diff --git a/crypto-policies.spec b/crypto-policies.spec
index 9c0b288..4384531 100644
--- a/crypto-policies.spec
+++ b/crypto-policies.spec
@@ -1,5 +1,5 @@
-%global git_date 20250602
-%global git_commit a6d4d0c9db528c335bbe92095df751af87d88414
+%global git_date 20250714
+%global git_commit 95bf40e7f8853024a2f04fa4687afa5b89b99e98
 %{?git_commit:%global git_commit_hash %(c=%{git_commit}; echo ${c:0:7})}
 
 %global _python_bytecompile_extra 0
@@ -236,6 +236,17 @@ exit 0
 %{_datarootdir}/crypto-policies/python
 
 %changelog
+* Mon Jul 14 2025 Alexander Sosedkin <asosedkin@redhat.com> - 20250714-1.git95bf40e
+-  sequoia: add sha3, x25519, ed25519, x448, ed448, but not for rpm-sequoia
+-  sequoia, rpm-sequoia: use ignore_invalid with sha3, x25519, ...
+-  sequoia: Add PQC algorithm
+-  sequoia: Do not include EdDSA in FIPS policy
+-  sequoia: Generate AEAD policy
+-  openssl: send one PQ and one classic key_share; prioritize PQ groups
+-  FIPS: deprioritize X25519-MLKEM768 over P256-MLKEM768 for openssl...
+-  python, policies, tests: alias X25519-MLKEM768 to MLKEM768-X25519
+-  gnutls: enable ML-DSA, for both secure-sig and secure-sig-for-cert
+
 * Mon Jun 02 2025 Alexander Sosedkin <asosedkin@redhat.com> - 20250602-1.gita6d4d0c
 - openssl: fix mistakes in integrity-only cipher definitions
 - FIPS: enable hybrid ML-KEM (TLS only) and pure ML-DSA
diff --git a/sources b/sources
index b1d4025..799428b 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (crypto-policies-gita6d4d0c.tar.gz) = 7385e757f3897a857259580c52b8ab21b67c1f29b21067fb5b2db885a0e956406f8117674070466b4d61d80fdcbea5b1458816e7ddaf50b49c71c3a75acd21ca
+SHA512 (crypto-policies-git95bf40e.tar.gz) = 733689f356fad8052d084b721e0b87a171de90aaa2889725ccad6180d3cc95ca22b79e17894d1bd0dde40438f94d70148f765b33a215361df217015d803f5114