chore(release): prepare for 1.155.0

build: nix flake update fenix
Reapply "build: increase MSRV to 1.81.0"
2026-04-10 09:32:11 +03:00 · 2025-01-23 03:06:03 +00:00 · 2025-01-23 02:59:10 +00:00 · 2025-01-23 02:59:10 +00:00 · 2025-01-23 02:59:10 +00:00 · 2025-01-23 02:59:10 +00:00
82 changed files with 8186 additions and 6292 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -24,7 +24,7 @@ jobs:
    name: Lint Rust
    runs-on: ubuntu-latest
    env:
-      RUSTUP_TOOLCHAIN: 1.83.0
+      RUSTUP_TOOLCHAIN: 1.84.0
    steps:
      - uses: actions/checkout@v4
        with:
@@ -97,15 +97,15 @@ jobs:
      matrix:
        include:
          - os: ubuntu-latest
-            rust: 1.83.0
+            rust: 1.84.0
          - os: windows-latest
-            rust: 1.83.0
+            rust: 1.84.0
          - os: macos-latest
-            rust: 1.83.0
+            rust: 1.84.0

-          # Minimum Supported Rust Version = 1.77.0
+          # Minimum Supported Rust Version = 1.81.0
          - os: ubuntu-latest
-            rust: 1.77.0
+            rust: 1.81.0
    runs-on: ${{ matrix.os }}
    steps:
      - uses: actions/checkout@v4
@@ -152,7 +152,7 @@ jobs:
        uses: swatinem/rust-cache@v2

      - name: Build C library
-        run: cargo build -p deltachat_ffi --features jsonrpc
+        run: cargo build -p deltachat_ffi

      - name: Upload C library
        uses: actions/upload-artifact@v4
@@ -223,11 +223,11 @@ jobs:
          - os: macos-latest
            python: pypy3.10

-          # Minimum Supported Python Version = 3.7
+          # Minimum Supported Python Version = 3.8
          # This is the minimum version for which manylinux Python wheels are
          # built. Test it with minimum supported Rust version.
          - os: ubuntu-latest
-            python: 3.7
+            python: 3.8

    runs-on: ${{ matrix.os }}
    steps:
@@ -277,9 +277,9 @@ jobs:
          - os: macos-latest
            python: pypy3.10

-          # Minimum Supported Python Version = 3.7
+          # Minimum Supported Python Version = 3.8
          - os: ubuntu-latest
-            python: 3.7
+            python: 3.8

    runs-on: ${{ matrix.os }}
    steps:
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,140 @@
 # Changelog

+## [1.155.0] - 2025-01-23
+
+### API-Changes
+
+- Add JSON-RPC API to get past members.
+
+### Build system
+
+- Update Rust.
+- Increase MSRV to 1.81.0
+
+### Features / Changes
+
+- feat: Set BccSelf to true when receiving a sync message  ([#6434](https://github.com/deltachat/deltachat-core-rust/pull/6434))
+- File deduplication ([#6332](https://github.com/deltachat/deltachat-core-rust/pull/6332))
+
+### Refactor
+
+- Move tests to their own files.
+- Extract `group_changes_msgs()` function ([#6460](https://github.com/deltachat/deltachat-core-rust/pull/6460)).
+
+## [1.154.3] - 2025-01-20
+
+### Build system
+
+- Remove encoded-words from flake.nix.
+- nix: Update rust-email hash in flake.nix.
+
+### Miscellaneous Tasks
+
+- Remove unused function delete_files_in_dir() ([#6454](https://github.com/deltachat/deltachat-core-rust/pull/6454)).
+
+## [1.154.2] - 2025-01-20
+
+### Features / Changes
+
+- Add API to save messages ([#5606](https://github.com/deltachat/deltachat-core-rust/pull/5606)).
+
+### Fixes
+
+- fix: Don't accidentally remove Self from groups ([#6455](https://github.com/deltachat/deltachat-core-rust/pull/6455)).
+- Do not create tombstones for members removed from unpromoted groups.
+
+### Build system
+
+- Switch to non-git version of encoded-words.
+
+### Refactor
+
+- Make memberlist update logic easier to follow.
+
+## [1.154.1] - 2025-01-15
+
+### Tests
+
+- Expect trashing of no-op "member added" in non_member_cannot_modify_member_list.
+
+## [1.154.0] - 2025-01-15
+
+### Features / Changes
+
+- New group consistency algorithm.
+
+### Fixes
+
+- Migration: Set bcc_self=1 if it's unset and delete_server_after!=1 ([#6432](https://github.com/deltachat/deltachat-core-rust/pull/6432)).
+- Clear the config cache after every migration ([#6438](https://github.com/deltachat/deltachat-core-rust/pull/6438)).
+
+### Build system
+
+- Increase minimum supported Python version to 3.8.
+- [**breaking**] Remove jsonrpc feature flag.
+
+### CI
+
+- Update Rust to 1.84.0.
+
+### Miscellaneous Tasks
+
+- Beta Clippy suggestions ([#6422](https://github.com/deltachat/deltachat-core-rust/pull/6422)).
+
+### Refactor
+
+- Use let..else.
+- Add why_cant_send_ex() capable to only ignore specified conditions.
+- Remove unnecessary is_contact_in_chat check.
+- Eliminate remaining repeat_vars() calls ([#6359](https://github.com/deltachat/deltachat-core-rust/pull/6359)).
+
+### Tests
+
+- Use assert_eq! to compare chatlist length.
+
+## [1.153.0] - 2025-01-05
+
+### Features / Changes
+
+- Remove "jobs" from imap_markseen if folder doesn't exist ([#5870](https://github.com/deltachat/deltachat-core-rust/pull/5870)).
+- Delete `vg-request-with-auth` from IMAP after processing ([#6208](https://github.com/deltachat/deltachat-core-rust/pull/6208)).
+
+### API-Changes
+
+- Add `IncomingWebxdcNotify.chat_id` ([#6356](https://github.com/deltachat/deltachat-core-rust/pull/6356)).
+- rpc-client: Add INCOMING_REACTION to const.EventType ([#6349](https://github.com/deltachat/deltachat-core-rust/pull/6349)).
+
+### Documentation
+
+- Viewtype::Sticker may be changed to Image and how to disable that ([#6352](https://github.com/deltachat/deltachat-core-rust/pull/6352)).
+
+### Fixes
+
+- Never change Viewtype::Sticker to Image if file has non-image extension ([#6352](https://github.com/deltachat/deltachat-core-rust/pull/6352)).
+- Change BccSelf default to 0 for chatmail ([#6340](https://github.com/deltachat/deltachat-core-rust/pull/6340)).
+- Mark holiday notice messages as bot-generated.
+- Don't treat location-only and sync messages as bot ones ([#6357](https://github.com/deltachat/deltachat-core-rust/pull/6357)).
+- Update shadowsocks crate to 1.22.0 to avoid panic when parsing some QR codes.
+- Prefer to encrypt if E2eeEnabled even if peers have EncryptPreference::NoPreference.
+- Prioritize mailing list over self-sent messages.
+- Allow empty `To` field for self-sent messages.
+- Default `to_id` to self instead of 0.
+
+### Refactor
+
+- Remove unused parameter and return value from `build_body_file(…)` ([#6369](https://github.com/deltachat/deltachat-core-rust/pull/6369)).
+- Deprecate Param::ErroneousE2ee.
+- Add `emit_msgs_changed_without_msg_id`.
+- Add_parts: Remove excessive `is_mdn` checks.
+- Simplify `self_sent` condition.
+- Don't ignore get_for_contact errors.
+
+### Tests
+
+- Messages without recipients are assigned to self chat.
+- Message with empty To: field should have a valid to_id.
+- Fix `test_logged_ac_process_ffi_failure` flakiness.
+
 ## [1.152.2] - 2024-12-24

 ### Features / Changes
@@ -5541,3 +5676,9 @@ https://github.com/deltachat/deltachat-core-rust/pulls?q=is%3Apr+is%3Aclosed
 [1.152.0]: https://github.com/deltachat/deltachat-core-rust/compare/v1.151.6..v1.152.0
 [1.152.1]: https://github.com/deltachat/deltachat-core-rust/compare/v1.152.0..v1.152.1
 [1.152.2]: https://github.com/deltachat/deltachat-core-rust/compare/v1.152.1..v1.152.2
+[1.153.0]: https://github.com/deltachat/deltachat-core-rust/compare/v1.152.2..v1.153.0
+[1.154.0]: https://github.com/deltachat/deltachat-core-rust/compare/v1.153.0..v1.154.0
+[1.154.1]: https://github.com/deltachat/deltachat-core-rust/compare/v1.154.0..v1.154.1
+[1.154.2]: https://github.com/deltachat/deltachat-core-rust/compare/v1.154.1..v1.154.2
+[1.154.3]: https://github.com/deltachat/deltachat-core-rust/compare/v1.154.2..v1.154.3
+[1.155.0]: https://github.com/deltachat/deltachat-core-rust/compare/v1.154.3..v1.155.0
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -27,7 +27,7 @@ add_custom_command(
        PREFIX=${CMAKE_INSTALL_PREFIX}
        LIBDIR=${CMAKE_INSTALL_FULL_LIBDIR}
        INCLUDEDIR=${CMAKE_INSTALL_FULL_INCLUDEDIR}
-	${CARGO} build --target-dir=${CMAKE_BINARY_DIR}/target --release --features jsonrpc
+	${CARGO} build --target-dir=${CMAKE_BINARY_DIR}/target --release
 	WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/deltachat-ffi
 )

--- a/Cargo.lock
+++ b/Cargo.lock
@@ -219,7 +219,7 @@ dependencies = [
 "nom",
 "num-traits",
 "rusticata-macros",
- "thiserror",
+ "thiserror 1.0.69",
 "time 0.3.36",
 ]

@@ -315,7 +315,7 @@ dependencies = [
 "pin-utils",
 "self_cell",
 "stop-token",
- "thiserror",
+ "thiserror 1.0.69",
 "tokio",
 ]

@@ -335,7 +335,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9343dc5acf07e79ff82d0c37899f079db3534d99f189a1837c8e549c99405bec"
 dependencies = [
 "native-tls",
- "thiserror",
+ "thiserror 1.0.69",
 "tokio",
 "url",
 ]
@@ -363,7 +363,7 @@ dependencies = [
 "log",
 "nom",
 "pin-project",
- "thiserror",
+ "thiserror 1.0.69",
 "tokio",
 ]

@@ -388,7 +388,7 @@ dependencies = [
 "crc32fast",
 "futures-lite 2.5.0",
 "pin-project",
- "thiserror",
+ "thiserror 1.0.69",
 "tokio",
 "tokio-util",
 ]
@@ -571,9 +571,9 @@ dependencies = [

 [[package]]
 name = "blake3"
-version = "1.5.4"
+version = "1.5.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d82033247fd8e890df8f740e407ad4d038debb9eb1f40533fffb32e7d17dc6f7"
+checksum = "b8ee0c1824c4dea5b5f81736aff91bae041d2c07ee1192bec91054e10e3e601e"
 dependencies = [
 "arrayref",
 "arrayvec",
@@ -783,9 +783,9 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"

 [[package]]
 name = "cfg_aliases"
-version = "0.1.1"
+version = "0.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fd16c4719339c4530435d38e511904438d07cce7950afa3718a84ac36c10e89e"
+checksum = "613afe47fcd5fac7ccf1db93babcb082c5994d996f20b8b159f2ad1658eb5724"

 [[package]]
 name = "chacha20"
@@ -984,9 +984,9 @@ dependencies = [

 [[package]]
 name = "constant_time_eq"
-version = "0.3.0"
+version = "0.3.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f7144d30dcf0fafbce74250a3963025d8d52177934239851c917d29f1df280c2"
+checksum = "7c74b8349d32d297c9134b8c88677813a227df8f779daa29bfc29c183fe3dca6"

 [[package]]
 name = "convert_case"
@@ -1306,7 +1306,7 @@ dependencies = [

 [[package]]
 name = "deltachat"
-version = "1.152.2"
+version = "1.155.0"
 dependencies = [
 "anyhow",
 "async-broadcast",
@@ -1316,6 +1316,7 @@ dependencies = [
 "async-smtp",
 "async_zip",
 "base64 0.22.1",
+ "blake3",
 "brotli",
 "bytes",
 "chrono",
@@ -1381,7 +1382,7 @@ dependencies = [
 "tempfile",
 "testdir",
 "textwrap",
- "thiserror",
+ "thiserror 1.0.69",
 "tokio",
 "tokio-io-timeout",
 "tokio-rustls",
@@ -1407,7 +1408,7 @@ dependencies = [

 [[package]]
 name = "deltachat-jsonrpc"
-version = "1.152.2"
+version = "1.155.0"
 dependencies = [
 "anyhow",
 "async-channel 2.3.1",
@@ -1432,7 +1433,7 @@ dependencies = [

 [[package]]
 name = "deltachat-repl"
-version = "1.152.2"
+version = "1.155.0"
 dependencies = [
 "anyhow",
 "deltachat",
@@ -1448,7 +1449,7 @@ dependencies = [

 [[package]]
 name = "deltachat-rpc-server"
-version = "1.152.2"
+version = "1.155.0"
 dependencies = [
 "anyhow",
 "deltachat",
@@ -1477,7 +1478,7 @@ dependencies = [

 [[package]]
 name = "deltachat_ffi"
-version = "1.152.2"
+version = "1.155.0"
 dependencies = [
 "anyhow",
 "deltachat",
@@ -1488,7 +1489,7 @@ dependencies = [
 "once_cell",
 "rand 0.8.5",
 "serde_json",
- "thiserror",
+ "thiserror 1.0.69",
 "tokio",
 "yerpc",
 ]
@@ -1717,6 +1718,27 @@ version = "1.0.17"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0d6ef0072f8a535281e4876be788938b528e9a1d43900b82c2569af7da799125"

+[[package]]
+name = "dynosaur"
+version = "0.1.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "92fac44672fabad44990176319b9e94393f3a38b960b5ca2af6cd90f5ecd1497"
+dependencies = [
+ "dynosaur_derive",
+ "trait-variant",
+]
+
+[[package]]
+name = "dynosaur_derive"
+version = "0.1.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "16c187d1e575ef546d24f0fcd7701cc04abfe6b5e7e2758aabc450b99e835ac3"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.94",
+]
+
 [[package]]
 name = "eax"
 version = "0.5.0"
@@ -1811,7 +1833,7 @@ dependencies = [
 [[package]]
 name = "email"
 version = "0.0.20"
-source = "git+https://github.com/deltachat/rust-email?branch=master#5179cd68db44101ee3d3df7bfef96f014507352b"
+source = "git+https://github.com/deltachat/rust-email?branch=master#ba176ca31ae000203368eb9baacc7eb469fd7692"
 dependencies = [
 "base64 0.11.0",
 "chrono",
@@ -1831,7 +1853,8 @@ checksum = "ef1a6892d9eef45c8fa6b9e0086428a2cca8491aca8f787c534a3d6d0bcb3ced"
 [[package]]
 name = "encoded-words"
 version = "0.2.0"
-source = "git+https://github.com/async-email/encoded-words?branch=master#d55366b36f96e383f39c432aedce42ee8b43f796"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9c1693107e6084e2b9444d34a985697f56c8832d314924d5cfb1fb7793154bef"
 dependencies = [
 "base64 0.12.3",
 "charset",
@@ -1839,7 +1862,7 @@ dependencies = [
 "hex",
 "lazy_static",
 "regex",
- "thiserror",
+ "thiserror 1.0.69",
 ]

 [[package]]
@@ -2087,7 +2110,7 @@ dependencies = [
 "anyhow",
 "async-trait",
 "log",
- "thiserror",
+ "thiserror 1.0.69",
 "tokio",
 "tokio-stream",
 ]
@@ -2607,7 +2630,7 @@ dependencies = [
 "ipnet",
 "once_cell",
 "rand 0.8.5",
- "thiserror",
+ "thiserror 1.0.69",
 "time 0.3.36",
 "tinyvec",
 "tokio",
@@ -2631,7 +2654,7 @@ dependencies = [
 "rand 0.8.5",
 "resolv-conf",
 "smallvec",
- "thiserror",
+ "thiserror 1.0.69",
 "tokio",
 "tracing",
 ]
@@ -3151,7 +3174,7 @@ dependencies = [
 "rand_core 0.6.4",
 "serde",
 "ssh-key",
- "thiserror",
+ "thiserror 1.0.69",
 "ttl_cache",
 "url",
 "zeroize",
@@ -3281,7 +3304,7 @@ dependencies = [
 "strum",
 "stun-rs",
 "surge-ping",
- "thiserror",
+ "thiserror 1.0.69",
 "time 0.3.36",
 "tokio",
 "tokio-rustls",
@@ -3313,7 +3336,7 @@ dependencies = [
 "rustc-hash 2.0.0",
 "rustls",
 "socket2",
- "thiserror",
+ "thiserror 1.0.69",
 "tokio",
 "tracing",
 ]
@@ -3331,7 +3354,7 @@ dependencies = [
 "rustls",
 "rustls-platform-verifier",
 "slab",
- "thiserror",
+ "thiserror 1.0.69",
 "tinyvec",
 "tracing",
 ]
@@ -3407,7 +3430,7 @@ dependencies = [
 "combine",
 "jni-sys",
 "log",
- "thiserror",
+ "thiserror 1.0.69",
 "walkdir",
 ]

@@ -3627,7 +3650,7 @@ dependencies = [
 "serde_bencode",
 "serde_bytes",
 "sha1_smol",
- "thiserror",
+ "thiserror 1.0.69",
 "tracing",
 ]

@@ -3798,7 +3821,7 @@ dependencies = [
 "anyhow",
 "byteorder",
 "paste",
- "thiserror",
+ "thiserror 1.0.69",
 ]

 [[package]]
@@ -3812,7 +3835,7 @@ dependencies = [
 "log",
 "netlink-packet-core",
 "netlink-sys",
- "thiserror",
+ "thiserror 1.0.69",
 "tokio",
 ]

@@ -3850,7 +3873,7 @@ dependencies = [
 "rtnetlink",
 "serde",
 "socket2",
- "thiserror",
+ "thiserror 1.0.69",
 "time 0.3.36",
 "tokio",
 "tracing",
@@ -3880,9 +3903,9 @@ dependencies = [

 [[package]]
 name = "nix"
-version = "0.28.0"
+version = "0.29.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ab2156c4fce2f8df6c499cc1c763e4394b7482525bf2a9701c9d79d215f519e4"
+checksum = "71e2746dc3a24dd78b3cfcb7be93368c6de9963d30f43a6a73998a9cf4b17b46"
 dependencies = [
 "bitflags 2.6.0",
 "cfg-if",
@@ -4294,7 +4317,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "560131c633294438da9f7c4b08189194b20946c8274c6b9e38881a7874dc8ee8"
 dependencies = [
 "memchr",
- "thiserror",
+ "thiserror 1.0.69",
 "ucd-trie",
 ]

@@ -4342,7 +4365,7 @@ dependencies = [
 "aes-gcm",
 "aes-kw",
 "argon2",
- "base64 0.22.1",
+ "base64 0.21.7",
 "bitfield",
 "block-padding",
 "blowfish",
@@ -4392,7 +4415,7 @@ dependencies = [
 "sha3",
 "signature",
 "smallvec",
- "thiserror",
+ "thiserror 1.0.69",
 "twofish",
 "x25519-dalek",
 "x448",
@@ -4448,7 +4471,7 @@ dependencies = [
 "mainline",
 "self_cell",
 "simple-dns",
- "thiserror",
+ "thiserror 1.0.69",
 "tracing",
 "ureq",
 "wasm-bindgen",
@@ -4617,7 +4640,7 @@ dependencies = [
 "serde",
 "smallvec",
 "socket2",
- "thiserror",
+ "thiserror 1.0.69",
 "time 0.3.36",
 "tokio",
 "tokio-util",
@@ -4895,7 +4918,7 @@ dependencies = [
 "quinn-udp",
 "rustc-hash 1.1.0",
 "rustls",
- "thiserror",
+ "thiserror 1.0.69",
 "tokio",
 "tracing",
 ]
@@ -4912,7 +4935,7 @@ dependencies = [
 "rustc-hash 2.0.0",
 "rustls",
 "slab",
- "thiserror",
+ "thiserror 1.0.69",
 "tinyvec",
 "tracing",
 ]
@@ -5116,7 +5139,7 @@ checksum = "a18479200779601e498ada4e8c1e1f50e3ee19deb0259c25825a98b5603b2cb4"
 dependencies = [
 "getrandom 0.2.12",
 "libredox",
- "thiserror",
+ "thiserror 1.0.69",
 ]

 [[package]]
@@ -5309,7 +5332,7 @@ dependencies = [
 "netlink-proto",
 "netlink-sys",
 "nix 0.26.4",
- "thiserror",
+ "thiserror 1.0.69",
 "tokio",
 ]

@@ -5384,9 +5407,9 @@ dependencies = [

 [[package]]
 name = "rustls"
-version = "0.23.19"
+version = "0.23.20"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "934b404430bb06b3fae2cba809eb45a1ab1aecd64491213d7c3301b88393f8d1"
+checksum = "5065c3f250cbd332cd894be57c40fa52387247659b14a2d6041d121547903b1b"
 dependencies = [
 "log",
 "once_cell",
@@ -5472,9 +5495,9 @@ checksum = "7ffc183a10b4478d04cbbbfc96d0873219d962dd5accaff2ffbd4ceb7df837f4"

 [[package]]
 name = "rustyline"
-version = "14.0.0"
+version = "15.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7803e8936da37efd9b6d4478277f4b2b9bb5cdb37a113e8d63222e58da647e63"
+checksum = "2ee1e066dc922e513bda599c6ccb5f3bb2b0ea5870a579448f2622993f0a9a2f"
 dependencies = [
 "bitflags 2.6.0",
 "cfg-if",
@@ -5484,12 +5507,12 @@ dependencies = [
 "libc",
 "log",
 "memchr",
- "nix 0.28.0",
+ "nix 0.29.0",
 "radix_trie",
 "unicode-segmentation",
- "unicode-width",
+ "unicode-width 0.2.0",
 "utf8parse",
- "windows-sys 0.52.0",
+ "windows-sys 0.59.0",
 ]

 [[package]]
@@ -5636,9 +5659,9 @@ dependencies = [

 [[package]]
 name = "serde"
-version = "1.0.215"
+version = "1.0.217"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6513c1ad0b11a9376da888e3e0baa0077f1aed55c17f50e7b2397136129fb88f"
+checksum = "02fc4265df13d6fa1d00ecff087228cc0a2b5f3c0e87e258d8b94a156e984c70"
 dependencies = [
 "serde_derive",
 ]
@@ -5673,9 +5696,9 @@ dependencies = [

 [[package]]
 name = "serde_derive"
-version = "1.0.215"
+version = "1.0.217"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ad1e866f866923f252f05c889987993144fb74e722403468a4ebd70c3cd756c0"
+checksum = "5a9bf7cf98d04a2b28aead066b7496853d4779c9cc183c440dbac457641e19a0"
 dependencies = [
 "proc-macro2",
 "quote",
@@ -5695,9 +5718,9 @@ dependencies = [

 [[package]]
 name = "serde_json"
-version = "1.0.133"
+version = "1.0.134"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c7fceb2473b9166b2294ef05efcb65a3db80803f0b03ef86a5fc88a2b85ee377"
+checksum = "d00f4175c42ee48b15416f6193a959ba3a0d67fc699a0db9ad12df9f83991c7d"
 dependencies = [
 "itoa",
 "memchr",
@@ -5808,17 +5831,17 @@ dependencies = [

 [[package]]
 name = "shadowsocks"
-version = "1.21.0"
+version = "1.22.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5ecb3780dfbc654de9383758015b9bb95c6e32fecace36ebded09d67e854d130"
+checksum = "1678a9acd37add020f89bfe05d45b9b8a6e8ad5d09f54ac2af3e0dcf0557b481"
 dependencies = [
 "aes",
- "async-trait",
 "base64 0.22.1",
 "blake3",
 "byte_string",
 "bytes",
 "cfg-if",
+ "dynosaur",
 "futures",
 "libc",
 "log",
@@ -5834,18 +5857,19 @@ dependencies = [
 "shadowsocks-crypto",
 "socket2",
 "spin",
- "thiserror",
+ "thiserror 2.0.9",
 "tokio",
 "tokio-tfo",
+ "trait-variant",
 "url",
 "windows-sys 0.59.0",
 ]

 [[package]]
 name = "shadowsocks-crypto"
-version = "0.5.5"
+version = "0.5.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a9e49ecfad8b27f3df28848af11f08aa10df0c6b74b45748131753913be23373"
+checksum = "bc77ecb3a97509d22751b76665894fcffad2d10df8758f4e3f20c92ccde6bf4f"
 dependencies = [
 "aes",
 "aes-gcm",
@@ -6136,7 +6160,7 @@ dependencies = [
 "pnet_packet",
 "rand 0.8.5",
 "socket2",
- "thiserror",
+ "thiserror 1.0.69",
 "tokio",
 "tracing",
 ]
@@ -6253,12 +6277,13 @@ dependencies = [

 [[package]]
 name = "testdir"
-version = "0.9.1"
+version = "0.9.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ee79e927b64d193f5abb60d20a0eb56be0ee5a242fdeb8ce3bf054177006de52"
+checksum = "c9ffa013be124f7e8e648876190de818e3a87088ed97ccd414a398b403aec8c8"
 dependencies = [
 "anyhow",
 "backtrace",
+ "cargo-platform",
 "cargo_metadata",
 "once_cell",
 "sysinfo",
@@ -6273,7 +6298,7 @@ checksum = "23d434d3f8967a09480fb04132ebe0a3e088c173e6d0ee7897abbdf4eab0f8b9"
 dependencies = [
 "smawk",
 "unicode-linebreak",
- "unicode-width",
+ "unicode-width 0.1.11",
 ]

 [[package]]
@@ -6282,7 +6307,16 @@ version = "1.0.69"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b6aaf5339b578ea85b50e080feb250a3e8ae8cfcdff9a461c9ec2904bc923f52"
 dependencies = [
- "thiserror-impl",
+ "thiserror-impl 1.0.69",
+]
+
+[[package]]
+name = "thiserror"
+version = "2.0.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f072643fd0190df67a8bab670c20ef5d8737177d6ac6b2e9a236cb096206b2cc"
+dependencies = [
+ "thiserror-impl 2.0.9",
 ]

 [[package]]
@@ -6296,6 +6330,17 @@ dependencies = [
 "syn 2.0.94",
 ]

+[[package]]
+name = "thiserror-impl"
+version = "2.0.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7b50fa271071aae2e6ee85f842e2e28ba8cd2c5fb67f11fcb1fd70b276f9e7d4"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.94",
+]
+
 [[package]]
 name = "thread_local"
 version = "1.1.8"
@@ -6385,9 +6430,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"

 [[package]]
 name = "tokio"
-version = "1.41.1"
+version = "1.42.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "22cfb5bee7a6a52939ca9224d6ac897bb669134078daa8735560897f69de4d33"
+checksum = "5cec9b21b0450273377fc97bd4c33a8acffc8c996c987a7c5b319a0083707551"
 dependencies = [
 "backtrace",
 "bytes",
@@ -6498,7 +6543,7 @@ dependencies = [
 "http 1.1.0",
 "httparse",
 "js-sys",
- "thiserror",
+ "thiserror 1.0.69",
 "tokio",
 "tokio-tungstenite",
 "wasm-bindgen",
@@ -6645,6 +6690,17 @@ dependencies = [
 "tracing-log",
 ]

+[[package]]
+name = "trait-variant"
+version = "0.1.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "70977707304198400eb4835a78f6a9f928bf41bba420deb8fdb175cd965d77a7"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.94",
+]
+
 [[package]]
 name = "try-lock"
 version = "0.2.5"
@@ -6674,7 +6730,7 @@ dependencies = [
 "log",
 "rand 0.8.5",
 "sha1",
- "thiserror",
+ "thiserror 1.0.69",
 "url",
 "utf-8",
 ]
@@ -6778,6 +6834,12 @@ version = "0.1.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e51733f11c9c4f72aa0c160008246859e340b00807569a0da0e7a1079b27ba85"

+[[package]]
+name = "unicode-width"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1fc81956842c57dac11422a97c3b8195a1ff727f06e85c84ed2e8aa277c9a0fd"
+
 [[package]]
 name = "unicode-xid"
 version = "0.2.4"
@@ -7003,7 +7065,7 @@ dependencies = [
 "event-listener 4.0.3",
 "futures-util",
 "parking_lot",
- "thiserror",
+ "thiserror 1.0.69",
 ]

 [[package]]
@@ -7337,7 +7399,7 @@ dependencies = [
 "futures",
 "log",
 "serde",
- "thiserror",
+ "thiserror 1.0.69",
 "windows 0.52.0",
 ]

@@ -7389,7 +7451,7 @@ dependencies = [
 "nom",
 "oid-registry",
 "rusticata-macros",
- "thiserror",
+ "thiserror 1.0.69",
 "time 0.3.36",
 ]

--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,9 +1,9 @@
 [package]
 name = "deltachat"
-version = "1.152.2"
+version = "1.155.0"
 edition = "2021"
 license = "MPL-2.0"
-rust-version = "1.77"
+rust-version = "1.81"
 repository = "https://github.com/deltachat/deltachat-core-rust"

 [profile.dev]
@@ -50,7 +50,7 @@ brotli = { version = "7", default-features=false, features = ["std"] }
 bytes = "1"
 chrono = { workspace = true, features = ["alloc", "clock", "std"] }
 email = { git = "https://github.com/deltachat/rust-email", branch = "master" }
-encoded-words = { git = "https://github.com/async-email/encoded-words", branch = "master" }
+encoded-words = "0.2"
 escaper = "0.1"
 fast-socks5 = "0.10"
 fd-lock = "4"
@@ -86,14 +86,14 @@ regex = { workspace = true }
 rusqlite = { workspace = true, features = ["sqlcipher"] }
 rust-hsluv = "0.1"
 rustls-pki-types = "1.10.1"
-rustls = { version = "0.23.19", default-features = false }
+rustls = { version = "0.23.20", default-features = false }
 sanitize-filename = { workspace = true }
 serde_json = { workspace = true }
 serde_urlencoded = "0.7.1"
 serde = { workspace = true, features = ["derive"] }
 sha-1 = "0.10"
 sha2 = "0.10"
-shadowsocks = { version = "1.21.0", default-features = false, features = ["aead-cipher-2022"] }
+shadowsocks = { version = "1.22.0", default-features = false, features = ["aead-cipher", "aead-cipher-2022"] }
 smallvec = "1.13.2"
 strum = "0.26"
 strum_macros = "0.26"
@@ -110,6 +110,7 @@ toml = "0.8"
 url = "2"
 uuid = { version = "1", features = ["serde", "v4"] }
 webpki-roots = "0.26.7"
+blake3 = "1.5.5"

 [dev-dependencies]
 anyhow = { workspace = true, features = ["backtrace"] } # Enable `backtrace` feature in tests.
@@ -120,7 +121,7 @@ nu-ansi-term = { workspace = true }
 pretty_assertions = "1.4.1"
 proptest = { version = "1", default-features = false, features = ["std"] }
 tempfile = { workspace = true }
-testdir = "0.9.0"
+testdir = "0.9.3"
 tokio = { workspace = true, features = ["rt-multi-thread", "macros"] }

 [workspace]
--- a/deltachat-ffi/Cargo.toml
+++ b/deltachat-ffi/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "deltachat_ffi"
-version = "1.152.2"
+version = "1.155.0"
 description = "Deltachat FFI"
 edition = "2018"
 readme = "README.md"
@@ -15,7 +15,7 @@ crate-type = ["cdylib", "staticlib"]

 [dependencies]
 deltachat = { workspace = true, default-features = false }
-deltachat-jsonrpc = { workspace = true, optional = true }
+deltachat-jsonrpc = { workspace = true }
 libc = { workspace = true }
 human-panic = { version = "2", default-features = false }
 num-traits = { workspace = true }
@@ -30,5 +30,4 @@ yerpc = { workspace = true, features = ["anyhow_expose"] }
 [features]
 default = ["vendored"]
 vendored = ["deltachat/vendored", "deltachat-jsonrpc/vendored"]
-jsonrpc = ["dep:deltachat-jsonrpc"]

--- a/deltachat-ffi/deltachat.h
+++ b/deltachat-ffi/deltachat.h
@@ -1974,6 +1974,36 @@ void            dc_delete_msgs               (dc_context_t* context, const uint3
 void            dc_forward_msgs              (dc_context_t* context, const uint32_t* msg_ids, int msg_cnt, uint32_t chat_id);


+/**
+ * Save a copy of messages in "Saved Messages".
+ *
+ * In contrast to forwarding messages,
+ * information as author, date and origin are preserved.
+ * The action completes locally, so "Saved Messages" do not show sending errors in case one is offline.
+ * Still, a sync message is emitted, so that other devices will save the same message,
+ * as long as not deleted before.
+ *
+ * To check if a message was saved, use dc_msg_get_saved_msg_id(),
+ * UI may show an indicator and offer an "Unsave" instead of a "Save" button then.
+ *
+ * The other way round, from inside the "Saved Messages" chat,
+ * UI may show the indicator and "Unsave" button checking dc_msg_get_original_msg_id()
+ * and offer a button to go the original message.
+ *
+ * "Unsave" is done by deleting the saved message.
+ * Webxdc updates are not copied on purpose.
+ *
+ * For performance reasons, esp. when saving lots of messages,
+ * UI should call this function from a background thread.
+ *
+ * @memberof dc_context_t
+ * @param context The context object.
+ * @param msg_ids An array of uint32_t containing all message IDs that should be saved.
+ * @param msg_cnt The number of messages IDs in the msg_ids array.
+ */
+void            dc_save_msgs                 (dc_context_t* context, const uint32_t* msg_ids, int msg_cnt);
+
+
 /**
 * Resend messages and make information available for newly added chat members.
 * Resending sends out the original message, however, recipients and webxdc-status may differ.
@@ -4722,10 +4752,36 @@ void            dc_msg_set_override_sender_name(dc_msg_t* msg, const char* name)
 * @param file If the message object is used in dc_send_msg() later,
 *     this must be the full path of the image file to send.
 * @param filemime The MIME type of the file. NULL if you don't know or don't care.
+ * @deprecated 2025-01-21 Use dc_msg_set_file_and_deduplicate instead
 */
 void            dc_msg_set_file               (dc_msg_t* msg, const char* file, const char* filemime);


+/**
+ * Sets the file associated with a message.
+ *
+ * If `name` is non-null, it is used as the file name
+ * and the actual current name of the file is ignored.
+ *
+ * If the source file is already in the blobdir, it will be renamed,
+ * otherwise it will be copied to the blobdir first.
+ *
+ * In order to deduplicate files that contain the same data,
+ * the file will be named `<hash>.<extension>`, e.g. `ce940175885d7b78f7b7e9f1396611f.jpg`.
+ *
+ * NOTE:
+ * - This function will rename the file. To get the new file path, call `get_file()`.
+ * - The file must not be modified after this function was called.
+ *
+ * @memberof dc_msg_t
+ * @param msg The message object. Must not be NULL.
+ * @param file The path of the file to attach. Must not be NULL.
+ * @param name The original filename of the attachment. If NULL, the current name of `file` will be used instead.
+ * @param filemime The MIME type of the file. NULL if you don't know or don't care.
+ */
+void            dc_msg_set_file_and_deduplicate(dc_msg_t* msg, const char* file, const char* name, const char* filemime);
+
+
 /**
 * Set the dimensions associated with message object.
 * Typically this is the width and the height of an image or video associated using dc_msg_set_file().
@@ -4868,6 +4924,33 @@ dc_msg_t*       dc_msg_get_quoted_msg         (const dc_msg_t* msg);
 dc_msg_t*       dc_msg_get_parent             (const dc_msg_t* msg);


+/**
+ * Get original message ID for a saved message from the "Saved Messages" chat.
+ *
+ * Can be used by UI to show a button to go the original message
+ * and an option to "Unsave" the message.
+ *
+ * @param msg The message object. Usually, this refers to a a message inside "Saved Messages".
+ * @return The message ID of the original message.
+ *     0 if the given message object is not a "Saved Message"
+ *     or if the original message does no longer exist.
+ */
+uint32_t        dc_msg_get_original_msg_id    (const dc_msg_t* msg);
+
+
+/**
+ * Check if a message was saved and return its ID inside "Saved Messages".
+ *
+ * Deleting the returned message will un-save the message.
+ * The state "is saved" can be used to show some icon to indicate that a message was saved.
+ *
+ * @param msg The message object. Usually, this refers to a a message outside "Saved Messages".
+ * @return The message ID inside "Saved Messages", if any.
+ *     0 if the given message object is not saved.
+ */
+uint32_t        dc_msg_get_saved_msg_id     (const dc_msg_t* msg);
+
+
 /**
 * Force the message to be sent in plain text.
 *
--- a/deltachat-ffi/src/lib.rs
+++ b/deltachat-ffi/src/lib.rs
@@ -35,6 +35,8 @@ use deltachat::stock_str::StockMessage;
 use deltachat::webxdc::StatusUpdateSerial;
 use deltachat::*;
 use deltachat::{accounts::Accounts, log::LogExt};
+use deltachat_jsonrpc::api::CommandApi;
+use deltachat_jsonrpc::yerpc::{OutReceiver, RpcClient, RpcSession};
 use num_traits::{FromPrimitive, ToPrimitive};
 use once_cell::sync::Lazy;
 use rand::Rng;
@@ -1977,6 +1979,26 @@ pub unsafe extern "C" fn dc_forward_msgs(
    })
 }

+#[no_mangle]
+pub unsafe extern "C" fn dc_save_msgs(
+    context: *mut dc_context_t,
+    msg_ids: *const u32,
+    msg_cnt: libc::c_int,
+) {
+    if context.is_null() || msg_ids.is_null() || msg_cnt <= 0 {
+        eprintln!("ignoring careless call to dc_save_msgs()");
+        return;
+    }
+    let msg_ids = convert_and_prune_message_ids(msg_ids, msg_cnt);
+    let ctx = &*context;
+
+    block_on(async move {
+        chat::save_msgs(ctx, &msg_ids[..])
+            .await
+            .unwrap_or_log_default(ctx, "Failed to save message")
+    })
+}
+
 #[no_mangle]
 pub unsafe extern "C" fn dc_resend_msgs(
    context: *mut dc_context_t,
@@ -3813,6 +3835,33 @@ pub unsafe extern "C" fn dc_msg_set_file(
    )
 }

+#[no_mangle]
+pub unsafe extern "C" fn dc_msg_set_file_and_deduplicate(
+    msg: *mut dc_msg_t,
+    file: *const libc::c_char,
+    name: *const libc::c_char,
+    filemime: *const libc::c_char,
+) {
+    if msg.is_null() || file.is_null() {
+        eprintln!("ignoring careless call to dc_msg_set_file_and_deduplicate()");
+        return;
+    }
+    let ffi_msg = &mut *msg;
+    let ctx = &*ffi_msg.context;
+
+    ffi_msg
+        .message
+        .set_file_and_deduplicate(
+            ctx,
+            as_path(file),
+            to_opt_string_lossy(name).as_deref(),
+            to_opt_string_lossy(filemime).as_deref(),
+        )
+        .context("Failed to set file")
+        .log_err(&*ffi_msg.context)
+        .ok();
+}
+
 #[no_mangle]
 pub unsafe extern "C" fn dc_msg_set_dimension(
    msg: *mut dc_msg_t,
@@ -3978,6 +4027,48 @@ pub unsafe extern "C" fn dc_msg_get_parent(msg: *const dc_msg_t) -> *mut dc_msg_
    }
 }

+#[no_mangle]
+pub unsafe extern "C" fn dc_msg_get_original_msg_id(msg: *const dc_msg_t) -> u32 {
+    if msg.is_null() {
+        eprintln!("ignoring careless call to dc_msg_get_original_msg_id()");
+        return 0;
+    }
+    let ffi_msg: &MessageWrapper = &*msg;
+    let context = &*ffi_msg.context;
+    block_on(async move {
+        ffi_msg
+            .message
+            .get_original_msg_id(context)
+            .await
+            .context("failed to get original message")
+            .log_err(context)
+            .unwrap_or_default()
+            .map(|id| id.to_u32())
+            .unwrap_or(0)
+    })
+}
+
+#[no_mangle]
+pub unsafe extern "C" fn dc_msg_get_saved_msg_id(msg: *const dc_msg_t) -> u32 {
+    if msg.is_null() {
+        eprintln!("ignoring careless call to dc_msg_get_saved_msg_id()");
+        return 0;
+    }
+    let ffi_msg: &MessageWrapper = &*msg;
+    let context = &*ffi_msg.context;
+    block_on(async move {
+        ffi_msg
+            .message
+            .get_saved_msg_id(context)
+            .await
+            .context("failed to get original message")
+            .log_err(context)
+            .unwrap_or_default()
+            .map(|id| id.to_u32())
+            .unwrap_or(0)
+    })
+}
+
 #[no_mangle]
 pub unsafe extern "C" fn dc_msg_force_plaintext(msg: *mut dc_msg_t) {
    if msg.is_null() {
@@ -4930,105 +5021,97 @@ pub unsafe extern "C" fn dc_accounts_get_event_emitter(
    Box::into_raw(Box::new(emitter))
 }

-#[cfg(feature = "jsonrpc")]
-mod jsonrpc {
-    use deltachat_jsonrpc::api::CommandApi;
-    use deltachat_jsonrpc::yerpc::{OutReceiver, RpcClient, RpcSession};
+pub struct dc_jsonrpc_instance_t {
+    receiver: OutReceiver,
+    handle: RpcSession<CommandApi>,
+}

-    use super::*;
-
-    pub struct dc_jsonrpc_instance_t {
-        receiver: OutReceiver,
-        handle: RpcSession<CommandApi>,
+#[no_mangle]
+pub unsafe extern "C" fn dc_jsonrpc_init(
+    account_manager: *mut dc_accounts_t,
+) -> *mut dc_jsonrpc_instance_t {
+    if account_manager.is_null() {
+        eprintln!("ignoring careless call to dc_jsonrpc_init()");
+        return ptr::null_mut();
    }

-    #[no_mangle]
-    pub unsafe extern "C" fn dc_jsonrpc_init(
-        account_manager: *mut dc_accounts_t,
-    ) -> *mut dc_jsonrpc_instance_t {
-        if account_manager.is_null() {
-            eprintln!("ignoring careless call to dc_jsonrpc_init()");
-            return ptr::null_mut();
-        }
+    let account_manager = &*account_manager;
+    let cmd_api = block_on(deltachat_jsonrpc::api::CommandApi::from_arc(
+        account_manager.inner.clone(),
+    ));

-        let account_manager = &*account_manager;
-        let cmd_api = block_on(deltachat_jsonrpc::api::CommandApi::from_arc(
-            account_manager.inner.clone(),
-        ));
+    let (request_handle, receiver) = RpcClient::new();
+    let handle = RpcSession::new(request_handle, cmd_api);

-        let (request_handle, receiver) = RpcClient::new();
-        let handle = RpcSession::new(request_handle, cmd_api);
+    let instance = dc_jsonrpc_instance_t { receiver, handle };

-        let instance = dc_jsonrpc_instance_t { receiver, handle };
+    Box::into_raw(Box::new(instance))
+}

-        Box::into_raw(Box::new(instance))
+#[no_mangle]
+pub unsafe extern "C" fn dc_jsonrpc_unref(jsonrpc_instance: *mut dc_jsonrpc_instance_t) {
+    if jsonrpc_instance.is_null() {
+        eprintln!("ignoring careless call to dc_jsonrpc_unref()");
+        return;
+    }
+    drop(Box::from_raw(jsonrpc_instance));
+}
+
+fn spawn_handle_jsonrpc_request(handle: RpcSession<CommandApi>, request: String) {
+    spawn(async move {
+        handle.handle_incoming(&request).await;
+    });
+}
+
+#[no_mangle]
+pub unsafe extern "C" fn dc_jsonrpc_request(
+    jsonrpc_instance: *mut dc_jsonrpc_instance_t,
+    request: *const libc::c_char,
+) {
+    if jsonrpc_instance.is_null() || request.is_null() {
+        eprintln!("ignoring careless call to dc_jsonrpc_request()");
+        return;
    }

-    #[no_mangle]
-    pub unsafe extern "C" fn dc_jsonrpc_unref(jsonrpc_instance: *mut dc_jsonrpc_instance_t) {
-        if jsonrpc_instance.is_null() {
-            eprintln!("ignoring careless call to dc_jsonrpc_unref()");
-            return;
-        }
-        drop(Box::from_raw(jsonrpc_instance));
+    let handle = &(*jsonrpc_instance).handle;
+    let request = to_string_lossy(request);
+    spawn_handle_jsonrpc_request(handle.clone(), request);
+}
+
+#[no_mangle]
+pub unsafe extern "C" fn dc_jsonrpc_next_response(
+    jsonrpc_instance: *mut dc_jsonrpc_instance_t,
+) -> *mut libc::c_char {
+    if jsonrpc_instance.is_null() {
+        eprintln!("ignoring careless call to dc_jsonrpc_next_response()");
+        return ptr::null_mut();
    }
+    let api = &*jsonrpc_instance;
+    block_on(api.receiver.recv())
+        .map(|result| serde_json::to_string(&result).unwrap_or_default().strdup())
+        .unwrap_or(ptr::null_mut())
+}

-    fn spawn_handle_jsonrpc_request(handle: RpcSession<CommandApi>, request: String) {
-        spawn(async move {
-            handle.handle_incoming(&request).await;
-        });
+#[no_mangle]
+pub unsafe extern "C" fn dc_jsonrpc_blocking_call(
+    jsonrpc_instance: *mut dc_jsonrpc_instance_t,
+    input: *const libc::c_char,
+) -> *mut libc::c_char {
+    if jsonrpc_instance.is_null() {
+        eprintln!("ignoring careless call to dc_jsonrpc_blocking_call()");
+        return ptr::null_mut();
    }
-
-    #[no_mangle]
-    pub unsafe extern "C" fn dc_jsonrpc_request(
-        jsonrpc_instance: *mut dc_jsonrpc_instance_t,
-        request: *const libc::c_char,
-    ) {
-        if jsonrpc_instance.is_null() || request.is_null() {
-            eprintln!("ignoring careless call to dc_jsonrpc_request()");
-            return;
-        }
-
-        let handle = &(*jsonrpc_instance).handle;
-        let request = to_string_lossy(request);
-        spawn_handle_jsonrpc_request(handle.clone(), request);
-    }
-
-    #[no_mangle]
-    pub unsafe extern "C" fn dc_jsonrpc_next_response(
-        jsonrpc_instance: *mut dc_jsonrpc_instance_t,
-    ) -> *mut libc::c_char {
-        if jsonrpc_instance.is_null() {
-            eprintln!("ignoring careless call to dc_jsonrpc_next_response()");
-            return ptr::null_mut();
-        }
-        let api = &*jsonrpc_instance;
-        block_on(api.receiver.recv())
-            .map(|result| serde_json::to_string(&result).unwrap_or_default().strdup())
-            .unwrap_or(ptr::null_mut())
-    }
-
-    #[no_mangle]
-    pub unsafe extern "C" fn dc_jsonrpc_blocking_call(
-        jsonrpc_instance: *mut dc_jsonrpc_instance_t,
-        input: *const libc::c_char,
-    ) -> *mut libc::c_char {
-        if jsonrpc_instance.is_null() {
-            eprintln!("ignoring careless call to dc_jsonrpc_blocking_call()");
-            return ptr::null_mut();
-        }
-        let api = &*jsonrpc_instance;
-        let input = to_string_lossy(input);
-        let res = block_on(api.handle.process_incoming(&input));
-        match res {
-            Some(message) => {
-                if let Ok(message) = serde_json::to_string(&message) {
-                    message.strdup()
-                } else {
-                    ptr::null_mut()
-                }
+    let api = &*jsonrpc_instance;
+    let input = to_string_lossy(input);
+    let res = block_on(api.handle.process_incoming(&input));
+    match res {
+        Some(message) => {
+            if let Ok(message) = serde_json::to_string(&message) {
+                message.strdup()
+            } else {
+                ptr::null_mut()
            }
-            None => ptr::null_mut(),
        }
+        None => ptr::null_mut(),
    }
 }
--- a/deltachat-jsonrpc/Cargo.toml
+++ b/deltachat-jsonrpc/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "deltachat-jsonrpc"
-version = "1.152.2"
+version = "1.155.0"
 description = "DeltaChat JSON-RPC API"
 edition = "2021"
 default-run = "deltachat-jsonrpc-server"
--- a/deltachat-jsonrpc/src/api.rs
+++ b/deltachat-jsonrpc/src/api.rs
@@ -836,6 +836,13 @@ impl CommandApi {
        Ok(contacts.iter().map(|id| id.to_u32()).collect::<Vec<u32>>())
    }

+    /// Returns contact IDs of the past chat members.
+    async fn get_past_chat_contacts(&self, account_id: u32, chat_id: u32) -> Result<Vec<u32>> {
+        let ctx = self.get_context(account_id).await?;
+        let contacts = chat::get_past_chat_contacts(&ctx, ChatId::new(chat_id)).await?;
+        Ok(contacts.iter().map(|id| id.to_u32()).collect::<Vec<u32>>())
+    }
+
    /// Create a new group chat.
    ///
    /// After creation,
--- a/deltachat-jsonrpc/src/api/types/chat.rs
+++ b/deltachat-jsonrpc/src/api/types/chat.rs
@@ -1,7 +1,7 @@
 use std::time::{Duration, SystemTime};

 use anyhow::{bail, Context as _, Result};
-use deltachat::chat::{self, get_chat_contacts, ChatVisibility};
+use deltachat::chat::{self, get_chat_contacts, get_past_chat_contacts, ChatVisibility};
 use deltachat::chat::{Chat, ChatId};
 use deltachat::constants::Chattype;
 use deltachat::contact::{Contact, ContactId};
@@ -39,6 +39,10 @@ pub struct FullChat {
    is_self_talk: bool,
    contacts: Vec<ContactObject>,
    contact_ids: Vec<u32>,
+
+    /// Contact IDs of the past chat members.
+    past_contact_ids: Vec<u32>,
+
    color: String,
    fresh_message_counter: usize,
    // is_group - please check over chat.type in frontend instead
@@ -59,6 +63,7 @@ impl FullChat {
        let chat = Chat::load_from_db(context, rust_chat_id).await?;

        let contact_ids = get_chat_contacts(context, rust_chat_id).await?;
+        let past_contact_ids = get_past_chat_contacts(context, rust_chat_id).await?;

        let mut contacts = Vec::with_capacity(contact_ids.len());

@@ -111,6 +116,7 @@ impl FullChat {
            is_self_talk: chat.is_self_talk(),
            contacts,
            contact_ids: contact_ids.iter().map(|id| id.to_u32()).collect(),
+            past_contact_ids: past_contact_ids.iter().map(|id| id.to_u32()).collect(),
            color,
            fresh_message_counter,
            is_contact_request: chat.is_contact_request(),
--- a/deltachat-jsonrpc/typescript/package.json
+++ b/deltachat-jsonrpc/typescript/package.json
@@ -58,5 +58,5 @@
  },
  "type": "module",
  "types": "dist/deltachat.d.ts",
-  "version": "1.152.2"
+  "version": "1.155.0"
 }
--- a/deltachat-repl/Cargo.toml
+++ b/deltachat-repl/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "deltachat-repl"
-version = "1.152.2"
+version = "1.155.0"
 license = "MPL-2.0"
 edition = "2021"
 repository = "https://github.com/deltachat/deltachat-core-rust"
@@ -13,7 +13,7 @@ log = { workspace = true }
 nu-ansi-term = { workspace = true }
 qr2term = "0.3.3"
 rusqlite = { workspace = true }
-rustyline = "14"
+rustyline = "15"
 tokio = { workspace = true, features = ["fs", "rt-multi-thread", "macros"] }
 tracing-subscriber = { workspace = true, features = ["env-filter"] }

--- a/deltachat-repl/src/cmdline.rs
+++ b/deltachat-repl/src/cmdline.rs
@@ -939,7 +939,7 @@ pub async fn cmdline(context: Context, line: &str, chat_id: &mut ChatId) -> Resu
            } else {
                Viewtype::File
            });
-            msg.set_file(arg1, None);
+            msg.set_file_and_deduplicate(&context, Path::new(arg1), None, None)?;
            msg.set_text(arg2.to_string());
            chat::send_msg(&context, sel_chat.as_ref().unwrap().get_id(), &mut msg).await?;
        }
--- a/deltachat-repl/src/main.rs
+++ b/deltachat-repl/src/main.rs
@@ -22,7 +22,7 @@ use log::{error, info, warn};
 use nu_ansi_term::Color;
 use rustyline::completion::{Completer, FilenameCompleter, Pair};
 use rustyline::error::ReadlineError;
-use rustyline::highlight::{Highlighter, MatchingBracketHighlighter};
+use rustyline::highlight::{CmdKind as HighlightCmdKind, Highlighter, MatchingBracketHighlighter};
 use rustyline::hint::{Hinter, HistoryHinter};
 use rustyline::validate::Validator;
 use rustyline::{
@@ -298,8 +298,8 @@ impl Highlighter for DcHelper {
        self.highlighter.highlight(line, pos)
    }

-    fn highlight_char(&self, line: &str, pos: usize, forced: bool) -> bool {
-        self.highlighter.highlight_char(line, pos, forced)
+    fn highlight_char(&self, line: &str, pos: usize, kind: HighlightCmdKind) -> bool {
+        self.highlighter.highlight_char(line, pos, kind)
    }
 }

--- a/deltachat-rpc-client/pyproject.toml
+++ b/deltachat-rpc-client/pyproject.toml
@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"

 [project]
 name = "deltachat-rpc-client"
-version = "1.152.2"
+version = "1.155.0"
 description = "Python client for Delta Chat core JSON-RPC interface"
 classifiers = [
    "Development Status :: 5 - Production/Stable",
@@ -13,7 +13,6 @@ classifiers = [
    "Operating System :: POSIX :: Linux",
    "Operating System :: MacOS :: MacOS X",
    "Programming Language :: Python :: 3",
-    "Programming Language :: Python :: 3.7",
    "Programming Language :: Python :: 3.8",
    "Programming Language :: Python :: 3.9",
    "Programming Language :: Python :: 3.10",
@@ -24,6 +23,7 @@ classifiers = [
    "Topic :: Communications :: Email"
 ]
 readme = "README.md"
+requires-python = ">=3.8"

 [tool.setuptools.package-data]
 deltachat_rpc_client = [
--- a/deltachat-rpc-client/src/deltachat_rpc_client/chat.py
+++ b/deltachat-rpc-client/src/deltachat_rpc_client/chat.py
@@ -238,6 +238,11 @@ class Chat:
        contacts = self._rpc.get_chat_contacts(self.account.id, self.id)
        return [Contact(self.account, contact_id) for contact_id in contacts]

+    def get_past_contacts(self) -> list[Contact]:
+        """Get past contacts for this chat."""
+        past_contacts = self._rpc.get_past_chat_contacts(self.account.id, self.id)
+        return [Contact(self.account, contact_id) for contact_id in past_contacts]
+
    def set_image(self, path: str) -> None:
        """Set profile image of this chat.

--- a/deltachat-rpc-client/src/deltachat_rpc_client/rpc.py
+++ b/deltachat-rpc-client/src/deltachat_rpc_client/rpc.py
@@ -131,10 +131,7 @@ class Rpc:

    def reader_loop(self) -> None:
        try:
-            while True:
-                line = self.process.stdout.readline()
-                if not line:  # EOF
-                    break
+            while line := self.process.stdout.readline():
                response = json.loads(line)
                if "id" in response:
                    response_id = response["id"]
@@ -150,10 +147,7 @@ class Rpc:
    def writer_loop(self) -> None:
        """Writer loop ensuring only a single thread writes requests."""
        try:
-            while True:
-                request = self.request_queue.get()
-                if not request:
-                    break
+            while request := self.request_queue.get():
                data = (json.dumps(request) + "\n").encode()
                self.process.stdin.write(data)
                self.process.stdin.flush()
--- a/deltachat-rpc-client/tests/test_something.py
+++ b/deltachat-rpc-client/tests/test_something.py
@@ -231,7 +231,9 @@ def test_chat(acfactory) -> None:
    group.get_fresh_message_count()
    group.mark_noticed()
    assert group.get_contacts()
-    group.remove_contact(alice_chat_bob)
+    assert group.get_past_contacts() == []
+    group.remove_contact(alice_contact_bob)
+    assert len(group.get_past_contacts()) == 1
    group.get_locations()


--- a/deltachat-rpc-server/Cargo.toml
+++ b/deltachat-rpc-server/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "deltachat-rpc-server"
-version = "1.152.2"
+version = "1.155.0"
 description = "DeltaChat JSON-RPC server"
 edition = "2021"
 readme = "README.md"
--- a/deltachat-rpc-server/npm-package/package.json
+++ b/deltachat-rpc-server/npm-package/package.json
@@ -15,5 +15,5 @@
  },
  "type": "module",
  "types": "index.d.ts",
-  "version": "1.152.2"
+  "version": "1.155.0"
 }
--- a/deny.toml
+++ b/deny.toml
@@ -51,7 +51,10 @@ skip = [
     { name = "regex-syntax", version = "0.6.29" },
     { name = "sync_wrapper", version = "0.1.2" },
     { name = "syn", version = "1.0.109" },
+     { name = "thiserror-impl", version = "1.0.69" },
+     { name = "thiserror", version = "1.0.69" },
     { name = "time", version = "<0.3" },
+     { name = "unicode-width", version = "0.1.11" },
     { name = "wasi", version = "<0.11" },
     { name = "windows_aarch64_gnullvm", version = "<0.52" },
     { name = "windows_aarch64_msvc", version = "<0.52" },
@@ -95,6 +98,5 @@ license-files = [
 [sources.allow-org]
 # Organisations which we allow git sources from.
 github = [
-       "async-email",
       "deltachat",
 ]
--- a/flake.lock
+++ b/flake.lock
@@ -47,17 +47,16 @@
        "rust-analyzer-src": "rust-analyzer-src"
      },
      "locked": {
-        "lastModified": 1711088506,
-        "narHash": "sha256-USdlY7Tx2oJWqFBpp10+03+h7eVhpkQ4s9t1ERjeIJE=",
+        "lastModified": 1737527504,
+        "narHash": "sha256-Z8S5gLPdIYeKwBXDaSxlJ72ZmiilYhu3418h3RSQZA0=",
        "owner": "nix-community",
        "repo": "fenix",
-        "rev": "85f4139f3c092cf4afd9f9906d7ed218ef262c97",
+        "rev": "aa13f23e3e91b95377a693ac655bbc6545ebec0d",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "fenix",
-        "rev": "85f4139f3c092cf4afd9f9906d7ed218ef262c97",
        "type": "github"
      }
    },
@@ -115,25 +114,6 @@
        "type": "github"
      }
    },
-    "new-fenix": {
-      "inputs": {
-        "nixpkgs": "nixpkgs_4",
-        "rust-analyzer-src": "rust-analyzer-src_2"
-      },
-      "locked": {
-        "lastModified": 1734417396,
-        "narHash": "sha256-32x1Z+Pz3Jv0cK9EG56cFTKXy/mZ/c+Ikxw+aVfKHp4=",
-        "owner": "nix-community",
-        "repo": "fenix",
-        "rev": "a18d41b26e998e95a598858fdb86ba22fb5da47d",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "fenix",
-        "type": "github"
-      }
-    },
    "nix-filter": {
      "locked": {
        "lastModified": 1730207686,
@@ -167,11 +147,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1731139594,
-        "narHash": "sha256-IigrKK3vYRpUu+HEjPL/phrfh7Ox881er1UEsZvw9Q4=",
+        "lastModified": 1737469691,
+        "narHash": "sha256-nmKOgAU48S41dTPIXAq0AHZSehWUn6ZPrUKijHAMmIk=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "76612b17c0ce71689921ca12d9ffdc9c23ce40b2",
+        "rev": "9e4d5190a9482a1fb9d18adf0bdb83c6e506eaab",
        "type": "github"
      },
      "original": {
@@ -194,22 +174,6 @@
      }
    },
    "nixpkgs_4": {
-      "locked": {
-        "lastModified": 1734119587,
-        "narHash": "sha256-AKU6qqskl0yf2+JdRdD0cfxX4b9x3KKV5RqA6wijmPM=",
-        "owner": "nixos",
-        "repo": "nixpkgs",
-        "rev": "3566ab7246670a43abd2ffa913cc62dad9cdf7d5",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nixos",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_5": {
      "locked": {
        "lastModified": 1731139594,
        "narHash": "sha256-IigrKK3vYRpUu+HEjPL/phrfh7Ox881er1UEsZvw9Q4=",
@@ -231,36 +195,18 @@
        "fenix": "fenix",
        "flake-utils": "flake-utils_2",
        "naersk": "naersk",
-        "new-fenix": "new-fenix",
        "nix-filter": "nix-filter",
-        "nixpkgs": "nixpkgs_5"
+        "nixpkgs": "nixpkgs_4"
      }
    },
    "rust-analyzer-src": {
      "flake": false,
      "locked": {
-        "lastModified": 1731342671,
-        "narHash": "sha256-36eYDHoPzjavnpmEpc2MXdzMk557S0YooGms07mDuKk=",
+        "lastModified": 1737453499,
+        "narHash": "sha256-fa5AJI9mjFU2oVXqdCq2oA2pripAXbHzkUkewJRQpxA=",
        "owner": "rust-lang",
        "repo": "rust-analyzer",
-        "rev": "fc98e0657abf3ce07eed513e38274c89bbb2f8ad",
-        "type": "github"
-      },
-      "original": {
-        "owner": "rust-lang",
-        "ref": "nightly",
-        "repo": "rust-analyzer",
-        "type": "github"
-      }
-    },
-    "rust-analyzer-src_2": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1734386068,
-        "narHash": "sha256-Py025JiD9lcPmldB7X1AEjq3WBTS60jZUJRtTDonmaE=",
-        "owner": "rust-lang",
-        "repo": "rust-analyzer",
-        "rev": "0a706f7d2ac093985eae317781200689cfd48b78",
+        "rev": "0b68402d781955d526b80e5d479e9e47addb4075",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@@ -1,19 +1,14 @@
 {
  description = "Delta Chat core";
  inputs = {
-    # Old Rust to build releases.
-    fenix.url = "github:nix-community/fenix?rev=85f4139f3c092cf4afd9f9906d7ed218ef262c97";
-
-    # New Rust for development shell.
-    new-fenix.url = "github:nix-community/fenix";
-
+    fenix.url = "github:nix-community/fenix";
    flake-utils.url = "github:numtide/flake-utils";
    naersk.url = "github:nix-community/naersk";
    nix-filter.url = "github:numtide/nix-filter";
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
    android.url = "github:tadfisher/android-nixpkgs";
  };
-  outputs = { self, nixpkgs, flake-utils, nix-filter, naersk, fenix, new-fenix, android }:
+  outputs = { self, nixpkgs, flake-utils, nix-filter, naersk, fenix, android }:
    flake-utils.lib.eachDefaultSystem (system:
      let
        pkgs = nixpkgs.legacyPackages.${system};
@@ -93,8 +88,7 @@
        cargoLock = {
          lockFile = ./Cargo.lock;
          outputHashes = {
-            "email-0.0.20" = "sha256-rV4Uzqt2Qdrfi5Ti1r+Si1c2iW1kKyWLwOgLkQ5JGGw=";
-            "encoded-words-0.2.0" = "sha256-KK9st0hLFh4dsrnLd6D8lC6pRFFs8W+WpZSGMGJcosk=";
+            "email-0.0.20" = "sha256-cfR3D5jFQpw32bGsgapK2Uwuxmht+rRK/n1ZUmCb2WA=";
            "lettre-0.9.2" = "sha256-+hU1cFacyyeC9UGVBpS14BWlJjHy90i/3ynMkKAzclk=";
          };
        };
@@ -544,13 +538,13 @@
          let
            pkgs = import nixpkgs {
              system = system;
-              overlays = [ new-fenix.overlays.default ];
+              overlays = [ fenix.overlays.default ];
            };
          in
          pkgs.mkShell {

            buildInputs = with pkgs; [
-              (new-fenix.packages.${system}.complete.withComponents [
+              (fenix.packages.${system}.complete.withComponents [
                "cargo"
                "clippy"
                "rust-src"
--- a/node/scripts/rebuild-core.js
+++ b/node/scripts/rebuild-core.js
@@ -9,7 +9,7 @@ const buildArgs = [
  'build',
  '--release',
  '--features',
-  'vendored,jsonrpc',
+  'vendored',
  '-p',
  'deltachat_ffi'
 ]
--- a/package.json
+++ b/package.json
@@ -55,5 +55,5 @@
    "test:mocha": "mocha node/test/test.mjs --growl --reporter=spec --bail --exit"
  },
  "types": "node/dist/index.d.ts",
-  "version": "1.152.2"
+  "version": "1.155.0"
 }
--- a/python/doc/cffi/install.rst
+++ b/python/doc/cffi/install.rst
@@ -52,10 +52,7 @@ python3-venv` should give you a usable python installation.

 First, build the core library::

-   cargo build --release -p deltachat_ffi --features jsonrpc
-
-`jsonrpc` feature is required even if not used by the bindings
-because `deltachat.h` includes JSON-RPC functions unconditionally.
+   cargo build --release -p deltachat_ffi

 Create the virtual environment and activate it::

--- a/python/pyproject.toml
+++ b/python/pyproject.toml
@@ -4,10 +4,10 @@ build-backend = "setuptools.build_meta"

 [project]
 name = "deltachat"
-version = "1.152.2"
+version = "1.155.0"
 description = "Python bindings for the Delta Chat Core library using CFFI against the Rust-implemented libdeltachat"
 readme = "README.rst"
-requires-python = ">=3.7"
+requires-python = ">=3.8"
 authors = [
    { name = "holger krekel, Floris Bruynooghe, Bjoern Petersen and contributors" },
 ]
--- a/python/src/deltachat/message.py
+++ b/python/src/deltachat/message.py
@@ -108,7 +108,9 @@ class Message:

    @props.with_doc
    def filename(self):
-        """filename if there was an attachment, otherwise empty string."""
+        """file path if there was an attachment, otherwise empty string.
+        If you want to get the file extension or a user-visible string,
+        use `basename` instead."""
        return from_dc_charpointer(lib.dc_msg_get_file(self._dc_msg))

    def set_file(self, path, mime_type=None):
@@ -120,7 +122,8 @@ class Message:

    @props.with_doc
    def basename(self) -> str:
-        """basename of the attachment if it exists, otherwise empty string."""
+        """The user-visible name of the attachment (incl. extension)
+        if it exists, otherwise empty string."""
        # FIXME, it does not return basename
        return from_dc_charpointer(lib.dc_msg_get_filename(self._dc_msg))

--- a/python/tests/test_1_online.py
+++ b/python/tests/test_1_online.py
@@ -181,15 +181,16 @@ def test_send_file_twice_unicode_filename_mangling(tmp_path, acfactory, lp):
    msg = send_and_receive_message()
    assert msg.text == "withfile"
    assert open(msg.filename).read() == "some data"
-    msg.filename.index(basename)
-    assert msg.filename.endswith(ext)
+    msg.basename.index(basename)
+    assert msg.basename.endswith(ext)

    msg2 = send_and_receive_message()
    assert msg2.text == "withfile"
    assert open(msg2.filename).read() == "some data"
-    msg2.filename.index(basename)
-    assert msg2.filename.endswith(ext)
-    assert msg.filename != msg2.filename
+    msg2.basename.index(basename)
+    assert msg2.basename.endswith(ext)
+    assert msg.filename == msg2.filename  # The file is deduplicated
+    assert msg.basename == msg2.basename


 def test_send_file_html_attachment(tmp_path, acfactory, lp):
@@ -214,8 +215,8 @@ def test_send_file_html_attachment(tmp_path, acfactory, lp):
    msg = ac2.get_message_by_id(ev.data2)

    assert open(msg.filename).read() == content
-    msg.filename.index(basename)
-    assert msg.filename.endswith(ext)
+    msg.basename.index(basename)
+    assert msg.basename.endswith(ext)


 def test_html_message(acfactory, lp):
@@ -1253,7 +1254,10 @@ def test_no_old_msg_is_fresh(acfactory, lp):

 def test_prefer_encrypt(acfactory, lp):
    """Test quorum rule for encryption preference in 1:1 and group chat."""
-    ac1, ac2, ac3 = acfactory.get_online_accounts(3)
+    ac1 = acfactory.new_online_configuring_account(fix_is_chatmail=True)
+    ac2 = acfactory.new_online_configuring_account(fix_is_chatmail=True)
+    ac3 = acfactory.new_online_configuring_account(fix_is_chatmail=True)
+    acfactory.bring_accounts_online()
    ac1.set_config("e2ee_enabled", "0")
    ac2.set_config("e2ee_enabled", "1")
    ac3.set_config("e2ee_enabled", "0")
@@ -1276,7 +1280,8 @@ def test_prefer_encrypt(acfactory, lp):
    lp.sec("ac2: sending message to ac1")
    chat2 = ac2.create_chat(ac1)
    msg2 = chat2.send_text("message2")
-    assert not msg2.is_encrypted()
+    # Own preference is `Mutual` and we have the peer's key.
+    assert msg2.is_encrypted()
    ac1._evtracker.wait_next_incoming_message()

    lp.sec("ac1: sending message to group chat with ac2 and ac3")
@@ -1292,8 +1297,8 @@ def test_prefer_encrypt(acfactory, lp):
    ac3.set_config("e2ee_enabled", "1")
    chat3 = ac3.create_chat(ac1)
    msg4 = chat3.send_text("message4")
-    # ac1 still does not prefer encryption
-    assert not msg4.is_encrypted()
+    # Own preference is `Mutual` and we have the peer's key.
+    assert msg4.is_encrypted()
    ac1._evtracker.wait_next_incoming_message()

    lp.sec("ac1: sending another message to group chat with ac2 and ac3")
--- a/python/tests/test_4_lowlevel.py
+++ b/python/tests/test_4_lowlevel.py
@@ -212,8 +212,13 @@ def test_logged_ac_process_ffi_failure(acfactory):
            0 / 0

    cap = Queue()
-    ac1.log = cap.put
+
+    # Make sure the next attempt to log an event fails.
    ac1.add_account_plugin(FailPlugin())
+
+    # Start capturing events.
+    ac1.log = cap.put
+
    # cause any event eg contact added/changed
    ac1.create_contact("something@example.org")
    res = cap.get(timeout=10)
--- a/release-date.in
+++ b/release-date.in
@@ -1 +1 @@
-2024-12-24
+2025-01-23
--- a/scripts/coredeps/install-rust.sh
+++ b/scripts/coredeps/install-rust.sh
@@ -7,7 +7,7 @@ set -euo pipefail
 #
 # Avoid using rustup here as it depends on reading /proc/self/exe and
 # has problems running under QEMU.
-RUST_VERSION=1.83.0
+RUST_VERSION=1.84.0

 ARCH="$(uname -m)"
 test -f "/lib/libc.musl-$ARCH.so.1" && LIBC=musl || LIBC=gnu
--- a/scripts/make-python-testenv.sh
+++ b/scripts/make-python-testenv.sh
@@ -11,7 +11,7 @@ set -euo pipefail

 export DCC_RS_TARGET=debug
 export DCC_RS_DEV="$PWD"
-cargo build -p deltachat_ffi --features jsonrpc
+cargo build -p deltachat_ffi

 tox -c python -e py --devenv venv
 venv/bin/pip install --upgrade pip
--- a/scripts/run-python-test.sh
+++ b/scripts/run-python-test.sh
@@ -12,7 +12,7 @@ export DCC_RS_DEV=`pwd`

 cd python

-cargo build -p deltachat_ffi --features jsonrpc
+cargo build -p deltachat_ffi

 # remove and inhibit writing PYC files 
 rm -rf tests/__pycache__
--- a/scripts/run_all.sh
+++ b/scripts/run_all.sh
@@ -8,7 +8,7 @@ set -e -x

 # compile core lib

-cargo build --release -p deltachat_ffi --features jsonrpc
+cargo build --release -p deltachat_ffi

 # Statically link against libdeltachat.a.
 export DCC_RS_DEV="$PWD"
@@ -31,6 +31,6 @@ unset CHATMAIL_DOMAIN

 # Try to build wheels for a range of interpreters, but don't fail if they are not available.
 # E.g. musllinux_1_1 does not have PyPy interpreters as of 2022-07-10
-tox --workdir "$TOXWORKDIR" -e py37,py38,py39,py310,py311,py312,py313,pypy37,pypy38,pypy39,pypy310 --skip-missing-interpreters true
+tox --workdir "$TOXWORKDIR" -e py38,py39,py310,py311,py312,py313,pypy38,pypy39,pypy310 --skip-missing-interpreters true

 auditwheel repair "$TOXWORKDIR"/wheelhouse/deltachat* -w "$TOXWORKDIR/wheelhouse"
--- a/src/blob.rs
+++ b/src/blob.rs
@@ -16,7 +16,7 @@ use image::ImageReader;
 use image::{DynamicImage, GenericImage, GenericImageView, ImageFormat, Pixel, Rgba};
 use num_traits::FromPrimitive;
 use tokio::io::AsyncWriteExt;
-use tokio::{fs, io};
+use tokio::{fs, io, task};
 use tokio_stream::wrappers::ReadDirStream;

 use crate::config::Config;
@@ -34,6 +34,10 @@ use crate::log::LogExt;
 #[derive(Debug, Clone, PartialEq, Eq)]
 pub struct BlobObject<'a> {
    blobdir: &'a Path,
+
+    /// The name of the file on the disc.
+    /// Note that this is NOT the user-visible filename,
+    /// which is only stored in Param::Filename on the message.
    name: String,
 }

@@ -74,7 +78,7 @@ impl<'a> BlobObject<'a> {
        Ok(blob)
    }

-    // Creates a new file, returning a tuple of the name and the handle.
+    /// Creates a new file, returning a tuple of the name and the handle.
    async fn create_new_file(
        context: &Context,
        dir: &Path,
@@ -88,6 +92,8 @@ impl<'a> BlobObject<'a> {
            attempt += 1;
            let path = dir.join(&name);
            match fs::OpenOptions::new()
+                // Using `create_new(true)` in order to avoid race conditions
+                // when creating multiple files with the same name.
                .create_new(true)
                .write(true)
                .open(&path)
@@ -139,6 +145,103 @@ impl<'a> BlobObject<'a> {
        Ok(blob)
    }

+    /// Creates a blob object by copying or renaming an existing file.
+    /// If the source file is already in the blobdir, it will be renamed,
+    /// otherwise it will be copied to the blobdir first.
+    ///
+    /// In order to deduplicate files that contain the same data,
+    /// the file will be named `<hash>.<extension>`, e.g. `ce940175885d7b78f7b7e9f1396611f.jpg`.
+    /// The `original_name` param is only used to get the extension.
+    ///
+    /// This is done in a in way which avoids race-conditions when multiple files are
+    /// concurrently created.
+    pub fn create_and_deduplicate(
+        context: &'a Context,
+        src: &Path,
+        original_name: &str,
+    ) -> Result<BlobObject<'a>> {
+        // `create_and_deduplicate{_from_bytes}()` do blocking I/O, but can still be called
+        // from an async context thanks to `block_in_place()`.
+        // Tokio's "async" I/O functions are also just thin wrappers around the blocking I/O syscalls,
+        // so we are doing essentially the same here.
+        task::block_in_place(|| {
+            let temp_path;
+            let src_in_blobdir: &Path;
+            let blobdir = context.get_blobdir();
+
+            if src.starts_with(blobdir) || src.starts_with("$BLOBDIR/") {
+                src_in_blobdir = src;
+            } else {
+                info!(
+                    context,
+                    "Source file not in blobdir. Copying instead of moving in order to prevent moving a file that was still needed."
+                );
+                temp_path = blobdir.join(format!("tmp-{}", rand::random::<u64>()));
+                if std::fs::copy(src, &temp_path).is_err() {
+                    // Maybe the blobdir didn't exist
+                    std::fs::create_dir_all(blobdir).log_err(context).ok();
+                    std::fs::copy(src, &temp_path).context("Copying new blobfile failed")?;
+                };
+                src_in_blobdir = &temp_path;
+            }
+
+            let hash = file_hash(src_in_blobdir)?.to_hex();
+            let hash = hash.as_str();
+            let hash = hash.get(0..31).unwrap_or(hash);
+            let new_file = if let Some(extension) = Path::new(original_name)
+                .extension()
+                .filter(|e| e.len() <= 32)
+            {
+                format!(
+                    "$BLOBDIR/{hash}.{}",
+                    extension.to_string_lossy().to_lowercase()
+                )
+            } else {
+                format!("$BLOBDIR/{hash}")
+            };
+
+            let blob = BlobObject {
+                blobdir,
+                name: new_file,
+            };
+            let new_path = blob.to_abs_path();
+
+            // This will also replace an already-existing file.
+            // Renaming is atomic, so this will avoid race conditions.
+            std::fs::rename(src_in_blobdir, &new_path)?;
+
+            context.emit_event(EventType::NewBlobFile(blob.as_name().to_string()));
+            Ok(blob)
+        })
+    }
+
+    /// Creates a new blob object with the file contents in `data`.
+    /// In order to deduplicate files that contain the same data,
+    /// the file will be named `<hash>.<extension>`, e.g. `ce940175885d7b78f7b7e9f1396611f.jpg`.
+    /// The `original_name` param is only used to get the extension.
+    ///
+    /// The `data` will be written into the file without race-conditions.
+    ///
+    /// This function does blocking I/O, but it can still be called from an async context
+    /// because `block_in_place()` is used to leave the async runtime if necessary.
+    pub fn create_and_deduplicate_from_bytes(
+        context: &'a Context,
+        data: &[u8],
+        original_name: &str,
+    ) -> Result<BlobObject<'a>> {
+        task::block_in_place(|| {
+            let blobdir = context.get_blobdir();
+            let temp_path = blobdir.join(format!("tmp-{}", rand::random::<u64>()));
+            if std::fs::write(&temp_path, data).is_err() {
+                // Maybe the blobdir didn't exist
+                std::fs::create_dir_all(blobdir).log_err(context).ok();
+                std::fs::write(&temp_path, data).context("writing new blobfile failed")?;
+            };
+
+            BlobObject::create_and_deduplicate(context, &temp_path, original_name)
+        })
+    }
+
    /// Creates a blob from a file, possibly copying it to the blobdir.
    ///
    /// If the source file is not a path to into the blob directory
@@ -210,6 +313,9 @@ impl<'a> BlobObject<'a> {
    /// this string in the database or [Params].  Eventually even
    /// those conversions should be handled by the type system.
    ///
+    /// Note that this is NOT the user-visible filename,
+    /// which is only stored in Param::Filename on the message.
+    ///
    /// [Params]: crate::param::Params
    pub fn as_name(&self) -> &str {
        &self.name
@@ -333,31 +439,25 @@ impl<'a> BlobObject<'a> {

    /// Returns path to the stored Base64-decoded blob.
    ///
-    /// If `data` represents an image of known format, this adds the corresponding extension to
-    /// `suggested_file_stem`.
-    pub(crate) async fn store_from_base64(
-        context: &Context,
-        data: &str,
-        suggested_file_stem: &str,
-    ) -> Result<String> {
+    /// If `data` represents an image of known format, this adds the corresponding extension.
+    ///
+    /// Even though this function is not async, it's OK to call it from an async context.
+    pub(crate) fn store_from_base64(context: &Context, data: &str) -> Result<String> {
        let buf = base64::engine::general_purpose::STANDARD.decode(data)?;
-        let ext = if let Ok(format) = image::guess_format(&buf) {
+        let name = if let Ok(format) = image::guess_format(&buf) {
            if let Some(ext) = format.extensions_str().first() {
-                format!(".{ext}")
+                format!("file.{ext}")
            } else {
                String::new()
            }
        } else {
            String::new()
        };
-        let blob =
-            BlobObject::create(context, &format!("{suggested_file_stem}{ext}"), &buf).await?;
+        let blob = BlobObject::create_and_deduplicate_from_bytes(context, &buf, &name)?;
        Ok(blob.as_name().to_string())
    }

    pub async fn recode_to_avatar_size(&mut self, context: &Context) -> Result<()> {
-        let blob_abs = self.to_abs_path();
-
        let img_wh =
            match MediaQuality::from_i32(context.get_config_int(Config::MediaQuality).await?)
                .unwrap_or_default()
@@ -370,16 +470,15 @@ impl<'a> BlobObject<'a> {
        let strict_limits = true;
        // max_bytes is 20_000 bytes: Outlook servers don't allow headers larger than 32k.
        // 32 / 4 * 3 = 24k if you account for base64 encoding. To be safe, we reduced this to 20k.
-        if let Some(new_name) = self.recode_to_size(
+        self.recode_to_size(
            context,
-            blob_abs,
+            "".to_string(), // The name of an avatar doesn't matter
            maybe_sticker,
            img_wh,
            20_000,
            strict_limits,
-        )? {
-            self.name = new_name;
-        }
+        )?;
+
        Ok(())
    }

@@ -393,9 +492,9 @@ impl<'a> BlobObject<'a> {
    pub async fn recode_to_image_size(
        &mut self,
        context: &Context,
+        name: String,
        maybe_sticker: &mut bool,
-    ) -> Result<()> {
-        let blob_abs = self.to_abs_path();
+    ) -> Result<String> {
        let (img_wh, max_bytes) =
            match MediaQuality::from_i32(context.get_config_int(Config::MediaQuality).await?)
                .unwrap_or_default()
@@ -407,35 +506,43 @@ impl<'a> BlobObject<'a> {
                MediaQuality::Worse => (constants::WORSE_IMAGE_SIZE, constants::WORSE_IMAGE_BYTES),
            };
        let strict_limits = false;
-        if let Some(new_name) = self.recode_to_size(
+        let new_name = self.recode_to_size(
            context,
-            blob_abs,
+            name,
            maybe_sticker,
            img_wh,
            max_bytes,
            strict_limits,
-        )? {
-            self.name = new_name;
-        }
-        Ok(())
+        )?;
+
+        Ok(new_name)
    }

    /// If `!strict_limits`, then if `max_bytes` is exceeded, reduce the image to `img_wh` and just
    /// proceed with the result.
+    ///
+    /// This modifies the blob object in-place.
+    ///
+    /// Additionally, if you pass the user-visible filename as `name`
+    /// then the updated user-visible filename will be returned;
+    /// this may be necessary because the format may be changed to JPG,
+    /// i.e. "image.png" -> "image.jpg".
+    /// Pass an empty string if you don't care.
    fn recode_to_size(
        &mut self,
        context: &Context,
-        mut blob_abs: PathBuf,
+        mut name: String,
        maybe_sticker: &mut bool,
        mut img_wh: u32,
        max_bytes: usize,
        strict_limits: bool,
-    ) -> Result<Option<String>> {
+    ) -> Result<String> {
        // Add white background only to avatars to spare the CPU.
        let mut add_white_bg = img_wh <= constants::BALANCED_AVATAR_SIZE;
        let mut no_exif = false;
        let no_exif_ref = &mut no_exif;
-        let res = tokio::task::block_in_place(move || {
+        let original_name = name.clone();
+        let res: Result<String> = tokio::task::block_in_place(move || {
            let mut file = std::fs::File::open(self.to_abs_path())?;
            let (nr_bytes, exif) = image_metadata(&file)?;
            *no_exif_ref = exif.is_none();
@@ -449,7 +556,7 @@ impl<'a> BlobObject<'a> {
                    file.rewind()?;
                    ImageReader::with_format(
                        std::io::BufReader::new(&file),
-                        ImageFormat::from_path(&blob_abs)?,
+                        ImageFormat::from_path(self.to_abs_path())?,
                    )
                }
            };
@@ -457,7 +564,6 @@ impl<'a> BlobObject<'a> {
            let mut img = imgreader.decode().context("image decode failure")?;
            let orientation = exif.as_ref().map(|exif| exif_orientation(exif, context));
            let mut encoded = Vec::new();
-            let mut changed_name = None;

            if *maybe_sticker {
                let x_max = img.width().saturating_sub(1);
@@ -469,7 +575,7 @@ impl<'a> BlobObject<'a> {
                        || img.get_pixel(x_max, y_max).0[3] == 0);
            }
            if *maybe_sticker && exif.is_none() {
-                return Ok(None);
+                return Ok(name);
            }

            img = match orientation {
@@ -566,10 +672,10 @@ impl<'a> BlobObject<'a> {
                if !matches!(fmt, ImageFormat::Jpeg)
                    && matches!(ofmt, ImageOutputFormat::Jpeg { .. })
                {
-                    blob_abs = blob_abs.with_extension("jpg");
-                    let file_name = blob_abs.file_name().context("No image file name (???)")?;
-                    let file_name = file_name.to_str().context("Filename is no UTF-8 (???)")?;
-                    changed_name = Some(format!("$BLOBDIR/{file_name}"));
+                    name = Path::new(&name)
+                        .with_extension("jpg")
+                        .to_string_lossy()
+                        .into_owned();
                }

                if encoded.is_empty() {
@@ -579,11 +685,12 @@ impl<'a> BlobObject<'a> {
                    encode_img(&img, ofmt, &mut encoded)?;
                }

-                std::fs::write(&blob_abs, &encoded)
-                    .context("failed to write recoded blob to file")?;
+                self.name = BlobObject::create_and_deduplicate_from_bytes(context, &encoded, &name)
+                    .context("failed to write recoded blob to file")?
+                    .name;
            }

-            Ok(changed_name)
+            Ok(name)
        });
        match res {
            Ok(_) => res,
@@ -593,7 +700,7 @@ impl<'a> BlobObject<'a> {
                        context,
                        "Cannot recode image, using original data: {err:#}.",
                    );
-                    Ok(None)
+                    Ok(original_name)
                } else {
                    Err(err)
                }
@@ -602,6 +709,17 @@ impl<'a> BlobObject<'a> {
    }
 }

+fn file_hash(src: &Path) -> Result<blake3::Hash> {
+    let mut hasher = blake3::Hasher::new();
+    let mut src_file = std::fs::File::open(src)
+        .with_context(|| format!("Failed to open file {}", src.display()))?;
+    hasher
+        .update_reader(&mut src_file)
+        .context("update_reader")?;
+    let hash = hasher.finalize();
+    Ok(hash)
+}
+
 /// Returns image file size and Exif.
 pub fn image_metadata(file: &std::fs::File) -> Result<(u64, Option<exif::Exif>)> {
    let len = file.metadata()?.len();
@@ -762,15 +880,22 @@ fn add_white_bg(img: &mut DynamicImage) {

 #[cfg(test)]
 mod tests {
-    use fs::File;
+    use std::time::Duration;

    use super::*;
    use crate::message::{Message, Viewtype};
+    use crate::sql;
    use crate::test_utils::{self, TestContext};
+    use crate::tools::SystemTime;

    fn check_image_size(path: impl AsRef<Path>, width: u32, height: u32) -> image::DynamicImage {
        tokio::task::block_in_place(move || {
-            let img = image::open(path).expect("failed to open image");
+            let img = ImageReader::open(path)
+                .expect("failed to open image")
+                .with_guessed_format()
+                .expect("failed to guess format")
+                .decode()
+                .expect("failed to decode image");
            assert_eq!(img.width(), width, "invalid width");
            assert_eq!(img.height(), height, "invalid height");
            img
@@ -791,22 +916,28 @@ mod tests {
    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
    async fn test_lowercase_ext() {
        let t = TestContext::new().await;
-        let blob = BlobObject::create(&t, "foo.TXT", b"hello").await.unwrap();
-        assert_eq!(blob.as_name(), "$BLOBDIR/foo.txt");
+        let blob = BlobObject::create_and_deduplicate_from_bytes(&t, b"hello", "foo.TXT").unwrap();
+        assert!(
+            blob.as_name().ends_with(".txt"),
+            "Blob {blob:?} should end with .txt"
+        );
    }

    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
    async fn test_as_file_name() {
        let t = TestContext::new().await;
-        let blob = BlobObject::create(&t, "foo.txt", b"hello").await.unwrap();
-        assert_eq!(blob.as_file_name(), "foo.txt");
+        let blob = BlobObject::create_and_deduplicate_from_bytes(&t, b"hello", "foo.txt").unwrap();
+        assert_eq!(blob.as_file_name(), "ea8f163db38682925e4491c5e58d4bb.txt");
    }

    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
    async fn test_as_rel_path() {
        let t = TestContext::new().await;
-        let blob = BlobObject::create(&t, "foo.txt", b"hello").await.unwrap();
-        assert_eq!(blob.as_rel_path(), Path::new("foo.txt"));
+        let blob = BlobObject::create_and_deduplicate_from_bytes(&t, b"hello", "foo.txt").unwrap();
+        assert_eq!(
+            blob.as_rel_path(),
+            Path::new("ea8f163db38682925e4491c5e58d4bb.txt")
+        );
    }

    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
@@ -866,10 +997,10 @@ mod tests {
    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
    async fn test_create_long_names() {
        let t = TestContext::new().await;
-        let s = "1".repeat(150);
-        let blob = BlobObject::create(&t, &s, b"data").await.unwrap();
+        let s = format!("file.{}", "a".repeat(100));
+        let blob = BlobObject::create_and_deduplicate_from_bytes(&t, b"data", &s).unwrap();
        let blobname = blob.as_name().split('/').last().unwrap();
-        assert!(blobname.len() < 128);
+        assert!(blobname.len() < 70);
    }

    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
@@ -1008,7 +1139,7 @@ mod tests {
            let strict_limits = true;
            blob.recode_to_size(
                &t,
-                blob.to_abs_path(),
+                "avatar.png".to_string(),
                maybe_sticker,
                img_wh,
                20_000,
@@ -1016,7 +1147,12 @@ mod tests {
            )
            .unwrap();
            tokio::task::block_in_place(move || {
-                let img = image::open(blob.to_abs_path()).unwrap();
+                let img = ImageReader::open(blob.to_abs_path())
+                    .unwrap()
+                    .with_guessed_format()
+                    .unwrap()
+                    .decode()
+                    .unwrap();
                assert!(img.width() == img_wh);
                assert!(img.height() == img_wh);
                assert_eq!(img.get_pixel(0, 0), Rgba(color));
@@ -1026,19 +1162,25 @@ mod tests {

    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
    async fn test_selfavatar_outside_blobdir() {
+        async fn file_size(path_buf: &Path) -> u64 {
+            fs::metadata(path_buf).await.unwrap().len()
+        }
+
        let t = TestContext::new().await;
        let avatar_src = t.dir.path().join("avatar.jpg");
        let avatar_bytes = include_bytes!("../test-data/image/avatar1000x1000.jpg");
        fs::write(&avatar_src, avatar_bytes).await.unwrap();
-        let avatar_blob = t.get_blobdir().join("avatar.jpg");
-        assert!(!avatar_blob.exists());
        t.set_config(Config::Selfavatar, Some(avatar_src.to_str().unwrap()))
            .await
            .unwrap();
-        assert!(avatar_blob.exists());
-        assert!(fs::metadata(&avatar_blob).await.unwrap().len() < avatar_bytes.len() as u64);
-        let avatar_cfg = t.get_config(Config::Selfavatar).await.unwrap();
-        assert_eq!(avatar_cfg, avatar_blob.to_str().map(|s| s.to_string()));
+        let avatar_blob = t.get_config(Config::Selfavatar).await.unwrap().unwrap();
+        let avatar_path = Path::new(&avatar_blob);
+        assert!(
+            avatar_blob.ends_with("d98cd30ed8f2129bf3968420208849d"),
+            "The avatar filename should be its hash, put instead it's {avatar_blob}"
+        );
+        let scaled_avatar_size = file_size(avatar_path).await;
+        assert!(scaled_avatar_size < avatar_bytes.len() as u64);

        check_image_size(avatar_src, 1000, 1000);
        check_image_size(
@@ -1047,27 +1189,32 @@ mod tests {
            constants::BALANCED_AVATAR_SIZE,
        );

-        async fn file_size(path_buf: &Path) -> u64 {
-            let file = File::open(path_buf).await.unwrap();
-            file.metadata().await.unwrap().len()
-        }
-
-        let mut blob = BlobObject::new_from_path(&t, &avatar_blob).await.unwrap();
+        let mut blob = BlobObject::new_from_path(&t, avatar_path).await.unwrap();
        let maybe_sticker = &mut false;
        let strict_limits = true;
        blob.recode_to_size(
            &t,
-            blob.to_abs_path(),
+            "avatar.jpg".to_string(),
            maybe_sticker,
            1000,
            3000,
            strict_limits,
        )
        .unwrap();
-        assert!(file_size(&avatar_blob).await <= 3000);
-        assert!(file_size(&avatar_blob).await > 2000);
+        let new_file_size = file_size(&blob.to_abs_path()).await;
+        assert!(new_file_size <= 3000);
+        assert!(new_file_size > 2000);
+        // The new file should be smaller:
+        assert!(new_file_size < scaled_avatar_size);
+        // And the original file should not be touched:
+        assert_eq!(file_size(avatar_path).await, scaled_avatar_size);
        tokio::task::block_in_place(move || {
-            let img = image::open(avatar_blob).unwrap();
+            let img = ImageReader::open(blob.to_abs_path())
+                .unwrap()
+                .with_guessed_format()
+                .unwrap()
+                .decode()
+                .unwrap();
            assert!(img.width() > 130);
            assert_eq!(img.width(), img.height());
        });
@@ -1087,9 +1234,9 @@ mod tests {
            .await
            .unwrap();
        let avatar_cfg = t.get_config(Config::Selfavatar).await.unwrap().unwrap();
-        assert_eq!(
-            avatar_cfg,
-            avatar_src.with_extension("png").to_str().unwrap()
+        assert!(
+            avatar_cfg.ends_with("9e7f409ac5c92b942cc4f31cee2770a"),
+            "Avatar file name {avatar_cfg} should end with its hash"
        );

        check_image_size(
@@ -1373,6 +1520,7 @@ mod tests {
                .set_config(Config::MediaQuality, Some(media_quality_config))
                .await?;
            let file = alice.get_blobdir().join("file").with_extension(extension);
+            let file_name = format!("file.{extension}");

            fs::write(&file, &bytes)
                .await
@@ -1388,7 +1536,7 @@ mod tests {
            }

            let mut msg = Message::new(viewtype);
-            msg.set_file(file.to_str().unwrap(), None);
+            msg.set_file_and_deduplicate(&alice, &file, Some(&file_name), None)?;
            let chat = alice.create_chat(&bob).await;
            if set_draft {
                chat.id.set_draft(&alice, Some(&mut msg)).await.unwrap();
@@ -1444,7 +1592,7 @@ mod tests {
            .await
            .context("failed to write file")?;
        let mut msg = Message::new(Viewtype::Image);
-        msg.set_file(file.to_str().unwrap(), None);
+        msg.set_file_and_deduplicate(&alice, &file, Some("file.gif"), None)?;
        let chat = alice.create_chat(&bob).await;
        let sent = alice.send_msg(chat.id, &mut msg).await;
        let bob_msg = bob.recv_msg(&sent).await;
@@ -1471,7 +1619,7 @@ mod tests {
            .await
            .context("failed to write file")?;
        let mut msg = Message::new(Viewtype::Sticker);
-        msg.set_file(file.to_str().unwrap(), None);
+        msg.set_file_and_deduplicate(alice, &file, None, None)?;
        let chat = alice.get_self_chat().await;
        let sent = alice.send_msg(chat.id, &mut msg).await;
        let msg = Message::load_from_db(alice, sent.sender_msg_id).await?;
@@ -1480,4 +1628,83 @@ mod tests {
        assert_eq!(msg.get_viewtype(), Viewtype::Sticker);
        Ok(())
    }
+
+    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+    async fn test_create_and_deduplicate() -> Result<()> {
+        let t = TestContext::new().await;
+
+        let path = t.get_blobdir().join("anyfile.dat");
+        fs::write(&path, b"bla").await?;
+        let blob = BlobObject::create_and_deduplicate(&t, &path, "anyfile.dat")?;
+        assert_eq!(blob.name, "$BLOBDIR/ce940175885d7b78f7b7e9f1396611f.dat");
+        assert_eq!(path.exists(), false);
+
+        assert_eq!(fs::read(&blob.to_abs_path()).await?, b"bla");
+
+        fs::write(&path, b"bla").await?;
+        let blob2 = BlobObject::create_and_deduplicate(&t, &path, "anyfile.dat")?;
+        assert_eq!(blob2.name, blob.name);
+
+        let path_outside_blobdir = t.dir.path().join("anyfile.dat");
+        fs::write(&path_outside_blobdir, b"bla").await?;
+        let blob3 = BlobObject::create_and_deduplicate(&t, &path_outside_blobdir, "anyfile.dat")?;
+        assert!(path_outside_blobdir.exists());
+        assert_eq!(blob3.name, blob.name);
+
+        fs::write(&path, b"blabla").await?;
+        let blob4 = BlobObject::create_and_deduplicate(&t, &path, "anyfile.dat")?;
+        assert_ne!(blob4.name, blob.name);
+
+        fs::remove_dir_all(t.get_blobdir()).await?;
+        let blob5 = BlobObject::create_and_deduplicate(&t, &path_outside_blobdir, "anyfile.dat")?;
+        assert_eq!(blob5.name, blob.name);
+
+        Ok(())
+    }
+
+    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+    async fn test_create_and_deduplicate_from_bytes() -> Result<()> {
+        let t = TestContext::new().await;
+
+        fs::remove_dir(t.get_blobdir()).await?;
+        let blob = BlobObject::create_and_deduplicate_from_bytes(&t, b"bla", "file")?;
+        assert_eq!(blob.name, "$BLOBDIR/ce940175885d7b78f7b7e9f1396611f");
+
+        assert_eq!(fs::read(&blob.to_abs_path()).await?, b"bla");
+        let modified1 = blob.to_abs_path().metadata()?.modified()?;
+
+        // Test that the modification time of the file is updated when a new file is created
+        // so that it's not deleted during housekeeping.
+        // We can't use SystemTime::shift() here because file creation uses the actual OS time,
+        // which we can't mock from our code.
+        tokio::time::sleep(Duration::from_millis(1100)).await;
+
+        let blob2 = BlobObject::create_and_deduplicate_from_bytes(&t, b"bla", "file")?;
+        assert_eq!(blob2.name, blob.name);
+
+        let modified2 = blob.to_abs_path().metadata()?.modified()?;
+        assert_ne!(modified1, modified2);
+        sql::housekeeping(&t).await?;
+        assert!(blob2.to_abs_path().exists());
+
+        // If we do shift the time by more than 1h, the blob file will be deleted during housekeeping:
+        SystemTime::shift(Duration::from_secs(65 * 60));
+        sql::housekeeping(&t).await?;
+        assert_eq!(blob2.to_abs_path().exists(), false);
+
+        let blob3 = BlobObject::create_and_deduplicate_from_bytes(&t, b"blabla", "file")?;
+        assert_ne!(blob3.name, blob.name);
+
+        {
+            // If something goes wrong and the blob file is overwritten,
+            // the correct content should be restored:
+            fs::write(blob3.to_abs_path(), b"bloblo").await?;
+
+            let blob4 = BlobObject::create_and_deduplicate_from_bytes(&t, b"blabla", "file")?;
+            let blob4_content = fs::read(blob4.to_abs_path()).await?;
+            assert_eq!(blob4_content, b"blabla");
+        }
+
+        Ok(())
+    }
 }
--- a/src/chat.rs
+++ b/src/chat.rs
--- a/src/chat/chat_tests.rs
+++ b/src/chat/chat_tests.rs
--- a/src/chatlist.rs
+++ b/src/chatlist.rs
@@ -144,7 +144,7 @@ impl Chatlist {
                                  ORDER BY timestamp DESC, id DESC LIMIT 1)
                 WHERE c.id>9
                   AND c.blocked!=1
-                   AND c.id IN(SELECT chat_id FROM chats_contacts WHERE contact_id=?2)
+                   AND c.id IN(SELECT chat_id FROM chats_contacts WHERE contact_id=?2 AND add_timestamp >= remove_timestamp)
                 GROUP BY c.id
                 ORDER BY c.archived=?3 DESC, IFNULL(m.timestamp,c.created_timestamp) DESC, m.id DESC;",
                (MessageState::OutDraft, query_contact_id, ChatVisibility::Pinned),
@@ -261,7 +261,7 @@ impl Chatlist {
                     WHERE c.id>9 AND c.id!=?
                       AND c.blocked=0
                       AND NOT c.archived=?
-                       AND (c.type!=? OR c.id IN(SELECT chat_id FROM chats_contacts WHERE contact_id=?))
+                       AND (c.type!=? OR c.id IN(SELECT chat_id FROM chats_contacts WHERE contact_id=? AND add_timestamp >= remove_timestamp))
                     GROUP BY c.id
                     ORDER BY c.id=? DESC, c.archived=? DESC, IFNULL(m.timestamp,c.created_timestamp) DESC, m.id DESC;",
                    (
@@ -550,7 +550,7 @@ mod tests {
        let chats = Chatlist::try_load(&t, 0, Some("is:unread"), None)
            .await
            .unwrap();
-        assert!(chats.len() == 1);
+        assert_eq!(chats.len(), 1);

        let chats = Chatlist::try_load(&t, DC_GCL_ARCHIVED_ONLY, None, None)
            .await
@@ -576,7 +576,7 @@ mod tests {
            .unwrap();

        let chats = Chatlist::try_load(&t, 0, None, None).await.unwrap();
-        assert!(chats.len() == 3);
+        assert_eq!(chats.len(), 3);
        assert!(!Chat::load_from_db(&t, chats.get_chat_id(0).unwrap())
            .await
            .unwrap()
@@ -585,7 +585,7 @@ mod tests {
        let chats = Chatlist::try_load(&t, DC_GCL_FOR_FORWARDING, None, None)
            .await
            .unwrap();
-        assert!(chats.len() == 2); // device chat cannot be written and is skipped on forwarding
+        assert_eq!(chats.len(), 2); // device chat cannot be written and is skipped on forwarding
        assert!(Chat::load_from_db(&t, chats.get_chat_id(0).unwrap())
            .await
            .unwrap()
@@ -597,7 +597,7 @@ mod tests {
        let chats = Chatlist::try_load(&t, DC_GCL_FOR_FORWARDING, None, None)
            .await
            .unwrap();
-        assert!(chats.len() == 1);
+        assert_eq!(chats.len(), 1);
    }

    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
--- a/src/config.rs
+++ b/src/config.rs
@@ -143,7 +143,10 @@ pub enum Config {
    /// Send BCC copy to self.
    ///
    /// Should be enabled for multidevice setups.
-    /// Default is 0 for chatmail accounts before a backup export, 1 otherwise.
+    /// Default is 0 for chatmail accounts, 1 otherwise.
+    ///
+    /// This is automatically enabled when importing/exporting a backup,
+    /// setting up a second device, or receiving a sync message.
    BccSelf,

    /// True if encryption is preferred according to Autocrypt standard.
@@ -384,6 +387,11 @@ pub enum Config {

    /// Enable sending and executing (applying) sync messages. Sending requires `BccSelf` to be set
    /// and `Bot` unset.
+    ///
+    /// On real devices, this is usually always enabled and `BccSelf` is the only setting
+    /// that controls whether sync messages are sent.
+    ///
+    /// In tests, this is usually disabled.
    #[strum(props(default = "1"))]
    SyncMsgs,

@@ -678,7 +686,7 @@ impl Context {
        let value = match key {
            Config::Selfavatar if value.is_empty() => None,
            Config::Selfavatar => {
-                config_value = BlobObject::store_from_base64(self, value, "avatar").await?;
+                config_value = BlobObject::store_from_base64(self, value)?;
                Some(config_value.as_str())
            }
            _ => Some(value),
@@ -1135,6 +1143,8 @@ mod tests {
        Ok(())
    }

+    const SAVED_MESSAGES_DEDUPLICATED_FILE: &str = "969142cb84015bc135767bc2370934a.png";
+
    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
    async fn test_sync() -> Result<()> {
        let alice0 = TestContext::new_alice().await;
@@ -1209,7 +1219,7 @@ mod tests {
        let self_chat_avatar_path = self_chat.get_profile_image(&alice0).await?.unwrap();
        assert_eq!(
            self_chat_avatar_path,
-            alice0.get_blobdir().join("icon-saved-messages.png")
+            alice0.get_blobdir().join(SAVED_MESSAGES_DEDUPLICATED_FILE)
        );
        assert!(alice1
            .get_config(Config::Selfavatar)
--- a/src/configure.rs
+++ b/src/configure.rs
@@ -61,10 +61,7 @@ macro_rules! progress {
 impl Context {
    /// Checks if the context is already configured.
    pub async fn is_configured(&self) -> Result<bool> {
-        self.sql
-            .get_raw_config_bool("configured")
-            .await
-            .map_err(Into::into)
+        self.sql.get_raw_config_bool("configured").await
    }

    /// Configures this account with the currently set parameters.
--- a/src/contact.rs
+++ b/src/contact.rs
@@ -1,7 +1,7 @@
 //! Contacts module

 use std::cmp::{min, Reverse};
-use std::collections::BinaryHeap;
+use std::collections::{BinaryHeap, HashSet};
 use std::fmt;
 use std::path::{Path, PathBuf};
 use std::time::UNIX_EPOCH;
@@ -34,7 +34,6 @@ use crate::message::MessageState;
 use crate::mimeparser::AvatarAction;
 use crate::param::{Param, Params};
 use crate::peerstate::Peerstate;
-use crate::sql::{self, params_iter};
 use crate::sync::{self, Sync::*};
 use crate::tools::{duration_to_str, get_abs_path, smeared_time, time, SystemTime};
 use crate::{chat, chatlist_events, stock_str};
@@ -114,7 +113,8 @@ impl ContactId {
                 SET gossiped_timestamp=0
                 WHERE EXISTS (SELECT 1 FROM chats_contacts
                               WHERE chats_contacts.chat_id=chats.id
-                               AND chats_contacts.contact_id=?)",
+                               AND chats_contacts.contact_id=?
+                               AND chats_contacts.add_timestamp >= chats_contacts.remove_timestamp)",
                (self,),
            )
            .await?;
@@ -345,7 +345,7 @@ async fn import_vcard_contact(context: &Context, contact: &VcardContact) -> Resu
        return Ok(id);
    }
    let path = match &contact.profile_image {
-        Some(image) => match BlobObject::store_from_base64(context, image, "avatar").await {
+        Some(image) => match BlobObject::store_from_base64(context, image) {
            Err(e) => {
                warn!(
                    context,
@@ -802,7 +802,6 @@ impl Contact {
        }

        let mut name = sanitize_name(name);
-        #[allow(clippy::collapsible_if)]
        if origin <= Origin::OutgoingTo {
            // The user may accidentally have written to a "noreply" address with another MUA:
            if addr.contains("noreply")
@@ -1039,7 +1038,11 @@ impl Contact {
        listflags: u32,
        query: Option<&str>,
    ) -> Result<Vec<ContactId>> {
-        let self_addrs = context.get_all_self_addrs().await?;
+        let self_addrs = context
+            .get_all_self_addrs()
+            .await?
+            .into_iter()
+            .collect::<HashSet<_>>();
        let mut add_self = false;
        let mut ret = Vec::new();
        let flag_verified_only = (listflags & DC_GCL_VERIFIED_ONLY) != 0;
@@ -1054,29 +1057,32 @@ impl Contact {
            context
                .sql
                .query_map(
-                    &format!(
-                        "SELECT c.id FROM contacts c \
+                    "SELECT c.id, c.addr FROM contacts c
                 LEFT JOIN acpeerstates ps ON c.addr=ps.addr  \
-                 WHERE c.addr NOT IN ({})
-                 AND c.id>? \
+                 WHERE c.id>?
                 AND c.origin>=? \
                 AND c.blocked=0 \
                 AND (iif(c.name='',c.authname,c.name) LIKE ? OR c.addr LIKE ?) \
                 AND (1=? OR LENGTH(ps.verified_key_fingerprint)!=0)  \
                 ORDER BY c.last_seen DESC, c.id DESC;",
-                        sql::repeat_vars(self_addrs.len())
-                    ),
-                    rusqlite::params_from_iter(params_iter(&self_addrs).chain(params_slice![
+                    (
                        ContactId::LAST_SPECIAL,
                        minimal_origin,
-                        s3str_like_cmd,
-                        s3str_like_cmd,
-                        if flag_verified_only { 0i32 } else { 1i32 }
-                    ])),
-                    |row| row.get::<_, ContactId>(0),
-                    |ids| {
-                        for id in ids {
-                            ret.push(id?);
+                        &s3str_like_cmd,
+                        &s3str_like_cmd,
+                        if flag_verified_only { 0i32 } else { 1i32 },
+                    ),
+                    |row| {
+                        let id: ContactId = row.get(0)?;
+                        let addr: String = row.get(1)?;
+                        Ok((id, addr))
+                    },
+                    |rows| {
+                        for row in rows {
+                            let (id, addr) = row?;
+                            if !self_addrs.contains(&addr) {
+                                ret.push(id);
+                            }
                        }
                        Ok(())
                    },
@@ -1109,23 +1115,23 @@ impl Contact {
            context
                .sql
                .query_map(
-                    &format!(
-                        "SELECT id FROM contacts
-                 WHERE addr NOT IN ({})
-                 AND id>?
+                    "SELECT id, addr FROM contacts
+                 WHERE id>?
                 AND origin>=?
                 AND blocked=0
                 ORDER BY last_seen DESC, id DESC;",
-                        sql::repeat_vars(self_addrs.len())
-                    ),
-                    rusqlite::params_from_iter(
-                        params_iter(&self_addrs)
-                            .chain(params_slice![ContactId::LAST_SPECIAL, minimal_origin]),
-                    ),
-                    |row| row.get::<_, ContactId>(0),
-                    |ids| {
-                        for id in ids {
-                            ret.push(id?);
+                    (ContactId::LAST_SPECIAL, minimal_origin),
+                    |row| {
+                        let id: ContactId = row.get(0)?;
+                        let addr: String = row.get(1)?;
+                        Ok((id, addr))
+                    },
+                    |rows| {
+                        for row in rows {
+                            let (id, addr) = row?;
+                            if !self_addrs.contains(&addr) {
+                                ret.push(id);
+                            }
                        }
                        Ok(())
                    },
--- a/src/debug_logging.rs
+++ b/src/debug_logging.rs
@@ -100,7 +100,9 @@ pub async fn maybe_set_logging_xdc(
        context,
        msg.get_viewtype(),
        chat_id,
-        msg.param.get_path(Param::File, context).unwrap_or_default(),
+        msg.param
+            .get_path(Param::Filename, context)
+            .unwrap_or_default(),
        msg.get_id(),
    )
    .await?;
@@ -113,11 +115,11 @@ pub async fn maybe_set_logging_xdc_inner(
    context: &Context,
    viewtype: Viewtype,
    chat_id: ChatId,
-    file: Option<PathBuf>,
+    filename: Option<PathBuf>,
    msg_id: MsgId,
 ) -> anyhow::Result<()> {
    if viewtype == Viewtype::Webxdc {
-        if let Some(file) = file {
+        if let Some(file) = filename {
            if let Some(file_name) = file.file_name().and_then(|name| name.to_str()) {
                if file_name.starts_with("debug_logging")
                    && file_name.ends_with(".xdc")
--- a/src/download.rs
+++ b/src/download.rs
@@ -440,7 +440,7 @@ mod tests {
        let file = alice.get_blobdir().join("minimal.xdc");
        tokio::fs::write(&file, include_bytes!("../test-data/webxdc/minimal.xdc")).await?;
        let mut instance = Message::new(Viewtype::File);
-        instance.set_file(file.to_str().unwrap(), None);
+        instance.set_file_and_deduplicate(&alice, &file, None, None)?;
        let _sent1 = alice.send_msg(chat_id, &mut instance).await;

        alice
--- a/src/e2ee.rs
+++ b/src/e2ee.rs
@@ -40,20 +40,17 @@ impl EncryptHelper {

    /// Determines if we can and should encrypt.
    ///
-    /// For encryption to be enabled, `e2ee_guaranteed` should be true, or strictly more than a half
-    /// of peerstates should prefer encryption. Own preference is counted equally to peer
-    /// preferences, even if message copy is not sent to self.
-    ///
    /// `e2ee_guaranteed` should be set to true for replies to encrypted messages (as required by
    /// Autocrypt Level 1, version 1.1) and for messages sent in protected groups.
    ///
    /// Returns an error if `e2ee_guaranteed` is true, but one or more keys are missing.
-    pub fn should_encrypt(
+    pub(crate) async fn should_encrypt(
        &self,
        context: &Context,
        e2ee_guaranteed: bool,
        peerstates: &[(Option<Peerstate>, String)],
    ) -> Result<bool> {
+        let is_chatmail = context.is_chatmail().await?;
        let mut prefer_encrypt_count = if self.prefer_encrypt == EncryptPreference::Mutual {
            1
        } else {
@@ -64,10 +61,15 @@ impl EncryptHelper {
                Some(peerstate) => {
                    let prefer_encrypt = peerstate.prefer_encrypt;
                    info!(context, "Peerstate for {addr:?} is {prefer_encrypt}.");
-                    match peerstate.prefer_encrypt {
-                        EncryptPreference::NoPreference | EncryptPreference::Reset => {}
-                        EncryptPreference::Mutual => prefer_encrypt_count += 1,
-                    };
+                    if match peerstate.prefer_encrypt {
+                        EncryptPreference::NoPreference | EncryptPreference::Reset => {
+                            (peerstate.prefer_encrypt != EncryptPreference::Reset || is_chatmail)
+                                && self.prefer_encrypt == EncryptPreference::Mutual
+                        }
+                        EncryptPreference::Mutual => true,
+                    } {
+                        prefer_encrypt_count += 1;
+                    }
                }
                None => {
                    let msg = format!("Peerstate for {addr:?} missing, cannot encrypt");
@@ -170,9 +172,11 @@ pub async fn ensure_secret_key_exists(context: &Context) -> Result<()> {
 #[cfg(test)]
 mod tests {
    use super::*;
+    use crate::chat::send_text_msg;
    use crate::key::DcKey;
    use crate::message::{Message, Viewtype};
    use crate::param::Param;
+    use crate::receive_imf::receive_imf;
    use crate::test_utils::{bob_keypair, TestContext, TestContextManager};

    mod ensure_secret_key_exists {
@@ -320,29 +324,109 @@ Sent with my Delta Chat Messenger: https://delta.chat";
    }

    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-    async fn test_should_encrypt() {
+    async fn test_should_encrypt() -> Result<()> {
        let t = TestContext::new_alice().await;
+        assert!(t.get_config_bool(Config::E2eeEnabled).await?);
        let encrypt_helper = EncryptHelper::new(&t).await.unwrap();

-        // test with EncryptPreference::NoPreference:
-        // if e2ee_eguaranteed is unset, there is no encryption as not more than half of peers want encryption
        let ps = new_peerstates(EncryptPreference::NoPreference);
-        assert!(encrypt_helper.should_encrypt(&t, true, &ps).unwrap());
-        assert!(!encrypt_helper.should_encrypt(&t, false, &ps).unwrap());
+        assert!(encrypt_helper.should_encrypt(&t, true, &ps).await?);
+        // Own preference is `Mutual` and we have the peer's key.
+        assert!(encrypt_helper.should_encrypt(&t, false, &ps).await?);

-        // test with EncryptPreference::Reset
        let ps = new_peerstates(EncryptPreference::Reset);
-        assert!(encrypt_helper.should_encrypt(&t, true, &ps).unwrap());
-        assert!(!encrypt_helper.should_encrypt(&t, false, &ps).unwrap());
+        assert!(encrypt_helper.should_encrypt(&t, true, &ps).await?);
+        assert!(!encrypt_helper.should_encrypt(&t, false, &ps).await?);

-        // test with EncryptPreference::Mutual (self is also Mutual)
        let ps = new_peerstates(EncryptPreference::Mutual);
-        assert!(encrypt_helper.should_encrypt(&t, true, &ps).unwrap());
-        assert!(encrypt_helper.should_encrypt(&t, false, &ps).unwrap());
+        assert!(encrypt_helper.should_encrypt(&t, true, &ps).await?);
+        assert!(encrypt_helper.should_encrypt(&t, false, &ps).await?);

        // test with missing peerstate
        let ps = vec![(None, "bob@foo.bar".to_string())];
-        assert!(encrypt_helper.should_encrypt(&t, true, &ps).is_err());
-        assert!(!encrypt_helper.should_encrypt(&t, false, &ps).unwrap());
+        assert!(encrypt_helper.should_encrypt(&t, true, &ps).await.is_err());
+        assert!(!encrypt_helper.should_encrypt(&t, false, &ps).await?);
+        Ok(())
+    }
+
+    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+    async fn test_should_encrypt_e2ee_disabled() -> Result<()> {
+        let t = &TestContext::new_alice().await;
+        t.set_config_bool(Config::E2eeEnabled, false).await?;
+        let encrypt_helper = EncryptHelper::new(t).await.unwrap();
+
+        let ps = new_peerstates(EncryptPreference::NoPreference);
+        assert!(!encrypt_helper.should_encrypt(t, false, &ps).await?);
+
+        let ps = new_peerstates(EncryptPreference::Reset);
+        assert!(encrypt_helper.should_encrypt(t, true, &ps).await?);
+
+        let mut ps = new_peerstates(EncryptPreference::Mutual);
+        // Own preference is `NoPreference` and there's no majority with `Mutual`.
+        assert!(!encrypt_helper.should_encrypt(t, false, &ps).await?);
+        // Now the majority wants to encrypt. Let's encrypt, anyway there are other cases when we
+        // can't send unencrypted, e.g. protected groups.
+        ps.push(ps[0].clone());
+        assert!(encrypt_helper.should_encrypt(t, false, &ps).await?);
+
+        // Test with missing peerstate.
+        let ps = vec![(None, "bob@foo.bar".to_string())];
+        assert!(encrypt_helper.should_encrypt(t, true, &ps).await.is_err());
+        Ok(())
+    }
+
+    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+    async fn test_chatmail_prefers_to_encrypt() -> Result<()> {
+        let mut tcm = TestContextManager::new();
+        let alice = &tcm.alice().await;
+        let bob = &tcm.bob().await;
+        bob.set_config_bool(Config::IsChatmail, true).await?;
+
+        let bob_chat_id = tcm
+            .send_recv_accept(alice, bob, "Hello from DC")
+            .await
+            .chat_id;
+        receive_imf(
+            bob,
+            b"From: alice@example.org\n\
+            To: bob@example.net\n\
+            Message-ID: <2222@example.org>\n\
+            Date: Sun, 22 Mar 3000 22:37:58 +0000\n\
+            \n\
+            Hello from another MUA\n",
+            false,
+        )
+        .await?;
+        send_text_msg(bob, bob_chat_id, "hi".to_string()).await?;
+        let sent_msg = bob.pop_sent_msg().await;
+        let msg = Message::load_from_db(bob, sent_msg.sender_msg_id).await?;
+        assert!(msg.get_showpadlock());
+        Ok(())
+    }
+
+    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+    async fn test_chatmail_can_send_unencrypted() -> Result<()> {
+        let mut tcm = TestContextManager::new();
+        let bob = &tcm.bob().await;
+        bob.set_config_bool(Config::IsChatmail, true).await?;
+        let bob_chat_id = receive_imf(
+            bob,
+            b"From: alice@example.org\n\
+            To: bob@example.net\n\
+            Message-ID: <2222@example.org>\n\
+            Date: Sun, 22 Mar 3000 22:37:58 +0000\n\
+            \n\
+            Hello\n",
+            false,
+        )
+        .await?
+        .unwrap()
+        .chat_id;
+        bob_chat_id.accept(bob).await?;
+        send_text_msg(bob, bob_chat_id, "hi".to_string()).await?;
+        let sent_msg = bob.pop_sent_msg().await;
+        let msg = Message::load_from_db(bob, sent_msg.sender_msg_id).await?;
+        assert!(!msg.get_showpadlock());
+        Ok(())
    }
 }
--- a/src/headerdef.rs
+++ b/src/headerdef.rs
@@ -65,6 +65,15 @@ pub enum HeaderDef {
    ChatGroupMemberAdded,
    ChatContent,

+    /// Past members of the group.
+    ChatGroupPastMembers,
+
+    /// Space-separated timestamps of member addition
+    /// for members listed in the `To` field
+    /// followed by timestamps of member removal
+    /// for members listed in the `Chat-Group-Past-Members` field.
+    ChatGroupMemberTimestamps,
+
    /// Duration of the attached media file.
    ChatDuration,

--- a/src/html.rs
+++ b/src/html.rs
@@ -291,7 +291,7 @@ pub fn new_html_mimepart(html: String) -> PartBuilder {
 mod tests {
    use super::*;
    use crate::chat;
-    use crate::chat::forward_msgs;
+    use crate::chat::{forward_msgs, save_msgs};
    use crate::config::Config;
    use crate::contact::ContactId;
    use crate::message::{MessengerMessage, Viewtype};
@@ -499,6 +499,38 @@ test some special html-characters as &lt; &gt; and &amp; but also &quot; and &#x
        assert!(html.contains("this is <b>html</b>"));
    }

+    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+    async fn test_html_save_msg() -> Result<()> {
+        // Alice receives a non-delta html-message
+        let alice = TestContext::new_alice().await;
+        let chat = alice
+            .create_chat_with_contact("", "sender@testrun.org")
+            .await;
+        let raw = include_bytes!("../test-data/message/text_alt_plain_html.eml");
+        receive_imf(&alice, raw, false).await?;
+        let msg = alice.get_last_msg_in(chat.get_id()).await;
+
+        // Alice saves the message
+        let self_chat = alice.get_self_chat().await;
+        save_msgs(&alice, &[msg.id]).await?;
+        let saved_msg = alice.get_last_msg_in(self_chat.get_id()).await;
+        assert_ne!(saved_msg.id, msg.id);
+        assert_eq!(
+            saved_msg.get_original_msg_id(&alice).await?.unwrap(),
+            msg.id
+        );
+        assert!(!saved_msg.is_forwarded()); // UI should not flag "saved messages" as "forwarded"
+        assert_ne!(saved_msg.get_from_id(), ContactId::SELF);
+        assert_eq!(saved_msg.get_from_id(), msg.get_from_id());
+        assert_eq!(saved_msg.is_dc_message, MessengerMessage::No);
+        assert!(saved_msg.get_text().contains("this is plain"));
+        assert!(saved_msg.has_html());
+        let html = saved_msg.get_id().get_html(&alice).await?.unwrap();
+        assert!(html.contains("this is <b>html</b>"));
+
+        Ok(())
+    }
+
    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
    async fn test_html_forwarding_encrypted() {
        // Alice receives a non-delta html-message
--- a/src/imap.rs
+++ b/src/imap.rs
@@ -1331,7 +1331,7 @@ impl Session {
    /// Returns the last UID fetched successfully and the info about each downloaded message.
    /// If the message is incorrect or there is a failure to write a message to the database,
    /// it is skipped and the error is logged.
-    #[allow(clippy::too_many_arguments)]
+    #[expect(clippy::too_many_arguments)]
    pub(crate) async fn fetch_many_msgs(
        &mut self,
        context: &Context,
@@ -1452,9 +1452,7 @@ impl Session {

                let is_seen = fetch_response.flags().any(|flag| flag == Flag::Seen);

-                let rfc724_mid = if let Some(rfc724_mid) = uid_message_ids.get(&request_uid) {
-                    rfc724_mid
-                } else {
+                let Some(rfc724_mid) = uid_message_ids.get(&request_uid) else {
                    error!(
                        context,
                        "No Message-ID corresponding to UID {} passed in uid_messsage_ids.",
@@ -1591,10 +1589,8 @@ impl Session {
        };

        if self.can_metadata() && self.can_push() {
-            let device_token_changed = context
-                .get_config(Config::DeviceToken)
-                .await?
-                .map_or(true, |config_token| device_token != config_token);
+            let device_token_changed =
+                context.get_config(Config::DeviceToken).await?.as_ref() != Some(&device_token);

            if device_token_changed {
                let folder = context
@@ -2730,7 +2726,6 @@ mod tests {
        }
    }

-    #[allow(clippy::too_many_arguments)]
    async fn check_target_folder_combination(
        folder: &str,
        mvbox_move: bool,
--- a/src/imex/key_transfer.rs
+++ b/src/imex/key_transfer.rs
@@ -26,12 +26,11 @@ pub async fn initiate_key_transfer(context: &Context) -> Result<String> {
    /* this may require a keypair to be created. this may take a second ... */
    let setup_file_content = render_setup_file(context, &setup_code).await?;
    /* encrypting may also take a while ... */
-    let setup_file_blob = BlobObject::create(
+    let setup_file_blob = BlobObject::create_and_deduplicate_from_bytes(
        context,
-        "autocrypt-setup-message.html",
        setup_file_content.as_bytes(),
-    )
-    .await?;
+        "autocrypt-setup-message.html",
+    )?;

    let chat_id = ChatId::create_for_contact(context, ContactId::SELF).await?;
    let mut msg = Message {
@@ -39,6 +38,8 @@ pub async fn initiate_key_transfer(context: &Context) -> Result<String> {
        ..Default::default()
    };
    msg.param.set(Param::File, setup_file_blob.as_name());
+    msg.param
+        .set(Param::Filename, "autocrypt-setup-message.html");
    msg.subject = stock_str::ac_setup_msg_subject(context).await;
    msg.param
        .set(Param::MimeType, "application/autocrypt-setup");
--- a/src/imex/transfer.rs
+++ b/src/imex/transfer.rs
@@ -394,7 +394,8 @@ mod tests {
        let file = ctx0.get_blobdir().join("hello.txt");
        fs::write(&file, "i am attachment").await.unwrap();
        let mut msg = Message::new(Viewtype::File);
-        msg.set_file(file.to_str().unwrap(), Some("text/plain"));
+        msg.set_file_and_deduplicate(&ctx0, &file, Some("hello.txt"), Some("text/plain"))
+            .unwrap();
        send_msg(&ctx0, self_chat.id, &mut msg).await.unwrap();

        // Prepare to transfer backup.
@@ -428,7 +429,12 @@ mod tests {
        let msg = Message::load_from_db(&ctx1, *msgid).await.unwrap();

        let path = msg.get_file(&ctx1).unwrap();
-        assert_eq!(path.with_file_name("hello.txt"), path);
+        assert_eq!(
+            // That's the hash of the file:
+            path.with_file_name("ac1d2d284757656a8d41dc40aae4136.txt"),
+            path
+        );
+        assert_eq!("hello.txt", msg.get_filename().unwrap());
        let text = fs::read_to_string(&path).await.unwrap();
        assert_eq!(text, "i am attachment");

--- a/src/location.rs
+++ b/src/location.rs
@@ -1074,7 +1074,7 @@ Content-Disposition: attachment; filename="location.kml"
        let file = alice.get_blobdir().join(file_name);
        tokio::fs::write(&file, bytes).await?;
        let mut msg = Message::new(Viewtype::Image);
-        msg.set_file(file.to_str().unwrap(), None);
+        msg.set_file_and_deduplicate(&alice, &file, Some("logo.png"), None)?;
        let sent = alice.send_msg(alice_chat.id, &mut msg).await;
        let alice_msg = Message::load_from_db(&alice, sent.sender_msg_id).await?;
        assert_eq!(alice_msg.has_location(), false);
--- a/src/message.rs
+++ b/src/message.rs
@@ -470,6 +470,7 @@ pub struct Message {
    /// `In-Reply-To` header value.
    pub(crate) in_reply_to: Option<String>,
    pub(crate) is_dc_message: MessengerMessage,
+    pub(crate) original_msg_id: MsgId,
    pub(crate) mime_modified: bool,
    pub(crate) chat_blocked: Blocked,
    pub(crate) location_id: u32,
@@ -536,6 +537,7 @@ impl Message {
                    "    m.download_state AS download_state,",
                    "    m.error AS error,",
                    "    m.msgrmsg AS msgrmsg,",
+                    "    m.starred AS original_msg_id,",
                    "    m.mime_modified AS mime_modified,",
                    "    m.txt AS txt,",
                    "    m.subject AS subject,",
@@ -592,6 +594,7 @@ impl Message {
                        error: Some(row.get::<_, String>("error")?)
                            .filter(|error| !error.is_empty()),
                        is_dc_message: row.get("msgrmsg")?,
+                        original_msg_id: row.get("original_msg_id")?,
                        mime_modified: row.get("mime_modified")?,
                        text,
                        subject: row.get("subject")?,
@@ -620,8 +623,8 @@ impl Message {
    pub fn get_filemime(&self) -> Option<String> {
        if let Some(m) = self.param.get(Param::MimeType) {
            return Some(m.to_string());
-        } else if let Some(file) = self.param.get(Param::File) {
-            if let Some((_, mime)) = guess_msgtype_from_suffix(Path::new(file)) {
+        } else if self.param.exists(Param::File) {
+            if let Some((_, mime)) = guess_msgtype_from_suffix(self) {
                return Some(mime.to_string());
            }
            // we have a file but no mimetype, let's use a generic one
@@ -1082,18 +1085,62 @@ impl Message {
        self.param.set_optional(Param::MimeType, filemime);
    }

-    /// Creates a new blob and sets it as a file associated with a message.
-    pub async fn set_file_from_bytes(
+    /// Sets the file associated with a message, deduplicating files with the same name.
+    ///
+    /// If `name` is Some, it is used as the file name
+    /// and the actual current name of the file is ignored.
+    ///
+    /// If the source file is already in the blobdir, it will be renamed,
+    /// otherwise it will be copied to the blobdir first.
+    ///
+    /// In order to deduplicate files that contain the same data,
+    /// the file will be named `<hash>.<extension>`, e.g. `ce940175885d7b78f7b7e9f1396611f.jpg`.
+    ///
+    /// NOTE:
+    /// - This function will rename the file. To get the new file path, call `get_file()`.
+    /// - The file must not be modified after this function was called.
+    pub fn set_file_and_deduplicate(
        &mut self,
        context: &Context,
-        suggested_name: &str,
+        file: &Path,
+        name: Option<&str>,
+        filemime: Option<&str>,
+    ) -> Result<()> {
+        let name = if let Some(name) = name {
+            name.to_string()
+        } else {
+            file.file_name()
+                .map(|s| s.to_string_lossy().to_string())
+                .unwrap_or_else(|| "unknown_file".to_string())
+        };
+
+        let blob = BlobObject::create_and_deduplicate(context, file, &name)?;
+        self.param.set(Param::File, blob.as_name());
+
+        self.param.set(Param::Filename, name);
+        self.param.set_optional(Param::MimeType, filemime);
+
+        Ok(())
+    }
+
+    /// Creates a new blob and sets it as a file associated with a message.
+    ///
+    /// In order to deduplicate files that contain the same data,
+    /// the file will be named `<hash>.<extension>`, e.g. `ce940175885d7b78f7b7e9f1396611f.jpg`.
+    ///
+    /// NOTE: The file must not be modified after this function was called.
+    pub fn set_file_from_bytes(
+        &mut self,
+        context: &Context,
+        name: &str,
        data: &[u8],
        filemime: Option<&str>,
    ) -> Result<()> {
-        let blob = BlobObject::create(context, suggested_name, data).await?;
-        self.param.set(Param::Filename, suggested_name);
+        let blob = BlobObject::create_and_deduplicate_from_bytes(context, data, name)?;
+        self.param.set(Param::Filename, name);
        self.param.set(Param::File, blob.as_name());
        self.param.set_optional(Param::MimeType, filemime);
+
        Ok(())
    }

@@ -1106,12 +1153,13 @@ impl Message {
        );
        let vcard = contact::make_vcard(context, contacts).await?;
        self.set_file_from_bytes(context, "vcard.vcf", vcard.as_bytes(), None)
-            .await
    }

    /// Updates message state from the vCard attachment.
    pub(crate) async fn try_set_vcard(&mut self, context: &Context, path: &Path) -> Result<()> {
-        let vcard = fs::read(path).await.context("Could not read {path}")?;
+        let vcard = fs::read(path)
+            .await
+            .with_context(|| format!("Could not read {path:?}"))?;
        if let Some(summary) = get_vcard_summary(&vcard) {
            self.param.set(Param::Summary1, summary);
        } else {
@@ -1254,6 +1302,35 @@ impl Message {
        Ok(None)
    }

+    /// Returns original message ID for message from "Saved Messages".
+    pub async fn get_original_msg_id(&self, context: &Context) -> Result<Option<MsgId>> {
+        if !self.original_msg_id.is_special() {
+            if let Some(msg) = Message::load_from_db_optional(context, self.original_msg_id).await?
+            {
+                return if msg.chat_id.is_trash() {
+                    Ok(None)
+                } else {
+                    Ok(Some(msg.id))
+                };
+            }
+        }
+        Ok(None)
+    }
+
+    /// Check if the message was saved and returns the corresponding message inside "Saved Messages".
+    /// UI can use this to show a symbol beside the message, indicating it was saved.
+    /// The message can be un-saved by deleting the returned message.
+    pub async fn get_saved_msg_id(&self, context: &Context) -> Result<Option<MsgId>> {
+        let res: Option<MsgId> = context
+            .sql
+            .query_get_value(
+                "SELECT id FROM msgs WHERE starred=? AND chat_id!=?",
+                (self.id, DC_CHAT_ID_TRASH),
+            )
+            .await?;
+        Ok(res)
+    }
+
    /// Force the message to be sent in plain text.
    pub fn force_plaintext(&mut self) {
        self.param.set_int(Param::ForcePlaintext, 1);
@@ -1433,7 +1510,14 @@ pub async fn get_msg_read_receipts(
        .await
 }

-pub(crate) fn guess_msgtype_from_suffix(path: &Path) -> Option<(Viewtype, &str)> {
+pub(crate) fn guess_msgtype_from_suffix(msg: &Message) -> Option<(Viewtype, &'static str)> {
+    msg.param
+        .get(Param::Filename)
+        .or_else(|| msg.param.get(Param::File))
+        .and_then(|file| guess_msgtype_from_path_suffix(Path::new(file)))
+}
+
+pub(crate) fn guess_msgtype_from_path_suffix(path: &Path) -> Option<(Viewtype, &'static str)> {
    let extension: &str = &path.extension()?.to_str()?.to_lowercase();
    let info = match extension {
        // before using viewtype other than Viewtype::File,
@@ -1667,12 +1751,12 @@ pub async fn markseen_msgs(context: &Context, msg_ids: Vec<MsgId>) -> Result<()>
        .set_config_internal(Config::LastMsgId, Some(&last_msg_id.to_u32().to_string()))
        .await?;

-    let msgs = context
-        .sql
-        .query_map(
-            &format!(
+    let mut msgs = Vec::with_capacity(msg_ids.len());
+    for &id in &msg_ids {
+        if let Some(msg) = context
+            .sql
+            .query_row_optional(
                "SELECT
-                    m.id AS id,
                    m.chat_id AS chat_id,
                    m.state AS state,
                    m.download_state as download_state,
@@ -1683,39 +1767,39 @@ pub async fn markseen_msgs(context: &Context, msg_ids: Vec<MsgId>) -> Result<()>
                    c.archived AS archived,
                    c.blocked AS blocked
                 FROM msgs m LEFT JOIN chats c ON c.id=m.chat_id
-                 WHERE m.id IN ({}) AND m.chat_id>9",
-                sql::repeat_vars(msg_ids.len())
-            ),
-            rusqlite::params_from_iter(&msg_ids),
-            |row| {
-                let id: MsgId = row.get("id")?;
-                let chat_id: ChatId = row.get("chat_id")?;
-                let state: MessageState = row.get("state")?;
-                let download_state: DownloadState = row.get("download_state")?;
-                let param: Params = row.get::<_, String>("param")?.parse().unwrap_or_default();
-                let from_id: ContactId = row.get("from_id")?;
-                let rfc724_mid: String = row.get("rfc724_mid")?;
-                let visibility: ChatVisibility = row.get("archived")?;
-                let blocked: Option<Blocked> = row.get("blocked")?;
-                let ephemeral_timer: EphemeralTimer = row.get("ephemeral_timer")?;
-                Ok((
-                    (
-                        id,
-                        chat_id,
-                        state,
-                        download_state,
-                        param,
-                        from_id,
-                        rfc724_mid,
-                        visibility,
-                        blocked.unwrap_or_default(),
-                    ),
-                    ephemeral_timer,
-                ))
-            },
-            |rows| rows.collect::<Result<Vec<_>, _>>().map_err(Into::into),
-        )
-        .await?;
+                 WHERE m.id=? AND m.chat_id>9",
+                (id,),
+                |row| {
+                    let chat_id: ChatId = row.get("chat_id")?;
+                    let state: MessageState = row.get("state")?;
+                    let download_state: DownloadState = row.get("download_state")?;
+                    let param: Params = row.get::<_, String>("param")?.parse().unwrap_or_default();
+                    let from_id: ContactId = row.get("from_id")?;
+                    let rfc724_mid: String = row.get("rfc724_mid")?;
+                    let visibility: ChatVisibility = row.get("archived")?;
+                    let blocked: Option<Blocked> = row.get("blocked")?;
+                    let ephemeral_timer: EphemeralTimer = row.get("ephemeral_timer")?;
+                    Ok((
+                        (
+                            id,
+                            chat_id,
+                            state,
+                            download_state,
+                            param,
+                            from_id,
+                            rfc724_mid,
+                            visibility,
+                            blocked.unwrap_or_default(),
+                        ),
+                        ephemeral_timer,
+                    ))
+                },
+            )
+            .await?
+        {
+            msgs.push(msg);
+        }
+    }

    if msgs
        .iter()
@@ -2166,7 +2250,8 @@ mod tests {

    use super::*;
    use crate::chat::{
-        self, add_contact_to_chat, marknoticed_chat, send_text_msg, ChatItem, ProtectionStatus,
+        self, add_contact_to_chat, forward_msgs, marknoticed_chat, save_msgs, send_text_msg,
+        ChatItem, ProtectionStatus,
    };
    use crate::chatlist::Chatlist;
    use crate::config::Config;
@@ -2178,15 +2263,15 @@ mod tests {
    #[test]
    fn test_guess_msgtype_from_suffix() {
        assert_eq!(
-            guess_msgtype_from_suffix(Path::new("foo/bar-sth.mp3")),
+            guess_msgtype_from_path_suffix(Path::new("foo/bar-sth.mp3")),
            Some((Viewtype::Audio, "audio/mpeg"))
        );
        assert_eq!(
-            guess_msgtype_from_suffix(Path::new("foo/file.html")),
+            guess_msgtype_from_path_suffix(Path::new("foo/file.html")),
            Some((Viewtype::File, "text/html"))
        );
        assert_eq!(
-            guess_msgtype_from_suffix(Path::new("foo/file.xdc")),
+            guess_msgtype_from_path_suffix(Path::new("foo/file.xdc")),
            Some((Viewtype::Webxdc, "application/webxdc+zip"))
        );
    }
@@ -2475,6 +2560,41 @@ mod tests {
        );
    }

+    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+    async fn test_get_original_msg_id() -> Result<()> {
+        let alice = TestContext::new_alice().await;
+        let bob = TestContext::new_bob().await;
+
+        // normal sending of messages does not have an original ID
+        let one2one_chat = alice.create_chat(&bob).await;
+        let sent = alice.send_text(one2one_chat.id, "foo").await;
+        let orig_msg = Message::load_from_db(&alice, sent.sender_msg_id).await?;
+        assert!(orig_msg.get_original_msg_id(&alice).await?.is_none());
+        assert!(orig_msg.parent(&alice).await?.is_none());
+        assert!(orig_msg.quoted_message(&alice).await?.is_none());
+
+        // forwarding to "Saved Messages", the message gets the original ID attached
+        let self_chat = alice.get_self_chat().await;
+        save_msgs(&alice, &[sent.sender_msg_id]).await?;
+        let saved_msg = alice.get_last_msg_in(self_chat.get_id()).await;
+        assert_ne!(saved_msg.get_id(), orig_msg.get_id());
+        assert_eq!(
+            saved_msg.get_original_msg_id(&alice).await?.unwrap(),
+            orig_msg.get_id()
+        );
+        assert!(saved_msg.parent(&alice).await?.is_none());
+        assert!(saved_msg.quoted_message(&alice).await?.is_none());
+
+        // forwarding from "Saved Messages" back to another chat, detaches original ID
+        forward_msgs(&alice, &[saved_msg.get_id()], one2one_chat.get_id()).await?;
+        let forwarded_msg = alice.get_last_msg_in(one2one_chat.get_id()).await;
+        assert_ne!(forwarded_msg.get_id(), saved_msg.get_id());
+        assert_ne!(forwarded_msg.get_id(), orig_msg.get_id());
+        assert!(forwarded_msg.get_original_msg_id(&alice).await?.is_none());
+
+        Ok(())
+    }
+
    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
    async fn test_markseen_msgs() -> Result<()> {
        let alice = TestContext::new_alice().await;
@@ -2557,8 +2677,7 @@ mod tests {

        let file_bytes = include_bytes!("../test-data/image/screenshot.png");
        let mut msg = Message::new(Viewtype::Image);
-        msg.set_file_from_bytes(bob, "a.jpg", file_bytes, None)
-            .await?;
+        msg.set_file_from_bytes(bob, "a.jpg", file_bytes, None)?;
        let sent_msg = bob.send_msg(bob_chat_id, &mut msg).await;
        let msg = alice.recv_msg(&sent_msg).await;
        assert_eq!(msg.download_state, DownloadState::Available);
@@ -2627,8 +2746,7 @@ mod tests {

        let file_bytes = include_bytes!("../test-data/image/screenshot.png");
        let mut msg = Message::new(Viewtype::Image);
-        msg.set_file_from_bytes(bob, "a.jpg", file_bytes, None)
-            .await?;
+        msg.set_file_from_bytes(bob, "a.jpg", file_bytes, None)?;
        let sent_msg = bob.send_msg(bob_chat_id, &mut msg).await;
        let msg = alice.recv_msg(&sent_msg).await;
        assert_eq!(msg.download_state, DownloadState::Available);
--- a/src/mimefactory.rs
+++ b/src/mimefactory.rs
@@ -1,6 +1,7 @@
 //! # MIME message production.

 use std::collections::HashSet;
+use std::path::Path;

 use anyhow::{bail, Context as _, Result};
 use base64::Engine as _;
@@ -66,8 +67,36 @@ pub struct MimeFactory {

    selfstatus: String,

-    /// Vector of pairs of recipient name and address
-    recipients: Vec<(String, String)>,
+    /// Vector of actual recipient addresses.
+    ///
+    /// This is the list of addresses the message should be sent to.
+    /// It is not the same as the `To` header,
+    /// because in case of "member removed" message
+    /// removed member is in the recipient list,
+    /// but not in the `To` header.
+    /// In case of broadcast lists there are multiple recipients,
+    /// but the `To` header has no members.
+    ///
+    /// If `bcc_self` configuration is enabled,
+    /// this list will be extended with own address later,
+    /// but `MimeFactory` is not responsible for this.
+    recipients: Vec<String>,
+
+    /// Vector of pairs of recipient name and address that goes into the `To` field.
+    ///
+    /// The list of actual message recipient addresses may be different,
+    /// e.g. if members are hidden for broadcast lists.
+    to: Vec<(String, String)>,
+
+    /// Vector of pairs of past group member names and addresses.
+    past_members: Vec<(String, String)>,
+
+    /// Timestamps of the members in the same order as in the `recipients`
+    /// followed by `past_members`.
+    ///
+    /// If this is not empty, its length
+    /// should be the sum of `recipients` and `past_members` length.
+    member_timestamps: Vec<i64>,

    timestamp: i64,
    loaded: Loaded,
@@ -126,8 +155,10 @@ fn new_address_with_name(name: &str, address: String) -> Address {

 impl MimeFactory {
    pub async fn from_msg(context: &Context, msg: Message) -> Result<MimeFactory> {
+        let now = time();
        let chat = Chat::load_from_db(context, msg.chat_id).await?;
        let attach_profile_data = Self::should_attach_profile_data(&msg);
+        let undisclosed_recipients = chat.typ == Chattype::Broadcast;

        let from_addr = context.get_primary_self_addr().await?;
        let config_displayname = context
@@ -145,47 +176,101 @@ impl MimeFactory {
                (name, None)
            };

-        let mut recipients = Vec::with_capacity(5);
+        let mut recipients = Vec::new();
+        let mut to = Vec::new();
+        let mut past_members = Vec::new();
+        let mut member_timestamps = Vec::new();
        let mut recipient_ids = HashSet::new();
        let mut req_mdn = false;

        if chat.is_self_talk() {
            if msg.param.get_cmd() == SystemMessage::AutocryptSetupMessage {
-                recipients.push((from_displayname.to_string(), from_addr.to_string()));
+                recipients.push(from_addr.to_string());
+                to.push((from_displayname.to_string(), from_addr.to_string()));
            }
        } else if chat.is_mailing_list() {
            let list_post = chat
                .param
                .get(Param::ListPost)
                .context("Can't write to mailinglist without ListPost param")?;
-            recipients.push(("".to_string(), list_post.to_string()));
+            to.push(("".to_string(), list_post.to_string()));
+            recipients.push(list_post.to_string());
        } else {
+            let email_to_remove = if msg.param.get_cmd() == SystemMessage::MemberRemovedFromGroup {
+                msg.param.get(Param::Arg)
+            } else {
+                None
+            };
+
            context
                .sql
                .query_map(
-                    "SELECT c.authname, c.addr, c.id \
-                 FROM chats_contacts cc  \
-                 LEFT JOIN contacts c ON cc.contact_id=c.id  \
-                 WHERE cc.chat_id=? AND cc.contact_id>9;",
-                    (msg.chat_id,),
+                    "SELECT c.authname, c.addr, c.id, cc.add_timestamp, cc.remove_timestamp
+                     FROM chats_contacts cc
+                     LEFT JOIN contacts c ON cc.contact_id=c.id
+                     WHERE cc.chat_id=? AND (cc.contact_id>9 OR (cc.contact_id=1 AND ?))",
+                    (msg.chat_id, chat.typ == Chattype::Group),
                    |row| {
                        let authname: String = row.get(0)?;
                        let addr: String = row.get(1)?;
                        let id: ContactId = row.get(2)?;
-                        Ok((authname, addr, id))
+                        let add_timestamp: i64 = row.get(3)?;
+                        let remove_timestamp: i64 = row.get(4)?;
+                        Ok((authname, addr, id, add_timestamp, remove_timestamp))
                    },
                    |rows| {
+                        let mut past_member_timestamps = Vec::new();
+
                        for row in rows {
-                            let (authname, addr, id) = row?;
-                            if !recipients_contain_addr(&recipients, &addr) {
-                                let name = match attach_profile_data {
-                                    true => authname,
-                                    false => "".to_string(),
-                                };
-                                recipients.push((name, addr));
+                            let (authname, addr, id, add_timestamp, remove_timestamp) = row?;
+                            let addr = if id == ContactId::SELF {
+                                from_addr.to_string()
+                            } else {
+                                addr
+                            };
+                            let name = match attach_profile_data {
+                                true => authname,
+                                false => "".to_string(),
+                            };
+                            if add_timestamp >= remove_timestamp {
+                                if !recipients_contain_addr(&to, &addr) {
+                                    recipients.push(addr.clone());
+                                    if !undisclosed_recipients {
+                                        to.push((name, addr));
+                                        member_timestamps.push(add_timestamp);
+                                    }
+                                }
+                                recipient_ids.insert(id);
+                            } else if remove_timestamp.saturating_add(60 * 24 * 3600) > now {
+                                // Row is a tombstone,
+                                // member is not actually part of the group.
+                                if !recipients_contain_addr(&past_members, &addr) {
+                                    if let Some(email_to_remove) = email_to_remove {
+                                        if email_to_remove == addr {
+                                            // This is a "member removed" message,
+                                            // we need to notify removed member
+                                            // that it was removed.
+                                            recipients.push(addr.clone());
+                                        }
+                                    }
+                                    if !undisclosed_recipients {
+                                        past_members.push((name, addr));
+                                        past_member_timestamps.push(remove_timestamp);
+                                    }
+                                }
                            }
-                            recipient_ids.insert(id);
                        }
+
+                        debug_assert!(member_timestamps.len() >= to.len());
+
+                        if to.len() > 1 {
+                            if let Some(position) = to.iter().position(|(_, x)| x == &from_addr) {
+                                to.remove(position);
+                                member_timestamps.remove(position);
+                            }
+                        }
+
+                        member_timestamps.extend(past_member_timestamps);
                        Ok(())
                    },
                )
@@ -226,12 +311,19 @@ impl MimeFactory {
        };
        let attach_selfavatar = Self::should_attach_selfavatar(context, &msg).await;

+        debug_assert!(
+            member_timestamps.is_empty()
+                || to.len() + past_members.len() == member_timestamps.len()
+        );
        let factory = MimeFactory {
            from_addr,
            from_displayname,
            sender_displayname,
            selfstatus,
            recipients,
+            to,
+            past_members,
+            member_timestamps,
            timestamp: msg.timestamp_sort,
            loaded: Loaded::Message { msg, chat },
            in_reply_to,
@@ -259,7 +351,10 @@ impl MimeFactory {
            from_displayname: "".to_string(),
            sender_displayname: None,
            selfstatus: "".to_string(),
-            recipients: vec![("".to_string(), contact.get_addr().to_string())],
+            recipients: vec![contact.get_addr().to_string()],
+            to: vec![("".to_string(), contact.get_addr().to_string())],
+            past_members: vec![],
+            member_timestamps: vec![],
            timestamp,
            loaded: Loaded::Mdn {
                rfc724_mid,
@@ -283,11 +378,7 @@ impl MimeFactory {
        let self_addr = context.get_primary_self_addr().await?;

        let mut res = Vec::new();
-        for (_, addr) in self
-            .recipients
-            .iter()
-            .filter(|(_, addr)| addr != &self_addr)
-        {
+        for addr in self.recipients.iter().filter(|&addr| *addr != self_addr) {
            res.push((Peerstate::from_addr(context, addr).await?, addr.clone()));
        }

@@ -475,10 +566,7 @@ impl MimeFactory {
    }

    pub fn recipients(&self) -> Vec<String> {
-        self.recipients
-            .iter()
-            .map(|(_, addr)| addr.clone())
-            .collect()
+        self.recipients.clone()
    }

    /// Consumes a `MimeFactory` and renders it into a message which is then stored in
@@ -488,46 +576,33 @@ impl MimeFactory {

        let from = new_address_with_name(&self.from_displayname, self.from_addr.clone());

-        let undisclosed_recipients = match &self.loaded {
-            Loaded::Message { chat, .. } => chat.typ == Chattype::Broadcast,
-            Loaded::Mdn { .. } => false,
-        };
-
        let mut to = Vec::new();
-        if undisclosed_recipients {
+        for (name, addr) in &self.to {
+            if name.is_empty() {
+                to.push(Address::new_mailbox(addr.clone()));
+            } else {
+                to.push(new_address_with_name(name, addr.clone()));
+            }
+        }
+
+        let mut past_members = Vec::new(); // Contents of `Chat-Group-Past-Members` header.
+        for (name, addr) in &self.past_members {
+            if name.is_empty() {
+                past_members.push(Address::new_mailbox(addr.clone()));
+            } else {
+                past_members.push(new_address_with_name(name, addr.clone()));
+            }
+        }
+
+        debug_assert!(
+            self.member_timestamps.is_empty()
+                || to.len() + past_members.len() == self.member_timestamps.len()
+        );
+        if to.is_empty() {
            to.push(Address::new_group(
                "hidden-recipients".to_string(),
                Vec::new(),
            ));
-        } else {
-            let email_to_remove = match &self.loaded {
-                Loaded::Message { msg, .. } => {
-                    if msg.param.get_cmd() == SystemMessage::MemberRemovedFromGroup {
-                        msg.param.get(Param::Arg)
-                    } else {
-                        None
-                    }
-                }
-                Loaded::Mdn { .. } => None,
-            };
-
-            for (name, addr) in &self.recipients {
-                if let Some(email_to_remove) = email_to_remove {
-                    if email_to_remove == addr {
-                        continue;
-                    }
-                }
-
-                if name.is_empty() {
-                    to.push(Address::new_mailbox(addr.clone()));
-                } else {
-                    to.push(new_address_with_name(name, addr.clone()));
-                }
-            }
-
-            if to.is_empty() {
-                to.push(from.clone());
-            }
        }

        // Start with Internet Message Format headers in the order of the standard example
@@ -540,6 +615,32 @@ impl MimeFactory {
            headers.push(Header::new_with_value("Sender".into(), vec![sender]).unwrap());
        }
        headers.push(Header::new_with_value("To".into(), to.clone()).unwrap());
+        if !past_members.is_empty() {
+            headers.push(
+                Header::new_with_value("Chat-Group-Past-Members".into(), past_members.clone())
+                    .unwrap(),
+            );
+        }
+
+        let chat_memberlist_is_stale = if let Loaded::Message { chat, .. } = &self.loaded {
+            chat.member_list_is_stale(context).await?
+        } else {
+            false
+        };
+
+        if !self.member_timestamps.is_empty() && !chat_memberlist_is_stale {
+            headers.push(
+                Header::new_with_value(
+                    "Chat-Group-Member-Timestamps".into(),
+                    self.member_timestamps
+                        .iter()
+                        .map(|ts| ts.to_string())
+                        .collect::<Vec<String>>()
+                        .join(" "),
+                )
+                .unwrap(),
+            );
+        }

        let subject_str = self.subject_str(context).await?;
        let encoded_subject = if subject_str
@@ -652,7 +753,9 @@ impl MimeFactory {

        let peerstates = self.peerstates_for_recipients(context).await?;
        let is_encrypted = !self.should_force_plaintext()
-            && encrypt_helper.should_encrypt(context, e2ee_guaranteed, &peerstates)?;
+            && encrypt_helper
+                .should_encrypt(context, e2ee_guaranteed, &peerstates)
+                .await?;
        let is_securejoin_message = if let Loaded::Message { msg, .. } = &self.loaded {
            msg.param.get_cmd() == SystemMessage::SecurejoinMessage
        } else {
@@ -1047,7 +1150,6 @@ impl MimeFactory {
        part.body(text)
    }

-    #[allow(clippy::cognitive_complexity)]
    async fn render_message(
        &mut self,
        context: &Context,
@@ -1510,12 +1612,17 @@ pub(crate) fn wrapped_base64_encode(buf: &[u8]) -> String {
 }

 async fn build_body_file(context: &Context, msg: &Message) -> Result<PartBuilder> {
+    let file_name = msg.get_filename().context("msg has no file")?;
+    let suffix = Path::new(&file_name)
+        .extension()
+        .and_then(|e| e.to_str())
+        .unwrap_or("dat");
+
    let blob = msg
        .param
        .get_blob(Param::File, context)
        .await?
        .context("msg has no file")?;
-    let suffix = blob.suffix().unwrap_or("dat");

    // Get file name to use for sending.  For privacy purposes, we do
    // not transfer the original filenames eg. for images; these names
@@ -1555,18 +1662,14 @@ async fn build_body_file(context: &Context, msg: &Message) -> Result<PartBuilder
                ),
            &suffix
        ),
-        _ => msg
-            .param
-            .get(Param::Filename)
-            .unwrap_or_else(|| blob.as_file_name())
-            .to_string(),
+        _ => file_name,
    };

    /* check mimetype */
    let mimetype: mime::Mime = match msg.param.get(Param::MimeType) {
        Some(mtype) => mtype.parse()?,
        None => {
-            if let Some(res) = message::guess_msgtype_from_suffix(blob.as_rel_path()) {
+            if let Some(res) = message::guess_msgtype_from_suffix(msg) {
                res.1.parse()?
            } else {
                mime::APPLICATION_OCTET_STREAM
@@ -2459,8 +2562,9 @@ mod tests {
        // Alice creates a group with Bob and Claire and then removes Bob.
        let alice = TestContext::new_alice().await;

+        let claire_addr = "claire@foo.de";
        let bob_id = Contact::create(&alice, "Bob", "bob@example.net").await?;
-        let claire_id = Contact::create(&alice, "Claire", "claire@foo.de").await?;
+        let claire_id = Contact::create(&alice, "Claire", claire_addr).await?;

        let alice_chat_id = create_group_chat(&alice, ProtectionStatus::Unprotected, "foo").await?;
        add_contact_to_chat(&alice, alice_chat_id, bob_id).await?;
@@ -2476,10 +2580,17 @@ mod tests {
            .get_first_header("To")
            .context("no To: header parsed")?;
        let to = addrparse_header(to)?;
-        let mailbox = to
-            .extract_single_info()
-            .context("to: field does not contain exactly one address")?;
-        assert_eq!(mailbox.addr, "bob@example.net");
+        for to_addr in to.iter() {
+            match to_addr {
+                mailparse::MailAddr::Single(ref info) => {
+                    // Addresses should be of existing members (Alice and Bob) and not Claire.
+                    assert_ne!(info.addr, claire_addr);
+                }
+                mailparse::MailAddr::Group(_) => {
+                    panic!("Group addresses are not expected here");
+                }
+            }
+        }

        Ok(())
    }
@@ -2521,8 +2632,7 @@ mod tests {
        // Long messages are truncated and MimeMessage::decoded_data is set for them. We need
        // decoded_data to check presence of the necessary headers.
        msg.set_text("a".repeat(constants::DC_DESIRED_TEXT_LEN + 1));
-        msg.set_file_from_bytes(&bob, "foo.bar", "content".as_bytes(), None)
-            .await?;
+        msg.set_file_from_bytes(&bob, "foo.bar", "content".as_bytes(), None)?;
        let sent = bob.send_msg(chat, &mut msg).await;
        assert!(msg.get_showpadlock());
        assert!(sent.payload.contains("\r\nSubject: [...]\r\n"));
@@ -2539,4 +2649,40 @@ mod tests {

        Ok(())
    }
+
+    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+    async fn test_dont_remove_self() -> Result<()> {
+        let mut tcm = TestContextManager::new();
+        let alice = &tcm.alice().await;
+        let bob = &tcm.bob().await;
+
+        let first_group = alice
+            .create_group_with_members(ProtectionStatus::Unprotected, "First group", &[bob])
+            .await;
+        alice.send_text(first_group, "Hi! I created a group.").await;
+        remove_contact_from_chat(alice, first_group, ContactId::SELF).await?;
+        alice.pop_sent_msg().await;
+
+        let second_group = alice
+            .create_group_with_members(ProtectionStatus::Unprotected, "First group", &[bob])
+            .await;
+        let sent = alice
+            .send_text(second_group, "Hi! I created another group.")
+            .await;
+
+        println!("{}", sent.payload);
+        let mime_message = MimeMessage::from_bytes(alice, sent.payload.as_bytes(), None)
+            .await
+            .unwrap();
+        assert_eq!(
+            mime_message.get_header(HeaderDef::ChatGroupPastMembers),
+            None
+        );
+        assert_eq!(
+            mime_message.chat_group_member_timestamps().unwrap().len(),
+            1 // There is a timestamp for Bob, not for Alice
+        );
+
+        Ok(())
+    }
 }
--- a/src/mimeparser.rs
+++ b/src/mimeparser.rs
--- a/src/mimeparser/mimeparser_tests.rs
+++ b/src/mimeparser/mimeparser_tests.rs
--- a/src/net/http.rs
+++ b/src/net/http.rs
@@ -13,7 +13,7 @@ use crate::context::Context;
 use crate::net::proxy::ProxyConfig;
 use crate::net::session::SessionStream;
 use crate::net::tls::wrap_rustls;
-use crate::tools::{create_id, time};
+use crate::tools::time;

 /// HTTP(S) GET response.
 #[derive(Debug, Clone, PartialEq, Eq)]
@@ -119,12 +119,8 @@ fn http_url_cache_timestamps(url: &str, mimetype: Option<&str>) -> (i64, i64) {

 /// Places the binary into HTTP cache.
 async fn http_cache_put(context: &Context, url: &str, response: &Response) -> Result<()> {
-    let blob = BlobObject::create(
-        context,
-        &format!("http_cache_{}", create_id()),
-        response.blob.as_slice(),
-    )
-    .await?;
+    let blob =
+        BlobObject::create_and_deduplicate_from_bytes(context, response.blob.as_slice(), "")?;

    let (expires, stale) = http_url_cache_timestamps(url, response.mimetype.as_deref());
    context
--- a/src/net/proxy.rs
+++ b/src/net/proxy.rs
@@ -640,6 +640,9 @@ mod tests {
    fn test_invalid_proxy_url() {
        assert!(ProxyConfig::from_url("foobar://127.0.0.1:9050").is_err());
        assert!(ProxyConfig::from_url("abc").is_err());
+
+        // This caused panic before shadowsocks 1.22.0.
+        assert!(ProxyConfig::from_url("ss://foo:bar@127.0.0.1:9999").is_err());
    }

    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
--- a/src/param.rs
+++ b/src/param.rs
@@ -373,7 +373,6 @@ impl Params {
    /// Note that in the [ParamsFile::FsPath] case the blob can be
    /// created without copying if the path already refers to a valid
    /// blob.  If so a [BlobObject] will be returned.
-    #[allow(clippy::needless_lifetimes)]
    pub async fn get_blob<'a>(
        &self,
        key: Param,
--- a/src/peer_channels.rs
+++ b/src/peer_channels.rs
@@ -417,7 +417,6 @@ async fn get_iroh_gossip_peers(ctx: &Context, msg_id: MsgId) -> Result<Vec<NodeA
                    ))
                })
                .collect::<std::result::Result<Vec<_>, _>>()
-                .map_err(Into::into)
            },
        )
        .await
@@ -629,7 +628,6 @@ mod tests {
                include_bytes!("../test-data/webxdc/minimal.xdc"),
                None,
            )
-            .await
            .unwrap();

        send_msg(alice, alice_chat.id, &mut instance).await.unwrap();
@@ -801,7 +799,6 @@ mod tests {
                include_bytes!("../test-data/webxdc/minimal.xdc"),
                None,
            )
-            .await
            .unwrap();

        send_msg(alice, alice_chat.id, &mut instance).await.unwrap();
@@ -985,7 +982,6 @@ mod tests {
                include_bytes!("../test-data/webxdc/minimal.xdc"),
                None,
            )
-            .await
            .unwrap();
        send_msg(alice, alice_chat.id, &mut instance).await.unwrap();
        let alice_webxdc = alice.get_last_msg().await;
--- a/src/peerstate.rs
+++ b/src/peerstate.rs
@@ -711,9 +711,25 @@ impl Peerstate {
                                Origin::IncomingUnknownFrom,
                            )
                            .await?;
-                            chat::remove_from_chat_contacts_table(context, *chat_id, contact_id)
-                                .await?;
-                            chat::add_to_chat_contacts_table(context, *chat_id, &[new_contact_id])
+                            context
+                                .sql
+                                .transaction(|transaction| {
+                                    transaction.execute(
+                                        "UPDATE chats_contacts
+                                         SET remove_timestamp=MAX(add_timestamp+1, ?)
+                                         WHERE chat_id=? AND contact_id=?",
+                                        (timestamp, chat_id, contact_id),
+                                    )?;
+                                    transaction.execute(
+                                        "INSERT INTO chats_contacts
+                                         (chat_id, contact_id, add_timestamp)
+                                         VALUES (?1, ?2, ?3)
+                                         ON CONFLICT (chat_id, contact_id)
+                                         DO UPDATE SET add_timestamp=MAX(remove_timestamp, ?3)",
+                                        (chat_id, new_contact_id, timestamp),
+                                    )?;
+                                    Ok(())
+                                })
                                .await?;

                            context.emit_event(EventType::ChatModified(*chat_id));
--- a/src/pgp.rs
+++ b/src/pgp.rs
@@ -21,11 +21,9 @@ use tokio::runtime::Handle;
 use crate::constants::KeyGenType;
 use crate::key::{DcKey, Fingerprint};

-#[allow(missing_docs)]
 #[cfg(test)]
 pub(crate) const HEADER_AUTOCRYPT: &str = "autocrypt-prefer-encrypt";

-#[allow(missing_docs)]
 pub const HEADER_SETUPCODE: &str = "passphrase-begin";

 /// Preferred symmetric encryption algorithm.
--- a/src/quota.rs
+++ b/src/quota.rs
@@ -187,7 +187,7 @@ mod tests {
        Ok(())
    }

-    #[allow(clippy::assertions_on_constants)]
+    #[expect(clippy::assertions_on_constants)]
    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
    async fn test_quota_thresholds() -> anyhow::Result<()> {
        assert!(QUOTA_ALLCLEAR_PERCENTAGE > 50);
--- a/src/receive_imf.rs
+++ b/src/receive_imf.rs
--- a/src/receive_imf/receive_imf_tests.rs
+++ b/src/receive_imf/receive_imf_tests.rs
@@ -566,6 +566,8 @@ async fn test_escaped_recipients() {
    .unwrap()
    .0;

+    // We test with non-chat message here
+    // because chat messages are not expected to have `Cc` header.
    receive_imf(
        &t,
        b"From: Foobar <foobar@example.com>\n\
@@ -573,8 +575,6 @@ async fn test_escaped_recipients() {
                 Cc: =?utf-8?q?=3Ch2=3E?= <carl@host.tld>\n\
                 Subject: foo\n\
                 Message-ID: <asdklfjjaweofi@example.com>\n\
-                 Chat-Version: 1.0\n\
-                 Chat-Disposition-Notification-To: <foobar@example.com>\n\
                 Date: Sun, 22 Mar 2020 22:37:57 +0000\n\
                 \n\
                 hello\n",
@@ -590,11 +590,12 @@ async fn test_escaped_recipients() {
    let msg = Message::load_from_db(&t, chats.get_msg_id(0).unwrap().unwrap())
        .await
        .unwrap();
-    assert_eq!(msg.is_dc_message, MessengerMessage::Yes);
-    assert_eq!(msg.text, "hello");
-    assert_eq!(msg.param.get_int(Param::WantsMdn).unwrap(), 1);
+    assert_eq!(msg.is_dc_message, MessengerMessage::No);
+    assert_eq!(msg.text, "foo – hello");
 }

+/// Tests that `Cc` header updates display name
+/// if existing contact has low enough origin.
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_cc_to_contact() {
    let t = TestContext::new_alice().await;
@@ -612,6 +613,8 @@ async fn test_cc_to_contact() {
    .unwrap()
    .0;

+    // We use non-chat message here
+    // because chat messages are not expected to have `Cc` header.
    receive_imf(
        &t,
        b"Received: (Postfix, from userid 1000); Mon, 4 Dec 2006 14:51:39 +0100 (CET)\n\
@@ -620,8 +623,6 @@ async fn test_cc_to_contact() {
                 Cc: Carl <carl@host.tld>\n\
                 Subject: foo\n\
                 Message-ID: <asdklfjjaweofi@example.com>\n\
-                 Chat-Version: 1.0\n\
-                 Chat-Disposition-Notification-To: <foobar@example.com>\n\
                 Date: Sun, 22 Mar 2020 22:37:57 +0000\n\
                 \n\
                 hello\n",
@@ -1663,8 +1664,12 @@ async fn test_pdf_filename_simple() {
    assert_eq!(msg.viewtype, Viewtype::File);
    assert_eq!(msg.text, "mail body");
    let file_path = msg.param.get(Param::File).unwrap();
-    assert!(file_path.starts_with("$BLOBDIR/simple"));
-    assert!(file_path.ends_with(".pdf"));
+    assert_eq!(
+        file_path,
+        // That's the blake3 hash of the file content:
+        "$BLOBDIR/24a6af459cec5d733374aeaa19a6133.pdf"
+    );
+    assert_eq!(msg.param.get(Param::Filename).unwrap(), "simple.pdf");
 }

 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
@@ -1679,8 +1684,8 @@ async fn test_pdf_filename_continuation() {
    assert_eq!(msg.viewtype, Viewtype::File);
    assert_eq!(msg.text, "mail body");
    let file_path = msg.param.get(Param::File).unwrap();
-    assert!(file_path.starts_with("$BLOBDIR/test pdf äöüß"));
-    assert!(file_path.ends_with(".pdf"));
+    assert!(file_path.starts_with("$BLOBDIR/"));
+    assert_eq!(msg.get_filename().unwrap(), "test pdf äöüß.pdf");
 }

 /// HTML-images may come with many embedded images, eg. tiny icons, corners for formatting,
@@ -2200,6 +2205,30 @@ Message content",
    assert_ne!(msg.chat_id, t.get_self_chat().await.id);
 }

+/// Tests that message with hidden recipients is assigned to Saved Messages chat.
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_hidden_recipients_self_chat() {
+    let t = TestContext::new_alice().await;
+
+    receive_imf(
+        &t,
+        b"Subject: s
+Chat-Version: 1.0
+Message-ID: <foobar@localhost>
+To: hidden-recipients:;
+From: <alice@example.org>
+
+Message content",
+        false,
+    )
+    .await
+    .unwrap();
+
+    let msg = t.get_last_msg().await;
+    assert_eq!(msg.chat_id, t.get_self_chat().await.id);
+    assert_eq!(msg.to_id, ContactId::SELF);
+}
+
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_no_unencrypted_name_in_self_chat() -> Result<()> {
    let mut tcm = TestContextManager::new();
@@ -3219,11 +3248,11 @@ async fn test_weird_and_duplicated_filenames() -> Result<()> {
        "a. tar.tar.gz",
    ] {
        let attachment = alice.blobdir.join(filename_sent);
-        let content = format!("File content of {filename_sent}");
+        let content = "File content of tar.gz archive".to_string();
        tokio::fs::write(&attachment, content.as_bytes()).await?;

        let mut msg_alice = Message::new(Viewtype::File);
-        msg_alice.set_file(attachment.to_str().unwrap(), None);
+        msg_alice.set_file_and_deduplicate(&alice, &attachment, None, None)?;
        let alice_chat = alice.create_chat(&bob).await;
        let sent = alice.send_msg(alice_chat.id, &mut msg_alice).await;
        println!("{}", sent.payload());
@@ -3237,9 +3266,10 @@ async fn test_weird_and_duplicated_filenames() -> Result<()> {
            let path = msg.get_file(t).unwrap();
            let path2 = path.with_file_name("saved.txt");
            msg.save_file(t, &path2).await.unwrap();
-            assert!(
-                path.to_str().unwrap().ends_with(".tar.gz"),
-                "path {path:?} doesn't end with .tar.gz"
+            assert_eq!(
+                path.file_name().unwrap().to_str().unwrap(),
+                "79402cb76f44c5761888f9036992a76.gz",
+                "The hash of the content should always be the same"
            );
            assert_eq!(fs::read_to_string(&path).await.unwrap(), content);
            assert_eq!(fs::read_to_string(&path2).await.unwrap(), content);
@@ -3309,6 +3339,7 @@ async fn test_outgoing_private_reply_multidevice() -> Result<()> {
    let group_id = chat::create_group_chat(&bob, ProtectionStatus::Unprotected, "Group").await?;
    chat::add_to_chat_contacts_table(
        &bob,
+        time(),
        group_id,
        &[
            bob.add_or_lookup_contact(&alice1).await.id,
@@ -3518,26 +3549,27 @@ async fn test_no_private_reply_to_blocked_account() -> Result<()> {
    let alice = tcm.alice().await;
    let bob = tcm.bob().await;

-    // =============== Bob creates a group ===============
+    tcm.section("Bob creates a group");
    let group_id = chat::create_group_chat(&bob, ProtectionStatus::Unprotected, "Group").await?;
    chat::add_to_chat_contacts_table(
        &bob,
+        time(),
        group_id,
        &[bob.add_or_lookup_contact(&alice).await.id],
    )
    .await?;

-    // =============== Bob sends the first message to the group ===============
+    tcm.section("Bob sends the first message to the group");
    let sent = bob.send_text(group_id, "Hello all!").await;
    alice.recv_msg(&sent).await;

    let chats = Chatlist::try_load(&bob, 0, None, None).await?;
    assert_eq!(chats.len(), 1);

-    // =============== Bob blocks Alice ================
+    tcm.section("Bob blocks Alice");
    Contact::block(&bob, bob.add_or_lookup_contact(&alice).await.id).await?;

-    // =============== Alice replies private to Bob ==============
+    tcm.section("Alice replies private to Bob");
    let received = alice.get_last_msg().await;
    assert_eq!(received.text, "Hello all!");

@@ -3551,7 +3583,7 @@ async fn test_no_private_reply_to_blocked_account() -> Result<()> {
    let sent2 = alice.send_msg(alice_bob_chat.id, &mut msg_out).await;
    bob.recv_msg(&sent2).await;

-    // ========= check that no contact request was created ============
+    // check that no contact request was created
    let chats = Chatlist::try_load(&bob, 0, None, None).await.unwrap();
    assert_eq!(chats.len(), 1);
    let chat_id = chats.get_chat_id(0).unwrap();
@@ -3562,7 +3594,7 @@ async fn test_no_private_reply_to_blocked_account() -> Result<()> {
    let received = bob.get_last_msg().await;
    assert_eq!(received.text, "Hello all!");

-    // =============== Bob unblocks Alice ================
+    tcm.section("Bob unblocks Alice");
    // test if the blocked chat is restored correctly
    Contact::unblock(&bob, bob.add_or_lookup_contact(&alice).await.id).await?;
    let chats = Chatlist::try_load(&bob, 0, None, None).await.unwrap();
@@ -4127,11 +4159,15 @@ async fn test_ignore_outdated_membership_changes() -> Result<()> {

    SystemTime::shift(Duration::from_secs(3600));

-    // Bob replies again adding Alice back.
+    // Bob replies again, even after some time this does not add Alice back.
+    //
+    // Bob cannot learn from Alice that Alice has left the group
+    // because Alice is not going to send more messages to the group.
    send_text_msg(bob, bob_chat_id, "i'm bob".to_string()).await?;
    let msg = &bob.pop_sent_msg().await;
    alice.recv_msg(msg).await;
-    assert!(is_contact_in_chat(alice, alice_chat_id, ContactId::SELF).await?);
+
+    assert!(!is_contact_in_chat(alice, alice_chat_id, ContactId::SELF).await?);

    Ok(())
 }
@@ -4192,7 +4228,7 @@ async fn test_dont_recreate_contacts_on_add_remove() -> Result<()> {
 }

 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_recreate_contact_list_on_missing_messages() -> Result<()> {
+async fn test_delayed_removal_is_ignored() -> Result<()> {
    let alice = TestContext::new_alice().await;
    let bob = TestContext::new_bob().await;
    let chat_id = create_group_chat(&alice, ProtectionStatus::Unprotected, "Group").await?;
@@ -4200,6 +4236,7 @@ async fn test_recreate_contact_list_on_missing_messages() -> Result<()> {
    // create chat with three members
    add_to_chat_contacts_table(
        &alice,
+        time(),
        chat_id,
        &[
            Contact::create(&alice, "bob", "bob@example.net").await?,
@@ -4212,12 +4249,12 @@ async fn test_recreate_contact_list_on_missing_messages() -> Result<()> {
    let bob_chat_id = bob.recv_msg(&alice.pop_sent_msg().await).await.chat_id;
    bob_chat_id.accept(&bob).await?;

-    // bob removes a member
+    // Bob removes Fiona.
    let bob_contact_fiona = Contact::create(&bob, "fiona", "fiona@example.net").await?;
    remove_contact_from_chat(&bob, bob_chat_id, bob_contact_fiona).await?;
    let remove_msg = bob.pop_sent_msg().await;

-    // bob adds new members
+    // Bob adds new members "blue" and "orange", but first addition message is lost.
    let bob_blue = Contact::create(&bob, "blue", "blue@example.net").await?;
    add_contact_to_chat(&bob, bob_chat_id, bob_blue).await?;
    bob.pop_sent_msg().await;
@@ -4225,32 +4262,32 @@ async fn test_recreate_contact_list_on_missing_messages() -> Result<()> {
    add_contact_to_chat(&bob, bob_chat_id, bob_orange).await?;
    let add_msg = bob.pop_sent_msg().await;

-    // alice only receives the second member addition
+    // Alice only receives the second member addition,
+    // but this results in addition of both members
+    // and removal of Fiona.
    alice.recv_msg(&add_msg).await;
-
-    // since we missed messages, a new contact list should be build
    assert_eq!(get_chat_contacts(&alice, chat_id).await?.len(), 4);

-    // re-add fiona
+    // Alice re-adds Fiona.
    add_contact_to_chat(&alice, chat_id, alice_fiona).await?;
+    assert_eq!(get_chat_contacts(&alice, chat_id).await?.len(), 5);

-    // delayed removal of fiona shouldn't remove her
-    alice.recv_msg_trash(&remove_msg).await;
+    // Delayed removal of Fiona by Bob shouldn't remove her.
+    alice.recv_msg(&remove_msg).await;
    assert_eq!(get_chat_contacts(&alice, chat_id).await?.len(), 5);

    alice
-        .golden_test_chat(
-            chat_id,
-            "receive_imf_recreate_contact_list_on_missing_messages",
-        )
+        .golden_test_chat(chat_id, "receive_imf_delayed_removal_is_ignored")
        .await;
+
    Ok(())
 }

 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_dont_readd_with_normal_msg() -> Result<()> {
-    let alice = TestContext::new_alice().await;
-    let bob = TestContext::new_bob().await;
+    let mut tcm = TestContextManager::new();
+    let alice = tcm.alice().await;
+    let bob = tcm.bob().await;

    let alice_chat_id = create_group_chat(&alice, ProtectionStatus::Unprotected, "Group").await?;

@@ -4265,6 +4302,7 @@ async fn test_dont_readd_with_normal_msg() -> Result<()> {
    let bob_chat_id = bob.recv_msg(&alice.pop_sent_msg().await).await.chat_id;
    bob_chat_id.accept(&bob).await?;

+    // Bob leaves, but Alice didn't receive Bob's leave message.
    remove_contact_from_chat(&bob, bob_chat_id, ContactId::SELF).await?;
    bob.pop_sent_msg().await;
    assert_eq!(get_chat_contacts(&bob, bob_chat_id).await?.len(), 1);
@@ -4278,12 +4316,11 @@ async fn test_dont_readd_with_normal_msg() -> Result<()> {
    .await?;
    bob.recv_msg(&alice.pop_sent_msg().await).await;

-    // Alice didn't receive Bob's leave message although a lot of time has
-    // passed, so Bob must re-add themselves otherwise other members would think
-    // Bob is still here while they aren't. Bob should retry to leave if they
-    // think that Alice didn't re-add them on purpose (which is possible if Alice uses a classical
-    // MUA).
-    assert!(is_contact_in_chat(&bob, bob_chat_id, ContactId::SELF).await?);
+    // Bob received a message from Alice, but this should not re-add him to the group.
+    assert!(!is_contact_in_chat(&bob, bob_chat_id, ContactId::SELF).await?);
+
+    // Bob got an update that fiora is added nevertheless.
+    assert_eq!(get_chat_contacts(&bob, bob_chat_id).await?.len(), 2);
    Ok(())
 }

@@ -4291,35 +4328,50 @@ async fn test_dont_readd_with_normal_msg() -> Result<()> {
 async fn test_mua_cant_remove() -> Result<()> {
    let alice = TestContext::new_alice().await;

+    let now = time();
+
    // Alice creates chat with 3 contacts
+    let date = chrono::DateTime::<chrono::Utc>::from_timestamp(now - 2000, 0)
+        .unwrap()
+        .to_rfc2822();
    let msg = receive_imf(
        &alice,
-        b"Subject: =?utf-8?q?Message_from_alice=40example=2Eorg?=\r\n\
-            From: alice@example.org\r\n\
-            To: <bob@example.net>, <claire@example.org>, <fiona@example.org> \r\n\
-            Date: Mon, 12 Dec 2022 14:30:39 +0000\r\n\
-            Message-ID: <Mr.alices_original_mail@example.org>\r\n\
-            Chat-Version: 1.0\r\n\
-            \r\n\
-            tst\r\n",
+        format!(
+            "Subject: =?utf-8?q?Message_from_alice=40example=2Eorg?=\r\n\
+             From: alice@example.org\r\n\
+             To: <bob@example.net>, <claire@example.org>, <fiona@example.org> \r\n\
+            Date: {date}\r\n\
+             Message-ID: <Mr.alices_original_mail@example.org>\r\n\
+             Chat-Version: 1.0\r\n\
+             \r\n\
+            tst\r\n"
+        )
+        .as_bytes(),
        false,
    )
    .await?
    .unwrap();
    let alice_chat = Chat::load_from_db(&alice, msg.chat_id).await?;
    assert_eq!(alice_chat.typ, Chattype::Group);
+    assert_eq!(alice_chat.member_list_is_stale(&alice).await?, false);

    // Bob uses a classical MUA to answer, removing a recipient.
+    let date = chrono::DateTime::<chrono::Utc>::from_timestamp(now - 1000, 0)
+        .unwrap()
+        .to_rfc2822();
    let bob_removes = receive_imf(
        &alice,
-        b"Subject: Re: Message from alice\r\n\
-            From: <bob@example.net>\r\n\
-            To: <alice@example.org>, <claire@example.org>\r\n\
-            Date: Mon, 12 Dec 2022 14:32:39 +0000\r\n\
-            Message-ID: <bobs_answer_to_two_recipients@example.net>\r\n\
-            In-Reply-To: <Mr.alices_original_mail@example.org>\r\n\
-            \r\n\
-            Hi back!\r\n",
+        format!(
+            "Subject: Re: Message from alice\r\n\
+             From: <bob@example.net>\r\n\
+             To: <alice@example.org>, <claire@example.org>\r\n\
+            Date: {date}\r\n\
+             Message-ID: <bobs_answer_to_two_recipients@example.net>\r\n\
+             In-Reply-To: <Mr.alices_original_mail@example.org>\r\n\
+             \r\n\
+            Hi back!\r\n"
+        )
+        .as_bytes(),
        false,
    )
    .await?
@@ -4327,22 +4379,29 @@ async fn test_mua_cant_remove() -> Result<()> {
    assert_eq!(bob_removes.chat_id, alice_chat.id);
    let group_chat = Chat::load_from_db(&alice, bob_removes.chat_id).await?;
    assert_eq!(group_chat.typ, Chattype::Group);
+    assert_eq!(group_chat.member_list_is_stale(&alice).await?, false);
    assert_eq!(
        chat::get_chat_contacts(&alice, group_chat.id).await?.len(),
        4
    );

    // But if the parent message is missing, the message must goto a new ad-hoc group.
+    let date = chrono::DateTime::<chrono::Utc>::from_timestamp(now, 0)
+        .unwrap()
+        .to_rfc2822();
    let bob_removes = receive_imf(
        &alice,
-        b"Subject: Re: Message from alice\r\n\
-            From: <bob@example.net>\r\n\
-            To: <alice@example.org>, <claire@example.org>\r\n\
-            Date: Mon, 12 Dec 2022 14:32:40 +0000\r\n\
-            Message-ID: <bobs_answer_to_two_recipients_1@example.net>\r\n\
-            In-Reply-To: <Mr.missing@example.org>\r\n\
-            \r\n\
-            Hi back!\r\n",
+        format!(
+            "Subject: Re: Message from alice\r\n\
+             From: <bob@example.net>\r\n\
+             To: <alice@example.org>, <claire@example.org>\r\n\
+            Date: {date}\r\n\
+             Message-ID: <bobs_answer_to_two_recipients_1@example.net>\r\n\
+             In-Reply-To: <Mr.missing@example.org>\r\n\
+             \r\n\
+            Hi back!\r\n"
+        )
+        .as_bytes(),
        false,
    )
    .await?
@@ -4361,39 +4420,51 @@ async fn test_mua_cant_remove() -> Result<()> {
 async fn test_mua_can_add() -> Result<()> {
    let alice = TestContext::new_alice().await;

+    let now = time();
+
    // Alice creates chat with 3 contacts
+    let date = chrono::DateTime::<chrono::Utc>::from_timestamp(now - 2000, 0)
+        .unwrap()
+        .to_rfc2822();
    let msg = receive_imf(
        &alice,
-        b"Subject: =?utf-8?q?Message_from_alice=40example=2Eorg?=\r\n\
-            From: alice@example.org\r\n\
-            To: <bob@example.net>, <claire@example.org>, <fiona@example.org> \r\n\
-            Date: Mon, 12 Dec 2022 14:30:39 +0000\r\n\
-            Message-ID: <Mr.alices_original_mail@example.org>\r\n\
-            Chat-Version: 1.0\r\n\
-            \r\n\
-            Hi!\r\n",
+        format!(
+            "Subject: =?utf-8?q?Message_from_alice=40example=2Eorg?=\r\n\
+             From: alice@example.org\r\n\
+             To: <bob@example.net>, <claire@example.org>, <fiona@example.org> \r\n\
+            Date: {date}\r\n\
+             Message-ID: <Mr.alices_original_mail@example.org>\r\n\
+             Chat-Version: 1.0\r\n\
+             \r\n\
+            Hi!\r\n"
+        )
+        .as_bytes(),
        false,
    )
    .await?
    .unwrap();
    let alice_chat = Chat::load_from_db(&alice, msg.chat_id).await?;
    assert_eq!(alice_chat.typ, Chattype::Group);
+    assert_eq!(alice_chat.member_list_is_stale(&alice).await?, false);

    // Bob uses a classical MUA to answer, adding a recipient.
+    let date = chrono::DateTime::<chrono::Utc>::from_timestamp(now - 1000, 0)
+        .unwrap()
+        .to_rfc2822();
    let bob_adds = receive_imf(
-        &alice,
-        b"Subject: Re: Message from alice\r\n\
-            From: <bob@example.net>\r\n\
-            To: <alice@example.org>, <claire@example.org>, <fiona@example.org>, <greg@example.host>\r\n\
-            Date: Mon, 12 Dec 2022 14:32:39 +0000\r\n\
-            Message-ID: <bobs_answer_to_two_recipients@example.net>\r\n\
-            In-Reply-To: <Mr.alices_original_mail@example.org>\r\n\
-            \r\n\
-            Hi back!\r\n",
-        false,
-    )
-    .await?
-    .unwrap();
+         &alice,
+        format!("Subject: Re: Message from alice\r\n\
+             From: <bob@example.net>\r\n\
+             To: <alice@example.org>, <claire@example.org>, <fiona@example.org>, <greg@example.host>\r\n\
+            Date: {date}\r\n\
+             Message-ID: <bobs_answer_to_two_recipients@example.net>\r\n\
+             In-Reply-To: <Mr.alices_original_mail@example.org>\r\n\
+             \r\n\
+            Hi back!\r\n").as_bytes(),
+         false,
+     )
+     .await?
+     .unwrap();

    let group_chat = Chat::load_from_db(&alice, bob_adds.chat_id).await?;
    assert_eq!(group_chat.typ, Chattype::Group);
@@ -4511,19 +4582,14 @@ async fn test_recreate_member_list_on_missing_add_of_self() -> Result<()> {
    bob.recv_msg(&alice.pop_sent_msg().await).await;
    assert!(!is_contact_in_chat(&bob, bob_chat_id, ContactId::SELF).await?);

-    // But if Bob left a long time ago, they must recreate the member list after missing a message.
+    // Even if some time passed, Bob must not be re-added back.
    SystemTime::shift(Duration::from_secs(3600));
    send_text_msg(&alice, alice_chat_id, "5th message".to_string()).await?;
    alice.pop_sent_msg().await;
    send_text_msg(&alice, alice_chat_id, "6th message".to_string()).await?;
    bob.recv_msg(&alice.pop_sent_msg().await).await;
-    assert!(is_contact_in_chat(&bob, bob_chat_id, ContactId::SELF).await?);
+    assert!(!is_contact_in_chat(&bob, bob_chat_id, ContactId::SELF).await?);

-    bob.golden_test_chat(
-        bob_chat_id,
-        "receive_imf_recreate_member_list_on_missing_add_of_self",
-    )
-    .await;
    Ok(())
 }

@@ -4673,8 +4739,7 @@ async fn test_create_group_with_big_msg() -> Result<()> {
    let bob_grp_id = create_group_chat(&bob, ProtectionStatus::Unprotected, "Group").await?;
    add_contact_to_chat(&bob, bob_grp_id, ba_contact).await?;
    let mut msg = Message::new(Viewtype::Image);
-    msg.set_file_from_bytes(&bob, "a.jpg", file_bytes, None)
-        .await?;
+    msg.set_file_from_bytes(&bob, "a.jpg", file_bytes, None)?;
    let sent_msg = bob.send_msg(bob_grp_id, &mut msg).await;
    assert!(!msg.get_showpadlock());

@@ -4710,8 +4775,7 @@ async fn test_create_group_with_big_msg() -> Result<()> {
    let bob_grp_id = create_group_chat(&bob, ProtectionStatus::Unprotected, "Group1").await?;
    add_contact_to_chat(&bob, bob_grp_id, ba_contact).await?;
    let mut msg = Message::new(Viewtype::Image);
-    msg.set_file_from_bytes(&bob, "a.jpg", file_bytes, None)
-        .await?;
+    msg.set_file_from_bytes(&bob, "a.jpg", file_bytes, None)?;
    let sent_msg = bob.send_msg(bob_grp_id, &mut msg).await;
    assert!(msg.get_showpadlock());

@@ -4757,13 +4821,6 @@ async fn test_partial_group_consistency() -> Result<()> {
    let contacts = get_chat_contacts(&bob, bob_chat_id).await?;
    assert_eq!(contacts.len(), 2);

-    // Get initial timestamp.
-    let timestamp = bob_chat_id
-        .get_param(&bob)
-        .await?
-        .get_i64(Param::MemberListTimestamp)
-        .unwrap();
-
    // Bob receives partial message.
    let msg_id = receive_imf_from_inbox(
        &bob,
@@ -4784,15 +4841,9 @@ Chat-Group-Member-Added: charlie@example.com",
    .context("no received message")?;

    let msg = Message::load_from_db(&bob, msg_id.msg_ids[0]).await?;
-    let timestamp2 = bob_chat_id
-        .get_param(&bob)
-        .await?
-        .get_i64(Param::MemberListTimestamp)
-        .unwrap();

    // Partial download does not change the member list.
    assert_eq!(msg.download_state, DownloadState::Available);
-    assert_eq!(timestamp, timestamp2);
    assert_eq!(get_chat_contacts(&bob, bob_chat_id).await?, contacts);

    // Alice sends normal message to bob, adding fiona.
@@ -4805,15 +4856,6 @@ Chat-Group-Member-Added: charlie@example.com",

    bob.recv_msg(&alice.pop_sent_msg().await).await;

-    let timestamp3 = bob_chat_id
-        .get_param(&bob)
-        .await?
-        .get_i64(Param::MemberListTimestamp)
-        .unwrap();
-
-    // Receiving a message after a partial download recreates the member list because we treat
-    // such messages as if we have not seen them.
-    assert_ne!(timestamp, timestamp3);
    let contacts = get_chat_contacts(&bob, bob_chat_id).await?;
    assert_eq!(contacts.len(), 3);

@@ -4837,15 +4879,9 @@ Chat-Group-Member-Added: charlie@example.com",
    .context("no received message")?;

    let msg = Message::load_from_db(&bob, msg_id.msg_ids[0]).await?;
-    let timestamp4 = bob_chat_id
-        .get_param(&bob)
-        .await?
-        .get_i64(Param::MemberListTimestamp)
-        .unwrap();

    // After full download, the old message should not change group state.
    assert_eq!(msg.download_state, DownloadState::Done);
-    assert_eq!(timestamp3, timestamp4);
    assert_eq!(get_chat_contacts(&bob, bob_chat_id).await?, contacts);

    Ok(())
@@ -4868,19 +4904,13 @@ async fn test_leave_protected_group_missing_member_key() -> Result<()> {
            ("b@b", "bob@example.net"),
        )
        .await?;
+
+    // We fail to send the message.
    assert!(remove_contact_from_chat(alice, group_id, ContactId::SELF)
        .await
        .is_err());
-    assert!(is_contact_in_chat(alice, group_id, ContactId::SELF).await?);
-    alice
-        .sql
-        .execute(
-            "UPDATE acpeerstates SET addr=? WHERE addr=?",
-            ("bob@example.net", "b@b"),
-        )
-        .await?;
-    remove_contact_from_chat(alice, group_id, ContactId::SELF).await?;
-    alice.pop_sent_msg().await;
+
+    // The contact is already removed anyway.
    assert!(!is_contact_in_chat(alice, group_id, ContactId::SELF).await?);
    Ok(())
 }
@@ -4902,12 +4932,22 @@ async fn test_protected_group_add_remove_member_missing_key() -> Result<()> {
        .await?;

    let fiona = &tcm.fiona().await;
+    let fiona_addr = fiona.get_config(Config::Addr).await?.unwrap();
    mark_as_verified(alice, fiona).await;
    let alice_fiona_id = alice.add_or_lookup_contact(fiona).await.id;
    assert!(add_contact_to_chat(alice, group_id, alice_fiona_id)
        .await
        .is_err());
-    assert!(!is_contact_in_chat(alice, group_id, alice_fiona_id).await?);
+    // Sending the message failed,
+    // but member is added to the chat locally already.
+    assert!(is_contact_in_chat(alice, group_id, alice_fiona_id).await?);
+    let msg = alice.get_last_msg_in(group_id).await;
+    assert!(msg.is_info());
+    assert_eq!(
+        msg.get_text(),
+        stock_str::msg_add_member_local(alice, &fiona_addr, ContactId::SELF).await
+    );
+
    // Now the chat has a message "You added member fiona@example.net. [INFO] !!" (with error) that
    // may be confusing, but if the error is displayed in UIs, it's more or less ok. This is not a
    // normal scenario anyway.
@@ -5176,8 +5216,7 @@ async fn test_prefer_references_to_downloaded_msgs() -> Result<()> {

    let file_bytes = include_bytes!("../../test-data/image/screenshot.gif");
    let mut msg = Message::new(Viewtype::File);
-    msg.set_file_from_bytes(alice, "file", file_bytes, None)
-        .await?;
+    msg.set_file_from_bytes(alice, "file", file_bytes, None)?;
    let mut sent = alice.send_msg(alice_chat_id, &mut msg).await;
    sent.payload = sent
        .payload
@@ -5189,8 +5228,7 @@ async fn test_prefer_references_to_downloaded_msgs() -> Result<()> {
    assert_eq!(received.chat_id, bob.get_chat(alice).await.id);

    let mut msg = Message::new(Viewtype::File);
-    msg.set_file_from_bytes(alice, "file", file_bytes, None)
-        .await?;
+    msg.set_file_from_bytes(alice, "file", file_bytes, None)?;
    let sent = alice.send_msg(alice_chat_id, &mut msg).await;
    let received = bob.recv_msg(&sent).await;
    assert_eq!(received.download_state, DownloadState::Available);
@@ -5249,7 +5287,6 @@ async fn test_receive_vcard() -> Result<()> {
            .as_bytes(),
            None,
        )
-        .await
        .unwrap();

        let alice_bob_chat = alice.create_chat(bob).await;
--- a/src/securejoin/bob.rs
+++ b/src/securejoin/bob.rs
@@ -59,8 +59,13 @@ pub(super) async fn start_protocol(context: &Context, invite: QrInvite) -> Resul
            // only become usable once the protocol is finished.
            let group_chat_id = state.joining_chat_id(context).await?;
            if !is_contact_in_chat(context, group_chat_id, invite.contact_id()).await? {
-                chat::add_to_chat_contacts_table(context, group_chat_id, &[invite.contact_id()])
-                    .await?;
+                chat::add_to_chat_contacts_table(
+                    context,
+                    time(),
+                    group_chat_id,
+                    &[invite.contact_id()],
+                )
+                .await?;
            }
            let msg = stock_str::secure_join_started(context, invite.contact_id()).await;
            chat::add_info_msg(context, group_chat_id, &msg, time()).await?;
--- a/src/smtp.rs
+++ b/src/smtp.rs
@@ -103,7 +103,7 @@ impl Smtp {
    }

    /// Connect using the provided login params.
-    #[allow(clippy::too_many_arguments)]
+    #[expect(clippy::too_many_arguments)]
    pub async fn connect(
        &mut self,
        context: &Context,
--- a/src/smtp/connect.rs
+++ b/src/smtp/connect.rs
@@ -45,7 +45,7 @@ async fn new_smtp_transport<S: AsyncBufRead + AsyncWrite + Unpin>(
    Ok(transport)
 }

-#[allow(clippy::too_many_arguments)]
+#[expect(clippy::too_many_arguments)]
 pub(crate) async fn connect_and_auth(
    context: &Context,
    proxy_config: &Option<ProxyConfig>,
--- a/src/sql.rs
+++ b/src/sql.rs
@@ -44,12 +44,6 @@ macro_rules! params_slice {
    };
 }

-pub(crate) fn params_iter(
-    iter: &[impl crate::sql::ToSql],
-) -> impl Iterator<Item = &dyn crate::sql::ToSql> {
-    iter.iter().map(|item| item as &dyn crate::sql::ToSql)
-}
-
 mod migrations;
 mod pool;

@@ -260,9 +254,13 @@ impl Sql {
                let mut blob = BlobObject::new_from_path(context, avatar.as_ref()).await?;
                match blob.recode_to_avatar_size(context).await {
                    Ok(()) => {
-                        context
-                            .set_config_internal(Config::Selfavatar, Some(&avatar))
-                            .await?
+                        if let Some(path) = blob.to_abs_path().to_str() {
+                            context
+                                .set_config_internal(Config::Selfavatar, Some(path))
+                                .await?;
+                        } else {
+                            warn!(context, "Setting selfavatar failed: non-UTF-8 filename");
+                        }
                    }
                    Err(e) => {
                        warn!(context, "Migrations can't recode avatar, removing. {:#}", e);
@@ -441,7 +439,7 @@ impl Sql {
        .await
    }

-    /// Execute the function inside a transaction assuming that it does write queries.
+    /// Execute the function inside a transaction assuming that it does writes.
    ///
    /// If the function returns an error, the transaction will be rolled back. If it does not return an
    /// error, the transaction will be committed.
@@ -450,7 +448,28 @@ impl Sql {
        H: Send + 'static,
        G: Send + FnOnce(&mut rusqlite::Transaction<'_>) -> Result<H>,
    {
-        self.call_write(move |conn| {
+        let query_only = false;
+        self.transaction_ex(query_only, callback).await
+    }
+
+    /// Execute the function inside a transaction.
+    ///
+    /// * `query_only` - Whether the function only executes read statements (queries) and can be run
+    ///   in parallel with other transactions. NB: Creating and modifying temporary tables are also
+    ///   allowed with `query_only`, temporary tables aren't visible in other connections, but you
+    ///   need to pass `PRAGMA query_only=0;` to SQLite before that:
+    ///     `pragma_update(None, "query_only", "0")`.
+    ///   Also temporary tables need to be dropped because the connection is returned to the pool
+    ///   then.
+    ///
+    /// If the function returns an error, the transaction will be rolled back. If it does not return
+    /// an error, the transaction will be committed.
+    pub async fn transaction_ex<G, H>(&self, query_only: bool, callback: G) -> Result<H>
+    where
+        H: Send + 'static,
+        G: Send + FnOnce(&mut rusqlite::Transaction<'_>) -> Result<H>,
+    {
+        self.call(query_only, move |conn| {
            let mut transaction = conn.transaction()?;
            let ret = callback(&mut transaction);

@@ -1024,16 +1043,6 @@ async fn prune_tombstones(sql: &Sql) -> Result<()> {
    Ok(())
 }

-/// Helper function to return comma-separated sequence of `?` chars.
-///
-/// Use this together with [`rusqlite::ParamsFromIter`] to use dynamically generated
-/// parameter lists.
-pub fn repeat_vars(count: usize) -> String {
-    let mut s = "?,".repeat(count);
-    s.pop(); // Remove trailing comma
-    s
-}
-
 #[cfg(test)]
 mod tests {
    use super::*;
--- a/src/sql/migrations.rs
+++ b/src/sql/migrations.rs
@@ -116,8 +116,6 @@ CREATE INDEX msgs_mdns_index1 ON msgs_mdns (msg_id);"#,
            r#"
 ALTER TABLE chats ADD COLUMN archived INTEGER DEFAULT 0;
 CREATE INDEX chats_index2 ON chats (archived);
-- 'starred' column is not used currently
-- (dropping is not easily doable and stop adding it will make reusing it complicated)
 ALTER TABLE msgs ADD COLUMN starred INTEGER DEFAULT 0;
 CREATE INDEX msgs_index5 ON msgs (starred);"#,
            17,
@@ -1123,11 +1121,7 @@ CREATE INDEX msgs_status_updates_index2 ON msgs_status_updates (uid);

    inc_and_check(&mut migration_version, 127)?;
    if dbversion < migration_version {
-        // Existing chatmail configurations having `delete_server_after` disabled should get
-        // `bcc_self` enabled, they may be multidevice configurations because before,
-        // `delete_server_after` was set to 0 upon a backup export for them, but together with this
-        // migration `bcc_self` is enabled instead (whose default is changed to 0 for chatmail). We
-        // don't check `is_chatmail` for simplicity.
+        // This is buggy: `delete_server_after` > 1 isn't handled. Migration #129 fixes this.
        sql.execute_migration(
            "INSERT OR IGNORE INTO config (keyname, value)
             SELECT 'bcc_self', '1'
@@ -1138,6 +1132,43 @@ CREATE INDEX msgs_status_updates_index2 ON msgs_status_updates (uid);
        .await?;
    }

+    inc_and_check(&mut migration_version, 128)?;
+    if dbversion < migration_version {
+        // Add the timestamps of addition and removal.
+        //
+        // If `add_timestamp >= remove_timestamp`,
+        // then the member is currently a member of the chat.
+        // Otherwise the member is a past member.
+        sql.execute_migration(
+            "ALTER TABLE chats_contacts
+             ADD COLUMN add_timestamp NOT NULL DEFAULT 0;
+             ALTER TABLE chats_contacts
+             ADD COLUMN remove_timestamp NOT NULL DEFAULT 0;
+            ",
+            migration_version,
+        )
+        .await?;
+    }
+
+    inc_and_check(&mut migration_version, 129)?;
+    if dbversion < migration_version {
+        // Existing chatmail configurations having `delete_server_after` != "delete at once" should
+        // get `bcc_self` enabled, they may be multidevice configurations:
+        // - Before migration #127, `delete_server_after` was set to 0 upon a backup export, but
+        //   then `bcc_self` is enabled instead (whose default is changed to 0 for chatmail).
+        // - The user might set `delete_server_after` to a value other than 0 or 1 when that was
+        //   possible in UIs.
+        // We don't check `is_chatmail` for simplicity.
+        sql.execute_migration(
+            "INSERT OR IGNORE INTO config (keyname, value)
+             SELECT 'bcc_self', '1'
+             FROM config WHERE keyname='delete_server_after' AND value!='1'
+            ",
+            migration_version,
+        )
+        .await?;
+    }
+
    let new_version = sql
        .get_raw_config_int(VERSION_CFG)
        .await?
@@ -1198,6 +1229,35 @@ impl Sql {
        .await
        .with_context(|| format!("execute_migration failed for version {version}"))?;

-        self.set_db_version_in_cache(version).await
+        self.config_cache.write().await.clear();
+
+        Ok(())
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use crate::config::Config;
+    use crate::test_utils::TestContext;
+
+    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+    async fn test_clear_config_cache() -> anyhow::Result<()> {
+        // Some migrations change the `config` table in SQL.
+        // This test checks that the config cache is invalidated in `execute_migration()`.
+
+        let t = TestContext::new().await;
+        assert_eq!(t.get_config_bool(Config::IsChatmail).await?, false);
+
+        t.sql
+            .execute_migration(
+                "INSERT INTO config (keyname, value) VALUES ('is_chatmail', '1')",
+                1000,
+            )
+            .await?;
+        assert_eq!(t.get_config_bool(Config::IsChatmail).await?, true);
+        assert_eq!(t.sql.get_raw_config_int(VERSION_CFG).await?.unwrap(), 1000);
+
+        Ok(())
    }
 }
--- a/src/stock_str.rs
+++ b/src/stock_str.rs
@@ -1415,9 +1415,10 @@ impl Context {
        // add welcome-messages. by the label, this is done only once,
        // if the user has deleted the message or the chat, it is not added again.
        let image = include_bytes!("../assets/welcome-image.jpg");
-        let blob = BlobObject::create(self, "welcome-image.jpg", image).await?;
+        let blob = BlobObject::create_and_deduplicate_from_bytes(self, image, "welcome.jpg")?;
        let mut msg = Message::new(Viewtype::Image);
        msg.param.set(Param::File, blob.as_name());
+        msg.param.set(Param::Filename, "welcome-image.jpg");
        chat::add_device_msg(self, Some("core-welcome-image"), Some(&mut msg)).await?;

        let mut msg = Message::new_text(welcome_message(self).await);
--- a/src/summary.rs
+++ b/src/summary.rs
@@ -286,6 +286,8 @@ impl Message {

 #[cfg(test)]
 mod tests {
+    use std::path::PathBuf;
+
    use super::*;
    use crate::chat::ChatId;
    use crate::param::Param;
@@ -305,62 +307,90 @@ mod tests {
            .unwrap();
        let some_text = " bla \t\n\tbla\n\t".to_string();

+        async fn write_file_to_blobdir(d: &TestContext) -> PathBuf {
+            let bytes = &[38, 209, 39, 29]; // Just some random bytes
+            let file = d.get_blobdir().join("random_filename_392438");
+            tokio::fs::write(&file, bytes).await.unwrap();
+            file
+        }
+
        let msg = Message::new_text(some_text.to_string());
        assert_summary_texts(&msg, ctx, "bla bla").await; // for simple text, the type is not added to the summary

+        let file = write_file_to_blobdir(&d).await;
        let mut msg = Message::new(Viewtype::Image);
-        msg.set_file("foo.jpg", None);
+        msg.set_file_and_deduplicate(&d, &file, Some("foo.jpg"), None)
+            .unwrap();
        assert_summary_texts(&msg, ctx, "📷 Image").await; // file names are not added for images

+        let file = write_file_to_blobdir(&d).await;
        let mut msg = Message::new(Viewtype::Image);
        msg.set_text(some_text.to_string());
-        msg.set_file("foo.jpg", None);
+        msg.set_file_and_deduplicate(&d, &file, Some("foo.jpg"), None)
+            .unwrap();
        assert_summary_texts(&msg, ctx, "📷 bla bla").await; // type is visible by emoji if text is set

+        let file = write_file_to_blobdir(&d).await;
        let mut msg = Message::new(Viewtype::Video);
-        msg.set_file("foo.mp4", None);
+        msg.set_file_and_deduplicate(&d, &file, Some("foo.mp4"), None)
+            .unwrap();
        assert_summary_texts(&msg, ctx, "🎥 Video").await; // file names are not added for videos

+        let file = write_file_to_blobdir(&d).await;
        let mut msg = Message::new(Viewtype::Video);
        msg.set_text(some_text.to_string());
-        msg.set_file("foo.mp4", None);
+        msg.set_file_and_deduplicate(&d, &file, Some("foo.mp4"), None)
+            .unwrap();
        assert_summary_texts(&msg, ctx, "🎥 bla bla").await; // type is visible by emoji if text is set

+        let file = write_file_to_blobdir(&d).await;
        let mut msg = Message::new(Viewtype::Gif);
-        msg.set_file("foo.gif", None);
+        msg.set_file_and_deduplicate(&d, &file, Some("foo.gif"), None)
+            .unwrap();
        assert_summary_texts(&msg, ctx, "GIF").await; // file names are not added for GIFs

+        let file = write_file_to_blobdir(&d).await;
        let mut msg = Message::new(Viewtype::Gif);
        msg.set_text(some_text.to_string());
-        msg.set_file("foo.gif", None);
+        msg.set_file_and_deduplicate(&d, &file, Some("foo.gif"), None)
+            .unwrap();
        assert_summary_texts(&msg, ctx, "GIF \u{2013} bla bla").await; // file names are not added for GIFs

+        let file = write_file_to_blobdir(&d).await;
        let mut msg = Message::new(Viewtype::Sticker);
-        msg.set_file("foo.png", None);
+        msg.set_file_and_deduplicate(&d, &file, Some("foo.png"), None)
+            .unwrap();
        assert_summary_texts(&msg, ctx, "Sticker").await; // file names are not added for stickers

+        let file = write_file_to_blobdir(&d).await;
        let mut msg = Message::new(Viewtype::Voice);
-        msg.set_file("foo.mp3", None);
+        msg.set_file_and_deduplicate(&d, &file, Some("foo.mp3"), None)
+            .unwrap();
        assert_summary_texts(&msg, ctx, "🎤 Voice message").await; // file names are not added for voice messages

+        let file = write_file_to_blobdir(&d).await;
        let mut msg = Message::new(Viewtype::Voice);
        msg.set_text(some_text.clone());
-        msg.set_file("foo.mp3", None);
+        msg.set_file_and_deduplicate(&d, &file, Some("foo.mp3"), None)
+            .unwrap();
        assert_summary_texts(&msg, ctx, "🎤 bla bla").await;

+        let file = write_file_to_blobdir(&d).await;
        let mut msg = Message::new(Viewtype::Audio);
-        msg.set_file("foo.mp3", None);
+        msg.set_file_and_deduplicate(&d, &file, Some("foo.mp3"), None)
+            .unwrap();
        assert_summary_texts(&msg, ctx, "🎵 foo.mp3").await; // file name is added for audio

+        let file = write_file_to_blobdir(&d).await;
        let mut msg = Message::new(Viewtype::Audio);
        msg.set_text(some_text.clone());
-        msg.set_file("foo.mp3", None);
+        msg.set_file_and_deduplicate(&d, &file, Some("foo.mp3"), None)
+            .unwrap();
        assert_summary_texts(&msg, ctx, "🎵 foo.mp3 \u{2013} bla bla").await; // file name and text added for audio

        let mut msg = Message::new(Viewtype::File);
        let bytes = include_bytes!("../test-data/webxdc/with-minimal-manifest.xdc");
        msg.set_file_from_bytes(ctx, "foo.xdc", bytes, None)
-            .await
            .unwrap();
        chat_id.set_draft(ctx, Some(&mut msg)).await.unwrap();
        assert_eq!(msg.viewtype, Viewtype::Webxdc);
@@ -369,24 +399,28 @@ mod tests {
        chat_id.set_draft(ctx, Some(&mut msg)).await.unwrap();
        assert_summary_texts(&msg, ctx, "nice app! \u{2013} bla bla").await;

+        let file = write_file_to_blobdir(&d).await;
        let mut msg = Message::new(Viewtype::File);
-        msg.set_file("foo.bar", None);
+        msg.set_file_and_deduplicate(&d, &file, Some("foo.bar"), None)
+            .unwrap();
        assert_summary_texts(&msg, ctx, "📎 foo.bar").await; // file name is added for files

+        let file = write_file_to_blobdir(&d).await;
        let mut msg = Message::new(Viewtype::File);
        msg.set_text(some_text.clone());
-        msg.set_file("foo.bar", None);
+        msg.set_file_and_deduplicate(&d, &file, Some("foo.bar"), None)
+            .unwrap();
        assert_summary_texts(&msg, ctx, "📎 foo.bar \u{2013} bla bla").await; // file name is added for files

+        let file = write_file_to_blobdir(&d).await;
        let mut msg = Message::new(Viewtype::VideochatInvitation);
        msg.set_text(some_text.clone());
-        msg.set_file("foo.bar", None);
+        msg.set_file_and_deduplicate(&d, &file, Some("foo.bar"), None)
+            .unwrap();
        assert_summary_texts(&msg, ctx, "Video chat invitation").await; // text is not added for videochat invitations

        let mut msg = Message::new(Viewtype::Vcard);
-        msg.set_file_from_bytes(ctx, "foo.vcf", b"", None)
-            .await
-            .unwrap();
+        msg.set_file_from_bytes(ctx, "foo.vcf", b"", None).unwrap();
        chat_id.set_draft(ctx, Some(&mut msg)).await.unwrap();
        // If a vCard can't be parsed, the message becomes `Viewtype::File`.
        assert_eq!(msg.viewtype, Viewtype::File);
@@ -406,7 +440,6 @@ mod tests {
                  END:VCARD",
                None,
            )
-            .await
            .unwrap();
            chat_id.set_draft(ctx, Some(&mut msg)).await.unwrap();
            assert_eq!(msg.viewtype, Viewtype::Vcard);
@@ -419,9 +452,11 @@ mod tests {
        assert_eq!(msg.get_summary_text(ctx).await, "Forwarded: bla bla"); // for simple text, the type is not added to the summary
        assert_eq!(msg.get_summary_text_without_prefix(ctx).await, "bla bla"); // skipping prefix used for reactions summaries

+        let file = write_file_to_blobdir(&d).await;
        let mut msg = Message::new(Viewtype::File);
        msg.set_text(some_text.clone());
-        msg.set_file("foo.bar", None);
+        msg.set_file_and_deduplicate(&d, &file, Some("foo.bar"), None)
+            .unwrap();
        msg.param.set_int(Param::Forwarded, 1);
        assert_eq!(
            msg.get_summary_text(ctx).await,
--- a/src/sync.rs
+++ b/src/sync.rs
@@ -16,7 +16,7 @@ use crate::param::Param;
 use crate::sync::SyncData::{AddQrToken, AlterChat, DeleteQrToken};
 use crate::token::Namespace;
 use crate::tools::time;
-use crate::{stock_str, token};
+use crate::{message, stock_str, token};

 /// Whether to send device sync messages. Aimed for usage in the internal API.
 #[derive(Debug, PartialEq)]
@@ -62,6 +62,10 @@ pub(crate) enum SyncData {
        key: Config,
        val: String,
    },
+    SaveMessage {
+        src: String,  // RFC724 id (i.e. "Message-Id" header)
+        dest: String, // RFC724 id (i.e. "Message-Id" header)
+    },
 }

 #[derive(Debug, Serialize, Deserialize)]
@@ -259,6 +263,7 @@ impl Context {
                    DeleteQrToken(token) => self.delete_qr_token(token).await,
                    AlterChat { id, action } => self.sync_alter_chat(id, action).await,
                    SyncData::Config { key, val } => self.sync_config(key, val).await,
+                    SyncData::SaveMessage { src, dest } => self.save_message(src, dest).await,
                },
                SyncDataOrUnknown::Unknown(data) => {
                    warn!(self, "Ignored unknown sync item: {data}.");
@@ -268,6 +273,15 @@ impl Context {
            .log_err(self)
            .ok();
        }
+
+        // Since there was a sync message, we know that there is a second device.
+        // Set BccSelf to true if it isn't already.
+        if !items.items.is_empty() && !self.get_config_bool(Config::BccSelf).await.unwrap_or(true) {
+            self.set_config_ex(Sync::Nosync, Config::BccSelf, Some("1"))
+                .await
+                .log_err(self)
+                .ok();
+        }
    }

    async fn add_qr_token(&self, token: &QrTokenData) -> Result<()> {
@@ -282,6 +296,13 @@ impl Context {
        token::delete(self, Namespace::Auth, &token.auth).await?;
        Ok(())
    }
+
+    async fn save_message(&self, src_rfc724_mid: &str, dest_rfc724_mid: &String) -> Result<()> {
+        if let Some((src_msg_id, _)) = message::rfc724_mid_exists(self, src_rfc724_mid).await? {
+            chat::save_copy_in_self_talk(self, &src_msg_id, dest_rfc724_mid).await?;
+        }
+        Ok(())
+    }
 }

 #[cfg(test)]
@@ -578,6 +599,62 @@ mod tests {
        Ok(())
    }

+    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+    async fn test_send_sync_msg_enables_bccself() -> Result<()> {
+        for (chatmail, sync_message_sent) in
+            [(false, false), (false, true), (true, false), (true, true)]
+        {
+            let alice1 = TestContext::new_alice().await;
+            let alice2 = TestContext::new_alice().await;
+
+            // SyncMsgs defaults to true on real devices, but in tests it defaults to false,
+            // so we need to enable it
+            alice1.set_config_bool(Config::SyncMsgs, true).await?;
+            alice2.set_config_bool(Config::SyncMsgs, true).await?;
+
+            if chatmail {
+                alice1.set_config_bool(Config::IsChatmail, true).await?;
+                alice2.set_config_bool(Config::IsChatmail, true).await?;
+            } else {
+                alice2.set_config_bool(Config::BccSelf, false).await?;
+            }
+
+            alice1.set_config_bool(Config::BccSelf, true).await?;
+
+            let sent_msg = if sync_message_sent {
+                alice1
+                    .add_sync_item(SyncData::AddQrToken(QrTokenData {
+                        invitenumber: "in".to_string(),
+                        auth: "testtoken".to_string(),
+                        grpid: None,
+                    }))
+                    .await?;
+                alice1.send_sync_msg().await?.unwrap();
+                alice1.pop_sent_sync_msg().await
+            } else {
+                let chat = alice1.get_self_chat().await;
+                alice1.send_text(chat.id, "Hi").await
+            };
+
+            // On chatmail accounts, BccSelf defaults to false.
+            // When receiving a sync message from another device,
+            // there obviously is a multi-device-setup, and BccSelf
+            // should be enabled.
+            assert_eq!(alice2.get_config_bool(Config::BccSelf).await?, false);
+
+            alice2.recv_msg_opt(&sent_msg).await;
+            assert_eq!(
+                alice2.get_config_bool(Config::BccSelf).await?,
+                // BccSelf should be enabled when receiving a sync message,
+                // but not when receiving another outgoing message
+                // because we might have forgotten it and it then it might have been forwarded to us again
+                // (though of course this is very unlikely).
+                sync_message_sent
+            );
+        }
+        Ok(())
+    }
+
    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
    async fn test_bot_no_sync_msgs() -> Result<()> {
        let mut tcm = TestContextManager::new();
--- a/src/test_utils.rs
+++ b/src/test_utils.rs
@@ -41,6 +41,7 @@ use crate::pgp::KeyPair;
 use crate::receive_imf::receive_imf;
 use crate::securejoin::{get_securejoin_qr, join_securejoin};
 use crate::stock_str::StockStrings;
+use crate::tools::time;

 #[allow(non_upper_case_globals)]
 pub const AVATAR_900x900_BYTES: &[u8] = include_bytes!("../test-data/image/avatar900x900.png");
@@ -880,7 +881,7 @@ impl TestContext {
            let contact = self.add_or_lookup_contact(member).await;
            to_add.push(contact.id);
        }
-        add_to_chat_contacts_table(self, chat_id, &to_add)
+        add_to_chat_contacts_table(self, time(), chat_id, &to_add)
            .await
            .unwrap();

--- a/src/tests/verified_chats.rs
+++ b/src/tests/verified_chats.rs
@@ -686,7 +686,7 @@ async fn test_break_protection_then_verify_again() -> Result<()> {
    alice.create_chat(&bob).await;
    assert_verified(&alice, &bob, ProtectionStatus::Protected).await;
    let chats = Chatlist::try_load(&alice, DC_GCL_FOR_FORWARDING, None, None).await?;
-    assert!(chats.len() == 1);
+    assert_eq!(chats.len(), 1);

    tcm.section("Bob reinstalls DC");
    drop(bob);
@@ -709,7 +709,7 @@ async fn test_break_protection_then_verify_again() -> Result<()> {
    assert_eq!(chat.is_protected(), false);
    assert_eq!(chat.is_protection_broken(), true);
    let chats = Chatlist::try_load(&alice, DC_GCL_FOR_FORWARDING, None, None).await?;
-    assert!(chats.len() == 1);
+    assert_eq!(chats.len(), 1);

    {
        let alice_bob_chat = alice.get_chat(&bob_new).await;
--- a/src/tools.rs
+++ b/src/tools.rs
@@ -26,7 +26,7 @@ use chrono::{Local, NaiveDateTime, NaiveTime, TimeZone};
 use deltachat_contact_tools::EmailAddress;
 #[cfg(test)]
 pub use deltachat_time::SystemTimeTools as SystemTime;
-use futures::{StreamExt, TryStreamExt};
+use futures::TryStreamExt;
 use mailparse::dateparse;
 use mailparse::headers::Headers;
 use mailparse::MailHeaderMap;
@@ -366,22 +366,6 @@ pub(crate) async fn delete_file(context: &Context, path: impl AsRef<Path>) -> Re
    Ok(())
 }

-pub async fn delete_files_in_dir(context: &Context, path: impl AsRef<Path>) -> Result<()> {
-    let read_dir = tokio::fs::read_dir(path)
-        .await
-        .context("could not read dir to delete")?;
-    let mut read_dir = tokio_stream::wrappers::ReadDirStream::new(read_dir);
-    while let Some(entry) = read_dir.next().await {
-        match entry {
-            Ok(file) => {
-                delete_file(context, file.file_name()).await?;
-            }
-            Err(e) => warn!(context, "Could not read file to delete: {}", e),
-        }
-    }
-    Ok(())
-}
-
 /// A guard which will remove the path when dropped.
 ///
 /// It implements [`Deref`] so it can be used as a `&Path`.
--- a/src/webxdc.rs
+++ b/src/webxdc.rs
@@ -261,9 +261,6 @@ impl Context {
    /// Ensure that a file is an acceptable webxdc for sending.
    pub(crate) async fn ensure_sendable_webxdc_file(&self, path: &Path) -> Result<()> {
        let filename = path.to_str().unwrap_or_default();
-        if !filename.ends_with(WEBXDC_SUFFIX) {
-            bail!("{} is not a valid webxdc file", filename);
-        }

        let valid = match FsZipFileReader::new(path).await {
            Ok(archive) => {
@@ -1047,9 +1044,9 @@ mod tests {
        Ok(())
    }

-    async fn create_webxdc_instance(t: &TestContext, name: &str, bytes: &[u8]) -> Result<Message> {
+    fn create_webxdc_instance(t: &TestContext, name: &str, bytes: &[u8]) -> Result<Message> {
        let mut instance = Message::new(Viewtype::File);
-        instance.set_file_from_bytes(t, name, bytes, None).await?;
+        instance.set_file_from_bytes(t, name, bytes, None)?;
        Ok(instance)
    }

@@ -1058,8 +1055,7 @@ mod tests {
            t,
            "minimal.xdc",
            include_bytes!("../test-data/webxdc/minimal.xdc"),
-        )
-        .await?;
+        )?;
        let instance_msg_id = send_msg(t, chat_id, &mut instance).await?;
        assert_eq!(instance.viewtype, Viewtype::Webxdc);
        Message::load_from_db(t, instance_msg_id).await
@@ -1078,9 +1074,7 @@ mod tests {

        // sending using bad extension is not working, even when setting Viewtype to webxdc
        let mut instance = Message::new(Viewtype::Webxdc);
-        instance
-            .set_file_from_bytes(&t, "index.html", b"<html>ola!</html>", None)
-            .await?;
+        instance.set_file_from_bytes(&t, "index.html", b"<html>ola!</html>", None)?;
        assert!(send_msg(&t, chat_id, &mut instance).await.is_err());

        Ok(())
@@ -1096,8 +1090,7 @@ mod tests {
            &t,
            "invalid-no-zip-but-7z.xdc",
            include_bytes!("../test-data/webxdc/invalid-no-zip-but-7z.xdc"),
-        )
-        .await?;
+        )?;
        let instance_id = send_msg(&t, chat_id, &mut instance).await?;
        assert_eq!(instance.viewtype, Viewtype::File);
        let test = Message::load_from_db(&t, instance_id).await?;
@@ -1105,14 +1098,12 @@ mod tests {

        // sending invalid .xdc as Viewtype::Webxdc should fail already on sending
        let mut instance = Message::new(Viewtype::Webxdc);
-        instance
-            .set_file_from_bytes(
-                &t,
-                "invalid2.xdc",
-                include_bytes!("../test-data/webxdc/invalid-no-zip-but-7z.xdc"),
-                None,
-            )
-            .await?;
+        instance.set_file_from_bytes(
+            &t,
+            "invalid2.xdc",
+            include_bytes!("../test-data/webxdc/invalid-no-zip-but-7z.xdc"),
+            None,
+        )?;
        assert!(send_msg(&t, chat_id, &mut instance).await.is_err());

        Ok(())
@@ -1128,8 +1119,7 @@ mod tests {
            &t,
            "chess.xdc",
            include_bytes!("../test-data/webxdc/chess.xdc"),
-        )
-        .await?;
+        )?;
        let instance_id = send_msg(&t, chat_id, &mut instance).await?;
        let instance = Message::load_from_db(&t, instance_id).await?;
        assert_eq!(instance.viewtype, Viewtype::Webxdc);
@@ -1315,8 +1305,7 @@ mod tests {
            &alice,
            "chess.xdc",
            include_bytes!("../test-data/webxdc/chess.xdc"),
-        )
-        .await?;
+        )?;
        let sent1 = alice.send_msg(chat.id, &mut alice_instance).await;
        let alice_instance = sent1.load_from_db().await;
        alice
@@ -1445,8 +1434,7 @@ mod tests {
            &t,
            "minimal.xdc",
            include_bytes!("../test-data/webxdc/minimal.xdc"),
-        )
-        .await?;
+        )?;
        chat_id.set_draft(&t, Some(&mut instance)).await?;
        let instance = chat_id.get_draft(&t).await?.unwrap();
        t.send_webxdc_status_update(instance.id, r#"{"payload": 42}"#)
@@ -1882,8 +1870,7 @@ mod tests {
            &t,
            "minimal.xdc",
            include_bytes!("../test-data/webxdc/minimal.xdc"),
-        )
-        .await?;
+        )?;
        chat_id.set_draft(&t, Some(&mut instance)).await?;
        let (first, last) = (StatusUpdateSerial(1), StatusUpdateSerial::MAX);
        assert_eq!(
@@ -2028,8 +2015,7 @@ mod tests {
            &alice,
            "minimal.xdc",
            include_bytes!("../test-data/webxdc/minimal.xdc"),
-        )
-        .await?;
+        )?;
        alice_chat_id
            .set_draft(&alice, Some(&mut alice_instance))
            .await?;
@@ -2143,8 +2129,7 @@ mod tests {
            &t,
            "some-files.xdc",
            include_bytes!("../test-data/webxdc/some-files.xdc"),
-        )
-        .await?;
+        )?;
        chat_id.set_draft(&t, Some(&mut instance)).await?;

        let buf = instance.get_webxdc_blob(&t, "index.html").await?;
@@ -2243,8 +2228,7 @@ sth_for_the = "future""#
            &t,
            "with-min-api-1001.xdc",
            include_bytes!("../test-data/webxdc/with-min-api-1001.xdc"),
-        )
-        .await?;
+        )?;
        send_msg(&t, chat_id, &mut instance).await?;

        let instance = t.get_last_msg().await;
@@ -2270,8 +2254,7 @@ sth_for_the = "future""#
            &t,
            "with-manifest-empty-name.xdc",
            include_bytes!("../test-data/webxdc/with-manifest-empty-name.xdc"),
-        )
-        .await?;
+        )?;
        chat_id.set_draft(&t, Some(&mut instance)).await?;
        let info = instance.get_webxdc_info(&t).await?;
        assert_eq!(info.name, "with-manifest-empty-name.xdc");
@@ -2281,8 +2264,7 @@ sth_for_the = "future""#
            &t,
            "with-manifest-no-name.xdc",
            include_bytes!("../test-data/webxdc/with-manifest-no-name.xdc"),
-        )
-        .await?;
+        )?;
        chat_id.set_draft(&t, Some(&mut instance)).await?;
        let info = instance.get_webxdc_info(&t).await?;
        assert_eq!(info.name, "with-manifest-no-name.xdc");
@@ -2292,8 +2274,7 @@ sth_for_the = "future""#
            &t,
            "with-minimal-manifest.xdc",
            include_bytes!("../test-data/webxdc/with-minimal-manifest.xdc"),
-        )
-        .await?;
+        )?;
        chat_id.set_draft(&t, Some(&mut instance)).await?;
        let info = instance.get_webxdc_info(&t).await?;
        assert_eq!(info.name, "nice app!");
@@ -2303,8 +2284,7 @@ sth_for_the = "future""#
            &t,
            "with-manifest-and-png-icon.xdc",
            include_bytes!("../test-data/webxdc/with-manifest-and-png-icon.xdc"),
-        )
-        .await?;
+        )?;
        chat_id.set_draft(&t, Some(&mut instance)).await?;
        let info = instance.get_webxdc_info(&t).await?;
        assert_eq!(info.name, "with some icon");
@@ -2314,8 +2294,7 @@ sth_for_the = "future""#
            &t,
            "with-png-icon.xdc",
            include_bytes!("../test-data/webxdc/with-png-icon.xdc"),
-        )
-        .await?;
+        )?;
        chat_id.set_draft(&t, Some(&mut instance)).await?;
        let info = instance.get_webxdc_info(&t).await?;
        assert_eq!(info.name, "with-png-icon.xdc");
@@ -2325,8 +2304,7 @@ sth_for_the = "future""#
            &t,
            "with-jpg-icon.xdc",
            include_bytes!("../test-data/webxdc/with-jpg-icon.xdc"),
-        )
-        .await?;
+        )?;
        chat_id.set_draft(&t, Some(&mut instance)).await?;
        let info = instance.get_webxdc_info(&t).await?;
        assert_eq!(info.name, "with-jpg-icon.xdc");
@@ -2667,8 +2645,7 @@ sth_for_the = "future""#
                        } else {
                            include_bytes!("../test-data/webxdc/minimal.xdc")
                        },
-                    )
-                    .await?;
+                    )?;
                    let instance_id = send_msg(&t, chat_id, &mut instance).await?;
                    t.send_webxdc_status_update(
                        instance_id,
@@ -2693,8 +2670,7 @@ sth_for_the = "future""#
            &t,
            "with-minimal-manifest.xdc",
            include_bytes!("../test-data/webxdc/with-minimal-manifest.xdc"),
-        )
-        .await?;
+        )?;
        send_msg(&t, chat_id, &mut instance).await?;

        let chatlist = Chatlist::try_load(&t, 0, None, None).await?;
@@ -2717,8 +2693,7 @@ sth_for_the = "future""#
            &alice,
            "minimal.xdc",
            include_bytes!("../test-data/webxdc/minimal.xdc"),
-        )
-        .await?;
+        )?;
        alice_instance.set_text("user added text".to_string());
        send_msg(&alice, alice_chat.id, &mut alice_instance).await?;
        let alice_instance = alice.get_last_msg().await;
@@ -2821,8 +2796,7 @@ sth_for_the = "future""#
            &alice,
            "debug_logging.xdc",
            include_bytes!("../test-data/webxdc/minimal.xdc"),
-        )
-        .await?;
+        )?;
        assert!(alice.debug_logging.read().unwrap().is_none());
        send_msg(&alice, chat_id, &mut instance).await?;
        assert!(alice.debug_logging.read().unwrap().is_some());
--- a/src/webxdc/integration.rs
+++ b/src/webxdc/integration.rs
@@ -190,8 +190,7 @@ mod tests {
            "mapstest.xdc",
            include_bytes!("../../test-data/webxdc/mapstest-integration-unset.xdc"),
            None,
-        )
-        .await?;
+        )?;
        t.send_msg(self_chat.id, &mut msg).await;
        assert_integration(&t, "with some icon").await?; // still the default integration

@@ -202,8 +201,7 @@ mod tests {
            "mapstest.xdc",
            include_bytes!("../../test-data/webxdc/mapstest-integration-set.xdc"),
            None,
-        )
-        .await?;
+        )?;
        let sent = t.send_msg(self_chat.id, &mut msg).await;
        let info = msg.get_webxdc_info(&t).await?;
        assert!(info.summary.contains("Used as map"));
--- a/test-data/golden/chat_test_msg_with_implicit_member_add
+++ b/test-data/golden/chat_test_msg_with_implicit_member_add
@@ -1,9 +0,0 @@
-Group#Chat#10: Group chat [3 member(s)] 
--------------------------------------------------------------------------------
-Msg#10:  (Contact#Contact#11): I created a group [FRESH]
-Msg#11:  (Contact#Contact#11): Member Fiona (fiona@example.net) added by alice@example.org. [FRESH][INFO]
-Msg#12: Me (Contact#Contact#Self): You removed member Fiona (fiona@example.net). [INFO] √
-Msg#13:  (Contact#Contact#11): Welcome, Fiona! [FRESH]
-Msg#14: info (Contact#Contact#Info): Member Fiona (fiona@example.net) added. [NOTICED][INFO]
-Msg#15:  (Contact#Contact#11): Welcome back, Fiona! [FRESH]
--------------------------------------------------------------------------------
--- a/test-data/golden/chat_test_parallel_member_remove
+++ b/test-data/golden/chat_test_parallel_member_remove
@@ -1,8 +1,7 @@
-Group#Chat#10: Group chat [4 member(s)] 
+Group#Chat#10: Group chat [3 member(s)] 
 --------------------------------------------------------------------------------
 Msg#10:  (Contact#Contact#10): Hi! I created a group. [FRESH]
 Msg#11: Me (Contact#Contact#Self): You left the group. [INFO] √
 Msg#12:  (Contact#Contact#10): Member claire@example.net added by alice@example.org. [FRESH][INFO]
-Msg#13: info (Contact#Contact#Info): Member Me (bob@example.net) added. [NOTICED][INFO]
-Msg#14:  (Contact#Contact#10): What a silence! [FRESH]
+Msg#13:  (Contact#Contact#10): What a silence! [FRESH]
 --------------------------------------------------------------------------------
--- a/test-data/golden/receive_imf_recreate_contact_list_on_missing_messages
+++ b/test-data/golden/receive_imf_recreate_contact_list_on_missing_messages
@@ -5,4 +5,5 @@ Msg#11: info (Contact#Contact#Info): Member blue@example.net added. [NOTICED][IN
 Msg#12: info (Contact#Contact#Info): Member fiona (fiona@example.net) removed. [NOTICED][INFO]
 Msg#13: bob (Contact#Contact#11): Member orange@example.net added by bob (bob@example.net). [FRESH][INFO]
 Msg#14: Me (Contact#Contact#Self): You added member fiona (fiona@example.net). [INFO] o
+Msg#15: bob (Contact#Contact#11): Member fiona (fiona@example.net) removed by bob (bob@example.net). [FRESH][INFO]
 --------------------------------------------------------------------------------
--- a/test-data/golden/receive_imf_recreate_member_list_on_missing_add_of_self
+++ b/test-data/golden/receive_imf_recreate_member_list_on_missing_add_of_self
@@ -1,9 +0,0 @@
-Group#Chat#10: Group [2 member(s)] 
--------------------------------------------------------------------------------
-Msg#10: info (Contact#Contact#Info): Member Me (bob@example.net) added. [NOTICED][INFO]
-Msg#11:  (Contact#Contact#10): second message [FRESH]
-Msg#12🔒: Me (Contact#Contact#Self): You left the group. [INFO] √
-Msg#13:  (Contact#Contact#10): 4th message [FRESH]
-Msg#14: info (Contact#Contact#Info): Member Me (bob@example.net) added. [NOTICED][INFO]
-Msg#15:  (Contact#Contact#10): 6th message [FRESH]
--------------------------------------------------------------------------------
@@ -1 +1 @@
 -12-24
 -01-23