void-linux · classabbyamp · May 27, 2026 · May 27, 2026 · May 27, 2026 · May 27, 2026
diff --git a/srcpkgs/sequoia-chameleon-gnupg/patches/fix-tests.patch b/srcpkgs/sequoia-chameleon-gnupg/patches/fix-tests.patch
@@ -0,0 +1,71 @@
+From 90e370fef788980e49aa807ac28531264bb9f404 Mon Sep 17 00:00:00 2001
+From: Malte Meiboom <malte@sequoia-pgp.org>
+Date: Fri, 20 Feb 2026 13:50:40 +0100
+Subject: [PATCH] Fix missing time corrections
+
+- `gpg-sq` can set a fake system time via `--faked-system-time`.
+- Fixed some occurrences where `None` was used as time instead of the
+  passed fake time.
+- fixes: #156
+---
+ src/decrypt.rs       | 2 +-
+ src/generate_key.rs  | 2 +-
+ src/gpg.rs           | 2 +-
+ tests/gpg/decrypt.rs | 2 +-
+ 4 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/decrypt.rs b/src/decrypt.rs
+index 2749532..d722389 100644
+--- a/src/decrypt.rs
++++ b/src/decrypt.rs
+@@ -715,7 +715,7 @@ impl<'a, 'store> DHelper<'a, 'store> {
+                         .filter_map(|cert| cert.to_cert().ok().cloned())
+                     {
+                         if let Some(key) = cert.keys()
+-                            .with_policy(&self.config.de_vs_producer, None)
++                            .with_policy(&self.config.de_vs_producer, self.config.now())
+                             .key_handle(recipient.clone()).next()
+                         {
+                             compliant = compliant &&
+diff --git a/src/generate_key.rs b/src/generate_key.rs
+index 85e41b4..5dd42f9 100644
+--- a/src/generate_key.rs
++++ b/src/generate_key.rs
+@@ -280,7 +280,7 @@ async fn real_cmd_quick_add_key(config: &mut crate::Config<'_>, args: &[String])
+             all_expired_or_revoked: false,
+         })?;
+
+-    let vcert = cert.with_policy(config.policy(), None)?;
++    let vcert = cert.with_policy(config.policy(), config.now())?;
+     let mut primary_signer =
+         config.get_signer(&vcert, cert.primary_key().role_as_unspecified()).await?;
+
+diff --git a/src/gpg.rs b/src/gpg.rs
+index 81d5353..b4e4d38 100644
+--- a/src/gpg.rs
++++ b/src/gpg.rs
+@@ -721,7 +721,7 @@ impl<'store> Config<'store> {
+                             all_expired_or_revoked: false,
+                         })?;
+
+-                    if let Ok(vcert) = cert.with_policy(self.policy(), None) {
++                    if let Ok(vcert) = cert.with_policy(self.policy(), self.now()) {
+                         for sk in vcert.keys().key_flags(&flags).alive()
+                             .revoked(false)
+                         {
+diff --git a/tests/gpg/decrypt.rs b/tests/gpg/decrypt.rs
+index 3fefe95..a34f693 100644
+--- a/tests/gpg/decrypt.rs
++++ b/tests/gpg/decrypt.rs
+@@ -489,7 +489,7 @@ fn encrypt_for(recipient_certs: &[&Cert]) -> Result<Vec<u8>> {
+         // Make sure we add at least one subkey from every
+         // certificate.
+         let mut found_one = false;
+-        for key in cert.keys().with_policy(p, None)
++        for key in cert.keys().with_policy(p, Experiment::now())
+             .supported().alive().revoked(false).for_transport_encryption()
+         {
+             recipients.push(key);
+-- 
+GitLab
+
diff --git a/srcpkgs/sequoia-chameleon-gnupg/template b/srcpkgs/sequoia-chameleon-gnupg/template
@@ -1,7 +1,7 @@
 # Template file for 'sequoia-chameleon-gnupg'
 pkgname=sequoia-chameleon-gnupg
 version=0.13.1
-revision=3
+revision=4
 build_style=cargo
 hostmakedepends="pkg-config llvm clang"
 makedepends="nettle-devel openssl-devel sqlite-devel bzip2-devel"
@@ -25,6 +25,9 @@ post_patch() {
 	# fix CVE-2026-42783 and CVE-2026-42784
 	cargo update --package sequoia-openpgp@2.0.0 --precise 2.3.0
 	cargo update --package sequoia-policy-config@0.8.0 --precise 0.8.1
+	# fix several vulnerabilities
+	vsed -i -e '/sequoia-wot/s/0\.14/0\.15/' Cargo.toml
+	cargo update --package sequoia-wot@0.14.0 --precise 0.15.2
 }
 
 pre_build() {

diff --git a/srcpkgs/sequoia-octopus-librnp/template b/srcpkgs/sequoia-octopus-librnp/template
@@ -1,7 +1,7 @@
 # Template file for 'sequoia-octopus-librnp'
 pkgname=sequoia-octopus-librnp
 version=1.11.1
-revision=3
+revision=4
 archs="~arm*" # no thunderbird
 build_style=cargo
 configure_args="--no-default-features --features crypto-openssl"
@@ -23,6 +23,9 @@ post_patch() {
 	# fix CVE-2026-42783 and CVE-2026-42784
 	cargo update --package sequoia-openpgp@2.0.0 --precise 2.3.0
 	cargo update --package sequoia-policy-config@0.8.0 --precise 0.8.1
+	# fix several vulnerabilities
+	vsed -i -e '/sequoia-wot/s/0\.14/0\.15/' Cargo.toml
+	cargo update --package sequoia-wot@0.14.0 --precise 0.15.2
 }
 
 do_install() {

diff --git a/srcpkgs/sequoia-sop/template b/srcpkgs/sequoia-sop/template
@@ -1,7 +1,7 @@
 # Template file for 'sequoia-sop'
 pkgname=sequoia-sop
 version=0.37.3
-revision=2
+revision=3
 build_style=cargo
 configure_args="--bin sqop --no-default-features
  --features cli,sequoia-openpgp/compression,sequoia-openpgp/crypto-openssl"
@@ -20,6 +20,9 @@ post_patch() {
 	cargo update --package cc:1.2.45 --precise 1.2.14
 	# fix CVE-2026-42783 and CVE-2026-42784
 	cargo update --package sequoia-openpgp@2.1.0 --precise 2.3.0
+	# fix several vulnerabilities
+	vsed -i -e '/sequoia-wot/s/0\.14/0\.15/' Cargo.toml
+	cargo update --package sequoia-wot@0.14.0 --precise 0.15.2
 }
 
 

diff --git a/srcpkgs/sequoia-sq/template b/srcpkgs/sequoia-sq/template
@@ -1,7 +1,7 @@
 # Template file for 'sequoia-sq'
 pkgname=sequoia-sq
 version=1.3.1
-revision=3
+revision=4
 build_style=cargo
 build_helper=qemu
 configure_args="--no-default-features --features crypto-openssl"
@@ -23,6 +23,9 @@ post_patch() {
 	# fix CVE-2026-42783 and CVE-2026-42784
 	cargo update --package sequoia-openpgp@2.0.0 --precise 2.3.0
 	cargo update --package sequoia-policy-config@0.8.0 --precise 0.8.1
+	# fix several vulnerabilities
+	vsed -i -e '/sequoia-wot/s/0\.14/0\.15/' Cargo.toml
+	cargo update --package sequoia-wot@0.14.0 --precise 0.15.2
 }
 
 pre_build() {