Squashed commit of the following:
commit b256ed7fcfa5e36bfd29e08c479bd02b461b21f5
Author: Ad Schellevis <ad at opnsense.org>
Date: Sun Apr 12 14:31:54 2026 +0200
net/frr - Routing: STATIC, finish https://github.com/opnsense/plugins/pull/5390 and add diagnostics.
commit be8a53d3d2fc4a91e7834e68322dd295a41f6888
Author: Sven Scholle <sven at shelldog.de>
Date: Sat Apr 11 14:50:56 2026 +0200
net/frr: add BFD dependency support for static routes
We redistribute static routes from staticd into OSPF via WireGuard tunnels.
We want the redistribution to depend on whether the tunnel is actually up.
Since WireGuard interfaces remain up even when the tunnel is not functional, BFD appears to be the simplest solution for detecting tunnel failures.
security/wolfssl: Update to 5.9.1
Changes since 5.9.0:
To download the release bundle of wolfSSL visit the download page at
www.wolfssl.com/download/
PR stands for Pull Request, and PR references a GitHub pull request
number where the code change was added.
NOTE: --enable-heapmath is deprecated.
NOTE: MD5 is now disabled by default.
Vulnerabilities
* [Critical CVE-2026-5194] Missing hash/digest size and OID checks
allow digests smaller than allowed by FIPS 186-4 or 186-5, or
smaller than appropriate for the relevant key type, to be accepted
by signature verification functions. Affects ECDSA/ECC, DSA, ML-DSA,
[249 lines not shown]
security/wolfssl: Update to 5.9.1
Changes since 5.9.0:
To download the release bundle of wolfSSL visit the download page at
www.wolfssl.com/download/
PR stands for Pull Request, and PR references a GitHub pull request
number where the code change was added.
NOTE: --enable-heapmath is deprecated.
NOTE: MD5 is now disabled by default.
Vulnerabilities
* [Critical CVE-2026-5194] Missing hash/digest size and OID checks
allow digests smaller than allowed by FIPS 186-4 or 186-5, or
smaller than appropriate for the relevant key type, to be accepted
by signature verification functions. Affects ECDSA/ECC, DSA, ML-DSA,
[249 lines not shown]
[X86] Convert VPABSQ NonVLX patterns to use avx512_unary_lowering helper (#191648)
Move avx512_unary_lowering so we can avoid manually writing the XMM/YMM->ZMM widening for NonVLX targets
Adds some missing comments for instruction classes as well
security/wolfssl: Update to 5.9.1
Changes since 5.9.0:
To download the release bundle of wolfSSL visit the download page at
www.wolfssl.com/download/
PR stands for Pull Request, and PR references a GitHub pull request
number where the code change was added.
NOTE: --enable-heapmath is deprecated.
NOTE: MD5 is now disabled by default.
Vulnerabilities
* [Critical CVE-2026-5194] Missing hash/digest size and OID checks
allow digests smaller than allowed by FIPS 186-4 or 186-5, or
smaller than appropriate for the relevant key type, to be accepted
by signature verification functions. Affects ECDSA/ECC, DSA, ML-DSA,
[246 lines not shown]
audio/fasttracker2: Update to 2.15
Changes since 2.14:
v2.15 - 09.04.2026
* BPM and voice/channel pitches are now tuned to better match original
FT2.08/FT2.09 with an SB16 sound card at max audio output rate (44000Hz).
* Added a new "Precise BPM" option in Config -> Audio for users who prefer
precise BPM over FT2 accuracy.
* Updated the help text to better reflect the (default) FT2 BPM mode.
* It is now possible to select a rate below 44100Hz when rendering a song
to WAV.
v2.14 - 05.04.2026
* The volume and panning envelopes now behave exactly like FT2 in special
cases.
* Various audio changes to better match FT2 behavior.
* New higher-quality FT2 logo in the about screen.