Skip to content

Fix 1856#1857

Merged
oberstet merged 2 commits into
crossbario:masterfrom
oberstet:fix_1856
Jun 16, 2026
Merged

Fix 1856#1857
oberstet merged 2 commits into
crossbario:masterfrom
oberstet:fix_1856

Conversation

@oberstet

@oberstet oberstet commented Jun 16, 2026

Copy link
Copy Markdown
Contributor

fixes #1856

oberstet added 2 commits June 16, 2026 10:45
@oberstet
started new dev branch; added audit file
5f59c64
@oberstet
Sync .cicd security fix and harden hatch_build against silent CFFI de…
4c7c609 
…gradation (crossbario#1856)

Carry over two release-readiness items from the zlmdb 26.6.1 release:

- Bump .cicd (wamp-cicd) 8f520a9 -> f77ca2b to pick up the script/shell
  injection fix in the shared identifiers.yml reusable workflow
  (GHSA-6658-6vq6-hjpr): untrusted GitHub event fields are passed via env:
  as quoted data with a fail-closed branch-name allowlist.

- hatch_build.py: fail the wheel build hard when NVX was requested
  (AUTOBAHN_USE_NVX) but the CFFI extension did not compile, instead of
  silently emitting a structurally-valid-but-unintended py3-none-any wheel.
  A transient native-compile crash (e.g. gcc SIGSEGV under QEMU ARM64
  emulation) now aborts with a non-zero exit so CI can retry it. Unlike
  zlmdb's mandatory LMDB extension, autobahn's NVX is optional (pure-Python
  fallback), so AUTOBAHN_USE_NVX=0 still yields a legitimate pure-Python
  wheel.

Note: This work was completed with AI assistance (Claude Code).
@oberstet oberstet merged commit c7e7f26 into crossbario:master Jun 16, 2026
33 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[BUG] Sync .cicd security fix and harden hatch_build.py against silent CFFI build degradation (release-readiness for 26.6.1)

1 participant

@oberstet