build,qt: Fix include path in CMake files

* lang/qt/src/Makefile.am (QGpgmeConfig.cmake, QGpgmeQt6Config.cmake): Use new variables includeprefix{5,6} instead of replaced variable includeprefix. -- GnuPG-bug-id: 7205
build,qt: Don't put generated camel-case headers in tarball
2024-07-22 10:32:00 +02:00 · 2024-07-18 16:16:33 +02:00 · 2024-07-18 15:51:44 +02:00 · 2024-07-18 14:42:30 +02:00 · 2024-07-18 14:41:52 +02:00 · 2024-07-18 14:41:32 +02:00
354 changed files with 10499 additions and 3069 deletions
--- a/4
+++ b/4
@ -22,7 +22,7 @@ List of Copyright holders

  Copyright (C) 1991-2013 Free Software Foundation, Inc.
  Copyright (C) 2000-2001 Werner Koch
-  Copyright (C) 2001-2021 g10 Code GmbH
+  Copyright (C) 2001-2023 g10 Code GmbH
  Copyright (C) 2002 Klarälvdalens Datakonsult AB
  Copyright (C) 2004-2008 Igor Belyi
  Copyright (C) 2002 John Goerzen
@ -43,7 +43,7 @@ FSF <gnu@gnu.org>
   src/stpcpy.c, src/w32-ce.c.

 g10 Code GmbH <code@g10code.com>
- - All stuff since mid march 2001.
+ - All stuff since mid March 2001.

 Werner Koch <wk@gnupg.org>
 - Design and most stuff.
--- a/Makefile.am
+++ b/Makefile.am
@ -36,8 +36,11 @@ DISTCHECK_CONFIGURE_FLAGS =

 EXTRA_DIST = autogen.sh autogen.rc gpgme.spec.in  \
             ChangeLog-2011 m4/ChangeLog-2011     \
+             build-aux/libtool-patch.sed          \
             conf/whatisthis VERSION LICENSES

+# This artificial line is to put a dependency to conf/config.h for 'all'
+BUILT_SOURCES = conf/config.h

 if RUN_GPG_TESTS
 tests = tests
--- a/324
+++ b/324
@ -1,6 +1,304 @@
-Noteworthy changes in version 1.18.1 (unreleased)
+Noteworthy changes in version 1.24.0 (unrelease)
 -------------------------------------------------

+ * Extended gpgme_op_decrypt* and gpgme_op_verify* to allow writing the
+   output directly to a file.  [T6550]
+
+ * Extended gpgme_op_encrypt*, gpgme_op_encrypt_sign*, and gpgme_op_sign*
+   to allow reading the input data directly from a file.  [T6550]
+
+ * Add information about designated revocation keys.  [T7118]
+
+ * New context flag "import-options".  [T7152]
+
+ * cpp: Provide information about designated revocation keys for a Key.
+   [T7118]
+
+ * cpp: Add safer member function returning text describing an error.
+   [T5960]
+
+ * qt: Build QGpgME for Qt 5 and Qt 6 simultaneously.  [T7205]
+
+ * qt: Install headers for Qt 5 and Qt 6 in separate folders.  [T7161]
+
+ * qt: Allow reading the data to decrypt/encrypt/sign/verify directly from
+   files.  [T6550]
+
+ * qt: Allow writing the decrypted/encrypted/signed/verified data directly
+   to files.  [T6550]
+
+ * qt: Allow specifying import options when importing keys.  [T7152]
+
+ * qt: Allow appending a detached signature to an existing file.  [T6867]
+
+ * Interface changes relative to the 1.23.2 release:
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ GPGME_ENCRYPT_FILE                      NEW.
+ GPGME_SIG_MODE_FILE                     NEW.
+ gpgme_key_t                             EXTENDED: New field 'revkeys'.
+ gpgme_revocation_key_t                  NEW.
+ gpgme_set_ctx_flag                      EXTENDED: New flag 'import-options'.
+ cpp: Context::EncryptFile               NEW.
+ cpp: SignatureMode::SignFile            NEW.
+ cpp: RevocationKey                      NEW.
+ cpp: Key::revocationKey                 NEW.
+ cpp: Key::numRevocationKeys             NEW.
+ cpp: Key::revocationKeys                NEW.
+ cpp: Error::asStdString                 NEW.
+ cpp: Error::asString                    DEPRECATED.
+ qt: DecryptVerifyJob::setInputFile      NEW.
+ qt: DecryptVerifyJob::inputFile         NEW.
+ qt: DecryptVerifyJob::setOutputFile     NEW.
+ qt: DecryptVerifyJob::outputFile        NEW.
+ qt: EncryptJob::setRecipients           NEW.
+ qt: EncryptJob::recipients              NEW.
+ qt: EncryptJob::setInputFile            NEW.
+ qt: EncryptJob::inputFile               NEW.
+ qt: EncryptJob::setOutputFile           NEW.
+ qt: EncryptJob::outputFile              NEW.
+ qt: EncryptJob::setEncryptionFlags      NEW.
+ qt: EncryptJob::encryptionFlags         NEW.
+ qt: SignEncryptJob::setSigners          NEW.
+ qt: SignEncryptJob::signers             NEW.
+ qt: SignEncryptJob::setRecipients       NEW.
+ qt: SignEncryptJob::recipients          NEW.
+ qt: SignEncryptJob::setInputFile        NEW.
+ qt: SignEncryptJob::inputFile           NEW.
+ qt: SignEncryptJob::setOutputFile       NEW.
+ qt: SignEncryptJob::outputFile          NEW.
+ qt: SignEncryptJob::setEncryptionFlags  NEW.
+ qt: SignEncryptJob::encryptionFlags     NEW.
+ qt: SignJob::setSigners                 NEW.
+ qt: SignJob::signers                    NEW.
+ qt: SignJob::setInputFile               NEW.
+ qt: SignJob::inputFile                  NEW.
+ qt: SignJob::setOutputFile              NEW.
+ qt: SignJob::outputFile                 NEW.
+ qt: SignJob::setSigningFlags            NEW.
+ qt: SignJob::signingFlags               NEW.
+ qt: SignJob::setAppendSignature         NEW.
+ qt: SignJob::appendSignatureEnabled     NEW.
+ qt: VerifyDetachedJob::setSignatureFile NEW.
+ qt: VerifyDetachedJob::signatureFile    NEW.
+ qt: VerifyDetachedJob::setSignedFile    NEW.
+ qt: VerifyDetachedJob::signedFile       NEW.
+ qt: VerifyOpaqueJob::setInputFile       NEW.
+ qt: VerifyOpaqueJob::inputFile          NEW.
+ qt: VerifyOpaqueJob::setOutputFile      NEW.
+ qt: VerifyOpaqueJob::outputFile         NEW.
+ qt: ImportJob::setImportOptions         NEW.
+ qt: ImportJob::importOptions            NEW.
+
+
+Noteworthy changes in version 1.23.2 (2023-11-28)
+-------------------------------------------------
+
+ * Preserve more specific existing failure code.  [T6575]
+
+ * qt: Start dirmngr with gpgconf to avoid multiple instances. [T6833]
+
+ * qt: On Windows, use UTF-8 when logging the error text.  [T5960]
+
+ * qt: Remove left-over partial files more persistently.  [T6584]
+
+ * qt: Use a temporary file name when creating signed or encrypted
+   archives. [T6721]
+
+ * qt: Build Qt 6 bindings with -fPIC if requested or Qt 6 was built with
+   this flag. [T6781]
+
+ Notes:
+ ~~~~~~
+ qt: DefaultKeyGenerationJob     DEPRECATED.
+
+ [c=C43/A32/R1 cpp=C26/A20/R1 qt=C20/A5/R1]
+
+ Release-info: https://dev.gnupg.org/T6782
+
+
+Noteworthy changes in version 1.23.1 (2023-10-27)
+-------------------------------------------------
+
+ * w32: Change gpgme-w32-spawn to use Unicode arguments.  [T6728]
+
+ [c=C43/A32/R0 cpp=C26/A20/R0 qt=C20/A5/R0]
+
+ Release-info: https://dev.gnupg.org/T6774
+
+
+Noteworthy changes in version 1.23.0 (2023-10-25)
+-------------------------------------------------
+
+ * Support GPGME_ENCRYPT_ALWAYS_TRUST also for S/MIME.  [T6559]
+
+ * New keylist mode GPGME_KEYLIST_MODE_WITH_V5FPR.  [T6705]
+
+ * New key capability flags has_*.  [T6748]
+
+ * gpgme-tool: Support use of Windows HANDLE.  [T6634]
+
+ * qt: Support refreshing keys via WKD.  [T6672]
+
+ * qt: Handle cancel in changeexpiryjob.  [T6754]
+
+ * Interface changes relative to the 1.22.0 release:
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ GPGME_KEYLIST_MODE_WITH_V5FPR   NEW.
+ gpgme_key_t                     EXTENDED: New field has_encrypt.
+ gpgme_key_t                     EXTENDED: New field has_sign.
+ gpgme_key_t                     EXTENDED: New field has_certify.
+ gpgme_key_t                     EXTENDED: New field has_authenticate.
+ cpp: Key::canCertify            NEW.
+ cpp: Key::canSign               NEW.
+ cpp: Key::canEncrypt            NEW.
+ cpp: Key::canAuthenticate       NEW.
+ qt: Protocol::wkdRefreshJob     NEW.
+ qt: WKDRefreshJob               NEW.
+
+ [c=C43/A32/R0 cpp=C26/A20/R0 qt=C20/A5/R0]
+
+ Release-info: https://dev.gnupg.org/T6774
+
+
+Noteworthy changes in version 1.22.0 (2023-08-21)
+-------------------------------------------------
+
+ * Prevent wrong plaintext when verifying clearsigned signature.  [T6622]
+
+ * Return bad data error instead of general error on unexpected data.
+   [T6617]
+
+ * Take care of offline mode for all operations of gpgsm engine.
+   [T6648]
+
+ * Prepare the use of the forthcoming libassuan version 3.
+
+ * New configure option --with-libtool-modification.  [T6619]
+
+ * cpp: Expose gpgme_decrypt_result_t.is_mime.  [T6199]
+
+ * qt: Clean up after failure or cancel of sign/encrypt archive
+   operation.  [T6584]
+
+ * qt: Add setInputEncoding to QGpgMe::EncryptJob.  [T6166]
+
+ * qt: Make toLogString helper public.  [T6584]
+
+ * Interface changes relative to the 1.21.0 release:
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ qt: EncryptJob::setInputEncoding           NEW.
+ qt: DecryptionResult::isMime               NEW.
+ qt: toLogString                            NEW.
+
+ [c=C42/A31/R0 cpp=C25/A19/R0 qt=C19/A4/R0]
+
+ Release-info: https://dev.gnupg.org/T6668
+
+
+Noteworthy changes in version 1.21.0 (2023-07-07)
+-------------------------------------------------
+
+ * Extended gpgme_op_encrypt, gpgme_op_encrypt_sign, and gpgme_op_sign
+   to allow writing the output directly to a file.  [T6530]
+
+ * Extended gpgme_op_decrypt and gpgme_op_verify to allow reading the
+   input data directly from files.  [T6530]
+
+ * For key signing and uid revoking allow an empty user id.
+   [rMfbc3963d62]
+
+ * Pass an input-size-hint also to the gpgsm engine.  [T6534]
+
+ * qt: Allow writing the created archives directly to a
+   file.  [T6530]
+
+ * qt: Allow reading the signed/encrypted archive to decrypt
+   or verify directly from a file.  [T6530]
+
+ * qt: Qt Jobs working with QIODeviceDataProvider now properly
+   handle input-size hints and progress for files larger.
+   2^32 bytes in 32 bit builds.  [T6534]
+
+ * cpp: Error::isCanceled now also returns true for error code
+   GPG_ERR_FULLY_CANCELED.  [T6510]
+
+ * python: Fix wrong use of write.  [T6501]
+
+ * Interface changes relative to the 1.20.0 release:
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ cpp: Data::setFlag                         NEW.
+ cpp: Data::setSizeHint                     NEW.
+ qt: Job::startIt                           NEW.
+ qt: DecryptVerifyArchiveJob::setInputFile  NEW.
+ qt: DecryptVerifyArchiveJob::inputFile     NEW.
+ qt: EncryptArchiveJob::setRecipients       NEW.
+ qt: EncryptArchiveJob::recipients          NEW.
+ qt: EncryptArchiveJob::setInputPaths       NEW.
+ qt: EncryptArchiveJob::inputPaths          NEW.
+ qt: EncryptArchiveJob::setOutputFile       NEW.
+ qt: EncryptArchiveJob::outputFile          NEW.
+ qt: EncryptArchiveJob::setEncryptionFlags  NEW.
+ qt: EncryptArchiveJob::encryptionFlags     NEW.
+ qt: SignArchiveJob::setSigners             NEW.
+ qt: SignArchiveJob::signers                NEW.
+ qt: SignArchiveJob::setInputPaths          NEW.
+ qt: SignArchiveJob::inputPaths             NEW.
+ qt: SignArchiveJob::setOutputFile          NEW.
+ qt: SignArchiveJob::outputFile             NEW.
+ qt: SignEncryptArchiveJob::setSigners      NEW.
+ qt: SignEncryptArchiveJob::signers         NEW.
+ qt: SignEncryptArchiveJob::setRecipients   NEW.
+ qt: SignEncryptArchiveJob::recipients      NEW.
+ qt: SignEncryptArchiveJob::setInputPaths   NEW.
+ qt: SignEncryptArchiveJob::inputPaths      NEW.
+ qt: SignEncryptArchiveJob::setOutputFile   NEW.
+ qt: SignEncryptArchiveJob::outputFile      NEW.
+ qt: SignEncryptArchiveJob::setEncryptionFlags NEW.
+ qt: SignEncryptArchiveJob::encryptionFlags NEW.
+
+ [c=C41/A30/R0 cpp=C24/A18/R0 qt=C18/A3/R0]
+
+ Release-info: https://dev.gnupg.org/T6585
+
+
+Noteworthy changes in version 1.20.0 (2023-04-20)
+-------------------------------------------------
+
+ * On Windows, the gettext functions provided by gpgrt are switched
+   into utf8 mode, so that all localized texts returned by GpgME or
+   gpgrt, e.g. the texts for error codes are now UTF-8 encoded.
+   [T5960]
+
+ * Key::canSign now returns false for OpenPGP keys without signing
+   (sub)key.  [T6456]
+
+ * The new macOS Homebrew location is now by default supported.
+   [T6440]
+
+ * Fix regression in 1.19.0.  [rMb608c084b9]
+
+ * Fix invocation of gpgtar on Windows.  [rM0c29119e06]
+
+ * Interface changes relative to the 1.19.0 release:
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ gpgme_subkey_t              EXTENDED: New field 'can_renc'.
+ gpgme_subkey_t              EXTENDED: New field 'can_timestamp'.
+ gpgme_subkey_t              EXTENDED: New field 'is_group_owned'.
+ cpp: Subkey::canRenc                       NEW.
+ cpp: Subkey::canTimestamp                  NEW.
+ cpp: Subkey::isGroupOwned                  NEW.
+ cpp: Key::canReallySign                    DEPRECATED.
+
+ [c=C40/A29/R0 cpp=C23/A17/R0 qt=C17/A2/R1]
+
+ Release-info: https://dev.gnupg.org/T6463
+
+
+Noteworthy changes in version 1.19.0 (2023-03-17)
+-------------------------------------------------
+
+ * New convenience option --identify for gpgme-json.
+
 * New context flag "no-auto-check-trustdb".  [T6261]

 * Optionally, build QGpgME for Qt 6
@ -16,6 +314,9 @@ Noteworthy changes in version 1.18.1 (unreleased)

 * cpp: Handle error when trying to sign expired keys.  [T6155]

+ * cpp: Support encryption flags ThrowKeyIds, EncryptWrap, and WantAddress.
+   [T6359]
+
 * cpp, qt: Fix building with C++11.  [T6141]

 * qt: Fix problem with expiration dates after 2038-01-19 on 32-bit systems
@ -29,7 +330,7 @@ Noteworthy changes in version 1.18.1 (unreleased)

 * qt: Allow deferred start of import jobs.  [T6323]

- * qt: Support creating encrypted archives.  [T6342]
+ * qt: Support creating and extracting signed and encrypted archives.  [T6342]

 * Interface changes relative to the 1.18.0 release:
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@ -44,6 +345,10 @@ Noteworthy changes in version 1.18.1 (unreleased)
 gpgme_op_verify_ext                        NEW.
 cpp: GpgGenCardKeyInteractor::Curve        NEW.
 cpp: GpgGenCardKeyInteractor::setCurve     NEW.
+ cpp: Context::WantAddress                  NEW.
+ cpp: Context::DecryptArchive               NEW.
+ cpp: Context::EncryptArchive               NEW.
+ cpp: SignArchive                           NEW.
 cpp: Data::setFileName            EXTENDED: New overload
 qt: ListAllKeysJob::Option                 NEW.
 qt: ListAllKeysJob::Options                NEW.
@ -52,8 +357,21 @@ Noteworthy changes in version 1.18.1 (unreleased)
 qt: Job::startNow                          NEW.
 qt: ImportJob::startLater                  NEW.
 qt: FileListDataProvider                   NEW.
+ qt: DecryptVerifyArchiveJob                NEW.
 qt: EncryptArchiveJob                      NEW.
+ qt: SignArchiveJob                         NEW.
+ qt: SignEncryptArchiveJob                  NEW.
+ qt: Protocol::decryptVerifyArchiveJob      NEW.
 qt: Protocol::encryptArchiveJob            NEW.
+ qt: Protocol::signArchiveJob               NEW.
+ qt: Protocol::signEncryptArchiveJob        NEW.
+ qt: Job::jobProgress                       NEW.
+ qt: Job::rawProgress                       NEW.
+ qt: Job::progress                          DEPRECATED.
+
+ [c=C39/A28/R0 cpp=C22/A16/R0 qt=C17/A2/R0]
+
+ Release-info: https://dev.gnupg.org/T6341


 Noteworthy changes in version 1.18.0 (2022-08-10)
@ -425,7 +743,7 @@ Noteworthy changes in version 1.13.0 (2019-03-26)

 * Several fixes to the Common Lisp bindings.

- * Fixed minor bugs in gpgme-json.  [#4331,#4341,#4342,#4343
+ * Fixed minor bugs in gpgme-json.  [#4331,#4341,#4342,#4343]

 * Require trace level 8 to dump all I/O data.

--- a/8
+++ b/8
@ -1,7 +1,7 @@
                       GPGME - GnuPG Made Easy
                     ---------------------------

-Copyright 2001-2021 g10 Code GmbH
+Copyright 2001-2023 g10 Code GmbH

 This file is free software; as a special exception the author gives
 unlimited permission to copy and/or distribute it, with or without
@ -41,11 +41,11 @@ See the file INSTALL for generic installation instructions.
 Check that you have unmodified sources.  See below on how to do this.
 Don't skip it - this is an important step!

-To build GPGME, you need to install libgpg-error (>= 1.24) and
+To build GPGME, you need to install libgpg-error (>= 1.36) and
 Libassuan (>= 2.4.2).

-For support of the OpenPGP and the CMS protocols, you should use the
-latest version of GnuPG (>= 2.1.18) , available at:
+For support of the OpenPGP and the CMS protocols, you should use at
+least GnuPG version 2.2.41 or 2.4.3, available at:
 https://gnupg.org/ftp/gcrypt/gnupg/.

 For building the Git version of GPGME please see the file README.GIT
--- a/autogen.rc
+++ b/autogen.rc
@ -11,4 +11,4 @@ case "$myhost" in
 esac


-final_info="./configure --enable-maintainer-mode && make"
+final_info="mkdir build && cd build && ../configure --enable-maintainer-mode && make"
--- a/autogen.sh
+++ b/autogen.sh
@ -1,6 +1,6 @@
 #! /bin/sh
 # autogen.sh
-# Copyright (C) 2003, 2014, 2017, 2018 g10 Code GmbH
+# Copyright (C) 2003, 2014, 2017, 2018, 2022 g10 Code GmbH
 #
 # This file is free software; as a special exception the author gives
 # unlimited permission to copy and/or distribute it, with or without
@ -15,7 +15,7 @@
 # configure it for the respective package.  It is maintained as part of
 # GnuPG and source copied by other packages.
 #
-# Version: 2018-07-10
+# Version: 2023-03-15

 configure_ac="configure.ac"

@ -137,8 +137,6 @@ extraoptions=
 # List of optional variables sourced from autogen.rc and ~/.gnupg-autogen.rc
 w32_toolprefixes=
 w32_extraoptions=
-w32ce_toolprefixes=
-w32ce_extraoptions=
 w64_toolprefixes=
 w64_extraoptions=
 amd64_toolprefixes=
@ -146,7 +144,6 @@ amd64_toolprefixes=
 # What follows are variables which are sourced but default to
 # environment variables or lacking them hardcoded values.
 #w32root=
-#w32ce_root=
 #w64root=
 #amd64root=

@ -167,11 +164,6 @@ case "$1" in
        myhost="w32"
        shift
        ;;
-    --build-w32ce)
-        myhost="w32"
-        myhostsub="ce"
-        shift
-        ;;
    --build-w64)
        myhost="w32"
        myhostsub="64"
@ -203,7 +195,7 @@ if [ "$myhost" = "git-build" ]; then
    die_p
    make || fatal "error running make"
    die_p
-    make check || fatal "error running male check"
+    make check || fatal "error running make check"
    die_p
    exit 0
 fi
@ -241,10 +233,12 @@ if [ "$myhost" = "find-version" ]; then
    if [ -z "$micro" ]; then
      matchstr1="$package-$major.[0-9]*"
      matchstr2="$package-$major-base"
+      matchstr3=""
      vers="$major.$minor"
    else
      matchstr1="$package-$major.$minor.[0-9]*"
-      matchstr2="$package-$major.$minor-base"
+      matchstr2="$package-$major.[0-9]*-base"
+      matchstr3="$package-$major-base"
      vers="$major.$minor.$micro"
    fi

@ -252,13 +246,22 @@ if [ "$myhost" = "find-version" ]; then
    if [ -e .git ]; then
      ingit=yes
      tmp=$(git describe --match "${matchstr1}" --long 2>/dev/null)
-      tmp=$(echo "$tmp" | sed s/^"$package"//)
      if [ -n "$tmp" ]; then
          tmp=$(echo "$tmp" | sed s/^"$package"// \
                    | awk -F- '$3!=0 && $3 !~ /^beta/ {print"-beta"$3}')
      else
-          tmp=$(git describe --match "${matchstr2}" --long 2>/dev/null \
-                | awk -F- '$4!=0{print"-beta"$4}')
+          # (due tof "-base" in the tag we need to take the 4th field)
+          tmp=$(git describe --match "${matchstr2}" --long 2>/dev/null)
+          if [ -n "$tmp" ]; then
+              tmp=$(echo "$tmp" | sed s/^"$package"// \
+                        | awk -F- '$4!=0 && $4 !~ /^beta/ {print"-beta"$4}')
+          elif [ -n "${matchstr3}" ]; then
+              tmp=$(git describe --match "${matchstr3}" --long 2>/dev/null)
+              if [ -n "$tmp" ]; then
+                  tmp=$(echo "$tmp" | sed s/^"$package"// \
+                          | awk -F- '$4!=0 && $4 !~ /^beta/ {print"-beta"$4}')
+              fi
+          fi
      fi
      [ -n "$tmp" ] && beta=yes
      rev=$(git rev-parse --short HEAD | tr -d '\n\r')
@ -294,12 +297,6 @@ fi
 # ******************
 if [ "$myhost" = "w32" ]; then
    case $myhostsub in
-        ce)
-          w32root="$w32ce_root"
-          [ -z "$w32root" ] && w32root="$HOME/w32ce_root"
-          toolprefixes="$w32ce_toolprefixes arm-mingw32ce"
-          extraoptions="$extraoptions $w32ce_extraoptions"
-          ;;
        64)
          w32root="$w64root"
          [ -z "$w32root" ] && w32root="$HOME/w64root"
--- a/build-aux/libtool-patch.sed
+++ b/build-aux/libtool-patch.sed
@ -0,0 +1,68 @@
+#
+# This is a sed script to patch the generated libtool,
+# which works well against both of libtool 2.4.2 and 2.4.7.
+#
+# You may use this work under the terms of a Creative Commons CC0 1.0
+# License/Waiver.
+#
+# CC0 Public Domain Dedication
+# https://creativecommons.org/publicdomain/zero/1.0/
+
+#
+# This sed script applys two hunks of the patch:
+#
+#     Part1: after the comment "# bleh windows"
+#     Part2: after the comment "#extension on DOS 8.3..."
+#
+# Only when those two parts are patched correctly, it exits with 0 or
+# else, it exits with 1
+#
+
+# Find the part 1, by the comment
+/^[ \t]*# bleh windows$/b part1_start
+# Not found the part1, raise an error
+$ q1
+b
+
+:part1_start
+n
+# The first line in the part 1 must be the begining of the case statement.
+/^[ \t]*case \$host in$/! q1
+n
+# Insert the entry for x86_64-*mingw32*, for modified versuffix.
+i\
+	      x86_64-*mingw32*)
+i\
+		func_arith $current - $age
+i\
+		major=$func_arith_result
+i\
+		versuffix="6-$major"
+i\
+		;;
+:part1_0
+# Find the end of the case statement
+/^[ \t]*esac$/b find_part2
+# Not found the end of the case statement, raise an error
+$ q1
+n
+b part1_0
+
+:find_part2
+/^[ \t]*# extension on DOS 8.3 file.*systems.$/b part2_process
+# Not found the part2, raise an error
+$ q1
+n
+b find_part2
+
+:part2_process
+$ q1
+s/^[ \t]*\(versuffix=\)\(.*\)\(-$major\)\(.*\)$/\t  case \$host in\n\t  x86_64-*mingw32*)\n\t    \1\26\3\4\n\t    ;;\n\t  *)\n\t    \1\2\3\4\n\t    ;;\n\t  esac/
+t part2_done
+n
+b part2_process
+
+:part2_done
+$ q0
+n
+b part2_done
--- a/build-aux/texinfo.tex
+++ b/build-aux/texinfo.tex
@ -482,7 +482,7 @@
 % \def\foo{\parsearg\Xfoo}
 % \def\Xfoo#1{...}
 %
-% Actually, I use \csname\string\foo\endcsname, ie. \\foo, as it is my
+% Actually, I use \csname\string\foo\endcsname, i.e. \\foo, as it is my
 % favourite TeX trick.  --kasal, 16nov03

 \def\parseargdef#1{%
--- a/configure.ac
+++ b/configure.ac
@ -31,8 +31,8 @@ min_automake_version="1.14"
 # for the LT versions.
 m4_define([mym4_package],[gpgme])
 m4_define([mym4_major], [1])
-m4_define([mym4_minor], [18])
-m4_define([mym4_micro], [1])
+m4_define([mym4_minor], [24])
+m4_define([mym4_micro], [0])

 # Below is m4 magic to extract and compute the git revision number,
 # the decimalized short revision number, a beta version string and a
@ -53,20 +53,20 @@ AC_INIT([mym4_package],[mym4_version],[https://bugs.gnupg.org])
 #   (Interfaces added:			AGE++)
 #   (Interfaces removed:		AGE=0)
 #
-LIBGPGME_LT_CURRENT=38
-LIBGPGME_LT_AGE=27
-LIBGPGME_LT_REVISION=0
+LIBGPGME_LT_CURRENT=43
+LIBGPGME_LT_AGE=32
+LIBGPGME_LT_REVISION=1

 # If there is an ABI break in gpgmepp or qgpgme also bump the
 # version in IMPORTED_LOCATION in the GpgmeppConfig-w32.cmake.in.in

-LIBGPGMEPP_LT_CURRENT=21
-LIBGPGMEPP_LT_AGE=15
-LIBGPGMEPP_LT_REVISION=0
+LIBGPGMEPP_LT_CURRENT=26
+LIBGPGMEPP_LT_AGE=20
+LIBGPGMEPP_LT_REVISION=1

-LIBQGPGME_LT_CURRENT=16
-LIBQGPGME_LT_AGE=1
-LIBQGPGME_LT_REVISION=0
+LIBQGPGME_LT_CURRENT=20
+LIBQGPGME_LT_AGE=5
+LIBQGPGME_LT_REVISION=1
 ################################################

 AC_SUBST(LIBGPGME_LT_CURRENT)
@ -85,7 +85,7 @@ AC_SUBST(LIBQGPGME_LT_REVISION)
 GPGME_CONFIG_API_VERSION=1
 ##############################################

-NEED_GPG_ERROR_VERSION=1.36
+NEED_GPG_ERROR_VERSION=1.47
 NEED_LIBASSUAN_API=2
 NEED_LIBASSUAN_VERSION=2.4.2

@ -206,6 +206,44 @@ esac

 AM_CONDITIONAL(HAVE_LD_VERSION_SCRIPT, test "$have_ld_version_script" = "yes")

+#
+# Specify how we support our local modification of libtool for Windows
+# 64-bit.  Options are:
+#
+# (1) apply: when appying patch fails, it results failure of entire build
+# (2) never: never apply the patch (no try)
+# (3) try: use patched if it goes well, use original if fails
+#
+AC_ARG_WITH([libtool-modification],
+  AS_HELP_STRING([--with-libtool-modification=apply|never|try],
+                 [how to handle libtool modification (default=never)]),
+                 build_libtool_modification=$withval,
+                 build_libtool_modification=never)
+
+#
+# Apply a patch (locally maintained one of ours) to libtool
+#
+case $host in
+  x86_64-*mingw32*)
+AC_CONFIG_COMMANDS([libtool-patch],[[
+  if test "$build_selection" = never; then
+    echo "patch not applied"
+  elif (mv -f libtool libtool.orig; \
+        sed -f $srcdir/build-aux/libtool-patch.sed libtool.orig >libtool); then
+    echo "applied successfully"
+  elif test "$build_selection" = try; then
+    mv -f libtool.orig libtool
+    echo "patch failed, thus, using original"
+  else
+    echo "patch failed"
+    as_fn_exit 1
+  fi
+]],[build_selection=$build_libtool_modification])
+  ;;
+  *)
+  ;;
+esac
+
 GPG_DEFAULT=no
 GPGSM_DEFAULT=no
 GPGCONF_DEFAULT=no
@ -219,7 +257,7 @@ have_macos_system=no
 build_w32_glib=no
 build_w32_qt=no
 available_languages="cl cpp python qt qt5 qt6"
-default_languages="cl cpp python qt"
+default_languages="cl cpp python qt5 qt6"
 case "${host}" in
    x86_64-*mingw32*)
        have_w64_system=yes
@ -300,14 +338,44 @@ if test x$fixed_search_path != x ; then
                    [Locate binaries only via this PATH])
 fi

+# Option --enable-reduce-relocations
+#
+# Allow building the Qt 6 bindings explicitly with -fPIC if the automatic
+# detection fails. Note: We assume that this flag is always available (unless
+# we built for Windows).
+AC_ARG_ENABLE([reduce-relocations],
+              AS_HELP_STRING([--enable-reduce-relocations],
+                             [build Qt 6 bindings with -fPIC (default is
+                              auto)]),
+              [use_reduce_relocations="$enableval"],
+              [use_reduce_relocations=""])
+
+# Option --enable-no-direct-extern-access
+#
+# Some distributions build Qt 6 with -mno-direct-extern-access. Libraries and
+# applications using Qt then must also be build with this flag. As workaround
+# for a bug in Qt's pkgconfig files which don't have this flag we allow
+# building with this flag explicitly.
+AC_LANG_PUSH(C++)
+AX_CHECK_COMPILE_FLAG([-mno-direct-extern-access],
+                      [have_no_direct_extern_access="yes"],
+                      [have_no_direct_extern_access="no"],
+                      [-Werror])
+AC_LANG_POP()
+AC_ARG_ENABLE([no-direct-extern-access],
+              AS_HELP_STRING([--enable-no-direct-extern-access],
+                             [build Qt 6 bindings with
+                              -mno-direct-extern-access (default is auto)]),
+              [use_no_direct_extern_access="$enableval"],
+              [use_no_direct_extern_access=""])
+

 # Note: You need to declare all possible languages also in
 #       lang/Makefile.am's DIST_SUBDIRS.
 AC_ARG_ENABLE([languages],
              AS_HELP_STRING([--enable-languages=languages],
                             [enable only specific language bindings:
-                              cl cpp python qt qt5 qt6 (qt selects qt5 or qt6,
-                              and qt5 and qt6 exclude each other)]),
+                              cl cpp python qt5 qt6]),
                             [enabled_languages=`echo $enableval | \
                             tr ',:' '  ' | tr '[A-Z]' '[a-z]' | \
                             sed 's/c++/cpp/'`],
@ -333,76 +401,95 @@ for language in $enabled_languages; do
    fi
 done

-# Check whether Qt5 and/or Qt6 are enabled explicitly
-want_qt5="no";
+# Check whether qt5 and/or qt6 are enabled
+want_qt5="no"
 LIST_MEMBER("qt5", $enabled_languages)
 if test "$found" = "1"; then
-    want_qt5="yes";
+    if test "$explicit_languages" = "1"; then
+        want_qt5="yes"
+    else
+        want_qt5="maybe"
+    fi
    # Remove qt5; further down qt will be added
    enabled_languages=$(echo $enabled_languages | sed 's/qt5//')
 fi
-want_qt6="no";
+want_qt6="no"
 LIST_MEMBER("qt6", $enabled_languages)
 if test "$found" = "1"; then
-    want_qt6="yes";
+    if test "$explicit_languages" = "1"; then
+        want_qt6="yes"
+    else
+        want_qt6="maybe"
+    fi
    # Remove qt6; further down qt will be added
    enabled_languages=$(echo $enabled_languages | sed 's/qt6//')
 fi
-if test "$want_qt5" = "yes" -a "$want_qt6" = "yes"; then
-    AC_MSG_ERROR([[
+
+# Check whether qt is enabled; if yes then it has been enabled explicitly
+want_qt="no"
+LIST_MEMBER("qt", $enabled_languages)
+if test "$found" = "1"; then
+    # Ignore qt if specified together with qt5 or qt6
+    if test "$want_qt5" = "no" -a "$want_qt6" = "no"; then
+        want_qt="yes"
+    fi
+    # Remove qt
+    enabled_languages=$(echo $enabled_languages | sed 's/qt//')
+    AC_MSG_WARN([[
 ***
-*** The bindings for Qt5 and Qt6 cannot be built simultaneously.
+*** Language binding "qt" is deprecated and will be removed in a future version.
+*** Use "qt5" and/or "qt6" instead.
 ***]])
 fi

 # Ensure that pkg-config is available for all calls of FIND_QT5/FIND_QT6
 PKG_PROG_PKG_CONFIG

-# If the generic qt is enabled, then check for Qt5 or Qt6 (in this order)
-LIST_MEMBER("qt", $enabled_languages)
-if test "$found" = "1"; then
-    # Remove the generic qt (qt5 and qt6 have already been removed)
-    enabled_languages=$(echo $enabled_languages | sed 's/qt//')
+# Check for Qt 5 (if qt5 or qt is enabled)
+if test "$want_qt" = "yes"; then
+    want_qt5="maybe"
+fi
+if test "$want_qt5" != "no"; then
    FIND_QT5
    if test "$have_qt5_libs" = "yes"; then
-        want_qt5="yes";
-    else
-        FIND_QT6
-        if test "$have_qt6_libs" = "yes"; then
-            want_qt6="yes";
-        else
-            if test "$explicit_languages" = "1"; then
-                AC_MSG_ERROR([[
-***
-*** Qt5 (Qt5Core) or Qt6 (Qt6Core) is required for the Qt binding.
-***]])
-            else
-                AC_MSG_WARN([[
-***
-*** Qt5 (Qt5Core) and Qt6 (Qt6Core) not found. Qt Binding will be disabled.
-***]])
-            fi
-        fi
-    fi
+        want_qt5="yes"
    elif test "$want_qt5" = "yes"; then
-    FIND_QT5
-    if test "$have_qt5_libs" != "yes"; then
        AC_MSG_ERROR([[
 ***
 *** Qt5 (Qt5Core) is required for the Qt 5 binding.
 ***]])
+    else
+        want_qt5="no"
    fi
-elif test "$want_qt6" = "yes"; then
+fi
+
+# Check for Qt 6 (if qt6 is enabled or if qt is enabled and Qt 5 wasn't found)
+if test "$want_qt" = "yes" -a "$have_qt5_libs" != "yes"; then
+    want_qt6="maybe"
+fi
+if test "$want_qt6" != "no"; then
    FIND_QT6
-    if test "$have_qt6_libs" != "yes"; then
+    if test "$have_qt6_libs" = "yes"; then
+        want_qt6="yes";
+    elif test "$want_qt6" = "yes"; then
        AC_MSG_ERROR([[
 ***
 *** Qt6 (Qt6Core) is required for the Qt 6 binding.
 ***]])
+    else
+        want_qt6="no"
    fi
 fi

-# Check that cpp is enabled if qt5 or qt6 is enabled
+# Check if any Qt was found (if qt is enabled)
+if test "$want_qt" = "yes" -a "$have_qt5_libs" != "yes" -a "$have_qt6_libs" != "yes"; then
+    AC_MSG_ERROR([[
+***
+*** Qt5 (Qt5Core) or Qt6 (Qt6Core) is required for the Qt bindings.
+***]])
+fi
+
+# Check that cpp is enabled if qt5 or qt6 is enabled and was found
 if test "$want_qt5" = "yes" -o "$want_qt6" = "yes"; then
    LIST_MEMBER("cpp", $enabled_languages)
    if test "$found" = "0"; then
@ -453,7 +540,7 @@ if test "$found" = "1" -a "$HAVE_CXX17" != "1"; then
    fi
 fi

-# Now append qt to the list of language bindings
+# Now append qt to the list of language bindings (to enable the subdir in lang)
 if test "$want_qt5" = "yes" -o "$want_qt6" = "yes"; then
    enabled_languages=$(echo $enabled_languages qt)
 fi
@ -521,11 +608,12 @@ if test "$found_py" = "1"; then
 	if test "$found_py" = "1" -o "$found_py3" = "1"; then
 	  # Reset everything, so that we can look for another Python.
          m4_foreach([mym4pythonver],
-                     [[2.7],[3.4],[3.5],[3.6],[3.7],[3.8],[3.9],[all]],
+                     [[2.7],[3.6],[3.8],[3.9],[3.10],[3.11],[3.12],[all]],
           [unset PYTHON
 	    unset PYTHON_VERSION
 	    unset PYTHON_CPPFLAGS
 	    unset PYTHON_LDFLAGS
+	    unset PYTHON_LIBS
 	    unset PYTHON_SITE_PKG
 	    unset PYTHON_EXTRA_LIBS
 	    unset PYTHON_EXTRA_LDFLAGS
@ -536,7 +624,7 @@ if test "$found_py" = "1"; then
 	    unset am_cv_python_pythondir
 	    unset am_cv_python_pyexecdir
 	    AM_PATH_PYTHON(mym4pythonver, [
-		AX_PYTHON_DEVEL
+		AX_PYTHON_DEVEL([], [true])
 		if test "$PYTHON_VERSION"; then
 			PYTHONS="$(echo $PYTHONS $PYTHON)"
 			PYTHON_VERSIONS="$(echo $PYTHON_VERSIONS $PYTHON_VERSION)"
@ -920,6 +1008,9 @@ AH_BOTTOM([
 # define GPGME_GCC_A_PURE
 #endif

+/* Under Windows we use the gettext code from gpgrt.  */
+#define GPG_ERR_ENABLE_GETTEXT_MACROS 1
+
 /* Under WindowsCE we need gpg-error's strerror macro.  */
 #define GPG_ERR_ENABLE_ERRNO_MACROS 1

@ -1072,7 +1163,9 @@ AC_CONFIG_FILES([lang/python/Makefile
 AC_CONFIG_FILES([lang/python/setup.py], [chmod a+x lang/python/setup.py])
 AC_OUTPUT

-if test "$want_qt5" = "yes"; then
+if test "$want_qt5" = "yes" -a "$want_qt6" = "yes"; then
+    enabled_languages_v=$(echo ${enabled_languages_v:-$enabled_languages} | sed "s/qt/qt (Qt 5, Qt 6)/")
+elif test "$want_qt5" = "yes"; then
    enabled_languages_v=$(echo ${enabled_languages_v:-$enabled_languages} | sed "s/qt/qt (Qt 5)/")
 elif test "$want_qt6" = "yes"; then
    enabled_languages_v=$(echo ${enabled_languages_v:-$enabled_languages} | sed "s/qt/qt (Qt 6)/")
--- a/doc/gpgme.texi
+++ b/doc/gpgme.texi
@ -551,7 +551,7 @@ convention for 32 bit Windows by using @code{long} there.
 and thus we are able to use @code{int64_t} instead of @code{off_t}
 there.  For easier migration the typedef @code{gpgme_off_t} has been
 defined.  The reason we cannot use @code{off_t} directly is that some
-toolchains (e.g. mingw64) introduce a POSIX compatible hack for
+toolchains (e.g., mingw64) introduce a POSIX compatible hack for
@code{off_t}.  Some widely used toolkits make use of this hack and in
 turn @acronym{GPGME} would need to use it also.  However, this would
 introduce an ABI break and existing software making use of libgpgme
@ -589,10 +589,16 @@ mode (@code{_LARGEFILE64_SOURCE}).
@cindex automake
@cindex autoconf

-It is much easier if you use GNU Automake instead of writing your own
-Makefiles.  If you do that you do not have to worry about finding and
-invoking the @command{pkg-config} script at all.  @acronym{GPGME}
-provides an extension to Automake that does all the work for you.
+You can simply use @code{PKG_CHECK_MODULES} macro with @command{pkg-config}:
+@example
+PKG_CHECK_MODULES([GPGME], [gpgme >= 1.23.1])
+@end example
+
+Alternatively, instead of using @command{pkg-config}, for building on
+an environment with no pkg-config, @acronym{GPGME} provides an
+extension to Automake that does all the work for you.  Please note
+that it is required to have gpgrt-config from libgpg-error installed
+in this case.

@c A simple macro for optional variables.
@macro ovar{varname}
@ -1304,8 +1310,8 @@ returned.

 The function @code{gpgme_pubkey_algo_string} is a convenience function
 to build and return an algorithm string in the same way GnuPG does
-(e.g. ``rsa2048'' or ``ed25519'').  The caller must free the result
-using @code{gpgme_free}.  On error (e.g. invalid argument or memory
+(e.g., ``rsa2048'' or ``ed25519'').  The caller must free the result
+using @code{gpgme_free}.  On error (e.g., invalid argument or memory
 exhausted), the function returns NULL and sets @code{ERRNO}.
@end deftypefun

@ -1649,6 +1655,11 @@ when requested.
@item GPG_ERR_CANCELED
 This value means that the operation was canceled.

+@item GPG_ERR_FULLY_CANCELED
+This value means that the operation was canceled. It is sometimes returned
+instead of @code{GPG_ERR_CANCELED} for internal reasons in GnuPG. You should
+treat both values identically.
+
@item GPG_ERR_INV_ENGINE
 This value means that the engine that implements the desired protocol
 is currently not available.  This can either be because the sources
@ -1790,7 +1801,7 @@ is used.

 On POSIX platforms the @code{gpgme_off_t} type is an alias for
@code{off_t}; it may be used interchangeable.  On Windows platforms
-@code{gpgme_off_t} is defined as a long (i.e. 32 bit) for 32 bit
+@code{gpgme_off_t} is defined as a long (i.e., 32 bit) for 32 bit
 Windows and as a 64 bit signed integer for 64 bit Windows.
@end deftp

@ -2226,7 +2237,7 @@ for a new data object.  The backend will try its best to detect the
 encoding automatically.

@item GPGME_DATA_ENCODING_BINARY
-This specifies that the data is encoding in binary form; i.e. there is
+This specifies that the data is encoding in binary form; i.e., there is
 no special encoding.

@item GPGME_DATA_ENCODING_BASE64
@ -2266,7 +2277,7 @@ characters percent escaped.  This mode is is not yet implemented.
@deftypefun gpgme_data_encoding_t gpgme_data_get_encoding (@w{gpgme_data_t @var{dh}})
 The function @code{gpgme_data_get_encoding} returns the encoding of
 the data object with the handle @var{dh}.  If @var{dh} is not a valid
-pointer (e.g. @code{NULL}) @code{GPGME_DATA_ENCODING_NONE} is
+pointer (e.g., @code{NULL}) @code{GPGME_DATA_ENCODING_NONE} is
 returned.
@end deftypefun

@ -2367,7 +2378,7 @@ The data is a PKCS#12 message.  This is commonly used to exchange
 private keys for X.509.
@end table

-@deftypefun gpgme_data_type_t gpgme_data_identify (@w{gpgme_data_t @var{dh}})
+@deftypefun gpgme_data_type_t gpgme_data_identify (@w{gpgme_data_t @var{dh}, int @var{reserved}})
@since{1.4.3}

 The function @code{gpgme_data_identify} returns the type of the data
@ -2377,6 +2388,7 @@ identification, the function returns zero
 object has been created the identification may not be possible or the
 data object may change its internal state (file pointer moved).  For
 file or memory based data object, the state should not change.
+@var{reserved} should be zero.
@end deftypefun


@ -2595,7 +2607,7 @@ addresses is not supported.

 The function @code{gpgme_set_sender} specifies the sender address for
 use in sign and verify operations.  @var{address} is expected to be
-the ``addr-spec'' part of an address but my also be a complete mailbox
+the ``addr-spec'' part of an address but may also be a complete mailbox
 address, in which case this function extracts the ``addr-spec'' from
 it.  Using @code{NULL} for @var{address} clears the sender address.

@ -2688,8 +2700,9 @@ for example completely disable the use of Dirmngr for any engine.

 For the CMS protocol the offline mode specifies whether Dirmngr shall
 be used to do additional validation that might require connecting
-external services (e.g. CRL / OCSP checks).  Here the offline mode
-only affects the keylist mode @code{GPGME_KEYLIST_MODE_VALIDATE}.
+external services (e.g., CRL / OCSP checks).  The offline mode is used
+for all operations on this context.  It has only an effect with
+GnuPG versions 2.1.6 or later.

 For the OpenPGP protocol offline mode entirely disables the use of the
 Dirmngr and will thus guarantee that no network connections are done
@ -2894,6 +2907,12 @@ option also makes sure that the keygrip is available in the output.
 The @code{GPGME_KEYLIST_MODE_EPHEMERAL} symbol specifies that keys
 flagged as ephemeral are included in the listing.

+@item GPGME_KEYLIST_MODE_WITH_V5FPR
+@since{1.23.0}
+
+The @code{GPGME_KEYLIST_MODE_WITH_V5FPR} symbol specifies that key
+listings shall also provide v5 style fingerprints for v4 OpenPGp keys.
+
@item GPGME_KEYLIST_MODE_VALIDATE
@since{0.4.5}

@ -3260,8 +3279,14 @@ The string given in @var{value} is passed to the GnuPG engine to use as
 filter when importing keys.  Valid values are documented in the GnuPG
 manual and the gpg man page under the option @option{--import-filter}.

+@item "import-options"
+@since{1.24.0}
+The string given in @var{value} is passed to the GnuPG engine to use as
+options when importing keys.  Valid values are documented in the GnuPG
+manual and the gpg man page under the option @option{--import-options}.
+
@item "no-auto-check-trustdb"
-@since{1.18.1}
+@since{1.19.0}
 Setting the @var{value} to "1" forces the GPG backend to disable the
 automatic check of the trust database.

@ -3448,22 +3473,47 @@ listings if the key could not be validated due to missing
 certificates or unmatched policies.

@item unsigned int can_encrypt : 1
-This is true if the key (ie one of its subkeys) can be used for
-encryption.
+This is true if the key or one of its subkeys can be used for
+encryption and the encryption will likely succeed.

@item unsigned int can_sign : 1
-This is true if the key (ie one of its subkeys) can be used to create
-data signatures.
+This is true if the key or one of its subkeys can be used to create
+data signatures and the signing will likely succeed.

@item unsigned int can_certify : 1
-This is true if the key (ie one of its subkeys) can be used to create
+This is true if the key or one of its subkeys can be used to create
 key certificates.

@item unsigned int can_authenticate : 1
@since{0.4.5}

 This is true if the key (ie one of its subkeys) can be used for
-authentication.
+authentication and the authentication will likely succeed.
+
+@item unsigned int has_encrypt : 1
+@since{1.23.0}
+
+This is true if the key or one of its subkeys is capable of encryption.
+Note that this flag is set even if the key is expired.
+
+@item unsigned int has_sign : 1
+@since{1.23.0}
+
+This is true if the key or one of its subkeys is capable of signing.
+Note that this flag is set even if the key is expired.
+
+@item unsigned int has_certify : 1
+@since{1.23.0}
+
+This is true if the key or one of its subkeys is capable of
+certification.  Note that this flag is set even if the key is expired.
+
+@item unsigned int has_authenticate : 1
+@since{1.23.0}
+
+This is true if the key or one of its subkeys is capable of
+authentication.  Note that this flag is set even if the key is
+expired.

@item unsigned int is_qualified : 1
@since{1.1.0}
@ -3522,6 +3572,10 @@ be missing but this field may be set nevertheless.

 Reserved for the time of the last update of this key.

+@item gpgme_revocation_key_t revkeys
+@since{1.24.0}
+This is a linked list with the revocation keys for the key.
+
@end table
@end deftp

@ -3585,7 +3639,7 @@ Brainpool curve.

@item unsigned int secret : 1
 This is true if the subkey is a secret key.  Note that it will be
-false if the key is actually a stub key; i.e. a secret key operation
+false if the key is actually a stub key; i.e., a secret key operation
 is currently not possible (offline-key).  This is only set if a
 listing of secret keys has been requested or if
@code{GPGME_KEYLIST_MODE_WITH_SECRET} is active.
@ -3603,6 +3657,10 @@ This is the key ID of the subkey in hexadecimal digits.
 This is the fingerprint of the subkey in hexadecimal digits, if
 available.

+@item char *v5fpr
+For a v4 OpenPGP key this is its v5 style fingerprint of the subkey in
+hexadecimal digits, if available.
+
@item char *keygrip
@since{1.7.0}

@ -3860,6 +3918,37 @@ This is a linked list with the notation data and policy URLs.
@end deftp


+@deftp {Data type} gpgme_revocation_key_t
+@since{1.24.0}
+
+The @code{gpgme_revocation_key_t} type is a pointer to a revocation key
+structure.  Revocation key structures are one component of a
+@code{gpgme_key_t} object.  They provide information about the designated
+revocation keys for a key.
+
+The revocation key structure has the following members:
+
+@table @code
+@item gpgme_revocation_key_t next
+This is a pointer to the next revocation key structure in the linked list,
+or @code{NULL} if this is the last element.
+
+@item gpgme_pubkey_algo_t pubkey_algo
+This is the public key algorithm of the revocation key.
+
+@item char *fpr
+This is the fingerprint of the revocation_key in hexadecimal digits.
+
+@item unsigned int key_class
+This is the class of the revocation key signature subpacket.
+
+@item unsigned int sensitive : 1
+This is true if the revocation key is marked as sensitive.
+
+@end table
+@end deftp
+
+

@node Listing Keys
@subsection Listing Keys
@ -4224,7 +4313,7 @@ GnuPG.
@var{userid} is commonly the mail address associated with the key.
 GPGME does not require a specific syntax but if more than a mail
 address is given, RFC-822 style format is suggested.  The value is
-expected to be in UTF-8 encoding (i.e. no IDN encoding for mail
+expected to be in UTF-8 encoding (i.e., no IDN encoding for mail
 addresses).  This is a required parameter.

@var{algo} specifies the algorithm for the new key (actually a keypair
@ -4307,6 +4396,14 @@ override this check.

 Request generation of keys that do not expire.

+@item GPGME_CREATE_ADSK
+@since{1.24.0}
+
+Add an ADSK to the key.  With this flag @var{algo} is expected to be
+the hexified fingerprint of the ADSK to be added; this must be a
+subkey.  If the string "default" is used for @var{algo} the engine
+will add all ADSK as it would do for new keys.
+
@end table

 After the operation completed successfully, information about the
@ -4382,6 +4479,10 @@ values for timestamps and thus can only encode dates up to the year
@var{flags} takes the same values as described above for
@code{gpgme_op_createkey}.

+If the @code{GPGME_CREATE_ADSK} flag is set, the subkey fingerprint
+given in the @code{algo} parameter is added as an ADSK
+to the key.
+
 After the operation completed successfully, information about the
 created key can be retrieved with @code{gpgme_op_genkey_result}.

@ -4433,7 +4534,7 @@ requires at least version 2.1.13 of GnuPG.
 the mail address to be associated with the key.  GPGME does not
 require a specific syntax but if more than a mail address is given,
 RFC-822 style format is suggested.  The value is expected to be in
-UTF-8 encoding (i.e. no IDN encoding for mail addresses).  This is a
+UTF-8 encoding (i.e., no IDN encoding for mail addresses).  This is a
 required parameter.

@var{flags} are currently not used and must be set to zero.
@ -4642,7 +4743,7 @@ retrieved with @code{gpgme_op_genkey_result}.

 The function returns the error code @code{GPG_ERR_NO_ERROR} if the
 operation could be started successfully, @code{GPG_ERR_INV_VALUE} if
-@var{parms} is not a well-formed string (e.g. does not have the
+@var{parms} is not a well-formed string (e.g., does not have the
 expected tag-like headers and footers), @code{GPG_ERR_NOT_SUPPORTED}
 if @var{public} or @var{secret} is not valid, and
@code{GPG_ERR_GENERAL} if no key was created by the backend.
@ -5105,7 +5206,7 @@ The function @code{gpgme_op_import_keys} adds the keys described by
 the @code{NULL} terminated array @var{keys} to the key ring of the
 crypto engine used by @var{ctx}.  It is used to actually import and
 make keys permanent which have been retrieved from an external source
-(i.e. using @code{GPGME_KEYLIST_MODE_EXTERN}) earlier.  The external
+(i.e., using @code{GPGME_KEYLIST_MODE_EXTERN}) earlier.  The external
 keylisting must have been made with the same context configuration (in
 particular the same home directory).  @footnote{Thus it is a
 replacement for the usual workaround of exporting and then importing a
@ -5115,7 +5216,7 @@ require another access to the keyserver over the network.
 Only keys of the currently selected protocol of @var{ctx} are
 considered for import.  Other keys specified by the @var{keys} are
 ignored.  As of now all considered keys must have been retrieved using
-the same method, i.e. the used key listing mode must be identical.
+the same method, i.e., the used key listing mode must be identical.

 After the operation completed successfully, the result can be
 retrieved with @code{gpgme_op_import_result}.
@ -5187,7 +5288,7 @@ This is a pointer to the next status structure in the linked list, or

@item char *fpr
 This is the fingerprint of the key that was considered, or @code{NULL}
-if the fingerprint of the key is not known, e.g. because the key to
+if the fingerprint of the key is not known, e.g., because the key to
 import was encrypted and decryption failed.

@item gpgme_error_t result
@ -5335,16 +5436,19 @@ operation was started successfully, and @code{GPG_ERR_INV_VALUE} if
@var{ctx} or @var{key} is not a valid pointer.
@end deftypefun

-The following functions allow only to use one particular flag.
+The following functions allow only to use one particular flag.  Their
+use is thus deprecated.

@deftypefun gpgme_error_t gpgme_op_delete (@w{gpgme_ctx_t @var{ctx}}, @w{const gpgme_key_t @var{key}}, @w{int @var{allow_secret}})
 Similar to @code{gpgme_op_delete_ext}, but only the flag
-@code{GPGME_DELETE_ALLOW_SECRET} can be provided.
+@code{GPGME_DELETE_ALLOW_SECRET} can be provided.  Actually all true
+values are mapped to this flag.
@end deftypefun

@deftypefun gpgme_error_t gpgme_op_delete_start (@w{gpgme_ctx_t @var{ctx}}, @w{const gpgme_key_t @var{key}}, @w{int @var{allow_secret}})
 Similar to @code{gpgme_op_delete_ext_start}, but only the flag
-@code{GPGME_DELETE_ALLOW_SECRET} can be provided.
+@code{GPGME_DELETE_ALLOW_SECRET} can be provided.  Actually all true
+values are mapped to this flag.
@end deftypefun


@ -5586,7 +5690,10 @@ An error code describing the reason why the key was found invalid.

@deftypefun gpgme_error_t gpgme_op_decrypt (@w{gpgme_ctx_t @var{ctx}}, @w{gpgme_data_t @var{cipher}}, @w{gpgme_data_t @var{plain}})
 The function @code{gpgme_op_decrypt} decrypts the ciphertext in the
-data object @var{cipher} and stores it into the data object
+data object @var{cipher} or, if a file name is set on the data object,
+the ciphertext stored in the corresponding file.  The decrypted
+ciphertext is stored into the data object @var{plain} or written to
+the file set with @code{gpgme_data_set_file_name} for the data object
@var{plain}.

 The function returns the error code @code{GPG_ERR_NO_ERROR} if the
@ -5800,7 +5907,12 @@ detached signature, then the signed text should be provided in
 Otherwise, if @var{sig} is a normal (or cleartext) signature,
@var{signed_text} should be a null pointer and @var{plain} should be a
 writable data object that will contain the plaintext after successful
-verification.
+verification.  If a file name is set on the data object @var{sig} (or
+on the data object @var{signed_text}), then the data of the signature
+(resp. the data of the signed text) is not read from the data object
+but from the file with the given file name.  If a file name is set on
+the data object @var{plain} then the plaintext is not stored in the
+data object but it is written to a file with the given file name.

 The results of the individual signature verifications can be retrieved
 with @code{gpgme_op_verify_result}.
@ -5979,7 +6091,7 @@ The defined bits are:

  @item GPGME_SIGSUM_RED
  The signature is bad. It might be useful to check other bits and
-  display more information, i.e. a revoked certificate might not render a
+  display more information, i.e., a revoked certificate might not render a
  signature invalid when the message was received prior to the cause for
  the revocation.

@ -6225,7 +6337,7 @@ functions in GPGME and GnuPG:

 Return the mail address (called ``addr-spec'' in RFC-5322) from the
 string @var{uid} which is assumed to be a user id (called ``address''
-in RFC-5322).  All plain ASCII characters (i.e. those with bit 7
+in RFC-5322).  All plain ASCII characters (i.e., those with bit 7
 cleared) in the result are converted to lowercase.  Caller must free
 the result using @code{gpgme_free}.  Returns @code{NULL} if no valid
 address was found (in which case @code{ERRNO} is set to @code{EINVAL})
@ -6320,23 +6432,40 @@ A signed archive is created from the given files and directories.  This
 feature is currently only supported for the OpenPGP crypto engine and requires
 GnuPG 2.4.1.

+@item GPGME_SIG_MODE_FILE
+@since{1.24.0}
+
+The filename set with @code{gpgme_data_set_file_name} for the data object
+@var{plain} is passed to gpg, so that gpg reads the plaintext directly from
+this file instead of from the data object @var{plain}.  This flag can be
+combined with @code{GPGME_SIG_MODE_NORMAL}, @code{GPGME_SIG_MODE_DETACH},
+and @code{GPGME_SIG_MODE_CLEAR}, but not with @code{GPGME_SIG_MODE_ARCHIVE}.
+This feature is currently only supported for the OpenPGP crypto engine.
+
@end table
@end deftp

@deftypefun gpgme_error_t gpgme_op_sign (@w{gpgme_ctx_t @var{ctx}}, @w{gpgme_data_t @var{plain}}, @w{gpgme_data_t @var{sig}}, @w{gpgme_sig_mode_t @var{mode}})
 The function @code{gpgme_op_sign} creates a signature for the text in
 the data object @var{plain} and returns it in the data object
-@var{sig}.  The type of the signature created is determined by the
-@acronym{ASCII} armor (or, if that is not set, by the encoding
-specified for @var{sig}), the text mode attributes set for the context
-@var{ctx} and the requested signature mode @var{mode}.
+@var{sig} or writes it directly to the file set with
+@code{gpgme_data_set_file_name} for the data object @var{sig}.  The type
+of the signature created is determined by the @acronym{ASCII} armor (or,
+if that is not set, by the encoding specified for @var{sig}), the text
+mode attributes set for the context @var{ctx} and the requested signature
+mode @var{mode}.

-If signature mode @code{GPGME_SIG_MODE_ARCHIVE} is requested, then a
+If the signature mode flag @code{GPGME_SIG_MODE_FILE} is set and a filename
+has been set with @code{gpgme_data_set_file_name} for the data object
+@var{plain}, then this filename is passed to gpg, so that gpg reads the
+plaintext directly from this file instead of from the data object @var{plain}.
+
+If signature mode @code{GPGME_SIG_MODE_ARCHIVE} is requested then a
 signed archive is created from the files and directories given as
-NUL-separated list in the data object @var{plain} and returned in the
-data object @var{sig}.  The paths of the files and directories have to
-be given as paths relative to the current working directory or relative
-to the base directory set with @code{gpgme_data_set_file_name}.
+NUL-separated list in the data object @var{plain}.  The paths of the files
+and directories have to be given as paths relative to the current working
+directory or relative to the base directory set with
+@code{gpgme_data_set_file_name} for the data object @var{plain}.

 After the operation completed successfully, the result can be
 retrieved with @code{gpgme_op_sign_result}.
@ -6504,17 +6633,26 @@ and then passed to the encryption operation.
@deftypefun gpgme_error_t gpgme_op_encrypt (@w{gpgme_ctx_t @var{ctx}}, @w{gpgme_key_t @var{recp}[]}, @w{gpgme_encrypt_flags_t @var{flags}}, @w{gpgme_data_t @var{plain}}, @w{gpgme_data_t @var{cipher}})
 The function @code{gpgme_op_encrypt} encrypts the plaintext in the
 data object @var{plain} for the recipients @var{recp} and stores the
-ciphertext in the data object @var{cipher}.  The type of the
-ciphertext created is determined by the @acronym{ASCII} armor (or, if
-that is not set, by the encoding specified for @var{cipher}) and the
-text mode attributes set for the context @var{ctx}.
+ciphertext in the data object @var{cipher} or writes it directly to the
+file set with @code{gpgme_data_set_file_name} for the data object
+@var{cipher}.  The type of the ciphertext created is determined by the
+@acronym{ASCII} armor (or, if that is not set, by the encoding specified
+for @var{cipher}) and the text mode attributes set for the context
+@var{ctx}.  If a filename has been set with @code{gpgme_data_set_file_name}
+for the data object @var{plain} then this filename is stored in the
+ciphertext.
+
+If the flag @code{GPGME_ENCRYPT_FILE} is set and a filename has been set
+with @code{gpgme_data_set_file_name} for the data object @var{plain},
+then this filename is passed to gpg, so that gpg reads the plaintext
+directly from this file instead of from the data object @var{plain}.

 If the flag @code{GPGME_ENCRYPT_ARCHIVE} is set, then an encrypted
 archive is created from the files and directories given as NUL-separated
-list in the data object @var{plain} and returned in the data object
-@var{cipher}.  The paths of the files and directories have to
-be given as paths relative to the current working directory or relative
-to the base directory set with @code{gpgme_data_set_file_name}.
+list in the data object @var{plain}.  The paths of the files and
+directories have to be given as paths relative to the current working
+directory or relative to the base directory set with
+@code{gpgme_data_set_file_name} for the data object @var{plain}.

@var{recp} must be a @code{NULL}-terminated array of keys.  The user
 must keep references for all keys during the whole duration of the
@ -6531,6 +6669,10 @@ recipients in @var{recp} should be trusted, even if the keys do not
 have a high enough validity in the keyring.  This flag should be used
 with care; in general it is not a good idea to use any untrusted keys.

+For the S/MIME (CMS) protocol this flag allows to encrypt to a
+certificate without running any checks on the validity of the
+certificate.
+
@item GPGME_ENCRYPT_NO_ENCRYPT_TO
@since{1.2.0}

@ -6550,7 +6692,7 @@ may reveal information about the plaintext.
@item GPGME_ENCRYPT_PREPARE
@itemx GPGME_ENCRYPT_EXPECT_SIGN
 The @code{GPGME_ENCRYPT_PREPARE} symbol is used with the UI Server
-protocol to prepare an encryption (i.e. sending the
+protocol to prepare an encryption (i.e., sending the
@code{PREP_ENCRYPT} command).  With the
@code{GPGME_ENCRYPT_EXPECT_SIGN} symbol the UI Server is advised to
 also expect a sign command.
@ -6599,6 +6741,15 @@ NUL-separated list of file paths and directory paths that shall be
 encrypted into an archive.  This feature is currently only supported
 for the OpenPGP crypto engine and requires GnuPG 2.4.1.

+@item GPGME_ENCRYPT_FILE
+@since{1.24.0}
+
+The @code{GPGME_ENCRYPT_FILE} symbol specifies that the filename set
+with @code{gpgme_data_set_file_name} for the data object @var{plain}
+is passed to gpg, so that gpg reads the plaintext directly from this
+file instead of from the data object @var{plain}.  This feature is
+currently only supported for the OpenPGP crypto engine.
+
@end table

 If @code{GPG_ERR_UNUSABLE_PUBKEY} is returned, some recipients in
@ -7934,6 +8085,15 @@ reveal sensitive details like passphrases or other data you use in
 your application.  If you are asked to send a log file, make sure that
 you run your tests only with play data.

+The trace function makes use of gpgrt's logging function and thus the
+special @file{socket://} and @file{tcp://} files may be used.  Because
+this conflicts with the use of colons to separate fields, the following
+hack is used: If the file name contains the string @code{^//} all
+carets are replaced by colons.  For example to log to TCP port 42042
+this can be used:
+@smallexample
+GPGME_DEBUG=5:tcp^//127.0.0.1^42042
+@end smallexample

@node Deprecated Functions
@appendix Deprecated Functions
--- a/doc/texinfo.tex
+++ b/doc/texinfo.tex
@ -498,7 +498,7 @@
 % \def\foo{\parsearg\Xfoo}
 % \def\Xfoo#1{...}
 %
-% Actually, I use \csname\string\foo\endcsname, ie. \\foo, as it is my
+% Actually, I use \csname\string\foo\endcsname, i.e. \\foo, as it is my
 % favourite TeX trick.  --kasal, 16nov03

 \def\parseargdef#1{%
--- a/lang/cpp/Makefile.am
+++ b/lang/cpp/Makefile.am
@ -18,6 +18,12 @@
 # License along with this program; if not, see <https://gnu.org/licenses/>.
 # SPDX-License-Identifier: LGPL-2.1-or-later

-SUBDIRS = src tests
+if RUN_GPG_TESTS
+tests = tests
+else
+tests =
+endif
+
+SUBDIRS = src ${tests}

 EXTRA_DIST = README
--- a/lang/cpp/src/Makefile.am
+++ b/lang/cpp/src/Makefile.am
@ -88,6 +88,14 @@ else
 libsuffix=.so
 endif

+copied_headers = $(gpgmepp_headers:%=gpgme++/%) $(interface_headers:%=gpgme++/%)
+
+$(copied_headers): Makefile.am
+	mkdir -p $(builddir)/gpgme++/interfaces
+	echo -n "#include \"$(abs_srcdir)" > "$@"
+	echo -n "$@" | sed "s/gpgme++//" >> "$@"
+	echo "\"" >> "$@"
+
 if HAVE_W32_SYSTEM
 GpgmeppConfig.cmake: GpgmeppConfig-w32.cmake.in
 	sed -e 's|[@]resolved_bindir@|$(bindir)|g' < "$<" | \
@ -115,5 +123,8 @@ install-data-local: install-cmake-files

 uninstall-local: uninstall-cmake-files

+BUILT_SOURCES = $(copied_headers)
+
 CLEANFILES = GpgmeppConfig.cmake GpgmeppConfigVersion.cmake \
-             gpgmepp_version.h GpgmeppConfig.cmake.in
+             gpgmepp_version.h GpgmeppConfig.cmake.in \
+             $(copied_headers)
--- a/lang/cpp/src/configuration.cpp
+++ b/lang/cpp/src/configuration.cpp
@ -257,158 +257,6 @@ Type Option::alternateType() const
    return isNull() ? NoType : static_cast<Type>(opt->alt_type) ;
 }

-#if 0
-static Option::Variant argument_to_variant(gpgme_conf_type_t type, bool list, gpgme_conf_arg_t arg)
-{
-    assert(arg);
-    switch (type) {
-    case GPGME_CONF_NONE:
-        if (list) {
-            // return the count (number of times set):
-            return arg->value.count;
-        } else {
-            return none;
-        }
-    case GPGME_CONF_INT32:
-        if (list) {
-            std::vector<int> result;
-            for (gpgme_conf_arg_t a = arg ; a ; a = a->next) {
-                result.push_back(a->value.int32);
-            }
-            return result;
-        } else {
-            return arg->value.int32;
-        }
-    case GPGME_CONF_UINT32:
-        if (list) {
-            std::vector<unsigned int> result;
-            for (gpgme_conf_arg_t a = arg ; a ; a = a->next) {
-                result.push_back(a->value.uint32);
-            }
-            return result;
-        } else {
-            return arg->value.uint32;
-        }
-    case GPGME_CONF_FILENAME:
-    case GPGME_CONF_LDAP_SERVER:
-    case GPGME_CONF_KEY_FPR:
-    case GPGME_CONF_PUB_KEY:
-    case GPGME_CONF_SEC_KEY:
-    case GPGME_CONF_ALIAS_LIST:
-    // these should not happen in alt_type, but fall through
-    case GPGME_CONF_STRING:
-        if (list) {
-            std::vector<const char *> result;
-            for (gpgme_conf_arg_t a = arg ; a ; a = a->next) {
-                result.push_back(a->value.string);
-            }
-            return result;
-        } else {
-            return arg->value.string;
-        }
-    }
-    assert(!"Option: unknown alt_type!");
-    return Option::Variant();
-}
-
-namespace
-{
-inline const void *to_void_star(const char *s)
-{
-    return s;
-}
-inline const void *to_void_star(const std::string &s)
-{
-    return s.c_str();
-}
-inline const void *to_void_star(const int &i)
-{
-    return &i;    // const-&: sic!
-}
-inline const void *to_void_star(const unsigned int &i)
-{
-    return &i;    // const-&: sic!
-}
-
-struct VariantToArgumentVisitor : boost::static_visitor<gpgme_conf_arg_t> {
-    static gpgme_conf_arg_t make_argument(gpgme_conf_type_t type, const void *value)
-    {
-        gpgme_conf_arg_t arg = 0;
-#ifdef HAVE_GPGME_CONF_ARG_NEW_WITH_CONST_VALUE
-        if (const gpgme_error_t err = gpgme_conf_arg_new(&arg, type, value)) {
-            return 0;
-        }
-#else
-        if (const gpgme_error_t err = gpgme_conf_arg_new(&arg, type, const_cast<void *>(value))) {
-            return 0;
-        }
-#endif
-        else {
-            return arg;
-        }
-    }
-
-    gpgme_conf_arg_t operator()(bool v) const
-    {
-        return v ? make_argument(0) : 0 ;
-    }
-
-    gpgme_conf_arg_t operator()(const char *s) const
-    {
-        return make_argument(s ? s : "");
-    }
-
-    gpgme_conf_arg_t operator()(const std::string &s) const
-    {
-        return operator()(s.c_str());
-    }
-
-    gpgme_conf_arg_t operator()(int i) const
-    {
-        return make_argument(&i);
-    }
-
-    gpgme_conf_arg_t operator()(unsigned int i) const
-    {
-        return make_argument(&i);
-    }
-
-    template <typename T>
-    gpgme_conf_arg_t operator()(const std::vector<T> &value) const
-    {
-        gpgme_conf_arg_t result = 0;
-        gpgme_conf_arg_t last = 0;
-        for (typename std::vector<T>::const_iterator it = value.begin(), end = value.end() ; it != end ; ++it) {
-            if (gpgme_conf_arg_t arg = make_argument(to_void_star(*it))) {
-                if (last) {
-                    last = last->next = arg;
-                } else {
-                    result = last = arg;
-                }
-            }
-        }
-        return result;
-    }
-
-};
-}
-
-static gpgme_conf_arg_t variant_to_argument(const Option::Variant &value)
-{
-    VariantToArgumentVisitor v;
-    return apply_visitor(v, value);
-}
-
-optional<Option::Variant> Option::defaultValue() const
-{
-    if (isNull()) {
-        return optional<Variant>();
-    } else {
-        return argument_to_variant(opt->alt_type, opt->flags & GPGME_CONF_LIST, opt->default_value);
-    }
-}
-#endif
-
 Argument Option::defaultValue() const
 {
    if (isNull()) {
--- a/lang/cpp/src/configuration.h
+++ b/lang/cpp/src/configuration.h
@ -190,7 +190,7 @@ public:

    /*! The value that is in the config file (or null, if it's not set). */
    Argument activeValue() const;
-    /*! The value that is in this object, ie. either activeValue(), newValue(), or defaultValue() */
+    /*! The value that is in this object, i.e. either activeValue(), newValue(), or defaultValue() */
    Argument currentValue() const;

    Argument newValue() const;
--- a/lang/cpp/src/context.cpp
+++ b/lang/cpp/src/context.cpp
@ -130,6 +130,13 @@ const char *Error::asString() const
    return mMessage.c_str();
 }

+std::string Error::asStdString() const
+{
+    std::string message;
+    format_error(static_cast<gpgme_error_t>(mErr), message);
+    return message;
+}
+
 int Error::code() const
 {
    return gpgme_err_code(mErr);
@ -142,16 +149,12 @@ int Error::sourceID() const

 bool Error::isCanceled() const
 {
-    return code() == GPG_ERR_CANCELED;
+    return code() == GPG_ERR_CANCELED || code() == GPG_ERR_FULLY_CANCELED;
 }

 int Error::toErrno() const
 {
-//#ifdef HAVE_GPGME_GPG_ERROR_WRAPPERS
    return gpgme_err_code_to_errno(static_cast<gpgme_err_code_t>(code()));
-//#else
-//    return gpg_err_code_to_errno( static_cast<gpg_err_code_t>( code() ) );
-//#endif
 }

 // static
@ -192,7 +195,7 @@ Error Error::fromCode(unsigned int err, unsigned int src)

 std::ostream &operator<<(std::ostream &os, const Error &err)
 {
-    return os << "GpgME::Error(" << err.encodedError() << " (" << err.asString() << "))";
+    return os << "GpgME::Error(" << err.encodedError() << " (" << err.asStdString() << "))";
 }

 Context::KeyListModeSaver::KeyListModeSaver(Context *ctx)
@ -1070,7 +1073,7 @@ DecryptionResult Context::decrypt(const Data &cipherText, Data &plainText, const
    const Data::Private *const cdp = cipherText.impl();
    Data::Private *const pdp = plainText.impl();
    d->lasterr = gpgme_op_decrypt_ext(d->ctx, static_cast<gpgme_decrypt_flags_t> (d->decryptFlags | flags), cdp ? cdp->data : nullptr, pdp ? pdp->data : nullptr);
-    return DecryptionResult(d->ctx, Error(d->lasterr));
+    return decryptionResult();
 }

 DecryptionResult Context::decrypt(const Data &cipherText, Data &plainText)
@ -1107,7 +1110,7 @@ VerificationResult Context::verifyDetachedSignature(const Data &signature, const
    const Data::Private *const sdp = signature.impl();
    const Data::Private *const tdp = signedText.impl();
    d->lasterr = gpgme_op_verify(d->ctx, sdp ? sdp->data : nullptr, tdp ? tdp->data : nullptr, nullptr);
-    return VerificationResult(d->ctx, Error(d->lasterr));
+    return verificationResult();
 }

 VerificationResult Context::verifyOpaqueSignature(const Data &signedData, Data &plainText)
@ -1116,7 +1119,7 @@ VerificationResult Context::verifyOpaqueSignature(const Data &signedData, Data &
    const Data::Private *const sdp = signedData.impl();
    Data::Private *const pdp = plainText.impl();
    d->lasterr = gpgme_op_verify(d->ctx, sdp ? sdp->data : nullptr, nullptr, pdp ? pdp->data : nullptr);
-    return VerificationResult(d->ctx, Error(d->lasterr));
+    return verificationResult();
 }

 Error Context::startDetachedSignatureVerification(const Data &signature, const Data &signedText)
@ -1138,9 +1141,18 @@ Error Context::startOpaqueSignatureVerification(const Data &signedData, Data &pl
 VerificationResult Context::verificationResult() const
 {
    if (d->lastop & Private::Verify) {
-        return VerificationResult(d->ctx, Error(d->lasterr));
+        const auto res = VerificationResult{d->ctx, Error(d->lasterr)};
+        if ((d->lastop == Private::DecryptAndVerify)
+            && (res.error().code() == GPG_ERR_NO_DATA)
+            && (res.numSignatures() > 0)) {
+            // ignore "no data" error for verification if there are signatures and
+            // the operation was a combined (tentative) decryption and verification
+            // because then "no data" just indicates that there was nothing to decrypt
+            return VerificationResult{d->ctx, Error{}};
+        }
+        return res;
    } else {
-        return VerificationResult();
+        return {};
    }
 }

@ -1151,8 +1163,7 @@ std::pair<DecryptionResult, VerificationResult> Context::decryptAndVerify(const
    Data::Private *const pdp = plainText.impl();
    d->lasterr = gpgme_op_decrypt_ext(d->ctx, static_cast<gpgme_decrypt_flags_t> (d->decryptFlags | flags | DecryptVerify),
                                      cdp ? cdp->data : nullptr, pdp ? pdp->data : nullptr);
-    return std::make_pair(DecryptionResult(d->ctx, Error(d->lasterr)),
-                          VerificationResult(d->ctx, Error(d->lasterr)));
+    return std::make_pair(decryptionResult(), verificationResult());
 }

 std::pair<DecryptionResult, VerificationResult> Context::decryptAndVerify(const Data &cipherText, Data &plainText)
@ -1293,6 +1304,9 @@ static gpgme_sig_mode_t sigflags2sigflags(SignatureMode flags)
    if (flags & SignatureMode::SignArchive) {
        result |= GPGME_SIG_MODE_ARCHIVE;
    }
+    if (flags & SignatureMode::SignFile) {
+        result |= GPGME_SIG_MODE_FILE;
+    }
    return static_cast<gpgme_sig_mode_t>(result);
 }

@ -1343,9 +1357,21 @@ static gpgme_encrypt_flags_t encryptflags2encryptflags(Context::EncryptionFlags
    if (flags & Context::Symmetric) {
        result |= GPGME_ENCRYPT_SYMMETRIC;
    }
+    if (flags & Context::ThrowKeyIds) {
+        result |= GPGME_ENCRYPT_THROW_KEYIDS;
+    }
+    if (flags & Context::EncryptWrap) {
+        result |= GPGME_ENCRYPT_WRAP;
+    }
+    if (flags & Context::WantAddress) {
+        result |= GPGME_ENCRYPT_WANT_ADDRESS;
+    }
    if (flags & Context::EncryptArchive) {
        result |= GPGME_ENCRYPT_ARCHIVE;
    }
+    if (flags & Context::EncryptFile) {
+        result |= GPGME_ENCRYPT_FILE;
+    }
    return static_cast<gpgme_encrypt_flags_t>(result);
 }

@ -1776,6 +1802,16 @@ Error Context::startRevokeSignature(const Key &key, const Key &signingKey,
                 key.impl(), signingKey.impl(), uids.c_str(), flags));
 }

+Error Context::addAdsk(const Key &k, const char *adsk)
+{
+    return Error(d->lasterr = gpgme_op_createsubkey(d->ctx, k.impl(), adsk, 0, 0, GPGME_CREATE_ADSK));
+}
+
+Error Context::startAddAdsk(const Key &k, const char *adsk)
+{
+    return Error(d->lasterr = gpgme_op_createsubkey_start(d->ctx, k.impl(), adsk, 0, 0, GPGME_CREATE_ADSK));
+}
+
 Error Context::setFlag(const char *name, const char *value)
 {
  return Error(d->lasterr = gpgme_set_ctx_flag(d->ctx, name, value));
@ -1897,11 +1933,20 @@ std::ostream &operator<<(std::ostream &os, KeyListMode mode)
 std::ostream &operator<<(std::ostream &os, SignatureMode mode)
 {
    os << "GpgME::SignatureMode(";
-#define CHECK( x ) if ( !(mode & (x)) ) {} else do { os << #x " "; } while (0)
+#undef CHECK
+    switch (mode & (NormalSignatureMode|Detached|Clearsigned)) {
+#define CHECK( x ) case x: os << #x; break
        CHECK(NormalSignatureMode);
        CHECK(Detached);
        CHECK(Clearsigned);
+#undef CHECK
+    default:
+        os << "???" "(" << static_cast<int>(mode) << ')';
+        break;
+    }
+#define CHECK( x ) if ( !(mode & (x)) ) {} else do { os << #x " "; } while (0)
        CHECK(SignArchive);
+        CHECK(SignFile);
 #undef CHECK
    return os << ')';
 }
@ -1916,7 +1961,11 @@ std::ostream &operator<<(std::ostream &os, Context::EncryptionFlags flags)
    CHECK(ExpectSign);
    CHECK(NoCompress);
    CHECK(Symmetric);
+    CHECK(ThrowKeyIds);
+    CHECK(EncryptWrap);
+    CHECK(WantAddress);
    CHECK(EncryptArchive);
+    CHECK(EncryptFile);
 #undef CHECK
    return os << ')';
 }
--- a/lang/cpp/src/context.h
+++ b/lang/cpp/src/context.h
@ -324,6 +324,9 @@ public:
    Error startRevokeSignature(const Key &key, const Key &signingKey,
                               const std::vector<UserID> &userIds = std::vector<UserID>());

+    Error addAdsk(const Key &k, const char *adsk);
+    Error startAddAdsk(const Key &k, const char *adsk);
+
    // using TofuInfo::Policy
    Error setTofuPolicy(const Key &k, unsigned int policy);
    Error setTofuPolicyStart(const Key &k, unsigned int policy);
@ -370,6 +373,7 @@ public:
        // Keep in line with core's flags
        DecryptNone = 0,
        DecryptVerify = 1,
+        DecryptArchive = 2,
        DecryptUnwrap = 128,
        DecryptMaxValue = 0x80000000
    };
@ -448,7 +452,9 @@ public:
        Symmetric = 32,
        ThrowKeyIds = 64,
        EncryptWrap = 128,
+        WantAddress = 256,
        EncryptArchive = 512,
+        EncryptFile = 1024
    };
    EncryptionResult encrypt(const std::vector<Key> &recipients, const Data &plainText, Data &cipherText, EncryptionFlags flags);
    GpgME::Error encryptSymmetrically(const Data &plainText, Data &cipherText);
--- a/lang/cpp/src/context_glib.cpp
+++ b/lang/cpp/src/context_glib.cpp
@ -1,41 +0,0 @@
-/*
-  context_glib.cpp - wraps a gpgme key context, gpgme-glib-specific functions
-  Copyright (C) 2007 Klarälvdalens Datakonsult AB
-  2016 Bundesamt für Sicherheit in der Informationstechnik
-  Software engineering by Intevation GmbH
-
-  This file is part of GPGME++.
-
-  GPGME++ is free software; you can redistribute it and/or
-  modify it under the terms of the GNU Library General Public
-  License as published by the Free Software Foundation; either
-  version 2 of the License, or (at your option) any later version.
-
-  GPGME++ is distributed in the hope that it will be useful,
-  but WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-  GNU Library General Public License for more details.
-
-  You should have received a copy of the GNU Library General Public License
-  along with GPGME++; see the file COPYING.LIB.  If not, write to the
-  Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
-  Boston, MA 02110-1301, USA.
-*/
-
-#ifdef HAVE_CONFIG_H
- #include "config.h"
-#endif
-
-#include <global.h>
-
-extern "C" GIOChannel *gpgme_get_fdptr(int);
-
-GIOChannel *GpgME::getGIOChannel(int fd)
-{
-    return gpgme_get_fdptr(fd);
-}
-
-QIODevice *GpgME::getQIODevice(int fd)
-{
-    return 0;
-}
--- a/lang/cpp/src/context_qt.cpp
+++ b/lang/cpp/src/context_qt.cpp
@ -1,41 +0,0 @@
-/*
-  context_qt.cpp - wraps a gpgme key context, gpgme-qt-specific functions
-  Copyright (C) 2007 Klarälvdalens Datakonsult AB
-  2016 Bundesamt für Sicherheit in der Informationstechnik
-  Software engineering by Intevation GmbH
-
-  This file is part of GPGME++.
-
-  GPGME++ is free software; you can redistribute it and/or
-  modify it under the terms of the GNU Library General Public
-  License as published by the Free Software Foundation; either
-  version 2 of the License, or (at your option) any later version.
-
-  GPGME++ is distributed in the hope that it will be useful,
-  but WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-  GNU Library General Public License for more details.
-
-  You should have received a copy of the GNU Library General Public License
-  along with GPGME++; see the file COPYING.LIB.  If not, write to the
-  Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
-  Boston, MA 02110-1301, USA.
-*/
-
-#ifdef HAVE_CONFIG_H
- #include "config.h"
-#endif
-
-#include <global.h>
-
-extern "C" QIODevice *gpgme_get_fdptr(int);
-
-GIOChannel *GpgME::getGIOChannel(int)
-{
-    return 0;
-}
-
-QIODevice *GpgME::getQIODevice(int fd)
-{
-    return gpgme_get_fdptr(fd);
-}
--- a/lang/cpp/src/data.cpp
+++ b/lang/cpp/src/data.cpp
@ -280,3 +280,14 @@ std::string GpgME::Data::toString()
  seek (0, SEEK_SET);
  return ret;
 }
+
+GpgME::Error GpgME::Data::setFlag(const char *name, const char *value)
+{
+    return Error(gpgme_data_set_flag(d->data, name, value));
+}
+
+GpgME::Error GpgME::Data::setSizeHint(uint64_t size)
+{
+    const std::string val = std::to_string(size);
+    return Error(gpgme_data_set_flag(d->data, "size-hint", val.c_str()));
+}
--- a/lang/cpp/src/data.h
+++ b/lang/cpp/src/data.h
@ -27,6 +27,7 @@
 #include "key.h"

 #include <sys/types.h> // for size_t, off_t
+#include <cstdint> // unit64_t
 #include <cstdio> // FILE
 #include <algorithm>
 #include <memory>
@ -122,6 +123,12 @@ public:
    /** Return a copy of the data as std::string. Sets seek pos to 0 */
    std::string toString();

+    /** See gpgme_data_set_flag */
+    Error setFlag(const char *name, const char *value);
+
+    /** Set a size hint for this data e.g. for progress calculations. */
+    Error setSizeHint(uint64_t size);
+
    class Private;
    Private *impl()
    {
--- a/lang/cpp/src/decryptionresult.cpp
+++ b/lang/cpp/src/decryptionresult.cpp
@ -122,6 +122,11 @@ bool GpgME::DecryptionResult::isDeVs() const
    return d && d->res.is_de_vs;
 }

+bool GpgME::DecryptionResult::isMime() const
+{
+    return d && d->res.is_mime;
+}
+
 const char *GpgME::DecryptionResult::fileName() const
 {
    return d ? d->res.file_name : nullptr ;
--- a/lang/cpp/src/decryptionresult.h
+++ b/lang/cpp/src/decryptionresult.h
@ -75,6 +75,7 @@ public:
    }
    bool isWrongKeyUsage() const;
    bool isDeVs() const;
+    bool isMime() const;

    const char *fileName() const;

--- a/lang/cpp/src/defaultassuantransaction.cpp
+++ b/lang/cpp/src/defaultassuantransaction.cpp
@ -30,8 +30,6 @@
 #include "error.h"
 #include "data.h"

-#include <sstream>
-
 using namespace GpgME;

 DefaultAssuanTransaction::DefaultAssuanTransaction()
--- a/lang/cpp/src/defaultassuantransaction.h
+++ b/lang/cpp/src/defaultassuantransaction.h
@ -25,7 +25,7 @@
 #ifndef __GPGMEPP_DEFAULTASSUANTRANSACTION_H__
 #define __GPGMEPP_DEFAULTASSUANTRANSACTION_H__

-#include <interfaces/assuantransaction.h>
+#include "interfaces/assuantransaction.h"

 #include <string>
 #include <vector>
--- a/lang/cpp/src/editinteractor.cpp
+++ b/lang/cpp/src/editinteractor.cpp
@ -52,6 +52,7 @@ using namespace GpgME;

 static const char *status_to_string(unsigned int status);
 static Error status_to_error(unsigned int status);
+static Error parse_sc_op_failure(const char *args);

 class EditInteractor::Private
 {
@ -102,6 +103,9 @@ public:
            } else if (status == GPGME_STATUS_ERROR) {
                err = ei->q->parseStatusError(args);
                ei->state = EditInteractor::ErrorState;
+            } else if (status == GPGME_STATUS_SC_OP_FAILURE) {
+                err = parse_sc_op_failure(args);
+                ei->state = EditInteractor::ErrorState;
            } else {
                ei->state = ei->q->nextState(status, args, err);
            }
@ -134,7 +138,7 @@ public:
                        if (writeAll(fd, result, len) != len) {
                            err = Error::fromSystemError();
                            if (ei->debug) {
-                                std::fprintf(ei->debug, "EditInteractor: Could not write to fd %d (%s)\n", fd, err.asString());
+                                std::fprintf(ei->debug, "EditInteractor: Could not write to fd %d (%s)\n", fd, err.asStdString().c_str());
                            }
                            goto error;
                        }
@ -143,7 +147,7 @@ public:
                    if (writeAll(fd, "\n", 1) != 1) {
                        err = Error::fromSystemError();
                        if (ei->debug) {
-                            std::fprintf(ei->debug, "EditInteractor: Could not write to fd %d (%s)\n", fd, err.asString());
+                            std::fprintf(ei->debug, "EditInteractor: Could not write to fd %d (%s)\n", fd, err.asStdString().c_str());
                        }
                        goto error;
                    }
@ -280,6 +284,38 @@ GpgME::Error EditInteractor::parseStatusError(const char *args)
    return err;
 }

+static Error sc_op_failure_to_error(unsigned int status)
+{
+    switch (status) {
+    case 1:
+        // GPG_ERR_CANCELED or GPG_ERR_FULLY_CANCELED
+        return Error::fromCode(GPG_ERR_CANCELED);
+    case 2:
+        // GPG_ERR_BAD_PIN or GPG_ERR_BAD_RESET_CODE [sic]
+        return Error::fromCode(GPG_ERR_BAD_PIN);
+    case 3:
+        return Error::fromCode(GPG_ERR_PIN_BLOCKED);
+    case 4:
+        return Error::fromCode(GPG_ERR_NO_RESET_CODE);
+    }
+    return Error::fromCode(GPG_ERR_CARD);
+}
+
+// static
+Error parse_sc_op_failure(const char *args)
+{
+    Error err;
+
+    const auto fields = split(args, ' ');
+    if (fields.size() >= 1) {
+        err = sc_op_failure_to_error(static_cast<unsigned int>(std::stoul(fields[0])));
+    } else {
+        err = Error::fromCode(GPG_ERR_CARD);
+    }
+
+    return err;
+}
+
 static const char *const status_strings[] = {
    "EOF",
    /* mkstatus processing starts here */
--- a/lang/cpp/src/engineinfo.h
+++ b/lang/cpp/src/engineinfo.h
@ -69,6 +69,76 @@ public:
            }
        }

+        bool operator < (const Version& other) const
+        {
+            if (major > other.major ||
+                (major == other.major && minor > other.minor) ||
+                (major == other.major && minor == other.minor && patch > other.patch) ||
+                (major >= other.major && minor >= other.minor && patch >= other.patch)) {
+                return false;
+            }
+            return true;
+        }
+
+        bool operator < (const char* other) const
+        {
+            return operator<(Version(other));
+        }
+
+        bool operator <= (const Version &other) const
+        {
+            return !operator>(other);
+        }
+
+        bool operator <= (const char *other) const
+        {
+            return operator<=(Version(other));
+        }
+
+        bool operator > (const char* other) const
+        {
+            return operator>(Version(other));
+        }
+
+        bool operator > (const Version & other) const
+        {
+            return !operator<(other) && !operator==(other);
+        }
+
+        bool operator >= (const Version &other) const
+        {
+            return !operator<(other);
+        }
+
+        bool operator >= (const char *other) const
+        {
+            return operator>=(Version(other));
+        }
+
+        bool operator == (const Version& other) const
+        {
+            return major == other.major
+                && minor == other.minor
+                && patch == other.patch;
+        }
+
+        bool operator == (const char* other) const
+        {
+            return operator==(Version(other));
+        }
+
+        bool operator != (const Version &other) const
+        {
+            return !operator==(other);
+        }
+
+        bool operator != (const char *other) const
+        {
+            return operator!=(Version(other));
+        }
+
+        // the non-const overloads of the comparison operators are kept for
+        // binary compatibility
        bool operator < (const Version& other)
        {
            if (major > other.major ||
--- a/lang/cpp/src/error.h
+++ b/lang/cpp/src/error.h
@ -47,7 +47,11 @@ public:
    explicit Error(unsigned int e) : mErr(e), mMessage() {}

    const char *source() const;
-    const char *asString() const;
+    /* This function is deprecated. Use asStdString() instead. asString() may
+     * return wrongly encoded (i.e. not UTF-8) results on Windows for the main
+     * thread if the function was first called from a secondary thread. */
+    GPGMEPP_DEPRECATED const char *asString() const;
+    std::string asStdString() const;

    int code() const;
    int sourceID() const;
--- a/lang/cpp/src/global.h
+++ b/lang/cpp/src/global.h
@ -79,6 +79,7 @@ enum SignatureMode {
    Detached = 1,
    Clearsigned = 2,
    SignArchive = 4,
+    SignFile = 8,
 };

 enum class RevocationReason {
--- a/lang/cpp/src/gpgadduserideditinteractor.h
+++ b/lang/cpp/src/gpgadduserideditinteractor.h
@ -25,7 +25,7 @@
 #ifndef __GPGMEPP_GPGADDUSERIDEDITINTERACTOR_H__
 #define __GPGMEPP_GPGADDUSERIDEDITINTERACTOR_H__

-#include <editinteractor.h>
+#include "editinteractor.h"

 #include <string>

--- a/lang/cpp/src/gpgagentgetinfoassuantransaction.cpp
+++ b/lang/cpp/src/gpgagentgetinfoassuantransaction.cpp
@ -33,8 +33,6 @@

 #include <assert.h>

-#include <sstream>
-
 using namespace GpgME;

 GpgAgentGetInfoAssuanTransaction::GpgAgentGetInfoAssuanTransaction(InfoItem item)
--- a/lang/cpp/src/gpgagentgetinfoassuantransaction.h
+++ b/lang/cpp/src/gpgagentgetinfoassuantransaction.h
@ -25,7 +25,7 @@
 #ifndef __GPGMEPP_GPGAGENTGETINFOASSUANTRANSACTION_H__
 #define __GPGMEPP_GPGAGENTGETINFOASSUANTRANSACTION_H__

-#include <interfaces/assuantransaction.h>
+#include "interfaces/assuantransaction.h"

 #include <string>
 #include <vector>
--- a/lang/cpp/src/gpggencardkeyinteractor.h
+++ b/lang/cpp/src/gpggencardkeyinteractor.h
@ -24,7 +24,7 @@
 #ifndef __GPGMEPP_GPGGENCARDKEYEDITINTERACTOR_H__
 #define __GPGMEPP_GPGGENCARDKEYEDITINTERACTOR_H__

-#include <editinteractor.h>
+#include "editinteractor.h"

 #include <string>
 #include <memory>
--- a/lang/cpp/src/gpgmefw.h
+++ b/lang/cpp/src/gpgmefw.h
@ -75,4 +75,7 @@ typedef struct _gpgme_tofu_info *gpgme_tofu_info_t;
 struct _gpgme_op_query_swdb_result;
 typedef struct _gpgme_op_query_swdb_result *gpgme_query_swdb_result_t;

+struct _gpgme_revocation_key;
+typedef struct _gpgme_revocation_key *gpgme_revocation_key_t;
+
 #endif // __GPGMEPP_GPGMEFW_H__
--- a/lang/cpp/src/gpgrevokekeyeditinteractor.cpp
+++ b/lang/cpp/src/gpgrevokekeyeditinteractor.cpp
@ -31,7 +31,6 @@

 #include <gpgme.h>

-#include <sstream>
 #include <vector>

 // avoid conflict (msvc)
--- a/lang/cpp/src/gpgsetexpirytimeeditinteractor.h
+++ b/lang/cpp/src/gpgsetexpirytimeeditinteractor.h
@ -25,7 +25,7 @@
 #ifndef __GPGMEPP_GPGSETEXPIRYTIMEEDITINTERACTOR_H__
 #define __GPGMEPP_GPGSETEXPIRYTIMEEDITINTERACTOR_H__

-#include <editinteractor.h>
+#include "editinteractor.h"

 #include <string>

--- a/lang/cpp/src/gpgsetownertrusteditinteractor.h
+++ b/lang/cpp/src/gpgsetownertrusteditinteractor.h
@ -25,8 +25,8 @@
 #ifndef __GPGMEPP_GPGSETOWNERTRUSTEDITINTERACTOR_H__
 #define __GPGMEPP_GPGSETOWNERTRUSTEDITINTERACTOR_H__

-#include <editinteractor.h>
-#include <key.h>
+#include "editinteractor.h"
+#include "key.h"

 #include <string>

--- a/lang/cpp/src/gpgsignkeyeditinteractor.h
+++ b/lang/cpp/src/gpgsignkeyeditinteractor.h
@ -25,7 +25,7 @@
 #ifndef __GPGMEPP_GPGSIGNKEYEDITINTERACTOR_H__
 #define __GPGMEPP_GPGSIGNKEYEDITINTERACTOR_H__

-#include <editinteractor.h>
+#include "editinteractor.h"

 #include <string>
 #include <vector>
--- a/lang/cpp/src/interfaces/assuantransaction.h
+++ b/lang/cpp/src/interfaces/assuantransaction.h
@ -26,7 +26,7 @@
 #ifndef __GPGMEPP_INTERFACES_ASSUANTRANSACTION_H__
 #define __GPGMEPP_INTERFACES_ASSUANTRANSACTION_H__

-#include "gpgmepp_export.h"
+#include "../gpgmepp_export.h"

 #include <stddef.h>

--- a/lang/cpp/src/interfaces/dataprovider.h
+++ b/lang/cpp/src/interfaces/dataprovider.h
@ -27,7 +27,7 @@

 #include <sys/types.h>

-#include "gpgmepp_export.h"
+#include "../gpgmepp_export.h"

 #include <gpg-error.h>

--- a/lang/cpp/src/interfaces/statusconsumer.h
+++ b/lang/cpp/src/interfaces/statusconsumer.h
@ -24,7 +24,7 @@
 #ifndef __GPGMEPP_INTERFACES_STATUSCONSUMER_H__
 #define __GPGMEPP_INTERFACES_STATUSCONSUMER_H__

-#include "gpgmepp_export.h"
+#include "../gpgmepp_export.h"

 namespace GpgME
 {
--- a/lang/cpp/src/key.cpp
+++ b/lang/cpp/src/key.cpp
@ -122,6 +122,37 @@ std::vector<Subkey> Key::subkeys() const
    return v;
 }

+RevocationKey Key::revocationKey(unsigned int index) const
+{
+    return RevocationKey(key, index);
+}
+
+unsigned int Key::numRevocationKeys() const
+{
+    if (!key) {
+        return 0;
+    }
+    unsigned int count = 0;
+    for (auto revkey = key->revocation_keys; revkey; revkey = revkey->next) {
+        ++count;
+    }
+    return count;
+}
+
+std::vector<RevocationKey> Key::revocationKeys() const
+{
+    if (!key) {
+        return std::vector<RevocationKey>();
+    }
+
+    std::vector<RevocationKey> v;
+    v.reserve(numRevocationKeys());
+    for (auto revkey = key->revocation_keys; revkey; revkey = revkey->next) {
+        v.push_back(RevocationKey(key, revkey));
+    }
+    return v;
+}
+
 Key::OwnerTrust Key::ownerTrust() const
 {
    if (!key) {
@ -208,17 +239,12 @@ bool Key::canEncrypt() const

 bool Key::canSign() const
 {
-#ifndef GPGME_CAN_SIGN_ON_SECRET_OPENPGP_KEYLISTING_NOT_BROKEN
-    if (key && key->protocol == GPGME_PROTOCOL_OpenPGP) {
-        return true;
-    }
-#endif
-    return canReallySign();
+    return key && key->can_sign;
 }

 bool Key::canReallySign() const
 {
-    return key && key->can_sign;
+    return canSign();
 }

 bool Key::canCertify() const
@ -252,6 +278,26 @@ bool Key::isDeVs() const
    return true;
 }

+bool Key::hasCertify() const
+{
+    return key && key->has_certify;
+}
+
+bool Key::hasSign() const
+{
+    return key && key->has_sign;
+}
+
+bool Key::hasEncrypt() const
+{
+    return key && key->has_encrypt;
+}
+
+bool Key::hasAuthenticate() const
+{
+    return key && key->has_authenticate;
+}
+
 const char *Key::issuerSerial() const
 {
    return key ? key->issuer_serial : nullptr ;
@ -515,6 +561,21 @@ bool Subkey::canAuthenticate() const
    return subkey && subkey->can_authenticate;
 }

+bool Subkey::canRenc() const
+{
+    return subkey && subkey->can_renc;
+}
+
+bool Subkey::canTimestamp() const
+{
+    return subkey && subkey->can_timestamp;
+}
+
+bool Subkey::isGroupOwned() const
+{
+    return subkey && subkey->is_group_owned;
+}
+
 bool Subkey::isQualified() const
 {
    return subkey && subkey->is_qualified;
@ -1226,6 +1287,68 @@ bool UserID::Signature::isBad() const
    return isNull() || isExpired() || isInvalid();
 }

+//
+//
+// class RevocationKey
+//
+//
+
+static gpgme_revocation_key_t find_revkey(const shared_gpgme_key_t &key, unsigned int idx)
+{
+    if (key) {
+        for (gpgme_revocation_key_t s = key->revocation_keys; s; s = s->next, --idx) {
+            if (idx == 0) {
+                return s;
+            }
+        }
+    }
+    return nullptr;
+}
+
+static gpgme_revocation_key_t verify_revkey(const shared_gpgme_key_t &key, gpgme_revocation_key_t revkey)
+{
+    if (key) {
+        for (gpgme_revocation_key_t s = key->revocation_keys; s; s = s->next) {
+            if (s == revkey) {
+                return revkey;
+            }
+        }
+    }
+    return nullptr;
+}
+
+RevocationKey::RevocationKey() : key(), revkey(nullptr) {}
+
+RevocationKey::RevocationKey(const shared_gpgme_key_t &k, unsigned int idx)
+    : key(k), revkey(find_revkey(k, idx))
+{
+}
+
+RevocationKey::RevocationKey(const shared_gpgme_key_t &k, gpgme_revocation_key_t sk)
+    : key(k), revkey(verify_revkey(k, sk))
+{
+}
+
+Key RevocationKey::parent() const
+{
+    return Key(key);
+}
+
+const char *RevocationKey::fingerprint() const
+{
+    return revkey ? revkey->fpr : nullptr;
+}
+
+bool RevocationKey::isSensitive() const
+{
+    return revkey ? revkey->sensitive : false;
+}
+
+int RevocationKey::algorithm() const
+{
+    return revkey ? revkey->pubkey_algo : 0;
+}
+
 std::ostream &operator<<(std::ostream &os, const UserID &uid)
 {
    os << "GpgME::UserID(";
@ -1261,7 +1384,10 @@ std::ostream &operator<<(std::ostream &os, const Subkey &subkey)
           << "\n canEncrypt:    " << subkey.canEncrypt()
           << "\n canCertify:    " << subkey.canCertify()
           << "\n canAuth:       " << subkey.canAuthenticate()
+           << "\n canRenc:       " << subkey.canRenc()
+           << "\n canTimestanp:  " << subkey.canTimestamp()
           << "\n isSecret:      " << subkey.isSecret()
+           << "\n isGroupOwned:  " << subkey.isGroupOwned()
           << "\n isQualified:   " << subkey.isQualified()
           << "\n isDeVs:        " << subkey.isDeVs()
           << "\n isCardKey:     " << subkey.isCardKey()
@ -1279,7 +1405,7 @@ std::ostream &operator<<(std::ostream &os, const Key &key)
           << "\n issuer:     " << protect(key.issuerName())
           << "\n fingerprint:" << protect(key.primaryFingerprint())
           << "\n listmode:   " << key.keyListMode()
-           << "\n canSign:    " << key.canReallySign()
+           << "\n canSign:    " << key.canSign()
           << "\n canEncrypt: " << key.canEncrypt()
           << "\n canCertify: " << key.canCertify()
           << "\n canAuth:    " << key.canAuthenticate()
@ -1292,6 +1418,20 @@ std::ostream &operator<<(std::ostream &os, const Key &key)
        const std::vector<Subkey> subkeys = key.subkeys();
        std::copy(subkeys.begin(), subkeys.end(),
                  std::ostream_iterator<Subkey>(os, "\n"));
+        os << " revocationKeys:\n";
+        const std::vector<RevocationKey> revkeys = key.revocationKeys();
+        std::copy(revkeys.begin(), revkeys.end(),
+                  std::ostream_iterator<RevocationKey>(os, "\n"));
+    }
+    return os << ')';
+}
+
+std::ostream &operator<<(std::ostream &os, const RevocationKey &revkey)
+{
+    os << "GpgME::RevocationKey(";
+    if (!revkey.isNull()) {
+        os << "\n fingerprint: " << protect(revkey.fingerprint())
+           << "\n isSensitive: " << revkey.isSensitive();
    }
    return os << ')';
 }
--- a/lang/cpp/src/key.h
+++ b/lang/cpp/src/key.h
@ -44,6 +44,7 @@ class Context;
 class Subkey;
 class UserID;
 class TofuInfo;
+class RevocationKey;

 typedef std::shared_ptr< std::remove_pointer<gpgme_key_t>::type > shared_gpgme_key_t;

@ -100,6 +101,10 @@ public:
    std::vector<UserID> userIDs() const;
    std::vector<Subkey> subkeys() const;

+    RevocationKey revocationKey(unsigned int index) const;
+    unsigned int numRevocationKeys() const;
+    std::vector<RevocationKey> revocationKeys() const;
+
    bool isRevoked() const;
    bool isExpired() const;
    bool isDisabled() const;
@ -109,22 +114,31 @@ public:
     *                          isDisabled || isInvalid */
    bool isBad() const;

+    /** Returns true, if the key can be used for encryption (i.e. it's not bad
+     *  and has an encryption subkey) or if the primary subkey can encrypt. */
    bool canEncrypt() const;
-    /*!
-      This function contains a workaround for old gpgme's: all secret
-      OpenPGP keys canSign() == true, which canReallySign() doesn't
-      have. I don't have time to find what breaks when I remove this
-      workaround, but since Kleopatra merges secret into public keys,
-      the workaround is not necessary there (and actively harms), I've
-      added a new function instead.
-     */
+    /** Returns true, if the key can be used for signing (i.e. it's not bad
+     *  and has a signing subkey) or if the primary subkey can sign. */
    bool canSign() const;
-    bool canReallySign() const;
+    GPGMEPP_DEPRECATED bool canReallySign() const;
+    /** Returns true, if the key can be used for certification (i.e. it's not bad
+     *  and has a certification subkey) or if the primary subkey can certify. */
    bool canCertify() const;
+    /** Returns true, if the key can be used for authentication (i.e. it's not bad
+     *  and has a authentication subkey) or if the primary subkey can authenticate. */
    bool canAuthenticate() const;
    bool isQualified() const;
    bool isDeVs() const;

+    /** Returns true, if the key has a certification subkey. */
+    bool hasCertify() const;
+    /** Returns true, if the key has a signing subkey. */
+    bool hasSign() const;
+    /** Returns true, if the key has an encryption subkey. */
+    bool hasEncrypt() const;
+    /** Returns true, if the key has an authentication subkey. */
+    bool hasAuthenticate() const;
+
    bool hasSecret() const;
    GPGMEPP_DEPRECATED bool isSecret() const
    {
@ -270,6 +284,9 @@ public:
    bool canSign() const;
    bool canCertify() const;
    bool canAuthenticate() const;
+    bool canRenc() const;
+    bool canTimestamp() const;
+    bool isGroupOwned() const;
    bool isQualified() const;
    bool isDeVs() const;
    bool isCardKey() const;
@ -535,9 +552,53 @@ private:
    gpgme_key_sig_t sig;
 };

+//
+// class RevocationKey
+//
+
+class GPGMEPP_EXPORT RevocationKey
+{
+public:
+    RevocationKey();
+    RevocationKey(const shared_gpgme_key_t &key, gpgme_revocation_key_t revkey);
+    RevocationKey(const shared_gpgme_key_t &key, unsigned int idx);
+
+    // Rule of Zero
+
+    void swap(RevocationKey &other)
+    {
+        using std::swap;
+        swap(this->key, other.key);
+        swap(this->revkey, other.revkey);
+    }
+
+    bool isNull() const
+    {
+        return !key || !revkey;
+    }
+
+    Key parent() const;
+
+    const char *fingerprint() const;
+
+    bool isSensitive() const;
+
+    int algorithm() const;
+
+private:
+    shared_gpgme_key_t key;
+    gpgme_revocation_key_t revkey;
+};
+
+inline void swap(RevocationKey& v1, RevocationKey& v2)
+{
+    v1.swap(v2);
+}
+
 GPGMEPP_EXPORT std::ostream &operator<<(std::ostream &os, const UserID &uid);
 GPGMEPP_EXPORT std::ostream &operator<<(std::ostream &os, const Subkey &subkey);
 GPGMEPP_EXPORT std::ostream &operator<<(std::ostream &os, const Key &key);
+GPGMEPP_EXPORT std::ostream &operator<<(std::ostream &os, const RevocationKey &revkey);

 } // namespace GpgME

--- a/lang/cpp/src/scdgetinfoassuantransaction.cpp
+++ b/lang/cpp/src/scdgetinfoassuantransaction.cpp
@ -31,7 +31,6 @@
 #include "data.h"
 #include "util.h"

-#include <sstream>
 #include <assert.h>

 using namespace GpgME;
--- a/lang/cpp/src/scdgetinfoassuantransaction.h
+++ b/lang/cpp/src/scdgetinfoassuantransaction.h
@ -25,7 +25,7 @@
 #ifndef __GPGMEPP_SCDGETINFOASSUANTRANSACTION_H__
 #define __GPGMEPP_SCDGETINFOASSUANTRANSACTION_H__

-#include <interfaces/assuantransaction.h>
+#include "interfaces/assuantransaction.h"

 #include <string>
 #include <vector>
--- a/lang/cpp/src/signingresult.cpp
+++ b/lang/cpp/src/signingresult.cpp
@ -200,6 +200,7 @@ GpgME::SignatureMode GpgME::CreatedSignature::mode() const
    case GPGME_SIG_MODE_DETACH: return Detached;
    case GPGME_SIG_MODE_CLEAR:  return Clearsigned;
    case GPGME_SIG_MODE_ARCHIVE: return SignArchive; // cannot happen
+    case GPGME_SIG_MODE_FILE:   return SignFile; // cannot happen
    }
 }

--- a/lang/cpp/src/statusconsumerassuantransaction.h
+++ b/lang/cpp/src/statusconsumerassuantransaction.h
@ -24,7 +24,7 @@
 #ifndef __GPGMEPP_STATUSCONSUMERASSUANTRANSACTION_H__
 #define __GPGMEPP_STATUSCONSUMERASSUANTRANSACTION_H__

-#include <interfaces/assuantransaction.h>
+#include "interfaces/assuantransaction.h"

 namespace GpgME
 {
--- a/lang/cpp/src/trustitem.h
+++ b/lang/cpp/src/trustitem.h
@ -27,7 +27,7 @@
 #define __GPGMEPP_TRUSTITEM_H__

 #include "gpgmefw.h"
-#include <key.h>
+#include "key.h"
 #include "gpgmepp_export.h"

 #include <algorithm>
--- a/lang/cpp/src/verificationresult.cpp
+++ b/lang/cpp/src/verificationresult.cpp
@ -544,19 +544,27 @@ std::ostream &GpgME::operator<<(std::ostream &os, const VerificationResult &resu

 std::ostream &GpgME::operator<<(std::ostream &os, Signature::PKAStatus pkaStatus)
 {
-#define OUTPUT( x ) if ( !(pkaStatus & (GpgME::Signature:: x)) ) {} else do { os << #x " "; } while(0)
    os << "GpgME::Signature::PKAStatus(";
+    switch (pkaStatus) {
+#define OUTPUT( x ) case GpgME::Signature:: x: os << #x; break
        OUTPUT(UnknownPKAStatus);
        OUTPUT(PKAVerificationFailed);
        OUTPUT(PKAVerificationSucceeded);
 #undef OUTPUT
+    default:
+        os << "??? (" << static_cast<int>(pkaStatus) << ')';
+        break;
+    }
    return os << ')';
 }

 std::ostream &GpgME::operator<<(std::ostream &os, Signature::Summary summary)
 {
-#define OUTPUT( x ) if ( !(summary & (GpgME::Signature:: x)) ) {} else do { os << #x " "; } while(0)
    os << "GpgME::Signature::Summary(";
+    if (summary == Signature::None) {
+        os << "None";
+    } else {
+#define OUTPUT( x ) if ( !(summary & (GpgME::Signature:: x)) ) {} else do { os << #x " "; } while(0)
        OUTPUT(Valid);
        OUTPUT(Green);
        OUTPUT(Red);
@ -570,6 +578,7 @@ std::ostream &GpgME::operator<<(std::ostream &os, Signature::Summary summary)
        OUTPUT(SysError);
        OUTPUT(TofuConflict);
 #undef OUTPUT
+    }
    return os << ')';
 }

@ -603,10 +612,14 @@ std::ostream &GpgME::operator<<(std::ostream &os, const Signature &sig)
 std::ostream &GpgME::operator<<(std::ostream &os, Notation::Flags flags)
 {
    os << "GpgME::Notation::Flags(";
+    if (flags == Notation::NoFlags) {
+        os << "NoFlags";
+    } else {
 #define OUTPUT( x ) if ( !(flags & (GpgME::Notation:: x)) ) {} else do { os << #x " "; } while(0)
        OUTPUT(HumanReadable);
        OUTPUT(Critical);
 #undef OUTPUT
+    }
    return os << ')';
 }

--- a/lang/cpp/tests/run-getkey.cpp
+++ b/lang/cpp/tests/run-getkey.cpp
@ -150,7 +150,7 @@ main (int argc, char **argv)
    const GpgME::Key key = ctx->key (*argv, err, only_secret);
    std::stringstream ss;

-    ss << "Key " << key << " Err: " << err.asString() << "\n";
+    ss << "Key " << key << " Err: " << err.asStdString() << "\n";

    std::cout << ss.str();

--- a/lang/cpp/tests/run-keylist.cpp
+++ b/lang/cpp/tests/run-keylist.cpp
@ -153,14 +153,17 @@ main (int argc, char **argv)
    }
    Error err = ctx->startKeyListing (*argv, only_secret);
    if (err) {
-        std::cout << "Error: " << err.asString() << "\n";
+        std::cout << "Error: " << err.asStdString() << "\n";
        return -1;
    }
    GpgME::Key key;
    std::stringstream ss;
    do {
        key = ctx->nextKey(err);
+        if (!err)
+        {
            ss << key << "\n\n";
+        }
    } while (!err && !key.isNull());

    std::cout << ss.str();
--- a/lang/cpp/tests/run-verify.cpp
+++ b/lang/cpp/tests/run-verify.cpp
@ -38,7 +38,6 @@
 #include "verificationresult.h"

 #include <memory>
-#include <sstream>
 #include <iostream>

 using namespace GpgME;
--- a/lang/cpp/tests/run-wkdlookup.cpp
+++ b/lang/cpp/tests/run-wkdlookup.cpp
@ -31,7 +31,6 @@
 #include "key.h"

 #include <memory>
-#include <sstream>
 #include <iostream>
 #include <thread>

@ -76,49 +75,52 @@ main (int argc, char **argv)
    Error err;
    auto ctx = std::unique_ptr<Context>{Context::createForEngine(AssuanEngine, &err)};
    if (!ctx) {
-        std::cerr << "Failed to get context (Error: " << err.asString() << ")\n";
+        std::cerr << "Failed to get context (Error: " << err.asStdString() << ")\n";
        return -1;
    }

    const std::string dirmngrSocket = GpgME::dirInfo("dirmngr-socket");
    if ((err = ctx->setEngineFileName(dirmngrSocket.c_str()))) {
-        std::cerr << "Failed to set engine file name (Error: " << err.asString() << ")\n";
+        std::cerr << "Failed to set engine file name (Error: " << err.asStdString() << ")\n";
        return -1;
    }
    if ((err = ctx->setEngineHomeDirectory(""))) {
-        std::cerr << "Failed to set engine home directory (Error: " << err.asString() << ")\n";
+        std::cerr << "Failed to set engine home directory (Error: " << err.asStdString() << ")\n";
        return -1;
    }

-    // try do connect to dirmngr
+    // try to connect to dirmngr
    err = ctx->assuanTransact("GETINFO version");
    if (err && err.code() != GPG_ERR_ASS_CONNECT_FAILED) {
-        std::cerr << "Failed to start assuan transaction (Error: " << err.asString() << ")\n";
+        std::cerr << "Failed to start assuan transaction (Error: " << err.asStdString() << ")\n";
        return -1;
    }
    if (err.code() == GPG_ERR_ASS_CONNECT_FAILED) {
        std::cerr << "Starting dirmngr ...\n";
        auto spawnCtx = std::unique_ptr<Context>{Context::createForEngine(SpawnEngine, &err)};
        if (!spawnCtx) {
-            std::cerr << "Failed to get context for spawn engine (Error: " << err.asString() << ")\n";
+            std::cerr << "Failed to get context for spawn engine (Error: " << err.asStdString() << ")\n";
            return -1;
        }

-        const auto dirmngrProgram = GpgME::dirInfo("dirmngr-name");
-        const auto homedir = GpgME::dirInfo("homedir");
+        const auto gpgconfProgram = GpgME::dirInfo("gpgconf-name");
+        // replace backslashes with forward slashes in homedir to work around bug T6833
+        std::string homedir{GpgME::dirInfo("homedir")};
+        std::replace(homedir.begin(), homedir.end(), '\\', '/');
        const char *argv[] = {
-            dirmngrProgram,
+            gpgconfProgram,
            "--homedir",
-            homedir,
-            "--daemon",
+            homedir.c_str(),
+            "--launch",
+            "dirmngr",
            NULL
        };
        auto ignoreIO = Data{Data::null};
-        err = spawnCtx->spawnAsync(dirmngrProgram, argv,
+        err = spawnCtx->spawn(gpgconfProgram, argv,
                              ignoreIO, ignoreIO, ignoreIO,
                              Context::SpawnDetached);
        if (err) {
-            std::cerr << "Failed to start dirmngr (Error: " << err.asString() << ")\n";
+            std::cerr << "Failed to start dirmngr (Error: " << err.asStdString() << ")\n";
            return -1;
        }

@ -135,7 +137,7 @@ main (int argc, char **argv)
    const auto cmd = std::string{"WKD_GET "} + email;
    err = ctx->assuanTransact(cmd.c_str());
    if (err && err.code() != GPG_ERR_NO_NAME && err.code() != GPG_ERR_NO_DATA) {
-        std::cerr << "Error: WKD_GET returned " << err.asString() << "\n";
+        std::cerr << "Error: WKD_GET returned " << err.asStdString() << "\n";
        return -1;
    }

--- a/lang/python/Makefile.am
+++ b/lang/python/Makefile.am
@ -23,7 +23,13 @@ EXTRA_DIST = \
 	gpgme.i \
 	helpers.c helpers.h private.h

-SUBDIRS = . tests examples doc src
+if RUN_GPG_TESTS
+tests = tests
+else
+tests =
+endif
+
+SUBDIRS = . ${tests} examples doc src

 .PHONY: prepare
 prepare: copystamp
@ -74,7 +80,7 @@ CLEANFILES = copystamp \
 # 'make distclean' clears the write bit, breaking rm -rf.  Fix the
 # permissions.
 clean-local:
-	rm -rf -- build
+	rm -rf -- build dist gpg.egg-info
 	for PYTHON in $(PYTHONS); do \
 	  find "$$(basename "$${PYTHON}")-gpg" -type d ! -perm -200 -exec chmod u+w {} ';' ; \
 	  rm -rf -- "$$(basename "$${PYTHON}")-gpg" ; \
@ -95,8 +101,12 @@ install-exec-local:
 	done

 uninstall-local:
-	set -x; GV=$$(echo $(VERSION) | tr - _); for PYTHON in $(PYTHONS); do \
+	set -x; \
+	GV=$$(echo $(VERSION) | tr - _); \
+	normalizedGV=$$(echo $$GV | sed s/_beta/b/); \
+	for PYTHON in $(PYTHONS); do \
 	  PLATLIB="$(prefix)/$$("$${PYTHON}" -c 'import sysconfig, os; print(os.path.relpath(sysconfig.get_path("platlib", scheme="posix_prefix"), sysconfig.get_config_var("prefix")))')" ; \
 	  rm -rf -- "$(DESTDIR)$${PLATLIB}/gpg" \
-		"$(DESTDIR)$${PLATLIB}"/gpg-$$GV-py*.egg-info ; \
+		"$(DESTDIR)$${PLATLIB}"/gpg-$$GV-py*.egg-info \
+		"$(DESTDIR)$${PLATLIB}"/gpg-$$normalizedGV-py*.egg ; \
 	done
--- a/lang/python/doc/src/gpgme-python-howto.org
+++ b/lang/python/doc/src/gpgme-python-howto.org
@ -1612,6 +1612,7 @@ of the entire public keybox.

 #+BEGIN_SRC python -i
 import gpg
+import os
 import os.path
 import sys

@ -1619,6 +1620,9 @@ print("""
 This script exports one or more public keys in minimised form.
 """)

+def open_0o600(path, flags):
+    return os.open(path, flags, mode=0o600)
+
 c = gpg.Context(armor=True)

 if len(sys.argv) >= 4:
@ -1654,7 +1658,7 @@ except:
    result = c.key_export_minimal(pattern=None)

 if result is not None:
-    with open(keyfile, "wb") as f:
+    with open(keyfile, "wb", opener=open_0o600) as f:
        f.write(result)
 else:
    pass
@ -1686,6 +1690,9 @@ This script exports one or more secret keys.
 The gpg-agent and pinentry are invoked to authorise the export.
 """)

+def open_0o600(path, flags):
+    return os.open(path, flags, mode=0o600)
+
 c = gpg.Context(armor=True)

 if len(sys.argv) >= 4:
@ -1735,9 +1742,8 @@ except:
    result = c.key_export_secret(pattern=None)

 if result is not None:
-    with open(keyfile, "wb") as f:
+    with open(keyfile, "wb", opener=open_0o600)) as f:
        f.write(result)
-    os.chmod(keyfile, 0o600)
 else:
    pass
 #+END_SRC
@ -2939,7 +2945,7 @@ Save that into a file called =keycount.pyx= and then create a
 =setup.py= file which contains this:

 #+BEGIN_SRC python -i
-from distutils.core import setup
+from setuptools import setup
 from Cython.Build import cythonize

 setup(
--- a/lang/python/doc/texinfo/texinfo.tex
+++ b/lang/python/doc/texinfo/texinfo.tex
@ -498,7 +498,7 @@
 % \def\foo{\parsearg\Xfoo}
 % \def\Xfoo#1{...}
 %
-% Actually, I use \csname\string\foo\endcsname, ie. \\foo, as it is my
+% Actually, I use \csname\string\foo\endcsname, i.e. \\foo, as it is my
 % favourite TeX trick.  --kasal, 16nov03

 \def\parseargdef#1{%
--- a/lang/python/examples/howto/add-userid.py
+++ b/lang/python/examples/howto/add-userid.py
@ -21,7 +21,7 @@ from __future__ import absolute_import, division, unicode_literals
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 import gpg
--- a/lang/python/examples/howto/advanced/cython/setup.py
+++ b/lang/python/examples/howto/advanced/cython/setup.py
@ -1,4 +1,4 @@
-from distutils.core import setup
+from setuptools import setup
 from Cython.Build import cythonize

 setup(
--- a/lang/python/examples/howto/clear-sign-file.py
+++ b/lang/python/examples/howto/clear-sign-file.py
@ -21,7 +21,7 @@ from __future__ import absolute_import, division, unicode_literals
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 import gpg
--- a/lang/python/examples/howto/create-key.py
+++ b/lang/python/examples/howto/create-key.py
@ -21,7 +21,7 @@ from __future__ import absolute_import, division, unicode_literals
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 import gpg
--- a/lang/python/examples/howto/decrypt-file.py
+++ b/lang/python/examples/howto/decrypt-file.py
@ -21,7 +21,7 @@ from __future__ import absolute_import, division, unicode_literals
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 import gpg
--- a/lang/python/examples/howto/detach-sign-file.py
+++ b/lang/python/examples/howto/detach-sign-file.py
@ -21,7 +21,7 @@ from __future__ import absolute_import, division, unicode_literals
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 import gpg
--- a/lang/python/examples/howto/encrypt-file.py
+++ b/lang/python/examples/howto/encrypt-file.py
@ -24,7 +24,7 @@ import sys
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 """
--- a/lang/python/examples/howto/encrypt-sign-file.py
+++ b/lang/python/examples/howto/encrypt-sign-file.py
@ -24,7 +24,7 @@ import sys
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 """
--- a/lang/python/examples/howto/encrypt-to-group-gullible.py
+++ b/lang/python/examples/howto/encrypt-to-group-gullible.py
@ -25,7 +25,7 @@ from groups import group_lists
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 """
--- a/lang/python/examples/howto/encrypt-to-group-trustno1.py
+++ b/lang/python/examples/howto/encrypt-to-group-trustno1.py
@ -25,7 +25,7 @@ from groups import group_lists
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 """
--- a/lang/python/examples/howto/encrypt-to-group.py
+++ b/lang/python/examples/howto/encrypt-to-group.py
@ -25,7 +25,7 @@ from groups import group_lists
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 """
--- a/lang/python/examples/howto/export-key.py
+++ b/lang/python/examples/howto/export-key.py
@ -25,7 +25,7 @@ import sys
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 print("""
--- a/lang/python/examples/howto/export-minimised-key.py
+++ b/lang/python/examples/howto/export-minimised-key.py
@ -25,7 +25,7 @@ import sys
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 print("""
--- a/lang/python/examples/howto/export-secret-key.py
+++ b/lang/python/examples/howto/export-secret-key.py
@ -26,7 +26,7 @@ import sys
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 print("""
@ -35,6 +35,9 @@ This script exports one or more secret keys.
 The gpg-agent and pinentry are invoked to authorise the export.
 """)

+def open_0o600(path, flags):
+    return os.open(path, flags, mode=0o600)
+
 c = gpg.Context(armor=True)

 if len(sys.argv) >= 4:
@ -84,8 +87,7 @@ except:
    result = c.key_export_secret(pattern=None)

 if result is not None:
-    with open(keyfile, "wb") as f:
+    with open(keyfile, "wb", opener=open_0o600) as f:
        f.write(result)
-    os.chmod(keyfile, 0o600)
 else:
    pass
--- a/lang/python/examples/howto/export-secret-keys.py
+++ b/lang/python/examples/howto/export-secret-keys.py
@ -27,7 +27,7 @@ import sys
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 print("""
@ -37,6 +37,9 @@ file formats, saved in files within the user's GPG home directory.
 The gpg-agent and pinentry are invoked to authorise the export.
 """)

+def open_0o600(path, flags):
+    return os.open(path, flags, mode=0o600)
+
 if sys.platform == "win32":
    gpgconfcmd = "gpgconf.exe --list-dirs homedir"
 else:
@ -119,15 +122,13 @@ except:
    b_result = b.key_export_secret(pattern=None)

 if a_result is not None:
-    with open(ascfile, "wb") as f:
+    with open(ascfile, "wb", opener=open_0o600) as f:
        f.write(a_result)
-    os.chmod(ascfile, 0o600)
 else:
    pass

 if b_result is not None:
-    with open(gpgfile, "wb") as f:
+    with open(gpgfile, "wb", opener=open_0o600) as f:
        f.write(b_result)
-    os.chmod(gpgfile, 0o600)
 else:
    pass
--- a/lang/python/examples/howto/groups.py
+++ b/lang/python/examples/howto/groups.py
@ -20,7 +20,7 @@ from __future__ import absolute_import, division, unicode_literals
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 import subprocess
--- a/lang/python/examples/howto/import-key.py
+++ b/lang/python/examples/howto/import-key.py
@ -27,7 +27,7 @@ del absolute_import, division, unicode_literals
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 print("""
--- a/lang/python/examples/howto/import-keybasekey.py
+++ b/lang/python/examples/howto/import-keybasekey.py
@ -25,7 +25,7 @@ import sys
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 print("""
--- a/lang/python/examples/howto/import-keys-hkp.py
+++ b/lang/python/examples/howto/import-keys-hkp.py
@ -25,7 +25,7 @@ import sys
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 print("""
--- a/lang/python/examples/howto/import-keys.py
+++ b/lang/python/examples/howto/import-keys.py
@ -25,7 +25,7 @@ import requests
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 print("""
--- a/lang/python/examples/howto/import-mailvelope-keys.py
+++ b/lang/python/examples/howto/import-mailvelope-keys.py
@ -25,7 +25,7 @@ import sys
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 print("""
--- a/lang/python/examples/howto/keycount.py
+++ b/lang/python/examples/howto/keycount.py
@ -21,7 +21,7 @@ from __future__ import absolute_import, division, unicode_literals
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 import gpg
--- a/lang/python/examples/howto/local-sign-group.py
+++ b/lang/python/examples/howto/local-sign-group.py
@ -28,7 +28,7 @@ from groups import group_lists
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 print("""
--- a/lang/python/examples/howto/mutt-groups.py
+++ b/lang/python/examples/howto/mutt-groups.py
@ -21,7 +21,7 @@ from __future__ import absolute_import, division, unicode_literals
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 import sys
--- a/lang/python/examples/howto/pmkey-import-alt.py
+++ b/lang/python/examples/howto/pmkey-import-alt.py
@ -28,7 +28,7 @@ del absolute_import, division, unicode_literals
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 print("""
--- a/lang/python/examples/howto/pmkey-import-hkp-alt.py
+++ b/lang/python/examples/howto/pmkey-import-hkp-alt.py
@ -28,7 +28,7 @@ del absolute_import, division, unicode_literals
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 print("""
--- a/lang/python/examples/howto/pmkey-import-hkp.py
+++ b/lang/python/examples/howto/pmkey-import-hkp.py
@ -28,7 +28,7 @@ del absolute_import, division, unicode_literals
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 print("""
--- a/lang/python/examples/howto/pmkey-import.py
+++ b/lang/python/examples/howto/pmkey-import.py
@ -27,7 +27,7 @@ del absolute_import, division, unicode_literals
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 print("""
--- a/lang/python/examples/howto/revoke-userid.py
+++ b/lang/python/examples/howto/revoke-userid.py
@ -21,7 +21,7 @@ from __future__ import absolute_import, division, unicode_literals
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 import gpg
--- a/lang/python/examples/howto/send-key-to-keyserver.py
+++ b/lang/python/examples/howto/send-key-to-keyserver.py
@ -26,7 +26,7 @@ import sys
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 print("""
--- a/lang/python/examples/howto/sign-file.py
+++ b/lang/python/examples/howto/sign-file.py
@ -21,7 +21,7 @@ from __future__ import absolute_import, division, unicode_literals
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 import gpg
--- a/lang/python/examples/howto/sign-key.py
+++ b/lang/python/examples/howto/sign-key.py
@ -21,7 +21,7 @@ from __future__ import absolute_import, division, unicode_literals
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 import gpg
--- a/lang/python/examples/howto/symcrypt-file.py
+++ b/lang/python/examples/howto/symcrypt-file.py
@ -24,7 +24,7 @@ import sys
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 """
--- a/lang/python/examples/howto/temp-homedir-config.py
+++ b/lang/python/examples/howto/temp-homedir-config.py
@ -25,7 +25,7 @@ import sys
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 intro = """
@ -112,18 +112,18 @@ else:

 nh = "{0}/.{1}".format(userdir, new_homedir)

+def open_0o600(path, flags):
+    return os.open(path, flags, mode=0o600)
+
 if os.path.exists(nh) is True:
    print("The {0} directory already exists.".format(nh))
 else:
    print("Creating the {0} directory.".format(nh))
-    os.mkdir(nh)
-    os.chmod(nh, 0o700)
-    with open("{0}/{1}".format(nh, "gpg.conf"), "w") as f1:
+    os.mkdir(nh, 0o700)
+    with open("{0}/{1}".format(nh, "gpg.conf"), "w", opener=open_0o600) as f1:
        f1.write(gpgconf)
-    os.chmod("{0}/{1}".format(nh, "gpg.conf"), 0o600)
-    with open("{0}/{1}".format(nh, "gpg-agent.conf"), "w") as f2:
+    with open("{0}/{1}".format(nh, "gpg-agent.conf"), "w", opener=open_0o600) as f2:
        f2.write(gpgconf)
-    os.chmod("{0}/{1}".format(nh, "gpg-agent.conf"), 0o600)
    print("""You may now use the {0} directory as an alternative GPG homedir:

 gpg --homedir {0}
--- a/lang/python/examples/howto/verify-signatures.py
+++ b/lang/python/examples/howto/verify-signatures.py
@ -21,7 +21,7 @@ from __future__ import absolute_import, division, unicode_literals
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 import gpg
--- a/lang/python/examples/howto/verify-signed-file.py
+++ b/lang/python/examples/howto/verify-signed-file.py
@ -21,7 +21,7 @@ from __future__ import absolute_import, division, unicode_literals
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License and the GNU
-# Lesser General Public along with this program; if not, see
+# Lesser General Public License along with this program; if not, see
 # <https://www.gnu.org/licenses/>.

 import gpg
--- a/lang/python/gpgme.i
+++ b/lang/python/gpgme.i
@ -26,7 +26,7 @@
 %ignore HAVE_CXX11;

 %{
-/* We use public symbols (eg. "_obsolete_class") which are marked as
+/* We use public symbols (e.g. "_obsolete_class") which are marked as
 * deprecated but we need to keep them.  Silence the warning.  */
 #pragma GCC diagnostic ignored "-Wdeprecated-declarations"
 %}
--- a/lang/python/helpers.c
+++ b/lang/python/helpers.c
@ -404,7 +404,7 @@ static gpgme_error_t pyPassphraseCb(void *hook,
    err_status = _gpg_exception2code();
  } else {
    if (!retval) {
-      if (write(fd, "\n", 1) < 0) {
+      if (gpgme_io_writen (fd, "\n", 1) < 0) {
        err_status = gpgme_error_from_syserror ();
        _gpg_raise_exception (err_status);
      }
@ -439,11 +439,11 @@ static gpgme_error_t pyPassphraseCb(void *hook,
          goto leave;
        }

-      if (write(fd, buf, len) < 0) {
+      if (gpgme_io_writen (fd, buf, len) < 0) {
        err_status = gpgme_error_from_syserror ();
        _gpg_raise_exception (err_status);
      }
-      if (! err_status && write(fd, "\n", 1) < 0) {
+      if (! err_status && gpgme_io_writen (fd, "\n", 1) < 0) {
        err_status = gpgme_error_from_syserror ();
        _gpg_raise_exception (err_status);
      }
@ -761,11 +761,11 @@ _gpg_interact_cb(void *opaque, const char *keyword,
          goto leave;
        }

-      if (write(fd, buffer, size) < 0) {
+      if (gpgme_io_writen (fd, buffer, size) < 0) {
        err_status = gpgme_error_from_syserror ();
        _gpg_raise_exception (err_status);
      }
-      if (! err_status && write(fd, "\n", 1) < 0) {
+      if (! err_status && gpgme_io_writen (fd, "\n", 1) < 0) {
        err_status = gpgme_error_from_syserror ();
        _gpg_raise_exception (err_status);
      }
--- a/lang/python/helpers.h
+++ b/lang/python/helpers.h
@ -25,11 +25,6 @@
 #include <gpgme.h>
 #include "Python.h"

-#ifdef _WIN32
-#include <windows.h>
-#define write(fd, str, sz) {DWORD written; WriteFile((HANDLE) fd, str, sz, &written, 0);}
-#endif
-
 /* Flag specifying whether this is an in-tree build.  */
 extern int gpg_in_tree_build;

--- a/lang/python/setup.py.in
+++ b/lang/python/setup.py.in
@ -18,6 +18,10 @@
 #    License along with this library; if not, write to the Free Software
 #    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA

+try:
+    from setuptools import setup, Extension
+    from setuptools.command.build import build
+except ImportError:
    from distutils.core import setup, Extension
    from distutils.command.build import build

@ -225,9 +229,8 @@ class BuildExtFirstHack(build):
        build.run(self)


-py3 = [] if sys.version_info.major < 3 else ['-py3']
 swig_sources = []
-swig_opts = ['-threads'] + py3 + extra_swig_opts
+swig_opts = ['-threads'] + extra_swig_opts
 swige = Extension(
    'gpg._gpgme',
    sources=swig_sources,
@ -282,10 +285,12 @@ GPGME and these bindings is available here:
        'Programming Language :: Python :: 2',
        'Programming Language :: Python :: 2.7',
        'Programming Language :: Python :: 3',
-        'Programming Language :: Python :: 3.4',
-        'Programming Language :: Python :: 3.5',
        'Programming Language :: Python :: 3.6',
-        'Programming Language :: Python :: 3.7',
+        'Programming Language :: Python :: 3.8',
+        'Programming Language :: Python :: 3.9',
+        'Programming Language :: Python :: 3.10',
+        'Programming Language :: Python :: 3.11',
+        'Programming Language :: Python :: 3.12',
        'Operating System :: POSIX',
        'Operating System :: Microsoft :: Windows',
        'Topic :: Communications :: Email',
--- a/lang/python/src/core.py
+++ b/lang/python/src/core.py
@ -813,7 +813,7 @@ class Context(GpgmeWrapper):
        Keyword arguments:
        algorithm    -- public key algorithm, see above (default: reasonable)
        expires_in   -- expiration time in seconds (default: reasonable)
-        expires      -- whether or not the key should expire (default: True)
+        expires      -- whether the key should expire (default: True)
        sign         -- request the signing capability (see above)
        encrypt      -- request the encryption capability (see above)
        certify      -- request the certification capability (see above)
@ -901,7 +901,7 @@ class Context(GpgmeWrapper):
        Keyword arguments:
        algorithm    -- public key algorithm, see above (default: reasonable)
        expires_in   -- expiration time in seconds (default: reasonable)
-        expires      -- whether or not the subkey should expire (default: True)
+        expires      -- whether the subkey should expire (default: True)
        sign         -- request the signing capability (see above)
        encrypt      -- request the encryption capability (see above)
        authenticate -- request the authentication capability (see above)
@ -1032,7 +1032,7 @@ class Context(GpgmeWrapper):

        If command is a string or bytes, it will be used as-is.  If it
        is an iterable of strings, it will be properly escaped and
-        joined into an well-formed assuan command.
+        joined into a well-formed assuan command.

        Keyword arguments:
        data_cb		-- a callback receiving data lines
--- a/lang/python/tests/Makefile.am
+++ b/lang/python/tests/Makefile.am
@ -107,6 +107,7 @@ pubring-stamp: $(test_srcdir)/pubdemo.asc gpg-sample.stamp
               --import $(test_srcdir)/pubdemo.asc
 	-$(TESTS_ENVIRONMENT) $(GPG) --batch --no-permission-warning \
 		--import $(test_srcdir)/secdemo.asc
+	-$(TESTS_ENVIRONMENT) gpgconf --kill all
 	echo x > ./pubring-stamp

 gpg.conf:
--- a/lang/python/tests/t-quick-key-manipulation.py
+++ b/lang/python/tests/t-quick-key-manipulation.py
@ -88,7 +88,7 @@ with support.EphemeralContext() as ctx:
    except gpg.errors.GpgError:
        pass

-    # try to add an pre-existent UID
+    # try to add a pre-existent UID
    try:
        ctx.key_add_uid(key, bravo)
        assert False, "Expected an error but got none"
--- a/lang/qt/Makefile.am
+++ b/lang/qt/Makefile.am
@ -1,22 +1,22 @@
-# Makefile.am for GPGMEPP.
+# Makefile.am - Makefile for QGpgME.
 # Copyright (C) 2016 Bundesamt für Sicherheit in der Informationstechnik
 # Software engineering by Intevation GmbH
 #
-# This file is part of GPGMEPP.
+# This file is part of QGpgME, the Qt API binding for GpgME.
 #
-# GPGME-CL is free software; you can redistribute it and/or modify it
+# QGpgME is free software; you can redistribute it and/or modify it
 # under the terms of the GNU General Public License as published by
 # the Free Software Foundation; either version 2 of the License, or
 # (at your option) any later version.
 #
-# GPGME-CL is distributed in the hope that it will be useful,
+# QGpgME is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU Lesser General Public License for more details.
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
 #
-# You should have received a copy of the GNU Lesser General Public
-# License along with this program; if not, see <https://gnu.org/licenses/>.
-# SPDX-License-Identifier: LGPL-2.1-or-later
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <https://gnu.org/licenses/>.
+# SPDX-License-Identifier: GPL-2.0-or-later

 if RUN_GPG_TESTS
 tests = tests
--- a/Show More
+++ b/Show More