diff --git a/srcpkgs/sequoia-chameleon-gnupg/patches/fix-tests.patch b/srcpkgs/sequoia-chameleon-gnupg/patches/fix-tests.patch new file mode 100644 index 00000000000000..ceb35a13163785 --- /dev/null +++ b/srcpkgs/sequoia-chameleon-gnupg/patches/fix-tests.patch @@ -0,0 +1,71 @@ +From 90e370fef788980e49aa807ac28531264bb9f404 Mon Sep 17 00:00:00 2001 +From: Malte Meiboom +Date: Fri, 20 Feb 2026 13:50:40 +0100 +Subject: [PATCH] Fix missing time corrections + +- `gpg-sq` can set a fake system time via `--faked-system-time`. +- Fixed some occurrences where `None` was used as time instead of the + passed fake time. +- fixes: #156 +--- + src/decrypt.rs | 2 +- + src/generate_key.rs | 2 +- + src/gpg.rs | 2 +- + tests/gpg/decrypt.rs | 2 +- + 4 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/decrypt.rs b/src/decrypt.rs +index 2749532..d722389 100644 +--- a/src/decrypt.rs ++++ b/src/decrypt.rs +@@ -715,7 +715,7 @@ impl<'a, 'store> DHelper<'a, 'store> { + .filter_map(|cert| cert.to_cert().ok().cloned()) + { + if let Some(key) = cert.keys() +- .with_policy(&self.config.de_vs_producer, None) ++ .with_policy(&self.config.de_vs_producer, self.config.now()) + .key_handle(recipient.clone()).next() + { + compliant = compliant && +diff --git a/src/generate_key.rs b/src/generate_key.rs +index 85e41b4..5dd42f9 100644 +--- a/src/generate_key.rs ++++ b/src/generate_key.rs +@@ -280,7 +280,7 @@ async fn real_cmd_quick_add_key(config: &mut crate::Config<'_>, args: &[String]) + all_expired_or_revoked: false, + })?; + +- let vcert = cert.with_policy(config.policy(), None)?; ++ let vcert = cert.with_policy(config.policy(), config.now())?; + let mut primary_signer = + config.get_signer(&vcert, cert.primary_key().role_as_unspecified()).await?; + +diff --git a/src/gpg.rs b/src/gpg.rs +index 81d5353..b4e4d38 100644 +--- a/src/gpg.rs ++++ b/src/gpg.rs +@@ -721,7 +721,7 @@ impl<'store> Config<'store> { + all_expired_or_revoked: false, + })?; + +- if let Ok(vcert) = cert.with_policy(self.policy(), None) { ++ if let Ok(vcert) = cert.with_policy(self.policy(), self.now()) { + for sk in vcert.keys().key_flags(&flags).alive() + .revoked(false) + { +diff --git a/tests/gpg/decrypt.rs b/tests/gpg/decrypt.rs +index 3fefe95..a34f693 100644 +--- a/tests/gpg/decrypt.rs ++++ b/tests/gpg/decrypt.rs +@@ -489,7 +489,7 @@ fn encrypt_for(recipient_certs: &[&Cert]) -> Result> { + // Make sure we add at least one subkey from every + // certificate. + let mut found_one = false; +- for key in cert.keys().with_policy(p, None) ++ for key in cert.keys().with_policy(p, Experiment::now()) + .supported().alive().revoked(false).for_transport_encryption() + { + recipients.push(key); +-- +GitLab + diff --git a/srcpkgs/sequoia-chameleon-gnupg/template b/srcpkgs/sequoia-chameleon-gnupg/template index e3bff9ca826f3a..76ff2b2b747efc 100644 --- a/srcpkgs/sequoia-chameleon-gnupg/template +++ b/srcpkgs/sequoia-chameleon-gnupg/template @@ -1,7 +1,7 @@ # Template file for 'sequoia-chameleon-gnupg' pkgname=sequoia-chameleon-gnupg version=0.13.1 -revision=3 +revision=4 build_style=cargo hostmakedepends="pkg-config llvm clang" makedepends="nettle-devel openssl-devel sqlite-devel bzip2-devel" @@ -25,6 +25,9 @@ post_patch() { # fix CVE-2026-42783 and CVE-2026-42784 cargo update --package sequoia-openpgp@2.0.0 --precise 2.3.0 cargo update --package sequoia-policy-config@0.8.0 --precise 0.8.1 + # fix several vulnerabilities + vsed -i -e '/sequoia-wot/s/0\.14/0\.15/' Cargo.toml + cargo update --package sequoia-wot@0.14.0 --precise 0.15.2 } pre_build() { diff --git a/srcpkgs/sequoia-octopus-librnp/template b/srcpkgs/sequoia-octopus-librnp/template index 053648429b3740..3cbb635e7fb95f 100644 --- a/srcpkgs/sequoia-octopus-librnp/template +++ b/srcpkgs/sequoia-octopus-librnp/template @@ -1,7 +1,7 @@ # Template file for 'sequoia-octopus-librnp' pkgname=sequoia-octopus-librnp version=1.11.1 -revision=3 +revision=4 archs="~arm*" # no thunderbird build_style=cargo configure_args="--no-default-features --features crypto-openssl" @@ -23,6 +23,9 @@ post_patch() { # fix CVE-2026-42783 and CVE-2026-42784 cargo update --package sequoia-openpgp@2.0.0 --precise 2.3.0 cargo update --package sequoia-policy-config@0.8.0 --precise 0.8.1 + # fix several vulnerabilities + vsed -i -e '/sequoia-wot/s/0\.14/0\.15/' Cargo.toml + cargo update --package sequoia-wot@0.14.0 --precise 0.15.2 } do_install() { diff --git a/srcpkgs/sequoia-sop/template b/srcpkgs/sequoia-sop/template index eb6ee3c0a90473..a8dcdd4b88618e 100644 --- a/srcpkgs/sequoia-sop/template +++ b/srcpkgs/sequoia-sop/template @@ -1,7 +1,7 @@ # Template file for 'sequoia-sop' pkgname=sequoia-sop version=0.37.3 -revision=2 +revision=3 build_style=cargo configure_args="--bin sqop --no-default-features --features cli,sequoia-openpgp/compression,sequoia-openpgp/crypto-openssl" @@ -20,6 +20,9 @@ post_patch() { cargo update --package cc:1.2.45 --precise 1.2.14 # fix CVE-2026-42783 and CVE-2026-42784 cargo update --package sequoia-openpgp@2.1.0 --precise 2.3.0 + # fix several vulnerabilities + vsed -i -e '/sequoia-wot/s/0\.14/0\.15/' Cargo.toml + cargo update --package sequoia-wot@0.14.0 --precise 0.15.2 } diff --git a/srcpkgs/sequoia-sq/template b/srcpkgs/sequoia-sq/template index 7e38ae03354caa..1d8b17aeb4137d 100644 --- a/srcpkgs/sequoia-sq/template +++ b/srcpkgs/sequoia-sq/template @@ -1,7 +1,7 @@ # Template file for 'sequoia-sq' pkgname=sequoia-sq version=1.3.1 -revision=3 +revision=4 build_style=cargo build_helper=qemu configure_args="--no-default-features --features crypto-openssl" @@ -23,6 +23,9 @@ post_patch() { # fix CVE-2026-42783 and CVE-2026-42784 cargo update --package sequoia-openpgp@2.0.0 --precise 2.3.0 cargo update --package sequoia-policy-config@0.8.0 --precise 0.8.1 + # fix several vulnerabilities + vsed -i -e '/sequoia-wot/s/0\.14/0\.15/' Cargo.toml + cargo update --package sequoia-wot@0.14.0 --precise 0.15.2 } pre_build() {