp file order (H6), dirSizeBytes errors (H7), atomic
fstab (H8), IsDeviceMounted suffix check (H9), eMMC partition mapping (H10),
bytesCopied mutex (H11), separator-aware migrate prefix (H13), DeleteStack
error on compose-down (H14), docker 60s timeout (H16), NotificationPrefs
deep-copy (H17), wipefs warning (H18), fstab rollback on mount fail (H19).

MEDIUM: 7 code quality fixes — formatBytes dedup (M1), .tmp filter order
(M2), sizeBytes string type (M3), elapsed in message (M6), LoadLocation
fallback (M7), pathCovers separator (M10), cancelEditLabel textContent (M11).

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

controller/internal/storage/format_linux.go

@@ -36,6 +36,13 @@ func FormatAndMount(req FormatRequest, progress chan<- FormatProgress) (string,
 	if err := ValidateMountName(req.MountName); err != nil {
 		return "", fail("validating", "Érvénytelen csatlakoztatási név", err)
 	}
+	// C6: Validate DevicePath to prevent path traversal from user-supplied input.
+	if !strings.HasPrefix(req.DevicePath, "/dev/") {
+		return "", fail("validating", "Érvénytelen eszközútvonal: /dev/-vel kell kezdődnie", fmt.Errorf("invalid device path: must start with /dev/"))
+	}
+	if strings.Contains(req.DevicePath, "..") {
+		return "", fail("validating", "Érvénytelen eszközútvonal: nem tartalmazhat ..-t", fmt.Errorf("invalid device path: must not contain .."))
+	}
 	if _, err := os.Stat(HostDevicePath(req.DevicePath)); err != nil {
 		return "", fail("validating", "Az eszköz nem létezik: "+req.DevicePath, err)
 	}
@@ -70,8 +77,12 @@ func FormatAndMount(req FormatRequest, progress chan<- FormatProgress) (string,
 	partDev := req.DevicePath
 	if req.CreatePartition {
 		// Wipe existing partition table and filesystem signatures first
+		// H18: Log wipefs errors instead of silently discarding them.
 		send("partitioning", fmt.Sprintf("wipefs -a %s ...", HostDevicePath(req.DevicePath)), 12)
-		_ = exec.Command("wipefs", "-a", HostDevicePath(req.DevicePath)).Run()
+		if err := exec.Command("wipefs", "-a", HostDevicePath(req.DevicePath)).Run(); err != nil {
+			// Non-fatal: some systems don't have wipefs; continue anyway
+			send("partitioning", fmt.Sprintf("[WARN] wipefs sikertelen %s: %v (folytatás)", req.DevicePath, err), 13)
+		}
 		time.Sleep(500 * time.Millisecond)
 
 		// Create GPT with single partition spanning whole disk.
@@ -146,12 +157,16 @@ func FormatAndMount(req FormatRequest, progress chan<- FormatProgress) (string,
 	send("mounting", fmt.Sprintf("mount -t ext4 %s %s ...", HostDevicePath(partDev), mountPath), 70)
 	if out, err := exec.Command("mount", "-t", "ext4", "-o", "defaults,noatime",
 		HostDevicePath(partDev), mountPath).CombinedOutput(); err != nil {
+		// H19: Roll back fstab entry to prevent orphaned entry that hangs system on reboot.
+		_ = RemoveFstabEntry(FstabPath, uuid)
 		return "", fail("mounting", "Csatlakoztatás sikertelen: "+string(out), err)
 	}
 
 	// Verify mount actually worked (don't just trust exit code)
 	verifyOut, verifyErr := exec.Command("findmnt", "-n", "-o", "SOURCE", "--target", mountPath).Output()
 	if verifyErr != nil || strings.TrimSpace(string(verifyOut)) == "" {
+		// H19: Also roll back fstab if mount verify fails.
+		_ = RemoveFstabEntry(FstabPath, uuid)
 		return "", fail("mounting", "A csatlakoztatás nem ellenőrizhető: mount sikerült, de a meghajtó nem látható",
 			fmt.Errorf("mount point %s not found after mount", mountPath))
 	}