Changes between v2.41.3 and v2.41.4
--------------------------------------------

commit e147e16fa9a9d3b3ad5968bf42280966ac3a8529
Author: Karel Zak <kzak@redhat.com>
Date:   Wed Apr 1 11:23:10 2026 +0200

    build-sys: update release dates
    
    Signed-off-by: Karel Zak <kzak@redhat.com>

 NEWS         | 2 +-
 configure.ac | 2 +-
 meson.build  | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

commit 153ab7556d2182ac88265360f415b983c41eb20b
Author: Karel Zak <kzak@redhat.com>
Date:   Wed Apr 1 11:23:02 2026 +0200

    docs: update v2.41.4-ReleaseNotes
    
    Signed-off-by: Karel Zak <kzak@redhat.com>

 Documentation/releases/v2.41.4-ReleaseNotes | 40 +++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)

commit 0bd8541bc6bc3b084714bbb09ce8198c95f7819b
Author: Karel Zak <kzak@redhat.com>
Date:   Wed Apr 1 11:05:26 2026 +0200

    tools: update git-version-next from master
    
    Signed-off-by: Karel Zak <kzak@redhat.com>

 tools/git-version-next | 61 +++++++++++++++++++++++++++++---------------------
 1 file changed, 35 insertions(+), 26 deletions(-)

commit 75a23a2de153996069ad930e306075fafa1c77b6
Author: Karel Zak <kzak@redhat.com>
Date:   Wed Mar 25 11:54:42 2026 +0100

    libfdisk: dos: validate EBR link within extended partition bounds
    
    The read_extended() function follows EBR chain links without checking
    that the target offset falls within the master extended partition.
    A malformed EBR link can point outside the extended area.
    
    Add a bounds check before read_pte() to stop the chain walk when the
    next EBR offset is outside [ext_start, ext_end]. This is self-defense
    during parsing; it does not restrict what the user can create.
    
    Signed-off-by: Karel Zak <kzak@redhat.com>
    (cherry picked from commit 699d086fa5f24651b375e5909c27e14a16ceb4b9)

 libfdisk/src/dos.c | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

commit 05c2dbadf34cc74192287f377904afaaf4061623
Author: Karel Zak <kzak@redhat.com>
Date:   Wed Mar 25 11:54:28 2026 +0100

    libblkid: dos: validate EBR data and links within extended partition
    
    The parse_dos_extended() function processes EBR (Extended Boot Record)
    chains, but does not properly validate that partitions and links stay
    within the master extended partition area [ex_start, ex_start+ex_size).
    
    For EBR data partitions at index 0 and 1, there are no bounds checks
    at all, unlike entries at index 2 and 3. This allows a crafted disk
    image to register partitions at arbitrary sectors via uint32_t overflow
    in the abs_start calculation (cur_start + start wraps to a small value).
    
    Fix by:
     - using 64-bit arithmetic for the abs_start calculation to avoid
       uint32_t wraparound
     - applying the extended partition area bounds check to all EBR data
       entries, not just index >= 2
     - validating EBR link targets stay within the extended area and
       advance forward (preventing backward links that could loop)
    
    Reported-by: Michele Piccinni <piccinni.michele@gmail.com>
    Signed-off-by: Karel Zak <kzak@redhat.com>
    (cherry picked from commit e9d544d013267ea86b70ee8ff78abd280e6641af)

 libblkid/src/partitions/dos.c | 38 ++++++++++++++++++++++++++++++--------
 1 file changed, 30 insertions(+), 8 deletions(-)

commit f55f9906b4f6eeb2b4a4120317df9de935253c10
Author: Karel Zak <kzak@redhat.com>
Date:   Thu Feb 19 13:59:46 2026 +0100

    loopdev: add LOOPDEV_FL_NOFOLLOW to prevent symlink attacks
    
    Add a new LOOPDEV_FL_NOFOLLOW flag for loop device context that
    prevents symlink following in both path canonicalization and file open.
    
    When set:
    - loopcxt_set_backing_file() uses strdup() instead of
      ul_canonicalize_path() (which calls realpath() and follows symlinks)
    - loopcxt_setup_device() adds O_NOFOLLOW to open() flags
    
    The flag is set for non-root (restricted) mount operations in
    libmount's loop device hook. This prevents a TOCTOU race condition
    where an attacker could replace the backing file (specified in
    /etc/fstab) with a symlink to an arbitrary root-owned file between
    path resolution and open().
    
    Vulnerable Code Flow:
    
      mount /mnt/point (non-root, SUID)
        mount.c: sanitize_paths() on user args (mountpoint only)
        mnt_context_mount()
          mnt_context_prepare_mount()
            mnt_context_apply_fstab()           <-- source path from fstab
            hooks run at MNT_STAGE_PREP_SOURCE
              hook_loopdev.c: setup_loopdev()
                backing_file = fstab source path ("/home/user/disk.img")
                loopcxt_set_backing_file()       <-- calls realpath() as ROOT
                  ul_canonicalize_path()         <-- follows symlinks!
                loopcxt_setup_device()
                  open(lc->filename, O_RDWR|O_CLOEXEC)  <-- no O_NOFOLLOW
    
    Two vulnerabilities in the path:
    
    1) loopcxt_set_backing_file() calls ul_canonicalize_path() which uses
       realpath() -- this follows symlinks as euid=0. If the attacker swaps
       the file to a symlink before this call, lc->filename becomes the
       resolved target path (e.g., /root/secret.img).
    
    2) loopcxt_setup_device() opens lc->filename without O_NOFOLLOW. Even
       if canonicalization happened correctly, the file can be swapped to a
       symlink between canonicalize and open.
    
    Addresses: https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g
    Signed-off-by: Karel Zak <kzak@redhat.com>
    (cherry picked from commit 5e390467b26a3cf3fecc04e1a0d482dff3162fc4)

 include/loopdev.h           | 3 ++-
 lib/loopdev.c               | 7 ++++++-
 libmount/src/hook_loopdev.c | 3 ++-
 3 files changed, 10 insertions(+), 3 deletions(-)

commit 9ec69c31cc973d212edec16b17fda5718503f0d8
Author: Christian Kirbach <christian.kirbach@gmail.com>
Date:   Sat Jan 24 21:42:55 2026 +0100

    Fix: Typo in disk-utils/fdisk.c

 disk-utils/fdisk.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

commit 479133958af89a2afda442e158107b465301dfbb
Author: Daan De Meyer <daan.j.demeyer@gmail.com>
Date:   Wed Nov 26 15:08:25 2025 +0100

    blkid: Drop const from blkid_partitions_get_name()
    
    const for idx is useless as the value is copied anyway, so drop the
    const. AFAIK this doesn't change ABI.
    
    (cherry picked from commit b243de928aab8565e264f4af1d776cc860689f64)

 libblkid/src/blkid.h.in              | 2 +-
 libblkid/src/partitions/partitions.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

commit 718e4a76dd1262ce97f83dbc0c0fe9f97564ecbb
Author: Christian Goeschel Ndjomouo <cgoesc2@wgu.edu>
Date:   Tue Jan 6 10:43:45 2026 -0500

    build-sys: (gcc) ignore -Wunused-but-set-variable for bison
    
    [kzak@redhat.com: - merge two Christian's patches to make it more portable]
    
    Signed-off-by: Christian Goeschel Ndjomouo <cgoesc2@wgu.edu>
    Signed-off-by: Karel Zak <kzak@redhat.com>
    (cherry picked from commit db9047892a45c06bceb5768e7bb8c887289b9859)

 libsmartcols/src/filter-parser.y | 11 +++++++----
 sys-utils/hwclock-parse-date.y   | 11 +++++++----
 2 files changed, 14 insertions(+), 8 deletions(-)

commit 4c22d17cc6d0917582b6c28b64a3e455147106ce
Author: Alyssa Ross <hi@alyssa.is>
Date:   Thu May 1 09:58:06 2025 +0200

    bits: only build when cpu_set_t is available
    
    Doesn't build on macOS.
    
    Fixes: 6e1301d59 ("text-utils: add bits command")
    Signed-off-by: Alyssa Ross <hi@alyssa.is>
    (cherry picked from commit 45f943a4b36f59814cf5a735e4975f2252afac26)

 configure.ac | 6 +++++-
 meson.build  | 2 +-
 2 files changed, 6 insertions(+), 2 deletions(-)