Firewall: Diagnostics: States - replacement of SanitizeFilter() seems to have killed our state network lookup, strings should be safe to pass here, closes https://github.com/opnsense/core/issues/9876
Attributor: Avoid calling identifyDefaultAbstractAttributes on declarations (#182663)
Previously it would be called and inserted into a visited map,
but would never be used. This could possibly go one step further
and never add declarations to the SetVector of Functions. If I try
that, only one call graph printing test fails.
py-lxml-html-clean: updated to 0.4.4
0.4.4 (2026-02-26)
Bugs fixed
* Fixed a bug where Unicode escapes in CSS were not properly decoded
before security checks. This prevents attackers from bypassing filters
using escape sequences.
* Fixed a security issue where ``<base>`` tags could be used for URL
hijacking attacks. The ``<base>`` tag is now automatically removed
whenever the ``<head>`` tag is removed (via ``page_structure=True``
or manual configuration), as ``<base>`` must be inside ``<head>``
according to HTML specifications.
[clang-repl] fix CleanUpPTU by removing decl according to C implicitly FuncitonDecl. (#178648)
fix #171440
---------
Co-authored-by: Vassil Vassilev <v.g.vassilev at gmail.com>
[mlir][IR] Generalize `DenseElementsAttr` to custom element types (#183920)
`DenseElementsAttr` supports only a hard-coded list of element types:
`int`, `index`, `float`, `complex`. This commit generalizes the
`DenseElementsAttr` infrastructure: it now supports arbitrary element
types, as long as they implement the new `DenseElementTypeInterface`.
The `DenseElementTypeInterface` has the following helper functions:
- `getDenseElementBitSize`: Query the size of an element in bits. (When
storing an element in memory, each element is padded to a full byte.
This is an existing limitation of the `DenseElementsAttr`; with an
exception for `i1`.)
- `convertToAttribute`: Attribute factory / deserializer. Converts bytes
into an MLIR attribute. The attribute provides the assembly format /
printer for a single element.
- `convertFromAttribute`: Serializer. Converts an MLIR attribute into
bytes.
Note: `convertToAttribute` / `convertFromAttribute` are mainly for
[26 lines not shown]
mail/postfix: update to 3.10.8
3.10.8 (2026-02-19)
Fixes for all supported Postfix releases:
* Improved Milter error handling for messages that arrive over a
long-lived SMTP connection, by changing the default
milter_default_action from "tempfail" to the new "shutdown"
action (i.e. disconnect the remote SMTP client).
The problem was that after a single Milter error, Postfix could
tempfail all messages that the client sends over a long-lived
connection, even if the Milter error was only temporary. This
problem was reported by Ankit Kulkarni.
* Bugfix (defect introduced: Postfix 2.11): "posttls-finger -v
-v -v" terminated with a panic, caused by recursive logging.
Reported by Geert Hendrickx, diagnosed by Viktor Dukhovni, and
fixed by Wietse.
