fix(security): audit remediation across builder, extraction, CI, and release verification

[flexiondotorg]

• CI workflows (go-release.yml, ffmpeg-release.yml, ffmpeg-test.yml): prevent GitHub Actions script injection via env: expansions; reduce GITHUB_TOKEN scope
• internal/pathsafe, internal/archiveextract: enforce extraction resource caps (entry count, aggregate bytes) to prevent unbounded allocation (CWE-770)
• internal/builder/digests.go: add SHA-256 manifest for ~20 build dependencies; verification on both cache hit and fresh download (CWE-494); add --update-digests bootstrap mode
• lib/fetch.go: remove FFMPEG_STATIGO_ALLOW_UNVERIFIED bypass; enforce verification unconditionally (CWE-345)
• parseutils.go: NULL-terminate tag table in AVCodecGetTag2 (CWE-665)
• go.mod: bump golang.org/x/sys to v0.45.0 and go directive to 1.26.3 (CWE-1395, CWE-770)
• AGENTS.md, docs/DEVELOPMENT.md, README.md: document security considerations and bootstrap workflows
• Test coverage added for all hardened paths

Addresses CWE-94, CWE-78 (CI injection), CWE-345, CWE-494, CWE-665, CWE-770, CWE-1395.

[cubic-dev-ai]

1 issue found across 20 files

Confidence score: 3/5

• There is a concrete regression risk in internal/builder/main.go: updateDigestsMode accepts ctx context.Context but discards it, so cancellation/interrupt signals are not honored during --update-digests.
• Because this is severity 6/10 with high confidence (9/10) and affects runtime behavior (Ctrl+C/SIGTERM handling), the PR carries some user-facing operational risk rather than being purely cosmetic.
• Pay close attention to internal/builder/main.go - restore context propagation so long-running digest updates can be interrupted cleanly.

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="internal/builder/main.go">

<violation number="1" location="internal/builder/main.go:201">
P2: updateDigestsMode accepts `ctx context.Context` but immediately discards it (`_ = ctx`), breaking the interrupt/cancellation contract. Ctrl+C or SIGTERM during `--update-digests` will be silently ignored — downloads continue and the process cannot be interrupted. The remaining builder paths respect cancellation via this same `ctx`; this mode should too.</violation>
</file>

<sub>Reply with feedback, questions, or to request a fix.

Re-trigger cubic</sub>

[cubic-dev-ai]

P2: updateDigestsMode accepts ctx context.Context but immediately discards it (_ = ctx), breaking the interrupt/cancellation contract. Ctrl+C or SIGTERM during --update-digests will be silently ignored — downloads continue and the process cannot be interrupted. The remaining builder paths respect cancellation via this same ctx; this mode should too.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At internal/builder/main.go, line 201:

<comment>updateDigestsMode accepts `ctx context.Context` but immediately discards it (`_ = ctx`), breaking the interrupt/cancellation contract. Ctrl+C or SIGTERM during `--update-digests` will be silently ignored — downloads continue and the process cannot be interrupted. The remaining builder paths respect cancellation via this same `ctx`; this mode should too.</comment>

<file context>
@@ -178,6 +193,52 @@ func run() error {
+// trust-on-first-use bootstrap; run it once in a trusted environment, verify the
+// printed digests against upstream-published checksums, then paste the entries
+// into internal/builder/digests.go and commit.
+func updateDigestsMode(ctx context.Context, buildRoot string, libs []*Library) error {
+	_ = ctx // grab download is not yet context-aware; retained for signature parity
+
</file context>