build,qt: Fix include path in CMake files

* lang/qt/src/Makefile.am (QGpgmeConfig.cmake, QGpgmeQt6Config.cmake): Use new variables includeprefix{5,6} instead of replaced variable includeprefix. -- GnuPG-bug-id: 7205
build,qt: Don't put generated camel-case headers in tarball
2024-07-22 10:32:00 +02:00 · 2024-07-18 16:16:33 +02:00 · 2024-07-18 15:51:44 +02:00 · 2024-07-18 14:42:30 +02:00 · 2024-07-18 14:41:52 +02:00 · 2024-07-18 14:41:32 +02:00
397 changed files with 14957 additions and 3583 deletions
--- a/4
+++ b/4
@ -22,7 +22,7 @@ List of Copyright holders

  Copyright (C) 1991-2013 Free Software Foundation, Inc.
  Copyright (C) 2000-2001 Werner Koch
-  Copyright (C) 2001-2021 g10 Code GmbH
+  Copyright (C) 2001-2023 g10 Code GmbH
  Copyright (C) 2002 Klarälvdalens Datakonsult AB
  Copyright (C) 2004-2008 Igor Belyi
  Copyright (C) 2002 John Goerzen
@ -43,7 +43,7 @@ FSF <gnu@gnu.org>
   src/stpcpy.c, src/w32-ce.c.

 g10 Code GmbH <code@g10code.com>
- - All stuff since mid march 2001.
+ - All stuff since mid March 2001.

 Werner Koch <wk@gnupg.org>
 - Design and most stuff.
--- a/Makefile.am
+++ b/Makefile.am
@ -36,8 +36,11 @@ DISTCHECK_CONFIGURE_FLAGS =

 EXTRA_DIST = autogen.sh autogen.rc gpgme.spec.in  \
             ChangeLog-2011 m4/ChangeLog-2011     \
+             build-aux/libtool-patch.sed          \
             conf/whatisthis VERSION LICENSES

+# This artificial line is to put a dependency to conf/config.h for 'all'
+BUILT_SOURCES = conf/config.h

 if RUN_GPG_TESTS
 tests = tests
--- a/378
+++ b/378
@ -1,3 +1,379 @@
+Noteworthy changes in version 1.24.0 (unrelease)
+-------------------------------------------------
+
+ * Extended gpgme_op_decrypt* and gpgme_op_verify* to allow writing the
+   output directly to a file.  [T6550]
+
+ * Extended gpgme_op_encrypt*, gpgme_op_encrypt_sign*, and gpgme_op_sign*
+   to allow reading the input data directly from a file.  [T6550]
+
+ * Add information about designated revocation keys.  [T7118]
+
+ * New context flag "import-options".  [T7152]
+
+ * cpp: Provide information about designated revocation keys for a Key.
+   [T7118]
+
+ * cpp: Add safer member function returning text describing an error.
+   [T5960]
+
+ * qt: Build QGpgME for Qt 5 and Qt 6 simultaneously.  [T7205]
+
+ * qt: Install headers for Qt 5 and Qt 6 in separate folders.  [T7161]
+
+ * qt: Allow reading the data to decrypt/encrypt/sign/verify directly from
+   files.  [T6550]
+
+ * qt: Allow writing the decrypted/encrypted/signed/verified data directly
+   to files.  [T6550]
+
+ * qt: Allow specifying import options when importing keys.  [T7152]
+
+ * qt: Allow appending a detached signature to an existing file.  [T6867]
+
+ * Interface changes relative to the 1.23.2 release:
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ GPGME_ENCRYPT_FILE                      NEW.
+ GPGME_SIG_MODE_FILE                     NEW.
+ gpgme_key_t                             EXTENDED: New field 'revkeys'.
+ gpgme_revocation_key_t                  NEW.
+ gpgme_set_ctx_flag                      EXTENDED: New flag 'import-options'.
+ cpp: Context::EncryptFile               NEW.
+ cpp: SignatureMode::SignFile            NEW.
+ cpp: RevocationKey                      NEW.
+ cpp: Key::revocationKey                 NEW.
+ cpp: Key::numRevocationKeys             NEW.
+ cpp: Key::revocationKeys                NEW.
+ cpp: Error::asStdString                 NEW.
+ cpp: Error::asString                    DEPRECATED.
+ qt: DecryptVerifyJob::setInputFile      NEW.
+ qt: DecryptVerifyJob::inputFile         NEW.
+ qt: DecryptVerifyJob::setOutputFile     NEW.
+ qt: DecryptVerifyJob::outputFile        NEW.
+ qt: EncryptJob::setRecipients           NEW.
+ qt: EncryptJob::recipients              NEW.
+ qt: EncryptJob::setInputFile            NEW.
+ qt: EncryptJob::inputFile               NEW.
+ qt: EncryptJob::setOutputFile           NEW.
+ qt: EncryptJob::outputFile              NEW.
+ qt: EncryptJob::setEncryptionFlags      NEW.
+ qt: EncryptJob::encryptionFlags         NEW.
+ qt: SignEncryptJob::setSigners          NEW.
+ qt: SignEncryptJob::signers             NEW.
+ qt: SignEncryptJob::setRecipients       NEW.
+ qt: SignEncryptJob::recipients          NEW.
+ qt: SignEncryptJob::setInputFile        NEW.
+ qt: SignEncryptJob::inputFile           NEW.
+ qt: SignEncryptJob::setOutputFile       NEW.
+ qt: SignEncryptJob::outputFile          NEW.
+ qt: SignEncryptJob::setEncryptionFlags  NEW.
+ qt: SignEncryptJob::encryptionFlags     NEW.
+ qt: SignJob::setSigners                 NEW.
+ qt: SignJob::signers                    NEW.
+ qt: SignJob::setInputFile               NEW.
+ qt: SignJob::inputFile                  NEW.
+ qt: SignJob::setOutputFile              NEW.
+ qt: SignJob::outputFile                 NEW.
+ qt: SignJob::setSigningFlags            NEW.
+ qt: SignJob::signingFlags               NEW.
+ qt: SignJob::setAppendSignature         NEW.
+ qt: SignJob::appendSignatureEnabled     NEW.
+ qt: VerifyDetachedJob::setSignatureFile NEW.
+ qt: VerifyDetachedJob::signatureFile    NEW.
+ qt: VerifyDetachedJob::setSignedFile    NEW.
+ qt: VerifyDetachedJob::signedFile       NEW.
+ qt: VerifyOpaqueJob::setInputFile       NEW.
+ qt: VerifyOpaqueJob::inputFile          NEW.
+ qt: VerifyOpaqueJob::setOutputFile      NEW.
+ qt: VerifyOpaqueJob::outputFile         NEW.
+ qt: ImportJob::setImportOptions         NEW.
+ qt: ImportJob::importOptions            NEW.
+
+
+Noteworthy changes in version 1.23.2 (2023-11-28)
+-------------------------------------------------
+
+ * Preserve more specific existing failure code.  [T6575]
+
+ * qt: Start dirmngr with gpgconf to avoid multiple instances. [T6833]
+
+ * qt: On Windows, use UTF-8 when logging the error text.  [T5960]
+
+ * qt: Remove left-over partial files more persistently.  [T6584]
+
+ * qt: Use a temporary file name when creating signed or encrypted
+   archives. [T6721]
+
+ * qt: Build Qt 6 bindings with -fPIC if requested or Qt 6 was built with
+   this flag. [T6781]
+
+ Notes:
+ ~~~~~~
+ qt: DefaultKeyGenerationJob     DEPRECATED.
+
+ [c=C43/A32/R1 cpp=C26/A20/R1 qt=C20/A5/R1]
+
+ Release-info: https://dev.gnupg.org/T6782
+
+
+Noteworthy changes in version 1.23.1 (2023-10-27)
+-------------------------------------------------
+
+ * w32: Change gpgme-w32-spawn to use Unicode arguments.  [T6728]
+
+ [c=C43/A32/R0 cpp=C26/A20/R0 qt=C20/A5/R0]
+
+ Release-info: https://dev.gnupg.org/T6774
+
+
+Noteworthy changes in version 1.23.0 (2023-10-25)
+-------------------------------------------------
+
+ * Support GPGME_ENCRYPT_ALWAYS_TRUST also for S/MIME.  [T6559]
+
+ * New keylist mode GPGME_KEYLIST_MODE_WITH_V5FPR.  [T6705]
+
+ * New key capability flags has_*.  [T6748]
+
+ * gpgme-tool: Support use of Windows HANDLE.  [T6634]
+
+ * qt: Support refreshing keys via WKD.  [T6672]
+
+ * qt: Handle cancel in changeexpiryjob.  [T6754]
+
+ * Interface changes relative to the 1.22.0 release:
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ GPGME_KEYLIST_MODE_WITH_V5FPR   NEW.
+ gpgme_key_t                     EXTENDED: New field has_encrypt.
+ gpgme_key_t                     EXTENDED: New field has_sign.
+ gpgme_key_t                     EXTENDED: New field has_certify.
+ gpgme_key_t                     EXTENDED: New field has_authenticate.
+ cpp: Key::canCertify            NEW.
+ cpp: Key::canSign               NEW.
+ cpp: Key::canEncrypt            NEW.
+ cpp: Key::canAuthenticate       NEW.
+ qt: Protocol::wkdRefreshJob     NEW.
+ qt: WKDRefreshJob               NEW.
+
+ [c=C43/A32/R0 cpp=C26/A20/R0 qt=C20/A5/R0]
+
+ Release-info: https://dev.gnupg.org/T6774
+
+
+Noteworthy changes in version 1.22.0 (2023-08-21)
+-------------------------------------------------
+
+ * Prevent wrong plaintext when verifying clearsigned signature.  [T6622]
+
+ * Return bad data error instead of general error on unexpected data.
+   [T6617]
+
+ * Take care of offline mode for all operations of gpgsm engine.
+   [T6648]
+
+ * Prepare the use of the forthcoming libassuan version 3.
+
+ * New configure option --with-libtool-modification.  [T6619]
+
+ * cpp: Expose gpgme_decrypt_result_t.is_mime.  [T6199]
+
+ * qt: Clean up after failure or cancel of sign/encrypt archive
+   operation.  [T6584]
+
+ * qt: Add setInputEncoding to QGpgMe::EncryptJob.  [T6166]
+
+ * qt: Make toLogString helper public.  [T6584]
+
+ * Interface changes relative to the 1.21.0 release:
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ qt: EncryptJob::setInputEncoding           NEW.
+ qt: DecryptionResult::isMime               NEW.
+ qt: toLogString                            NEW.
+
+ [c=C42/A31/R0 cpp=C25/A19/R0 qt=C19/A4/R0]
+
+ Release-info: https://dev.gnupg.org/T6668
+
+
+Noteworthy changes in version 1.21.0 (2023-07-07)
+-------------------------------------------------
+
+ * Extended gpgme_op_encrypt, gpgme_op_encrypt_sign, and gpgme_op_sign
+   to allow writing the output directly to a file.  [T6530]
+
+ * Extended gpgme_op_decrypt and gpgme_op_verify to allow reading the
+   input data directly from files.  [T6530]
+
+ * For key signing and uid revoking allow an empty user id.
+   [rMfbc3963d62]
+
+ * Pass an input-size-hint also to the gpgsm engine.  [T6534]
+
+ * qt: Allow writing the created archives directly to a
+   file.  [T6530]
+
+ * qt: Allow reading the signed/encrypted archive to decrypt
+   or verify directly from a file.  [T6530]
+
+ * qt: Qt Jobs working with QIODeviceDataProvider now properly
+   handle input-size hints and progress for files larger.
+   2^32 bytes in 32 bit builds.  [T6534]
+
+ * cpp: Error::isCanceled now also returns true for error code
+   GPG_ERR_FULLY_CANCELED.  [T6510]
+
+ * python: Fix wrong use of write.  [T6501]
+
+ * Interface changes relative to the 1.20.0 release:
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ cpp: Data::setFlag                         NEW.
+ cpp: Data::setSizeHint                     NEW.
+ qt: Job::startIt                           NEW.
+ qt: DecryptVerifyArchiveJob::setInputFile  NEW.
+ qt: DecryptVerifyArchiveJob::inputFile     NEW.
+ qt: EncryptArchiveJob::setRecipients       NEW.
+ qt: EncryptArchiveJob::recipients          NEW.
+ qt: EncryptArchiveJob::setInputPaths       NEW.
+ qt: EncryptArchiveJob::inputPaths          NEW.
+ qt: EncryptArchiveJob::setOutputFile       NEW.
+ qt: EncryptArchiveJob::outputFile          NEW.
+ qt: EncryptArchiveJob::setEncryptionFlags  NEW.
+ qt: EncryptArchiveJob::encryptionFlags     NEW.
+ qt: SignArchiveJob::setSigners             NEW.
+ qt: SignArchiveJob::signers                NEW.
+ qt: SignArchiveJob::setInputPaths          NEW.
+ qt: SignArchiveJob::inputPaths             NEW.
+ qt: SignArchiveJob::setOutputFile          NEW.
+ qt: SignArchiveJob::outputFile             NEW.
+ qt: SignEncryptArchiveJob::setSigners      NEW.
+ qt: SignEncryptArchiveJob::signers         NEW.
+ qt: SignEncryptArchiveJob::setRecipients   NEW.
+ qt: SignEncryptArchiveJob::recipients      NEW.
+ qt: SignEncryptArchiveJob::setInputPaths   NEW.
+ qt: SignEncryptArchiveJob::inputPaths      NEW.
+ qt: SignEncryptArchiveJob::setOutputFile   NEW.
+ qt: SignEncryptArchiveJob::outputFile      NEW.
+ qt: SignEncryptArchiveJob::setEncryptionFlags NEW.
+ qt: SignEncryptArchiveJob::encryptionFlags NEW.
+
+ [c=C41/A30/R0 cpp=C24/A18/R0 qt=C18/A3/R0]
+
+ Release-info: https://dev.gnupg.org/T6585
+
+
+Noteworthy changes in version 1.20.0 (2023-04-20)
+-------------------------------------------------
+
+ * On Windows, the gettext functions provided by gpgrt are switched
+   into utf8 mode, so that all localized texts returned by GpgME or
+   gpgrt, e.g. the texts for error codes are now UTF-8 encoded.
+   [T5960]
+
+ * Key::canSign now returns false for OpenPGP keys without signing
+   (sub)key.  [T6456]
+
+ * The new macOS Homebrew location is now by default supported.
+   [T6440]
+
+ * Fix regression in 1.19.0.  [rMb608c084b9]
+
+ * Fix invocation of gpgtar on Windows.  [rM0c29119e06]
+
+ * Interface changes relative to the 1.19.0 release:
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ gpgme_subkey_t              EXTENDED: New field 'can_renc'.
+ gpgme_subkey_t              EXTENDED: New field 'can_timestamp'.
+ gpgme_subkey_t              EXTENDED: New field 'is_group_owned'.
+ cpp: Subkey::canRenc                       NEW.
+ cpp: Subkey::canTimestamp                  NEW.
+ cpp: Subkey::isGroupOwned                  NEW.
+ cpp: Key::canReallySign                    DEPRECATED.
+
+ [c=C40/A29/R0 cpp=C23/A17/R0 qt=C17/A2/R1]
+
+ Release-info: https://dev.gnupg.org/T6463
+
+
+Noteworthy changes in version 1.19.0 (2023-03-17)
+-------------------------------------------------
+
+ * New convenience option --identify for gpgme-json.
+
+ * New context flag "no-auto-check-trustdb".  [T6261]
+
+ * Optionally, build QGpgME for Qt 6
+
+ * Support component "gpgtar-name" in gpgme_get_dirinfo.  [T6342]
+
+ * Extended gpgme_op_encrypt*, gpgme_op_encrypt_sign*, and
+   gpgme_op_sign* to allow creating an encrypted and/or signed
+   archive.  [T6342]
+
+ * Extended gpgme_op_decrypt*, gpgme_op_decrypt_verify*, and gpgme_op_verify*
+   to allow extracting an encrypted and/or signed archive.  [T6342]
+
+ * cpp: Handle error when trying to sign expired keys.  [T6155]
+
+ * cpp: Support encryption flags ThrowKeyIds, EncryptWrap, and WantAddress.
+   [T6359]
+
+ * cpp, qt: Fix building with C++11.  [T6141]
+
+ * qt: Fix problem with expiration dates after 2038-01-19 on 32-bit systems
+   when adding an existing subkey to another key.  [T6137]
+
+ * cpp: Allow setting the curve to use when generating ECC keys
+   for smart cards.  [T4429]
+
+ * qt: Extend ListAllKeysJob to allow disabling the automatic trust database
+   check when listing all keys.  [T6261]
+
+ * qt: Allow deferred start of import jobs.  [T6323]
+
+ * qt: Support creating and extracting signed and encrypted archives.  [T6342]
+
+ * Interface changes relative to the 1.18.0 release:
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ gpgme_get_ctx_flag                EXTENDED: New flag 'no-auto-check-trustdb'.
+ gpgme_set_ctx_flag                EXTENDED: New flag 'no-auto-check-trustdb'.
+ GPGME_DECRYPT_ARCHIVE                      NEW.
+ GPGME_ENCRYPT_ARCHIVE                      NEW.
+ GPGME_SIG_MODE_ARCHIVE                     NEW.
+ GPGME_VERIFY_ARCHIVE                       NEW.
+ gpgme_verify_flags_t                       NEW.
+ gpgme_op_verify_ext_start                  NEW.
+ gpgme_op_verify_ext                        NEW.
+ cpp: GpgGenCardKeyInteractor::Curve        NEW.
+ cpp: GpgGenCardKeyInteractor::setCurve     NEW.
+ cpp: Context::WantAddress                  NEW.
+ cpp: Context::DecryptArchive               NEW.
+ cpp: Context::EncryptArchive               NEW.
+ cpp: SignArchive                           NEW.
+ cpp: Data::setFileName            EXTENDED: New overload
+ qt: ListAllKeysJob::Option                 NEW.
+ qt: ListAllKeysJob::Options                NEW.
+ qt: ListAllKeysJob::setOptions             NEW.
+ qt: ListAllKeysJob::options                NEW.
+ qt: Job::startNow                          NEW.
+ qt: ImportJob::startLater                  NEW.
+ qt: FileListDataProvider                   NEW.
+ qt: DecryptVerifyArchiveJob                NEW.
+ qt: EncryptArchiveJob                      NEW.
+ qt: SignArchiveJob                         NEW.
+ qt: SignEncryptArchiveJob                  NEW.
+ qt: Protocol::decryptVerifyArchiveJob      NEW.
+ qt: Protocol::encryptArchiveJob            NEW.
+ qt: Protocol::signArchiveJob               NEW.
+ qt: Protocol::signEncryptArchiveJob        NEW.
+ qt: Job::jobProgress                       NEW.
+ qt: Job::rawProgress                       NEW.
+ qt: Job::progress                          DEPRECATED.
+
+ [c=C39/A28/R0 cpp=C22/A16/R0 qt=C17/A2/R0]
+
+ Release-info: https://dev.gnupg.org/T6341
+
+
 Noteworthy changes in version 1.18.0 (2022-08-10)
 -------------------------------------------------

@ -367,7 +743,7 @@ Noteworthy changes in version 1.13.0 (2019-03-26)

 * Several fixes to the Common Lisp bindings.

- * Fixed minor bugs in gpgme-json.  [#4331,#4341,#4342,#4343
+ * Fixed minor bugs in gpgme-json.  [#4331,#4341,#4342,#4343]

 * Require trace level 8 to dump all I/O data.

--- a/8
+++ b/8
@ -1,7 +1,7 @@
                       GPGME - GnuPG Made Easy
                     ---------------------------

-Copyright 2001-2021 g10 Code GmbH
+Copyright 2001-2023 g10 Code GmbH

 This file is free software; as a special exception the author gives
 unlimited permission to copy and/or distribute it, with or without
@ -41,11 +41,11 @@ See the file INSTALL for generic installation instructions.
 Check that you have unmodified sources.  See below on how to do this.
 Don't skip it - this is an important step!

-To build GPGME, you need to install libgpg-error (>= 1.24) and
+To build GPGME, you need to install libgpg-error (>= 1.36) and
 Libassuan (>= 2.4.2).

-For support of the OpenPGP and the CMS protocols, you should use the
-latest version of GnuPG (>= 2.1.18) , available at:
+For support of the OpenPGP and the CMS protocols, you should use at
+least GnuPG version 2.2.41 or 2.4.3, available at:
 https://gnupg.org/ftp/gcrypt/gnupg/.

 For building the Git version of GPGME please see the file README.GIT
--- a/autogen.rc
+++ b/autogen.rc
@ -11,4 +11,4 @@ case "$myhost" in
 esac


-final_info="./configure --enable-maintainer-mode && make"
+final_info="mkdir build && cd build && ../configure --enable-maintainer-mode && make"
--- a/autogen.sh
+++ b/autogen.sh
@ -1,6 +1,6 @@
 #! /bin/sh
 # autogen.sh
-# Copyright (C) 2003, 2014, 2017, 2018 g10 Code GmbH
+# Copyright (C) 2003, 2014, 2017, 2018, 2022 g10 Code GmbH
 #
 # This file is free software; as a special exception the author gives
 # unlimited permission to copy and/or distribute it, with or without
@ -15,7 +15,7 @@
 # configure it for the respective package.  It is maintained as part of
 # GnuPG and source copied by other packages.
 #
-# Version: 2018-07-10
+# Version: 2023-03-15

 configure_ac="configure.ac"

@ -137,8 +137,6 @@ extraoptions=
 # List of optional variables sourced from autogen.rc and ~/.gnupg-autogen.rc
 w32_toolprefixes=
 w32_extraoptions=
-w32ce_toolprefixes=
-w32ce_extraoptions=
 w64_toolprefixes=
 w64_extraoptions=
 amd64_toolprefixes=
@ -146,7 +144,6 @@ amd64_toolprefixes=
 # What follows are variables which are sourced but default to
 # environment variables or lacking them hardcoded values.
 #w32root=
-#w32ce_root=
 #w64root=
 #amd64root=

@ -167,11 +164,6 @@ case "$1" in
        myhost="w32"
        shift
        ;;
-    --build-w32ce)
-        myhost="w32"
-        myhostsub="ce"
-        shift
-        ;;
    --build-w64)
        myhost="w32"
        myhostsub="64"
@ -203,7 +195,7 @@ if [ "$myhost" = "git-build" ]; then
    die_p
    make || fatal "error running make"
    die_p
-    make check || fatal "error running male check"
+    make check || fatal "error running make check"
    die_p
    exit 0
 fi
@ -241,10 +233,12 @@ if [ "$myhost" = "find-version" ]; then
    if [ -z "$micro" ]; then
      matchstr1="$package-$major.[0-9]*"
      matchstr2="$package-$major-base"
+      matchstr3=""
      vers="$major.$minor"
    else
      matchstr1="$package-$major.$minor.[0-9]*"
-      matchstr2="$package-$major.$minor-base"
+      matchstr2="$package-$major.[0-9]*-base"
+      matchstr3="$package-$major-base"
      vers="$major.$minor.$micro"
    fi

@ -252,13 +246,22 @@ if [ "$myhost" = "find-version" ]; then
    if [ -e .git ]; then
      ingit=yes
      tmp=$(git describe --match "${matchstr1}" --long 2>/dev/null)
-      tmp=$(echo "$tmp" | sed s/^"$package"//)
      if [ -n "$tmp" ]; then
-          tmp=$(echo "$tmp" | sed s/^"$package"//  \
-                | awk -F- '$3!=0 && $3 !~ /^beta/ {print"-beta"$3}')
+          tmp=$(echo "$tmp" | sed s/^"$package"// \
+                    | awk -F- '$3!=0 && $3 !~ /^beta/ {print"-beta"$3}')
      else
-          tmp=$(git describe --match "${matchstr2}" --long 2>/dev/null \
-                | awk -F- '$4!=0{print"-beta"$4}')
+          # (due tof "-base" in the tag we need to take the 4th field)
+          tmp=$(git describe --match "${matchstr2}" --long 2>/dev/null)
+          if [ -n "$tmp" ]; then
+              tmp=$(echo "$tmp" | sed s/^"$package"// \
+                        | awk -F- '$4!=0 && $4 !~ /^beta/ {print"-beta"$4}')
+          elif [ -n "${matchstr3}" ]; then
+              tmp=$(git describe --match "${matchstr3}" --long 2>/dev/null)
+              if [ -n "$tmp" ]; then
+                  tmp=$(echo "$tmp" | sed s/^"$package"// \
+                          | awk -F- '$4!=0 && $4 !~ /^beta/ {print"-beta"$4}')
+              fi
+          fi
      fi
      [ -n "$tmp" ] && beta=yes
      rev=$(git rev-parse --short HEAD | tr -d '\n\r')
@ -294,12 +297,6 @@ fi
 # ******************
 if [ "$myhost" = "w32" ]; then
    case $myhostsub in
-        ce)
-          w32root="$w32ce_root"
-          [ -z "$w32root" ] && w32root="$HOME/w32ce_root"
-          toolprefixes="$w32ce_toolprefixes arm-mingw32ce"
-          extraoptions="$extraoptions $w32ce_extraoptions"
-          ;;
        64)
          w32root="$w64root"
          [ -z "$w32root" ] && w32root="$HOME/w64root"
--- a/build-aux/libtool-patch.sed
+++ b/build-aux/libtool-patch.sed
@ -0,0 +1,68 @@
+#
+# This is a sed script to patch the generated libtool,
+# which works well against both of libtool 2.4.2 and 2.4.7.
+#
+# You may use this work under the terms of a Creative Commons CC0 1.0
+# License/Waiver.
+#
+# CC0 Public Domain Dedication
+# https://creativecommons.org/publicdomain/zero/1.0/
+
+#
+# This sed script applys two hunks of the patch:
+#
+#     Part1: after the comment "# bleh windows"
+#     Part2: after the comment "#extension on DOS 8.3..."
+#
+# Only when those two parts are patched correctly, it exits with 0 or
+# else, it exits with 1
+#
+
+# Find the part 1, by the comment
+/^[ \t]*# bleh windows$/b part1_start
+# Not found the part1, raise an error
+$ q1
+b
+
+:part1_start
+n
+# The first line in the part 1 must be the begining of the case statement.
+/^[ \t]*case \$host in$/! q1
+n
+# Insert the entry for x86_64-*mingw32*, for modified versuffix.
+i\
+	      x86_64-*mingw32*)
+i\
+		func_arith $current - $age
+i\
+		major=$func_arith_result
+i\
+		versuffix="6-$major"
+i\
+		;;
+:part1_0
+# Find the end of the case statement
+/^[ \t]*esac$/b find_part2
+# Not found the end of the case statement, raise an error
+$ q1
+n
+b part1_0
+
+:find_part2
+/^[ \t]*# extension on DOS 8.3 file.*systems.$/b part2_process
+# Not found the part2, raise an error
+$ q1
+n
+b find_part2
+
+:part2_process
+$ q1
+s/^[ \t]*\(versuffix=\)\(.*\)\(-$major\)\(.*\)$/\t  case \$host in\n\t  x86_64-*mingw32*)\n\t    \1\26\3\4\n\t    ;;\n\t  *)\n\t    \1\2\3\4\n\t    ;;\n\t  esac/
+t part2_done
+n
+b part2_process
+
+:part2_done
+$ q0
+n
+b part2_done
--- a/build-aux/texinfo.tex
+++ b/build-aux/texinfo.tex
@ -482,7 +482,7 @@
 % \def\foo{\parsearg\Xfoo}
 % \def\Xfoo#1{...}
 %
-% Actually, I use \csname\string\foo\endcsname, ie. \\foo, as it is my
+% Actually, I use \csname\string\foo\endcsname, i.e. \\foo, as it is my
 % favourite TeX trick.  --kasal, 16nov03

 \def\parseargdef#1{%
--- a/configure.ac
+++ b/configure.ac
@ -31,7 +31,7 @@ min_automake_version="1.14"
 # for the LT versions.
 m4_define([mym4_package],[gpgme])
 m4_define([mym4_major], [1])
-m4_define([mym4_minor], [18])
+m4_define([mym4_minor], [24])
 m4_define([mym4_micro], [0])

 # Below is m4 magic to extract and compute the git revision number,
@ -53,20 +53,20 @@ AC_INIT([mym4_package],[mym4_version],[https://bugs.gnupg.org])
 #   (Interfaces added:			AGE++)
 #   (Interfaces removed:		AGE=0)
 #
-LIBGPGME_LT_CURRENT=38
-LIBGPGME_LT_AGE=27
-LIBGPGME_LT_REVISION=0
+LIBGPGME_LT_CURRENT=43
+LIBGPGME_LT_AGE=32
+LIBGPGME_LT_REVISION=1

 # If there is an ABI break in gpgmepp or qgpgme also bump the
 # version in IMPORTED_LOCATION in the GpgmeppConfig-w32.cmake.in.in

-LIBGPGMEPP_LT_CURRENT=21
-LIBGPGMEPP_LT_AGE=15
-LIBGPGMEPP_LT_REVISION=0
+LIBGPGMEPP_LT_CURRENT=26
+LIBGPGMEPP_LT_AGE=20
+LIBGPGMEPP_LT_REVISION=1

-LIBQGPGME_LT_CURRENT=16
-LIBQGPGME_LT_AGE=1
-LIBQGPGME_LT_REVISION=0
+LIBQGPGME_LT_CURRENT=20
+LIBQGPGME_LT_AGE=5
+LIBQGPGME_LT_REVISION=1
 ################################################

 AC_SUBST(LIBGPGME_LT_CURRENT)
@ -85,7 +85,7 @@ AC_SUBST(LIBQGPGME_LT_REVISION)
 GPGME_CONFIG_API_VERSION=1
 ##############################################

-NEED_GPG_ERROR_VERSION=1.36
+NEED_GPG_ERROR_VERSION=1.47
 NEED_LIBASSUAN_API=2
 NEED_LIBASSUAN_VERSION=2.4.2

@ -206,6 +206,44 @@ esac

 AM_CONDITIONAL(HAVE_LD_VERSION_SCRIPT, test "$have_ld_version_script" = "yes")

+#
+# Specify how we support our local modification of libtool for Windows
+# 64-bit.  Options are:
+#
+# (1) apply: when appying patch fails, it results failure of entire build
+# (2) never: never apply the patch (no try)
+# (3) try: use patched if it goes well, use original if fails
+#
+AC_ARG_WITH([libtool-modification],
+  AS_HELP_STRING([--with-libtool-modification=apply|never|try],
+                 [how to handle libtool modification (default=never)]),
+                 build_libtool_modification=$withval,
+                 build_libtool_modification=never)
+
+#
+# Apply a patch (locally maintained one of ours) to libtool
+#
+case $host in
+  x86_64-*mingw32*)
+AC_CONFIG_COMMANDS([libtool-patch],[[
+  if test "$build_selection" = never; then
+    echo "patch not applied"
+  elif (mv -f libtool libtool.orig; \
+        sed -f $srcdir/build-aux/libtool-patch.sed libtool.orig >libtool); then
+    echo "applied successfully"
+  elif test "$build_selection" = try; then
+    mv -f libtool.orig libtool
+    echo "patch failed, thus, using original"
+  else
+    echo "patch failed"
+    as_fn_exit 1
+  fi
+]],[build_selection=$build_libtool_modification])
+  ;;
+  *)
+  ;;
+esac
+
 GPG_DEFAULT=no
 GPGSM_DEFAULT=no
 GPGCONF_DEFAULT=no
@ -218,8 +256,8 @@ have_w64_system=no
 have_macos_system=no
 build_w32_glib=no
 build_w32_qt=no
-available_languages="cl cpp python qt"
-default_languages="cl cpp python qt"
+available_languages="cl cpp python qt qt5 qt6"
+default_languages="cl cpp python qt5 qt6"
 case "${host}" in
    x86_64-*mingw32*)
        have_w64_system=yes
@ -300,12 +338,44 @@ if test x$fixed_search_path != x ; then
                    [Locate binaries only via this PATH])
 fi

+# Option --enable-reduce-relocations
+#
+# Allow building the Qt 6 bindings explicitly with -fPIC if the automatic
+# detection fails. Note: We assume that this flag is always available (unless
+# we built for Windows).
+AC_ARG_ENABLE([reduce-relocations],
+              AS_HELP_STRING([--enable-reduce-relocations],
+                             [build Qt 6 bindings with -fPIC (default is
+                              auto)]),
+              [use_reduce_relocations="$enableval"],
+              [use_reduce_relocations=""])
+
+# Option --enable-no-direct-extern-access
+#
+# Some distributions build Qt 6 with -mno-direct-extern-access. Libraries and
+# applications using Qt then must also be build with this flag. As workaround
+# for a bug in Qt's pkgconfig files which don't have this flag we allow
+# building with this flag explicitly.
+AC_LANG_PUSH(C++)
+AX_CHECK_COMPILE_FLAG([-mno-direct-extern-access],
+                      [have_no_direct_extern_access="yes"],
+                      [have_no_direct_extern_access="no"],
+                      [-Werror])
+AC_LANG_POP()
+AC_ARG_ENABLE([no-direct-extern-access],
+              AS_HELP_STRING([--enable-no-direct-extern-access],
+                             [build Qt 6 bindings with
+                              -mno-direct-extern-access (default is auto)]),
+              [use_no_direct_extern_access="$enableval"],
+              [use_no_direct_extern_access=""])
+

 # Note: You need to declare all possible languages also in
 #       lang/Makefile.am's DIST_SUBDIRS.
 AC_ARG_ENABLE([languages],
              AS_HELP_STRING([--enable-languages=languages],
-                             [enable only specific language bindings]),
+                             [enable only specific language bindings:
+                              cl cpp python qt5 qt6]),
                             [enabled_languages=`echo $enableval | \
                             tr ',:' '  ' | tr '[A-Z]' '[a-z]' | \
                             sed 's/c++/cpp/'`],
@ -331,84 +401,179 @@ for language in $enabled_languages; do
    fi
 done

-# Enable C++ 11 if cpp language is requested
-LIST_MEMBER("cpp", $enabled_languages)
+# Check whether qt5 and/or qt6 are enabled
+want_qt5="no"
+LIST_MEMBER("qt5", $enabled_languages)
 if test "$found" = "1"; then
+    if test "$explicit_languages" = "1"; then
+        want_qt5="yes"
+    else
+        want_qt5="maybe"
+    fi
+    # Remove qt5; further down qt will be added
+    enabled_languages=$(echo $enabled_languages | sed 's/qt5//')
+fi
+want_qt6="no"
+LIST_MEMBER("qt6", $enabled_languages)
+if test "$found" = "1"; then
+    if test "$explicit_languages" = "1"; then
+        want_qt6="yes"
+    else
+        want_qt6="maybe"
+    fi
+    # Remove qt6; further down qt will be added
+    enabled_languages=$(echo $enabled_languages | sed 's/qt6//')
+fi
+
+# Check whether qt is enabled; if yes then it has been enabled explicitly
+want_qt="no"
+LIST_MEMBER("qt", $enabled_languages)
+if test "$found" = "1"; then
+    # Ignore qt if specified together with qt5 or qt6
+    if test "$want_qt5" = "no" -a "$want_qt6" = "no"; then
+        want_qt="yes"
+    fi
+    # Remove qt
+    enabled_languages=$(echo $enabled_languages | sed 's/qt//')
+    AC_MSG_WARN([[
+***
+*** Language binding "qt" is deprecated and will be removed in a future version.
+*** Use "qt5" and/or "qt6" instead.
+***]])
+fi
+
+# Ensure that pkg-config is available for all calls of FIND_QT5/FIND_QT6
+PKG_PROG_PKG_CONFIG
+
+# Check for Qt 5 (if qt5 or qt is enabled)
+if test "$want_qt" = "yes"; then
+    want_qt5="maybe"
+fi
+if test "$want_qt5" != "no"; then
+    FIND_QT5
+    if test "$have_qt5_libs" = "yes"; then
+        want_qt5="yes"
+    elif test "$want_qt5" = "yes"; then
+        AC_MSG_ERROR([[
+***
+*** Qt5 (Qt5Core) is required for the Qt 5 binding.
+***]])
+    else
+        want_qt5="no"
+    fi
+fi
+
+# Check for Qt 6 (if qt6 is enabled or if qt is enabled and Qt 5 wasn't found)
+if test "$want_qt" = "yes" -a "$have_qt5_libs" != "yes"; then
+    want_qt6="maybe"
+fi
+if test "$want_qt6" != "no"; then
+    FIND_QT6
+    if test "$have_qt6_libs" = "yes"; then
+        want_qt6="yes";
+    elif test "$want_qt6" = "yes"; then
+        AC_MSG_ERROR([[
+***
+*** Qt6 (Qt6Core) is required for the Qt 6 binding.
+***]])
+    else
+        want_qt6="no"
+    fi
+fi
+
+# Check if any Qt was found (if qt is enabled)
+if test "$want_qt" = "yes" -a "$have_qt5_libs" != "yes" -a "$have_qt6_libs" != "yes"; then
+    AC_MSG_ERROR([[
+***
+*** Qt5 (Qt5Core) or Qt6 (Qt6Core) is required for the Qt bindings.
+***]])
+fi
+
+# Check that cpp is enabled if qt5 or qt6 is enabled and was found
+if test "$want_qt5" = "yes" -o "$want_qt6" = "yes"; then
+    LIST_MEMBER("cpp", $enabled_languages)
+    if test "$found" = "0"; then
+        AC_MSG_ERROR([[
+***
+*** The Qt bindings depend on the C++ binding.
+***]])
+    fi
+fi
+
+# Enable C++ 17 if qt6 is requested
+if test "$want_qt6" = "yes"; then
+    AX_CXX_COMPILE_STDCXX(17, noext, optional)
+    if test "$HAVE_CXX17" != "1"; then
+        if test "$explicit_languages" = "1"; then
+            AC_MSG_ERROR([[
+***
+*** A compiler with c++17 support is required for the Qt 6 binding.
+***]])
+        else
+            want_qt6="no"
+            AC_MSG_WARN([[
+***
+*** No c++17 support detected. Qt 6 binding will be disabled.
+***]])
+        fi
+    fi
+fi
+
+# Enable C++ 11 if cpp is requested (unless C++ 17 was already enabled)
+LIST_MEMBER("cpp", $enabled_languages)
+if test "$found" = "1" -a "$HAVE_CXX17" != "1"; then
    AX_CXX_COMPILE_STDCXX(11, noext, optional)
    if test "$HAVE_CXX11" != "1"; then
        if test "$explicit_languages" = "1"; then
            AC_MSG_ERROR([[
 ***
-*** A compiler with c++11 support is required for the c++ binding.
+*** A compiler with c++11 support is required for the C++ binding.
 ***]])
        else
            enabled_languages=$(echo $enabled_languages | sed 's/cpp//')
-            enabled_languages=$(echo $enabled_languages | sed 's/qt//')
+            want_qt5="no"
            AC_MSG_WARN([[
 ***
-*** No c++11 support detected. C++ and Qt bindings will be disabled.
+*** No c++11 support detected. C++ and Qt 5 bindings will be disabled.
 ***]])
        fi
    fi
 fi

+# Now append qt to the list of language bindings (to enable the subdir in lang)
+if test "$want_qt5" = "yes" -o "$want_qt6" = "yes"; then
+    enabled_languages=$(echo $enabled_languages qt)
+fi
+
 # Check whether compiler supports visibility attribute (if cpp language is enabled)
 LIST_MEMBER("cpp", $enabled_languages)
 if test "$found" = "1"; then
    AX_GCC_FUNC_ATTRIBUTE(visibility)
    if test "$ax_cv_have_func_attribute_visibility" = "yes"; then
        GPGME_CPP_CFLAGS="$GPGME_CPP_CFLAGS -fvisibility=hidden"
+        if test "$want_qt5" = "yes"; then
+            GPGME_QT5_CFLAGS="$GPGME_QT5_CFLAGS -fvisibility=hidden"
+        fi
+        if test "$want_qt6" = "yes"; then
+            GPGME_QT6_CFLAGS="$GPGME_QT6_CFLAGS -fvisibility=hidden"
+        fi
    fi
 fi
 AC_SUBST(GPGME_CPP_CFLAGS)

-# Check that if qt is enabled cpp also is enabled
-LIST_MEMBER("qt", $enabled_languages)
-if test "$found" = "1"; then
-    # We need to ensure that in the language order qt comes after cpp
-    # so we remove qt first and explicitly add it as last list member.
-    enabled_languages=$(echo $enabled_languages | sed 's/qt//')
-    LIST_MEMBER("cpp", $enabled_languages)
-    if test "$found" = "0"; then
-        AC_MSG_ERROR([[
-***
-*** Qt language binding depends on cpp binding.
-***]])
-    fi
-    FIND_QT
-    if test "$have_qt5_libs" != "yes"; then
-        if test "$explicit_languages" = "1"; then
-        AC_MSG_ERROR([[
-***
-*** Qt5 (Qt5Core) is required for Qt binding.
-***]])
-        else
-           AC_MSG_WARN([[
-***
-*** Qt5 (Qt5Core) not found Qt Binding will be disabled.
-***]])
-        fi
-    else
-        enabled_languages=`echo $enabled_languages qt`
+AM_CONDITIONAL(WANT_QT5, test "$want_qt5" = yes)
+AM_CONDITIONAL(WANT_QT6, test "$want_qt6" = yes)

-        AC_CHECK_PROGS([DOXYGEN], [doxygen])
-        if test -z "$DOXYGEN";
-            # This is not highlighted because it's not really important.
-            then AC_MSG_WARN([Doxygen not found - Qt binding doc will not be built.])
-        fi
-        AC_CHECK_PROGS([GRAPHVIZ], [dot])
-        if test -z "$GRAPHVIZ";
-            then AC_MSG_WARN([Graphviz not found - Qt binding doc will not have diagrams.])
-        fi
+# Check for tools for building the Qt binding docs
+if test "$want_qt5" = "yes" -o "$want_qt6" = "yes"; then
+    AC_CHECK_PROGS([DOXYGEN], [doxygen])
+    if test -z "$DOXYGEN"; then
+        # This is not highlighted because it's not really important.
+        AC_MSG_WARN([Doxygen not found - Qt binding doc will not be built.])
    fi
-fi
-
-# Check if compiler supports visibility attribute (if qt is enabled)
-LIST_MEMBER("qt", $enabled_languages)
-if test "$found" = "1"; then
-    AX_GCC_FUNC_ATTRIBUTE(visibility)
-    if test "$ax_cv_have_func_attribute_visibility" = "yes"; then
-        GPGME_QT_CFLAGS="$GPGME_QT_CFLAGS -fvisibility=hidden"
+    AC_CHECK_PROGS([GRAPHVIZ], [dot])
+    if test -z "$GRAPHVIZ"; then
+        AC_MSG_WARN([Graphviz not found - Qt binding doc will not have diagrams.])
    fi
 fi

@ -443,11 +608,12 @@ if test "$found_py" = "1"; then
 	if test "$found_py" = "1" -o "$found_py3" = "1"; then
 	  # Reset everything, so that we can look for another Python.
          m4_foreach([mym4pythonver],
-                     [[2.7],[3.4],[3.5],[3.6],[3.7],[3.8],[3.9],[all]],
+                     [[2.7],[3.6],[3.8],[3.9],[3.10],[3.11],[3.12],[all]],
           [unset PYTHON
 	    unset PYTHON_VERSION
 	    unset PYTHON_CPPFLAGS
 	    unset PYTHON_LDFLAGS
+	    unset PYTHON_LIBS
 	    unset PYTHON_SITE_PKG
 	    unset PYTHON_EXTRA_LIBS
 	    unset PYTHON_EXTRA_LDFLAGS
@ -458,7 +624,7 @@ if test "$found_py" = "1"; then
 	    unset am_cv_python_pythondir
 	    unset am_cv_python_pyexecdir
 	    AM_PATH_PYTHON(mym4pythonver, [
-		AX_PYTHON_DEVEL
+		AX_PYTHON_DEVEL([], [true])
 		if test "$PYTHON_VERSION"; then
 			PYTHONS="$(echo $PYTHONS $PYTHON)"
 			PYTHON_VERSIONS="$(echo $PYTHON_VERSIONS $PYTHON_VERSION)"
@ -842,6 +1008,9 @@ AH_BOTTOM([
 # define GPGME_GCC_A_PURE
 #endif

+/* Under Windows we use the gettext code from gpgrt.  */
+#define GPG_ERR_ENABLE_GETTEXT_MACROS 1
+
 /* Under WindowsCE we need gpg-error's strerror macro.  */
 #define GPG_ERR_ENABLE_ERRNO_MACROS 1

@ -850,11 +1019,45 @@ AH_BOTTOM([
 ])


-# Substitution used for gpgme-config
+# Substitution used for gpgme-config and gpgme.pc
 GPGME_CONFIG_LIBS="-lgpgme"
 GPGME_CONFIG_CFLAGS=""
 GPGME_CONFIG_HOST="$host"
 GPGME_CONFIG_AVAIL_LANG="$enabled_languages"
+
+case "$includedir" in
+  /usr/include|/include) ;;
+  '${prefix}/include')
+    if test "$prefix" != / -a "$prefix" != /usr; then
+      if test -z "$GPGME_CONFIG_CFLAGS"; then
+        GPGME_CONFIG_CFLAGS="-I\${includedir}"
+      else
+        GPGME_CONFIG_CFLAGS="-I\${includedir} $GPGME_CONFIG_CFLAGS"
+      fi
+    fi
+    ;;
+  *)
+    if test -z "$GPGME_CONFIG_CFLAGS"; then
+      GPGME_CONFIG_CFLAGS="-I\${includedir}"
+    else
+      GPGME_CONFIG_CFLAGS="-I\${includedir} $GPGME_CONFIG_CFLAGS"
+    fi
+    ;;
+esac
+case "$libdir" in
+  /usr/lib|/usr/lib64|/lib|/lib64) ;;
+  '${exec_prefix}/lib'|'${exec_prefix}/lib64')
+    if test "$exec_prefix" = "NONE"; then
+      if test "$prefix" != / -a "$prefix" != /usr; then
+        GPGME_CONFIG_LIBS="-L\${libdir} $GPGME_CONFIG_LIBS"
+      fi
+    elif test "$exec_prefix" != / -a "$exec_prefix" != /usr; then
+      GPGME_CONFIG_LIBS="-L\${libdir} $GPGME_CONFIG_LIBS"
+    fi
+    ;;
+  *) GPGME_CONFIG_LIBS="-L\${libdir} $GPGME_CONFIG_LIBS" ;;
+esac
+
 AC_SUBST(GPGME_CONFIG_API_VERSION)
 AC_SUBST(GPGME_CONFIG_LIBS)
 AC_SUBST(GPGME_CONFIG_CFLAGS)
@ -933,9 +1136,16 @@ AC_CONFIG_FILES(lang/cpp/src/GpgmeppConfig.cmake.in)
 AC_CONFIG_FILES(lang/cpp/src/GpgmeppConfigVersion.cmake)
 AC_CONFIG_FILES(lang/cpp/src/gpgmepp_version.h)
 AC_CONFIG_FILES(lang/qt/Makefile lang/qt/src/Makefile)
-AC_CONFIG_FILES(lang/qt/src/QGpgmeConfig-w32.cmake.in)
-AC_CONFIG_FILES(lang/qt/src/QGpgmeConfig.cmake.in)
-AC_CONFIG_FILES(lang/qt/src/QGpgmeConfigVersion.cmake)
+if test "$want_qt5" = "yes"; then
+    AC_CONFIG_FILES(lang/qt/src/QGpgmeConfig-w32.cmake.in)
+    AC_CONFIG_FILES(lang/qt/src/QGpgmeConfig.cmake.in)
+    AC_CONFIG_FILES(lang/qt/src/QGpgmeConfigVersion.cmake)
+fi
+if test "$want_qt6" = "yes"; then
+    AC_CONFIG_FILES(lang/qt/src/QGpgmeQt6Config-w32.cmake.in)
+    AC_CONFIG_FILES(lang/qt/src/QGpgmeQt6Config.cmake.in)
+    AC_CONFIG_FILES(lang/qt/src/QGpgmeQt6ConfigVersion.cmake)
+fi
 AC_CONFIG_FILES(lang/qt/tests/Makefile)
 AC_CONFIG_FILES(lang/qt/src/qgpgme_version.h)
 AC_CONFIG_FILES([lang/Makefile lang/cl/Makefile lang/cl/gpgme.asd])
@ -953,6 +1163,14 @@ AC_CONFIG_FILES([lang/python/Makefile
 AC_CONFIG_FILES([lang/python/setup.py], [chmod a+x lang/python/setup.py])
 AC_OUTPUT

+if test "$want_qt5" = "yes" -a "$want_qt6" = "yes"; then
+    enabled_languages_v=$(echo ${enabled_languages_v:-$enabled_languages} | sed "s/qt/qt (Qt 5, Qt 6)/")
+elif test "$want_qt5" = "yes"; then
+    enabled_languages_v=$(echo ${enabled_languages_v:-$enabled_languages} | sed "s/qt/qt (Qt 5)/")
+elif test "$want_qt6" = "yes"; then
+    enabled_languages_v=$(echo ${enabled_languages_v:-$enabled_languages} | sed "s/qt/qt (Qt 6)/")
+fi
+
 echo "
        GPGME v${VERSION} has been configured as follows:

--- a/doc/gpgme.texi
+++ b/doc/gpgme.texi
@ -421,18 +421,28 @@ directory in which the header file is located to the compilers include
 file search path (via the @option{-I} option).

 However, the path to the include file is determined at the time the
-source is configured.  To solve this problem, gpgme ships with a small
-helper program @command{gpgme-config} that knows about the path to the
-include file and other configuration options.  The options that need
-to be added to the compiler invocation at compile time are output by
-the @option{--cflags} option to @command{gpgme-config}.  The following
-example shows how it can be used at the command line:
+source is configured.  To solve this problem, gpgme ships with
+@code{gpgme.pc} file, that knows about the path to the include file
+and other configuration options.  The command, @command{pkg-config},
+can be used to handle information with @code{gpgme.pc} file.  In an
+environment which doesn't have @command{pkg-config} (like the one in
+early stage of OS bootstrap), for Automake, you can use
+@code{gpgme.m4} which invokes @command{gpgrt-config} with
+@code{gpgme.pc}.  (In the past, gpgme used to ship with a small helper
+program @command{gpgme-config}.  This functionality of
+@command{gpgme-config} is replaced by @command{pkg-config} with
+@code{gpgme.pc} file.)
+
+The options that need to be added to the compiler invocation at
+compile time are output by the @option{--cflags} option to
+@command{pkg-config gpgme}.  The following example shows how it can be
+used at the command line:

@example
-gcc -c foo.c `gpgme-config --cflags`
+gcc -c foo.c `pkg-config --cflags gpgme`
@end example

-Adding the output of @samp{gpgme-config --cflags} to the compiler
+Adding the output of @samp{pkg-config --cflags gpgme} to the compiler
 command line will ensure that the compiler can find the
@acronym{GPGME} header file.

@ -440,36 +450,39 @@ A similar problem occurs when linking the program with the library.
 Again, the compiler has to find the library files.  For this to work,
 the path to the library files has to be added to the library search
 path (via the @option{-L} option).  For this, the option
-@option{--libs} to @command{gpgme-config} can be used.  For
+@option{--libs} to @command{pkg-config gpgme} can be used.  For
 convenience, this option also outputs all other options that are
 required to link the program with @acronym{GPGME} (in particular, the
@samp{-lgpgme} option).  The example shows how to link @file{foo.o}
 with the @acronym{GPGME} library to a program @command{foo}.

@example
-gcc -o foo foo.o `gpgme-config --libs`
+gcc -o foo foo.o `pkg-config --libs gpgme`
@end example

 Of course you can also combine both examples to a single command by
-specifying both options to @command{gpgme-config}:
+specifying both options to @command{pkg-config gpgme}:

@example
-gcc -o foo foo.c `gpgme-config --cflags --libs`
-@end example
-
-If you need to detect the installed language bindings you can use list
-them using:
-
-@example
-gpgme-config --print-lang
-@end example
-
-or test for the availability using
-
-@example
-gpgme-config --have-lang=python && echo 'Bindings for Pythons available'
+gcc -o foo foo.c `pkg-config --cflags --libs gpgme`
@end example

+@c
+@c Feature not available by pkg-config/gpgrt-config
+@c
+@c If you need to detect the installed language bindings you can use list
+@c them using:
+@c
+@c @example
+@c gpgme-config --print-lang
+@c @end example
+@c
+@c or test for the availability using
+@c
+@c @example
+@c gpgme-config --have-lang=python && echo 'Bindings for Pythons available'
+@c @end example
+@c

@node Largefile Support (LFS)
@section Largefile Support (LFS)
@ -538,7 +551,7 @@ convention for 32 bit Windows by using @code{long} there.
 and thus we are able to use @code{int64_t} instead of @code{off_t}
 there.  For easier migration the typedef @code{gpgme_off_t} has been
 defined.  The reason we cannot use @code{off_t} directly is that some
-toolchains (e.g. mingw64) introduce a POSIX compatible hack for
+toolchains (e.g., mingw64) introduce a POSIX compatible hack for
@code{off_t}.  Some widely used toolkits make use of this hack and in
 turn @acronym{GPGME} would need to use it also.  However, this would
 introduce an ABI break and existing software making use of libgpgme
@ -576,45 +589,52 @@ mode (@code{_LARGEFILE64_SOURCE}).
@cindex automake
@cindex autoconf

-It is much easier if you use GNU Automake instead of writing your own
-Makefiles.  If you do that you do not have to worry about finding and
-invoking the @command{gpgme-config} script at all.  @acronym{GPGME}
-provides an extension to Automake that does all the work for you.
+You can simply use @code{PKG_CHECK_MODULES} macro with @command{pkg-config}:
+@example
+PKG_CHECK_MODULES([GPGME], [gpgme >= 1.23.1])
+@end example
+
+Alternatively, instead of using @command{pkg-config}, for building on
+an environment with no pkg-config, @acronym{GPGME} provides an
+extension to Automake that does all the work for you.  Please note
+that it is required to have gpgrt-config from libgpg-error installed
+in this case.

@c A simple macro for optional variables.
@macro ovar{varname}
@r{[}@var{\varname\}@r{]}
@end macro
@defmac AM_PATH_GPGME (@ovar{minimum-version}, @ovar{action-if-found}, @ovar{action-if-not-found})
-@defmacx AM_PATH_GPGME_PTH (@ovar{minimum-version}, @ovar{action-if-found}, @ovar{action-if-not-found})
-@defmacx AM_PATH_GPGME_PTHREAD (@ovar{minimum-version}, @ovar{action-if-found}, @ovar{action-if-not-found})
 Check whether @acronym{GPGME} (at least version @var{minimum-version},
 if given) exists on the host system.  If it is found, execute
@var{action-if-found}, otherwise do @var{action-if-not-found}, if
 given.

+This macro locates for @code{gpgme.pc}, with cross-compile support.
+
 Additionally, the function defines @code{GPGME_CFLAGS} to the flags
 needed for compilation of the program to find the @file{gpgme.h}
 header file, and @code{GPGME_LIBS} to the linker flags needed to link
-the program to the @acronym{GPGME} library.  If the used helper script
-does not match the target type you are building for a warning is
-printed and the string @code{libgcrypt} is appended to the variable
-@code{gpg_config_script_warn}.
+the program to the @acronym{GPGME} library.
+@c
+@c If the used helper script does not match the target type you are
+@c building for a warning is printed and the string @code{gpgme} is
+@c appended to the variable @code{gpg_config_script_warn}.
+@c@c@c@c@c@c@c@c
+@c ^-- About this statement.
+@c In the past, this might happens, when it was configured by
+@c --with-*-prefix options, and it located the helper script for
+@c other target.  Cross-build by gpgrt-config has been improved
+@c (in different way), so it's not relevant now.
+@c

-@code{AM_PATH_GPGME_PTHREAD} checks for the version of @acronym{GPGME}
-that can be used with the native pthread implementation, and defines
-@code{GPGME_PTHREAD_CFLAGS} and @code{GPGME_PTHREAD_LIBS}. Since
-version 1.8.0 this is no longer required to GPGME_PTHREAD as
-@acronym{GPGME} itself is thread safe.

-This macro searches for @command{gpgme-config} along the PATH.  If
-you are cross-compiling, it is useful to set the environment variable
-@code{SYSROOT} to the top directory of your target.  The macro will
-then first look for the helper program in the @file{bin} directory
-below that top directory.  An absolute directory name must be used for
-@code{SYSROOT}.  Finally, if the configure command line option
-@code{--with-gpgme-prefix} is used, only its value is used for the top
-directory below which the helper script is expected.
+@code{AM_PATH_GPGME_PTHREAD} was provided to check for the version of
+@acronym{GPGME} with the native pthread implementation, and it defined
+@code{GPGME_PTHREAD_CFLAGS} and @code{GPGME_PTHREAD_LIBS}.  Since
+version 1.8.0 this is no longer necessary, as @acronym{GPGME} itself
+is thread safe.  Please use plain @code{AM_PATH_GPGME} instead, with
+@code{GPGME_CFLAGS} and @code{GPGME_LDFLAGS}.

@end defmac

@ -632,9 +652,8 @@ LDADD = $(GPGME_LIBS)
@cindex libtool

 The easiest way is to just use GNU Libtool.  If you use libtool, and
-link to @code{libgpgme.la}, @code{libgpgme-pth.la} or
-@code{libgpgme-pthread.la} respectively, everything will be done
-automatically by Libtool.
+link to @code{libgpgme.la}, everything will be done automatically by
+Libtool.


@node Library Version Check
@ -727,6 +746,13 @@ is not met, GPGME fails early instead of trying to use the existent
 version.  The given version must be a string with major, minor, and
 micro number.  Example: "2.1.0".

+@item inst-type
+The installation type is used to prefer a certain GnuPG installation.
+The value is interpreted as an integer: A value of 0 is ignored, a
+value of 1 indicates an installation scheme as used by Gpg4win, a
+value of 2 indicates an installation scheme as used by GnuPG Desktop
+on Windows.  All other values are reserved.
+
@item w32-inst-dir
 On Windows GPGME needs to know its installation directory to find its
 spawn helper.  This is in general no problem because a DLL has this
@ -961,6 +987,9 @@ Return the name of the directory with GnuPG shared data.
@item localedir
 Return the name of the directory with GnuPG locale data.

+@item socketdir
+Return the name of the directory with the following sockets.
+
@item agent-socket
 Return the name of the socket to connect to the gpg-agent.

@ -1004,6 +1033,9 @@ Return the name of the pinentry program.
@item gpg-wks-client-name
 Return the name of the Web Key Service tool.

+@item gpgtar-name
+Return the name of the gpgtar program.
+
@end table

@end deftypefun
@ -1278,8 +1310,8 @@ returned.

 The function @code{gpgme_pubkey_algo_string} is a convenience function
 to build and return an algorithm string in the same way GnuPG does
-(e.g. ``rsa2048'' or ``ed25519'').  The caller must free the result
-using @code{gpgme_free}.  On error (e.g. invalid argument or memory
+(e.g., ``rsa2048'' or ``ed25519'').  The caller must free the result
+using @code{gpgme_free}.  On error (e.g., invalid argument or memory
 exhausted), the function returns NULL and sets @code{ERRNO}.
@end deftypefun

@ -1623,6 +1655,11 @@ when requested.
@item GPG_ERR_CANCELED
 This value means that the operation was canceled.

+@item GPG_ERR_FULLY_CANCELED
+This value means that the operation was canceled. It is sometimes returned
+instead of @code{GPG_ERR_CANCELED} for internal reasons in GnuPG. You should
+treat both values identically.
+
@item GPG_ERR_INV_ENGINE
 This value means that the engine that implements the desired protocol
 is currently not available.  This can either be because the sources
@ -1764,7 +1801,7 @@ is used.

 On POSIX platforms the @code{gpgme_off_t} type is an alias for
@code{off_t}; it may be used interchangeable.  On Windows platforms
-@code{gpgme_off_t} is defined as a long (i.e. 32 bit) for 32 bit
+@code{gpgme_off_t} is defined as a long (i.e., 32 bit) for 32 bit
 Windows and as a 64 bit signed integer for 64 bit Windows.
@end deftp

@ -2173,6 +2210,11 @@ associated with the data object.  The file name will be stored in the
 output when encrypting or signing the data and will be returned to the
 user when decrypting or verifying the output data.

+If a signed or encrypted archive is created, then the file name will be
+interpreted as the base directory for the relative paths of the files and
+directories to put into the archive.  This corresponds to the --directory
+option of gpgtar.
+
 The function returns the error code @code{GPG_ERR_INV_VALUE} if
@var{dh} is not a valid pointer and @code{GPG_ERR_ENOMEM} if not
 enough memory is available.
@ -2195,7 +2237,7 @@ for a new data object.  The backend will try its best to detect the
 encoding automatically.

@item GPGME_DATA_ENCODING_BINARY
-This specifies that the data is encoding in binary form; i.e. there is
+This specifies that the data is encoding in binary form; i.e., there is
 no special encoding.

@item GPGME_DATA_ENCODING_BASE64
@ -2235,7 +2277,7 @@ characters percent escaped.  This mode is is not yet implemented.
@deftypefun gpgme_data_encoding_t gpgme_data_get_encoding (@w{gpgme_data_t @var{dh}})
 The function @code{gpgme_data_get_encoding} returns the encoding of
 the data object with the handle @var{dh}.  If @var{dh} is not a valid
-pointer (e.g. @code{NULL}) @code{GPGME_DATA_ENCODING_NONE} is
+pointer (e.g., @code{NULL}) @code{GPGME_DATA_ENCODING_NONE} is
 returned.
@end deftypefun

@ -2336,7 +2378,7 @@ The data is a PKCS#12 message.  This is commonly used to exchange
 private keys for X.509.
@end table

-@deftypefun gpgme_data_type_t gpgme_data_identify (@w{gpgme_data_t @var{dh}})
+@deftypefun gpgme_data_type_t gpgme_data_identify (@w{gpgme_data_t @var{dh}, int @var{reserved}})
@since{1.4.3}

 The function @code{gpgme_data_identify} returns the type of the data
@ -2346,6 +2388,7 @@ identification, the function returns zero
 object has been created the identification may not be possible or the
 data object may change its internal state (file pointer moved).  For
 file or memory based data object, the state should not change.
+@var{reserved} should be zero.
@end deftypefun


@ -2564,7 +2607,7 @@ addresses is not supported.

 The function @code{gpgme_set_sender} specifies the sender address for
 use in sign and verify operations.  @var{address} is expected to be
-the ``addr-spec'' part of an address but my also be a complete mailbox
+the ``addr-spec'' part of an address but may also be a complete mailbox
 address, in which case this function extracts the ``addr-spec'' from
 it.  Using @code{NULL} for @var{address} clears the sender address.

@ -2657,8 +2700,9 @@ for example completely disable the use of Dirmngr for any engine.

 For the CMS protocol the offline mode specifies whether Dirmngr shall
 be used to do additional validation that might require connecting
-external services (e.g. CRL / OCSP checks).  Here the offline mode
-only affects the keylist mode @code{GPGME_KEYLIST_MODE_VALIDATE}.
+external services (e.g., CRL / OCSP checks).  The offline mode is used
+for all operations on this context.  It has only an effect with
+GnuPG versions 2.1.6 or later.

 For the OpenPGP protocol offline mode entirely disables the use of the
 Dirmngr and will thus guarantee that no network connections are done
@ -2863,6 +2907,12 @@ option also makes sure that the keygrip is available in the output.
 The @code{GPGME_KEYLIST_MODE_EPHEMERAL} symbol specifies that keys
 flagged as ephemeral are included in the listing.

+@item GPGME_KEYLIST_MODE_WITH_V5FPR
+@since{1.23.0}
+
+The @code{GPGME_KEYLIST_MODE_WITH_V5FPR} symbol specifies that key
+listings shall also provide v5 style fingerprints for v4 OpenPGp keys.
+
@item GPGME_KEYLIST_MODE_VALIDATE
@since{0.4.5}

@ -3141,8 +3191,8 @@ The string given in @var{value} is passed to the GnuPG engine to override
 the session key for decryption.  The format of that session key is
 specific to GnuPG and can be retrieved during a decrypt operation when
 the context flag "export-session-key" is enabled.  Please be aware that
-using this feature with GnuPG < 2.1.16 will leak the session key on
-many platforms via ps(1).
+using this feature with GnuPG < 2.1.16 or when decrypting an archive
+will leak the session key on many platforms via ps(1).

@item "auto-key-retrieve"
 Setting the @var{value} to "1" asks the backend to automatically
@ -3229,6 +3279,17 @@ The string given in @var{value} is passed to the GnuPG engine to use as
 filter when importing keys.  Valid values are documented in the GnuPG
 manual and the gpg man page under the option @option{--import-filter}.

+@item "import-options"
+@since{1.24.0}
+The string given in @var{value} is passed to the GnuPG engine to use as
+options when importing keys.  Valid values are documented in the GnuPG
+manual and the gpg man page under the option @option{--import-options}.
+
+@item "no-auto-check-trustdb"
+@since{1.19.0}
+Setting the @var{value} to "1" forces the GPG backend to disable the
+automatic check of the trust database.
+
@end table

 This function returns @code{0} on success.
@ -3412,22 +3473,47 @@ listings if the key could not be validated due to missing
 certificates or unmatched policies.

@item unsigned int can_encrypt : 1
-This is true if the key (ie one of its subkeys) can be used for
-encryption.
+This is true if the key or one of its subkeys can be used for
+encryption and the encryption will likely succeed.

@item unsigned int can_sign : 1
-This is true if the key (ie one of its subkeys) can be used to create
-data signatures.
+This is true if the key or one of its subkeys can be used to create
+data signatures and the signing will likely succeed.

@item unsigned int can_certify : 1
-This is true if the key (ie one of its subkeys) can be used to create
+This is true if the key or one of its subkeys can be used to create
 key certificates.

@item unsigned int can_authenticate : 1
@since{0.4.5}

 This is true if the key (ie one of its subkeys) can be used for
-authentication.
+authentication and the authentication will likely succeed.
+
+@item unsigned int has_encrypt : 1
+@since{1.23.0}
+
+This is true if the key or one of its subkeys is capable of encryption.
+Note that this flag is set even if the key is expired.
+
+@item unsigned int has_sign : 1
+@since{1.23.0}
+
+This is true if the key or one of its subkeys is capable of signing.
+Note that this flag is set even if the key is expired.
+
+@item unsigned int has_certify : 1
+@since{1.23.0}
+
+This is true if the key or one of its subkeys is capable of
+certification.  Note that this flag is set even if the key is expired.
+
+@item unsigned int has_authenticate : 1
+@since{1.23.0}
+
+This is true if the key or one of its subkeys is capable of
+authentication.  Note that this flag is set even if the key is
+expired.

@item unsigned int is_qualified : 1
@since{1.1.0}
@ -3486,6 +3572,10 @@ be missing but this field may be set nevertheless.

 Reserved for the time of the last update of this key.

+@item gpgme_revocation_key_t revkeys
+@since{1.24.0}
+This is a linked list with the revocation keys for the key.
+
@end table
@end deftp

@ -3549,7 +3639,7 @@ Brainpool curve.

@item unsigned int secret : 1
 This is true if the subkey is a secret key.  Note that it will be
-false if the key is actually a stub key; i.e. a secret key operation
+false if the key is actually a stub key; i.e., a secret key operation
 is currently not possible (offline-key).  This is only set if a
 listing of secret keys has been requested or if
@code{GPGME_KEYLIST_MODE_WITH_SECRET} is active.
@ -3567,6 +3657,10 @@ This is the key ID of the subkey in hexadecimal digits.
 This is the fingerprint of the subkey in hexadecimal digits, if
 available.

+@item char *v5fpr
+For a v4 OpenPGP key this is its v5 style fingerprint of the subkey in
+hexadecimal digits, if available.
+
@item char *keygrip
@since{1.7.0}

@ -3824,6 +3918,37 @@ This is a linked list with the notation data and policy URLs.
@end deftp


+@deftp {Data type} gpgme_revocation_key_t
+@since{1.24.0}
+
+The @code{gpgme_revocation_key_t} type is a pointer to a revocation key
+structure.  Revocation key structures are one component of a
+@code{gpgme_key_t} object.  They provide information about the designated
+revocation keys for a key.
+
+The revocation key structure has the following members:
+
+@table @code
+@item gpgme_revocation_key_t next
+This is a pointer to the next revocation key structure in the linked list,
+or @code{NULL} if this is the last element.
+
+@item gpgme_pubkey_algo_t pubkey_algo
+This is the public key algorithm of the revocation key.
+
+@item char *fpr
+This is the fingerprint of the revocation_key in hexadecimal digits.
+
+@item unsigned int key_class
+This is the class of the revocation key signature subpacket.
+
+@item unsigned int sensitive : 1
+This is true if the revocation key is marked as sensitive.
+
+@end table
+@end deftp
+
+

@node Listing Keys
@subsection Listing Keys
@ -4188,7 +4313,7 @@ GnuPG.
@var{userid} is commonly the mail address associated with the key.
 GPGME does not require a specific syntax but if more than a mail
 address is given, RFC-822 style format is suggested.  The value is
-expected to be in UTF-8 encoding (i.e. no IDN encoding for mail
+expected to be in UTF-8 encoding (i.e., no IDN encoding for mail
 addresses).  This is a required parameter.

@var{algo} specifies the algorithm for the new key (actually a keypair
@ -4271,6 +4396,14 @@ override this check.

 Request generation of keys that do not expire.

+@item GPGME_CREATE_ADSK
+@since{1.24.0}
+
+Add an ADSK to the key.  With this flag @var{algo} is expected to be
+the hexified fingerprint of the ADSK to be added; this must be a
+subkey.  If the string "default" is used for @var{algo} the engine
+will add all ADSK as it would do for new keys.
+
@end table

 After the operation completed successfully, information about the
@ -4346,6 +4479,10 @@ values for timestamps and thus can only encode dates up to the year
@var{flags} takes the same values as described above for
@code{gpgme_op_createkey}.

+If the @code{GPGME_CREATE_ADSK} flag is set, the subkey fingerprint
+given in the @code{algo} parameter is added as an ADSK
+to the key.
+
 After the operation completed successfully, information about the
 created key can be retrieved with @code{gpgme_op_genkey_result}.

@ -4397,7 +4534,7 @@ requires at least version 2.1.13 of GnuPG.
 the mail address to be associated with the key.  GPGME does not
 require a specific syntax but if more than a mail address is given,
 RFC-822 style format is suggested.  The value is expected to be in
-UTF-8 encoding (i.e. no IDN encoding for mail addresses).  This is a
+UTF-8 encoding (i.e., no IDN encoding for mail addresses).  This is a
 required parameter.

@var{flags} are currently not used and must be set to zero.
@ -4606,7 +4743,7 @@ retrieved with @code{gpgme_op_genkey_result}.

 The function returns the error code @code{GPG_ERR_NO_ERROR} if the
 operation could be started successfully, @code{GPG_ERR_INV_VALUE} if
-@var{parms} is not a well-formed string (e.g. does not have the
+@var{parms} is not a well-formed string (e.g., does not have the
 expected tag-like headers and footers), @code{GPG_ERR_NOT_SUPPORTED}
 if @var{public} or @var{secret} is not valid, and
@code{GPG_ERR_GENERAL} if no key was created by the backend.
@ -5069,7 +5206,7 @@ The function @code{gpgme_op_import_keys} adds the keys described by
 the @code{NULL} terminated array @var{keys} to the key ring of the
 crypto engine used by @var{ctx}.  It is used to actually import and
 make keys permanent which have been retrieved from an external source
-(i.e. using @code{GPGME_KEYLIST_MODE_EXTERN}) earlier.  The external
+(i.e., using @code{GPGME_KEYLIST_MODE_EXTERN}) earlier.  The external
 keylisting must have been made with the same context configuration (in
 particular the same home directory).  @footnote{Thus it is a
 replacement for the usual workaround of exporting and then importing a
@ -5079,7 +5216,7 @@ require another access to the keyserver over the network.
 Only keys of the currently selected protocol of @var{ctx} are
 considered for import.  Other keys specified by the @var{keys} are
 ignored.  As of now all considered keys must have been retrieved using
-the same method, i.e. the used key listing mode must be identical.
+the same method, i.e., the used key listing mode must be identical.

 After the operation completed successfully, the result can be
 retrieved with @code{gpgme_op_import_result}.
@ -5151,7 +5288,7 @@ This is a pointer to the next status structure in the linked list, or

@item char *fpr
 This is the fingerprint of the key that was considered, or @code{NULL}
-if the fingerprint of the key is not known, e.g. because the key to
+if the fingerprint of the key is not known, e.g., because the key to
 import was encrypted and decryption failed.

@item gpgme_error_t result
@ -5299,16 +5436,19 @@ operation was started successfully, and @code{GPG_ERR_INV_VALUE} if
@var{ctx} or @var{key} is not a valid pointer.
@end deftypefun

-The following functions allow only to use one particular flag.
+The following functions allow only to use one particular flag.  Their
+use is thus deprecated.

@deftypefun gpgme_error_t gpgme_op_delete (@w{gpgme_ctx_t @var{ctx}}, @w{const gpgme_key_t @var{key}}, @w{int @var{allow_secret}})
 Similar to @code{gpgme_op_delete_ext}, but only the flag
-@code{GPGME_DELETE_ALLOW_SECRET} can be provided.
+@code{GPGME_DELETE_ALLOW_SECRET} can be provided.  Actually all true
+values are mapped to this flag.
@end deftypefun

@deftypefun gpgme_error_t gpgme_op_delete_start (@w{gpgme_ctx_t @var{ctx}}, @w{const gpgme_key_t @var{key}}, @w{int @var{allow_secret}})
 Similar to @code{gpgme_op_delete_ext_start}, but only the flag
-@code{GPGME_DELETE_ALLOW_SECRET} can be provided.
+@code{GPGME_DELETE_ALLOW_SECRET} can be provided.  Actually all true
+values are mapped to this flag.
@end deftypefun


@ -5550,7 +5690,10 @@ An error code describing the reason why the key was found invalid.

@deftypefun gpgme_error_t gpgme_op_decrypt (@w{gpgme_ctx_t @var{ctx}}, @w{gpgme_data_t @var{cipher}}, @w{gpgme_data_t @var{plain}})
 The function @code{gpgme_op_decrypt} decrypts the ciphertext in the
-data object @var{cipher} and stores it into the data object
+data object @var{cipher} or, if a file name is set on the data object,
+the ciphertext stored in the corresponding file.  The decrypted
+ciphertext is stored into the data object @var{plain} or written to
+the file set with @code{gpgme_data_set_file_name} for the data object
@var{plain}.

 The function returns the error code @code{GPG_ERR_NO_ERROR} if the
@ -5586,6 +5729,12 @@ The function @code{gpgme_op_decrypt_ext} is the same as
@code{gpgme_op_decrypt} but has an additional argument
@var{flags}.  If @var{flags} is 0 both function behave identically.

+If the flag @code{GPGME_DECRYPT_ARCHIVE} is set, then an encrypted
+archive in the data object @var{cipher} is decrypted and extracted.
+The content of the archive is extracted into a directory named
+@code{GPGARCH_n_} (where @code{n} is a number) or into the directory
+set with @code{gpgme_data_set_file_name} for the data object @var{plain}.
+
 The value in @var{flags} is a bitwise-or combination of one or
 multiple of the following bit values:

@ -5596,6 +5745,14 @@ multiple of the following bit values:
 The @code{GPGME_DECRYPT_VERIFY} symbol specifies that this function
 shall exactly act as @code{gpgme_op_decrypt_verify}.

+@item GPGME_DECRYPT_ARCHIVE
+@since{1.19.0}
+
+The @code{GPGME_DECRYPT_ARCHIVE} symbol specifies that the input is an
+encrypted archive that shall be decrypted and extracted.  This feature
+is currently only supported for the OpenPGP crypto engine and requires
+GnuPG 2.4.1.
+
@item GPGME_DECRYPT_UNWRAP
@since{1.8.0}

@ -5750,7 +5907,12 @@ detached signature, then the signed text should be provided in
 Otherwise, if @var{sig} is a normal (or cleartext) signature,
@var{signed_text} should be a null pointer and @var{plain} should be a
 writable data object that will contain the plaintext after successful
-verification.
+verification.  If a file name is set on the data object @var{sig} (or
+on the data object @var{signed_text}), then the data of the signature
+(resp. the data of the signed text) is not read from the data object
+but from the file with the given file name.  If a file name is set on
+the data object @var{plain} then the plaintext is not stored in the
+data object but it is written to a file with the given file name.

 The results of the individual signature verifications can be retrieved
 with @code{gpgme_op_verify_result}.
@ -5775,6 +5937,61 @@ operation could be started successfully, @code{GPG_ERR_INV_VALUE} if
 any data to verify.
@end deftypefun

+
+@deftypefun gpgme_error_t gpgme_op_verify_ext ( @
+            @w{gpgme_ctx_t @var{ctx}}, @
+            @w{gpgme_verify_flags_t @var{flags}}, @
+            @w{gpgme_data_t @var{sig}}, @
+            @w{gpgme_data_t @var{signed_text}}, @
+            @w{gpgme_data_t @var{plain}})
+
+The function @code{gpgme_op_verify_ext} is the same as
+@code{gpgme_op_verify} but has an additional argument
+@var{flags}.  If @var{flags} is 0 both function behave identically.
+
+If the flag @code{GPGME_VERIFY_ARCHIVE} is set, then a signed archive
+in the data object @var{sig} is verified and extracted. The content of
+the archive is extracted into a directory named @code{GPGARCH_n_}
+(where @code{n} is a number) or into the directory set with
+@code{gpgme_data_set_file_name} for the data object @var{plain}.
+
+The value in @var{flags} is a bitwise-or combination of one or
+multiple of the following bit values:
+
+@table @code
+@item GPGME_VERIFY_ARCHIVE
+@since{1.19.0}
+
+The @code{GPGME_VERIFY_ARCHIVE} symbol specifies that the input is a
+signed archive that shall be verified and extracted.  This feature
+is currently only supported for the OpenPGP crypto engine and requires
+GnuPG 2.4.1.
+
+@end table
+
+The function returns the error codes as descriped for
+@code{gpgme_op_decrypt} respective @code{gpgme_op_encrypt}.
+@end deftypefun
+
+@deftypefun gpgme_error_t gpgme_op_verify_ext_start ( @
+            @w{gpgme_ctx_t @var{ctx}}, @
+            @w{gpgme_verify_flags_t @var{flags}}, @
+            @w{gpgme_data_t @var{sig}}, @
+            @w{gpgme_data_t @var{signed_text}}, @
+            @w{gpgme_data_t @var{plain}})
+
+The function @code{gpgme_op_verify_ext_start} initiates a
+@code{gpgme_op_verify_ext} operation.  It can be completed by calling
+@code{gpgme_wait} on the context.  @xref{Waiting For Completion}.
+
+The function returns the error code @code{GPG_ERR_NO_ERROR} if the
+operation could be started successfully, @code{GPG_ERR_INV_VALUE} if
+@var{ctx}, @var{sig} or @var{plain} is not a valid pointer, and
+@code{GPG_ERR_NO_DATA} if @var{sig} or @var{plain} does not contain
+any data to verify.
+@end deftypefun
+
+
@deftp {Data type} {gpgme_sig_notation_t}
 This is a pointer to a structure used to store a part of the result of
 a @code{gpgme_op_verify} operation.  The structure contains the
@ -5874,7 +6091,7 @@ The defined bits are:

  @item GPGME_SIGSUM_RED
  The signature is bad. It might be useful to check other bits and
-  display more information, i.e. a revoked certificate might not render a
+  display more information, i.e., a revoked certificate might not render a
  signature invalid when the message was received prior to the cause for
  the revocation.

@ -6120,7 +6337,7 @@ functions in GPGME and GnuPG:

 Return the mail address (called ``addr-spec'' in RFC-5322) from the
 string @var{uid} which is assumed to be a user id (called ``address''
-in RFC-5322).  All plain ASCII characters (i.e. those with bit 7
+in RFC-5322).  All plain ASCII characters (i.e., those with bit 7
 cleared) in the result are converted to lowercase.  Caller must free
 the result using @code{gpgme_free}.  Returns @code{NULL} if no valid
 address was found (in which case @code{ERRNO} is set to @code{EINVAL})
@ -6207,16 +6424,48 @@ A detached signature is made.
@item GPGME_SIG_MODE_CLEAR
 A clear text signature is made.  The @acronym{ASCII} armor and text
 mode settings of the context are ignored.
+
+@item GPGME_SIG_MODE_ARCHIVE
+@since{1.19.0}
+
+A signed archive is created from the given files and directories.  This
+feature is currently only supported for the OpenPGP crypto engine and requires
+GnuPG 2.4.1.
+
+@item GPGME_SIG_MODE_FILE
+@since{1.24.0}
+
+The filename set with @code{gpgme_data_set_file_name} for the data object
+@var{plain} is passed to gpg, so that gpg reads the plaintext directly from
+this file instead of from the data object @var{plain}.  This flag can be
+combined with @code{GPGME_SIG_MODE_NORMAL}, @code{GPGME_SIG_MODE_DETACH},
+and @code{GPGME_SIG_MODE_CLEAR}, but not with @code{GPGME_SIG_MODE_ARCHIVE}.
+This feature is currently only supported for the OpenPGP crypto engine.
+
@end table
@end deftp

@deftypefun gpgme_error_t gpgme_op_sign (@w{gpgme_ctx_t @var{ctx}}, @w{gpgme_data_t @var{plain}}, @w{gpgme_data_t @var{sig}}, @w{gpgme_sig_mode_t @var{mode}})
 The function @code{gpgme_op_sign} creates a signature for the text in
 the data object @var{plain} and returns it in the data object
-@var{sig}.  The type of the signature created is determined by the
-@acronym{ASCII} armor (or, if that is not set, by the encoding
-specified for @var{sig}), the text mode attributes set for the context
-@var{ctx} and the requested signature mode @var{mode}.
+@var{sig} or writes it directly to the file set with
+@code{gpgme_data_set_file_name} for the data object @var{sig}.  The type
+of the signature created is determined by the @acronym{ASCII} armor (or,
+if that is not set, by the encoding specified for @var{sig}), the text
+mode attributes set for the context @var{ctx} and the requested signature
+mode @var{mode}.
+
+If the signature mode flag @code{GPGME_SIG_MODE_FILE} is set and a filename
+has been set with @code{gpgme_data_set_file_name} for the data object
+@var{plain}, then this filename is passed to gpg, so that gpg reads the
+plaintext directly from this file instead of from the data object @var{plain}.
+
+If signature mode @code{GPGME_SIG_MODE_ARCHIVE} is requested then a
+signed archive is created from the files and directories given as
+NUL-separated list in the data object @var{plain}.  The paths of the files
+and directories have to be given as paths relative to the current working
+directory or relative to the base directory set with
+@code{gpgme_data_set_file_name} for the data object @var{plain}.

 After the operation completed successfully, the result can be
 retrieved with @code{gpgme_op_sign_result}.
@ -6265,7 +6514,8 @@ The public key algorithm used to create this signature.
 The hash algorithm used to create this signature.

@item unsigned int sig_class
-The signature class of this signature.
+The signature class of this signature.  Note that only the values 0,
+1, and 2 are well-defined.

@item long int timestamp
 The creation timestamp of this signature.
@ -6383,10 +6633,26 @@ and then passed to the encryption operation.
@deftypefun gpgme_error_t gpgme_op_encrypt (@w{gpgme_ctx_t @var{ctx}}, @w{gpgme_key_t @var{recp}[]}, @w{gpgme_encrypt_flags_t @var{flags}}, @w{gpgme_data_t @var{plain}}, @w{gpgme_data_t @var{cipher}})
 The function @code{gpgme_op_encrypt} encrypts the plaintext in the
 data object @var{plain} for the recipients @var{recp} and stores the
-ciphertext in the data object @var{cipher}.  The type of the
-ciphertext created is determined by the @acronym{ASCII} armor (or, if
-that is not set, by the encoding specified for @var{cipher}) and the
-text mode attributes set for the context @var{ctx}.
+ciphertext in the data object @var{cipher} or writes it directly to the
+file set with @code{gpgme_data_set_file_name} for the data object
+@var{cipher}.  The type of the ciphertext created is determined by the
+@acronym{ASCII} armor (or, if that is not set, by the encoding specified
+for @var{cipher}) and the text mode attributes set for the context
+@var{ctx}.  If a filename has been set with @code{gpgme_data_set_file_name}
+for the data object @var{plain} then this filename is stored in the
+ciphertext.
+
+If the flag @code{GPGME_ENCRYPT_FILE} is set and a filename has been set
+with @code{gpgme_data_set_file_name} for the data object @var{plain},
+then this filename is passed to gpg, so that gpg reads the plaintext
+directly from this file instead of from the data object @var{plain}.
+
+If the flag @code{GPGME_ENCRYPT_ARCHIVE} is set, then an encrypted
+archive is created from the files and directories given as NUL-separated
+list in the data object @var{plain}.  The paths of the files and
+directories have to be given as paths relative to the current working
+directory or relative to the base directory set with
+@code{gpgme_data_set_file_name} for the data object @var{plain}.

@var{recp} must be a @code{NULL}-terminated array of keys.  The user
 must keep references for all keys during the whole duration of the
@ -6403,6 +6669,10 @@ recipients in @var{recp} should be trusted, even if the keys do not
 have a high enough validity in the keyring.  This flag should be used
 with care; in general it is not a good idea to use any untrusted keys.

+For the S/MIME (CMS) protocol this flag allows to encrypt to a
+certificate without running any checks on the validity of the
+certificate.
+
@item GPGME_ENCRYPT_NO_ENCRYPT_TO
@since{1.2.0}

@ -6422,7 +6692,7 @@ may reveal information about the plaintext.
@item GPGME_ENCRYPT_PREPARE
@itemx GPGME_ENCRYPT_EXPECT_SIGN
 The @code{GPGME_ENCRYPT_PREPARE} symbol is used with the UI Server
-protocol to prepare an encryption (i.e. sending the
+protocol to prepare an encryption (i.e., sending the
@code{PREP_ENCRYPT} command).  With the
@code{GPGME_ENCRYPT_EXPECT_SIGN} symbol the UI Server is advised to
 also expect a sign command.
@ -6463,6 +6733,23 @@ of now the key must be specified using the @var{recpstring} argument
 of the extended encrypt functions.  This feature is currently only
 supported for the OpenPGP crypto engine.

+@item GPGME_ENCRYPT_ARCHIVE
+@since{1.19.0}
+
+The @code{GPGME_ENCRYPT_ARCHIVE} symbol specifies that the input is a
+NUL-separated list of file paths and directory paths that shall be
+encrypted into an archive.  This feature is currently only supported
+for the OpenPGP crypto engine and requires GnuPG 2.4.1.
+
+@item GPGME_ENCRYPT_FILE
+@since{1.24.0}
+
+The @code{GPGME_ENCRYPT_FILE} symbol specifies that the filename set
+with @code{gpgme_data_set_file_name} for the data object @var{plain}
+is passed to gpg, so that gpg reads the plaintext directly from this
+file instead of from the data object @var{plain}.  This feature is
+currently only supported for the OpenPGP crypto engine.
+
@end table

 If @code{GPG_ERR_UNUSABLE_PUBKEY} is returned, some recipients in
@ -7798,6 +8085,15 @@ reveal sensitive details like passphrases or other data you use in
 your application.  If you are asked to send a log file, make sure that
 you run your tests only with play data.

+The trace function makes use of gpgrt's logging function and thus the
+special @file{socket://} and @file{tcp://} files may be used.  Because
+this conflicts with the use of colons to separate fields, the following
+hack is used: If the file name contains the string @code{^//} all
+carets are replaced by colons.  For example to log to TCP port 42042
+this can be used:
+@smallexample
+GPGME_DEBUG=5:tcp^//127.0.0.1^42042
+@end smallexample

@node Deprecated Functions
@appendix Deprecated Functions
--- a/doc/texinfo.tex
+++ b/doc/texinfo.tex
@ -498,7 +498,7 @@
 % \def\foo{\parsearg\Xfoo}
 % \def\Xfoo#1{...}
 %
-% Actually, I use \csname\string\foo\endcsname, ie. \\foo, as it is my
+% Actually, I use \csname\string\foo\endcsname, i.e. \\foo, as it is my
 % favourite TeX trick.  --kasal, 16nov03

 \def\parseargdef#1{%
--- a/lang/cpp/Makefile.am
+++ b/lang/cpp/Makefile.am
@ -18,6 +18,12 @@
 # License along with this program; if not, see <https://gnu.org/licenses/>.
 # SPDX-License-Identifier: LGPL-2.1-or-later

-SUBDIRS = src tests
+if RUN_GPG_TESTS
+tests = tests
+else
+tests =
+endif
+
+SUBDIRS = src ${tests}

 EXTRA_DIST = README
--- a/lang/cpp/src/Makefile.am
+++ b/lang/cpp/src/Makefile.am
@ -88,6 +88,14 @@ else
 libsuffix=.so
 endif

+copied_headers = $(gpgmepp_headers:%=gpgme++/%) $(interface_headers:%=gpgme++/%)
+
+$(copied_headers): Makefile.am
+	mkdir -p $(builddir)/gpgme++/interfaces
+	echo -n "#include \"$(abs_srcdir)" > "$@"
+	echo -n "$@" | sed "s/gpgme++//" >> "$@"
+	echo "\"" >> "$@"
+
 if HAVE_W32_SYSTEM
 GpgmeppConfig.cmake: GpgmeppConfig-w32.cmake.in
 	sed -e 's|[@]resolved_bindir@|$(bindir)|g' < "$<" | \
@ -115,5 +123,8 @@ install-data-local: install-cmake-files

 uninstall-local: uninstall-cmake-files

+BUILT_SOURCES = $(copied_headers)
+
 CLEANFILES = GpgmeppConfig.cmake GpgmeppConfigVersion.cmake \
-             gpgmepp_version.h GpgmeppConfig.cmake.in
+             gpgmepp_version.h GpgmeppConfig.cmake.in \
+             $(copied_headers)
--- a/lang/cpp/src/configuration.cpp
+++ b/lang/cpp/src/configuration.cpp
@ -257,158 +257,6 @@ Type Option::alternateType() const
    return isNull() ? NoType : static_cast<Type>(opt->alt_type) ;
 }

-#if 0
-static Option::Variant argument_to_variant(gpgme_conf_type_t type, bool list, gpgme_conf_arg_t arg)
-{
-    assert(arg);
-    switch (type) {
-    case GPGME_CONF_NONE:
-        if (list) {
-            // return the count (number of times set):
-            return arg->value.count;
-        } else {
-            return none;
-        }
-    case GPGME_CONF_INT32:
-        if (list) {
-            std::vector<int> result;
-            for (gpgme_conf_arg_t a = arg ; a ; a = a->next) {
-                result.push_back(a->value.int32);
-            }
-            return result;
-        } else {
-            return arg->value.int32;
-        }
-    case GPGME_CONF_UINT32:
-        if (list) {
-            std::vector<unsigned int> result;
-            for (gpgme_conf_arg_t a = arg ; a ; a = a->next) {
-                result.push_back(a->value.uint32);
-            }
-            return result;
-        } else {
-            return arg->value.uint32;
-        }
-    case GPGME_CONF_FILENAME:
-    case GPGME_CONF_LDAP_SERVER:
-    case GPGME_CONF_KEY_FPR:
-    case GPGME_CONF_PUB_KEY:
-    case GPGME_CONF_SEC_KEY:
-    case GPGME_CONF_ALIAS_LIST:
-    // these should not happen in alt_type, but fall through
-    case GPGME_CONF_STRING:
-        if (list) {
-            std::vector<const char *> result;
-            for (gpgme_conf_arg_t a = arg ; a ; a = a->next) {
-                result.push_back(a->value.string);
-            }
-            return result;
-        } else {
-            return arg->value.string;
-        }
-    }
-    assert(!"Option: unknown alt_type!");
-    return Option::Variant();
-}
-
-namespace
-{
-inline const void *to_void_star(const char *s)
-{
-    return s;
-}
-inline const void *to_void_star(const std::string &s)
-{
-    return s.c_str();
-}
-inline const void *to_void_star(const int &i)
-{
-    return &i;    // const-&: sic!
-}
-inline const void *to_void_star(const unsigned int &i)
-{
-    return &i;    // const-&: sic!
-}
-
-struct VariantToArgumentVisitor : boost::static_visitor<gpgme_conf_arg_t> {
-    static gpgme_conf_arg_t make_argument(gpgme_conf_type_t type, const void *value)
-    {
-        gpgme_conf_arg_t arg = 0;
-#ifdef HAVE_GPGME_CONF_ARG_NEW_WITH_CONST_VALUE
-        if (const gpgme_error_t err = gpgme_conf_arg_new(&arg, type, value)) {
-            return 0;
-        }
-#else
-        if (const gpgme_error_t err = gpgme_conf_arg_new(&arg, type, const_cast<void *>(value))) {
-            return 0;
-        }
-#endif
-        else {
-            return arg;
-        }
-    }
-
-    gpgme_conf_arg_t operator()(bool v) const
-    {
-        return v ? make_argument(0) : 0 ;
-    }
-
-    gpgme_conf_arg_t operator()(const char *s) const
-    {
-        return make_argument(s ? s : "");
-    }
-
-    gpgme_conf_arg_t operator()(const std::string &s) const
-    {
-        return operator()(s.c_str());
-    }
-
-    gpgme_conf_arg_t operator()(int i) const
-    {
-        return make_argument(&i);
-    }
-
-    gpgme_conf_arg_t operator()(unsigned int i) const
-    {
-        return make_argument(&i);
-    }
-
-    template <typename T>
-    gpgme_conf_arg_t operator()(const std::vector<T> &value) const
-    {
-        gpgme_conf_arg_t result = 0;
-        gpgme_conf_arg_t last = 0;
-        for (typename std::vector<T>::const_iterator it = value.begin(), end = value.end() ; it != end ; ++it) {
-            if (gpgme_conf_arg_t arg = make_argument(to_void_star(*it))) {
-                if (last) {
-                    last = last->next = arg;
-                } else {
-                    result = last = arg;
-                }
-            }
-        }
-        return result;
-    }
-
-};
-}
-
-static gpgme_conf_arg_t variant_to_argument(const Option::Variant &value)
-{
-    VariantToArgumentVisitor v;
-    return apply_visitor(v, value);
-}
-
-optional<Option::Variant> Option::defaultValue() const
-{
-    if (isNull()) {
-        return optional<Variant>();
-    } else {
-        return argument_to_variant(opt->alt_type, opt->flags & GPGME_CONF_LIST, opt->default_value);
-    }
-}
-#endif
-
 Argument Option::defaultValue() const
 {
    if (isNull()) {
--- a/lang/cpp/src/configuration.h
+++ b/lang/cpp/src/configuration.h
@ -98,8 +98,7 @@ public:
    explicit Component(const shared_gpgme_conf_comp_t &gpgme_comp)
        : comp(gpgme_comp) {}

-    // copy ctor is ok
-
+    Component(const Component &other) = default;
    const Component &operator=(const Component &other)
    {
        if (this != &other) {
@ -149,6 +148,7 @@ public:
    Option(const shared_gpgme_conf_comp_t &gpgme_comp, gpgme_conf_opt_t gpgme_opt)
        : comp(gpgme_comp), opt(gpgme_opt) {}

+    Option(const Option &other) = default;
    const Option &operator=(const Option &other)
    {
        if (this != &other) {
@ -190,7 +190,7 @@ public:

    /*! The value that is in the config file (or null, if it's not set). */
    Argument activeValue() const;
-    /*! The value that is in this object, ie. either activeValue(), newValue(), or defaultValue() */
+    /*! The value that is in this object, i.e. either activeValue(), newValue(), or defaultValue() */
    Argument currentValue() const;

    Argument newValue() const;
--- a/lang/cpp/src/context.cpp
+++ b/lang/cpp/src/context.cpp
@ -130,6 +130,13 @@ const char *Error::asString() const
    return mMessage.c_str();
 }

+std::string Error::asStdString() const
+{
+    std::string message;
+    format_error(static_cast<gpgme_error_t>(mErr), message);
+    return message;
+}
+
 int Error::code() const
 {
    return gpgme_err_code(mErr);
@ -142,16 +149,12 @@ int Error::sourceID() const

 bool Error::isCanceled() const
 {
-    return code() == GPG_ERR_CANCELED;
+    return code() == GPG_ERR_CANCELED || code() == GPG_ERR_FULLY_CANCELED;
 }

 int Error::toErrno() const
 {
-//#ifdef HAVE_GPGME_GPG_ERROR_WRAPPERS
    return gpgme_err_code_to_errno(static_cast<gpgme_err_code_t>(code()));
-//#else
-//    return gpg_err_code_to_errno( static_cast<gpg_err_code_t>( code() ) );
-//#endif
 }

 // static
@ -192,7 +195,7 @@ Error Error::fromCode(unsigned int err, unsigned int src)

 std::ostream &operator<<(std::ostream &os, const Error &err)
 {
-    return os << "GpgME::Error(" << err.encodedError() << " (" << err.asString() << "))";
+    return os << "GpgME::Error(" << err.encodedError() << " (" << err.asStdString() << "))";
 }

 Context::KeyListModeSaver::KeyListModeSaver(Context *ctx)
@ -1070,7 +1073,7 @@ DecryptionResult Context::decrypt(const Data &cipherText, Data &plainText, const
    const Data::Private *const cdp = cipherText.impl();
    Data::Private *const pdp = plainText.impl();
    d->lasterr = gpgme_op_decrypt_ext(d->ctx, static_cast<gpgme_decrypt_flags_t> (d->decryptFlags | flags), cdp ? cdp->data : nullptr, pdp ? pdp->data : nullptr);
-    return DecryptionResult(d->ctx, Error(d->lasterr));
+    return decryptionResult();
 }

 DecryptionResult Context::decrypt(const Data &cipherText, Data &plainText)
@ -1107,7 +1110,7 @@ VerificationResult Context::verifyDetachedSignature(const Data &signature, const
    const Data::Private *const sdp = signature.impl();
    const Data::Private *const tdp = signedText.impl();
    d->lasterr = gpgme_op_verify(d->ctx, sdp ? sdp->data : nullptr, tdp ? tdp->data : nullptr, nullptr);
-    return VerificationResult(d->ctx, Error(d->lasterr));
+    return verificationResult();
 }

 VerificationResult Context::verifyOpaqueSignature(const Data &signedData, Data &plainText)
@ -1116,7 +1119,7 @@ VerificationResult Context::verifyOpaqueSignature(const Data &signedData, Data &
    const Data::Private *const sdp = signedData.impl();
    Data::Private *const pdp = plainText.impl();
    d->lasterr = gpgme_op_verify(d->ctx, sdp ? sdp->data : nullptr, nullptr, pdp ? pdp->data : nullptr);
-    return VerificationResult(d->ctx, Error(d->lasterr));
+    return verificationResult();
 }

 Error Context::startDetachedSignatureVerification(const Data &signature, const Data &signedText)
@ -1138,9 +1141,18 @@ Error Context::startOpaqueSignatureVerification(const Data &signedData, Data &pl
 VerificationResult Context::verificationResult() const
 {
    if (d->lastop & Private::Verify) {
-        return VerificationResult(d->ctx, Error(d->lasterr));
+        const auto res = VerificationResult{d->ctx, Error(d->lasterr)};
+        if ((d->lastop == Private::DecryptAndVerify)
+            && (res.error().code() == GPG_ERR_NO_DATA)
+            && (res.numSignatures() > 0)) {
+            // ignore "no data" error for verification if there are signatures and
+            // the operation was a combined (tentative) decryption and verification
+            // because then "no data" just indicates that there was nothing to decrypt
+            return VerificationResult{d->ctx, Error{}};
+        }
+        return res;
    } else {
-        return VerificationResult();
+        return {};
    }
 }

@ -1151,8 +1163,7 @@ std::pair<DecryptionResult, VerificationResult> Context::decryptAndVerify(const
    Data::Private *const pdp = plainText.impl();
    d->lasterr = gpgme_op_decrypt_ext(d->ctx, static_cast<gpgme_decrypt_flags_t> (d->decryptFlags | flags | DecryptVerify),
                                      cdp ? cdp->data : nullptr, pdp ? pdp->data : nullptr);
-    return std::make_pair(DecryptionResult(d->ctx, Error(d->lasterr)),
-                          VerificationResult(d->ctx, Error(d->lasterr)));
+    return std::make_pair(decryptionResult(), verificationResult());
 }

 std::pair<DecryptionResult, VerificationResult> Context::decryptAndVerify(const Data &cipherText, Data &plainText)
@ -1278,14 +1289,25 @@ std::vector<Notation> Context::signatureNotations() const
    return result;
 }

-static gpgme_sig_mode_t sigmode2sigmode(SignatureMode mode)
+static gpgme_sig_mode_t sigflags2sigflags(SignatureMode flags)
 {
-    switch (mode) {
-    default:
-    case NormalSignatureMode: return GPGME_SIG_MODE_NORMAL;
-    case Detached:            return GPGME_SIG_MODE_DETACH;
-    case Clearsigned:         return GPGME_SIG_MODE_CLEAR;
+    unsigned int result = 0;
+    if (flags & SignatureMode::NormalSignatureMode) {
+        result |= GPGME_SIG_MODE_NORMAL;
    }
+    if (flags & SignatureMode::Detached) {
+        result |= GPGME_SIG_MODE_DETACH;
+    }
+    if (flags & SignatureMode::Clearsigned) {
+        result |= GPGME_SIG_MODE_CLEAR;
+    }
+    if (flags & SignatureMode::SignArchive) {
+        result |= GPGME_SIG_MODE_ARCHIVE;
+    }
+    if (flags & SignatureMode::SignFile) {
+        result |= GPGME_SIG_MODE_FILE;
+    }
+    return static_cast<gpgme_sig_mode_t>(result);
 }

 SigningResult Context::sign(const Data &plainText, Data &signature, SignatureMode mode)
@ -1293,7 +1315,7 @@ SigningResult Context::sign(const Data &plainText, Data &signature, SignatureMod
    d->lastop = Private::Sign;
    const Data::Private *const pdp = plainText.impl();
    Data::Private *const sdp = signature.impl();
-    d->lasterr = gpgme_op_sign(d->ctx, pdp ? pdp->data : nullptr, sdp ? sdp->data : nullptr, sigmode2sigmode(mode));
+    d->lasterr = gpgme_op_sign(d->ctx, pdp ? pdp->data : nullptr, sdp ? sdp->data : nullptr, sigflags2sigflags(mode));
    return SigningResult(d->ctx, Error(d->lasterr));
 }

@ -1302,7 +1324,7 @@ Error Context::startSigning(const Data &plainText, Data &signature, SignatureMod
    d->lastop = Private::Sign;
    const Data::Private *const pdp = plainText.impl();
    Data::Private *const sdp = signature.impl();
-    return Error(d->lasterr = gpgme_op_sign_start(d->ctx, pdp ? pdp->data : nullptr, sdp ? sdp->data : nullptr, sigmode2sigmode(mode)));
+    return Error(d->lasterr = gpgme_op_sign_start(d->ctx, pdp ? pdp->data : nullptr, sdp ? sdp->data : nullptr, sigflags2sigflags(mode)));
 }

 SigningResult Context::signingResult() const
@ -1335,6 +1357,21 @@ static gpgme_encrypt_flags_t encryptflags2encryptflags(Context::EncryptionFlags
    if (flags & Context::Symmetric) {
        result |= GPGME_ENCRYPT_SYMMETRIC;
    }
+    if (flags & Context::ThrowKeyIds) {
+        result |= GPGME_ENCRYPT_THROW_KEYIDS;
+    }
+    if (flags & Context::EncryptWrap) {
+        result |= GPGME_ENCRYPT_WRAP;
+    }
+    if (flags & Context::WantAddress) {
+        result |= GPGME_ENCRYPT_WANT_ADDRESS;
+    }
+    if (flags & Context::EncryptArchive) {
+        result |= GPGME_ENCRYPT_ARCHIVE;
+    }
+    if (flags & Context::EncryptFile) {
+        result |= GPGME_ENCRYPT_FILE;
+    }
    return static_cast<gpgme_encrypt_flags_t>(result);
 }

@ -1765,6 +1802,16 @@ Error Context::startRevokeSignature(const Key &key, const Key &signingKey,
                 key.impl(), signingKey.impl(), uids.c_str(), flags));
 }

+Error Context::addAdsk(const Key &k, const char *adsk)
+{
+    return Error(d->lasterr = gpgme_op_createsubkey(d->ctx, k.impl(), adsk, 0, 0, GPGME_CREATE_ADSK));
+}
+
+Error Context::startAddAdsk(const Key &k, const char *adsk)
+{
+    return Error(d->lasterr = gpgme_op_createsubkey_start(d->ctx, k.impl(), adsk, 0, 0, GPGME_CREATE_ADSK));
+}
+
 Error Context::setFlag(const char *name, const char *value)
 {
  return Error(d->lasterr = gpgme_set_ctx_flag(d->ctx, name, value));
@ -1886,7 +1933,8 @@ std::ostream &operator<<(std::ostream &os, KeyListMode mode)
 std::ostream &operator<<(std::ostream &os, SignatureMode mode)
 {
    os << "GpgME::SignatureMode(";
-    switch (mode) {
+#undef CHECK
+    switch (mode & (NormalSignatureMode|Detached|Clearsigned)) {
 #define CHECK( x ) case x: os << #x; break
        CHECK(NormalSignatureMode);
        CHECK(Detached);
@ -1896,6 +1944,10 @@ std::ostream &operator<<(std::ostream &os, SignatureMode mode)
        os << "???" "(" << static_cast<int>(mode) << ')';
        break;
    }
+#define CHECK( x ) if ( !(mode & (x)) ) {} else do { os << #x " "; } while (0)
+        CHECK(SignArchive);
+        CHECK(SignFile);
+#undef CHECK
    return os << ')';
 }

@ -1909,6 +1961,11 @@ std::ostream &operator<<(std::ostream &os, Context::EncryptionFlags flags)
    CHECK(ExpectSign);
    CHECK(NoCompress);
    CHECK(Symmetric);
+    CHECK(ThrowKeyIds);
+    CHECK(EncryptWrap);
+    CHECK(WantAddress);
+    CHECK(EncryptArchive);
+    CHECK(EncryptFile);
 #undef CHECK
    return os << ')';
 }
--- a/lang/cpp/src/context.h
+++ b/lang/cpp/src/context.h
@ -324,6 +324,9 @@ public:
    Error startRevokeSignature(const Key &key, const Key &signingKey,
                               const std::vector<UserID> &userIds = std::vector<UserID>());

+    Error addAdsk(const Key &k, const char *adsk);
+    Error startAddAdsk(const Key &k, const char *adsk);
+
    // using TofuInfo::Policy
    Error setTofuPolicy(const Key &k, unsigned int policy);
    Error setTofuPolicyStart(const Key &k, unsigned int policy);
@ -370,6 +373,7 @@ public:
        // Keep in line with core's flags
        DecryptNone = 0,
        DecryptVerify = 1,
+        DecryptArchive = 2,
        DecryptUnwrap = 128,
        DecryptMaxValue = 0x80000000
    };
@ -447,7 +451,10 @@ public:
        NoCompress = 16,
        Symmetric = 32,
        ThrowKeyIds = 64,
-        EncryptWrap = 128
+        EncryptWrap = 128,
+        WantAddress = 256,
+        EncryptArchive = 512,
+        EncryptFile = 1024
    };
    EncryptionResult encrypt(const std::vector<Key> &recipients, const Data &plainText, Data &cipherText, EncryptionFlags flags);
    GpgME::Error encryptSymmetrically(const Data &plainText, Data &cipherText);
--- a/lang/cpp/src/context_glib.cpp
+++ b/lang/cpp/src/context_glib.cpp
@ -1,41 +0,0 @@
-/*
-  context_glib.cpp - wraps a gpgme key context, gpgme-glib-specific functions
-  Copyright (C) 2007 Klarälvdalens Datakonsult AB
-  2016 Bundesamt für Sicherheit in der Informationstechnik
-  Software engineering by Intevation GmbH
-
-  This file is part of GPGME++.
-
-  GPGME++ is free software; you can redistribute it and/or
-  modify it under the terms of the GNU Library General Public
-  License as published by the Free Software Foundation; either
-  version 2 of the License, or (at your option) any later version.
-
-  GPGME++ is distributed in the hope that it will be useful,
-  but WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-  GNU Library General Public License for more details.
-
-  You should have received a copy of the GNU Library General Public License
-  along with GPGME++; see the file COPYING.LIB.  If not, write to the
-  Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
-  Boston, MA 02110-1301, USA.
-*/
-
-#ifdef HAVE_CONFIG_H
- #include "config.h"
-#endif
-
-#include <global.h>
-
-extern "C" GIOChannel *gpgme_get_fdptr(int);
-
-GIOChannel *GpgME::getGIOChannel(int fd)
-{
-    return gpgme_get_fdptr(fd);
-}
-
-QIODevice *GpgME::getQIODevice(int fd)
-{
-    return 0;
-}
--- a/lang/cpp/src/context_qt.cpp
+++ b/lang/cpp/src/context_qt.cpp
@ -1,41 +0,0 @@
-/*
-  context_qt.cpp - wraps a gpgme key context, gpgme-qt-specific functions
-  Copyright (C) 2007 Klarälvdalens Datakonsult AB
-  2016 Bundesamt für Sicherheit in der Informationstechnik
-  Software engineering by Intevation GmbH
-
-  This file is part of GPGME++.
-
-  GPGME++ is free software; you can redistribute it and/or
-  modify it under the terms of the GNU Library General Public
-  License as published by the Free Software Foundation; either
-  version 2 of the License, or (at your option) any later version.
-
-  GPGME++ is distributed in the hope that it will be useful,
-  but WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-  GNU Library General Public License for more details.
-
-  You should have received a copy of the GNU Library General Public License
-  along with GPGME++; see the file COPYING.LIB.  If not, write to the
-  Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
-  Boston, MA 02110-1301, USA.
-*/
-
-#ifdef HAVE_CONFIG_H
- #include "config.h"
-#endif
-
-#include <global.h>
-
-extern "C" QIODevice *gpgme_get_fdptr(int);
-
-GIOChannel *GpgME::getGIOChannel(int)
-{
-    return 0;
-}
-
-QIODevice *GpgME::getQIODevice(int fd)
-{
-    return gpgme_get_fdptr(fd);
-}
--- a/lang/cpp/src/data.cpp
+++ b/lang/cpp/src/data.cpp
@ -217,6 +217,11 @@ GpgME::Error GpgME::Data::setFileName(const char *name)
    return Error(gpgme_data_set_file_name(d->data, name));
 }

+GpgME::Error GpgME::Data::setFileName(const std::string &name)
+{
+    return Error(gpgme_data_set_file_name(d->data, name.c_str()));
+}
+
 ssize_t GpgME::Data::read(void *buffer, size_t length)
 {
    return gpgme_data_read(d->data, buffer, length);
@ -275,3 +280,14 @@ std::string GpgME::Data::toString()
  seek (0, SEEK_SET);
  return ret;
 }
+
+GpgME::Error GpgME::Data::setFlag(const char *name, const char *value)
+{
+    return Error(gpgme_data_set_flag(d->data, name, value));
+}
+
+GpgME::Error GpgME::Data::setSizeHint(uint64_t size)
+{
+    const std::string val = std::to_string(size);
+    return Error(gpgme_data_set_flag(d->data, "size-hint", val.c_str()));
+}
--- a/lang/cpp/src/data.h
+++ b/lang/cpp/src/data.h
@ -27,6 +27,7 @@
 #include "key.h"

 #include <sys/types.h> // for size_t, off_t
+#include <cstdint> // unit64_t
 #include <cstdio> // FILE
 #include <algorithm>
 #include <memory>
@ -60,6 +61,7 @@ public:

    static const Null null;

+    Data(const Data &other) = default;
    const Data &operator=(Data other)
    {
        swap(other);
@ -105,6 +107,7 @@ public:

    char *fileName() const;
    Error setFileName(const char *name);
+    Error setFileName(const std::string &name);

    ssize_t read(void *buffer, size_t length);
    ssize_t write(const void *buffer, size_t length);
@ -120,6 +123,12 @@ public:
    /** Return a copy of the data as std::string. Sets seek pos to 0 */
    std::string toString();

+    /** See gpgme_data_set_flag */
+    Error setFlag(const char *name, const char *value);
+
+    /** Set a size hint for this data e.g. for progress calculations. */
+    Error setSizeHint(uint64_t size);
+
    class Private;
    Private *impl()
    {
--- a/lang/cpp/src/decryptionresult.cpp
+++ b/lang/cpp/src/decryptionresult.cpp
@ -122,6 +122,11 @@ bool GpgME::DecryptionResult::isDeVs() const
    return d && d->res.is_de_vs;
 }

+bool GpgME::DecryptionResult::isMime() const
+{
+    return d && d->res.is_mime;
+}
+
 const char *GpgME::DecryptionResult::fileName() const
 {
    return d ? d->res.file_name : nullptr ;
--- a/lang/cpp/src/decryptionresult.h
+++ b/lang/cpp/src/decryptionresult.h
@ -47,6 +47,7 @@ public:
    DecryptionResult(gpgme_ctx_t ctx, const Error &err);
    explicit DecryptionResult(const Error &err);

+    DecryptionResult(const DecryptionResult &other) = default;
    const DecryptionResult &operator=(DecryptionResult other)
    {
        swap(other);
@ -74,6 +75,7 @@ public:
    }
    bool isWrongKeyUsage() const;
    bool isDeVs() const;
+    bool isMime() const;

    const char *fileName() const;

@ -103,6 +105,7 @@ public:
    Recipient();
    explicit Recipient(gpgme_recipient_t reci);

+    Recipient(const Recipient &other) = default;
    const Recipient &operator=(Recipient other)
    {
        swap(other);
--- a/lang/cpp/src/defaultassuantransaction.cpp
+++ b/lang/cpp/src/defaultassuantransaction.cpp
@ -30,8 +30,6 @@
 #include "error.h"
 #include "data.h"

-#include <sstream>
-
 using namespace GpgME;

 DefaultAssuanTransaction::DefaultAssuanTransaction()
--- a/lang/cpp/src/defaultassuantransaction.h
+++ b/lang/cpp/src/defaultassuantransaction.h
@ -25,7 +25,7 @@
 #ifndef __GPGMEPP_DEFAULTASSUANTRANSACTION_H__
 #define __GPGMEPP_DEFAULTASSUANTRANSACTION_H__

-#include <interfaces/assuantransaction.h>
+#include "interfaces/assuantransaction.h"

 #include <string>
 #include <vector>
--- a/lang/cpp/src/editinteractor.cpp
+++ b/lang/cpp/src/editinteractor.cpp
@ -52,6 +52,7 @@ using namespace GpgME;

 static const char *status_to_string(unsigned int status);
 static Error status_to_error(unsigned int status);
+static Error parse_sc_op_failure(const char *args);

 class EditInteractor::Private
 {
@ -96,7 +97,19 @@ public:

            // advance to next state based on input:
            const unsigned int oldState = ei->state;
-            ei->state = ei->q->nextState(status, args, err);
+
+            if (ei->q->needsNoResponse(status)) {
+                // keep state
+            } else if (status == GPGME_STATUS_ERROR) {
+                err = ei->q->parseStatusError(args);
+                ei->state = EditInteractor::ErrorState;
+            } else if (status == GPGME_STATUS_SC_OP_FAILURE) {
+                err = parse_sc_op_failure(args);
+                ei->state = EditInteractor::ErrorState;
+            } else {
+                ei->state = ei->q->nextState(status, args, err);
+            }
+
            if (ei->debug) {
                std::fprintf(ei->debug, "EditInteractor: %u -> nextState( %s, %s ) -> %u\n",
                             oldState, status_to_string(status), args ? args : "<null>", ei->state);
@ -125,7 +138,7 @@ public:
                        if (writeAll(fd, result, len) != len) {
                            err = Error::fromSystemError();
                            if (ei->debug) {
-                                std::fprintf(ei->debug, "EditInteractor: Could not write to fd %d (%s)\n", fd, err.asString());
+                                std::fprintf(ei->debug, "EditInteractor: Could not write to fd %d (%s)\n", fd, err.asStdString().c_str());
                            }
                            goto error;
                        }
@ -134,7 +147,7 @@ public:
                    if (writeAll(fd, "\n", 1) != 1) {
                        err = Error::fromSystemError();
                        if (ei->debug) {
-                            std::fprintf(ei->debug, "EditInteractor: Could not write to fd %d (%s)\n", fd, err.asString());
+                            std::fprintf(ei->debug, "EditInteractor: Could not write to fd %d (%s)\n", fd, err.asStdString().c_str());
                        }
                        goto error;
                    }
@ -271,6 +284,38 @@ GpgME::Error EditInteractor::parseStatusError(const char *args)
    return err;
 }

+static Error sc_op_failure_to_error(unsigned int status)
+{
+    switch (status) {
+    case 1:
+        // GPG_ERR_CANCELED or GPG_ERR_FULLY_CANCELED
+        return Error::fromCode(GPG_ERR_CANCELED);
+    case 2:
+        // GPG_ERR_BAD_PIN or GPG_ERR_BAD_RESET_CODE [sic]
+        return Error::fromCode(GPG_ERR_BAD_PIN);
+    case 3:
+        return Error::fromCode(GPG_ERR_PIN_BLOCKED);
+    case 4:
+        return Error::fromCode(GPG_ERR_NO_RESET_CODE);
+    }
+    return Error::fromCode(GPG_ERR_CARD);
+}
+
+// static
+Error parse_sc_op_failure(const char *args)
+{
+    Error err;
+
+    const auto fields = split(args, ' ');
+    if (fields.size() >= 1) {
+        err = sc_op_failure_to_error(static_cast<unsigned int>(std::stoul(fields[0])));
+    } else {
+        err = Error::fromCode(GPG_ERR_CARD);
+    }
+
+    return err;
+}
+
 static const char *const status_strings[] = {
    "EOF",
    /* mkstatus processing starts here */
--- a/lang/cpp/src/encryptionresult.h
+++ b/lang/cpp/src/encryptionresult.h
@ -48,6 +48,7 @@ public:
    EncryptionResult(gpgme_ctx_t ctx, const Error &error);
    EncryptionResult(const Error &err);

+    EncryptionResult(const EncryptionResult &other) = default;
    const EncryptionResult &operator=(EncryptionResult other)
    {
        swap(other);
@ -83,6 +84,7 @@ class GPGMEPP_EXPORT InvalidRecipient
 public:
    InvalidRecipient();

+    InvalidRecipient(const InvalidRecipient &other) = default;
    const InvalidRecipient &operator=(InvalidRecipient other)
    {
        swap(other);
--- a/lang/cpp/src/engineinfo.h
+++ b/lang/cpp/src/engineinfo.h
@ -69,6 +69,76 @@ public:
            }
        }

+        bool operator < (const Version& other) const
+        {
+            if (major > other.major ||
+                (major == other.major && minor > other.minor) ||
+                (major == other.major && minor == other.minor && patch > other.patch) ||
+                (major >= other.major && minor >= other.minor && patch >= other.patch)) {
+                return false;
+            }
+            return true;
+        }
+
+        bool operator < (const char* other) const
+        {
+            return operator<(Version(other));
+        }
+
+        bool operator <= (const Version &other) const
+        {
+            return !operator>(other);
+        }
+
+        bool operator <= (const char *other) const
+        {
+            return operator<=(Version(other));
+        }
+
+        bool operator > (const char* other) const
+        {
+            return operator>(Version(other));
+        }
+
+        bool operator > (const Version & other) const
+        {
+            return !operator<(other) && !operator==(other);
+        }
+
+        bool operator >= (const Version &other) const
+        {
+            return !operator<(other);
+        }
+
+        bool operator >= (const char *other) const
+        {
+            return operator>=(Version(other));
+        }
+
+        bool operator == (const Version& other) const
+        {
+            return major == other.major
+                && minor == other.minor
+                && patch == other.patch;
+        }
+
+        bool operator == (const char* other) const
+        {
+            return operator==(Version(other));
+        }
+
+        bool operator != (const Version &other) const
+        {
+            return !operator==(other);
+        }
+
+        bool operator != (const char *other) const
+        {
+            return operator!=(Version(other));
+        }
+
+        // the non-const overloads of the comparison operators are kept for
+        // binary compatibility
        bool operator < (const Version& other)
        {
            if (major > other.major ||
@ -151,6 +221,7 @@ public:
    EngineInfo();
    explicit EngineInfo(gpgme_engine_info_t engine);

+    EngineInfo(const EngineInfo &other) = default;
    const EngineInfo &operator=(EngineInfo other)
    {
        swap(other);
--- a/lang/cpp/src/error.h
+++ b/lang/cpp/src/error.h
@ -47,7 +47,11 @@ public:
    explicit Error(unsigned int e) : mErr(e), mMessage() {}

    const char *source() const;
-    const char *asString() const;
+    /* This function is deprecated. Use asStdString() instead. asString() may
+     * return wrongly encoded (i.e. not UTF-8) results on Windows for the main
+     * thread if the function was first called from a secondary thread. */
+    GPGMEPP_DEPRECATED const char *asString() const;
+    std::string asStdString() const;

    int code() const;
    int sourceID() const;
--- a/lang/cpp/src/global.h
+++ b/lang/cpp/src/global.h
@ -74,7 +74,13 @@ enum KeyListMode {
    KeyListModeMask = 0x3ff
 };

-enum SignatureMode { NormalSignatureMode, Detached, Clearsigned };
+enum SignatureMode {
+    NormalSignatureMode = 0,
+    Detached = 1,
+    Clearsigned = 2,
+    SignArchive = 4,
+    SignFile = 8,
+};

 enum class RevocationReason {
    Unspecified = 0,
@ -103,7 +109,7 @@ homedir, sysconfdir, bindir, libexecdir, libdir,
 datadir, localedir, agent-socket, agent-ssh-socket,
 dirmngr-socket, uiserver-socket, gpgconf-name, gpg-name,
 gpgsm-name, g13-name, keyboxd-name, agent-name, scdaemon-name,
-dirmngr-name, pinentry-name, socketdir.
+dirmngr-name, pinentry-name, socketdir, gpg-wks-client-name, gpgtar-name.

 This may be extended in the future.
 */
--- a/lang/cpp/src/gpgaddexistingsubkeyeditinteractor.cpp
+++ b/lang/cpp/src/gpgaddexistingsubkeyeditinteractor.cpp
@ -105,10 +105,6 @@ unsigned int GpgAddExistingSubkeyEditInteractor::Private::nextState(unsigned int
    static const Error NO_KEY_ERROR = Error::fromCode(GPG_ERR_NO_KEY);
    static const Error INV_TIME_ERROR = Error::fromCode(GPG_ERR_INV_TIME);

-    if (q->needsNoResponse(status)) {
-        return q->state();
-    }
-
    switch (q->state()) {
    case START:
        if (status == GPGME_STATUS_GET_LINE &&
@ -136,7 +132,7 @@ unsigned int GpgAddExistingSubkeyEditInteractor::Private::nextState(unsigned int
                strcmp(args, "keygen.flags") == 0) {
            return FLAGS;
        } else if (status == GPGME_STATUS_GET_LINE &&
-                   strcmp(args, "keygen.keygrip")) {
+                   strcmp(args, "keygen.keygrip") == 0) {
            err = NO_KEY_ERROR;
            return ERROR;
        }
@ -157,7 +153,7 @@ unsigned int GpgAddExistingSubkeyEditInteractor::Private::nextState(unsigned int
                strcmp(args, "keyedit.prompt") == 0) {
            return QUIT;
        } else if (status == GPGME_STATUS_GET_LINE &&
-                   strcmp(args, "keygen.valid")) {
+                   strcmp(args, "keygen.valid") == 0) {
            err = INV_TIME_ERROR;
            return ERROR;
        }
--- a/lang/cpp/src/gpgadduserideditinteractor.cpp
+++ b/lang/cpp/src/gpgadduserideditinteractor.cpp
@ -120,10 +120,6 @@ unsigned int GpgAddUserIDEditInteractor::nextState(unsigned int status, const ch
    static const Error INV_EMAIL_ERROR   = Error::fromCode(GPG_ERR_INV_USER_ID);
    static const Error INV_COMMENT_ERROR = Error::fromCode(GPG_ERR_INV_USER_ID);

-    if (needsNoResponse(status)) {
-        return state();
-    }
-
    using namespace GpgAddUserIDEditInteractor_Private;

    switch (state()) {
--- a/lang/cpp/src/gpgadduserideditinteractor.h
+++ b/lang/cpp/src/gpgadduserideditinteractor.h
@ -25,7 +25,7 @@
 #ifndef __GPGMEPP_GPGADDUSERIDEDITINTERACTOR_H__
 #define __GPGMEPP_GPGADDUSERIDEDITINTERACTOR_H__

-#include <editinteractor.h>
+#include "editinteractor.h"

 #include <string>

--- a/lang/cpp/src/gpgagentgetinfoassuantransaction.cpp
+++ b/lang/cpp/src/gpgagentgetinfoassuantransaction.cpp
@ -33,8 +33,6 @@

 #include <assert.h>

-#include <sstream>
-
 using namespace GpgME;

 GpgAgentGetInfoAssuanTransaction::GpgAgentGetInfoAssuanTransaction(InfoItem item)
--- a/lang/cpp/src/gpgagentgetinfoassuantransaction.h
+++ b/lang/cpp/src/gpgagentgetinfoassuantransaction.h
@ -25,7 +25,7 @@
 #ifndef __GPGMEPP_GPGAGENTGETINFOASSUANTRANSACTION_H__
 #define __GPGMEPP_GPGAGENTGETINFOASSUANTRANSACTION_H__

-#include <interfaces/assuantransaction.h>
+#include "interfaces/assuantransaction.h"

 #include <string>
 #include <vector>
--- a/lang/cpp/src/gpggencardkeyinteractor.cpp
+++ b/lang/cpp/src/gpggencardkeyinteractor.cpp
@ -36,16 +36,17 @@ using namespace GpgME;
 class GpgGenCardKeyInteractor::Private
 {
 public:
-    Private() : keysize("2048"), backup(false), algo(RSA)
+    Private() : keysize("2048")
    {
-
    }
+
    std::string name, email, backupFileName, expiry, serial, keysize;
-    bool backup;
-    Algo algo;
+    bool backup = false;
+    Algo algo = RSA;
+    std::string curve;
 };

-GpgGenCardKeyInteractor::~GpgGenCardKeyInteractor() {}
+GpgGenCardKeyInteractor::~GpgGenCardKeyInteractor() = default;

 GpgGenCardKeyInteractor::GpgGenCardKeyInteractor(const std::string &serial):
    d(new Private)
@ -88,6 +89,15 @@ void GpgGenCardKeyInteractor::setAlgo(Algo algo)
    d->algo = algo;
 }

+void GpgGenCardKeyInteractor::setCurve(Curve curve)
+{
+    if (curve == DefaultCurve) {
+        d->curve.clear();
+    } else if (curve >= 1 && curve <= LastCurve) {
+        d->curve = std::to_string(static_cast<int>(curve));
+    }
+}
+
 namespace GpgGenCardKeyInteractor_Private
 {
 enum {
@ -141,7 +151,7 @@ const char *GpgGenCardKeyInteractor::action(Error &err) const
    case KEY_CURVE1:
    case KEY_CURVE2:
    case KEY_CURVE3:
-        return "1"; // Only cv25519 supported.
+        return d->curve.empty() ? "1" : d->curve.c_str(); // default is Curve25519
    case NAME:
        return d->name.c_str();
    case EMAIL:
@ -182,10 +192,6 @@ unsigned int GpgGenCardKeyInteractor::nextState(unsigned int status, const char
    static const Error INV_EMAIL_ERROR   = Error::fromCode(GPG_ERR_INV_USER_ID);
    static const Error INV_COMMENT_ERROR = Error::fromCode(GPG_ERR_INV_USER_ID);

-    if (needsNoResponse(status)) {
-        return state();
-    }
-
    using namespace GpgGenCardKeyInteractor_Private;

    switch (state()) {
--- a/lang/cpp/src/gpggencardkeyinteractor.h
+++ b/lang/cpp/src/gpggencardkeyinteractor.h
@ -24,7 +24,7 @@
 #ifndef __GPGMEPP_GPGGENCARDKEYEDITINTERACTOR_H__
 #define __GPGMEPP_GPGGENCARDKEYEDITINTERACTOR_H__

-#include <editinteractor.h>
+#include "editinteractor.h"

 #include <string>
 #include <memory>
@ -58,10 +58,27 @@ public:

    enum Algo {
        RSA = 1,
-        ECC = 2
+        ECC = 2,
    };
    void setAlgo(Algo algo);

+    // the enum values minus 1 have to match the indexes of the curves used by
+    // ask_curve() in gnupg's g10/keygen.c
+    enum Curve {
+        DefaultCurve = 0, // currently Curve25519
+        Curve25519 = 1,
+        Curve448,
+        NISTP256,
+        NISTP384,
+        NISTP521,
+        BrainpoolP256,
+        BrainpoolP384,
+        BrainpoolP512,
+        Secp256k1,
+        LastCurve = Secp256k1,
+    };
+    void setCurve(Curve curve);
+
    std::string backupFileName() const;

 private:
--- a/lang/cpp/src/gpgmefw.h
+++ b/lang/cpp/src/gpgmefw.h
@ -75,4 +75,7 @@ typedef struct _gpgme_tofu_info *gpgme_tofu_info_t;
 struct _gpgme_op_query_swdb_result;
 typedef struct _gpgme_op_query_swdb_result *gpgme_query_swdb_result_t;

+struct _gpgme_revocation_key;
+typedef struct _gpgme_revocation_key *gpgme_revocation_key_t;
+
 #endif // __GPGMEPP_GPGMEFW_H__
--- a/lang/cpp/src/gpgrevokekeyeditinteractor.cpp
+++ b/lang/cpp/src/gpgrevokekeyeditinteractor.cpp
@ -31,7 +31,6 @@

 #include <gpgme.h>

-#include <sstream>
 #include <vector>

 // avoid conflict (msvc)
@ -112,14 +111,6 @@ unsigned int GpgRevokeKeyEditInteractor::Private::nextState(unsigned int status,

    static const Error GENERAL_ERROR = Error::fromCode(GPG_ERR_GENERAL);

-    if (q->needsNoResponse(status)) {
-        return q->state();
-    }
-
-    if (status == GPGME_STATUS_ERROR) {
-        err = q->parseStatusError(args);
-        return ERROR;
-    }
    switch (const auto state = q->state()) {
    case START:
        if (status == GPGME_STATUS_GET_LINE &&
@ -146,7 +137,7 @@ unsigned int GpgRevokeKeyEditInteractor::Private::nextState(unsigned int status,
        if (status == GPGME_STATUS_GET_LINE &&
                strcmp(args, "ask_revocation_reason.text") == 0) {
            nextLine++;
-            return nextLine < reasonLines.size() ? REASON_TEXT : REASON_TEXT_DONE;
+            return static_cast<std::size_t>(nextLine) < reasonLines.size() ? REASON_TEXT : REASON_TEXT_DONE;
        }
        err = GENERAL_ERROR;
        return ERROR;
@ -155,7 +146,7 @@ unsigned int GpgRevokeKeyEditInteractor::Private::nextState(unsigned int status,
            if (status == GPGME_STATUS_GET_LINE &&
                    strcmp(args, "ask_revocation_reason.text") == 0) {
                nextLine++;
-                return nextLine < reasonLines.size() ? state + 1 : REASON_TEXT_DONE;
+                return static_cast<std::size_t>(nextLine) < reasonLines.size() ? state + 1 : REASON_TEXT_DONE;
            }
        }
        err = GENERAL_ERROR;
--- a/lang/cpp/src/gpgsetexpirytimeeditinteractor.cpp
+++ b/lang/cpp/src/gpgsetexpirytimeeditinteractor.cpp
@ -94,10 +94,6 @@ unsigned int GpgSetExpiryTimeEditInteractor::nextState(unsigned int status, cons
    static const Error GENERAL_ERROR  = Error::fromCode(GPG_ERR_GENERAL);
    static const Error INV_TIME_ERROR = Error::fromCode(GPG_ERR_INV_TIME);

-    if (needsNoResponse(status)) {
-        return state();
-    }
-
    using namespace GpgSetExpiryTimeEditInteractor_Private;

    switch (state()) {
--- a/lang/cpp/src/gpgsetexpirytimeeditinteractor.h
+++ b/lang/cpp/src/gpgsetexpirytimeeditinteractor.h
@ -25,7 +25,7 @@
 #ifndef __GPGMEPP_GPGSETEXPIRYTIMEEDITINTERACTOR_H__
 #define __GPGMEPP_GPGSETEXPIRYTIMEEDITINTERACTOR_H__

-#include <editinteractor.h>
+#include "editinteractor.h"

 #include <string>

--- a/lang/cpp/src/gpgsetownertrusteditinteractor.cpp
+++ b/lang/cpp/src/gpgsetownertrusteditinteractor.cpp
@ -98,10 +98,6 @@ unsigned int GpgSetOwnerTrustEditInteractor::nextState(unsigned int status, cons
    static const Error GENERAL_ERROR = Error::fromCode(GPG_ERR_GENERAL);
    //static const Error INV_TIME_ERROR = Error::fromCode( GPG_ERR_INV_TIME );

-    if (needsNoResponse(status)) {
-        return state();
-    }
-
    using namespace GpgSetOwnerTrustEditInteractor_Private;

    switch (state()) {
--- a/lang/cpp/src/gpgsetownertrusteditinteractor.h
+++ b/lang/cpp/src/gpgsetownertrusteditinteractor.h
@ -25,8 +25,8 @@
 #ifndef __GPGMEPP_GPGSETOWNERTRUSTEDITINTERACTOR_H__
 #define __GPGMEPP_GPGSETOWNERTRUSTEDITINTERACTOR_H__

-#include <editinteractor.h>
-#include <key.h>
+#include "editinteractor.h"
+#include "key.h"

 #include <string>

--- a/lang/cpp/src/gpgsignkeyeditinteractor.cpp
+++ b/lang/cpp/src/gpgsignkeyeditinteractor.cpp
@ -170,6 +170,7 @@ enum SignKeyState {
    CONFIRM2,
    DUPE_OK,
    DUPE_OK2,
+    REJECT_SIGN_EXPIRED,
    QUIT,
    SAVE,
    ERROR = EditInteractor::ErrorState
@ -193,6 +194,7 @@ static GpgSignKeyEditInteractor_Private::TransitionMap makeTable()
 #define addEntry( s1, status, str, s2 ) tab[std::make_tuple( s1, status, str)] = s2
    addEntry(START, GET_LINE, "keyedit.prompt", COMMAND);
    addEntry(COMMAND, GET_BOOL, "keyedit.sign_all.okay", UIDS_ANSWER_SIGN_ALL);
+    addEntry(COMMAND, GET_BOOL, "sign_uid.expired_okay", REJECT_SIGN_EXPIRED);
    addEntry(COMMAND, GET_BOOL, "sign_uid.okay", CONFIRM);
    addEntry(COMMAND, GET_BOOL, "sign_uid.local_promote_okay", CONFIRM2);
    addEntry(COMMAND, GET_BOOL, "sign_uid.dupe_okay", DUPE_OK);
@ -228,6 +230,7 @@ static GpgSignKeyEditInteractor_Private::TransitionMap makeTable()
    addEntry(DUPE_OK, GET_BOOL, "sign_uid.dupe_okay", DUPE_OK2);
    addEntry(DUPE_OK2, GET_BOOL, "sign_uid.dupe_okay", DUPE_OK);
    addEntry(CONFIRM, GET_LINE, "keyedit.prompt", QUIT);
+    addEntry(REJECT_SIGN_EXPIRED, GET_LINE, "keyedit.prompt", QUIT);
    addEntry(ERROR, GET_LINE, "keyedit.prompt", QUIT);
    addEntry(QUIT, GET_BOOL, "keyedit.save.okay", SAVE);
 #undef addEntry
@ -263,6 +266,9 @@ const char *GpgSignKeyEditInteractor::action(Error &err) const
    case CONFIRM2:
    case CONFIRM:
        return answer(true);
+    case REJECT_SIGN_EXPIRED:
+        err = Error::fromCode(GPG_ERR_KEY_EXPIRED);
+        return answer(false);
    case QUIT:
        return "quit";
    case SAVE:
@ -298,9 +304,6 @@ unsigned int GpgSignKeyEditInteractor::nextState(unsigned int status, const char
    static const Error GENERAL_ERROR = Error::fromCode(GPG_ERR_GENERAL);
    //static const Error INV_TIME_ERROR = Error::fromCode( GPG_ERR_INV_TIME );
    static const TransitionMap table(makeTable());
-    if (needsNoResponse(status)) {
-        return state();
-    }

    using namespace GpgSignKeyEditInteractor_Private;

--- a/lang/cpp/src/gpgsignkeyeditinteractor.h
+++ b/lang/cpp/src/gpgsignkeyeditinteractor.h
@ -25,7 +25,7 @@
 #ifndef __GPGMEPP_GPGSIGNKEYEDITINTERACTOR_H__
 #define __GPGMEPP_GPGSIGNKEYEDITINTERACTOR_H__

-#include <editinteractor.h>
+#include "editinteractor.h"

 #include <string>
 #include <vector>
--- a/lang/cpp/src/importresult.cpp
+++ b/lang/cpp/src/importresult.cpp
@ -152,17 +152,17 @@ void GpgME::ImportResult::mergeWith(const ImportResult &other)
        }
        // was this key also considered during the first import
        const auto consideredInFirstImports =
-            std::any_of(std::begin(d->imports), std::end(d->imports), [fpr](const auto i) {
+            std::any_of(std::begin(d->imports), std::end(d->imports), [fpr](const gpgme_import_status_t i) {
                return i->fpr && !strcmp(i->fpr, fpr);
            });
        // did we see this key already in the list of keys of the other import
        const auto consideredInPreviousOtherImports =
-            std::any_of(std::begin(other.d->imports), it, [fpr](const auto i) {
+            std::any_of(std::begin(other.d->imports), it, [fpr](const gpgme_import_status_t i) {
                return i->fpr && !strcmp(i->fpr, fpr);
            });
        // was anything added to this key during the other import
        const auto changedInOtherImports =
-            std::any_of(std::begin(other.d->imports), std::end(other.d->imports), [fpr](const auto i) {
+            std::any_of(std::begin(other.d->imports), std::end(other.d->imports), [fpr](const gpgme_import_status_t i) {
                return i->fpr && !strcmp(i->fpr, fpr) && (i->status != 0);
            });
        if (consideredInFirstImports && !consideredInPreviousOtherImports) {
@ -177,15 +177,15 @@ void GpgME::ImportResult::mergeWith(const ImportResult &other)

        // now do the same for the secret key counts
        const auto secretKeyConsideredInFirstImports =
-            std::any_of(std::begin(d->imports), std::end(d->imports), [fpr](const auto i) {
+            std::any_of(std::begin(d->imports), std::end(d->imports), [fpr](const gpgme_import_status_t i) {
                return i->fpr && !strcmp(i->fpr, fpr) && (i->status & GPGME_IMPORT_SECRET);
            });
        const auto secretKeyConsideredInPreviousOtherImports =
-            std::any_of(std::begin(other.d->imports), it, [fpr](const auto i) {
+            std::any_of(std::begin(other.d->imports), it, [fpr](const gpgme_import_status_t i) {
                return i->fpr && !strcmp(i->fpr, fpr) && (i->status & GPGME_IMPORT_SECRET);
            });
        const auto secretKeyChangedInOtherImports =
-            std::any_of(std::begin(other.d->imports), std::end(other.d->imports), [fpr](const auto i) {
+            std::any_of(std::begin(other.d->imports), std::end(other.d->imports), [fpr](const gpgme_import_status_t i) {
                return i->fpr && !strcmp(i->fpr, fpr) && (i->status & GPGME_IMPORT_SECRET) && (i->status != GPGME_IMPORT_SECRET);
            });
        if (secretKeyConsideredInFirstImports && !secretKeyConsideredInPreviousOtherImports) {
@ -204,7 +204,7 @@ void GpgME::ImportResult::mergeWith(const ImportResult &other)
    d->imports.reserve(d->imports.size() + other.d->imports.size());
    std::transform(std::begin(other.d->imports), std::end(other.d->imports),
                   std::back_inserter(d->imports),
-                   [](const auto import) {
+                   [](const gpgme_import_status_t import) {
                       gpgme_import_status_t copy = new _gpgme_import_status{*import};
                       if (import->fpr) {
                           copy->fpr = strdup(import->fpr);
--- a/lang/cpp/src/importresult.h
+++ b/lang/cpp/src/importresult.h
@ -47,6 +47,7 @@ public:
    ImportResult(gpgme_ctx_t ctx, const Error &error);
    explicit ImportResult(const Error &error);

+    ImportResult(const ImportResult &other) = default;
    const ImportResult &operator=(ImportResult other)
    {
        swap(other);
@ -106,6 +107,7 @@ class GPGMEPP_EXPORT Import
 public:
    Import();

+    Import(const Import &other) = default;
    const Import &operator=(Import other)
    {
        swap(other);
--- a/lang/cpp/src/interfaces/assuantransaction.h
+++ b/lang/cpp/src/interfaces/assuantransaction.h
@ -26,7 +26,7 @@
 #ifndef __GPGMEPP_INTERFACES_ASSUANTRANSACTION_H__
 #define __GPGMEPP_INTERFACES_ASSUANTRANSACTION_H__

-#include "gpgmepp_export.h"
+#include "../gpgmepp_export.h"

 #include <stddef.h>

--- a/lang/cpp/src/interfaces/dataprovider.h
+++ b/lang/cpp/src/interfaces/dataprovider.h
@ -27,7 +27,7 @@

 #include <sys/types.h>

-#include "gpgmepp_export.h"
+#include "../gpgmepp_export.h"

 #include <gpg-error.h>

--- a/lang/cpp/src/interfaces/statusconsumer.h
+++ b/lang/cpp/src/interfaces/statusconsumer.h
@ -24,7 +24,7 @@
 #ifndef __GPGMEPP_INTERFACES_STATUSCONSUMER_H__
 #define __GPGMEPP_INTERFACES_STATUSCONSUMER_H__

-#include "gpgmepp_export.h"
+#include "../gpgmepp_export.h"

 namespace GpgME
 {
--- a/lang/cpp/src/key.cpp
+++ b/lang/cpp/src/key.cpp
@ -122,6 +122,37 @@ std::vector<Subkey> Key::subkeys() const
    return v;
 }

+RevocationKey Key::revocationKey(unsigned int index) const
+{
+    return RevocationKey(key, index);
+}
+
+unsigned int Key::numRevocationKeys() const
+{
+    if (!key) {
+        return 0;
+    }
+    unsigned int count = 0;
+    for (auto revkey = key->revocation_keys; revkey; revkey = revkey->next) {
+        ++count;
+    }
+    return count;
+}
+
+std::vector<RevocationKey> Key::revocationKeys() const
+{
+    if (!key) {
+        return std::vector<RevocationKey>();
+    }
+
+    std::vector<RevocationKey> v;
+    v.reserve(numRevocationKeys());
+    for (auto revkey = key->revocation_keys; revkey; revkey = revkey->next) {
+        v.push_back(RevocationKey(key, revkey));
+    }
+    return v;
+}
+
 Key::OwnerTrust Key::ownerTrust() const
 {
    if (!key) {
@ -208,17 +239,12 @@ bool Key::canEncrypt() const

 bool Key::canSign() const
 {
-#ifndef GPGME_CAN_SIGN_ON_SECRET_OPENPGP_KEYLISTING_NOT_BROKEN
-    if (key && key->protocol == GPGME_PROTOCOL_OpenPGP) {
-        return true;
-    }
-#endif
-    return canReallySign();
+    return key && key->can_sign;
 }

 bool Key::canReallySign() const
 {
-    return key && key->can_sign;
+    return canSign();
 }

 bool Key::canCertify() const
@ -252,6 +278,26 @@ bool Key::isDeVs() const
    return true;
 }

+bool Key::hasCertify() const
+{
+    return key && key->has_certify;
+}
+
+bool Key::hasSign() const
+{
+    return key && key->has_sign;
+}
+
+bool Key::hasEncrypt() const
+{
+    return key && key->has_encrypt;
+}
+
+bool Key::hasAuthenticate() const
+{
+    return key && key->has_authenticate;
+}
+
 const char *Key::issuerSerial() const
 {
    return key ? key->issuer_serial : nullptr ;
@ -515,6 +561,21 @@ bool Subkey::canAuthenticate() const
    return subkey && subkey->can_authenticate;
 }

+bool Subkey::canRenc() const
+{
+    return subkey && subkey->can_renc;
+}
+
+bool Subkey::canTimestamp() const
+{
+    return subkey && subkey->can_timestamp;
+}
+
+bool Subkey::isGroupOwned() const
+{
+    return subkey && subkey->is_group_owned;
+}
+
 bool Subkey::isQualified() const
 {
    return subkey && subkey->is_qualified;
@ -1226,6 +1287,68 @@ bool UserID::Signature::isBad() const
    return isNull() || isExpired() || isInvalid();
 }

+//
+//
+// class RevocationKey
+//
+//
+
+static gpgme_revocation_key_t find_revkey(const shared_gpgme_key_t &key, unsigned int idx)
+{
+    if (key) {
+        for (gpgme_revocation_key_t s = key->revocation_keys; s; s = s->next, --idx) {
+            if (idx == 0) {
+                return s;
+            }
+        }
+    }
+    return nullptr;
+}
+
+static gpgme_revocation_key_t verify_revkey(const shared_gpgme_key_t &key, gpgme_revocation_key_t revkey)
+{
+    if (key) {
+        for (gpgme_revocation_key_t s = key->revocation_keys; s; s = s->next) {
+            if (s == revkey) {
+                return revkey;
+            }
+        }
+    }
+    return nullptr;
+}
+
+RevocationKey::RevocationKey() : key(), revkey(nullptr) {}
+
+RevocationKey::RevocationKey(const shared_gpgme_key_t &k, unsigned int idx)
+    : key(k), revkey(find_revkey(k, idx))
+{
+}
+
+RevocationKey::RevocationKey(const shared_gpgme_key_t &k, gpgme_revocation_key_t sk)
+    : key(k), revkey(verify_revkey(k, sk))
+{
+}
+
+Key RevocationKey::parent() const
+{
+    return Key(key);
+}
+
+const char *RevocationKey::fingerprint() const
+{
+    return revkey ? revkey->fpr : nullptr;
+}
+
+bool RevocationKey::isSensitive() const
+{
+    return revkey ? revkey->sensitive : false;
+}
+
+int RevocationKey::algorithm() const
+{
+    return revkey ? revkey->pubkey_algo : 0;
+}
+
 std::ostream &operator<<(std::ostream &os, const UserID &uid)
 {
    os << "GpgME::UserID(";
@ -1261,7 +1384,10 @@ std::ostream &operator<<(std::ostream &os, const Subkey &subkey)
           << "\n canEncrypt:    " << subkey.canEncrypt()
           << "\n canCertify:    " << subkey.canCertify()
           << "\n canAuth:       " << subkey.canAuthenticate()
+           << "\n canRenc:       " << subkey.canRenc()
+           << "\n canTimestanp:  " << subkey.canTimestamp()
           << "\n isSecret:      " << subkey.isSecret()
+           << "\n isGroupOwned:  " << subkey.isGroupOwned()
           << "\n isQualified:   " << subkey.isQualified()
           << "\n isDeVs:        " << subkey.isDeVs()
           << "\n isCardKey:     " << subkey.isCardKey()
@ -1279,7 +1405,7 @@ std::ostream &operator<<(std::ostream &os, const Key &key)
           << "\n issuer:     " << protect(key.issuerName())
           << "\n fingerprint:" << protect(key.primaryFingerprint())
           << "\n listmode:   " << key.keyListMode()
-           << "\n canSign:    " << key.canReallySign()
+           << "\n canSign:    " << key.canSign()
           << "\n canEncrypt: " << key.canEncrypt()
           << "\n canCertify: " << key.canCertify()
           << "\n canAuth:    " << key.canAuthenticate()
@ -1292,6 +1418,20 @@ std::ostream &operator<<(std::ostream &os, const Key &key)
        const std::vector<Subkey> subkeys = key.subkeys();
        std::copy(subkeys.begin(), subkeys.end(),
                  std::ostream_iterator<Subkey>(os, "\n"));
+        os << " revocationKeys:\n";
+        const std::vector<RevocationKey> revkeys = key.revocationKeys();
+        std::copy(revkeys.begin(), revkeys.end(),
+                  std::ostream_iterator<RevocationKey>(os, "\n"));
+    }
+    return os << ')';
+}
+
+std::ostream &operator<<(std::ostream &os, const RevocationKey &revkey)
+{
+    os << "GpgME::RevocationKey(";
+    if (!revkey.isNull()) {
+        os << "\n fingerprint: " << protect(revkey.fingerprint())
+           << "\n isSensitive: " << revkey.isSensitive();
    }
    return os << ')';
 }
--- a/lang/cpp/src/key.h
+++ b/lang/cpp/src/key.h
@ -44,6 +44,7 @@ class Context;
 class Subkey;
 class UserID;
 class TofuInfo;
+class RevocationKey;

 typedef std::shared_ptr< std::remove_pointer<gpgme_key_t>::type > shared_gpgme_key_t;

@ -71,6 +72,7 @@ public:

    static const Null null;

+    Key(const Key &other) = default;
    const Key &operator=(Key other)
    {
        swap(other);
@ -99,6 +101,10 @@ public:
    std::vector<UserID> userIDs() const;
    std::vector<Subkey> subkeys() const;

+    RevocationKey revocationKey(unsigned int index) const;
+    unsigned int numRevocationKeys() const;
+    std::vector<RevocationKey> revocationKeys() const;
+
    bool isRevoked() const;
    bool isExpired() const;
    bool isDisabled() const;
@ -108,22 +114,31 @@ public:
     *                          isDisabled || isInvalid */
    bool isBad() const;

+    /** Returns true, if the key can be used for encryption (i.e. it's not bad
+     *  and has an encryption subkey) or if the primary subkey can encrypt. */
    bool canEncrypt() const;
-    /*!
-      This function contains a workaround for old gpgme's: all secret
-      OpenPGP keys canSign() == true, which canReallySign() doesn't
-      have. I don't have time to find what breaks when I remove this
-      workaround, but since Kleopatra merges secret into public keys,
-      the workaround is not necessary there (and actively harms), I've
-      added a new function instead.
-     */
+    /** Returns true, if the key can be used for signing (i.e. it's not bad
+     *  and has a signing subkey) or if the primary subkey can sign. */
    bool canSign() const;
-    bool canReallySign() const;
+    GPGMEPP_DEPRECATED bool canReallySign() const;
+    /** Returns true, if the key can be used for certification (i.e. it's not bad
+     *  and has a certification subkey) or if the primary subkey can certify. */
    bool canCertify() const;
+    /** Returns true, if the key can be used for authentication (i.e. it's not bad
+     *  and has a authentication subkey) or if the primary subkey can authenticate. */
    bool canAuthenticate() const;
    bool isQualified() const;
    bool isDeVs() const;

+    /** Returns true, if the key has a certification subkey. */
+    bool hasCertify() const;
+    /** Returns true, if the key has a signing subkey. */
+    bool hasSign() const;
+    /** Returns true, if the key has an encryption subkey. */
+    bool hasEncrypt() const;
+    /** Returns true, if the key has an authentication subkey. */
+    bool hasAuthenticate() const;
+
    bool hasSecret() const;
    GPGMEPP_DEPRECATED bool isSecret() const
    {
@ -228,6 +243,7 @@ public:
    Subkey(const shared_gpgme_key_t &key, gpgme_sub_key_t subkey);
    Subkey(const shared_gpgme_key_t &key, unsigned int idx);

+    Subkey(const Subkey &other) = default;
    const Subkey &operator=(Subkey other)
    {
        swap(other);
@ -268,6 +284,9 @@ public:
    bool canSign() const;
    bool canCertify() const;
    bool canAuthenticate() const;
+    bool canRenc() const;
+    bool canTimestamp() const;
+    bool isGroupOwned() const;
    bool isQualified() const;
    bool isDeVs() const;
    bool isCardKey() const;
@ -341,6 +360,7 @@ public:
    UserID(const shared_gpgme_key_t &key, gpgme_user_id_t uid);
    UserID(const shared_gpgme_key_t &key, unsigned int idx);

+    UserID(const UserID &other) = default;
    const UserID &operator=(UserID other)
    {
        swap(other);
@ -459,6 +479,7 @@ public:
    Signature(const shared_gpgme_key_t &key, gpgme_user_id_t uid, gpgme_key_sig_t sig);
    Signature(const shared_gpgme_key_t &key, gpgme_user_id_t uid, unsigned int idx);

+    Signature(const Signature &other) = default;
    const Signature &operator=(Signature other)
    {
        swap(other);
@ -531,9 +552,53 @@ private:
    gpgme_key_sig_t sig;
 };

+//
+// class RevocationKey
+//
+
+class GPGMEPP_EXPORT RevocationKey
+{
+public:
+    RevocationKey();
+    RevocationKey(const shared_gpgme_key_t &key, gpgme_revocation_key_t revkey);
+    RevocationKey(const shared_gpgme_key_t &key, unsigned int idx);
+
+    // Rule of Zero
+
+    void swap(RevocationKey &other)
+    {
+        using std::swap;
+        swap(this->key, other.key);
+        swap(this->revkey, other.revkey);
+    }
+
+    bool isNull() const
+    {
+        return !key || !revkey;
+    }
+
+    Key parent() const;
+
+    const char *fingerprint() const;
+
+    bool isSensitive() const;
+
+    int algorithm() const;
+
+private:
+    shared_gpgme_key_t key;
+    gpgme_revocation_key_t revkey;
+};
+
+inline void swap(RevocationKey& v1, RevocationKey& v2)
+{
+    v1.swap(v2);
+}
+
 GPGMEPP_EXPORT std::ostream &operator<<(std::ostream &os, const UserID &uid);
 GPGMEPP_EXPORT std::ostream &operator<<(std::ostream &os, const Subkey &subkey);
 GPGMEPP_EXPORT std::ostream &operator<<(std::ostream &os, const Key &key);
+GPGMEPP_EXPORT std::ostream &operator<<(std::ostream &os, const RevocationKey &revkey);

 } // namespace GpgME

--- a/lang/cpp/src/keygenerationresult.h
+++ b/lang/cpp/src/keygenerationresult.h
@ -44,6 +44,7 @@ public:
    KeyGenerationResult(gpgme_ctx_t ctx, const Error &error);
    explicit KeyGenerationResult(const Error &err);

+    KeyGenerationResult(const KeyGenerationResult &other) = default;
    const KeyGenerationResult &operator=(KeyGenerationResult other)
    {
        swap(other);
--- a/lang/cpp/src/keylistresult.h
+++ b/lang/cpp/src/keylistresult.h
@ -45,6 +45,7 @@ public:
    explicit KeyListResult(const Error &err);
    KeyListResult(const Error &err, const _gpgme_op_keylist_result &res);

+    KeyListResult(const KeyListResult &other) = default;
    const KeyListResult &operator=(KeyListResult other)
    {
        swap(other);
--- a/lang/cpp/src/notation.h
+++ b/lang/cpp/src/notation.h
@ -44,6 +44,7 @@ public:
    Notation();
    explicit Notation(gpgme_sig_notation_t nota);

+    Notation(const Notation &other) = default;
    const Notation &operator=(Notation other)
    {
        swap(other);
--- a/lang/cpp/src/scdgetinfoassuantransaction.cpp
+++ b/lang/cpp/src/scdgetinfoassuantransaction.cpp
@ -31,7 +31,6 @@
 #include "data.h"
 #include "util.h"

-#include <sstream>
 #include <assert.h>

 using namespace GpgME;
--- a/lang/cpp/src/scdgetinfoassuantransaction.h
+++ b/lang/cpp/src/scdgetinfoassuantransaction.h
@ -25,7 +25,7 @@
 #ifndef __GPGMEPP_SCDGETINFOASSUANTRANSACTION_H__
 #define __GPGMEPP_SCDGETINFOASSUANTRANSACTION_H__

-#include <interfaces/assuantransaction.h>
+#include "interfaces/assuantransaction.h"

 #include <string>
 #include <vector>
--- a/lang/cpp/src/signingresult.cpp
+++ b/lang/cpp/src/signingresult.cpp
@ -199,6 +199,8 @@ GpgME::SignatureMode GpgME::CreatedSignature::mode() const
    case GPGME_SIG_MODE_NORMAL: return NormalSignatureMode;
    case GPGME_SIG_MODE_DETACH: return Detached;
    case GPGME_SIG_MODE_CLEAR:  return Clearsigned;
+    case GPGME_SIG_MODE_ARCHIVE: return SignArchive; // cannot happen
+    case GPGME_SIG_MODE_FILE:   return SignFile; // cannot happen
    }
 }

--- a/lang/cpp/src/signingresult.h
+++ b/lang/cpp/src/signingresult.h
@ -50,6 +50,7 @@ public:
    SigningResult(gpgme_ctx_t ctx, const Error &error);
    explicit SigningResult(const Error &err);

+    SigningResult(const SigningResult &other) = default;
    const SigningResult &operator=(SigningResult other)
    {
        swap(other);
@ -86,6 +87,7 @@ class GPGMEPP_EXPORT InvalidSigningKey
 public:
    InvalidSigningKey();

+    InvalidSigningKey(const InvalidSigningKey &other) = default;
    const InvalidSigningKey &operator=(InvalidSigningKey other)
    {
        swap(other);
@ -119,6 +121,7 @@ public:

    CreatedSignature();

+    CreatedSignature(const CreatedSignature &other) = default;
    const CreatedSignature &operator=(CreatedSignature other)
    {
        swap(other);
--- a/lang/cpp/src/statusconsumerassuantransaction.h
+++ b/lang/cpp/src/statusconsumerassuantransaction.h
@ -24,7 +24,7 @@
 #ifndef __GPGMEPP_STATUSCONSUMERASSUANTRANSACTION_H__
 #define __GPGMEPP_STATUSCONSUMERASSUANTRANSACTION_H__

-#include <interfaces/assuantransaction.h>
+#include "interfaces/assuantransaction.h"

 namespace GpgME
 {
--- a/lang/cpp/src/swdbresult.h
+++ b/lang/cpp/src/swdbresult.h
@ -62,6 +62,7 @@ public:
                                         const char *iversion = NULL,
                                         Error *err = NULL);

+    SwdbResult(const SwdbResult &other) = default;
    const SwdbResult &operator=(SwdbResult other)
    {
        swap(other);
--- a/lang/cpp/src/tofuinfo.h
+++ b/lang/cpp/src/tofuinfo.h
@ -39,6 +39,7 @@ public:
    TofuInfo();
    explicit TofuInfo(gpgme_tofu_info_t info);

+    TofuInfo(const TofuInfo &other) = default;
    const TofuInfo &operator=(TofuInfo other)
    {
        swap(other);
--- a/lang/cpp/src/trustitem.h
+++ b/lang/cpp/src/trustitem.h
@ -27,7 +27,7 @@
 #define __GPGMEPP_TRUSTITEM_H__

 #include "gpgmefw.h"
-#include <key.h>
+#include "key.h"
 #include "gpgmepp_export.h"

 #include <algorithm>
--- a/lang/cpp/src/verificationresult.cpp
+++ b/lang/cpp/src/verificationresult.cpp
@ -544,32 +544,41 @@ std::ostream &GpgME::operator<<(std::ostream &os, const VerificationResult &resu

 std::ostream &GpgME::operator<<(std::ostream &os, Signature::PKAStatus pkaStatus)
 {
-#define OUTPUT( x ) if ( !(pkaStatus & (GpgME::Signature:: x)) ) {} else do { os << #x " "; } while(0)
    os << "GpgME::Signature::PKAStatus(";
-    OUTPUT(UnknownPKAStatus);
-    OUTPUT(PKAVerificationFailed);
-    OUTPUT(PKAVerificationSucceeded);
+    switch (pkaStatus) {
+#define OUTPUT( x ) case GpgME::Signature:: x: os << #x; break
+        OUTPUT(UnknownPKAStatus);
+        OUTPUT(PKAVerificationFailed);
+        OUTPUT(PKAVerificationSucceeded);
 #undef OUTPUT
+    default:
+        os << "??? (" << static_cast<int>(pkaStatus) << ')';
+        break;
+    }
    return os << ')';
 }

 std::ostream &GpgME::operator<<(std::ostream &os, Signature::Summary summary)
 {
-#define OUTPUT( x ) if ( !(summary & (GpgME::Signature:: x)) ) {} else do { os << #x " "; } while(0)
    os << "GpgME::Signature::Summary(";
-    OUTPUT(Valid);
-    OUTPUT(Green);
-    OUTPUT(Red);
-    OUTPUT(KeyRevoked);
-    OUTPUT(KeyExpired);
-    OUTPUT(SigExpired);
-    OUTPUT(KeyMissing);
-    OUTPUT(CrlMissing);
-    OUTPUT(CrlTooOld);
-    OUTPUT(BadPolicy);
-    OUTPUT(SysError);
-    OUTPUT(TofuConflict);
+    if (summary == Signature::None) {
+        os << "None";
+    } else {
+#define OUTPUT( x ) if ( !(summary & (GpgME::Signature:: x)) ) {} else do { os << #x " "; } while(0)
+        OUTPUT(Valid);
+        OUTPUT(Green);
+        OUTPUT(Red);
+        OUTPUT(KeyRevoked);
+        OUTPUT(KeyExpired);
+        OUTPUT(SigExpired);
+        OUTPUT(KeyMissing);
+        OUTPUT(CrlMissing);
+        OUTPUT(CrlTooOld);
+        OUTPUT(BadPolicy);
+        OUTPUT(SysError);
+        OUTPUT(TofuConflict);
 #undef OUTPUT
+    }
    return os << ')';
 }

@ -603,10 +612,14 @@ std::ostream &GpgME::operator<<(std::ostream &os, const Signature &sig)
 std::ostream &GpgME::operator<<(std::ostream &os, Notation::Flags flags)
 {
    os << "GpgME::Notation::Flags(";
+    if (flags == Notation::NoFlags) {
+        os << "NoFlags";
+    } else {
 #define OUTPUT( x ) if ( !(flags & (GpgME::Notation:: x)) ) {} else do { os << #x " "; } while(0)
-    OUTPUT(HumanReadable);
-    OUTPUT(Critical);
+        OUTPUT(HumanReadable);
+        OUTPUT(Critical);
 #undef OUTPUT
+    }
    return os << ')';
 }

--- a/lang/cpp/src/verificationresult.h
+++ b/lang/cpp/src/verificationresult.h
@ -52,6 +52,7 @@ public:
    VerificationResult(gpgme_ctx_t ctx, const Error &error);
    explicit VerificationResult(const Error &err);

+    VerificationResult(const VerificationResult &other) = default;
    const VerificationResult &operator=(VerificationResult other)
    {
        swap(other);
@ -90,6 +91,7 @@ public:

    Signature();

+    Signature(const Signature &other) = default;
    const Signature &operator=(Signature other)
    {
        swap(other);
--- a/lang/cpp/src/vfsmountresult.h
+++ b/lang/cpp/src/vfsmountresult.h
@ -45,6 +45,7 @@ public:
    VfsMountResult(gpgme_ctx_t ctx, const Error &error, const Error &opError);
    explicit VfsMountResult(const Error &err);

+    VfsMountResult(const VfsMountResult &other) = default;
    const VfsMountResult &operator=(VfsMountResult other)
    {
        swap(other);
--- a/lang/cpp/tests/run-getkey.cpp
+++ b/lang/cpp/tests/run-getkey.cpp
@ -150,7 +150,7 @@ main (int argc, char **argv)
    const GpgME::Key key = ctx->key (*argv, err, only_secret);
    std::stringstream ss;

-    ss << "Key " << key << " Err: " << err.asString() << "\n";
+    ss << "Key " << key << " Err: " << err.asStdString() << "\n";

    std::cout << ss.str();

--- a/lang/cpp/tests/run-keylist.cpp
+++ b/lang/cpp/tests/run-keylist.cpp
@ -153,14 +153,17 @@ main (int argc, char **argv)
    }
    Error err = ctx->startKeyListing (*argv, only_secret);
    if (err) {
-        std::cout << "Error: " << err.asString() << "\n";
+        std::cout << "Error: " << err.asStdString() << "\n";
        return -1;
    }
    GpgME::Key key;
    std::stringstream ss;
    do {
        key = ctx->nextKey(err);
-        ss << key << "\n\n";
+        if (!err)
+        {
+            ss << key << "\n\n";
+        }
    } while (!err && !key.isNull());

    std::cout << ss.str();
--- a/lang/cpp/tests/run-verify.cpp
+++ b/lang/cpp/tests/run-verify.cpp
@ -38,7 +38,6 @@
 #include "verificationresult.h"

 #include <memory>
-#include <sstream>
 #include <iostream>

 using namespace GpgME;
--- a/lang/cpp/tests/run-wkdlookup.cpp
+++ b/lang/cpp/tests/run-wkdlookup.cpp
@ -31,7 +31,6 @@
 #include "key.h"

 #include <memory>
-#include <sstream>
 #include <iostream>
 #include <thread>

@ -76,49 +75,52 @@ main (int argc, char **argv)
    Error err;
    auto ctx = std::unique_ptr<Context>{Context::createForEngine(AssuanEngine, &err)};
    if (!ctx) {
-        std::cerr << "Failed to get context (Error: " << err.asString() << ")\n";
+        std::cerr << "Failed to get context (Error: " << err.asStdString() << ")\n";
        return -1;
    }

    const std::string dirmngrSocket = GpgME::dirInfo("dirmngr-socket");
    if ((err = ctx->setEngineFileName(dirmngrSocket.c_str()))) {
-        std::cerr << "Failed to set engine file name (Error: " << err.asString() << ")\n";
+        std::cerr << "Failed to set engine file name (Error: " << err.asStdString() << ")\n";
        return -1;
    }
    if ((err = ctx->setEngineHomeDirectory(""))) {
-        std::cerr << "Failed to set engine home directory (Error: " << err.asString() << ")\n";
+        std::cerr << "Failed to set engine home directory (Error: " << err.asStdString() << ")\n";
        return -1;
    }

-    // try do connect to dirmngr
+    // try to connect to dirmngr
    err = ctx->assuanTransact("GETINFO version");
    if (err && err.code() != GPG_ERR_ASS_CONNECT_FAILED) {
-        std::cerr << "Failed to start assuan transaction (Error: " << err.asString() << ")\n";
+        std::cerr << "Failed to start assuan transaction (Error: " << err.asStdString() << ")\n";
        return -1;
    }
    if (err.code() == GPG_ERR_ASS_CONNECT_FAILED) {
        std::cerr << "Starting dirmngr ...\n";
        auto spawnCtx = std::unique_ptr<Context>{Context::createForEngine(SpawnEngine, &err)};
        if (!spawnCtx) {
-            std::cerr << "Failed to get context for spawn engine (Error: " << err.asString() << ")\n";
+            std::cerr << "Failed to get context for spawn engine (Error: " << err.asStdString() << ")\n";
            return -1;
        }

-        const auto dirmngrProgram = GpgME::dirInfo("dirmngr-name");
-        const auto homedir = GpgME::dirInfo("homedir");
+        const auto gpgconfProgram = GpgME::dirInfo("gpgconf-name");
+        // replace backslashes with forward slashes in homedir to work around bug T6833
+        std::string homedir{GpgME::dirInfo("homedir")};
+        std::replace(homedir.begin(), homedir.end(), '\\', '/');
        const char *argv[] = {
-            dirmngrProgram,
+            gpgconfProgram,
            "--homedir",
-            homedir,
-            "--daemon",
+            homedir.c_str(),
+            "--launch",
+            "dirmngr",
            NULL
        };
        auto ignoreIO = Data{Data::null};
-        err = spawnCtx->spawnAsync(dirmngrProgram, argv,
-                                   ignoreIO, ignoreIO, ignoreIO,
-                                   Context::SpawnDetached);
+        err = spawnCtx->spawn(gpgconfProgram, argv,
+                              ignoreIO, ignoreIO, ignoreIO,
+                              Context::SpawnDetached);
        if (err) {
-            std::cerr << "Failed to start dirmngr (Error: " << err.asString() << ")\n";
+            std::cerr << "Failed to start dirmngr (Error: " << err.asStdString() << ")\n";
            return -1;
        }

@ -135,7 +137,7 @@ main (int argc, char **argv)
    const auto cmd = std::string{"WKD_GET "} + email;
    err = ctx->assuanTransact(cmd.c_str());
    if (err && err.code() != GPG_ERR_NO_NAME && err.code() != GPG_ERR_NO_DATA) {
-        std::cerr << "Error: WKD_GET returned " << err.asString() << "\n";
+        std::cerr << "Error: WKD_GET returned " << err.asStdString() << "\n";
        return -1;
    }

--- a/lang/python/Makefile.am
+++ b/lang/python/Makefile.am
@ -23,7 +23,13 @@ EXTRA_DIST = \
 	gpgme.i \
 	helpers.c helpers.h private.h

-SUBDIRS = . tests examples doc src
+if RUN_GPG_TESTS
+tests = tests
+else
+tests =
+endif
+
+SUBDIRS = . ${tests} examples doc src

 .PHONY: prepare
 prepare: copystamp
@ -74,7 +80,7 @@ CLEANFILES = copystamp \
 # 'make distclean' clears the write bit, breaking rm -rf.  Fix the
 # permissions.
 clean-local:
-	rm -rf -- build
+	rm -rf -- build dist gpg.egg-info
 	for PYTHON in $(PYTHONS); do \
 	  find "$$(basename "$${PYTHON}")-gpg" -type d ! -perm -200 -exec chmod u+w {} ';' ; \
 	  rm -rf -- "$$(basename "$${PYTHON}")-gpg" ; \
@ -95,8 +101,12 @@ install-exec-local:
 	done

 uninstall-local:
-	set -x; GV=$$(echo $(VERSION) | tr - _); for PYTHON in $(PYTHONS); do \
+	set -x; \
+	GV=$$(echo $(VERSION) | tr - _); \
+	normalizedGV=$$(echo $$GV | sed s/_beta/b/); \
+	for PYTHON in $(PYTHONS); do \
 	  PLATLIB="$(prefix)/$$("$${PYTHON}" -c 'import sysconfig, os; print(os.path.relpath(sysconfig.get_path("platlib", scheme="posix_prefix"), sysconfig.get_config_var("prefix")))')" ; \
 	  rm -rf -- "$(DESTDIR)$${PLATLIB}/gpg" \
-		"$(DESTDIR)$${PLATLIB}"/gpg-$$GV-py*.egg-info ; \
+		"$(DESTDIR)$${PLATLIB}"/gpg-$$GV-py*.egg-info \
+		"$(DESTDIR)$${PLATLIB}"/gpg-$$normalizedGV-py*.egg ; \
 	done
--- a/lang/python/doc/src/gpgme-python-howto.org
+++ b/lang/python/doc/src/gpgme-python-howto.org
@ -1612,6 +1612,7 @@ of the entire public keybox.

 #+BEGIN_SRC python -i
 import gpg
+import os
 import os.path
 import sys

@ -1619,6 +1620,9 @@ print("""
 This script exports one or more public keys in minimised form.
 """)

+def open_0o600(path, flags):
+    return os.open(path, flags, mode=0o600)
+
 c = gpg.Context(armor=True)

 if len(sys.argv) >= 4:
@ -1654,7 +1658,7 @@ except:
    result = c.key_export_minimal(pattern=None)

 if result is not None:
-    with open(keyfile, "wb") as f:
+    with open(keyfile, "wb", opener=open_0o600) as f:
        f.write(result)
 else:
    pass
@ -1686,6 +1690,9 @@ This script exports one or more secret keys.
 The gpg-agent and pinentry are invoked to authorise the export.
 """)

+def open_0o600(path, flags):
+    return os.open(path, flags, mode=0o600)
+
 c = gpg.Context(armor=True)

 if len(sys.argv) >= 4:
@ -1735,9 +1742,8 @@ except:
    result = c.key_export_secret(pattern=None)

 if result is not None:
-    with open(keyfile, "wb") as f:
+    with open(keyfile, "wb", opener=open_0o600)) as f:
        f.write(result)
-    os.chmod(keyfile, 0o600)
 else:
    pass
 #+END_SRC
@ -2939,7 +2945,7 @@ Save that into a file called =keycount.pyx= and then create a
 =setup.py= file which contains this:

 #+BEGIN_SRC python -i
-from distutils.core import setup
+from setuptools import setup
 from Cython.Build import cythonize

 setup(
@ -3124,7 +3130,7 @@ minimum required version of GPGME is in use.

 For the most part the =gpg.version.versionstr= and
 =gpg.version.versionlist= methods have been quite sufficient.  The
-former returns the same string as =gpgme-config --version=, while the
+former returns the same string as =pkg-config gpgme --modversion=, while the
 latter returns the major, minor and patch values in a list.

 To check if the installed bindings have actually been built against
@ -3135,7 +3141,7 @@ import gpg
 import subprocess
 import sys

-gpgme_version_call = subprocess.Popen(["gpgme-config", "--version"],
+gpgme_version_call = subprocess.Popen(["pkg-config", "gpgme", "--modversion"],
                                      stdout=subprocess.PIPE,
                                      stderr=subprocess.PIPE)
 gpgme_version_str = gpgme_version_call.communicate()
--- a/lang/python/doc/texinfo/texinfo.tex
+++ b/lang/python/doc/texinfo/texinfo.tex
@ -498,7 +498,7 @@
 % \def\foo{\parsearg\Xfoo}
 % \def\Xfoo#1{...}
 %
-% Actually, I use \csname\string\foo\endcsname, ie. \\foo, as it is my
+% Actually, I use \csname\string\foo\endcsname, i.e. \\foo, as it is my
 % favourite TeX trick.  --kasal, 16nov03

 \def\parseargdef#1{%
--- a/lang/python/examples/howto/add-userid.py
+++ b/lang/python/examples/howto/add-userid.py
@ -21,7 +21,7 @@ from __future__ import absolute_import, division, unicode_literals
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 import gpg
--- a/lang/python/examples/howto/advanced/cython/setup.py
+++ b/lang/python/examples/howto/advanced/cython/setup.py
@ -1,4 +1,4 @@
-from distutils.core import setup
+from setuptools import setup
 from Cython.Build import cythonize

 setup(
--- a/lang/python/examples/howto/clear-sign-file.py
+++ b/lang/python/examples/howto/clear-sign-file.py
@ -21,7 +21,7 @@ from __future__ import absolute_import, division, unicode_literals
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 import gpg
--- a/lang/python/examples/howto/create-key.py
+++ b/lang/python/examples/howto/create-key.py
@ -21,7 +21,7 @@ from __future__ import absolute_import, division, unicode_literals
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 import gpg
--- a/lang/python/examples/howto/decrypt-file.py
+++ b/lang/python/examples/howto/decrypt-file.py
@ -21,7 +21,7 @@ from __future__ import absolute_import, division, unicode_literals
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 import gpg
--- a/lang/python/examples/howto/detach-sign-file.py
+++ b/lang/python/examples/howto/detach-sign-file.py
@ -21,7 +21,7 @@ from __future__ import absolute_import, division, unicode_literals
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 import gpg
--- a/lang/python/examples/howto/encrypt-file.py
+++ b/lang/python/examples/howto/encrypt-file.py
@ -24,7 +24,7 @@ import sys
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 """
--- a/lang/python/examples/howto/encrypt-sign-file.py
+++ b/lang/python/examples/howto/encrypt-sign-file.py
@ -24,7 +24,7 @@ import sys
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 """
--- a/lang/python/examples/howto/encrypt-to-group-gullible.py
+++ b/lang/python/examples/howto/encrypt-to-group-gullible.py
@ -25,7 +25,7 @@ from groups import group_lists
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 """
--- a/lang/python/examples/howto/encrypt-to-group-trustno1.py
+++ b/lang/python/examples/howto/encrypt-to-group-trustno1.py
@ -25,7 +25,7 @@ from groups import group_lists
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 """
--- a/lang/python/examples/howto/encrypt-to-group.py
+++ b/lang/python/examples/howto/encrypt-to-group.py
@ -25,7 +25,7 @@ from groups import group_lists
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 """
--- a/lang/python/examples/howto/export-key.py
+++ b/lang/python/examples/howto/export-key.py
@ -25,7 +25,7 @@ import sys
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 print("""
--- a/lang/python/examples/howto/export-minimised-key.py
+++ b/lang/python/examples/howto/export-minimised-key.py
@ -25,7 +25,7 @@ import sys
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 print("""
--- a/lang/python/examples/howto/export-secret-key.py
+++ b/lang/python/examples/howto/export-secret-key.py
@ -26,7 +26,7 @@ import sys
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 print("""
@ -35,6 +35,9 @@ This script exports one or more secret keys.
 The gpg-agent and pinentry are invoked to authorise the export.
 """)

+def open_0o600(path, flags):
+    return os.open(path, flags, mode=0o600)
+
 c = gpg.Context(armor=True)

 if len(sys.argv) >= 4:
@ -84,8 +87,7 @@ except:
    result = c.key_export_secret(pattern=None)

 if result is not None:
-    with open(keyfile, "wb") as f:
+    with open(keyfile, "wb", opener=open_0o600) as f:
        f.write(result)
-    os.chmod(keyfile, 0o600)
 else:
    pass
--- a/lang/python/examples/howto/export-secret-keys.py
+++ b/lang/python/examples/howto/export-secret-keys.py
@ -27,7 +27,7 @@ import sys
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 print("""
@ -37,6 +37,9 @@ file formats, saved in files within the user's GPG home directory.
 The gpg-agent and pinentry are invoked to authorise the export.
 """)

+def open_0o600(path, flags):
+    return os.open(path, flags, mode=0o600)
+
 if sys.platform == "win32":
    gpgconfcmd = "gpgconf.exe --list-dirs homedir"
 else:
@ -119,15 +122,13 @@ except:
    b_result = b.key_export_secret(pattern=None)

 if a_result is not None:
-    with open(ascfile, "wb") as f:
+    with open(ascfile, "wb", opener=open_0o600) as f:
        f.write(a_result)
-    os.chmod(ascfile, 0o600)
 else:
    pass

 if b_result is not None:
-    with open(gpgfile, "wb") as f:
+    with open(gpgfile, "wb", opener=open_0o600) as f:
        f.write(b_result)
-    os.chmod(gpgfile, 0o600)
 else:
    pass
--- a/lang/python/examples/howto/groups.py
+++ b/lang/python/examples/howto/groups.py
@ -20,7 +20,7 @@ from __future__ import absolute_import, division, unicode_literals
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 import subprocess
--- a/lang/python/examples/howto/import-key.py
+++ b/lang/python/examples/howto/import-key.py
@ -27,7 +27,7 @@ del absolute_import, division, unicode_literals
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 print("""
--- a/lang/python/examples/howto/import-keybasekey.py
+++ b/lang/python/examples/howto/import-keybasekey.py
@ -25,7 +25,7 @@ import sys
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 print("""
--- a/lang/python/examples/howto/import-keys-hkp.py
+++ b/lang/python/examples/howto/import-keys-hkp.py
@ -25,7 +25,7 @@ import sys
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 print("""
--- a/lang/python/examples/howto/import-keys.py
+++ b/lang/python/examples/howto/import-keys.py
@ -25,7 +25,7 @@ import requests
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 print("""
--- a/lang/python/examples/howto/import-mailvelope-keys.py
+++ b/lang/python/examples/howto/import-mailvelope-keys.py
@ -25,7 +25,7 @@ import sys
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 print("""
--- a/lang/python/examples/howto/keycount.py
+++ b/lang/python/examples/howto/keycount.py
@ -21,7 +21,7 @@ from __future__ import absolute_import, division, unicode_literals
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 import gpg
--- a/lang/python/examples/howto/local-sign-group.py
+++ b/lang/python/examples/howto/local-sign-group.py
@ -28,7 +28,7 @@ from groups import group_lists
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 print("""
--- a/lang/python/examples/howto/mutt-groups.py
+++ b/lang/python/examples/howto/mutt-groups.py
@ -21,7 +21,7 @@ from __future__ import absolute_import, division, unicode_literals
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 import sys
--- a/lang/python/examples/howto/pmkey-import-alt.py
+++ b/lang/python/examples/howto/pmkey-import-alt.py
@ -28,7 +28,7 @@ del absolute_import, division, unicode_literals
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 print("""
--- a/lang/python/examples/howto/pmkey-import-hkp-alt.py
+++ b/lang/python/examples/howto/pmkey-import-hkp-alt.py
@ -28,7 +28,7 @@ del absolute_import, division, unicode_literals
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 print("""
--- a/lang/python/examples/howto/pmkey-import-hkp.py
+++ b/lang/python/examples/howto/pmkey-import-hkp.py
@ -28,7 +28,7 @@ del absolute_import, division, unicode_literals
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 print("""
--- a/Show More
+++ b/Show More