feat: Don't copy References and In-Reply-To to outer headers

This implements the suggestion from https://www.rfc-editor.org/rfc/rfc9788.html#name-offering-more-ambitious-hea of "Header Protection for Cryptographically Protected Email".
feat: Do not copy Auto-Submitted header into outer part
2026-04-05 06:52:10 +03:00 · 2025-11-14 05:41:24 -03:00 · 2025-11-14 05:07:25 -03:00 · 2025-11-14 05:07:25 -03:00 · 2025-11-14 05:07:25 -03:00 · 2025-11-14 05:07:25 -03:00
230 changed files with 12511 additions and 19991 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -20,18 +20,17 @@ permissions: {}

 env:
  RUSTFLAGS: -Dwarnings
-  RUST_VERSION: 1.94.0
+  RUST_VERSION: 1.91.0

  # Minimum Supported Rust Version
-  MSRV: 1.88.0
+  MSRV: 1.85.0

 jobs:
  lint_rust:
    name: Lint Rust
    runs-on: ubuntu-latest
-    timeout-minutes: 60
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
@@ -40,7 +39,7 @@ jobs:
      - run: rustup override set $RUST_VERSION
        shell: bash
      - name: Cache rust cargo artifacts
-        uses: swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5
+        uses: swatinem/rust-cache@v2
      - name: Run rustfmt
        run: cargo fmt --all -- --check
      - name: Run clippy
@@ -53,24 +52,22 @@ jobs:
  cargo_deny:
    name: cargo deny
    runs-on: ubuntu-latest
-    timeout-minutes: 60
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
-      - uses: EmbarkStudios/cargo-deny-action@3fd3802e88374d3fe9159b834c7714ec57d6c979
+      - uses: EmbarkStudios/cargo-deny-action@v2
        with:
-          arguments: --workspace --all-features --locked
+          arguments: --all-features --workspace
          command: check
          command-arguments: "-Dwarnings"

  provider_database:
    name: Check provider database
    runs-on: ubuntu-latest
-    timeout-minutes: 60
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
@@ -82,16 +79,15 @@ jobs:
  docs:
    name: Rust doc comments
    runs-on: ubuntu-latest
-    timeout-minutes: 60
    env:
      RUSTDOCFLAGS: -Dwarnings
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
      - name: Cache rust cargo artifacts
-        uses: swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5
+        uses: swatinem/rust-cache@v2
      - name: Rustdoc
        run: cargo doc --document-private-items --no-deps

@@ -111,7 +107,6 @@ jobs:
          - os: ubuntu-latest
            rust: minimum
    runs-on: ${{ matrix.os }}
-    timeout-minutes: 60
    steps:
      - run:
          echo "RUSTUP_TOOLCHAIN=$MSRV" >> $GITHUB_ENV
@@ -122,7 +117,7 @@ jobs:
        shell: bash
        if: matrix.rust == 'latest'

-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
@@ -134,10 +129,10 @@ jobs:
        shell: bash

      - name: Cache rust cargo artifacts
-        uses: swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5
+        uses: swatinem/rust-cache@v2

      - name: Install nextest
-        uses: taiki-e/install-action@69e777b377e4ec209ddad9426ae3e0c1008b0ef3
+        uses: taiki-e/install-action@v2
        with:
          tool: nextest

@@ -160,21 +155,20 @@ jobs:
      matrix:
        os: [ubuntu-latest, macos-latest]
    runs-on: ${{ matrix.os }}
-    timeout-minutes: 60
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false

      - name: Cache rust cargo artifacts
-        uses: swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5
+        uses: swatinem/rust-cache@v2

      - name: Build C library
        run: cargo build -p deltachat_ffi

      - name: Upload C library
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@v5
        with:
          name: ${{ matrix.os }}-libdeltachat.a
          path: target/debug/libdeltachat.a
@@ -186,21 +180,20 @@ jobs:
      matrix:
        os: [ubuntu-latest, macos-latest, windows-latest]
    runs-on: ${{ matrix.os }}
-    timeout-minutes: 60
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false

      - name: Cache rust cargo artifacts
-        uses: swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5
+        uses: swatinem/rust-cache@v2

      - name: Build deltachat-rpc-server
        run: cargo build -p deltachat-rpc-server

      - name: Upload deltachat-rpc-server
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@v5
        with:
          name: ${{ matrix.os }}-deltachat-rpc-server
          path: ${{ matrix.os == 'windows-latest' && 'target/debug/deltachat-rpc-server.exe' || 'target/debug/deltachat-rpc-server' }}
@@ -209,9 +202,8 @@ jobs:
  python_lint:
    name: Python lint
    runs-on: ubuntu-latest
-    timeout-minutes: 60
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
@@ -227,38 +219,6 @@ jobs:
        working-directory: deltachat-rpc-client
        run: tox -e lint

-  # mypy does not work with PyPy since mypy 1.19
-  # as it introduced native `librt` dependency
-  # that uses CPython internals.
-  # We only run mypy with CPython because of this.
-  cffi_python_mypy:
-    name: CFFI Python mypy
-    needs: ["c_library", "python_lint"]
-    runs-on: ubuntu-latest
-    timeout-minutes: 60
-    steps:
-      - uses: actions/checkout@v6
-        with:
-          show-progress: false
-          persist-credentials: false
-
-      - name: Download libdeltachat.a
-        uses: actions/download-artifact@v7
-        with:
-          name: ubuntu-latest-libdeltachat.a
-          path: target/debug
-
-      - name: Install tox
-        run: pip install tox
-
-      - name: Run mypy
-        env:
-          DCC_RS_TARGET: debug
-          DCC_RS_DEV: ${{ github.workspace }}
-        working-directory: python
-        run: tox -e mypy
-
-
  cffi_python_tests:
    name: CFFI Python tests
    needs: ["c_library", "python_lint"]
@@ -278,22 +238,21 @@ jobs:
          - os: macos-latest
            python: pypy3.10

-          # Minimum Supported Python Version = 3.10
+          # Minimum Supported Python Version = 3.8
          # This is the minimum version for which manylinux Python wheels are
          # built. Test it with minimum supported Rust version.
          - os: ubuntu-latest
-            python: "3.10"
+            python: 3.8

    runs-on: ${{ matrix.os }}
-    timeout-minutes: 60
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false

      - name: Download libdeltachat.a
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v6
        with:
          name: ${{ matrix.os }}-libdeltachat.a
          path: target/debug
@@ -312,7 +271,7 @@ jobs:
          DCC_RS_TARGET: debug
          DCC_RS_DEV: ${{ github.workspace }}
        working-directory: python
-        run: tox -e doc,py
+        run: tox -e mypy,doc,py

  rpc_python_tests:
    name: JSON-RPC Python tests
@@ -334,14 +293,13 @@ jobs:
          - os: macos-latest
            python: pypy3.10

-          # Minimum Supported Python Version = 3.10
+          # Minimum Supported Python Version = 3.8
          - os: ubuntu-latest
-            python: "3.10"
+            python: 3.8

    runs-on: ${{ matrix.os }}
-    timeout-minutes: 60
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
@@ -355,7 +313,7 @@ jobs:
        run: pip install tox

      - name: Download deltachat-rpc-server
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v6
        with:
          name: ${{ matrix.os }}-deltachat-rpc-server
          path: target/debug
--- a/.github/workflows/deltachat-rpc-server.yml
+++ b/.github/workflows/deltachat-rpc-server.yml
@@ -30,46 +30,22 @@ jobs:
        arch: [aarch64, armv7l, armv6l, i686, x86_64]
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # v31.9.1
+      - uses: cachix/install-nix-action@fd24c48048070c1be9acd18c9d369a83f0fe94d7 # v31

      - name: Build deltachat-rpc-server binaries
        run: nix build .#deltachat-rpc-server-${{ matrix.arch }}-linux

      - name: Upload binary
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@v5
        with:
          name: deltachat-rpc-server-${{ matrix.arch }}-linux
          path: result/bin/deltachat-rpc-server
          if-no-files-found: error

-  build_linux_wheel:
-    name: Linux wheel
-    strategy:
-      fail-fast: false
-      matrix:
-        arch: [aarch64, armv7l, armv6l, i686, x86_64]
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v6
-        with:
-          show-progress: false
-          persist-credentials: false
-      - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # v31.9.1
-
-      - name: Build deltachat-rpc-server wheels
-        run: nix build .#deltachat-rpc-server-${{ matrix.arch }}-linux-wheel
-
-      - name: Upload wheel
-        uses: actions/upload-artifact@v7
-        with:
-          name: deltachat-rpc-server-${{ matrix.arch }}-linux-wheel
-          path: result/*.whl
-          if-no-files-found: error
-
  build_windows:
    name: Windows
    strategy:
@@ -78,46 +54,22 @@ jobs:
        arch: [win32, win64]
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # v31.9.1
+      - uses: cachix/install-nix-action@fd24c48048070c1be9acd18c9d369a83f0fe94d7 # v31

      - name: Build deltachat-rpc-server binaries
        run: nix build .#deltachat-rpc-server-${{ matrix.arch }}

      - name: Upload binary
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@v5
        with:
          name: deltachat-rpc-server-${{ matrix.arch }}
          path: result/bin/deltachat-rpc-server.exe
          if-no-files-found: error

-  build_windows_wheel:
-    name: Windows wheel
-    strategy:
-      fail-fast: false
-      matrix:
-        arch: [win32, win64]
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v6
-        with:
-          show-progress: false
-          persist-credentials: false
-      - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # v31.9.1
-
-      - name: Build deltachat-rpc-server wheels
-        run: nix build .#deltachat-rpc-server-${{ matrix.arch }}-wheel
-
-      - name: Upload wheel
-        uses: actions/upload-artifact@v7
-        with:
-          name: deltachat-rpc-server-${{ matrix.arch }}-wheel
-          path: result/*.whl
-          if-no-files-found: error
-
  build_macos:
    name: macOS
    strategy:
@@ -127,7 +79,7 @@ jobs:

    runs-on: macos-latest
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
@@ -139,7 +91,7 @@ jobs:
        run: cargo build --release --package deltachat-rpc-server --target ${{ matrix.arch }}-apple-darwin --features vendored

      - name: Upload binary
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@v5
        with:
          name: deltachat-rpc-server-${{ matrix.arch }}-macos
          path: target/${{ matrix.arch }}-apple-darwin/release/deltachat-rpc-server
@@ -153,49 +105,25 @@ jobs:
        arch: [arm64-v8a, armeabi-v7a]
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # v31.9.1
+      - uses: cachix/install-nix-action@fd24c48048070c1be9acd18c9d369a83f0fe94d7 # v31

      - name: Build deltachat-rpc-server binaries
        run: nix build .#deltachat-rpc-server-${{ matrix.arch }}-android

      - name: Upload binary
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@v5
        with:
          name: deltachat-rpc-server-${{ matrix.arch }}-android
          path: result/bin/deltachat-rpc-server
          if-no-files-found: error

-  build_android_wheel:
-    name: Android wheel
-    strategy:
-      fail-fast: false
-      matrix:
-        arch: [arm64-v8a, armeabi-v7a]
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v6
-        with:
-          show-progress: false
-          persist-credentials: false
-      - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # v31.9.1
-
-      - name: Build deltachat-rpc-server wheels
-        run: nix build .#deltachat-rpc-server-${{ matrix.arch }}-android-wheel
-
-      - name: Upload wheel
-        uses: actions/upload-artifact@v7
-        with:
-          name: deltachat-rpc-server-${{ matrix.arch }}-android-wheel
-          path: result/*.whl
-          if-no-files-found: error
-
  publish:
    name: Build wheels and upload binaries to the release
-    needs: ["build_linux", "build_linux_wheel", "build_windows", "build_windows_wheel", "build_macos", "build_android", "build_android_wheel"]
+    needs: ["build_linux", "build_windows", "build_macos"]
    environment:
      name: pypi
      url: https://pypi.org/p/deltachat-rpc-server
@@ -204,132 +132,78 @@ jobs:
      contents: write
    runs-on: "ubuntu-latest"
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # v31.9.1
+      - uses: cachix/install-nix-action@fd24c48048070c1be9acd18c9d369a83f0fe94d7 # v31

      - name: Download Linux aarch64 binary
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v6
        with:
          name: deltachat-rpc-server-aarch64-linux
          path: deltachat-rpc-server-aarch64-linux.d

-      - name: Download Linux aarch64 wheel
-        uses: actions/download-artifact@v7
-        with:
-          name: deltachat-rpc-server-aarch64-linux-wheel
-          path: deltachat-rpc-server-aarch64-linux-wheel.d
-
      - name: Download Linux armv7l binary
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v6
        with:
          name: deltachat-rpc-server-armv7l-linux
          path: deltachat-rpc-server-armv7l-linux.d

-      - name: Download Linux armv7l wheel
-        uses: actions/download-artifact@v7
-        with:
-          name: deltachat-rpc-server-armv7l-linux-wheel
-          path: deltachat-rpc-server-armv7l-linux-wheel.d
-
      - name: Download Linux armv6l binary
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v6
        with:
          name: deltachat-rpc-server-armv6l-linux
          path: deltachat-rpc-server-armv6l-linux.d

-      - name: Download Linux armv6l wheel
-        uses: actions/download-artifact@v7
-        with:
-          name: deltachat-rpc-server-armv6l-linux-wheel
-          path: deltachat-rpc-server-armv6l-linux-wheel.d
-
      - name: Download Linux i686 binary
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v6
        with:
          name: deltachat-rpc-server-i686-linux
          path: deltachat-rpc-server-i686-linux.d

-      - name: Download Linux i686 wheel
-        uses: actions/download-artifact@v7
-        with:
-          name: deltachat-rpc-server-i686-linux-wheel
-          path: deltachat-rpc-server-i686-linux-wheel.d
-
      - name: Download Linux x86_64 binary
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v6
        with:
          name: deltachat-rpc-server-x86_64-linux
          path: deltachat-rpc-server-x86_64-linux.d

-      - name: Download Linux x86_64 wheel
-        uses: actions/download-artifact@v7
-        with:
-          name: deltachat-rpc-server-x86_64-linux-wheel
-          path: deltachat-rpc-server-x86_64-linux-wheel.d
-
      - name: Download Win32 binary
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v6
        with:
          name: deltachat-rpc-server-win32
          path: deltachat-rpc-server-win32.d

-      - name: Download Win32 wheel
-        uses: actions/download-artifact@v7
-        with:
-          name: deltachat-rpc-server-win32-wheel
-          path: deltachat-rpc-server-win32-wheel.d
-
      - name: Download Win64 binary
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v6
        with:
          name: deltachat-rpc-server-win64
          path: deltachat-rpc-server-win64.d

-      - name: Download Win64 wheel
-        uses: actions/download-artifact@v7
-        with:
-          name: deltachat-rpc-server-win64-wheel
-          path: deltachat-rpc-server-win64-wheel.d
-
      - name: Download macOS binary for x86_64
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v6
        with:
          name: deltachat-rpc-server-x86_64-macos
          path: deltachat-rpc-server-x86_64-macos.d

      - name: Download macOS binary for aarch64
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v6
        with:
          name: deltachat-rpc-server-aarch64-macos
          path: deltachat-rpc-server-aarch64-macos.d

      - name: Download Android binary for arm64-v8a
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v6
        with:
          name: deltachat-rpc-server-arm64-v8a-android
          path: deltachat-rpc-server-arm64-v8a-android.d

-      - name: Download Android wheel for arm64-v8a
-        uses: actions/download-artifact@v7
-        with:
-          name: deltachat-rpc-server-arm64-v8a-android-wheel
-          path: deltachat-rpc-server-arm64-v8a-android-wheel.d
-
      - name: Download Android binary for armeabi-v7a
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v6
        with:
          name: deltachat-rpc-server-armeabi-v7a-android
          path: deltachat-rpc-server-armeabi-v7a-android.d

-      - name: Download Android wheel for armeabi-v7a
-        uses: actions/download-artifact@v7
-        with:
-          name: deltachat-rpc-server-armeabi-v7a-android-wheel
-          path: deltachat-rpc-server-armeabi-v7a-android-wheel.d
-
      - name: Create bin/ directory
        run: |
          mkdir -p bin
@@ -348,21 +222,38 @@ jobs:
      - name: List binaries
        run: ls -l bin/

+      # Python 3.11 is needed for tomllib used in scripts/wheel-rpc-server.py
+      - name: Install python 3.12
+        uses: actions/setup-python@v6
+        with:
+          python-version: 3.12
+
      - name: Install wheel
        run: pip install wheel

-      - name: Build deltachat-rpc-server Python wheels
+      - name: Build deltachat-rpc-server Python wheels and source package
        run: |
          mkdir -p dist
-          mv deltachat-rpc-server-aarch64-linux-wheel.d/*.whl dist/
-          mv deltachat-rpc-server-armv7l-linux-wheel.d/*.whl dist/
-          mv deltachat-rpc-server-armv6l-linux-wheel.d/*.whl dist/
-          mv deltachat-rpc-server-i686-linux-wheel.d/*.whl dist/
-          mv deltachat-rpc-server-x86_64-linux-wheel.d/*.whl dist/
-          mv deltachat-rpc-server-win64-wheel.d/*.whl dist/
-          mv deltachat-rpc-server-win32-wheel.d/*.whl dist/
-          mv deltachat-rpc-server-arm64-v8a-android-wheel.d/*.whl dist/
-          mv deltachat-rpc-server-armeabi-v7a-android-wheel.d/*.whl dist/
+          nix build .#deltachat-rpc-server-x86_64-linux-wheel
+          cp result/*.whl dist/
+          nix build .#deltachat-rpc-server-armv7l-linux-wheel
+          cp result/*.whl dist/
+          nix build .#deltachat-rpc-server-armv6l-linux-wheel
+          cp result/*.whl dist/
+          nix build .#deltachat-rpc-server-aarch64-linux-wheel
+          cp result/*.whl dist/
+          nix build .#deltachat-rpc-server-i686-linux-wheel
+          cp result/*.whl dist/
+          nix build .#deltachat-rpc-server-win64-wheel
+          cp result/*.whl dist/
+          nix build .#deltachat-rpc-server-win32-wheel
+          cp result/*.whl dist/
+          nix build .#deltachat-rpc-server-arm64-v8a-android-wheel
+          cp result/*.whl dist/
+          nix build .#deltachat-rpc-server-armeabi-v7a-android-wheel
+          cp result/*.whl dist/
+          nix build .#deltachat-rpc-server-source
+          cp result/*.tar.gz dist/
          python3 scripts/wheel-rpc-server.py x86_64-darwin bin/deltachat-rpc-server-x86_64-macos
          python3 scripts/wheel-rpc-server.py aarch64-darwin bin/deltachat-rpc-server-aarch64-macos
          mv *.whl dist/
@@ -380,24 +271,21 @@ jobs:
            --repo ${{ github.repository }} \
            bin/* dist/*

-      - name: Publish deltachat-rpc-server to PyPI
+      - name: Publish deltachat-rpc-client to PyPI
        if: github.event_name == 'release'
-        uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e
+        uses: pypa/gh-action-pypi-publish@release/v1

  publish_npm_package:
    name: Build & Publish npm prebuilds and deltachat-rpc-server
    needs: ["build_linux", "build_windows", "build_macos"]
    runs-on: "ubuntu-latest"
-    environment:
-      name: npm-stdio-rpc-server
-      url: https://www.npmjs.com/package/@deltachat/stdio-rpc-server
    permissions:
      id-token: write

      # Needed to publish the binaries to the release.
      contents: write
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
@@ -406,67 +294,67 @@ jobs:
          python-version: "3.11"

      - name: Download Linux aarch64 binary
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v6
        with:
          name: deltachat-rpc-server-aarch64-linux
          path: deltachat-rpc-server-aarch64-linux.d

      - name: Download Linux armv7l binary
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v6
        with:
          name: deltachat-rpc-server-armv7l-linux
          path: deltachat-rpc-server-armv7l-linux.d

      - name: Download Linux armv6l binary
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v6
        with:
          name: deltachat-rpc-server-armv6l-linux
          path: deltachat-rpc-server-armv6l-linux.d

      - name: Download Linux i686 binary
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v6
        with:
          name: deltachat-rpc-server-i686-linux
          path: deltachat-rpc-server-i686-linux.d

      - name: Download Linux x86_64 binary
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v6
        with:
          name: deltachat-rpc-server-x86_64-linux
          path: deltachat-rpc-server-x86_64-linux.d

      - name: Download Win32 binary
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v6
        with:
          name: deltachat-rpc-server-win32
          path: deltachat-rpc-server-win32.d

      - name: Download Win64 binary
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v6
        with:
          name: deltachat-rpc-server-win64
          path: deltachat-rpc-server-win64.d

      - name: Download macOS binary for x86_64
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v6
        with:
          name: deltachat-rpc-server-x86_64-macos
          path: deltachat-rpc-server-x86_64-macos.d

      - name: Download macOS binary for aarch64
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v6
        with:
          name: deltachat-rpc-server-aarch64-macos
          path: deltachat-rpc-server-aarch64-macos.d

      - name: Download Android binary for arm64-v8a
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v6
        with:
          name: deltachat-rpc-server-arm64-v8a-android
          path: deltachat-rpc-server-arm64-v8a-android.d

      - name: Download Android binary for armeabi-v7a
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v6
        with:
          name: deltachat-rpc-server-armeabi-v7a-android
          path: deltachat-rpc-server-armeabi-v7a-android.d
@@ -496,7 +384,7 @@ jobs:
          ls -lah

      - name: Upload to artifacts
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@v5
        with:
          name: deltachat-rpc-server-npm-package
          path: deltachat-rpc-server/npm-package/*.tgz
@@ -518,14 +406,11 @@ jobs:
          node-version: 20
          registry-url: "https://registry.npmjs.org"

-      # Ensure npm 11.5.1 or later is installed.
-      # It is needed for <https://docs.npmjs.com/trusted-publishers>
-      - name: Update npm
-        run: npm install -g npm@latest
-
      - name: Publish npm packets for prebuilds and `@deltachat/stdio-rpc-server`
        if: github.event_name == 'release'
        working-directory: deltachat-rpc-server/npm-package
        run: |
          ls -lah platform_package
          for platform in *.tgz; do npm publish --provenance "$platform" --access public; done
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
--- a/.github/workflows/dependabot.yml
+++ b/.github/workflows/dependabot.yml
@@ -10,7 +10,7 @@ permissions:
 jobs:
  dependabot:
    runs-on: ubuntu-latest
-    if: github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == github.event.pull_request.head.repo.full_name
+    if: ${{ github.actor == 'dependabot[bot]' }}
    steps:
      - name: Dependabot metadata
        id: metadata
--- a/.github/workflows/jsonrpc-client-npm-package.yml
+++ b/.github/workflows/jsonrpc-client-npm-package.yml
@@ -10,14 +10,11 @@ jobs:
  pack-module:
    name: "Publish @deltachat/jsonrpc-client"
    runs-on: ubuntu-latest
-    environment:
-      name: npm-jsonrpc-client
-      url: https://www.npmjs.com/package/@deltachat/jsonrpc-client
    permissions:
      id-token: write
      contents: read
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
@@ -27,11 +24,6 @@ jobs:
          node-version: 20
          registry-url: "https://registry.npmjs.org"

-      # Ensure npm 11.5.1 or later is installed.
-      # It is needed for <https://docs.npmjs.com/trusted-publishers>
-      - name: Update npm
-        run: npm install -g npm@latest
-
      - name: Install dependencies without running scripts
        working-directory: deltachat-jsonrpc/typescript
        run: npm install --ignore-scripts
@@ -45,3 +37,5 @@ jobs:
      - name: Publish
        working-directory: deltachat-jsonrpc/typescript
        run: npm publish --provenance deltachat-jsonrpc-client-* --access public
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
--- a/.github/workflows/jsonrpc.yml
+++ b/.github/workflows/jsonrpc.yml
@@ -16,7 +16,7 @@ jobs:
  build_and_test:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
@@ -25,7 +25,7 @@ jobs:
        with:
          node-version: 18.x
      - name: Add Rust cache
-        uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5
+        uses: Swatinem/rust-cache@v2
      - name: npm install
        working-directory: deltachat-jsonrpc/typescript
        run: npm install
--- a/.github/workflows/nix.yml
+++ b/.github/workflows/nix.yml
@@ -21,11 +21,11 @@ jobs:
    name: check flake formatting
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # v31.9.1
+      - uses: cachix/install-nix-action@fd24c48048070c1be9acd18c9d369a83f0fe94d7 # v31
      - run: nix fmt flake.nix -- --check

  build:
@@ -80,11 +80,11 @@ jobs:
          #- deltachat-rpc-server-x86_64-android
          #- deltachat-rpc-server-x86-android
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # v31.9.1
+      - uses: cachix/install-nix-action@fd24c48048070c1be9acd18c9d369a83f0fe94d7 # v31
      - run: nix build .#${{ matrix.installable }}

  build-macos:
@@ -101,9 +101,9 @@ jobs:
          # because of <https://github.com/NixOS/nixpkgs/issues/413910>.
          # - deltachat-rpc-server-aarch64-darwin
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # v31.9.1
+      - uses: cachix/install-nix-action@fd24c48048070c1be9acd18c9d369a83f0fe94d7 # v31
      - run: nix build .#${{ matrix.installable }}
--- a/.github/workflows/publish-deltachat-rpc-client-pypi.yml
+++ b/.github/workflows/publish-deltachat-rpc-client-pypi.yml
@@ -13,7 +13,7 @@ jobs:
    runs-on: ubuntu-latest

    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
@@ -23,7 +23,7 @@ jobs:
        working-directory: deltachat-rpc-client
        run: python3 -m build
      - name: Store the distribution packages
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@v5
        with:
          name: python-package-distributions
          path: deltachat-rpc-client/dist/
@@ -42,9 +42,9 @@ jobs:

    steps:
      - name: Download all the dists
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v6
        with:
          name: python-package-distributions
          path: dist/
      - name: Publish deltachat-rpc-client to PyPI
-        uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e
+        uses: pypa/gh-action-pypi-publish@release/v1
--- a/.github/workflows/repl.yml
+++ b/.github/workflows/repl.yml
@@ -14,15 +14,15 @@ jobs:
    name: Build REPL example
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # v31.9.1
+      - uses: cachix/install-nix-action@fd24c48048070c1be9acd18c9d369a83f0fe94d7 # v31
      - name: Build
        run: nix build .#deltachat-repl-win64
      - name: Upload binary
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@v5
        with:
          name: repl.exe
          path: "result/bin/deltachat-repl.exe"
--- a/.github/workflows/upload-docs.yml
+++ b/.github/workflows/upload-docs.yml
@@ -1,21 +1,19 @@
-name: Build & deploy documentation on rs.delta.chat, c.delta.chat, py.delta.chat and cffi.delta.chat
+name: Build & deploy documentation on rs.delta.chat, c.delta.chat, and py.delta.chat

 on:
  push:
    branches:
      - main
+      - build_jsonrpc_docs_ci

 permissions: {}

 jobs:
  build-rs:
    runs-on: ubuntu-latest
-    environment:
-      name: rs.delta.chat
-      url: https://rs.delta.chat/

    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
@@ -25,66 +23,56 @@ jobs:
      - name: Upload to rs.delta.chat
        run: |
          mkdir -p "$HOME/.ssh"
-          echo "${{ secrets.RS_DOCS_SSH_KEY }}" > "$HOME/.ssh/key"
+          echo "${{ secrets.KEY }}" > "$HOME/.ssh/key"
          chmod 600 "$HOME/.ssh/key"
-          rsync -avzh -e "ssh -i $HOME/.ssh/key -o StrictHostKeyChecking=no" $GITHUB_WORKSPACE/target/doc "${{ secrets.RS_DOCS_SSH_USER }}@rs.delta.chat:/var/www/html/rs.delta.chat/"
+          rsync -avzh -e "ssh -i $HOME/.ssh/key -o StrictHostKeyChecking=no" $GITHUB_WORKSPACE/target/doc "${{ secrets.USERNAME }}@rs.delta.chat:/var/www/html/rs/"

  build-python:
    runs-on: ubuntu-latest
-    environment:
-      name: py.delta.chat
-      url: https://py.delta.chat/

    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
          fetch-depth: 0 # Fetch history to calculate VCS version number.
-      - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # v31.9.1
+      - uses: cachix/install-nix-action@fd24c48048070c1be9acd18c9d369a83f0fe94d7 # v31
      - name: Build Python documentation
        run: nix build .#python-docs
      - name: Upload to py.delta.chat
        run: |
          mkdir -p "$HOME/.ssh"
-          echo "${{ secrets.PY_DOCS_SSH_KEY }}" > "$HOME/.ssh/key"
+          echo "${{ secrets.CODESPEAK_KEY }}" > "$HOME/.ssh/key"
          chmod 600 "$HOME/.ssh/key"
-          rsync -avzh --delete -e "ssh -i $HOME/.ssh/key -o StrictHostKeyChecking=no" $GITHUB_WORKSPACE/result/html/ "${{ secrets.PY_DOCS_SSH_USER }}@py.delta.chat:/var/www/html/py.delta.chat"
+          rsync -avzh -e "ssh -i $HOME/.ssh/key -o StrictHostKeyChecking=no" $GITHUB_WORKSPACE/result/html/ "delta@py.delta.chat:/home/delta/build/master"

  build-c:
    runs-on: ubuntu-latest
-    environment:
-      name: c.delta.chat
-      url: https://c.delta.chat/

    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
          fetch-depth: 0 # Fetch history to calculate VCS version number.
-      - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # v31.9.1
+      - uses: cachix/install-nix-action@fd24c48048070c1be9acd18c9d369a83f0fe94d7 # v31
      - name: Build C documentation
        run: nix build .#docs
      - name: Upload to c.delta.chat
        run: |
          mkdir -p "$HOME/.ssh"
-          echo "${{ secrets.C_DOCS_SSH_KEY }}" > "$HOME/.ssh/key"
+          echo "${{ secrets.CODESPEAK_KEY }}" > "$HOME/.ssh/key"
          chmod 600 "$HOME/.ssh/key"
-          rsync -avzh --delete -e "ssh -i $HOME/.ssh/key -o StrictHostKeyChecking=no" $GITHUB_WORKSPACE/result/html/ "${{ secrets.C_DOCS_SSH_USER }}@c.delta.chat:/var/www/html/c.delta.chat"
+          rsync -avzh -e "ssh -i $HOME/.ssh/key -o StrictHostKeyChecking=no" $GITHUB_WORKSPACE/result/html/ "delta@c.delta.chat:/home/delta/build-c/master"

  build-ts:
    runs-on: ubuntu-latest
-    environment:
-      name: js.jsonrpc.delta.chat
-      url: https://js.jsonrpc.delta.chat/
-
    defaults:
      run:
        working-directory: ./deltachat-jsonrpc/typescript

    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
@@ -102,27 +90,6 @@ jobs:
      - name: Upload to js.jsonrpc.delta.chat
        run: |
          mkdir -p "$HOME/.ssh"
-          echo "${{ secrets.JS_JSONRPC_DOCS_SSH_KEY }}" > "$HOME/.ssh/key"
+          echo "${{ secrets.KEY }}" > "$HOME/.ssh/key"
          chmod 600 "$HOME/.ssh/key"
-          rsync -avzh --delete -e "ssh -i $HOME/.ssh/key -o StrictHostKeyChecking=no" $GITHUB_WORKSPACE/deltachat-jsonrpc/typescript/docs/ "${{ secrets.JS_JSONRPC_DOCS_SSH_USER }}@js.jsonrpc.delta.chat:/var/www/html/js.jsonrpc.delta.chat/"
-
-  build-cffi:
-    runs-on: ubuntu-latest
-    environment:
-      name: cffi.delta.chat
-      url: https://cffi.delta.chat/
-
-    steps:
-      - uses: actions/checkout@v6
-        with:
-          show-progress: false
-          persist-credentials: false
-      - name: Build the documentation with cargo
-        run: |
-          cargo doc --package deltachat_ffi --no-deps
-      - name: Upload to cffi.delta.chat
-        run: |
-          mkdir -p "$HOME/.ssh"
-          echo "${{ secrets.CFFI_DOCS_SSH_KEY }}" > "$HOME/.ssh/key"
-          chmod 600 "$HOME/.ssh/key"
-          rsync -avzh --delete -e "ssh -i $HOME/.ssh/key -o StrictHostKeyChecking=no" $GITHUB_WORKSPACE/target/doc/ "${{ secrets.CFFI_DOCS_SSH_USER }}@delta.chat:/var/www/html/cffi.delta.chat/"
+          rsync -avzh -e "ssh -i $HOME/.ssh/key -o StrictHostKeyChecking=no" $GITHUB_WORKSPACE/deltachat-jsonrpc/typescript/docs/ "${{ secrets.USERNAME }}@js.jsonrpc.delta.chat:/var/www/html/js-jsonrpc/"
--- a/.github/workflows/upload-ffi-docs.yml
+++ b/.github/workflows/upload-ffi-docs.yml
@@ -0,0 +1,31 @@
+# GitHub Actions workflow
+# to build `deltachat_ffi` crate documentation
+# and upload it to <https://cffi.delta.chat/>
+
+name: Build & Deploy Documentation on cffi.delta.chat
+
+on:
+  push:
+    branches:
+      - main
+
+permissions: {}
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v5
+        with:
+          show-progress: false
+          persist-credentials: false
+      - name: Build the documentation with cargo
+        run: |
+          cargo doc --package deltachat_ffi --no-deps
+      - name: Upload to cffi.delta.chat
+        run: |
+          mkdir -p "$HOME/.ssh"
+          echo "${{ secrets.KEY }}" > "$HOME/.ssh/key"
+          chmod 600 "$HOME/.ssh/key"
+          rsync -avzh -e "ssh -i $HOME/.ssh/key -o StrictHostKeyChecking=no" $GITHUB_WORKSPACE/target/doc/ "${{ secrets.USERNAME }}@delta.chat:/var/www/html/cffi/"
--- a/.github/workflows/zizmor-scan.yml
+++ b/.github/workflows/zizmor-scan.yml
@@ -6,21 +6,26 @@ on:
  pull_request:
    branches: ["**"]

-permissions: {}
-
 jobs:
  zizmor:
-    name: Run zizmor
+    name: zizmor latest via PyPI
    runs-on: ubuntu-latest
    permissions:
-      security-events: write # Required for upload-sarif (used by zizmor-action) to upload SARIF files.
-      contents: read
-      actions: read
+      security-events: write
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
        with:
          persist-credentials: false

+      - name: Install the latest version of uv
+        uses: astral-sh/setup-uv@85856786d1ce8acfbcc2f13a5f3fbd6b938f9f41
+
      - name: Run zizmor
-        uses: zizmorcore/zizmor-action@71321a20a9ded102f6e9ce5718a2fcec2c4f70d8 # v0.5.2
+        run: uvx zizmor --format sarif . > results.sarif
+
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v4
+        with:
+          sarif_file: results.sarif
+          category: zizmor
--- a/.github/zizmor.yml
+++ b/.github/zizmor.yml
@@ -1,6 +0,0 @@
-rules:
-  unpinned-uses:
-    config:
-      policies:
-        actions/*: ref-pin
-        dependabot/*: ref-pin
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,881 +1,5 @@
 # Changelog

-## [2.48.0] - 2026-03-30
-
-### Fixes
-
- Fix reordering problems in multi-relay setups by not sorting received messages below the last seen one.
- Always sort "Messages are end-to-end encrypted" notice to the beginning.
- Make Message-ID of pre-messages stable across resends ([#8007](https://github.com/chatmail/core/pull/8007)).
- Delete `imap_markseen` entries not corresponding to any `imap` rows.
- Cleanup `imap` and `imap_sync` records without transport in housekeeping.
- When receiving MDN, mark all preceding messages as noticed, even having same timestamp ([#7928](https://github.com/chatmail/core/pull/7928)).
- Remove migration 108 preventing upgrades from core 1.86.0 to the latest version.
-
-### Features / Changes
-
- Improve IMAP loop logs.
- Add decryption error to the device message about outgoing message decryption failure.
- Log received message sort timestamp.
-
-### Performance
-
- Move sorting outside of SQL query in `store_seen_flags_on_imap`.
-
-### API-Changes
-
- Add JSON-RPC API `markfresh_chat()`.
- ffi: Correctly declare `dc_event_channel_new()` as having no params ([#7831](https://github.com/chatmail/core/pull/7831)).
-
-### Refactor
-
- Remove `wal_checkpoint_mutex`, lock `write_mutex` before getting sql connection instead.
- Replace async `RwLock` with sync `RwLock` for stock strings.
- Cleanup remaining Autocrypt Setup Message processing in `mimeparser`.
- SecureJoin: do not check for self address in forwarding protection.
- Fix clippy warnings.
-
-### CI
-
- Update {c,py}.delta.chat website deployments.
- Use environments for {rs,cffi,js.jsonrpc}.delta.chat deployments.
- Fix https://docs.zizmor.sh/audits/#bot-conditions.
-
-### Documentation
-
- Add SQL performance tips to STYLE.md.
-
-### Tests
-
- Remove `test_old_message_5`.
- Do not rely on loading newest chat in `load_imf_email()`.
- Use `load_imf_email()` more.
- The message is sorted correctly in the chat even if it arrives late.
-
-### Miscellaneous Tasks
-
- cargo: update rustls-webpki to 0.103.10.
-
-## [2.47.0] - 2026-03-24
-
-### Fixes
-
- Don't fall into infinite loop if the folder is missing ([#8021](https://github.com/chatmail/core/pull/8021)).
- Delete `available_post_msgs` row if the message is already downloaded.
- Delete `available_post_msgs` row if there is no corresponding IMAP entry.
- Make newlines work in chat descriptions ([#8012](https://github.com/chatmail/core/pull/8012)).
-
-### Features / Changes
-
- use SEIPDv2 if all recipients support it.
-
-### Documentation
-
- Add shadowsocks spec to standards.md.
- Document Header Confidentiality Policy.
- `deltachat_rpc_client`: make sphinx documentation display method parameters.
- Remove `draft/aeap-mvp.md` which is superseded by key-contacts and multi-relay.
-
-### Refactor
-
- Remove code to send messages without intended recipient fingerprint.
-
-### Tests
-
- Make `add_or_lookup_contact_id_no_key` public.
-
-### Miscellaneous Tasks
-
- cargo: bump sdp from 0.10.0 to 0.17.1.
- Add RUSTSEC-2026-0049 exception to deny.toml.
-
-## [2.46.0] - 2026-03-19
-
-### API-Changes
-
- [**breaking**] remove functions for sending and receiving Autocrypt Setup Message.
- Add `list_transports_ex()` and `set_transport_unpublished()` functions.
- Add API `dc_markfresh_chat` to mark messages as "fresh".
-
-### Features / Changes
-
- add `IncomingCallAccepted.from_this_device`.
- decode `dcaccount://` URLs and error out on empty URLs early.
- enable anonymous OpenPGP key IDs.
- tls: do not verify TLS certificates for hostnames starting with `_`.
-
-### Fixes
-
- Mark call message as seen when accepting/declining a call ([#7842](https://github.com/chatmail/core/pull/7842)).
- do not send MDNs for hidden messages.
- call sync_all() instead of sync_data() when writing accounts.toml.
- fsync() the rename() of accounts.toml.
- count recipients by Intended Recipient Fingerprints.
-
-### Miscellaneous Tasks
-
- deps: bump zizmorcore/zizmor-action from 0.5.0 to 0.5.2.
- cargo: bump astral-tokio-tar from 0.5.6 to 0.6.0.
- deps: bump actions/upload-artifact from 6 to 7.
- cargo: bump blake3 from 1.8.2 to 1.8.3.
- add constant_time_eq 0.3.1 to deny.toml.
-
-### Refactor
-
- use re-exported rustls::pki_types.
- import tokio_rustls::rustls.
- Move transport_tests to their own file.
-
-### Tests
-
- Shift time even more in flaky test_sync_broadcast_and_send_message.
- test markfresh_chat()
-
-## [2.45.0] - 2026-03-14
-
-### API-Changes
-
- JSON-RPC: add `createQrSvg` ([#7949](https://github.com/chatmail/core/pull/7949)).
-
-### Features / Changes
-
- Do not read own public key from the database.
- Securejoin v3, encrypt all securejoin messages ([#7754](https://github.com/chatmail/core/pull/7754)).
- Domain separation between securejoin auth tokens and broadcast channel secrets ([#7981](https://github.com/chatmail/core/pull/7981)).
- Merge OpenPGP certificates and distribute relays in them.
- Advertise SEIPDv2 feature for new keys.
- Don't depend on cleartext `Chat-Version`, `In-Reply-To`, and `References` headers for `prefetch_should_download` ([#7932](https://github.com/chatmail/core/pull/7932)).
- Don't send unencrypted `In-Reply-To` and `References` headers ([#7935](https://github.com/chatmail/core/pull/7935)).
- Don't send unencrypted `Auto-Submitted` header ([#7938](https://github.com/chatmail/core/pull/7938)).
- Remove QR code tokens sync compatibility code.
- Mutex to prevent fetching from multiple IMAP servers at the same time.
- Add support to gif stickers ([#7941](https://github.com/chatmail/core/pull/7941))
-
-### Fixes
-
- Fix the deadlock by adding a mutex around `wal_checkpoint()`.
- Do not run more than one housekeeping at a time.
- ffi: don't steal Arc in `dc_jsonrpc_init` ([#7962](https://github.com/chatmail/core/pull/7962)).
- Handle the case that the user starts a securejoin, and then deletes the contact ([#7883](https://github.com/chatmail/core/pull/7883)).
- Do not trash pre-message if it is received twice.
- Set `is_chatmail` during initial configuration.
- vCard: Improve property value escaping ([#7931](https://github.com/chatmail/core/pull/7931)).
- Percent-decode the address in `dclogin://` URLs.
- Make broadcast owner and subscriber hidden contacts for each other ([#7856](https://github.com/chatmail/core/pull/7856)).
- Set proper placeholder texts for system messages ([#7953](https://github.com/chatmail/core/pull/7953)).
- Add "member added" messages to `OutBroadcast` when executing `SetPgpContacts` sync message ([#7952](https://github.com/chatmail/core/pull/7952)).
- Correct channel system messages ([#7959](https://github.com/chatmail/core/pull/7959)).
- Drop messages encrypted with the wrong symmetric secret ([#7963](https://github.com/chatmail/core/pull/7963)).
- Fix debug assert message incorrectly talking about past members in the current member branch.
- Update device chats at the end of configuration.
- `deltachat_rpc_client`: make `@futuremethod` decorator keep method metadata.
- Use the correct chat description stock string again ([#7939](https://github.com/chatmail/core/pull/7939)).
- Use correct string for encryption info.
-
-### CI
-
- Update Rust to 1.94.0.
- Allow non-hash references for `actions/*` and `dependabot/*`.
- update zizmor workflow to use zizmorcore/zizmor-action.
-
-### Documentation
-
- update `store_self_keypair()` documentation.
- Fix documentation for membership change stock strings ([#7944](https://github.com/chatmail/core/pull/7944)).
- use correct define for 'description changed' info message.
-
-### Refactor
-
- Un-resultify `KeyPair::new()`.
- Remove `KeyPair` type.
- pgp: do not use legacy key ID except for IssuerKeyId subpacket.
- `use super::*` in qr::dclogin_scheme.
- Move WAL checkpointing into `sql::pool` submodule.
- Order self addresses by addition timestamp.
-
-### Tests
-
- Remove arbitrary timeouts from `test_4_lowlevel.py`.
- Fix flaky `test_qr_securejoin_broadcast` ([#7937](https://github.com/chatmail/core/pull/7937)).
- Work around `test_sync_broadcast_and_send_message` flakiness.
-
-### Miscellaneous Tasks
-
- bump version to 2.44.0-dev.
- cargo: bump futures from 0.3.31 to 0.3.32.
- cargo: bump quick-xml from 0.39.0 to 0.39.2.
- cargo: bump criterion from 0.8.1 to 0.8.2.
- cargo: bump tempfile from 3.24.0 to 3.25.0.
- cargo: bump async-imap from 0.11.1 to 0.11.2.
- cargo: bump regex from 1.12.2 to 1.12.3.
- cargo: bump hyper-util from 0.1.19 to 0.1.20.
- cargo: bump anyhow from 1.0.100 to 1.0.102.
- cargo: bump syn from 2.0.114 to 2.0.117.
- cargo: bump proptest from 1.9.0 to 1.10.0.
- cargo: bump strum from 0.27.2 to 0.28.0.
- cargo: bump strum_macros from 0.27.2 to 0.28.0.
- cargo: bump quinn-proto from 0.11.9 to 0.11.14.
-
-## [2.44.0] - 2026-02-27
-
-### Build system
-
- git-cliff: do not capitalize the first letter of commit message.
-
-### Documentation
-
- RELEASE.md: add section about dealing with antivirus false positives.
-
-### Features / Changes
-
- improve logging of connection failures.
- add backup versions to the importing error message.
- add context to message loading failures.
- Add 📱 to all webxdc summaries ([#7790](https://github.com/chatmail/core/pull/7790)).
- Send webxdc name instead of raw file name in pre-messages. Display it in summary ([#7790](https://github.com/chatmail/core/pull/7790)).
- rpc: add startup health-check and propagate server errors.
-
-### Fixes
-
- imex: do not call `set_config` before running SQL migrations ([#7851](https://github.com/chatmail/core/pull/7851)).
- add missing group description strings to cffi.
- chat-description-changed text in old clients ([#7870](https://github.com/chatmail/core/pull/7870)).
- add cffi type for "Description changed" info message.
- If there was no chat description, and it's set to be an empty string, don't send out a "chat description changed" message ([#7879](https://github.com/chatmail/core/pull/7879)).
- Make clicking on broadcast member-added messages work always ([#7882](https://github.com/chatmail/core/pull/7882)).
- tolerate empty existing directory in Accounts::new() ([#7886](https://github.com/chatmail/core/pull/7886)).
- If importing a backup fails, delete the partially-imported profile ([#7885](https://github.com/chatmail/core/pull/7885)).
- Don't generate new timestamp for re-sent messages ([#7889](https://github.com/chatmail/core/pull/7889)).
-
-### Miscellaneous Tasks
-
- cargo: update async-native-tls from 0.5.0 to 0.6.0.
- add dev-version bump instructions to RELEASE.md (bumping to 2.44.0-dev).
- deps: bump cachix/install-nix-action from 31.9.0 to 31.9.1.
-
-### Performance
-
- batched event reception.
-
-### Refactor
-
- enable clippy::arithmetic_side_effects lint.
- imex: check for overflow when adding blob size.
- http: saturating addition to calculate cache expiration timestamp.
- Move migrations to the end of the file ([#7895](https://github.com/chatmail/core/pull/7895)).
- do not chain Autocrypt key verification to parsing.
-
-### Tests
-
- fail fast when CHATMAIL_DOMAIN is unset.
-
-## [2.43.0] - 2026-02-17
-
-### Features / Changes
-
- Group and broadcast channel descriptions ([#7829](https://github.com/chatmail/core/pull/7829)).
-
-### Fixes
-
- Assign iroh gossip topic to pre-message when post-message is received.
-
-### Miscellaneous Tasks
-
- Update fast-socks5 to version 1.0.
- cargo: Update keccak from 0.1.5 to 0.1.6.
- deps: Bump astral-sh/setup-uv from 7.1.6 to 7.3.0.
-
-### Performance
-
- Use recv_direct() instead of recv() on the event channel.
-
-### Refactor
-
- Enable `clippy::manual_is_variant_and`.
-
-### Tests
-
- Fix flaky `test_transport_synchronization` ([#7850](https://github.com/chatmail/core/pull/7850)).
-
-## [2.42.0] - 2026-02-10
-
-### Fixes
-
- Set `mvbox_move` to '0' explicitly for existing chatmail profiles.
-  It's needed to prevent device message about deprecated `mvbox_move` option from appearing in chatmail profiles.
-
-### Features / Changes
-
- Do not scan not watched folders.
-
-### Miscellaneous Tasks
-
- Update rPGP from 0.18.0 to 0.19.0.
- cargo: Bump quick-xml from 0.38.4 to 0.39.0.
-
-### Tests
-
- Remove test_dont_show_emails.
-
-### Other
-
- Fix typo in CHANGELOG for marknoticed_all_chats.
-
-## [2.41.0] - 2026-02-06
-
-### Features / Changes
-
- Do not require `ShowEmails` to be set to `All` for adding second relay.
- Use different strings for audio and video calls.
-
-### Fixes
-
- Don't set download state to Failure if message is available on another Session's transport ([#7684](https://github.com/chatmail/core/pull/7684)).
- Make use of call stock strings.
-
-### Miscellaneous Tasks
-
- cargo: Bump `time` from 0.3.37 to 0.3.47.
-
-## [2.40.0] - 2026-02-04
-
-### Features / Changes
-
- Receive_imf: Log reasoning for chat assignment.
- Use more fitting encryption info message.
- Send Intended Recipient Fingerprint subpackets.
- Trash messages with intended recipient fingerprints, but w/o our one included.
- Do not collect email addresses from messages after configuration.
- Add device message about legacy `mvbox_move`.
- Never create IMAP folders.
- Make summary for pre-messages look like summary for fully downloaded messages ([#7775](https://github.com/chatmail/core/pull/7775)).
- Don't call `BlobObject::create_and_deduplicate()` when forwarding message to the same account.
- Allow clients to specify whether a call has video initially or not ([#7740](https://github.com/chatmail/core/pull/7740)).
- Do not load more than one own key from the keychain.
-
-### Fixes
-
- Cross-account forwarding of a message which `has_html()` ([#7791](https://github.com/chatmail/core/pull/7791)).
- Make self-contact a key-contact even if key isn't generated yet.
- `apply_group_changes()`: Check whether From is key-contact.
- Don't add SELF to unencrypted chat created from encrypted message ([#7661](https://github.com/chatmail/core/pull/7661)).
- Don't upscale images and test that image resolution isn't changed unnecessarily ([#7769](https://github.com/chatmail/core/pull/7769)).
- Restart i/o when there are new transports in a sync message ([#7640](https://github.com/chatmail/core/pull/7640)).
- `add_or_lookup_key_contacts*()`: Advance fingerprint_iter on invalid address.
- `receive_imf`: Look up key contact by intended recipient fingerprint ([#7661](https://github.com/chatmail/core/pull/7661)).
- Remove `Config::DeleteToTrash` and `Config::ConfiguredTrashFolder`.
-
-### API-Changes
-
- jsonrpc(python): Process events forever by default.
-
-### CI
-
- Make scripts/deny.sh test the locked version of dependencies.
-
-### Refactor
-
- Remove unneeded dbg! statements ([#7776](https://github.com/chatmail/core/pull/7776)).
- Remove unused Context.is_inbox().
- Rename lookup_key_contacts_by_address_list() to lookup_key_contacts_fallback_to_chat().
- Mark `ProviderOptions` as `non_exhaustive`.
-
-### Miscellaneous Tasks
-
- Update provider database.
- cargo: Update `bytes` from 1.11.0 to 1.11.1.
- cargo: Bump tokio from 1.48.0 to 1.49.0.
- cargo: Bump tokio-util from 0.7.17 to 0.7.18.
- cargo: Bump libc from 0.2.178 to 0.2.180.
- cargo: Bump quote from 1.0.42 to 1.0.44.
- cargo: Bump syn from 2.0.111 to 2.0.114.
- cargo: Bump human-panic from 2.0.4 to 2.0.6.
- cargo: Bump chrono from 0.4.42 to 0.4.43.
- cargo: Bump data-encoding from 2.9.0 to 2.10.0.
- cargo: Bump colorutils-rs from 0.7.5 to 0.7.6.
- Update provider database.
- cargo: Bump thiserror from 2.0.17 to 2.0.18.
- deps: Bump EmbarkStudios/cargo-deny-action from 2.0.14 to 2.0.15.
- Remove RUSTSEC-2026-0002 exception from deny.toml.
- cargo: Bump tokio-stream from 0.1.17 to 0.1.18.
- cargo: Bump toml from 0.9.10+spec-1.1.0 to 0.9.11+spec-1.1.0.
- cargo: Bump serde_json from 1.0.148 to 1.0.149.
- cargo: Bump uuid from 1.19.0 to 1.20.0.
- cargo: Bump rustls-pki-types from 1.13.2 to 1.14.0.
- cargo: Bump tracing-subscriber from 0.3.20 to 0.3.22.
-
-### Tests
-
- 2nd device receives message via new primary transport.
- Make `test_dont_move_sync_msgs` less flaky.
- Encrypted incoming message goes to encrypted 1:1 chat even if references messages in ad-hoc group.
- Message in blocked chat arrives as InSeen.
- Set `mvbox_move` to 0 for test rust accounts.
-
-## [2.39.0] - 2026-01-23
-
-### CI
-
- Update Rust to 1.93.0.
-
-### Documentation
-
- RELEASE.md: Push preparation commit to the main branch before tagging.
- RELEASE.md: Add section about dealing with failed releases.
-
-### Fixes
-
- Forward message with file ([#7755](https://github.com/chatmail/core/pull/7755)).
- Do not additionally reduce the resolution of images that fit into the resolution-limit and are larger than the file-size-limit ([#7760](https://github.com/chatmail/core/pull/7760)).
-
-### Miscellaneous Tasks
-
- Merge v2.38.0 into main branch.
- Cleanup deprecated functions/defines ([#7763](https://github.com/chatmail/core/pull/7763)).
-
-## [2.38.0] - 2026-01-22
-
-### API-Changes
-
- [**breaking**] Jsonrpc: remove `contacts` from `FullChat`. To migrate load contacts on demand via `get_contacts_by_ids` using `FullChat.contactIds` ([#7282](https://github.com/chatmail/core/pull/7282)).
- jsonrpc: Add run_until parameter for bots ([#7688](https://github.com/chatmail/core/pull/7688)).
- rust, jsonrpc: Add `get_message_read_receipt_count` method ([#7732](https://github.com/chatmail/core/pull/7732)).
- rust and jsonrpc: Marknoticed_all_chats method to mark all chats as noticed, including muted ones. ([#7709](https://github.com/chatmail/core/pull/7709)).
- Public re-export of Connectivity ([#7737](https://github.com/chatmail/core/pull/7737)).
-
-### Documentation
-
- Fix chat types.
- Set_config_from_qr() configures context for "DCACCOUNT:" and "DCLOGIN:" QRs ([#7450](https://github.com/chatmail/core/pull/7450)).
- Fix formatting of `indoc!` link.
-
-### Features / Changes
-
- Pre-messages / next version of download on demand ([#7371](https://github.com/chatmail/core/pull/7371)).
- Connectivity view: move quota up and combine with IMAP state. ([#7653](https://github.com/chatmail/core/pull/7653)).
- Execute sync message before checking for primary transport update.
- Disable partial search by contact address.
- Don't put text into post-message ([#7714](https://github.com/chatmail/core/pull/7714)).
- Don't scale up Origin of multiple and broadcast recipients when sending a message.
- pgp: Use preferred hash algorithm for signing instead of hardcoded SHA256.
- In teamprofiles, don't mark chat as read on outgoing message ([#7717](https://github.com/chatmail/core/pull/7717)).
- Send and apply MDNs to self ([#7005](https://github.com/chatmail/core/pull/7005))
-
-### Fixes
-
- Do not show contact address in message info ([#7695](https://github.com/chatmail/core/pull/7695)).
- Take transport_id into account when marking messages with \Seen flags.
- Send bcc-self messages to all own relays ([#7656](https://github.com/chatmail/core/pull/7656)).
- Only emit TransportsModified if transports are really modified.
- Logging errors in deltachat-rpc-server during startup ([#7707](https://github.com/chatmail/core/pull/7707)).
- Use only lowercase letters for stats id ([#7700](https://github.com/chatmail/core/pull/7700)).
- Hide incoming broadcasts in `DC_GCL_FOR_FORWARDING` ([#7726](https://github.com/chatmail/core/pull/7726)).
- Do not resolve ICE server hostnames during IMAP loop.
- More reliable parsing of `dclogin:` links with ip address as host ([#7734](https://github.com/chatmail/core/pull/7734)).
- Don't remember old channel members in the database ([#7716](https://github.com/chatmail/core/pull/7716)).
- Make it possible to leave and immediately delete a chat ([#7744](https://github.com/chatmail/core/pull/7744)).
- Emit MsgsChanged instead of MsgsNoticed on self-MDN if chat still has fresh messages.
- Prevent possible infinite loop with invalid `smtp` row ([#7746](https://github.com/chatmail/core/pull/7746)).
- Sync broadcast subscribers list ([#7578](https://github.com/chatmail/core/pull/7578))
-
-### Refactor
-
- Don't use `concat!` in sql statements ([#7720](https://github.com/chatmail/core/pull/7720)).
-
-### Tests
-
- Port test_dont_move_sync_msgs to JSON-RPC ([#7676](https://github.com/chatmail/core/pull/7676)).
- rpc-client: Replace remaining print()s with `logging` ([#6082](https://github.com/chatmail/core/pull/6082)).
-
-## [2.37.0] - 2026-01-08
-
-### API-Changes
-
- JSON-RPC API `get_all_ui_config_keys` to get all "ui.*" config keys ([#7579](https://github.com/chatmail/core/pull/7579)).
- Add `who_can_call_me` config option.
- cffi api to create account manager with existing events channel to see events emitted during startup. `dc_event_channel_new`, `dc_event_channel_unref`, `dc_event_channel_get_event_emitter` and `dc_accounts_new_with_event_channel` ([#7609](https://github.com/chatmail/core/pull/7609)).
-
-### Features / Changes
-
- Config option to skip seen synchronization ([#7694](https://github.com/chatmail/core/pull/7694)).
- More text instead of sender in channel summary.
-
-### Fixes
-
- Do not rely on Secure-Join header to detect {vc,vg}-request.
-
-### Documentation
-
- Update instructions to UI where to display the address.
-
-### Miscellaneous Tasks
-
- cargo: bump rsa from 0.9.9 to 0.9.10.
- Update lru 0.12.3 to 0.12.5 and add RUSTSEC-2026-0002 exception.
-
-### Refactor
-
- ffi: Replace implicit drop in cffi with explicit `drop(Arc::from_raw(var))` ([#7664](https://github.com/chatmail/core/pull/7664)).
-
-### Tests
-
- Regression test for vc-request encrypted by the server.
- Test that channel summary does not have sender name.
-
-## [2.36.0] - 2026-01-03
-
-### CI
-
- Pin GitHub Action references.
-
-### API-Changes
-
- Add transports event to FFI.
-
-### Features / Changes
-
- Add core version to `receive_imf` failure message.
- Connectivity view: quota for all transports ([#7630](https://github.com/chatmail/core/pull/7630)).
- Send sync messages over SMTP and do not move them to mvbox.
-
-### Fixes
-
- When accepting group, add members with `Origin::IncomingTo` and sort them down in the contact list (7592).
- Update fallback welcome message.
- `inner_configure`: Check Config::OnlyFetchMvbox before MvboxMove for multi-transport ([#7637](https://github.com/chatmail/core/pull/7637)).
- Reset options not available for chatmail on chatmail profiles.
- Don't send webxdc notification for `notify: "*"` when chat is muted ([#7658](https://github.com/chatmail/core/pull/7658)).
-
-### Documentation
-
- `delete_chat()`: don't lie that messages aren't deleted from server.
- Remove references to removed `sentbox_watch` config.
- Update documentation for `TransportsModified` event.
-
-### Tests
-
- Contact list after accepting group with unknown contacts ([#7592](https://github.com/chatmail/core/pull/7592)).
- Port test_import_export_online_all to JSON-RPC ([#7411](https://github.com/chatmail/core/pull/7411)).
-
-### Refactor
-
- Turn `DC_VERSION_STR` into `&str`.
- ffi: Remove one pointer indirection for `dc_accounts_t`.
-
-### Miscellaneous Tasks
-
- deps: Bump actions/download-artifact from 6 to 7.
- deps: Bump actions/upload-artifact from 5 to 6.
- deps: Bump astral-sh/setup-uv from 7.1.4 to 7.1.6.
- deps: Bump cachix/install-nix-action from 31.8.4 to 31.9.0.
- cargo: Bump serde_json from 1.0.145 to 1.0.147.
- cargo: Bump uuid from 1.18.1 to 1.19.0.
- cargo: Bump toml from 0.9.8 to 0.9.10+spec-1.1.0.
- cargo: Bump tempfile from 3.23.0 to 3.24.0.
- cargo: Bump libc from 0.2.177 to 0.2.178.
- cargo: Bump tracing from 0.1.41 to 0.1.44.
- cargo: Bump hyper-util from 0.1.18 to 0.1.19.
- cargo: Bump log from 0.4.28 to 0.4.29.
- cargo: Bump rustls-pki-types from 1.13.0 to 1.13.2.
- cargo: Bump criterion from 0.7.0 to 0.8.1.
-
-## [2.35.0] - 2025-12-16
-
-### API-Changes
-
- Add blob dir size to storage info ([#7605](https://github.com/chatmail/core/pull/7605)).
-
-### Features / Changes
-
- Use `turn.delta.chat` as fallback TURN server ([#7382](https://github.com/chatmail/core/pull/7382)).
- Add ip addresses of known public chatmail relays from https://chatmail.at/relays to DNS cache ([#7607](https://github.com/chatmail/core/pull/7607)).
- Improve error messages on adding relays.
- Add transport addresses to IMAP URLs in message info.
- `lookup_host_with_cache()`: Don't return empty address list ([#7596](https://github.com/chatmail/core/pull/7596)).
-
-### Fixes
-
- `get_chat_msgs_ex()`: Don't match on "S=" (Cmd) in param payload.
- Remove `SecurejoinWait` info message when received Alice's key ([#7585](https://github.com/chatmail/core/pull/7585)).
- Do not set normalized name for existing chats and contacts in a migration.
- Remove now redundant "used_account_settings" and "entered_account_settings" from `Context.get_info()` ([#7587](https://github.com/chatmail/core/pull/7587)).
- Don't use fallback servers if got TURN servers from IMAP METADATA.
- Use fallback ICE servers if server can't IMAP METADATA ([#7382](https://github.com/chatmail/core/pull/7382)).
- Add explicit limit for adding relays (5 at the moment) ([#7611](https://github.com/chatmail/core/pull/7611)).
- Take `transport_id` into account when using `imap` table.
-
-### CI
-
- Update Rust to 1.92.0.
-
-### Miscellaneous Tasks
-
- Apply Rust 1.92.0 clippy suggestions.
-
-### Other
-
- Log entered login params and actual used params on configuration failure ([#7610](https://github.com/chatmail/core/pull/7610)).
-
-## [2.34.0] - 2025-12-11
-
-### API-Changes
-
- rpc-client: Accept `Account` for `Chat.{add,remove}_contact()`.
- rpc-client: Add `Chat.num_contacts()`.
- Forwarding messages to another profile ([#7491](https://github.com/chatmail/core/pull/7491)).
-
-### Features / Changes
-
- Double ringing time to 120 seconds.
- Better logging for failing securejoin messages ([#7593](https://github.com/chatmail/core/pull/7593)).
- Add multi-transport information to `Context.get_info` ([#7583](https://github.com/chatmail/core/pull/7583))
-
-### Fixes
-
- Multi-transport: all transports were shown as "inbox" in connectivity view, now they are shown by their hostname ([#7582](https://github.com/chatmail/core/pull/7582)).
- Multi-transport: Synchronize primary transport immediately after changing it.
- Use u64 instead of usize to calculate storage usage.
- Use u64 to represent the number of bytes in backup files.
- Use u64 to count the number of bytes sent/received over the network.
- Use logging macros instead of emitting event directly, so that it is also logged by tracing ([#7459](https://github.com/chatmail/core/pull/7459)).
- Let securejoin succeed even if the chat was deleted in the meantime ([#7594](https://github.com/chatmail/core/pull/7594)).
-
-### Miscellaneous Tasks
-
- Add RUSTSEC-2025-0134 exception to deny.toml.
-
-### Refactor
-
- Use u16 instead of usize to represent progress bar.
- Remove EncryptHelper.prefer_encrypt.
- Add params when forwarding message instead of removing unneeded ones.
-
-### Tests
-
- Port test_synchronize_member_list_on_group_rejoin to JSON-RPC.
- Test setting up second device between core versions.
-
-## [2.33.0] - 2025-12-05
-
-### Features / Changes
-
- Case-insensitive search for non-ASCII chat and contact names ([#7477](https://github.com/chatmail/core/pull/7477)).
-
-### Fixes
-
- Recognize all transport addresses as own addresses.
-
-## [2.32.0] - 2025-12-04
-
-Version bump to trigger publishing of npm prebuilds
-that failed to be published for 2.31.0 due to not configured "trusted publishers".
-
-### Features / Changes
-
- `lookup_or_create_adhoc_group()`: Add context to SQL errors ([#7554](https://github.com/chatmail/core/pull/7554)).
-
-## [2.31.0] - 2025-12-04
-
-### CI
-
- Update npm before publishing packages.
-
-### Features / Changes
-
- Use v2 SEIPD when sending messages to self.
-
-## [2.30.0] - 2025-12-04
-
-### Features / Changes
-
- Disable SNI for STARTTLS ([#7499](https://github.com/chatmail/core/pull/7499)).
- Introduce cross-core testing along with improvements to test frameworking.
- Synchronize transports via sync messages.
-
-### Fixes
-
- Fix shutdown shortly after call.
-
-### API-Changes
-
- Add `TransportsModified` event (for tests).
-
-### CI
-
- Use "trusted publishing" for NPM packages.
-
-### Miscellaneous Tasks
-
- deps: Bump actions/checkout from 5 to 6.
- cargo: Bump syn from 2.0.110 to 2.0.111.
- deps: Bump astral-sh/setup-uv from 7.1.3 to 7.1.4.
- cargo: Bump sdp from 0.8.0 to 0.10.0.
- Remove two outdated todo comments ([#7550](https://github.com/chatmail/core/pull/7550)).
-
-## [2.29.0] - 2025-12-01
-
-### API-Changes
-
- deltachat-rpc-client: Add Message.exists().
-
-### Features / Changes
-
- [**breaking**] Increase backup version from 3 to 4.
- Hide `To` header in encrypted messages.
- `deltachat_rpc_client.Rpc` accepts `rpc_server_path` for using a particular deltachat-rpc-server ([#7493](https://github.com/chatmail/core/pull/7493)).
- Don't send `Chat-Group-Avatar` header in unencrypted groups.
- Don't update `self-{avatar,status}` from received messages ([#7002](https://github.com/chatmail/core/pull/7002)).
-
-### Fixes
-
- `CREATE INDEX imap_only_rfc724_mid ON imap(rfc724_mid)` ([#7490](https://github.com/chatmail/core/pull/7490)).
- Use the same webxdc ratelimit for all email servers.
- Handle the case when account does not exist in `get_existing_msg_ids()`.
- Don't send self-avatar in unencrypted messages ([#7136](https://github.com/chatmail/core/pull/7136)).
- Do not configure folders during transport configuration.
- Upload sync messages only with the primary transport.
- Do not use deprecated ConfiguredProvider in get_configured_provider.
-
-### Build system
-
- Make scripts for remote testing usable.
- Increase minimum supported Python version to 3.10.
- Use SPDX license expression in Python package metadata.
-
-### CI
-
- Set timeout-minutes for all jobs in ci.yaml workflow.
- Do not install Python manually to bulid RPC server wheels.
- Do not build fake RPC server source packages.
- Build Python wheels in separate jobs.
-
-### Refactor
-
- [**breaking**] Remove some unneeded stock strings ([#7496](https://github.com/chatmail/core/pull/7496)).
- Strike events in rpc-client request handling, get result from queue.
- Use ConfiguredProvider config directly when loading legacy settings.
- Remove update_icons and disable_server_delete migrations.
- Use `SYMMETRIC_KEY_ALGORITHM` constant in `symm_encrypt_message()`.
- Make signing key non-optional for `pk_encrypt`.
-
-### Tests
-
- `test_remove_member_bcc`: Test unencrypted group as it was initially.
-
-### Miscellaneous Tasks
-
- deps: Bump cachix/install-nix-action from 31.8.1 to 31.8.4.
- cargo: Bump hyper from 1.7.0 to 1.8.1.
- cargo: Bump human-panic from 2.0.3 to 2.0.4.
- cargo: Bump hyper-util from 0.1.17 to 0.1.18.
- cargo: Bump rusqlite from 0.36.0 to 0.37.0.
- cargo: Bump tokio-util from 0.7.16 to 0.7.17.
- cargo: Bump toml from 0.9.7 to 0.9.8.
- cargo: Bump proptest from 1.8.0 to 1.9.0.
- cargo: Bump parking_lot from 0.12.4 to 0.12.5.
- cargo: Bump syn from 2.0.106 to 2.0.110.
- cargo: Bump quick-xml from 0.38.3 to 0.38.4.
- cargo: Bump rustls-pki-types from 1.12.0 to 1.13.0.
- cargo: Bump nu-ansi-term from 0.50.1 to 0.50.3.
- cargo: Bump sanitize-filename from 0.5.0 to 0.6.0.
- cargo: Bump quote from 1.0.41 to 1.0.42.
- cargo: Bump libc from 0.2.176 to 0.2.177.
- cargo: Bump bytes from 1.10.1 to 1.11.0.
- cargo: Bump image from 0.25.8 to 0.25.9.
- cargo: Bump rand from 0.9.0 to 0.9.2 ([#7501](https://github.com/chatmail/core/pull/7501)).
- cargo: Bump tokio from 1.45.1 to 1.48.0.
-
-## [2.28.0] - 2025-11-23
-
-### API-Changes
-
- New API `get_existing_msg_ids()` to check if the messages with given IDs exist.
- Add API to get storage usage information. (JSON-RPC method: `get_storage_usage_report_string`) ([#7486](https://github.com/chatmail/core/pull/7486)).
-
-### Features / Changes
-
- Experimentaly allow adding second transport.
-  There is no synchronization yet, so UIs should not allow the user to change the address manually and only expose the ability to add transports if `bcc_self` is disabled.
- Default `bcc_self` to 0 for all new accounts.
- Rephrase "Establishing end-to-end encryption" -> "Establishing connection".
- Stock string for joining a channel ([#7480](https://github.com/chatmail/core/pull/7480)).
-
-### Fixes
-
- Limit the range of `Date` to up to 6 days in the past.
- `ContactId::set_name_ex()`: Emit ContactsChanged when transaction is completed.
- Set SQLite busy timeout to 1 minute on iOS.
- Sort system messages to the bottom of the chat.
- Assign outgoing self-sent unencrypted messages to ad-hoc groups with only SELF ([#7409](https://github.com/chatmail/core/pull/7409)).
- Add missing stock strings.
- Look up or create ad-hoc group if there are duplicate addresses in "To".
-
-### Documentation
-
- Add missing RFC 9788, link 'Header Protection for Cryptographically Protected Email' as other RFC.
- Remove unsupported RFC 3503 (`$MDNSent` flag) from the list of standards.
- Mark database encryption support as deprecated ([#7403](https://github.com/chatmail/core/pull/7403)).
-
-### Build system
-
- Increase Minimum Supported Rust Version to 1.88.0.
- Update rPGP from 0.17.0 to 0.18.0.
- nix: Update `fenix` and use it for all Rust builds.
-
-### CI
-
- Do not use --encoding option for rst-lint.
-
-### Refactor
-
- Use `HashMap::extract_if()` stabilized in Rust 1.88.0.
- Remove some easy to remove unwrap() calls.
-
-### Tests
-
- Contact shalln't be verified by another having unknown verifier.
-
-## [2.27.0] - 2025-11-16
-
-### API-Changes
-
- Add APIs to stop background fetch.
- [**breaking**]: rename JSON-RPC method accounts_background_fetch() into background_fetch()
- rpc-client: Add APIs for background fetch.
- rpc-client: Add Account.wait_for_msg().
- Deprecate deletion timer string for '1 Minute'.
-
-### Features / Changes
-
- Implement RFC 9788 (Header Protection for Cryptographically Protected Email) ([#7130](https://github.com/chatmail/core/pull/7130)).
- Tweak initial info-message for unencrypted chats ([#7427](https://github.com/chatmail/core/pull/7427)).
- Add Contact::get_or_gen_color. Use it in CFFI and JSON-RPC to avoid gray self-color ([#7374](https://github.com/chatmail/core/pull/7374)).
- [**breaking**] Withdraw broadcast invites. Add Qr::WithdrawJoinBroadcast and Qr::ReviveJoinBroadcast QR code types. ([#7439](https://github.com/chatmail/core/pull/7439)).
-
-### Fixes
-
- Set `get_max_smtp_rcpt_to` for chatmail to the actual limit of 1000 instead of unlimited. ([#7432](https://github.com/chatmail/core/pull/7432)).
- Always set bcc_self on backup import/export.
- Escape connectivity HTML.
- Send webm as file, it is not supported by all UI.
-
-### Build system
-
- nix: Exclude CONTRIBUTING.md from the source files.
-
-### Refactor
-
- Use wait_for_incoming_msg() in more tests.
-
-### Tests
-
- Fix flaky test_send_receive_locations.
- Port folder-related CFFI tests to JSON-RPC.
- HP-Outer headers are added to messages with standard Header Protection ([#7130](https://github.com/chatmail/core/pull/7130)).
- rpc-client: Test_qr_securejoin_broadcast: Wait for incoming message before getting chatlist ([#7442](https://github.com/chatmail/core/pull/7442)).
- Add pytest fixture for account manager.
- Test background_fetch() and stop_background_fetch().
-
 ## [2.26.0] - 2025-11-11

 ### API-Changes
@@ -8019,25 +7143,3 @@ https://github.com/chatmail/core/pulls?q=is%3Apr+is%3Aclosed
 [2.24.0]: https://github.com/chatmail/core/compare/v2.23.0..v2.24.0
 [2.25.0]: https://github.com/chatmail/core/compare/v2.24.0..v2.25.0
 [2.26.0]: https://github.com/chatmail/core/compare/v2.25.0..v2.26.0
-[2.27.0]: https://github.com/chatmail/core/compare/v2.26.0..v2.27.0
-[2.28.0]: https://github.com/chatmail/core/compare/v2.27.0..v2.28.0
-[2.29.0]: https://github.com/chatmail/core/compare/v2.28.0..v2.29.0
-[2.30.0]: https://github.com/chatmail/core/compare/v2.29.0..v2.30.0
-[2.31.0]: https://github.com/chatmail/core/compare/v2.30.0..v2.31.0
-[2.32.0]: https://github.com/chatmail/core/compare/v2.31.0..v2.32.0
-[2.33.0]: https://github.com/chatmail/core/compare/v2.32.0..v2.33.0
-[2.34.0]: https://github.com/chatmail/core/compare/v2.33.0..v2.34.0
-[2.35.0]: https://github.com/chatmail/core/compare/v2.34.0..v2.35.0
-[2.36.0]: https://github.com/chatmail/core/compare/v2.35.0..v2.36.0
-[2.37.0]: https://github.com/chatmail/core/compare/v2.36.0..v2.37.0
-[2.38.0]: https://github.com/chatmail/core/compare/v2.37.0..v2.38.0
-[2.39.0]: https://github.com/chatmail/core/compare/v2.38.0..v2.39.0
-[2.40.0]: https://github.com/chatmail/core/compare/v2.39.0..v2.40.0
-[2.41.0]: https://github.com/chatmail/core/compare/v2.40.0..v2.41.0
-[2.42.0]: https://github.com/chatmail/core/compare/v2.41.0..v2.42.0
-[2.43.0]: https://github.com/chatmail/core/compare/v2.42.0..v2.43.0
-[2.44.0]: https://github.com/chatmail/core/compare/v2.43.0..v2.44.0
-[2.45.0]: https://github.com/chatmail/core/compare/v2.44.0..v2.45.0
-[2.46.0]: https://github.com/chatmail/core/compare/v2.45.0..v2.46.0
-[2.47.0]: https://github.com/chatmail/core/compare/v2.46.0..v2.47.0
-[2.48.0]: https://github.com/chatmail/core/compare/v2.47.0..v2.48.0
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -1,4 +1,4 @@
-# Contributing to chatmail core
+# Contributing to Delta Chat

 ## Bug reports

--- a/Cargo.lock
+++ b/Cargo.lock
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,9 +1,9 @@
 [package]
 name = "deltachat"
-version = "2.48.0"
+version = "2.26.0"
 edition = "2024"
 license = "MPL-2.0"
-rust-version = "1.88"
+rust-version = "1.85"
 repository = "https://github.com/chatmail/core"

 [profile.dev]
@@ -45,7 +45,7 @@ anyhow = { workspace = true }
 async-broadcast = "0.7.2"
 async-channel = { workspace = true }
 async-imap = { version = "0.11.1", default-features = false, features = ["runtime-tokio", "compress"] }
-async-native-tls = { version = "0.6", default-features = false, features = ["runtime-tokio"] }
+async-native-tls = { version = "0.5", default-features = false, features = ["runtime-tokio"] }
 async-smtp = { version = "0.10.2", default-features = false, features = ["runtime-tokio"] }
 async_zip = { version = "0.0.18", default-features = false, features = ["deflate", "tokio-fs"] }
 base64 = { workspace = true }
@@ -56,7 +56,7 @@ chrono = { workspace = true, features = ["alloc", "clock", "std"] }
 colorutils-rs = { version = "0.7.5", default-features = false }
 data-encoding = "2.9.0"
 escaper = "0.1"
-fast-socks5 = "1"
+fast-socks5 = "0.10"
 fd-lock = "4"
 futures-lite = { workspace = true }
 futures = { workspace = true }
@@ -78,16 +78,17 @@ num-derive = "0.4"
 num-traits = { workspace = true }
 parking_lot = "0.12.4"
 percent-encoding = "2.3"
-pgp = { version = "0.19.0", default-features = false }
+pgp = { version = "0.17.0", default-features = false }
 pin-project = "1"
 qrcodegen = "1.7.0"
-quick-xml = { version = "0.39", features = ["escape-html"] }
+quick-xml = { version = "0.38", features = ["escape-html"] }
 rand-old = { package = "rand", version = "0.8" }
 rand = { workspace = true }
 regex = { workspace = true }
 rusqlite = { workspace = true, features = ["sqlcipher"] }
+rustls-pki-types = "1.12.0"
 sanitize-filename = { workspace = true }
-sdp = "0.17.1"
+sdp = "0.8.0"
 serde_json = { workspace = true }
 serde_urlencoded = "0.7.1"
 serde = { workspace = true, features = ["derive"] }
@@ -95,27 +96,26 @@ sha-1 = "0.10"
 sha2 = "0.10"
 shadowsocks = { version = "1.23.1", default-features = false, features = ["aead-cipher", "aead-cipher-2022"] }
 smallvec = "1.15.1"
-strum = "0.28"
-strum_macros = "0.28"
+strum = "0.27"
+strum_macros = "0.27"
 tagger = "4.3.4"
 textwrap = "0.16.2"
 thiserror = { workspace = true }
 tokio-io-timeout = "1.2.1"
 tokio-rustls = { version = "0.26.2", default-features = false }
 tokio-stream = { version = "0.1.17", features = ["fs"] }
-astral-tokio-tar = { version = "0.6", default-features = false }
+astral-tokio-tar = { version = "0.5.6", default-features = false }
 tokio-util = { workspace = true }
 tokio = { workspace = true, features = ["fs", "rt-multi-thread", "macros"] }
 toml = "0.9"
 tracing = "0.1.41"
 url = "2"
 uuid = { version = "1", features = ["serde", "v4"] }
-walkdir = "2.5.0"
 webpki-roots = "0.26.8"

 [dev-dependencies]
 anyhow = { workspace = true, features = ["backtrace"] } # Enable `backtrace` feature in tests.
-criterion = { version = "0.8.1", features = ["async_tokio"] }
+criterion = { version = "0.7.0", features = ["async_tokio"] }
 futures-lite = { workspace = true }
 log = { workspace = true }
 nu-ansi-term = { workspace = true }
@@ -181,11 +181,11 @@ harness = false
 anyhow = "1"
 async-channel = "2.5.0"
 base64 = "0.22"
-chrono = { version = "0.4.44", default-features = false }
+chrono = { version = "0.4.42", default-features = false }
 deltachat-contact-tools = { path = "deltachat-contact-tools" }
 deltachat-jsonrpc = { path = "deltachat-jsonrpc", default-features = false }
 deltachat = { path = ".", default-features = false }
-futures = "0.3.32"
+futures = "0.3.31"
 futures-lite = "2.6.1"
 libc = "0.2"
 log = "0.4"
@@ -193,15 +193,15 @@ mailparse = "0.16.1"
 nu-ansi-term = "0.50"
 num-traits = "0.2"
 rand = "0.9"
-regex = "1.12"
-rusqlite = "0.37"
-sanitize-filename = "0.6"
+regex = "1.10"
+rusqlite = "0.36"
+sanitize-filename = "0.5"
 serde = "1.0"
 serde_json = "1"
-tempfile = "3.27.0"
+tempfile = "3.23.0"
 thiserror = "2"
 tokio = "1"
-tokio-util = "0.7.18"
+tokio-util = "0.7.16"
 tracing-subscriber = "0.3"
 yerpc = "0.6.4"

--- a/RELEASE.md
+++ b/RELEASE.md
@@ -1,4 +1,4 @@
-# Releasing a new version of chatmail core
+# Releasing a new version of DeltaChat core

 For example, to release version 1.116.0 of the core, do the following steps.

@@ -14,55 +14,8 @@ For example, to release version 1.116.0 of the core, do the following steps.
 5. Commit the changes as `chore(release): prepare for 1.116.0`.
   Optionally, use a separate branch like `prep-1.116.0` for this commit and open a PR for review.

-6. Push the commit to the `main` branch.
+6. Tag the release: `git tag --annotate v1.116.0`.

-7. Once the commit is on the `main` branch and passed CI, tag the release: `git tag --annotate v1.116.0`.
+7. Push the release tag: `git push origin v1.116.0`.

-8. Push the release tag: `git push origin v1.116.0`.
-
-9. Create a GitHub release: `gh release create v1.116.0 --notes ''`.
-
-10. Update the version to the next development version:
-    `scripts/set_core_version.py 1.117.0-dev`.
-
-11. Commit and push the change:
-    `git commit -m "chore: bump version to 1.117.0-dev" && git push origin main`.
-
-12. Once the binaries are generated and [published](https://github.com/chatmail/core/releases),
-    check Windows binaries for false positive detections at [VirusTotal].
-    Either upload the binaries directly or submit a direct link to the artifact.
-    You can use [old browsers interface](https://www.virustotal.com/old-browsers/)
-    if there are problems with using the default website.
-    If you submit a direct link and get to the page saying
-    "No security vendors flagged this URL as malicious",
-    it does not mean that the file itself is not detected.
-    You need to go to the "details" tab
-    and click on the SHA-256 hash in the "Body SHA-256" section.
-    If any false positive is detected,
-    open an issue to track removing it.
-    See <https://github.com/chatmail/core/issues/7847>
-    for an example of false positive detection issue.
-    If there is a false positive "Microsoft" detection,
-    mark the issue as a blocker.
-
-[VirusTotal]: https://www.virustotal.com/
-
-## Dealing with antivirus false positives
-
-If Windows release is incorrectly detected by some antivirus, submit requests to remove detection.
-
-"Microsoft" antivirus is built in Windows and will break user setups so removing its detection should be highest priority.
-To submit false positive to Microsoft, go to <https://www.microsoft.com/en-us/wdsi/filesubmission> and select "Submit file as a ... Software developer" option.
-
-False positive contacts for other vendors can be found at <https://docs.virustotal.com/docs/false-positive-contacts>.
-Not all of them may be up to date, so check the links below first.
-Previously we successfully used the following contacts:
- [ESET-NOD32](mailto:samples@eset.com)
- [Symantec](https://symsubmit.symantec.com/)
-
-## Dealing with failed releases
-
-Once you make a GitHub release,
-CI will try to build and publish [PyPI](https://pypi.org/) and [npm](https://www.npmjs.com/) packages.
-If this fails for some reason, do not modify the failed tag, do not delete it and do not force-push to the `main` branch.
-Fix the build process and tag a new release instead.
+8. Create a GitHub release: `gh release create v1.116.0 --notes ''`.
--- a/STYLE.md
+++ b/STYLE.md
@@ -16,12 +16,11 @@ id INTEGER PRIMARY KEY AUTOINCREMENT,
 text TEXT DEFAULT '' NOT NULL -- message text
 ) STRICT",
    )
-    .await
-    .context("CREATE TABLE messages")?;
+    .await?;
 ```

 Do not use macros like [`concat!`](https://doc.rust-lang.org/std/macro.concat.html)
-or [`indoc!`](https://docs.rs/indoc).
+or [`indoc!](https://docs.rs/indoc).
 Do not escape newlines like this:
 ```
    sql.execute(
@@ -30,8 +29,7 @@ id INTEGER PRIMARY KEY AUTOINCREMENT, \
 text TEXT DEFAULT '' NOT NULL \
 ) STRICT",
    )
-    .await
-    .context("CREATE TABLE messages")?;
+    .await?;
 ```
 Escaping newlines
 is prone to errors like this if space before backslash is missing:
@@ -65,15 +63,6 @@ an older version. Also don't change the column type, consider adding a new colum
 instead. Finally, never change column semantics, this is especially dangerous because the `STRICT`
 keyword doesn't help here.

-Consider adding context to `anyhow` errors for SQL statements using `.context()` so that it's
-possible to understand from logs which statement failed. See [Errors](#errors) for more info.
-
-When changing complex SQL queries, test them on a new database with `EXPLAIN QUERY PLAN`
-to make sure that indexes are used and large tables are not going to be scanned.
-Never run `ANALYZE` on the databases,
-this makes query planner unpredictable
-and may make performance significantly worse: <https://github.com/chatmail/core/issues/6585>
-
 ## Errors

 Delta Chat core mostly uses [`anyhow`](https://docs.rs/anyhow/) errors.
--- a/benches/decrypting.rs
+++ b/benches/decrypting.rs
@@ -8,47 +8,43 @@
 //! cargo bench --bench decrypting --features="internals"
 //! ```
 //!
-//! or, if you want to only run e.g. the 'Decrypt and parse a symmetrically encrypted message' benchmark:
+//! or, if you want to only run e.g. the 'Decrypt a symmetrically encrypted message' benchmark:
 //!
 //! ```text
-//! cargo bench --bench decrypting --features="internals" -- 'Decrypt and parse a symmetrically encrypted message'
+//! cargo bench --bench decrypting --features="internals" -- 'Decrypt a symmetrically encrypted message'
 //! ```
 //!
-//! You can also pass a substring:
+//! You can also pass a substring.
+//! So, you can run all 'Decrypt and parse' benchmarks with:
 //!
 //! ```text
-//! cargo bench --bench decrypting --features="internals" -- 'symmetrically'
+//! cargo bench --bench decrypting --features="internals" -- 'Decrypt and parse'
 //! ```
 //!
 //! Symmetric decryption has to try out all known secrets,
 //! You can benchmark this by adapting the `NUM_SECRETS` variable.

 use std::hint::black_box;
-use std::sync::LazyLock;

 use criterion::{Criterion, criterion_group, criterion_main};
 use deltachat::internals_for_benches::create_broadcast_secret;
+use deltachat::internals_for_benches::create_dummy_keypair;
 use deltachat::internals_for_benches::save_broadcast_secret;
-use deltachat::securejoin::get_securejoin_qr;
 use deltachat::{
-    Events, chat::ChatId, config::Config, context::Context, internals_for_benches::key_from_asc,
-    internals_for_benches::parse_and_get_text, internals_for_benches::store_self_keypair,
+    Events,
+    chat::ChatId,
+    config::Config,
+    context::Context,
+    internals_for_benches::key_from_asc,
+    internals_for_benches::parse_and_get_text,
+    internals_for_benches::store_self_keypair,
+    pgp::{KeyPair, decrypt, pk_encrypt, symm_encrypt_message},
    stock_str::StockStrings,
 };
+use rand::{Rng, rng};
 use tempfile::tempdir;

-static NUM_BROADCAST_SECRETS: LazyLock<usize> = LazyLock::new(|| {
-    std::env::var("NUM_BROADCAST_SECRETS")
-        .unwrap_or("500".to_string())
-        .parse()
-        .unwrap()
-});
-static NUM_AUTH_TOKENS: LazyLock<usize> = LazyLock::new(|| {
-    std::env::var("NUM_AUTH_TOKENS")
-        .unwrap_or("5000".to_string())
-        .parse()
-        .unwrap()
-});
+const NUM_SECRETS: usize = 500;

 async fn create_context() -> Context {
    let dir = tempdir().unwrap();
@@ -62,7 +58,9 @@ async fn create_context() -> Context {
        .await
        .unwrap();
    let secret = key_from_asc(include_str!("../test-data/key/bob-secret.asc")).unwrap();
-    store_self_keypair(&context, &secret)
+    let public = secret.signed_public_key();
+    let key_pair = KeyPair { public, secret };
+    store_self_keypair(&context, &key_pair)
        .await
        .expect("Failed to save key");

@@ -72,6 +70,65 @@ async fn create_context() -> Context {
 fn criterion_benchmark(c: &mut Criterion) {
    let mut group = c.benchmark_group("Decrypt");

+    // ===========================================================================================
+    // Benchmarks for decryption only, without any other parsing
+    // ===========================================================================================
+
+    group.sample_size(10);
+
+    group.bench_function("Decrypt a symmetrically encrypted message", |b| {
+        let plain = generate_plaintext();
+        let secrets = generate_secrets();
+        let encrypted = tokio::runtime::Runtime::new().unwrap().block_on(async {
+            let secret = secrets[NUM_SECRETS / 2].clone();
+            symm_encrypt_message(
+                plain.clone(),
+                create_dummy_keypair("alice@example.org").unwrap().secret,
+                black_box(&secret),
+                true,
+            )
+            .await
+            .unwrap()
+        });
+
+        b.iter(|| {
+            let mut msg =
+                decrypt(encrypted.clone().into_bytes(), &[], black_box(&secrets)).unwrap();
+            let decrypted = msg.as_data_vec().unwrap();
+
+            assert_eq!(black_box(decrypted), plain);
+        });
+    });
+
+    group.bench_function("Decrypt a public-key encrypted message", |b| {
+        let plain = generate_plaintext();
+        let key_pair = create_dummy_keypair("alice@example.org").unwrap();
+        let secrets = generate_secrets();
+        let encrypted = tokio::runtime::Runtime::new().unwrap().block_on(async {
+            pk_encrypt(
+                plain.clone(),
+                vec![black_box(key_pair.public.clone())],
+                Some(key_pair.secret.clone()),
+                true,
+                true,
+            )
+            .await
+            .unwrap()
+        });
+
+        b.iter(|| {
+            let mut msg = decrypt(
+                encrypted.clone().into_bytes(),
+                std::slice::from_ref(&key_pair.secret),
+                black_box(&secrets),
+            )
+            .unwrap();
+            let decrypted = msg.as_data_vec().unwrap();
+
+            assert_eq!(black_box(decrypted), plain);
+        });
+    });
+
    // ===========================================================================================
    // Benchmarks for the whole parsing pipeline, incl. decryption (but excl. receive_imf())
    // ===========================================================================================
@@ -81,7 +138,7 @@ fn criterion_benchmark(c: &mut Criterion) {

    // "secret" is the shared secret that was used to encrypt text_symmetrically_encrypted.eml.
    // Put it into the middle of our secrets:
-    secrets[*NUM_BROADCAST_SECRETS / 2] = "secret".to_string();
+    secrets[NUM_SECRETS / 2] = "secret".to_string();

    let context = rt.block_on(async {
        let context = create_context().await;
@@ -90,10 +147,6 @@ fn criterion_benchmark(c: &mut Criterion) {
                .await
                .unwrap();
        }
-        for _i in 0..*NUM_AUTH_TOKENS {
-            get_securejoin_qr(&context, None).await.unwrap();
-        }
-        println!("NUM_AUTH_TOKENS={}", *NUM_AUTH_TOKENS);
        context
    });

@@ -107,7 +160,7 @@ fn criterion_benchmark(c: &mut Criterion) {
                )
                .await
                .unwrap();
-                assert_eq!(black_box(text), "Symmetrically encrypted message");
+                assert_eq!(text, "Symmetrically encrypted message");
            }
        });
    });
@@ -122,7 +175,7 @@ fn criterion_benchmark(c: &mut Criterion) {
                )
                .await
                .unwrap();
-                assert_eq!(black_box(text), "hi");
+                assert_eq!(text, "hi");
            }
        });
    });
@@ -131,12 +184,17 @@ fn criterion_benchmark(c: &mut Criterion) {
 }

 fn generate_secrets() -> Vec<String> {
-    let secrets: Vec<String> = (0..*NUM_BROADCAST_SECRETS)
+    let secrets: Vec<String> = (0..NUM_SECRETS)
        .map(|_| create_broadcast_secret())
        .collect();
-    println!("NUM_BROADCAST_SECRETS={}", *NUM_BROADCAST_SECRETS);
    secrets
 }

+fn generate_plaintext() -> Vec<u8> {
+    let mut plain: Vec<u8> = vec![0; 500];
+    rng().fill(&mut plain[..]);
+    plain
+}
+
 criterion_group!(benches, criterion_benchmark);
 criterion_main!(benches);
--- a/cliff.toml
+++ b/cliff.toml
@@ -66,7 +66,7 @@ body = """
    {% for commit in commits %}
        - {% if commit.breaking %}[**breaking**] {% endif %}\
 	{% if commit.scope %}{{ commit.scope }}: {% endif %}\
-	{{ commit.message }}.\
+	{{ commit.message | upper_first }}.\
 	{% if commit.footers is defined %}\
 	  {% for footer in commit.footers %}{% if 'BREAKING CHANGE' in footer.token %}
 	    {% raw %}  {% endraw %}- {{ footer.value }}\
--- a/deltachat-contact-tools/src/vcard.rs
+++ b/deltachat-contact-tools/src/vcard.rs
@@ -36,45 +36,6 @@ impl VcardContact {
    }
 }

-fn escape(s: &str) -> String {
-    // https://www.rfc-editor.org/rfc/rfc6350.html#section-3.4
-    s
-        // backslash must be first!
-        .replace(r"\", r"\\")
-        .replace(',', r"\,")
-        .replace(';', r"\;")
-        .replace('\n', r"\n")
-}
-
-fn unescape(s: &str) -> String {
-    // https://www.rfc-editor.org/rfc/rfc6350.html#section-3.4
-    let mut out = String::new();
-
-    let mut chars = s.chars();
-    while let Some(c) = chars.next() {
-        if c == '\\' {
-            if let Some(next) = chars.next() {
-                match next {
-                    '\\' | ',' | ';' => out.push(next),
-                    'n' | 'N' => out.push('\n'),
-                    _ => {
-                        // Invalid escape sequence (keep unchanged)
-                        out.push('\\');
-                        out.push(next);
-                    }
-                }
-            } else {
-                // Invalid escape sequence (keep unchanged)
-                out.push('\\');
-            }
-        } else {
-            out.push(c);
-        }
-    }
-
-    out
-}
-
 /// Returns a vCard containing given contacts.
 ///
 /// Calling [`parse_vcard()`] on the returned result is a reverse operation.
@@ -85,6 +46,10 @@ pub fn make_vcard(contacts: &[VcardContact]) -> String {
        Some(datetime.format("%Y%m%dT%H%M%SZ").to_string())
    }

+    fn escape(s: &str) -> String {
+        s.replace(',', "\\,")
+    }
+
    let mut res = "".to_string();
    for c in contacts {
        // Mustn't contain ',', but it's easier to escape than to error out.
@@ -159,7 +124,7 @@ pub fn parse_vcard(vcard: &str) -> Vec<VcardContact> {
    fn vcard_property<'a>(line: &'a str, property: &str) -> Option<(&'a str, String)> {
        let (params, value) = vcard_property_raw(line, property)?;
        // Some fields can't contain commas, but unescape them everywhere for safety.
-        Some((params, unescape(value)))
+        Some((params, value.replace("\\,", ",")))
    }
    fn base64_key(line: &str) -> Option<&str> {
        let (params, value) = vcard_property_raw(line, "key")?;
--- a/deltachat-contact-tools/src/vcard/vcard_tests.rs
+++ b/deltachat-contact-tools/src/vcard/vcard_tests.rs
@@ -91,7 +91,7 @@ fn test_make_and_parse_vcard() {
            authname: "Alice Wonderland".to_string(),
            key: Some("[base64-data]".to_string()),
            profile_image: Some("image in Base64".to_string()),
-            biography: Some("Hi,\nI'm Alice; and this is a backslash: \\".to_string()),
+            biography: Some("Hi, I'm Alice".to_string()),
            timestamp: Ok(1713465762),
        },
        VcardContact {
@@ -110,7 +110,7 @@ fn test_make_and_parse_vcard() {
             FN:Alice Wonderland\r\n\
             KEY:data:application/pgp-keys;base64\\,[base64-data]\r\n\
             PHOTO:data:image/jpeg;base64\\,image in Base64\r\n\
-             NOTE:Hi\\,\\nI'm Alice\\; and this is a backslash: \\\\\r\n\
+             NOTE:Hi\\, I'm Alice\r\n\
             REV:20240418T184242Z\r\n\
             END:VCARD\r\n",
        "BEGIN:VCARD\r\n\
@@ -276,14 +276,3 @@ END:VCARD",
    assert!(contacts[0].timestamp.is_err());
    assert_eq!(contacts[0].profile_image.as_ref().unwrap(), "/9aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/Z");
 }
-
-#[test]
-fn test_vcard_value_escape_unescape() {
-    let original = "Text, with; chars and a \\ and a newline\nand a literal newline \\n";
-    let expected_escaped = r"Text\, with\; chars and a \\ and a newline\nand a literal newline \\n";
-
-    let escaped = escape(original);
-    assert_eq!(escaped, expected_escaped);
-    let unescaped = unescape(&escaped);
-    assert_eq!(original, unescaped);
-}
--- a/deltachat-ffi/Cargo.toml
+++ b/deltachat-ffi/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "deltachat_ffi"
-version = "2.48.0"
+version = "2.26.0"
 description = "Deltachat FFI"
 edition = "2018"
 readme = "README.md"
--- a/deltachat-ffi/deltachat.h
+++ b/deltachat-ffi/deltachat.h
--- a/deltachat-ffi/src/lib.rs
+++ b/deltachat-ffi/src/lib.rs
@@ -15,10 +15,10 @@ use std::collections::BTreeMap;
 use std::convert::TryFrom;
 use std::fmt::Write;
 use std::future::Future;
-use std::mem::ManuallyDrop;
+use std::ops::Deref;
 use std::ptr;
 use std::str::FromStr;
-use std::sync::{Arc, LazyLock, Mutex};
+use std::sync::{Arc, LazyLock};
 use std::time::{Duration, SystemTime};

 use anyhow::Context as _;
@@ -306,17 +306,20 @@ pub unsafe extern "C" fn dc_set_stock_translation(
    let msg = to_string_lossy(stock_msg);
    let ctx = &*context;

-    match StockMessage::from_u32(stock_id)
-        .with_context(|| format!("Invalid stock message ID {stock_id}"))
-        .log_err(ctx)
-    {
-        Ok(id) => ctx
-            .set_stock_translation(id, msg)
-            .context("set_stock_translation failed")
+    block_on(async move {
+        match StockMessage::from_u32(stock_id)
+            .with_context(|| format!("Invalid stock message ID {stock_id}"))
            .log_err(ctx)
-            .is_ok() as libc::c_int,
-        Err(_) => 0,
-    }
+        {
+            Ok(id) => ctx
+                .set_stock_translation(id, msg)
+                .await
+                .context("set_stock_translation failed")
+                .log_err(ctx)
+                .is_ok() as libc::c_int,
+            Err(_) => 0,
+        }
+    })
 }

 #[no_mangle]
@@ -556,7 +559,6 @@ pub unsafe extern "C" fn dc_event_get_id(event: *mut dc_event_t) -> libc::c_int
        EventType::IncomingCallAccepted { .. } => 2560,
        EventType::OutgoingCallAccepted { .. } => 2570,
        EventType::CallEnded { .. } => 2580,
-        EventType::TransportsModified => 2600,
        #[allow(unreachable_patterns)]
        #[cfg(test)]
        _ => unreachable!("This is just to silence a rust_analyzer false-positive"),
@@ -591,8 +593,7 @@ pub unsafe extern "C" fn dc_event_get_data1_int(event: *mut dc_event_t) -> libc:
        | EventType::AccountsBackgroundFetchDone
        | EventType::ChatlistChanged
        | EventType::AccountsChanged
-        | EventType::AccountsItemChanged
-        | EventType::TransportsModified => 0,
+        | EventType::AccountsItemChanged => 0,
        EventType::IncomingReaction { contact_id, .. }
        | EventType::IncomingWebxdcNotify { contact_id, .. } => contact_id.to_u32() as libc::c_int,
        EventType::MsgsChanged { chat_id, .. }
@@ -677,10 +678,10 @@ pub unsafe extern "C" fn dc_event_get_data2_int(event: *mut dc_event_t) -> libc:
        | EventType::ChatModified(_)
        | EventType::ChatDeleted { .. }
        | EventType::WebxdcRealtimeAdvertisementReceived { .. }
+        | EventType::IncomingCallAccepted { .. }
        | EventType::OutgoingCallAccepted { .. }
        | EventType::CallEnded { .. }
-        | EventType::EventChannelOverflow { .. }
-        | EventType::TransportsModified => 0,
+        | EventType::EventChannelOverflow { .. } => 0,
        EventType::MsgsChanged { msg_id, .. }
        | EventType::ReactionsChanged { msg_id, .. }
        | EventType::IncomingReaction { msg_id, .. }
@@ -699,9 +700,6 @@ pub unsafe extern "C" fn dc_event_get_data2_int(event: *mut dc_event_t) -> libc:
        } => status_update_serial.to_u32() as libc::c_int,
        EventType::WebxdcRealtimeData { data, .. } => data.len() as libc::c_int,
        EventType::IncomingCall { has_video, .. } => *has_video as libc::c_int,
-        EventType::IncomingCallAccepted {
-            from_this_device, ..
-        } => *from_this_device as libc::c_int,

        #[allow(unreachable_patterns)]
        #[cfg(test)]
@@ -782,8 +780,7 @@ pub unsafe extern "C" fn dc_event_get_data2_str(event: *mut dc_event_t) -> *mut
        | EventType::AccountsChanged
        | EventType::AccountsItemChanged
        | EventType::IncomingCallAccepted { .. }
-        | EventType::WebxdcRealtimeAdvertisementReceived { .. }
-        | EventType::TransportsModified => ptr::null_mut(),
+        | EventType::WebxdcRealtimeAdvertisementReceived { .. } => ptr::null_mut(),
        EventType::IncomingCall {
            place_call_info, ..
        } => {
@@ -1181,7 +1178,6 @@ pub unsafe extern "C" fn dc_place_outgoing_call(
    context: *mut dc_context_t,
    chat_id: u32,
    place_call_info: *const libc::c_char,
-    has_video: bool,
 ) -> u32 {
    if context.is_null() || chat_id == 0 {
        eprintln!("ignoring careless call to dc_place_outgoing_call()");
@@ -1191,7 +1187,7 @@ pub unsafe extern "C" fn dc_place_outgoing_call(
    let chat_id = ChatId::new(chat_id);
    let place_call_info = to_string_lossy(place_call_info);

-    block_on(ctx.place_outgoing_call(chat_id, place_call_info, has_video))
+    block_on(ctx.place_outgoing_call(chat_id, place_call_info))
        .context("Failed to place call")
        .log_err(ctx)
        .map(|msg_id| msg_id.to_u32())
@@ -1520,23 +1516,6 @@ pub unsafe extern "C" fn dc_marknoticed_chat(context: *mut dc_context_t, chat_id
    })
 }

-#[no_mangle]
-pub unsafe extern "C" fn dc_markfresh_chat(context: *mut dc_context_t, chat_id: u32) {
-    if context.is_null() {
-        eprintln!("ignoring careless call to dc_markfresh_chat()");
-        return;
-    }
-    let ctx = &*context;
-
-    block_on(async move {
-        chat::markfresh_chat(ctx, ChatId::new(chat_id))
-            .await
-            .context("Failed markfresh chat")
-            .log_err(ctx)
-            .unwrap_or(())
-    })
-}
-
 fn from_prim<S, T>(s: S) -> Option<T>
 where
    T: FromPrimitive,
@@ -2278,6 +2257,22 @@ pub unsafe extern "C" fn dc_get_contacts(
    })
 }

+#[no_mangle]
+pub unsafe extern "C" fn dc_get_blocked_cnt(context: *mut dc_context_t) -> libc::c_int {
+    if context.is_null() {
+        eprintln!("ignoring careless call to dc_get_blocked_cnt()");
+        return 0;
+    }
+    let ctx = &*context;
+
+    block_on(async move {
+        Contact::get_all_blocked(ctx)
+            .await
+            .unwrap_or_log_default(ctx, "failed to get blocked count")
+            .len() as libc::c_int
+    })
+}
+
 #[no_mangle]
 pub unsafe extern "C" fn dc_get_blocked_contacts(
    context: *mut dc_context_t,
@@ -2443,6 +2438,45 @@ pub unsafe extern "C" fn dc_imex_has_backup(
    }
 }

+#[no_mangle]
+pub unsafe extern "C" fn dc_initiate_key_transfer(context: *mut dc_context_t) -> *mut libc::c_char {
+    if context.is_null() {
+        eprintln!("ignoring careless call to dc_initiate_key_transfer()");
+        return ptr::null_mut(); // NULL explicitly defined as "error"
+    }
+    let ctx = &*context;
+
+    match block_on(imex::initiate_key_transfer(ctx))
+        .context("dc_initiate_key_transfer()")
+        .log_err(ctx)
+    {
+        Ok(res) => res.strdup(),
+        Err(_) => ptr::null_mut(),
+    }
+}
+
+#[no_mangle]
+pub unsafe extern "C" fn dc_continue_key_transfer(
+    context: *mut dc_context_t,
+    msg_id: u32,
+    setup_code: *const libc::c_char,
+) -> libc::c_int {
+    if context.is_null() || msg_id <= constants::DC_MSG_ID_LAST_SPECIAL || setup_code.is_null() {
+        eprintln!("ignoring careless call to dc_continue_key_transfer()");
+        return 0;
+    }
+    let ctx = &*context;
+
+    block_on(imex::continue_key_transfer(
+        ctx,
+        MsgId::new(msg_id),
+        &to_string_lossy(setup_code),
+    ))
+    .context("dc_continue_key_transfer")
+    .log_err(ctx)
+    .is_ok() as libc::c_int
+}
+
 #[no_mangle]
 pub unsafe extern "C" fn dc_stop_ongoing_process(context: *mut dc_context_t) {
    if context.is_null() {
@@ -3765,6 +3799,16 @@ pub unsafe extern "C" fn dc_msg_get_webxdc_href(msg: *mut dc_msg_t) -> *mut libc
    ffi_msg.message.get_webxdc_href().strdup()
 }

+#[no_mangle]
+pub unsafe extern "C" fn dc_msg_is_setupmessage(msg: *mut dc_msg_t) -> libc::c_int {
+    if msg.is_null() {
+        eprintln!("ignoring careless call to dc_msg_is_setupmessage()");
+        return 0;
+    }
+    let ffi_msg = &*msg;
+    ffi_msg.message.is_setupmessage().into()
+}
+
 #[no_mangle]
 pub unsafe extern "C" fn dc_msg_has_html(msg: *mut dc_msg_t) -> libc::c_int {
    if msg.is_null() {
@@ -3775,6 +3819,20 @@ pub unsafe extern "C" fn dc_msg_has_html(msg: *mut dc_msg_t) -> libc::c_int {
    ffi_msg.message.has_html().into()
 }

+#[no_mangle]
+pub unsafe extern "C" fn dc_msg_get_setupcodebegin(msg: *mut dc_msg_t) -> *mut libc::c_char {
+    if msg.is_null() {
+        eprintln!("ignoring careless call to dc_msg_get_setupcodebegin()");
+        return "".strdup();
+    }
+    let ffi_msg = &*msg;
+    let ctx = &*ffi_msg.context;
+
+    block_on(ffi_msg.message.get_setupcodebegin(ctx))
+        .unwrap_or_default()
+        .strdup()
+}
+
 #[no_mangle]
 pub unsafe extern "C" fn dc_msg_set_text(msg: *mut dc_msg_t, text: *const libc::c_char) {
    if msg.is_null() {
@@ -4677,13 +4735,33 @@ pub unsafe extern "C" fn dc_provider_unref(provider: *mut dc_provider_t) {

 /// Reader-writer lock wrapper for accounts manager to guarantee thread safety when using
 /// `dc_accounts_t` in multiple threads at once.
-pub type dc_accounts_t = RwLock<Accounts>;
+pub struct AccountsWrapper {
+    inner: Arc<RwLock<Accounts>>,
+}
+
+impl Deref for AccountsWrapper {
+    type Target = Arc<RwLock<Accounts>>;
+
+    fn deref(&self) -> &Self::Target {
+        &self.inner
+    }
+}
+
+impl AccountsWrapper {
+    fn new(accounts: Accounts) -> Self {
+        let inner = Arc::new(RwLock::new(accounts));
+        Self { inner }
+    }
+}
+
+/// Struct representing a list of deltachat accounts.
+pub type dc_accounts_t = AccountsWrapper;

 #[no_mangle]
 pub unsafe extern "C" fn dc_accounts_new(
    dir: *const libc::c_char,
    writable: libc::c_int,
-) -> *const dc_accounts_t {
+) -> *mut dc_accounts_t {
    setup_panic!();

    if dir.is_null() {
@@ -4694,99 +4772,7 @@ pub unsafe extern "C" fn dc_accounts_new(
    let accs = block_on(Accounts::new(as_path(dir).into(), writable != 0));

    match accs {
-        Ok(accs) => Arc::into_raw(Arc::new(RwLock::new(accs))),
-        Err(err) => {
-            // We are using Anyhow's .context() and to show the inner error, too, we need the {:#}:
-            eprintln!("failed to create accounts: {err:#}");
-            ptr::null_mut()
-        }
-    }
-}
-
-pub type dc_event_channel_t = Mutex<Option<Events>>;
-
-#[no_mangle]
-pub unsafe extern "C" fn dc_event_channel_new() -> *mut dc_event_channel_t {
-    Box::into_raw(Box::new(Mutex::new(Some(Events::new()))))
-}
-
-/// Release the events channel structure.
-///
-/// This function releases the memory of the `dc_event_channel_t` structure.
-///
-/// you can call it after calling dc_accounts_new_with_event_channel,
-/// which took the events channel out of it already, so this just frees the underlying option.
-#[no_mangle]
-pub unsafe extern "C" fn dc_event_channel_unref(event_channel: *mut dc_event_channel_t) {
-    if event_channel.is_null() {
-        eprintln!("ignoring careless call to dc_event_channel_unref()");
-        return;
-    }
-    drop(Box::from_raw(event_channel))
-}
-
-#[no_mangle]
-pub unsafe extern "C" fn dc_event_channel_get_event_emitter(
-    event_channel: *mut dc_event_channel_t,
-) -> *mut dc_event_emitter_t {
-    if event_channel.is_null() {
-        eprintln!("ignoring careless call to dc_event_channel_get_event_emitter()");
-        return ptr::null_mut();
-    }
-
-    let Some(event_channel) = &*(*event_channel)
-        .lock()
-        .expect("call to dc_event_channel_get_event_emitter() failed: mutex is poisoned")
-    else {
-        eprintln!(
-            "ignoring careless call to dc_event_channel_get_event_emitter() 
-            -> channel was already consumed, make sure you call this before dc_accounts_new_with_event_channel"
-        );
-        return ptr::null_mut();
-    };
-
-    let emitter = event_channel.get_emitter();
-
-    Box::into_raw(Box::new(emitter))
-}
-
-#[no_mangle]
-pub unsafe extern "C" fn dc_accounts_new_with_event_channel(
-    dir: *const libc::c_char,
-    writable: libc::c_int,
-    event_channel: *mut dc_event_channel_t,
-) -> *const dc_accounts_t {
-    setup_panic!();
-
-    if dir.is_null() || event_channel.is_null() {
-        eprintln!("ignoring careless call to dc_accounts_new_with_event_channel()");
-        return ptr::null_mut();
-    }
-
-    // consuming channel enforce that you need to get the event emitter
-    // before initializing the account manager,
-    // so that you don't miss events/errors during initialisation.
-    // It also prevents you from using the same channel on multiple account managers.
-    let Some(event_channel) = (*event_channel)
-        .lock()
-        .expect("call to dc_event_channel_get_event_emitter() failed: mutex is poisoned")
-        .take()
-    else {
-        eprintln!(
-            "ignoring careless call to dc_accounts_new_with_event_channel()
-            -> channel was already consumed"
-        );
-        return ptr::null_mut();
-    };
-
-    let accs = block_on(Accounts::new_with_events(
-        as_path(dir).into(),
-        writable != 0,
-        event_channel,
-    ));
-
-    match accs {
-        Ok(accs) => Arc::into_raw(Arc::new(RwLock::new(accs))),
+        Ok(accs) => Box::into_raw(Box::new(AccountsWrapper::new(accs))),
        Err(err) => {
            // We are using Anyhow's .context() and to show the inner error, too, we need the {:#}:
            eprintln!("failed to create accounts: {err:#}");
@@ -4799,17 +4785,17 @@ pub unsafe extern "C" fn dc_accounts_new_with_event_channel(
 ///
 /// This function releases the memory of the `dc_accounts_t` structure.
 #[no_mangle]
-pub unsafe extern "C" fn dc_accounts_unref(accounts: *const dc_accounts_t) {
+pub unsafe extern "C" fn dc_accounts_unref(accounts: *mut dc_accounts_t) {
    if accounts.is_null() {
        eprintln!("ignoring careless call to dc_accounts_unref()");
        return;
    }
-    drop(Arc::from_raw(accounts));
+    let _ = Box::from_raw(accounts);
 }

 #[no_mangle]
 pub unsafe extern "C" fn dc_accounts_get_account(
-    accounts: *const dc_accounts_t,
+    accounts: *mut dc_accounts_t,
    id: u32,
 ) -> *mut dc_context_t {
    if accounts.is_null() {
@@ -4826,7 +4812,7 @@ pub unsafe extern "C" fn dc_accounts_get_account(

 #[no_mangle]
 pub unsafe extern "C" fn dc_accounts_get_selected_account(
-    accounts: *const dc_accounts_t,
+    accounts: *mut dc_accounts_t,
 ) -> *mut dc_context_t {
    if accounts.is_null() {
        eprintln!("ignoring careless call to dc_accounts_get_selected_account()");
@@ -4842,7 +4828,7 @@ pub unsafe extern "C" fn dc_accounts_get_selected_account(

 #[no_mangle]
 pub unsafe extern "C" fn dc_accounts_select_account(
-    accounts: *const dc_accounts_t,
+    accounts: *mut dc_accounts_t,
    id: u32,
 ) -> libc::c_int {
    if accounts.is_null() {
@@ -4866,13 +4852,13 @@ pub unsafe extern "C" fn dc_accounts_select_account(
 }

 #[no_mangle]
-pub unsafe extern "C" fn dc_accounts_add_account(accounts: *const dc_accounts_t) -> u32 {
+pub unsafe extern "C" fn dc_accounts_add_account(accounts: *mut dc_accounts_t) -> u32 {
    if accounts.is_null() {
        eprintln!("ignoring careless call to dc_accounts_add_account()");
        return 0;
    }

-    let accounts = &*accounts;
+    let accounts = &mut *accounts;

    block_on(async move {
        let mut accounts = accounts.write().await;
@@ -4887,13 +4873,13 @@ pub unsafe extern "C" fn dc_accounts_add_account(accounts: *const dc_accounts_t)
 }

 #[no_mangle]
-pub unsafe extern "C" fn dc_accounts_add_closed_account(accounts: *const dc_accounts_t) -> u32 {
+pub unsafe extern "C" fn dc_accounts_add_closed_account(accounts: *mut dc_accounts_t) -> u32 {
    if accounts.is_null() {
        eprintln!("ignoring careless call to dc_accounts_add_closed_account()");
        return 0;
    }

-    let accounts = &*accounts;
+    let accounts = &mut *accounts;

    block_on(async move {
        let mut accounts = accounts.write().await;
@@ -4909,7 +4895,7 @@ pub unsafe extern "C" fn dc_accounts_add_closed_account(accounts: *const dc_acco

 #[no_mangle]
 pub unsafe extern "C" fn dc_accounts_remove_account(
-    accounts: *const dc_accounts_t,
+    accounts: *mut dc_accounts_t,
    id: u32,
 ) -> libc::c_int {
    if accounts.is_null() {
@@ -4917,7 +4903,7 @@ pub unsafe extern "C" fn dc_accounts_remove_account(
        return 0;
    }

-    let accounts = &*accounts;
+    let accounts = &mut *accounts;

    block_on(async move {
        let mut accounts = accounts.write().await;
@@ -4935,7 +4921,7 @@ pub unsafe extern "C" fn dc_accounts_remove_account(

 #[no_mangle]
 pub unsafe extern "C" fn dc_accounts_migrate_account(
-    accounts: *const dc_accounts_t,
+    accounts: *mut dc_accounts_t,
    dbfile: *const libc::c_char,
 ) -> u32 {
    if accounts.is_null() || dbfile.is_null() {
@@ -4943,7 +4929,7 @@ pub unsafe extern "C" fn dc_accounts_migrate_account(
        return 0;
    }

-    let accounts = &*accounts;
+    let accounts = &mut *accounts;
    let dbfile = to_string_lossy(dbfile);

    block_on(async move {
@@ -4964,7 +4950,7 @@ pub unsafe extern "C" fn dc_accounts_migrate_account(
 }

 #[no_mangle]
-pub unsafe extern "C" fn dc_accounts_get_all(accounts: *const dc_accounts_t) -> *mut dc_array_t {
+pub unsafe extern "C" fn dc_accounts_get_all(accounts: *mut dc_accounts_t) -> *mut dc_array_t {
    if accounts.is_null() {
        eprintln!("ignoring careless call to dc_accounts_get_all()");
        return ptr::null_mut();
@@ -4978,18 +4964,18 @@ pub unsafe extern "C" fn dc_accounts_get_all(accounts: *const dc_accounts_t) ->
 }

 #[no_mangle]
-pub unsafe extern "C" fn dc_accounts_start_io(accounts: *const dc_accounts_t) {
+pub unsafe extern "C" fn dc_accounts_start_io(accounts: *mut dc_accounts_t) {
    if accounts.is_null() {
        eprintln!("ignoring careless call to dc_accounts_start_io()");
        return;
    }

-    let accounts = &*accounts;
+    let accounts = &mut *accounts;
    block_on(async move { accounts.write().await.start_io().await });
 }

 #[no_mangle]
-pub unsafe extern "C" fn dc_accounts_stop_io(accounts: *const dc_accounts_t) {
+pub unsafe extern "C" fn dc_accounts_stop_io(accounts: *mut dc_accounts_t) {
    if accounts.is_null() {
        eprintln!("ignoring careless call to dc_accounts_stop_io()");
        return;
@@ -5000,7 +4986,7 @@ pub unsafe extern "C" fn dc_accounts_stop_io(accounts: *const dc_accounts_t) {
 }

 #[no_mangle]
-pub unsafe extern "C" fn dc_accounts_maybe_network(accounts: *const dc_accounts_t) {
+pub unsafe extern "C" fn dc_accounts_maybe_network(accounts: *mut dc_accounts_t) {
    if accounts.is_null() {
        eprintln!("ignoring careless call to dc_accounts_maybe_network()");
        return;
@@ -5011,7 +4997,7 @@ pub unsafe extern "C" fn dc_accounts_maybe_network(accounts: *const dc_accounts_
 }

 #[no_mangle]
-pub unsafe extern "C" fn dc_accounts_maybe_network_lost(accounts: *const dc_accounts_t) {
+pub unsafe extern "C" fn dc_accounts_maybe_network_lost(accounts: *mut dc_accounts_t) {
    if accounts.is_null() {
        eprintln!("ignoring careless call to dc_accounts_maybe_network_lost()");
        return;
@@ -5023,7 +5009,7 @@ pub unsafe extern "C" fn dc_accounts_maybe_network_lost(accounts: *const dc_acco

 #[no_mangle]
 pub unsafe extern "C" fn dc_accounts_background_fetch(
-    accounts: *const dc_accounts_t,
+    accounts: *mut dc_accounts_t,
    timeout_in_seconds: u64,
 ) -> libc::c_int {
    if accounts.is_null() || timeout_in_seconds <= 2 {
@@ -5041,20 +5027,9 @@ pub unsafe extern "C" fn dc_accounts_background_fetch(
    1
 }

-#[no_mangle]
-pub unsafe extern "C" fn dc_accounts_stop_background_fetch(accounts: *const dc_accounts_t) {
-    if accounts.is_null() {
-        eprintln!("ignoring careless call to dc_accounts_stop_background_fetch()");
-        return;
-    }
-
-    let accounts = &*accounts;
-    block_on(accounts.read()).stop_background_fetch();
-}
-
 #[no_mangle]
 pub unsafe extern "C" fn dc_accounts_set_push_device_token(
-    accounts: *const dc_accounts_t,
+    accounts: *mut dc_accounts_t,
    token: *const libc::c_char,
 ) {
    if accounts.is_null() {
@@ -5077,7 +5052,7 @@ pub unsafe extern "C" fn dc_accounts_set_push_device_token(

 #[no_mangle]
 pub unsafe extern "C" fn dc_accounts_get_event_emitter(
-    accounts: *const dc_accounts_t,
+    accounts: *mut dc_accounts_t,
 ) -> *mut dc_event_emitter_t {
    if accounts.is_null() {
        eprintln!("ignoring careless call to dc_accounts_get_event_emitter()");
@@ -5097,17 +5072,17 @@ pub struct dc_jsonrpc_instance_t {

 #[no_mangle]
 pub unsafe extern "C" fn dc_jsonrpc_init(
-    account_manager: *const dc_accounts_t,
+    account_manager: *mut dc_accounts_t,
 ) -> *mut dc_jsonrpc_instance_t {
    if account_manager.is_null() {
        eprintln!("ignoring careless call to dc_jsonrpc_init()");
        return ptr::null_mut();
    }

-    let account_manager = ManuallyDrop::new(Arc::from_raw(account_manager));
-    let cmd_api = block_on(deltachat_jsonrpc::api::CommandApi::from_arc(Arc::clone(
-        &account_manager,
-    )));
+    let account_manager = &*account_manager;
+    let cmd_api = block_on(deltachat_jsonrpc::api::CommandApi::from_arc(
+        account_manager.inner.clone(),
+    ));

    let (request_handle, receiver) = RpcClient::new();
    let handle = RpcSession::new(request_handle, cmd_api);
--- a/deltachat-ffi/src/lot.rs
+++ b/deltachat-ffi/src/lot.rs
@@ -58,10 +58,8 @@ impl Lot {
                Qr::Text { text } => Some(Cow::Borrowed(text)),
                Qr::WithdrawVerifyContact { .. } => None,
                Qr::WithdrawVerifyGroup { grpname, .. } => Some(Cow::Borrowed(grpname)),
-                Qr::WithdrawJoinBroadcast { name, .. } => Some(Cow::Borrowed(name)),
                Qr::ReviveVerifyContact { .. } => None,
                Qr::ReviveVerifyGroup { grpname, .. } => Some(Cow::Borrowed(grpname)),
-                Qr::ReviveJoinBroadcast { name, .. } => Some(Cow::Borrowed(name)),
                Qr::Login { address, .. } => Some(Cow::Borrowed(address)),
            },
            Self::Error(err) => Some(Cow::Borrowed(err)),
@@ -114,10 +112,8 @@ impl Lot {
                Qr::Text { .. } => LotState::QrText,
                Qr::WithdrawVerifyContact { .. } => LotState::QrWithdrawVerifyContact,
                Qr::WithdrawVerifyGroup { .. } => LotState::QrWithdrawVerifyGroup,
-                Qr::WithdrawJoinBroadcast { .. } => LotState::QrWithdrawJoinBroadcast,
                Qr::ReviveVerifyContact { .. } => LotState::QrReviveVerifyContact,
                Qr::ReviveVerifyGroup { .. } => LotState::QrReviveVerifyGroup,
-                Qr::ReviveJoinBroadcast { .. } => LotState::QrReviveJoinBroadcast,
                Qr::Login { .. } => LotState::QrLogin,
            },
            Self::Error(_err) => LotState::QrError,
@@ -142,11 +138,9 @@ impl Lot {
                Qr::Url { .. } => Default::default(),
                Qr::Text { .. } => Default::default(),
                Qr::WithdrawVerifyContact { contact_id, .. } => contact_id.to_u32(),
-                Qr::WithdrawVerifyGroup { .. } | Qr::WithdrawJoinBroadcast { .. } => {
-                    Default::default()
-                }
+                Qr::WithdrawVerifyGroup { .. } => Default::default(),
                Qr::ReviveVerifyContact { contact_id, .. } => contact_id.to_u32(),
-                Qr::ReviveVerifyGroup { .. } | Qr::ReviveJoinBroadcast { .. } => Default::default(),
+                Qr::ReviveVerifyGroup { .. } => Default::default(),
                Qr::Login { .. } => Default::default(),
            },
            Self::Error(_) => Default::default(),
@@ -213,15 +207,11 @@ pub enum LotState {

    /// text1=groupname
    QrWithdrawVerifyGroup = 502,
-    /// text1=broadcast channel name
-    QrWithdrawJoinBroadcast = 504,

    QrReviveVerifyContact = 510,

    /// text1=groupname
    QrReviveVerifyGroup = 512,
-    /// text1=groupname
-    QrReviveJoinBroadcast = 514,

    /// text1=email_address
    QrLogin = 520,
--- a/deltachat-jsonrpc/Cargo.toml
+++ b/deltachat-jsonrpc/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "deltachat-jsonrpc"
-version = "2.48.0"
+version = "2.26.0"
 description = "DeltaChat JSON-RPC API"
 edition = "2021"
 license = "MPL-2.0"
@@ -19,6 +19,7 @@ yerpc = { workspace = true, features = ["anyhow_expose", "openrpc"] }
 typescript-type-def = { version = "0.5.13", features = ["json_value"] }
 tokio = { workspace = true }
 sanitize-filename = { workspace = true }
+walkdir = "2.5.0"
 base64 = { workspace = true }

 [dev-dependencies]
--- a/deltachat-jsonrpc/src/api.rs
+++ b/deltachat-jsonrpc/src/api.rs
@@ -10,38 +10,37 @@ pub use deltachat::accounts::Accounts;
 use deltachat::blob::BlobObject;
 use deltachat::calls::ice_servers;
 use deltachat::chat::{
-    self, add_contact_to_chat, forward_msgs, forward_msgs_2ctx, get_chat_media, get_chat_msgs,
-    get_chat_msgs_ex, markfresh_chat, marknoticed_all_chats, marknoticed_chat,
-    remove_contact_from_chat, Chat, ChatId, ChatItem, MessageListOptions,
+    self, add_contact_to_chat, forward_msgs, get_chat_media, get_chat_msgs, get_chat_msgs_ex,
+    marknoticed_chat, remove_contact_from_chat, Chat, ChatId, ChatItem, MessageListOptions,
 };
 use deltachat::chatlist::Chatlist;
-use deltachat::config::{get_all_ui_config_keys, Config};
+use deltachat::config::Config;
 use deltachat::constants::DC_MSG_ID_DAYMARKER;
 use deltachat::contact::{may_be_valid_addr, Contact, ContactId, Origin};
 use deltachat::context::get_info;
 use deltachat::ephemeral::Timer;
 use deltachat::imex;
 use deltachat::location;
+use deltachat::message::get_msg_read_receipts;
 use deltachat::message::{
-    self, delete_msgs_ex, get_existing_msg_ids, get_msg_read_receipt_count, get_msg_read_receipts,
-    markseen_msgs, Message, MessageState, MsgId, Viewtype,
+    self, delete_msgs_ex, markseen_msgs, Message, MessageState, MsgId, Viewtype,
 };
 use deltachat::peer_channels::{
    leave_webxdc_realtime, send_webxdc_realtime_advertisement, send_webxdc_realtime_data,
 };
 use deltachat::provider::get_provider_info;
 use deltachat::qr::{self, Qr};
-use deltachat::qr_code_generator::{create_qr_svg, generate_backup_qr, get_securejoin_qr_svg};
+use deltachat::qr_code_generator::{generate_backup_qr, get_securejoin_qr_svg};
 use deltachat::reaction::{get_msg_reactions, send_reaction};
 use deltachat::securejoin;
 use deltachat::stock_str::StockMessage;
-use deltachat::storage_usage::{get_blobdir_storage_usage, get_storage_usage};
 use deltachat::webxdc::StatusUpdateSerial;
 use deltachat::EventEmitter;
 use sanitize_filename::is_sanitized;
 use tokio::fs;
 use tokio::sync::{watch, Mutex, RwLock};
 use types::login_param::EnteredLoginParam;
+use walkdir::WalkDir;
 use yerpc::rpc;

 pub mod types;
@@ -68,7 +67,6 @@ use self::types::{
    },
 };
 use crate::api::types::chat_list::{get_chat_list_item_by_id, ChatListItemFetchResult};
-use crate::api::types::login_param::TransportListEntry;
 use crate::api::types::qr::{QrObject, SecurejoinSource, SecurejoinUiPath};

 #[derive(Debug)]
@@ -122,14 +120,14 @@ impl CommandApi {
        }
    }

-    async fn get_context_opt(&self, id: u32) -> Option<deltachat::context::Context> {
-        self.accounts.read().await.get_account(id)
-    }
-
    async fn get_context(&self, id: u32) -> Result<deltachat::context::Context> {
-        self.get_context_opt(id)
+        let sc = self
+            .accounts
+            .read()
            .await
-            .ok_or_else(|| anyhow!("account with id {id} not found"))
+            .get_account(id)
+            .ok_or_else(|| anyhow!("account with id {id} not found"))?;
+        Ok(sc)
    }

    async fn with_state<F, T>(&self, id: u32, with_state: F) -> T
@@ -195,16 +193,6 @@ impl CommandApi {
            .context("event channel is closed")
    }

-    /// Waits for at least one event and return a batch of events.
-    async fn get_next_event_batch(&self) -> Vec<Event> {
-        self.event_emitter
-            .recv_batch()
-            .await
-            .into_iter()
-            .map(|event| event.into())
-            .collect()
-    }
-
    // ---------------------------------------------
    // Account Management
    // ---------------------------------------------
@@ -285,7 +273,7 @@ impl CommandApi {
    /// The `AccountsBackgroundFetchDone` event is emitted at the end even in case of timeout.
    /// Process all events until you get this one and you can safely return to the background
    /// without forgetting to create notifications caused by timing race conditions.
-    async fn background_fetch(&self, timeout_in_seconds: f64) -> Result<()> {
+    async fn accounts_background_fetch(&self, timeout_in_seconds: f64) -> Result<()> {
        let future = {
            let lock = self.accounts.read().await;
            lock.background_fetch(std::time::Duration::from_secs_f64(timeout_in_seconds))
@@ -295,11 +283,6 @@ impl CommandApi {
        Ok(())
    }

-    async fn stop_background_fetch(&self) -> Result<()> {
-        self.accounts.read().await.stop_background_fetch();
-        Ok(())
-    }
-
    // ---------------------------------------------
    // Methods that work on individual accounts
    // ---------------------------------------------
@@ -340,7 +323,13 @@ impl CommandApi {
    async fn get_account_file_size(&self, account_id: u32) -> Result<u64> {
        let ctx = self.get_context(account_id).await?;
        let dbfile = ctx.get_dbfile().metadata()?.len();
-        let total_size = get_blobdir_storage_usage(&ctx);
+        let total_size = WalkDir::new(ctx.get_blobdir())
+            .max_depth(2)
+            .into_iter()
+            .filter_map(|entry| entry.ok())
+            .filter_map(|entry| entry.metadata().ok())
+            .filter(|metadata| metadata.is_file())
+            .fold(0, |acc, m| acc + m.len());

        Ok(dbfile + total_size)
    }
@@ -372,13 +361,6 @@ impl CommandApi {
        ctx.get_info().await
    }

-    /// Get storage usage report as formatted string
-    async fn get_storage_usage_report_string(&self, account_id: u32) -> Result<String> {
-        let ctx = self.get_context(account_id).await?;
-        let storage_usage = get_storage_usage(&ctx).await?;
-        Ok(storage_usage.to_string())
-    }
-
    /// Get the blob dir.
    async fn get_blob_dir(&self, account_id: u32) -> Result<Option<String>> {
        let ctx = self.get_context(account_id).await?;
@@ -427,11 +409,11 @@ impl CommandApi {
        Ok(())
    }

-    /// Set configuration values from a QR code (technically from the URI stored in it).
-    /// Before this function is called, `check_qr()` should be used to get the QR code type.
+    /// Set configuration values from a QR code. (technically from the URI that is stored in the qrcode)
+    /// Before this function is called, `checkQr()` should confirm the type of the
+    /// QR code is `account` or `webrtcInstance`.
    ///
-    /// "DCACCOUNT:" and "DCLOGIN:" QR codes configure the account, but I/O mustn't be started for
-    /// such QR codes, consider using [`Self::add_transport_from_qr`] which also restarts I/O.
+    /// Internally, the function will call dc_set_config() with the appropriate keys,
    async fn set_config_from_qr(&self, account_id: u32, qr_content: String) -> Result<()> {
        let ctx = self.get_context(account_id).await?;
        qr::set_config_from_qr(&ctx, &qr_content).await
@@ -463,17 +445,13 @@ impl CommandApi {
        Ok(result)
    }

-    /// Returns all `ui.*` config keys that were set by the UI.
-    async fn get_all_ui_config_keys(&self, account_id: u32) -> Result<Vec<String>> {
-        let ctx = self.get_context(account_id).await?;
-        get_all_ui_config_keys(&ctx).await
-    }
-
    async fn set_stock_strings(&self, strings: HashMap<u32, String>) -> Result<()> {
        let accounts = self.accounts.read().await;
        for (stock_id, stock_message) in strings {
            if let Some(stock_id) = StockMessage::from_u32(stock_id) {
-                accounts.set_stock_translation(stock_id, stock_message)?;
+                accounts
+                    .set_stock_translation(stock_id, stock_message)
+                    .await?;
            }
        }
        Ok(())
@@ -527,7 +505,6 @@ impl CommandApi {
    ///   from a server encoded in a QR code.
    /// - [Self::list_transports()] to get a list of all configured transports.
    /// - [Self::delete_transport()] to remove a transport.
-    /// - [Self::set_transport_unpublished()] to set whether contacts see this transport.
    async fn add_or_update_transport(
        &self,
        account_id: u32,
@@ -553,23 +530,7 @@ impl CommandApi {
    /// Returns the list of all email accounts that are used as a transport in the current profile.
    /// Use [Self::add_or_update_transport()] to add or change a transport
    /// and [Self::delete_transport()] to delete a transport.
-    /// Use [Self::list_transports_ex()] to additionally query
-    /// whether the transports are marked as 'unpublished'.
    async fn list_transports(&self, account_id: u32) -> Result<Vec<EnteredLoginParam>> {
-        let ctx = self.get_context(account_id).await?;
-        let res = ctx
-            .list_transports()
-            .await?
-            .into_iter()
-            .map(|t| t.param.into())
-            .collect();
-        Ok(res)
-    }
-
-    /// Returns the list of all email accounts that are used as a transport in the current profile.
-    /// Use [Self::add_or_update_transport()] to add or change a transport
-    /// and [Self::delete_transport()] to delete a transport.
-    async fn list_transports_ex(&self, account_id: u32) -> Result<Vec<TransportListEntry>> {
        let ctx = self.get_context(account_id).await?;
        let res = ctx
            .list_transports()
@@ -587,26 +548,6 @@ impl CommandApi {
        ctx.delete_transport(&addr).await
    }

-    /// Change whether the transport is unpublished.
-    ///
-    /// Unpublished transports are not advertised to contacts,
-    /// and self-sent messages are not sent there,
-    /// so that we don't cause extra messages to the corresponding inbox,
-    /// but can still receive messages from contacts who don't know our new transport addresses yet.
-    ///
-    /// The default is false, but when the user updates from a version that didn't have this flag,
-    /// existing secondary transports are set to unpublished,
-    /// so that an existing transport address doesn't suddenly get spammed with a lot of messages.
-    async fn set_transport_unpublished(
-        &self,
-        account_id: u32,
-        addr: String,
-        unpublished: bool,
-    ) -> Result<()> {
-        let ctx = self.get_context(account_id).await?;
-        ctx.set_transport_unpublished(&addr, unpublished).await
-    }
-
    /// Signal an ongoing process to stop.
    async fn stop_ongoing_process(&self, account_id: u32) -> Result<()> {
        let ctx = self.get_context(account_id).await?;
@@ -735,6 +676,25 @@ impl CommandApi {
        message::estimate_deletion_cnt(&ctx, from_server, seconds).await
    }

+    // ---------------------------------------------
+    //  autocrypt
+    // ---------------------------------------------
+
+    async fn initiate_autocrypt_key_transfer(&self, account_id: u32) -> Result<String> {
+        let ctx = self.get_context(account_id).await?;
+        deltachat::imex::initiate_key_transfer(&ctx).await
+    }
+
+    async fn continue_autocrypt_key_transfer(
+        &self,
+        account_id: u32,
+        message_id: u32,
+        setup_code: String,
+    ) -> Result<()> {
+        let ctx = self.get_context(account_id).await?;
+        deltachat::imex::continue_key_transfer(&ctx, MsgId::new(message_id), &setup_code).await
+    }
+
    // ---------------------------------------------
    //   chat list
    // ---------------------------------------------
@@ -828,11 +788,11 @@ impl CommandApi {
    /// Delete a chat.
    ///
    /// Messages are deleted from the device and the chat database entry is deleted.
-    /// After that, a `MsgsChanged` event is emitted.
-    /// Messages are deleted from the server in background.
+    /// After that, the event #DC_EVENT_MSGS_CHANGED is posted.
    ///
    /// Things that are _not done_ implicitly:
    ///
+    /// - Messages are **not deleted from the server**.
    /// - The chat or the contact is **not blocked**, so new messages from the user/the group may appear as a contact request
    ///   and the user may create the chat again.
    /// - **Groups are not left** - this would
@@ -881,8 +841,6 @@ impl CommandApi {
    /// if `checkQr()` returns `askVerifyContact` or `askVerifyGroup`
    /// an out-of-band-verification can be joined using `secure_join()`
    ///
-    /// @deprecated as of 2026-03; use create_qr_svg(get_chat_securejoin_qr_code()) instead.
-    ///
    /// chat_id: If set to a group-chat-id,
    ///     the Verified-Group-Invite protocol is offered in the QR code;
    ///     works for protected groups as well as for normal groups.
@@ -1097,8 +1055,7 @@ impl CommandApi {
    /// Set group name.
    ///
    /// If the group is already _promoted_ (any message was sent to the group),
-    /// or if this is a brodacast channel,
-    /// all members are informed by a special status message that is sent automatically by this function.
+    /// all group members are informed by a special status message that is sent automatically by this function.
    ///
    /// Sends out #DC_EVENT_CHAT_MODIFIED and #DC_EVENT_MSGS_CHANGED if a status message was sent.
    async fn set_chat_name(&self, account_id: u32, chat_id: u32, new_name: String) -> Result<()> {
@@ -1106,39 +1063,10 @@ impl CommandApi {
        chat::set_chat_name(&ctx, ChatId::new(chat_id), &new_name).await
    }

-    /// Set group or broadcast channel description.
-    ///
-    /// If the group is already _promoted_ (any message was sent to the group),
-    /// or if this is a brodacast channel,
-    /// all members are informed by a special status message that is sent automatically by this function.
-    ///
-    /// Sends out #DC_EVENT_CHAT_MODIFIED and #DC_EVENT_MSGS_CHANGED if a status message was sent.
-    ///
-    /// See also [`Self::get_chat_description`] / `getChatDescription()`.
-    async fn set_chat_description(
-        &self,
-        account_id: u32,
-        chat_id: u32,
-        description: String,
-    ) -> Result<()> {
-        let ctx = self.get_context(account_id).await?;
-        chat::set_chat_description(&ctx, ChatId::new(chat_id), &description).await
-    }
-
-    /// Load the chat description from the database.
-    ///
-    /// UIs show this in the profile page of the chat,
-    /// it is settable by [`Self::set_chat_description`] / `setChatDescription()`.
-    async fn get_chat_description(&self, account_id: u32, chat_id: u32) -> Result<String> {
-        let ctx = self.get_context(account_id).await?;
-        chat::get_chat_description(&ctx, ChatId::new(chat_id)).await
-    }
-
    /// Set group profile image.
    ///
    /// If the group is already _promoted_ (any message was sent to the group),
-    /// or if this is a brodacast channel,
-    /// all members are informed by a special status message that is sent automatically by this function.
+    /// all group members are informed by a special status message that is sent automatically by this function.
    ///
    /// Sends out #DC_EVENT_CHAT_MODIFIED and #DC_EVENT_MSGS_CHANGED if a status message was sent.
    ///
@@ -1223,24 +1151,10 @@ impl CommandApi {
        Ok(None)
    }

-    /// Mark all messages in all chats as _noticed_.
-    /// Skips messages from blocked contacts, but does not skip messages in muted chats.
-    ///
-    /// _Noticed_ messages are no longer _fresh_ and do not count as being unseen
-    /// but are still waiting for being marked as "seen" using markseen_msgs()
-    /// (read receipts aren't sent for noticed messages).
-    ///
-    /// Calling this function usually results in the event #DC_EVENT_MSGS_NOTICED.
-    /// See also markseen_msgs().
-    pub async fn marknoticed_all_chats(&self, account_id: u32) -> Result<()> {
-        let ctx = self.get_context(account_id).await?;
-        marknoticed_all_chats(&ctx).await
-    }
-
    ///  Mark all messages in a chat as _noticed_.
    ///  _Noticed_ messages are no longer _fresh_ and do not count as being unseen
    ///  but are still waiting for being marked as "seen" using markseen_msgs()
-    ///  (read receipts aren't sent for noticed messages).
+    ///  (IMAP/MDNs is not done for noticed messages).
    ///
    ///  Calling this function usually results in the event #DC_EVENT_MSGS_NOTICED.
    ///  See also markseen_msgs().
@@ -1249,15 +1163,6 @@ impl CommandApi {
        marknoticed_chat(&ctx, ChatId::new(chat_id)).await
    }

-    /// Marks the last incoming message in the chat as _fresh_.
-    ///
-    /// UI can use this to offer a "mark unread" option,
-    /// so that already noticed chats get a badge counter again.
-    async fn markfresh_chat(&self, account_id: u32, chat_id: u32) -> Result<()> {
-        let ctx = self.get_context(account_id).await?;
-        markfresh_chat(&ctx, ChatId::new(chat_id)).await
-    }
-
    /// Returns the message that is immediately followed by the last seen
    /// message.
    /// From the point of view of the user this is effectively
@@ -1385,24 +1290,6 @@ impl CommandApi {
            .collect())
    }

-    /// Checks if the messages with given IDs exist.
-    ///
-    /// Returns IDs of existing messages.
-    async fn get_existing_msg_ids(&self, account_id: u32, msg_ids: Vec<u32>) -> Result<Vec<u32>> {
-        if let Some(context) = self.get_context_opt(account_id).await {
-            let msg_ids: Vec<MsgId> = msg_ids.into_iter().map(MsgId::new).collect();
-            let existing_msg_ids = get_existing_msg_ids(&context, &msg_ids).await?;
-            Ok(existing_msg_ids
-                .into_iter()
-                .map(|msg_id| msg_id.to_u32())
-                .collect())
-        } else {
-            // Account does not exist, so messages do not exist either,
-            // but this is not an error.
-            Ok(Vec::new())
-        }
-    }
-
    async fn get_message_list_items(
        &self,
        account_id: u32,
@@ -1516,18 +1403,6 @@ impl CommandApi {
        MessageInfo::from_msg_id(&ctx, MsgId::new(message_id)).await
    }

-    /// Returns count of read receipts on message.
-    ///
-    /// This view count is meant as a feedback measure for the channel owner only.
-    async fn get_message_read_receipt_count(
-        &self,
-        account_id: u32,
-        message_id: u32,
-    ) -> Result<usize> {
-        let ctx = self.get_context(account_id).await?;
-        get_msg_read_receipt_count(&ctx, MsgId::new(message_id)).await
-    }
-
    /// Returns contacts that sent read receipts and the time of reading.
    async fn get_message_read_receipts(
        &self,
@@ -2008,8 +1883,6 @@ impl CommandApi {
    /// even if there is no concurrent call to [`CommandApi::provide_backup`],
    /// but will fail after 60 seconds to avoid deadlocks.
    ///
-    /// @deprecated as of 2026-03; use `create_qr_svg(get_backup_qr())` instead.
-    ///
    /// Returns the QR code rendered as an SVG image.
    async fn get_backup_qr_svg(&self, account_id: u32) -> Result<String> {
        let ctx = self.get_context(account_id).await?;
@@ -2023,11 +1896,6 @@ impl CommandApi {
        generate_backup_qr(&ctx, &qr).await
    }

-    /// Renders the given text as a QR code SVG image.
-    async fn create_qr_svg(&self, text: String) -> Result<String> {
-        create_qr_svg(&text)
-    }
-
    /// Gets a backup from a remote provider.
    ///
    /// This retrieves the backup from a remote device over the network and imports it into
@@ -2242,11 +2110,10 @@ impl CommandApi {
        account_id: u32,
        chat_id: u32,
        place_call_info: String,
-        has_video: bool,
    ) -> Result<u32> {
        let ctx = self.get_context(account_id).await?;
        let msg_id = ctx
-            .place_outgoing_call(ChatId::new(chat_id), place_call_info, has_video)
+            .place_outgoing_call(ChatId::new(chat_id), place_call_info)
            .await?;
        Ok(msg_id.to_u32())
    }
@@ -2310,27 +2177,6 @@ impl CommandApi {
        forward_msgs(&ctx, &message_ids, ChatId::new(chat_id)).await
    }

-    /// Forward messages to a chat in another account.
-    /// See [`Self::forward_messages`] for more info.
-    async fn forward_messages_to_account(
-        &self,
-        src_account_id: u32,
-        src_message_ids: Vec<u32>,
-        dst_account_id: u32,
-        dst_chat_id: u32,
-    ) -> Result<()> {
-        let src_ctx = self.get_context(src_account_id).await?;
-        let dst_ctx = self.get_context(dst_account_id).await?;
-        let src_message_ids: Vec<MsgId> = src_message_ids.into_iter().map(MsgId::new).collect();
-        forward_msgs_2ctx(
-            &src_ctx,
-            &src_message_ids,
-            &dst_ctx,
-            ChatId::new(dst_chat_id),
-        )
-        .await
-    }
-
    /// Resend messages and make information available for newly added chat members.
    /// Resending sends out the original message, however, recipients and webxdc-status may differ.
    /// Clients that already have the original message can still ignore the resent message as
@@ -2541,10 +2387,7 @@ impl CommandApi {
                    continue;
                }
                let sticker_name = sticker_entry.file_name().into_string().unwrap_or_default();
-                if sticker_name.ends_with(".png")
-                    || sticker_name.ends_with(".webp")
-                    || sticker_name.ends_with(".gif")
-                {
+                if sticker_name.ends_with(".png") || sticker_name.ends_with(".webp") {
                    sticker_paths.push(
                        sticker_entry
                            .path()
--- a/deltachat-jsonrpc/src/api/types/account.rs
+++ b/deltachat-jsonrpc/src/api/types/account.rs
@@ -15,7 +15,7 @@ pub enum Account {
        display_name: Option<String>,
        addr: Option<String>,
        // size: u32,
-        profile_image: Option<String>,
+        profile_image: Option<String>, // TODO: This needs to be converted to work with blob http server.
        color: String,
        /// Optional tag as "Work", "Family".
        /// Meant to help profile owner to differ between profiles with similar names.
--- a/deltachat-jsonrpc/src/api/types/calls.rs
+++ b/deltachat-jsonrpc/src/api/types/calls.rs
@@ -1,6 +1,6 @@
 use anyhow::{Context as _, Result};

-use deltachat::calls::{call_state, CallState};
+use deltachat::calls::{call_state, sdp_has_video, CallState};
 use deltachat::context::Context;
 use deltachat::message::MsgId;
 use serde::Serialize;
@@ -15,7 +15,7 @@ pub struct JsonrpcCallInfo {
    /// even if incoming call event was missed.
    pub sdp_offer: String,

-    /// True if the call is started as a video call.
+    /// True if SDP offer has a video.
    pub has_video: bool,

    /// Call state.
@@ -30,7 +30,7 @@ impl JsonrpcCallInfo {
            format!("Attempting to get call state of non-call message {msg_id}")
        })?;
        let sdp_offer = call_info.place_call_info.clone();
-        let has_video = call_info.has_video_initially();
+        let has_video = sdp_has_video(&sdp_offer).unwrap_or_default();
        let state = JsonrpcCallState::from_msg_id(context, msg_id).await?;

        Ok(JsonrpcCallInfo {
--- a/deltachat-jsonrpc/src/api/types/chat.rs
+++ b/deltachat-jsonrpc/src/api/types/chat.rs
@@ -10,6 +10,7 @@ use serde::{Deserialize, Serialize};
 use typescript_type_def::TypeDef;

 use super::color_int_to_hex_string;
+use super::contact::ContactObject;

 #[derive(Serialize, TypeDef, schemars::JsonSchema)]
 #[serde(rename_all = "camelCase")]
@@ -47,6 +48,7 @@ pub struct FullChat {
    chat_type: JsonrpcChatType,
    is_unpromoted: bool,
    is_self_talk: bool,
+    contacts: Vec<ContactObject>,
    contact_ids: Vec<u32>,

    /// Contact IDs of the past chat members.
@@ -67,7 +69,7 @@ pub struct FullChat {
    // but that would be an extra DB query.
    self_in_group: bool,
    is_muted: bool,
-    ephemeral_timer: u32,
+    ephemeral_timer: u32, //TODO look if there are more important properties in newer core versions
    can_send: bool,
    was_seen_recently: bool,
    mailing_list_address: Option<String>,
@@ -81,6 +83,20 @@ impl FullChat {
        let contact_ids = get_chat_contacts(context, rust_chat_id).await?;
        let past_contact_ids = get_past_chat_contacts(context, rust_chat_id).await?;

+        let mut contacts = Vec::with_capacity(contact_ids.len());
+
+        for contact_id in &contact_ids {
+            contacts.push(
+                ContactObject::try_from_dc_contact(
+                    context,
+                    Contact::get_by_id(context, *contact_id)
+                        .await
+                        .context("failed to load contact")?,
+                )
+                .await?,
+            )
+        }
+
        let profile_image = match chat.get_profile_image(context).await? {
            Some(path_buf) => path_buf.to_str().map(|s| s.to_owned()),
            None => None,
@@ -116,6 +132,7 @@ impl FullChat {
            chat_type: chat.get_type().into(),
            is_unpromoted: chat.is_unpromoted(),
            is_self_talk: chat.is_self_talk(),
+            contacts,
            contact_ids: contact_ids.iter().map(|id| id.to_u32()).collect(),
            past_contact_ids: past_contact_ids.iter().map(|id| id.to_u32()).collect(),
            color,
@@ -133,6 +150,7 @@ impl FullChat {
 }

 /// cheaper version of fullchat, omits:
+/// - contacts
 /// - contact_ids
 /// - fresh_message_counter
 /// - ephemeral_timer
--- a/deltachat-jsonrpc/src/api/types/contact.rs
+++ b/deltachat-jsonrpc/src/api/types/contact.rs
@@ -47,7 +47,8 @@ pub struct ContactObject {
    ///
    /// - If `verifierId` != 0,
    ///   display text "Introduced by ..."
-    ///   with the name of the contact.
+    ///   with the name and address of the contact
+    ///   formatted by `name_and_addr`/`nameAndAddr`.
    ///   Prefix the text by a green checkmark.
    ///
    /// - If `verifierId` == 0 and `isVerified` != 0,
--- a/deltachat-jsonrpc/src/api/types/events.rs
+++ b/deltachat-jsonrpc/src/api/types/events.rs
@@ -271,7 +271,7 @@ pub enum EventType {
        /// Progress.
        ///
        /// 0=error, 1-999=progress in permille, 1000=success and done
-        progress: u16,
+        progress: usize,

        /// Progress comment or error, something to display to the user.
        comment: Option<String>,
@@ -282,7 +282,7 @@ pub enum EventType {
    #[serde(rename_all = "camelCase")]
    ImexProgress {
        /// 0=error, 1-999=progress in permille, 1000=success and done
-        progress: u16,
+        progress: usize,
    },

    /// A file has been exported. A file has been written by imex().
@@ -313,7 +313,7 @@ pub enum EventType {
        chat_id: u32,

        /// Progress, always 1000.
-        progress: u16,
+        progress: usize,
    },

    /// Progress information of a secure-join handshake from the view of the joiner
@@ -329,7 +329,7 @@ pub enum EventType {
        /// 400=vg-/vc-request-with-auth sent, typically shown as "alice@addr verified, introducing myself."
        /// (Bob has verified alice and waits until Alice does the same for him)
        /// 1000=vg-member-added/vc-contact-confirm received
-        progress: u16,
+        progress: usize,
    },

    /// The connectivity to the server changed.
@@ -441,8 +441,6 @@ pub enum EventType {
        msg_id: u32,
        /// ID of the chat which the message belongs to.
        chat_id: u32,
-        /// The call was accepted from this device (process).
-        from_this_device: bool,
    },

    /// Outgoing call accepted.
@@ -462,15 +460,6 @@ pub enum EventType {
        /// ID of the chat which the message belongs to.
        chat_id: u32,
    },
-
-    /// One or more transports has changed.
-    ///
-    /// UI should update the list.
-    ///
-    /// This event is emitted when transport
-    /// synchronization messages arrives,
-    /// but not when the UI modifies the transport list by itself.
-    TransportsModified,
 }

 impl From<CoreEventType> for EventType {
@@ -636,14 +625,9 @@ impl From<CoreEventType> for EventType {
                place_call_info,
                has_video,
            },
-            CoreEventType::IncomingCallAccepted {
-                msg_id,
-                chat_id,
-                from_this_device,
-            } => IncomingCallAccepted {
+            CoreEventType::IncomingCallAccepted { msg_id, chat_id } => IncomingCallAccepted {
                msg_id: msg_id.to_u32(),
                chat_id: chat_id.to_u32(),
-                from_this_device,
            },
            CoreEventType::OutgoingCallAccepted {
                msg_id,
@@ -658,8 +642,6 @@ impl From<CoreEventType> for EventType {
                msg_id: msg_id.to_u32(),
                chat_id: chat_id.to_u32(),
            },
-            CoreEventType::TransportsModified => TransportsModified,
-
            #[allow(unreachable_patterns)]
            #[cfg(test)]
            _ => unreachable!("This is just to silence a rust_analyzer false-positive"),
--- a/deltachat-jsonrpc/src/api/types/login_param.rs
+++ b/deltachat-jsonrpc/src/api/types/login_param.rs
@@ -4,16 +4,6 @@ use serde::Deserialize;
 use serde::Serialize;
 use yerpc::TypeDef;

-#[derive(Serialize, TypeDef, schemars::JsonSchema)]
-#[serde(rename_all = "camelCase")]
-pub struct TransportListEntry {
-    /// The login data entered by the user.
-    pub param: EnteredLoginParam,
-    /// Whether this transport is set to 'unpublished'.
-    /// See `set_transport_unpublished` / `setTransportUnpublished` for details.
-    pub is_unpublished: bool,
-}
-
 /// Login parameters entered by the user.
 ///
 /// Usually it will be enough to only set `addr` and `password`,
@@ -33,12 +23,6 @@ pub struct EnteredLoginParam {
    /// Imap server port.
    pub imap_port: Option<u16>,

-    /// IMAP server folder.
-    ///
-    /// Defaults to "INBOX" if not set.
-    /// Should not be an empty string.
-    pub imap_folder: Option<String>,
-
    /// Imap socket security.
    pub imap_security: Option<Socket>,

@@ -72,15 +56,6 @@ pub struct EnteredLoginParam {
    pub oauth2: Option<bool>,
 }

-impl From<dc::TransportListEntry> for TransportListEntry {
-    fn from(transport: dc::TransportListEntry) -> Self {
-        TransportListEntry {
-            param: transport.param.into(),
-            is_unpublished: transport.is_unpublished,
-        }
-    }
-}
-
 impl From<dc::EnteredLoginParam> for EnteredLoginParam {
    fn from(param: dc::EnteredLoginParam) -> Self {
        let imap_security: Socket = param.imap.security.into();
@@ -91,7 +66,6 @@ impl From<dc::EnteredLoginParam> for EnteredLoginParam {
            password: param.imap.password,
            imap_server: param.imap.server.into_option(),
            imap_port: param.imap.port.into_option(),
-            imap_folder: param.imap.folder.into_option(),
            imap_security: imap_security.into_option(),
            imap_user: param.imap.user.into_option(),
            smtp_server: param.smtp.server.into_option(),
@@ -111,15 +85,14 @@ impl TryFrom<EnteredLoginParam> for dc::EnteredLoginParam {
    fn try_from(param: EnteredLoginParam) -> Result<Self> {
        Ok(Self {
            addr: param.addr,
-            imap: dc::EnteredImapLoginParam {
+            imap: dc::EnteredServerLoginParam {
                server: param.imap_server.unwrap_or_default(),
                port: param.imap_port.unwrap_or_default(),
-                folder: param.imap_folder.unwrap_or_default(),
                security: param.imap_security.unwrap_or_default().into(),
                user: param.imap_user.unwrap_or_default(),
                password: param.password,
            },
-            smtp: dc::EnteredSmtpLoginParam {
+            smtp: dc::EnteredServerLoginParam {
                server: param.smtp_server.unwrap_or_default(),
                port: param.smtp_port.unwrap_or_default(),
                security: param.smtp_security.unwrap_or_default().into(),
--- a/deltachat-jsonrpc/src/api/types/message.rs
+++ b/deltachat-jsonrpc/src/api/types/message.rs
@@ -68,6 +68,7 @@ pub struct MessageObject {
    /// if `show_padlock` is `false`,
    /// and nothing if it is `true`.
    show_padlock: bool,
+    is_setupmessage: bool,
    is_info: bool,
    is_forwarded: bool,

@@ -87,11 +88,10 @@ pub struct MessageObject {
    override_sender_name: Option<String>,
    sender: ContactObject,

+    setup_code_begin: Option<String>,
+
    file: Option<String>,
    file_mime: Option<String>,
-
-    /// The size of the file in bytes, if applicable.
-    /// If message is a pre-message, then this is the size of the file to be downloaded.
    file_bytes: u64,
    file_name: Option<String>,

@@ -223,6 +223,7 @@ impl MessageObject {

            subject: message.get_subject().to_owned(),
            show_padlock: message.get_showpadlock(),
+            is_setupmessage: message.is_setupmessage(),
            is_info: message.is_info(),
            is_forwarded: message.is_forwarded(),
            is_bot: message.is_bot(),
@@ -239,6 +240,8 @@ impl MessageObject {
            override_sender_name,
            sender,

+            setup_code_begin: message.get_setupcodebegin(context).await,
+
            file: match message.get_file(context) {
                Some(path_buf) => path_buf.to_str().map(|s| s.to_owned()),
                None => None,
@@ -382,7 +385,6 @@ impl From<download::DownloadState> for DownloadState {
 pub enum SystemMessageType {
    Unknown,
    GroupNameChanged,
-    GroupDescriptionChanged,
    GroupImageChanged,
    MemberAddedToGroup,
    MemberRemovedFromGroup,
@@ -435,7 +437,6 @@ impl From<deltachat::mimeparser::SystemMessage> for SystemMessageType {
        match system_message_type {
            SystemMessage::Unknown => SystemMessageType::Unknown,
            SystemMessage::GroupNameChanged => SystemMessageType::GroupNameChanged,
-            SystemMessage::GroupDescriptionChanged => SystemMessageType::GroupDescriptionChanged,
            SystemMessage::GroupImageChanged => SystemMessageType::GroupImageChanged,
            SystemMessage::MemberAddedToGroup => SystemMessageType::MemberAddedToGroup,
            SystemMessage::MemberRemovedFromGroup => SystemMessageType::MemberRemovedFromGroup,
--- a/deltachat-jsonrpc/src/api/types/qr.rs
+++ b/deltachat-jsonrpc/src/api/types/qr.rs
@@ -19,8 +19,6 @@ pub enum QrObject {
        invitenumber: String,
        /// Authentication code.
        authcode: String,
-        /// Whether the inviter supports the new Securejoin v3 protocol
-        is_v3: bool,
    },
    /// Ask the user whether to join the group.
    AskVerifyGroup {
@@ -36,8 +34,6 @@ pub enum QrObject {
        invitenumber: String,
        /// Authentication code.
        authcode: String,
-        /// Whether the inviter supports the new Securejoin v3 protocol
-        is_v3: bool,
    },
    /// Ask the user whether to join the broadcast channel.
    AskJoinBroadcast {
@@ -58,8 +54,6 @@ pub enum QrObject {
        invitenumber: String,
        /// Authentication code.
        authcode: String,
-        /// Whether the inviter supports the new Securejoin v3 protocol
-        is_v3: bool,
    },
    /// Contact fingerprint is verified.
    ///
@@ -163,21 +157,6 @@ pub enum QrObject {
        /// Authentication code.
        authcode: String,
    },
-    /// Ask the user if they want to withdraw their own broadcast channel invite QR code.
-    WithdrawJoinBroadcast {
-        /// Broadcast name.
-        name: String,
-        /// ID, uniquely identifying this chat. Called grpid for historic reasons.
-        grpid: String,
-        /// Contact ID. Always `ContactId::SELF`.
-        contact_id: u32,
-        /// Fingerprint of the contact key as scanned from the QR code.
-        fingerprint: String,
-        /// Invite number.
-        invitenumber: String,
-        /// Authentication code.
-        authcode: String,
-    },
    /// Ask the user if they want to revive their own QR code.
    ReviveVerifyContact {
        /// Contact ID.
@@ -204,21 +183,6 @@ pub enum QrObject {
        /// Authentication code.
        authcode: String,
    },
-    /// Ask the user if they want to revive their own broadcast channel invite QR code.
-    ReviveJoinBroadcast {
-        /// Broadcast name.
-        name: String,
-        /// Globally unique chat ID. Called grpid for historic reasons.
-        grpid: String,
-        /// Contact ID. Always `ContactId::SELF`.
-        contact_id: u32,
-        /// Fingerprint of the contact key as scanned from the QR code.
-        fingerprint: String,
-        /// Invite number.
-        invitenumber: String,
-        /// Authentication code.
-        authcode: String,
-    },
    /// `dclogin:` scheme parameters.
    ///
    /// Ask the user if they want to login with the email address.
@@ -235,7 +199,6 @@ impl From<Qr> for QrObject {
                fingerprint,
                invitenumber,
                authcode,
-                is_v3,
            } => {
                let contact_id = contact_id.to_u32();
                let fingerprint = fingerprint.to_string();
@@ -244,7 +207,6 @@ impl From<Qr> for QrObject {
                    fingerprint,
                    invitenumber,
                    authcode,
-                    is_v3,
                }
            }
            Qr::AskVerifyGroup {
@@ -254,7 +216,6 @@ impl From<Qr> for QrObject {
                fingerprint,
                invitenumber,
                authcode,
-                is_v3,
            } => {
                let contact_id = contact_id.to_u32();
                let fingerprint = fingerprint.to_string();
@@ -265,7 +226,6 @@ impl From<Qr> for QrObject {
                    fingerprint,
                    invitenumber,
                    authcode,
-                    is_v3,
                }
            }
            Qr::AskJoinBroadcast {
@@ -275,7 +235,6 @@ impl From<Qr> for QrObject {
                fingerprint,
                authcode,
                invitenumber,
-                is_v3,
            } => {
                let contact_id = contact_id.to_u32();
                let fingerprint = fingerprint.to_string();
@@ -286,7 +245,6 @@ impl From<Qr> for QrObject {
                    fingerprint,
                    authcode,
                    invitenumber,
-                    is_v3,
                }
            }
            Qr::FprOk { contact_id } => {
@@ -348,25 +306,6 @@ impl From<Qr> for QrObject {
                    authcode,
                }
            }
-            Qr::WithdrawJoinBroadcast {
-                name,
-                grpid,
-                contact_id,
-                fingerprint,
-                invitenumber,
-                authcode,
-            } => {
-                let contact_id = contact_id.to_u32();
-                let fingerprint = fingerprint.to_string();
-                QrObject::WithdrawJoinBroadcast {
-                    name,
-                    grpid,
-                    contact_id,
-                    fingerprint,
-                    invitenumber,
-                    authcode,
-                }
-            }
            Qr::ReviveVerifyContact {
                contact_id,
                fingerprint,
@@ -401,25 +340,6 @@ impl From<Qr> for QrObject {
                    authcode,
                }
            }
-            Qr::ReviveJoinBroadcast {
-                name,
-                grpid,
-                contact_id,
-                fingerprint,
-                invitenumber,
-                authcode,
-            } => {
-                let contact_id = contact_id.to_u32();
-                let fingerprint = fingerprint.to_string();
-                QrObject::ReviveJoinBroadcast {
-                    name,
-                    grpid,
-                    contact_id,
-                    fingerprint,
-                    invitenumber,
-                    authcode,
-                }
-            }
            Qr::Login { address, .. } => QrObject::Login { address },
        }
    }
--- a/deltachat-jsonrpc/typescript/package.json
+++ b/deltachat-jsonrpc/typescript/package.json
@@ -54,5 +54,5 @@
  },
  "type": "module",
  "types": "dist/deltachat.d.ts",
-  "version": "2.48.0"
+  "version": "2.26.0"
 }
--- a/deltachat-jsonrpc/typescript/src/client.ts
+++ b/deltachat-jsonrpc/typescript/src/client.ts
@@ -53,19 +53,18 @@ export class BaseDeltaChat<
   */
  async eventLoop(): Promise<void> {
    while (true) {
-      for (const event of await this.rpc.getNextEventBatch()) {
-        //@ts-ignore
-        this.emit(event.event.kind, event.contextId, event.event);
-        this.emit("ALL", event.contextId, event.event);
+      const event = await this.rpc.getNextEvent();
+      //@ts-ignore
+      this.emit(event.event.kind, event.contextId, event.event);
+      this.emit("ALL", event.contextId, event.event);

-        if (this.contextEmitters[event.contextId]) {
-          this.contextEmitters[event.contextId].emit(
-            event.event.kind,
-            //@ts-ignore
-            event.event as any,
-          );
-          this.contextEmitters[event.contextId].emit("ALL", event.event as any);
-        }
+      if (this.contextEmitters[event.contextId]) {
+        this.contextEmitters[event.contextId].emit(
+          event.event.kind,
+          //@ts-ignore
+          event.event as any,
+        );
+        this.contextEmitters[event.contextId].emit("ALL", event.event as any);
      }
    }
  }
--- a/deltachat-jsonrpc/typescript/test/online.ts
+++ b/deltachat-jsonrpc/typescript/test/online.ts
@@ -64,7 +64,6 @@ describe("online tests", function () {
    await dc.rpc.setConfig(accountId1, "addr", account1.email);
    await dc.rpc.setConfig(accountId1, "mail_pw", account1.password);
    await dc.rpc.configure(accountId1);
-    await waitForEvent(dc, "ImapInboxIdle", accountId1);

    accountId2 = await dc.rpc.addAccount();
    await dc.rpc.batchSetConfig(accountId2, {
@@ -72,7 +71,6 @@ describe("online tests", function () {
      mail_pw: account2.password,
    });
    await dc.rpc.configure(accountId2);
-    await waitForEvent(dc, "ImapInboxIdle", accountId2);
    accountsConfigured = true;
  });

--- a/deltachat-repl/Cargo.toml
+++ b/deltachat-repl/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "deltachat-repl"
-version = "2.48.0"
+version = "2.26.0"
 license = "MPL-2.0"
 edition = "2021"
 repository = "https://github.com/chatmail/core"
--- a/deltachat-repl/src/cmdline.rs
+++ b/deltachat-repl/src/cmdline.rs
@@ -302,6 +302,9 @@ pub async fn cmdline(context: Context, line: &str, chat_id: &mut ChatId) -> Resu
            // TODO: reuse commands definition in main.rs.
            "imex" => println!(
                "====================Import/Export commands==\n\
+                 initiate-key-transfer\n\
+                 get-setupcodebegin <msg-id>\n\
+                 continue-key-transfer <msg-id> <setup-code>\n\
                 has-backup\n\
                 export-backup\n\
                 import-backup <backup-file>\n\
@@ -340,7 +343,6 @@ pub async fn cmdline(context: Context, line: &str, chat_id: &mut ChatId) -> Resu
                 addmember <contact-id>\n\
                 removemember <contact-id>\n\
                 groupname <name>\n\
-                 groupdescription <description>\n\
                 groupimage <image>\n\
                 chatinfo\n\
                 sendlocations <seconds>\n\
@@ -405,6 +407,34 @@ pub async fn cmdline(context: Context, line: &str, chat_id: &mut ChatId) -> Resu
                 ============================================="
            ),
        },
+        "initiate-key-transfer" => match initiate_key_transfer(&context).await {
+            Ok(setup_code) => {
+                println!("Setup code for the transferred setup message: {setup_code}",)
+            }
+            Err(err) => bail!("Failed to generate setup code: {err}"),
+        },
+        "get-setupcodebegin" => {
+            ensure!(!arg1.is_empty(), "Argument <msg-id> missing.");
+            let msg_id: MsgId = MsgId::new(arg1.parse()?);
+            let msg = Message::load_from_db(&context, msg_id).await?;
+            if msg.is_setupmessage() {
+                let setupcodebegin = msg.get_setupcodebegin(&context).await;
+                println!(
+                    "The setup code for setup message {} starts with: {}",
+                    msg_id,
+                    setupcodebegin.unwrap_or_default(),
+                );
+            } else {
+                bail!("{msg_id} is no setup message.",);
+            }
+        }
+        "continue-key-transfer" => {
+            ensure!(
+                !arg1.is_empty() && !arg2.is_empty(),
+                "Arguments <msg-id> <setup-code> expected"
+            );
+            continue_key_transfer(&context, MsgId::new(arg1.parse()?), arg2).await?;
+        }
        "has-backup" => {
            has_backup(&context, blobdir).await?;
        }
@@ -740,13 +770,6 @@ pub async fn cmdline(context: Context, line: &str, chat_id: &mut ChatId) -> Resu

            println!("Chat name set");
        }
-        "groupdescription" => {
-            ensure!(sel_chat.is_some(), "No chat selected.");
-            ensure!(!arg1.is_empty(), "Argument <description> missing.");
-            chat::set_chat_description(&context, sel_chat.as_ref().unwrap().get_id(), arg1).await?;
-
-            println!("Chat description set");
-        }
        "groupimage" => {
            ensure!(sel_chat.is_some(), "No chat selected.");
            ensure!(!arg1.is_empty(), "Argument <image> missing.");
@@ -1208,7 +1231,7 @@ pub async fn cmdline(context: Context, line: &str, chat_id: &mut ChatId) -> Resu
        "setqr" => {
            ensure!(!arg1.is_empty(), "Argument <qr-content> missing.");
            match set_config_from_qr(&context, arg1).await {
-                Ok(()) => eprintln!("Config set from the QR code."),
+                Ok(()) => println!("Config set from QR code, you can now call 'configure'"),
                Err(err) => eprintln!("Cannot set config from QR code: {err:?}"),
            }
        }
--- a/deltachat-repl/src/main.rs
+++ b/deltachat-repl/src/main.rs
@@ -149,7 +149,10 @@ impl Completer for DcHelper {
    }
 }

-const IMEX_COMMANDS: [&str; 10] = [
+const IMEX_COMMANDS: [&str; 13] = [
+    "initiate-key-transfer",
+    "get-setupcodebegin",
+    "continue-key-transfer",
    "has-backup",
    "export-backup",
    "import-backup",
@@ -176,7 +179,7 @@ const DB_COMMANDS: [&str; 11] = [
    "housekeeping",
 ];

-const CHAT_COMMANDS: [&str; 40] = [
+const CHAT_COMMANDS: [&str; 39] = [
    "listchats",
    "listarchived",
    "start-realtime",
@@ -189,7 +192,6 @@ const CHAT_COMMANDS: [&str; 40] = [
    "addmember",
    "removemember",
    "groupname",
-    "groupdescription",
    "groupimage",
    "chatinfo",
    "sendlocations",
@@ -428,12 +430,12 @@ async fn handle_cmd(
        }
        "oauth2" => {
            if let Some(addr) = ctx.get_config(config::Config::Addr).await? {
-                if let Some(oauth2_url) =
-                    get_oauth2_url(&ctx, &addr, "chat.delta:/com.b44t.messenger").await?
-                {
-                    println!("Open the following url, set mail_pw to the generated token and server_flags to 2:\n{oauth2_url}");
-                } else {
+                let oauth2_url =
+                    get_oauth2_url(&ctx, &addr, "chat.delta:/com.b44t.messenger").await?;
+                if oauth2_url.is_none() {
                    println!("OAuth2 not available for {}.", &addr);
+                } else {
+                    println!("Open the following url, set mail_pw to the generated token and server_flags to 2:\n{}", oauth2_url.unwrap());
                }
            } else {
                println!("oauth2: set addr first.");
--- a/deltachat-rpc-client/README.md
+++ b/deltachat-rpc-client/README.md
@@ -2,9 +2,6 @@

 RPC client connects to standalone Delta Chat RPC server `deltachat-rpc-server`
 and provides asynchronous interface to it.
-`rpc.start()` performs a health-check RPC call to verify the server
-started successfully and will raise an error if startup fails
-(e.g. if the accounts directory could not be used).

 ## Getting started

@@ -33,15 +30,6 @@ $ pip install .

 Additional arguments to `tox` are passed to pytest, e.g. `tox -- -s` does not capture test output.

-
-## Activating current checkout of deltachat-rpc-client and -server for development 
-
-Go to root repository directory and run: 
-```
-$ scripts/make-rpc-testenv.sh 
-$ source venv/bin/activate 
-```
-
 ## Using in REPL

 Setup a development environment:
--- a/deltachat-rpc-client/pyproject.toml
+++ b/deltachat-rpc-client/pyproject.toml
@@ -1,18 +1,20 @@
 [build-system]
-requires = ["setuptools>=77"]
+requires = ["setuptools>=45"]
 build-backend = "setuptools.build_meta"

 [project]
 name = "deltachat-rpc-client"
-version = "2.48.0"
-license = "MPL-2.0"
+version = "2.26.0"
 description = "Python client for Delta Chat core JSON-RPC interface"
 classifiers = [
    "Development Status :: 5 - Production/Stable",
    "Intended Audience :: Developers",
+    "License :: OSI Approved :: Mozilla Public License 2.0 (MPL 2.0)",
    "Operating System :: POSIX :: Linux",
    "Operating System :: MacOS :: MacOS X",
    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3.8",
+    "Programming Language :: Python :: 3.9",
    "Programming Language :: Python :: 3.10",
    "Programming Language :: Python :: 3.11",
    "Programming Language :: Python :: 3.12",
@@ -22,7 +24,7 @@ classifiers = [
    "Topic :: Communications :: Email"
 ]
 readme = "README.md"
-requires-python = ">=3.10"
+requires-python = ">=3.8"

 [tool.setuptools.package-data]
 deltachat_rpc_client = [
--- a/deltachat-rpc-client/src/deltachat_rpc_client/init.py
+++ b/deltachat-rpc-client/src/deltachat_rpc_client/init.py
@@ -8,7 +8,7 @@ from .const import EventType, SpecialContactId
 from .contact import Contact
 from .deltachat import DeltaChat
 from .message import Message
-from .rpc import JsonRpcError, Rpc
+from .rpc import Rpc

 __all__ = [
    "Account",
@@ -19,7 +19,6 @@ __all__ = [
    "Contact",
    "DeltaChat",
    "EventType",
-    "JsonRpcError",
    "Message",
    "SpecialContactId",
    "Rpc",
--- a/deltachat-rpc-client/src/deltachat_rpc_client/_utils.py
+++ b/deltachat-rpc-client/src/deltachat_rpc_client/_utils.py
@@ -1,5 +1,4 @@
 import argparse
-import functools
 import os
 import re
 import sys
@@ -45,13 +44,8 @@ class AttrDict(dict):
        super().__setattr__(attr, val)


-def _forever(_event: AttrDict) -> bool:
-    return False
-
-
 def run_client_cli(
    hooks: Optional[Iterable[Tuple[Callable, Union[type, "EventFilter"]]]] = None,
-    until: Callable[[AttrDict], bool] = _forever,
    argv: Optional[list] = None,
    **kwargs,
 ) -> None:
@@ -61,11 +55,10 @@ def run_client_cli(
    """
    from .client import Client

-    _run_cli(Client, until, hooks, argv, **kwargs)
+    _run_cli(Client, hooks, argv, **kwargs)


 def run_bot_cli(
-    until: Callable[[AttrDict], bool] = _forever,
    hooks: Optional[Iterable[Tuple[Callable, Union[type, "EventFilter"]]]] = None,
    argv: Optional[list] = None,
    **kwargs,
@@ -76,12 +69,11 @@ def run_bot_cli(
    """
    from .client import Bot

-    _run_cli(Bot, until, hooks, argv, **kwargs)
+    _run_cli(Bot, hooks, argv, **kwargs)


 def _run_cli(
    client_type: Type["Client"],
-    until: Callable[[AttrDict], bool] = _forever,
    hooks: Optional[Iterable[Tuple[Callable, Union[type, "EventFilter"]]]] = None,
    argv: Optional[list] = None,
    **kwargs,
@@ -119,7 +111,7 @@ def _run_cli(
                kwargs={"email": args.email, "password": args.password},
            )
            configure_thread.start()
-        client.run_until(until)
+        client.run_forever()


 def extract_addr(text: str) -> str:
@@ -190,6 +182,9 @@ class futuremethod:  # noqa: N801
        self._func = func

    def __get__(self, instance, owner=None):
+        if instance is None:
+            return self
+
        def future(*args):
            generator = self._func(instance, *args)
            res = next(generator)
@@ -202,7 +197,6 @@ class futuremethod:  # noqa: N801

            return f

-        @functools.wraps(self._func)
        def wrapper(*args):
            f = future(*args)
            return f()
--- a/deltachat-rpc-client/src/deltachat_rpc_client/account.py
+++ b/deltachat-rpc-client/src/deltachat_rpc_client/account.py
@@ -130,10 +130,6 @@ class Account:
        """Add a new transport using a QR code."""
        yield self._rpc.add_transport_from_qr.future(self.id, qr)

-    def delete_transport(self, addr: str):
-        """Delete a transport."""
-        self._rpc.delete_transport(self.id, addr)
-
    @futuremethod
    def list_transports(self):
        """Return the list of all email accounts that are used as a transport in the current profile."""
@@ -483,6 +479,10 @@ class Account:
        passphrase = ""  # Importing passphrase-protected keys is currently not supported.
        self._rpc.import_self_keys(self.id, str(path), passphrase)

+    def initiate_autocrypt_key_transfer(self) -> None:
+        """Send Autocrypt Setup Message."""
+        return self._rpc.initiate_autocrypt_key_transfer(self.id)
+
    def ice_servers(self) -> list:
        """Return ICE servers for WebRTC configuration."""
        ice_servers_json = self._rpc.ice_servers(self.id)
--- a/deltachat-rpc-client/src/deltachat_rpc_client/chat.py
+++ b/deltachat-rpc-client/src/deltachat_rpc_client/chat.py
@@ -219,16 +219,10 @@ class Chat:
        """Mark all messages in this chat as noticed."""
        self._rpc.marknoticed_chat(self.account.id, self.id)

-    def mark_fresh(self) -> None:
-        """Mark the last incoming message in the chat as fresh."""
-        self._rpc.markfresh_chat(self.account.id, self.id)
-
-    def add_contact(self, *contact: Union[int, str, Contact, "Account"]) -> None:
+    def add_contact(self, *contact: Union[int, str, Contact]) -> None:
        """Add contacts to this group."""
-        from .account import Account
-
        for cnt in contact:
-            if isinstance(cnt, (str, Account)):
+            if isinstance(cnt, str):
                contact_id = self.account.create_contact(cnt).id
            elif not isinstance(cnt, int):
                contact_id = cnt.id
@@ -236,12 +230,10 @@ class Chat:
                contact_id = cnt
            self._rpc.add_contact_to_chat(self.account.id, self.id, contact_id)

-    def remove_contact(self, *contact: Union[int, str, Contact, "Account"]) -> None:
+    def remove_contact(self, *contact: Union[int, str, Contact]) -> None:
        """Remove members from this group."""
-        from .account import Account
-
        for cnt in contact:
-            if isinstance(cnt, (str, Account)):
+            if isinstance(cnt, str):
                contact_id = self.account.create_contact(cnt).id
            elif not isinstance(cnt, int):
                contact_id = cnt.id
@@ -257,10 +249,6 @@ class Chat:
        contacts = self._rpc.get_chat_contacts(self.account.id, self.id)
        return [Contact(self.account, contact_id) for contact_id in contacts]

-    def num_contacts(self) -> int:
-        """Return number of contacts in this chat."""
-        return len(self.get_contacts())
-
    def get_past_contacts(self) -> list[Contact]:
        """Get past contacts for this chat."""
        past_contacts = self._rpc.get_past_chat_contacts(self.account.id, self.id)
@@ -307,7 +295,7 @@ class Chat:
            f.flush()
            self._rpc.send_msg(self.account.id, self.id, {"viewtype": ViewType.VCARD, "file": f.name})

-    def place_outgoing_call(self, place_call_info: str, has_video_initially: bool) -> Message:
+    def place_outgoing_call(self, place_call_info: str) -> Message:
        """Starts an outgoing call."""
-        msg_id = self._rpc.place_outgoing_call(self.account.id, self.id, place_call_info, has_video_initially)
+        msg_id = self._rpc.place_outgoing_call(self.account.id, self.id, place_call_info)
        return Message(self.account, msg_id)
--- a/deltachat-rpc-client/src/deltachat_rpc_client/client.py
+++ b/deltachat-rpc-client/src/deltachat_rpc_client/client.py
@@ -14,7 +14,6 @@ from typing import (

 from ._utils import (
    AttrDict,
-    _forever,
    parse_system_add_remove,
    parse_system_image_changed,
    parse_system_title_changed,
@@ -92,28 +91,19 @@ class Client:

    def run_forever(self) -> None:
        """Process events forever."""
-        self.run_until(_forever)
+        self.run_until(lambda _: False)

    def run_until(self, func: Callable[[AttrDict], bool]) -> AttrDict:
-        """Start the event processing loop."""
+        """Process events until the given callable evaluates to True.
+
+        The callable should accept an AttrDict object representing the
+        last processed event. The event is returned when the callable
+        evaluates to True.
+        """
        self.logger.debug("Listening to incoming events...")
        if self.is_configured():
            self.account.start_io()
        self._process_messages()  # Process old messages.
-        return self._process_events(until_func=func)  # Loop over incoming events
-
-    def _process_events(
-        self,
-        until_func: Callable[[AttrDict], bool] = _forever,
-        until_event: EventType = False,
-    ) -> AttrDict:
-        """Process events until the given callable evaluates to True,
-        or until a certain event happens.
-
-        The until_func callable should accept an AttrDict object representing
-        the last processed event. The event is returned when the callable
-        evaluates to True.
-        """
        while True:
            event = self.account.wait_for_event()
            event["kind"] = EventType(event.kind)
@@ -122,13 +112,10 @@ class Client:
            if event.kind == EventType.INCOMING_MSG:
                self._process_messages()

-            stop = until_func(event)
+            stop = func(event)
            if stop:
                return event

-            if event.kind == until_event:
-                return event
-
    def _on_event(self, event: AttrDict, filter_type: Type[EventFilter] = RawEvent) -> None:
        for hook, evfilter in self._hooks.get(filter_type, []):
            if evfilter.filter(event):
--- a/deltachat-rpc-client/src/deltachat_rpc_client/const.py
+++ b/deltachat-rpc-client/src/deltachat_rpc_client/const.py
@@ -80,7 +80,6 @@ class EventType(str, Enum):
    CONFIG_SYNCED = "ConfigSynced"
    WEBXDC_REALTIME_DATA = "WebxdcRealtimeData"
    WEBXDC_REALTIME_ADVERTISEMENT_RECEIVED = "WebxdcRealtimeAdvertisementReceived"
-    TRANSPORTS_MODIFIED = "TransportsModified"


 class ChatId(IntEnum):
--- a/deltachat-rpc-client/src/deltachat_rpc_client/deltachat.py
+++ b/deltachat-rpc-client/src/deltachat_rpc_client/deltachat.py
@@ -4,7 +4,7 @@ from __future__ import annotations

 from typing import TYPE_CHECKING

-from ._utils import AttrDict, futuremethod
+from ._utils import AttrDict
 from .account import Account

 if TYPE_CHECKING:
@@ -39,15 +39,6 @@ class DeltaChat:
        """Stop the I/O of all accounts."""
        self.rpc.stop_io_for_all_accounts()

-    @futuremethod
-    def background_fetch(self, timeout_in_seconds: int) -> None:
-        """Run background fetch for all accounts."""
-        yield self.rpc.background_fetch.future(timeout_in_seconds)
-
-    def stop_background_fetch(self) -> None:
-        """Stop ongoing background fetch."""
-        self.rpc.stop_background_fetch()
-
    def maybe_network(self) -> None:
        """Indicate that the network conditions might have changed."""
        self.rpc.maybe_network()
--- a/deltachat-rpc-client/src/deltachat_rpc_client/message.py
+++ b/deltachat-rpc-client/src/deltachat_rpc_client/message.py
@@ -44,14 +44,6 @@ class Message:
        read_receipts = self._rpc.get_message_read_receipts(self.account.id, self.id)
        return [AttrDict(read_receipt) for read_receipt in read_receipts]

-    def get_read_receipt_count(self) -> int:
-        """
-        Returns count of read receipts on message.
-
-        This view count is meant as a feedback measure for the channel owner only.
-        """
-        return self._rpc.get_message_read_receipt_count(self.account.id, self.id)
-
    def get_reactions(self) -> Optional[AttrDict]:
        """Get message reactions."""
        reactions = self._rpc.get_message_reactions(self.account.id, self.id)
@@ -68,9 +60,13 @@ class Message:
        """Mark the message as seen."""
        self._rpc.markseen_msgs(self.account.id, [self.id])

-    def exists(self) -> bool:
-        """Return True if the message exists."""
-        return bool(self._rpc.get_existing_msg_ids(self.account.id, [self.id]))
+    def continue_autocrypt_key_transfer(self, setup_code: str) -> None:
+        """Continue the Autocrypt Setup Message key transfer.
+
+        This function can be called on received Autocrypt Setup Message
+        to import the key encrypted with the provided setup code.
+        """
+        self._rpc.continue_autocrypt_key_transfer(self.account.id, self.id, setup_code)

    def send_webxdc_status_update(self, update: Union[dict, str], description: str) -> None:
        """Send a webxdc status update. This message must be a webxdc."""
--- a/deltachat-rpc-client/src/deltachat_rpc_client/pytestplugin.py
+++ b/deltachat-rpc-client/src/deltachat_rpc_client/pytestplugin.py
@@ -2,16 +2,10 @@

 from __future__ import annotations

-import logging
 import os
-import pathlib
-import platform
 import random
-import subprocess
-import sys
 from typing import AsyncGenerator, Optional

-import execnet
 import py
 import pytest

@@ -22,22 +16,10 @@ from .rpc import Rpc
 E2EE_INFO_MSGS = 1
 """
 The number of info messages added to new e2ee chats.
-Currently this is "Messages are end-to-end encrypted."
+Currently this is "End-to-end encryption available".
 """


-def pytest_report_header():
-    for base in os.get_exec_path():
-        fn = pathlib.Path(base).joinpath(base, "deltachat-rpc-server")
-        if fn.exists():
-            proc = subprocess.Popen([str(fn), "--version"], stderr=subprocess.PIPE)
-            proc.wait()
-            version = proc.stderr.read().decode().strip()
-            return f"deltachat-rpc-server: {fn} [{version}]"
-
-    return None
-
-
 class ACFactory:
    """Test account factory."""

@@ -54,21 +36,16 @@ class ACFactory:

    def get_credentials(self) -> (str, str):
        """Generate new credentials for chatmail account."""
-        domain = os.environ["CHATMAIL_DOMAIN"]
+        domain = os.getenv("CHATMAIL_DOMAIN")
        username = "ci-" + "".join(random.choice("2345789acdefghjkmnpqrstuvwxyz") for i in range(6))
        return f"{username}@{domain}", f"{username}${username}"

-    def get_account_qr(self):
-        """Return "dcaccount:" QR code for testing chatmail relay."""
-        domain = os.environ["CHATMAIL_DOMAIN"]
-        return f"dcaccount:{domain}"
-
    @futuremethod
    def new_configured_account(self):
        """Create a new configured account."""
        account = self.get_unconfigured_account()
-        qr = self.get_account_qr()
-        yield account.add_transport_from_qr.future(qr)
+        domain = os.getenv("CHATMAIL_DOMAIN")
+        yield account.add_transport_from_qr.future(f"dcaccount:{domain}")

        assert account.is_configured()
        return account
@@ -100,7 +77,6 @@ class ACFactory:
        ac_clone = self.get_unconfigured_account()
        for transport in transports:
            ac_clone.add_or_update_transport(transport)
-        ac_clone.bring_online()
        return ac_clone

    def get_accepted_chat(self, ac1: Account, ac2: Account) -> Chat:
@@ -159,15 +135,9 @@ def rpc(tmp_path) -> AsyncGenerator:


@pytest.fixture
-def dc(rpc) -> DeltaChat:
-    """Return account manager."""
-    return DeltaChat(rpc)
-
-
-@pytest.fixture
-def acfactory(dc) -> AsyncGenerator:
+def acfactory(rpc) -> AsyncGenerator:
    """Return account factory fixture."""
-    return ACFactory(dc)
+    return ACFactory(DeltaChat(rpc))


@pytest.fixture
@@ -205,143 +175,13 @@ def log():

    class Printer:
        def section(self, msg: str) -> None:
-            logging.info("\n%s %s %s", "=" * 10, msg, "=" * 10)
+            print()
+            print("=" * 10, msg, "=" * 10)

        def step(self, msg: str) -> None:
-            logging.info("%s step %s %s", "-" * 5, msg, "-" * 5)
+            print("-" * 5, "step " + msg, "-" * 5)

        def indent(self, msg: str) -> None:
-            logging.info("  " + msg)
+            print("  " + msg)

    return Printer()
-
-
-#
-# support for testing against different deltachat-rpc-server/clients
-# installed into a temporary virtualenv and connected via 'execnet' channels
-#
-
-
-def find_path(venv, name):
-    is_windows = platform.system() == "Windows"
-    bin = venv / ("bin" if not is_windows else "Scripts")
-
-    tryadd = [""]
-    if is_windows:
-        tryadd += os.environ["PATHEXT"].split(os.pathsep)
-    for ext in tryadd:
-        p = bin.joinpath(name + ext)
-        if p.exists():
-            return str(p)
-
-    return None
-
-
-@pytest.fixture(scope="session")
-def get_core_python_env(tmp_path_factory):
-    """Return a factory to create virtualenv environments with rpc server/client packages
-    installed.
-
-    The factory takes a version and returns a (python_path, rpc_server_path) tuple
-    of the respective binaries in the virtualenv.
-    """
-
-    envs = {}
-
-    def get_versioned_venv(core_version):
-        venv = envs.get(core_version)
-        if not venv:
-            venv = tmp_path_factory.mktemp(f"temp-{core_version}")
-            subprocess.check_call([sys.executable, "-m", "venv", venv])
-
-            python = find_path(venv, "python")
-            pkgs = [f"deltachat-rpc-server=={core_version}", f"deltachat-rpc-client=={core_version}", "pytest"]
-            subprocess.check_call([python, "-m", "pip", "install"] + pkgs)
-
-            envs[core_version] = venv
-        python = find_path(venv, "python")
-        rpc_server_path = find_path(venv, "deltachat-rpc-server")
-        logging.info(f"Paths:\npython={python}\nrpc_server={rpc_server_path}")
-        return python, rpc_server_path
-
-    return get_versioned_venv
-
-
-@pytest.fixture
-def alice_and_remote_bob(tmp_path, acfactory, get_core_python_env):
-    """return local Alice account, a contact to bob, and a remote 'eval' function for bob.
-
-    The 'eval' function allows to remote-execute arbitrary expressions
-    that can use the `bob` online account, and the `bob_contact_alice`.
-    """
-
-    def factory(core_version):
-        python, rpc_server_path = get_core_python_env(core_version)
-        gw = execnet.makegateway(f"popen//python={python}")
-
-        accounts_dir = str(tmp_path.joinpath("account1_venv1"))
-        channel = gw.remote_exec(remote_bob_loop)
-        cm = os.environ.get("CHATMAIL_DOMAIN")
-
-        # trigger getting an online account on bob's side
-        channel.send((accounts_dir, str(rpc_server_path), cm))
-
-        # meanwhile get a local alice account
-        alice = acfactory.get_online_account()
-        channel.send(alice.self_contact.make_vcard())
-
-        # wait for bob to have started
-        sysinfo = channel.receive()
-        assert sysinfo == f"v{core_version}"
-        bob_vcard = channel.receive()
-        [alice_contact_bob] = alice.import_vcard(bob_vcard)
-
-        def eval(eval_str):
-            channel.send(eval_str)
-            return channel.receive()
-
-        return alice, alice_contact_bob, eval
-
-    return factory
-
-
-def remote_bob_loop(channel):
-    # This function executes with versioned
-    # deltachat-rpc-client/server packages
-    # installed into the virtualenv.
-    #
-    # The "channel" argument is a send/receive pipe
-    # to the process that runs the corresponding remote_exec(remote_bob_loop)
-
-    import os
-
-    from deltachat_rpc_client import DeltaChat, Rpc
-    from deltachat_rpc_client.pytestplugin import ACFactory
-
-    accounts_dir, rpc_server_path, chatmail_domain = channel.receive()
-    os.environ["CHATMAIL_DOMAIN"] = chatmail_domain
-
-    # older core versions don't support specifying rpc_server_path
-    # so we can't just pass `rpc_server_path` argument to Rpc constructor
-    basepath = os.path.dirname(rpc_server_path)
-    os.environ["PATH"] = os.pathsep.join([basepath, os.environ["PATH"]])
-    rpc = Rpc(accounts_dir=accounts_dir)
-
-    with rpc:
-        dc = DeltaChat(rpc)
-        channel.send(dc.rpc.get_system_info()["deltachat_core_version"])
-        acfactory = ACFactory(dc)
-        bob = acfactory.get_online_account()
-        alice_vcard = channel.receive()
-        [alice_contact] = bob.import_vcard(alice_vcard)
-        ns = {"bob": bob, "bob_contact_alice": alice_contact}
-        channel.send(bob.self_contact.make_vcard())
-
-        while 1:
-            eval_str = channel.receive()
-            res = eval(eval_str, ns)
-            try:
-                channel.send(res)
-            except Exception:
-                # some unserializable result
-                channel.send(None)
--- a/deltachat-rpc-client/src/deltachat_rpc_client/rpc.py
+++ b/deltachat-rpc-client/src/deltachat_rpc_client/rpc.py
@@ -9,7 +9,7 @@ import os
 import subprocess
 import sys
 from queue import Empty, Queue
-from threading import Thread
+from threading import Event, Thread
 from typing import Any, Iterator, Optional


@@ -17,6 +17,25 @@ class JsonRpcError(Exception):
    """JSON-RPC error."""


+class RpcFuture:
+    """RPC future waiting for RPC call result."""
+
+    def __init__(self, rpc: "Rpc", request_id: int, event: Event):
+        self.rpc = rpc
+        self.request_id = request_id
+        self.event = event
+
+    def __call__(self):
+        """Wait for the future to return the result."""
+        self.event.wait()
+        response = self.rpc.request_results.pop(self.request_id)
+        if "error" in response:
+            raise JsonRpcError(response["error"])
+        if "result" in response:
+            return response["result"]
+        return None
+
+
 class RpcMethod:
    """RPC method."""

@@ -38,31 +57,20 @@ class RpcMethod:
            "params": args,
            "id": request_id,
        }
-        self.rpc.request_results[request_id] = queue = Queue()
+        event = Event()
+        self.rpc.request_events[request_id] = event
        self.rpc.request_queue.put(request)

-        def rpc_future():
-            """Wait for the request to receive a result."""
-            response = queue.get()
-            if "error" in response:
-                raise JsonRpcError(response["error"])
-            return response.get("result", None)
-
-        return rpc_future
+        return RpcFuture(self.rpc, request_id, event)


 class Rpc:
    """RPC client."""

-    def __init__(
-        self,
-        accounts_dir: Optional[str] = None,
-        rpc_server_path="deltachat-rpc-server",
-        **kwargs,
-    ):
+    def __init__(self, accounts_dir: Optional[str] = None, **kwargs):
        """Initialize RPC client.

-        The 'kwargs' arguments will be passed to subprocess.Popen().
+        The given arguments will be passed to subprocess.Popen().
        """
        if accounts_dir:
            kwargs["env"] = {
@@ -71,12 +79,13 @@ class Rpc:
            }

        self._kwargs = kwargs
-        self.rpc_server_path = rpc_server_path
        self.process: subprocess.Popen
        self.id_iterator: Iterator[int]
        self.event_queues: dict[int, Queue]
-        # Map from request ID to a Queue which provides a single result
-        self.request_results: dict[int, Queue]
+        # Map from request ID to `threading.Event`.
+        self.request_events: dict[int, Event]
+        # Map from request ID to the result.
+        self.request_results: dict[int, Any]
        self.request_queue: Queue[Any]
        self.closing: bool
        self.reader_thread: Thread
@@ -84,27 +93,28 @@ class Rpc:
        self.events_thread: Thread

    def start(self) -> None:
-        """Start RPC server subprocess and wait for successful initialization.
-
-        This method blocks until the RPC server responds to an initial
-        health-check RPC call (get_system_info).
-        If the server fails to start
-        (e.g., due to an invalid accounts directory),
-        a JsonRpcError is raised.
-        """
-        popen_kwargs = {"stdin": subprocess.PIPE, "stdout": subprocess.PIPE, "stderr": subprocess.PIPE}
+        """Start RPC server subprocess."""
        if sys.version_info >= (3, 11):
-            # Prevent subprocess from capturing SIGINT.
-            popen_kwargs["process_group"] = 0
+            self.process = subprocess.Popen(
+                "deltachat-rpc-server",
+                stdin=subprocess.PIPE,
+                stdout=subprocess.PIPE,
+                # Prevent subprocess from capturing SIGINT.
+                process_group=0,
+                **self._kwargs,
+            )
        else:
-            # `process_group` is not supported before Python 3.11.
-            popen_kwargs["preexec_fn"] = os.setpgrp  # noqa: PLW1509
-
-        popen_kwargs.update(self._kwargs)
-        self.process = subprocess.Popen(self.rpc_server_path, **popen_kwargs)
-
+            self.process = subprocess.Popen(
+                "deltachat-rpc-server",
+                stdin=subprocess.PIPE,
+                stdout=subprocess.PIPE,
+                # `process_group` is not supported before Python 3.11.
+                preexec_fn=os.setpgrp,  # noqa: PLW1509
+                **self._kwargs,
+            )
        self.id_iterator = itertools.count(start=1)
        self.event_queues = {}
+        self.request_events = {}
        self.request_results = {}
        self.request_queue = Queue()
        self.closing = False
@@ -115,22 +125,6 @@ class Rpc:
        self.events_thread = Thread(target=self.events_loop)
        self.events_thread.start()

-        # Perform a health-check RPC call to ensure the server started
-        # successfully and the accounts directory is usable.
-        try:
-            system_info = self.get_system_info()
-        except (JsonRpcError, Exception) as e:
-            # The reader_loop already saw EOF on stdout, so the process
-            # has exited and stderr is available.
-            stderr = self.process.stderr.read().decode(errors="replace").strip()
-            if stderr:
-                raise JsonRpcError(f"RPC server failed to start: {stderr}") from e
-            raise JsonRpcError(f"RPC server startup check failed: {e}") from e
-        logging.info(
-            "RPC server ready. Core version: %s",
-            system_info.get("deltachat_core_version", "unknown"),
-        )
-
    def close(self) -> None:
        """Terminate RPC server process and wait until the reader loop finishes."""
        self.closing = True
@@ -155,16 +149,14 @@ class Rpc:
                response = json.loads(line)
                if "id" in response:
                    response_id = response["id"]
-                    self.request_results.pop(response_id).put(response)
+                    event = self.request_events.pop(response_id)
+                    self.request_results[response_id] = response
+                    event.set()
                else:
                    logging.warning("Got a response without ID: %s", response)
        except Exception:
            # Log an exception if the reader loop dies.
            logging.exception("Exception in the reader loop")
-        finally:
-            # Unblock any pending requests when the server closes stdout.
-            for _request_id, queue in self.request_results.items():
-                queue.put({"error": {"code": -32000, "message": "RPC server closed"}})

    def writer_loop(self) -> None:
        """Writer loop ensuring only a single thread writes requests."""
@@ -173,6 +165,7 @@ class Rpc:
                data = (json.dumps(request) + "\n").encode()
                self.process.stdin.write(data)
                self.process.stdin.flush()
+
        except Exception:
            # Log an exception if the writer loop dies.
            logging.exception("Exception in the writer loop")
@@ -186,15 +179,15 @@ class Rpc:
    def events_loop(self) -> None:
        """Request new events and distributes them between queues."""
        try:
-            while events := self.get_next_event_batch():
-                for event in events:
-                    account_id = event["contextId"]
-                    queue = self.get_queue(account_id)
-                    payload = event["event"]
-                    logging.debug("account_id=%d got an event %s", account_id, payload)
-                    queue.put(payload)
+            while True:
                if self.closing:
                    return
+                event = self.get_next_event()
+                account_id = event["contextId"]
+                queue = self.get_queue(account_id)
+                event = event["event"]
+                logging.debug("account_id=%d got an event %s", account_id, event)
+                queue.put(event)
        except Exception:
            # Log an exception if the event loop dies.
            logging.exception("Exception in the event loop")
--- a/deltachat-rpc-client/tests/conftest.py
+++ b/deltachat-rpc-client/tests/conftest.py
@@ -2,7 +2,6 @@ from __future__ import annotations

 import imaplib
 import io
-import logging
 import pathlib
 import ssl
 from contextlib import contextmanager
@@ -46,13 +45,13 @@ class DirectImap:
        try:
            self.conn.logout()
        except (OSError, imaplib.IMAP4.abort):
-            logging.warning("Could not logout direct_imap conn")
+            print("Could not logout direct_imap conn")

    def create_folder(self, foldername):
        try:
            self.conn.folder.create(foldername)
        except errors.MailboxFolderCreateError as e:
-            logging.warning(f"Cannot create '{foldername}', probably it already exists: {str(e)}")
+            print("Can't create", foldername, "probably it already exists:", str(e))

    def select_folder(self, foldername: str) -> tuple:
        assert not self._idling
@@ -96,7 +95,7 @@ class DirectImap:
        messages = self.get_unread_messages()
        if messages:
            res = self.conn.flag(messages, MailMessageFlags.SEEN, True)
-            logging.info(f"Marked seen: {messages} {res}")
+            print("marked seen:", messages, res)

    def get_unread_cnt(self) -> int:
        return len(self.get_unread_messages())
--- a/deltachat-rpc-client/tests/test_calls.py
+++ b/deltachat-rpc-client/tests/test_calls.py
@@ -10,15 +10,15 @@ def test_calls(acfactory) -> None:
    alice_contact_bob = alice.create_contact(bob, "Bob")
    alice_chat_bob = alice_contact_bob.create_chat()
    bob.create_chat(alice)  # Accept the chat so incoming call causes a notification.
-    outgoing_call_message = alice_chat_bob.place_outgoing_call(place_call_info, has_video_initially=True)
+    outgoing_call_message = alice_chat_bob.place_outgoing_call(place_call_info)
    assert outgoing_call_message.get_call_info().state.kind == "Alerting"

    incoming_call_event = bob.wait_for_event(EventType.INCOMING_CALL)
    assert incoming_call_event.place_call_info == place_call_info
-    assert incoming_call_event.has_video
+    assert not incoming_call_event.has_video  # Cannot be parsed as SDP, so false by default
    incoming_call_message = Message(bob, incoming_call_event.msg_id)
    assert incoming_call_message.get_call_info().state.kind == "Alerting"
-    assert incoming_call_message.get_call_info().has_video
+    assert not incoming_call_message.get_call_info().has_video

    incoming_call_message.accept_incoming_call(accept_call_info)
    assert incoming_call_message.get_call_info().sdp_offer == place_call_info
@@ -41,38 +41,46 @@ def test_video_call(acfactory) -> None:
    #
    # `s=` cannot be empty according to RFC 3264,
    # so it is more clear as `s=-`.
+    place_call_info = """v=0\r
+o=alice 2890844526 2890844526 IN IP6 2001:db8::3\r
+s=-\r
+c=IN IP6 2001:db8::3\r
+t=0 0\r
+a=group:BUNDLE foo bar\r
+\r
+m=audio 10000 RTP/AVP 0 8 97\r
+b=AS:200\r
+a=mid:foo\r
+a=rtcp-mux\r
+a=rtpmap:0 PCMU/8000\r
+a=rtpmap:8 PCMA/8000\r
+a=rtpmap:97 iLBC/8000\r
+a=extmap:1 urn:ietf:params:rtp-hdrext:sdes:mid\r
+\r
+m=video 10002 RTP/AVP 31 32\r
+b=AS:1000\r
+a=mid:bar\r
+a=rtcp-mux\r
+a=rtpmap:31 H261/90000\r
+a=rtpmap:32 MPV/90000\r
+a=extmap:1 urn:ietf:params:rtp-hdrext:sdes:mid\r
+"""

    alice, bob = acfactory.get_online_accounts(2)

    bob.create_chat(alice)  # Accept the chat so incoming call causes a notification.
    alice_contact_bob = alice.create_contact(bob, "Bob")
    alice_chat_bob = alice_contact_bob.create_chat()
-    alice_chat_bob.place_outgoing_call("offer", has_video_initially=True)
+    alice_chat_bob.place_outgoing_call(place_call_info)

    incoming_call_event = bob.wait_for_event(EventType.INCOMING_CALL)
-    assert incoming_call_event.place_call_info == "offer"
+    assert incoming_call_event.place_call_info == place_call_info
    assert incoming_call_event.has_video

    incoming_call_message = Message(bob, incoming_call_event.msg_id)
    assert incoming_call_message.get_call_info().has_video


-def test_audio_call(acfactory) -> None:
-    alice, bob = acfactory.get_online_accounts(2)
-
-    bob.create_chat(alice)  # Accept the chat so incoming call causes a notification.
-    alice_contact_bob = alice.create_contact(bob, "Bob")
-    alice_chat_bob = alice_contact_bob.create_chat()
-    alice_chat_bob.place_outgoing_call("offer", has_video_initially=False)
-
-    incoming_call_event = bob.wait_for_event(EventType.INCOMING_CALL)
-    assert incoming_call_event.place_call_info == "offer"
-    assert not incoming_call_event.has_video
-
-    incoming_call_message = Message(bob, incoming_call_event.msg_id)
-    assert not incoming_call_message.get_call_info().has_video
-
-
 def test_ice_servers(acfactory) -> None:
    alice = acfactory.get_online_account()

@@ -84,7 +92,7 @@ def test_no_contact_request_call(acfactory) -> None:
    alice, bob = acfactory.get_online_accounts(2)

    alice_chat_bob = alice.create_chat(bob)
-    alice_chat_bob.place_outgoing_call("offer", has_video_initially=True)
+    alice_chat_bob.place_outgoing_call("offer")
    alice_chat_bob.send_text("Hello!")

    # Notification for "Hello!" message should arrive
@@ -99,48 +107,3 @@ def test_no_contact_request_call(acfactory) -> None:
            msg = bob.get_message_by_id(event.msg_id)
            if msg.get_snapshot().text == "Hello!":
                break
-
-
-def test_who_can_call_me_nobody(acfactory) -> None:
-    alice, bob = acfactory.get_online_accounts(2)
-
-    # Bob sets "who can call me" to "nobody" (2)
-    bob.set_config("who_can_call_me", "2")
-
-    # Bob even accepts Alice in advance so the chat does not appear as contact request.
-    bob.create_chat(alice)
-
-    alice_chat_bob = alice.create_chat(bob)
-    alice_chat_bob.place_outgoing_call("offer", has_video_initially=True)
-    alice_chat_bob.send_text("Hello!")
-
-    # Notification for "Hello!" message should arrive
-    # without the call ringing.
-    while True:
-        event = bob.wait_for_event()
-
-        # There should be no incoming call notification.
-        assert event.kind != EventType.INCOMING_CALL
-
-        if event.kind == EventType.INCOMING_MSG:
-            msg = bob.get_message_by_id(event.msg_id)
-            if msg.get_snapshot().text == "Hello!":
-                break
-
-
-def test_who_can_call_me_everybody(acfactory) -> None:
-    """Test that if "who can call me" setting is set to "everybody", calls arrive even in contact request chats."""
-    alice, bob = acfactory.get_online_accounts(2)
-
-    # Bob sets "who can call me" to "nobody" (0)
-    bob.set_config("who_can_call_me", "0")
-
-    alice_chat_bob = alice.create_chat(bob)
-    alice_chat_bob.place_outgoing_call("offer", has_video_initially=True)
-    incoming_call_event = bob.wait_for_event(EventType.INCOMING_CALL)
-
-    incoming_call_message = Message(bob, incoming_call_event.msg_id)
-
-    # Even with the call arriving, the chat is still in the contact request mode.
-    incoming_chat = incoming_call_message.get_snapshot().chat
-    assert incoming_chat.get_basic_snapshot().is_contact_request
--- a/deltachat-rpc-client/tests/test_chatlist_events.py
+++ b/deltachat-rpc-client/tests/test_chatlist_events.py
@@ -1,5 +1,7 @@
 from __future__ import annotations

+import base64
+import os
 from typing import TYPE_CHECKING

 from deltachat_rpc_client import Account, EventType, const
@@ -127,7 +129,7 @@ def test_download_on_demand(acfactory: ACFactory) -> None:
    msg.get_snapshot().chat.accept()
    bob.get_chat_by_id(chat_id).send_message(
        "Hello World, this message is bigger than 5 bytes",
-        file="../test-data/image/screenshot.jpg",
+        html=base64.b64encode(os.urandom(300000)).decode("utf-8"),
    )

    message = alice.wait_for_incoming_msg()
--- a/deltachat-rpc-client/tests/test_cross_core.py
+++ b/deltachat-rpc-client/tests/test_cross_core.py
@@ -1,57 +0,0 @@
-import subprocess
-
-import pytest
-
-from deltachat_rpc_client import DeltaChat, Rpc
-
-
-def test_install_venv_and_use_other_core(tmp_path, get_core_python_env):
-    python, rpc_server_path = get_core_python_env("2.24.0")
-    subprocess.check_call([python, "-m", "pip", "install", "deltachat-rpc-server==2.24.0"])
-    rpc = Rpc(accounts_dir=tmp_path.joinpath("accounts"), rpc_server_path=rpc_server_path)
-
-    with rpc:
-        dc = DeltaChat(rpc)
-        assert dc.rpc.get_system_info()["deltachat_core_version"] == "v2.24.0"
-
-
-@pytest.mark.parametrize("version", ["2.24.0"])
-def test_qr_setup_contact(alice_and_remote_bob, version) -> None:
-    """Test other-core Bob profile can do securejoin with Alice on current core."""
-    alice, alice_contact_bob, remote_eval = alice_and_remote_bob(version)
-
-    qr_code = alice.get_qr_code()
-    remote_eval(f"bob.secure_join({qr_code!r})")
-    alice.wait_for_securejoin_inviter_success()
-
-    # Test that Alice verified Bob's profile.
-    alice_contact_bob_snapshot = alice_contact_bob.get_snapshot()
-    assert alice_contact_bob_snapshot.is_verified
-
-    remote_eval("bob.wait_for_securejoin_joiner_success()")
-
-    # Test that Bob verified Alice's profile.
-    assert remote_eval("bob_contact_alice.get_snapshot().is_verified")
-
-
-def test_send_and_receive_message(alice_and_remote_bob) -> None:
-    """Test other-core Bob profile can send a message to Alice on current core."""
-    alice, alice_contact_bob, remote_eval = alice_and_remote_bob("2.20.0")
-
-    remote_eval("bob_contact_alice.create_chat().send_text('hello')")
-
-    msg = alice.wait_for_incoming_msg()
-    assert msg.get_snapshot().text == "hello"
-
-
-def test_second_device(acfactory, alice_and_remote_bob) -> None:
-    """Test setting up current version as a second device for old version."""
-    _alice, alice_contact_bob, remote_eval = alice_and_remote_bob("2.20.0")
-
-    remote_eval("locals().setdefault('future', bob._rpc.provide_backup.future(bob.id))")
-    qr = remote_eval("bob._rpc.get_backup_qr(bob.id)")
-    new_account = acfactory.get_unconfigured_account()
-    new_account._rpc.get_backup(new_account.id, qr)
-    remote_eval("locals()['future']()")
-
-    assert new_account.get_config("addr") == remote_eval("bob.get_config('addr')")
--- a/deltachat-rpc-client/tests/test_folders.py
+++ b/deltachat-rpc-client/tests/test_folders.py
@@ -2,13 +2,92 @@ import logging
 import re
 import time

+import pytest
 from imap_tools import AND, U

 from deltachat_rpc_client import Contact, EventType, Message


+def test_move_works(acfactory):
+    ac1, ac2 = acfactory.get_online_accounts(2)
+    ac2.set_config("mvbox_move", "1")
+    ac2.bring_online()
+
+    chat = ac1.create_chat(ac2)
+    chat.send_text("message1")
+
+    # Message is moved to the movebox
+    ac2.wait_for_event(EventType.IMAP_MESSAGE_MOVED)
+
+    # Message is downloaded
+    msg = ac2.wait_for_incoming_msg().get_snapshot()
+    assert msg.text == "message1"
+
+
+def test_move_avoids_loop(acfactory, direct_imap):
+    """Test that the message is only moved from INBOX to DeltaChat.
+
+    This is to avoid busy loop if moved message reappears in the Inbox
+    or some scanned folder later.
+    For example, this happens on servers that alias `INBOX.DeltaChat` to `DeltaChat` folder,
+    so the message moved to `DeltaChat` appears as a new message in the `INBOX.DeltaChat` folder.
+    We do not want to move this message from `INBOX.DeltaChat` to `DeltaChat` again.
+    """
+    ac1, ac2 = acfactory.get_online_accounts(2)
+    ac2.set_config("mvbox_move", "1")
+    ac2.set_config("delete_server_after", "0")
+    ac2.bring_online()
+
+    # Create INBOX.DeltaChat folder and make sure
+    # it is detected by full folder scan.
+    ac2_direct_imap = direct_imap(ac2)
+    ac2_direct_imap.create_folder("INBOX.DeltaChat")
+    ac2.stop_io()
+    ac2.start_io()
+
+    while True:
+        event = ac2.wait_for_event()
+        # Wait until the end of folder scan.
+        if event.kind == EventType.INFO and "Found folders:" in event.msg:
+            break
+
+    ac1_chat = acfactory.get_accepted_chat(ac1, ac2)
+    ac1_chat.send_text("Message 1")
+
+    # Message is moved to the DeltaChat folder and downloaded.
+    ac2_msg1 = ac2.wait_for_incoming_msg().get_snapshot()
+    assert ac2_msg1.text == "Message 1"
+
+    # Move the message to the INBOX.DeltaChat again.
+    # We assume that test server uses "." as the delimiter.
+    ac2_direct_imap.select_folder("DeltaChat")
+    ac2_direct_imap.conn.move(["*"], "INBOX.DeltaChat")
+
+    ac1_chat.send_text("Message 2")
+    ac2_msg2 = ac2.wait_for_incoming_msg().get_snapshot()
+    assert ac2_msg2.text == "Message 2"
+
+    # Stop and start I/O to trigger folder scan.
+    ac2.stop_io()
+    ac2.start_io()
+    while True:
+        event = ac2.wait_for_event()
+        # Wait until the end of folder scan.
+        if event.kind == EventType.INFO and "Found folders:" in event.msg:
+            break
+
+    # Check that Message 1 is still in the INBOX.DeltaChat folder
+    # and Message 2 is in the DeltaChat folder.
+    ac2_direct_imap.select_folder("INBOX")
+    assert len(ac2_direct_imap.get_all_messages()) == 0
+    ac2_direct_imap.select_folder("DeltaChat")
+    assert len(ac2_direct_imap.get_all_messages()) == 1
+    ac2_direct_imap.select_folder("INBOX.DeltaChat")
+    assert len(ac2_direct_imap.get_all_messages()) == 1
+
+
 def test_reactions_for_a_reordering_move(acfactory, direct_imap):
-    """When a batch of messages is moved from Inbox to another folder with a single MOVE command,
+    """When a batch of messages is moved from Inbox to DeltaChat folder with a single MOVE command,
    their UIDs may be reordered (e.g. Gmail is known for that) which led to that messages were
    processed by receive_imf in the wrong order, and, particularly, reactions were processed before
    messages they refer to and thus dropped.
@@ -18,6 +97,7 @@ def test_reactions_for_a_reordering_move(acfactory, direct_imap):
    addr, password = acfactory.get_credentials()
    ac2 = acfactory.get_unconfigured_account()
    ac2.add_or_update_transport({"addr": addr, "password": password})
+    ac2.set_config("mvbox_move", "1")
    assert ac2.is_configured()

    ac2.bring_online()
@@ -33,17 +113,11 @@ def test_reactions_for_a_reordering_move(acfactory, direct_imap):
    react_str = "\N{THUMBS UP SIGN}"
    msg1.send_reaction(react_str).wait_until_delivered()

-    logging.info("moving messages to ac2's movebox folder in the reverse order")
+    logging.info("moving messages to ac2's DeltaChat folder in the reverse order")
    ac2_direct_imap = direct_imap(ac2)
-    ac2_direct_imap.create_folder("Movebox")
    ac2_direct_imap.connect()
    for uid in sorted([m.uid for m in ac2_direct_imap.get_all_messages()], reverse=True):
-        ac2_direct_imap.conn.move(uid, "Movebox")
-
-    logging.info("moving messages back")
-    ac2_direct_imap.select_folder("Movebox")
-    for uid in sorted([m.uid for m in ac2_direct_imap.get_all_messages()]):
-        ac2_direct_imap.conn.move(uid, "INBOX")
+        ac2_direct_imap.conn.move(uid, "DeltaChat")

    logging.info("receiving messages by ac2")
    ac2.start_io()
@@ -56,22 +130,193 @@ def test_reactions_for_a_reordering_move(acfactory, direct_imap):
    assert list(reactions.reactions_by_contact.values())[0] == [react_str]


-def test_moved_markseen(acfactory, direct_imap, log):
+def test_delete_deltachat_folder(acfactory, direct_imap):
+    """Test that DeltaChat folder is recreated if user deletes it manually."""
+    ac1 = acfactory.new_configured_account()
+    ac1.set_config("mvbox_move", "1")
+    ac1.bring_online()
+
+    ac1_direct_imap = direct_imap(ac1)
+    ac1_direct_imap.conn.folder.delete("DeltaChat")
+    assert "DeltaChat" not in ac1_direct_imap.list_folders()
+
+    # Wait until new folder is created and UIDVALIDITY is updated.
+    while True:
+        event = ac1.wait_for_event()
+        if event.kind == EventType.INFO and "uid/validity change folder DeltaChat" in event.msg:
+            break
+
+    ac2 = acfactory.get_online_account()
+    ac2.create_chat(ac1).send_text("hello")
+    msg = ac1.wait_for_incoming_msg().get_snapshot()
+    assert msg.text == "hello"
+
+    assert "DeltaChat" in ac1_direct_imap.list_folders()
+
+
+def test_dont_show_emails(acfactory, direct_imap, log):
+    """Most mailboxes have a "Drafts" folder where constantly new emails appear but we don't actually want to show them.
+    So: If it's outgoing AND there is no Received header, then ignore the email.
+
+    If the draft email is sent out and received later (i.e. it's in "Inbox"), it must be shown.
+
+    Also, test that unknown emails in the Spam folder are not shown."""
+    ac1 = acfactory.new_configured_account()
+    ac1.stop_io()
+    ac1.set_config("show_emails", "2")
+
+    ac1.create_contact("alice@example.org").create_chat()
+
+    ac1_direct_imap = direct_imap(ac1)
+    ac1_direct_imap.create_folder("Drafts")
+    ac1_direct_imap.create_folder("Spam")
+    ac1_direct_imap.create_folder("Junk")
+
+    # Learn UID validity for all folders.
+    ac1.set_config("scan_all_folders_debounce_secs", "0")
+    ac1.start_io()
+    ac1.wait_for_event(EventType.IMAP_INBOX_IDLE)
+    ac1.stop_io()
+
+    ac1_direct_imap.append(
+        "Drafts",
+        """
+        From: ac1 <{}>
+        Subject: subj
+        To: alice@example.org
+        Message-ID: <aepiors@example.org>
+        Content-Type: text/plain; charset=utf-8
+
+        message in Drafts received later
+    """.format(
+            ac1.get_config("configured_addr"),
+        ),
+    )
+    ac1_direct_imap.append(
+        "Spam",
+        """
+        From: unknown.address@junk.org
+        Subject: subj
+        To: {}
+        Message-ID: <spam.message@junk.org>
+        Content-Type: text/plain; charset=utf-8
+
+        Unknown message in Spam
+    """.format(
+            ac1.get_config("configured_addr"),
+        ),
+    )
+    ac1_direct_imap.append(
+        "Spam",
+        """
+        From: unknown.address@junk.org, unkwnown.add@junk.org
+        Subject: subj
+        To: {}
+        Message-ID: <spam.message2@junk.org>
+        Content-Type: text/plain; charset=utf-8
+
+        Unknown & malformed message in Spam
+    """.format(
+            ac1.get_config("configured_addr"),
+        ),
+    )
+    ac1_direct_imap.append(
+        "Spam",
+        """
+        From: delta<address: inbox@nhroy.com>
+        Subject: subj
+        To: {}
+        Message-ID: <spam.message99@junk.org>
+        Content-Type: text/plain; charset=utf-8
+
+        Unknown & malformed message in Spam
+    """.format(
+            ac1.get_config("configured_addr"),
+        ),
+    )
+    ac1_direct_imap.append(
+        "Spam",
+        """
+        From: alice@example.org
+        Subject: subj
+        To: {}
+        Message-ID: <spam.message3@junk.org>
+        Content-Type: text/plain; charset=utf-8
+
+        Actually interesting message in Spam
+    """.format(
+            ac1.get_config("configured_addr"),
+        ),
+    )
+    ac1_direct_imap.append(
+        "Junk",
+        """
+        From: unknown.address@junk.org
+        Subject: subj
+        To: {}
+        Message-ID: <spam.message@junk.org>
+        Content-Type: text/plain; charset=utf-8
+
+        Unknown message in Junk
+    """.format(
+            ac1.get_config("configured_addr"),
+        ),
+    )
+
+    ac1.set_config("scan_all_folders_debounce_secs", "0")
+    log.section("All prepared, now let DC find the message")
+    ac1.start_io()
+
+    # Wait until each folder was scanned, this is necessary for this test to test what it should test:
+    ac1.wait_for_event(EventType.IMAP_INBOX_IDLE)
+
+    fresh_msgs = list(ac1.get_fresh_messages())
+    msg = fresh_msgs[0].get_snapshot()
+    chat_msgs = msg.chat.get_messages()
+    assert len(chat_msgs) == 1
+    assert msg.text == "subj – Actually interesting message in Spam"
+
+    assert not any("unknown.address" in c.get_full_snapshot().name for c in ac1.get_chatlist())
+    ac1_direct_imap.select_folder("Spam")
+    assert ac1_direct_imap.get_uid_by_message_id("spam.message@junk.org")
+
+    ac1.stop_io()
+    log.section("'Send out' the draft by moving it to Inbox, and wait for DC to display it this time")
+    ac1_direct_imap.select_folder("Drafts")
+    uid = ac1_direct_imap.get_uid_by_message_id("aepiors@example.org")
+    ac1_direct_imap.conn.move(uid, "Inbox")
+
+    ac1.start_io()
+    event = ac1.wait_for_event(EventType.MSGS_CHANGED)
+    msg2 = Message(ac1, event.msg_id).get_snapshot()
+
+    assert msg2.text == "subj – message in Drafts received later"
+    assert len(msg.chat.get_messages()) == 2
+
+
+def test_move_works_on_self_sent(acfactory):
+    ac1, ac2 = acfactory.get_online_accounts(2)
+
+    # Enable movebox and wait until it is created.
+    ac1.set_config("mvbox_move", "1")
+    ac1.set_config("bcc_self", "1")
+    ac1.bring_online()
+
+    chat = ac1.create_chat(ac2)
+    chat.send_text("message1")
+    ac1.wait_for_event(EventType.IMAP_MESSAGE_MOVED)
+    chat.send_text("message2")
+    ac1.wait_for_event(EventType.IMAP_MESSAGE_MOVED)
+    chat.send_text("message3")
+    ac1.wait_for_event(EventType.IMAP_MESSAGE_MOVED)
+
+
+def test_moved_markseen(acfactory, direct_imap):
    """Test that message already moved to DeltaChat folder is marked as seen."""
-    ac1 = acfactory.get_online_account()
-
-    addr, password = acfactory.get_credentials()
-    ac2 = acfactory.get_unconfigured_account()
-    ac2.add_or_update_transport({"addr": addr, "password": password})
-    ac2.bring_online()
-
-    log.section("ac2: creating DeltaChat folder")
-    ac2_direct_imap = direct_imap(ac2)
-    ac2_direct_imap.create_folder("DeltaChat")
+    ac1, ac2 = acfactory.get_online_accounts(2)
+    ac2.set_config("mvbox_move", "1")
    ac2.set_config("delete_server_after", "0")
    ac2.set_config("sync_msgs", "0")  # Do not send a sync message when accepting a contact request.
-
-    ac2.add_or_update_transport({"addr": addr, "password": password, "imapFolder": "DeltaChat"})
    ac2.bring_online()

    ac2.stop_io()
@@ -81,7 +326,6 @@ def test_moved_markseen(acfactory, direct_imap, log):
        idle2.wait_for_new_message()

    # Emulate moving of the message to DeltaChat folder by Sieve rule.
-    log.section("ac2: moving message into DeltaChat folder")
    ac2_direct_imap.conn.move(["*"], "DeltaChat")
    ac2_direct_imap.select_folder("DeltaChat")
    assert len(list(ac2_direct_imap.conn.fetch("*", mark_seen=False))) == 1
@@ -105,11 +349,15 @@ def test_moved_markseen(acfactory, direct_imap, log):
    assert len(list(ac2_direct_imap.conn.fetch(AND(seen=True, uid=U(1, "*")), mark_seen=False))) == 1


-def test_markseen_message_and_mdn(acfactory, direct_imap):
+@pytest.mark.parametrize("mvbox_move", [True, False])
+def test_markseen_message_and_mdn(acfactory, direct_imap, mvbox_move):
    ac1, ac2 = acfactory.get_online_accounts(2)

    for ac in ac1, ac2:
        ac.set_config("delete_server_after", "0")
+        if mvbox_move:
+            ac.set_config("mvbox_move", "1")
+            ac.bring_online()

    # Do not send BCC to self, we only want to test MDN on ac1.
    ac1.set_config("bcc_self", "0")
@@ -118,7 +366,10 @@ def test_markseen_message_and_mdn(acfactory, direct_imap):
    msg = ac2.wait_for_incoming_msg()
    msg.mark_seen()

-    rex = re.compile("Marked messages [0-9]+ in folder INBOX as seen.")
+    if mvbox_move:
+        rex = re.compile("Marked messages [0-9]+ in folder DeltaChat as seen.")
+    else:
+        rex = re.compile("Marked messages [0-9]+ in folder INBOX as seen.")

    for ac in ac1, ac2:
        while True:
@@ -126,11 +377,12 @@ def test_markseen_message_and_mdn(acfactory, direct_imap):
            if event.kind == EventType.INFO and rex.search(event.msg):
                break

+    folder = "mvbox" if mvbox_move else "inbox"
    ac1_direct_imap = direct_imap(ac1)
    ac2_direct_imap = direct_imap(ac2)

-    ac1_direct_imap.select_folder("INBOX")
-    ac2_direct_imap.select_folder("INBOX")
+    ac1_direct_imap.select_config_folder(folder)
+    ac2_direct_imap.select_config_folder(folder)

    # Check that the mdn is marked as seen
    assert len(list(ac1_direct_imap.conn.fetch(AND(seen=True), mark_seen=False))) == 1
@@ -138,12 +390,120 @@ def test_markseen_message_and_mdn(acfactory, direct_imap):
    assert len(list(ac2_direct_imap.conn.fetch(AND(seen=True), mark_seen=False))) == 1


+def test_mvbox_and_trash(acfactory, direct_imap, log):
+    log.section("ac1: start with mvbox")
+    ac1 = acfactory.get_online_account()
+    ac1.set_config("mvbox_move", "1")
+    ac1.bring_online()
+
+    log.section("ac2: start without a mvbox")
+    ac2 = acfactory.get_online_account()
+
+    log.section("ac1: create trash")
+    ac1_direct_imap = direct_imap(ac1)
+    ac1_direct_imap.create_folder("Trash")
+    ac1.set_config("scan_all_folders_debounce_secs", "0")
+    ac1.stop_io()
+    ac1.start_io()
+
+    log.section("ac1: send message and wait for ac2 to receive it")
+    acfactory.get_accepted_chat(ac1, ac2).send_text("message1")
+    assert ac2.wait_for_incoming_msg().get_snapshot().text == "message1"
+
+    assert ac1.get_config("configured_mvbox_folder") == "DeltaChat"
+    while ac1.get_config("configured_trash_folder") != "Trash":
+        ac1.wait_for_event(EventType.CONNECTIVITY_CHANGED)
+
+
+@pytest.mark.parametrize(
+    ("folder", "move", "expected_destination"),
+    [
+        (
+            "xyz",
+            False,
+            "xyz",
+        ),  # Test that emails aren't found in a random folder
+        (
+            "xyz",
+            True,
+            "xyz",
+        ),  # ...emails are found in a random folder and downloaded without moving
+        (
+            "Spam",
+            False,
+            "INBOX",
+        ),  # ...emails are moved from the spam folder to the Inbox
+    ],
+)
+# Testrun.org does not support the CREATE-SPECIAL-USE capability, which means that we can't create a folder with
+# the "\Junk" flag (see https://tools.ietf.org/html/rfc6154). So, we can't test spam folder detection by flag.
+def test_scan_folders(acfactory, log, direct_imap, folder, move, expected_destination):
+    """Delta Chat periodically scans all folders for new messages to make sure we don't miss any."""
+    variant = folder + "-" + str(move) + "-" + expected_destination
+    log.section("Testing variant " + variant)
+    ac1, ac2 = acfactory.get_online_accounts(2)
+    ac1.set_config("delete_server_after", "0")
+    if move:
+        ac1.set_config("mvbox_move", "1")
+        ac1.bring_online()
+
+    ac1.stop_io()
+    ac1_direct_imap = direct_imap(ac1)
+    ac1_direct_imap.create_folder(folder)
+
+    # Wait until each folder was selected once and we are IDLEing:
+    ac1.start_io()
+    ac1.bring_online()
+
+    ac1.stop_io()
+    assert folder in ac1_direct_imap.list_folders()
+
+    log.section("Send a message from ac2 to ac1 and manually move it to `folder`")
+    ac1_direct_imap.select_config_folder("inbox")
+    with ac1_direct_imap.idle() as idle1:
+        acfactory.get_accepted_chat(ac2, ac1).send_text("hello")
+        idle1.wait_for_new_message()
+    ac1_direct_imap.conn.move(["*"], folder)  # "*" means "biggest UID in mailbox"
+
+    log.section("start_io() and see if DeltaChat finds the message (" + variant + ")")
+    ac1.set_config("scan_all_folders_debounce_secs", "0")
+    ac1.start_io()
+    chat = ac1.create_chat(ac2)
+    n_msgs = 1  # "Messages are end-to-end encrypted."
+    if folder == "Spam":
+        msg = ac1.wait_for_incoming_msg().get_snapshot()
+        assert msg.text == "hello"
+        n_msgs += 1
+    else:
+        ac1.wait_for_event(EventType.IMAP_INBOX_IDLE)
+    assert len(chat.get_messages()) == n_msgs
+
+    # The message has reached its destination.
+    ac1_direct_imap.select_folder(expected_destination)
+    assert len(ac1_direct_imap.get_all_messages()) == 1
+    if folder != expected_destination:
+        ac1_direct_imap.select_folder(folder)
+        assert len(ac1_direct_imap.get_all_messages()) == 0
+
+
 def test_trash_multiple_messages(acfactory, direct_imap, log):
    ac1, ac2 = acfactory.get_online_accounts(2)
    ac2.stop_io()

+    # Create the Trash folder on IMAP server and configure deletion to it. There was a bug that if
+    # Trash wasn't configured initially, it can't be configured later, let's check this.
+    log.section("Creating trash folder")
+    ac2_direct_imap = direct_imap(ac2)
+    ac2_direct_imap.create_folder("Trash")
    ac2.set_config("delete_server_after", "0")
    ac2.set_config("sync_msgs", "0")
+    ac2.set_config("delete_to_trash", "1")
+
+    log.section("Check that Trash can be configured initially as well")
+    ac3 = ac2.clone()
+    ac3.bring_online()
+    assert ac3.get_config("configured_trash_folder")
+    ac3.stop_io()

    ac2.start_io()
    chat12 = acfactory.get_accepted_chat(ac1, ac2)
@@ -160,15 +520,17 @@ def test_trash_multiple_messages(acfactory, direct_imap, log):
        assert msg.text in texts
        if text != "second":
            to_delete.append(msg)
+    # ac2 has received some messages, this is impossible w/o the trash folder configured, let's
+    # check the configuration.
+    assert ac2.get_config("configured_trash_folder") == "Trash"

    log.section("ac2: deleting all messages except second")
    assert len(to_delete) == len(texts) - 1
    ac2.delete_messages(to_delete)

    log.section("ac2: test that only one message is left")
-    ac2_direct_imap = direct_imap(ac2)
    while 1:
-        ac2.wait_for_event(EventType.IMAP_MESSAGE_DELETED)
+        ac2.wait_for_event(EventType.IMAP_MESSAGE_MOVED)
        ac2_direct_imap.select_config_folder("inbox")
        nr_msgs = len(ac2_direct_imap.get_all_messages())
        assert nr_msgs > 0
--- a/deltachat-rpc-client/tests/test_iroh_webxdc.py
+++ b/deltachat-rpc-client/tests/test_iroh_webxdc.py
@@ -24,13 +24,6 @@ def path_to_webxdc(request):
    return str(p)


-@pytest.fixture
-def path_to_large_webxdc(request):
-    p = request.path.parent.parent.parent.joinpath("test-data/webxdc/realtime-check.xdc")
-    assert p.exists()
-    return str(p)
-
-
 def log(msg):
    logging.info(msg)

@@ -234,29 +227,3 @@ def test_advertisement_after_chatting(acfactory, path_to_webxdc):
    ac2_webxdc_msg.send_webxdc_realtime_advertisement()
    event = ac1.wait_for_event(EventType.WEBXDC_REALTIME_ADVERTISEMENT_RECEIVED)
    assert event.msg_id == ac1_webxdc_msg.id
-
-
-def test_realtime_large_webxdc(acfactory, path_to_large_webxdc):
-    """Tests initializing realtime channel on a large webxdc.
-
-    This is a regression test for a bug that existed in version 2.42.0.
-    Large webxdc is split into pre- and post- message,
-    and this previously resulted in failure to initialize realtime.
-    """
-    ac1, ac2 = acfactory.get_online_accounts(2)
-    ac1.set_config("webxdc_realtime_enabled", "1")
-    ac2.set_config("webxdc_realtime_enabled", "1")
-
-    ac2.create_chat(ac1)
-    ac1_ac2_chat = ac1.create_chat(ac2)
-    ac1_webxdc_msg = ac1_ac2_chat.send_message(text="realtime check", file=path_to_large_webxdc)
-
-    # Receive pre-message.
-    ac2_webxdc_msg = ac2.wait_for_incoming_msg()
-
-    # Receive post-message.
-    ac2_webxdc_msg = ac2.wait_for_msg(EventType.MSGS_CHANGED)
-
-    ac2_webxdc_msg.send_webxdc_realtime_advertisement()
-    event = ac1.wait_for_event(EventType.WEBXDC_REALTIME_ADVERTISEMENT_RECEIVED)
-    assert event.msg_id == ac1_webxdc_msg.id
--- a/deltachat-rpc-client/tests/test_key_transfer.py
+++ b/deltachat-rpc-client/tests/test_key_transfer.py
@@ -0,0 +1,49 @@
+import pytest
+
+from deltachat_rpc_client import EventType
+from deltachat_rpc_client.rpc import JsonRpcError
+
+
+def wait_for_autocrypt_setup_message(account):
+    while True:
+        event = account.wait_for_event()
+        if event.kind == EventType.MSGS_CHANGED and event.msg_id != 0:
+            msg_id = event.msg_id
+            msg = account.get_message_by_id(msg_id)
+            if msg.get_snapshot().is_setupmessage:
+                return msg
+
+
+def test_autocrypt_setup_message_key_transfer(acfactory):
+    alice1 = acfactory.get_online_account()
+
+    alice2 = acfactory.get_unconfigured_account()
+    alice2.add_or_update_transport({"addr": alice1.get_config("addr"), "password": alice1.get_config("mail_pw")})
+    alice2.bring_online()
+
+    setup_code = alice1.initiate_autocrypt_key_transfer()
+    msg = wait_for_autocrypt_setup_message(alice2)
+
+    # Test that entering wrong code returns an error.
+    with pytest.raises(JsonRpcError):
+        msg.continue_autocrypt_key_transfer("7037-0673-6287-3013-4095-7956-5617-6806-6756")
+
+    msg.continue_autocrypt_key_transfer(setup_code)
+
+
+def test_ac_setup_message_twice(acfactory):
+    alice1 = acfactory.get_online_account()
+
+    alice2 = acfactory.get_unconfigured_account()
+    alice2.add_or_update_transport({"addr": alice1.get_config("addr"), "password": alice1.get_config("mail_pw")})
+    alice2.bring_online()
+
+    # Send the first Autocrypt Setup Message and ignore it.
+    _setup_code = alice1.initiate_autocrypt_key_transfer()
+    wait_for_autocrypt_setup_message(alice2)
+
+    # Send the second Autocrypt Setup Message and import it.
+    setup_code = alice1.initiate_autocrypt_key_transfer()
+    msg = wait_for_autocrypt_setup_message(alice2)
+
+    msg.continue_autocrypt_key_transfer(setup_code)
--- a/deltachat-rpc-client/tests/test_multidevice.py
+++ b/deltachat-rpc-client/tests/test_multidevice.py
@@ -4,41 +4,6 @@ from deltachat_rpc_client import EventType
 from deltachat_rpc_client.const import MessageState


-def test_bcc_self_delete_server_after_defaults(acfactory):
-    """Test default values for bcc_self and delete_server_after."""
-    ac = acfactory.get_online_account()
-
-    # Initially after getting online
-    # the setting bcc_self is set to 0 because there is only one device
-    # and delete_server_after is "1", meaning immediate deletion.
-    assert ac.get_config("bcc_self") == "0"
-    assert ac.get_config("delete_server_after") == "1"
-
-    # Setup a second device.
-    ac_clone = ac.clone()
-    ac_clone.bring_online()
-
-    # Second device setup
-    # enables bcc_self and changes default delete_server_after.
-    assert ac.get_config("bcc_self") == "1"
-    assert ac.get_config("delete_server_after") == "0"
-
-    assert ac_clone.get_config("bcc_self") == "1"
-    assert ac_clone.get_config("delete_server_after") == "0"
-
-    # Manually disabling bcc_self
-    # also restores the default for delete_server_after.
-    ac.set_config("bcc_self", "0")
-    assert ac.get_config("bcc_self") == "0"
-    assert ac.get_config("delete_server_after") == "1"
-
-    # Cloning the account again enables bcc_self
-    # even though it was manually disabled.
-    ac_clone = ac.clone()
-    assert ac.get_config("bcc_self") == "1"
-    assert ac.get_config("delete_server_after") == "0"
-
-
 def test_one_account_send_bcc_setting(acfactory, log, direct_imap):
    ac1, ac2 = acfactory.get_online_accounts(2)
    ac1_clone = ac1.clone()
--- a/deltachat-rpc-client/tests/test_multitransport.py
+++ b/deltachat-rpc-client/tests/test_multitransport.py
@@ -1,331 +0,0 @@
-import pytest
-
-from deltachat_rpc_client import EventType
-from deltachat_rpc_client.const import ChatType, DownloadState
-from deltachat_rpc_client.rpc import JsonRpcError
-
-
-def test_add_second_address(acfactory) -> None:
-    account = acfactory.new_configured_account()
-    assert len(account.list_transports()) == 1
-
-    assert account.get_config("show_emails") == "2"
-
-    qr = acfactory.get_account_qr()
-    account.add_transport_from_qr(qr)
-    assert len(account.list_transports()) == 2
-
-    account.add_transport_from_qr(qr)
-    assert len(account.list_transports()) == 3
-
-    first_addr = account.list_transports()[0]["addr"]
-    second_addr = account.list_transports()[1]["addr"]
-
-    # Cannot delete the first address.
-    with pytest.raises(JsonRpcError):
-        account.delete_transport(first_addr)
-
-    account.delete_transport(second_addr)
-    assert len(account.list_transports()) == 2
-
-    # show_emails does not matter for multi-relay, can be set to anything
-    account.set_config("show_emails", "0")
-
-
-def test_second_transport_without_classic_emails(acfactory) -> None:
-    """Test that second transport can be configured if classic emails are not fetched."""
-    account = acfactory.new_configured_account()
-    assert len(account.list_transports()) == 1
-
-    assert account.get_config("show_emails") == "2"
-
-    qr = acfactory.get_account_qr()
-    account.set_config("show_emails", "0")
-
-    account.add_transport_from_qr(qr)
-
-
-def test_change_address(acfactory) -> None:
-    """Test Alice configuring a second transport and setting it as a primary one."""
-    alice, bob = acfactory.get_online_accounts(2)
-
-    bob_addr = bob.get_config("configured_addr")
-    bob.create_chat(alice)
-
-    alice_chat_bob = alice.create_chat(bob)
-    alice_chat_bob.send_text("Hello!")
-
-    msg1 = bob.wait_for_incoming_msg().get_snapshot()
-    sender_addr1 = msg1.sender.get_snapshot().address
-
-    alice.stop_io()
-    old_alice_addr = alice.get_config("configured_addr")
-    alice_vcard = alice.self_contact.make_vcard()
-    assert old_alice_addr in alice_vcard
-    qr = acfactory.get_account_qr()
-    alice.add_transport_from_qr(qr)
-    new_alice_addr = alice.list_transports()[1]["addr"]
-    with pytest.raises(JsonRpcError):
-        # Cannot use the address that is not
-        # configured for any transport.
-        alice.set_config("configured_addr", bob_addr)
-
-    # Load old address so it is cached.
-    assert alice.get_config("configured_addr") == old_alice_addr
-    alice.set_config("configured_addr", new_alice_addr)
-    # Make sure that setting `configured_addr` invalidated the cache.
-    assert alice.get_config("configured_addr") == new_alice_addr
-
-    alice_vcard = alice.self_contact.make_vcard()
-    assert old_alice_addr not in alice_vcard
-    assert new_alice_addr in alice_vcard
-    with pytest.raises(JsonRpcError):
-        alice.delete_transport(new_alice_addr)
-    alice.start_io()
-
-    alice_chat_bob.send_text("Hello again!")
-
-    msg2 = bob.wait_for_incoming_msg().get_snapshot()
-    sender_addr2 = msg2.sender.get_snapshot().address
-
-    assert msg1.sender == msg2.sender
-    assert sender_addr1 != sender_addr2
-    assert sender_addr1 == old_alice_addr
-    assert sender_addr2 == new_alice_addr
-
-
-def test_download_on_demand(acfactory) -> None:
-    alice, bob = acfactory.get_online_accounts(2)
-    alice.set_config("download_limit", "1")
-
-    alice.stop_io()
-    qr = acfactory.get_account_qr()
-    alice.add_transport_from_qr(qr)
-    alice.start_io()
-
-    alice.create_chat(bob)
-    chat_bob_alice = bob.create_chat(alice)
-    chat_bob_alice.send_message(file="../test-data/image/screenshot.jpg")
-    msg = alice.wait_for_incoming_msg()
-    snapshot = msg.get_snapshot()
-    assert snapshot.download_state == DownloadState.AVAILABLE
-    chat_id = snapshot.chat_id
-    # Actually the message isn't available yet. Wait somehow for the post-message to arrive.
-    chat_bob_alice.send_message("Now you can download my previous message")
-    alice.wait_for_incoming_msg()
-    alice._rpc.download_full_message(alice.id, msg.id)
-    for dstate in [DownloadState.IN_PROGRESS, DownloadState.DONE]:
-        event = alice.wait_for_event(EventType.MSGS_CHANGED)
-        assert event.chat_id == chat_id
-        assert event.msg_id == msg.id
-        assert msg.get_snapshot().download_state == dstate
-
-
-def test_reconfigure_transport(acfactory) -> None:
-    """Test that reconfiguring the transport works."""
-    account = acfactory.get_online_account()
-
-    [transport] = account.list_transports()
-    account.add_or_update_transport(transport)
-
-
-def test_transport_synchronization(acfactory, log) -> None:
-    """Test synchronization of transports between devices."""
-
-    def wait_for_io_started(ac):
-        while True:
-            ev = ac.wait_for_event(EventType.INFO)
-            if "scheduler is running" in ev.msg:
-                return
-
-    ac1, ac2 = acfactory.get_online_accounts(2)
-    ac1_clone = ac1.clone()
-    ac1_clone.bring_online()
-
-    qr = acfactory.get_account_qr()
-
-    ac1.add_transport_from_qr(qr)
-    ac1_clone.wait_for_event(EventType.TRANSPORTS_MODIFIED)
-    wait_for_io_started(ac1_clone)
-    assert len(ac1.list_transports()) == 2
-    assert len(ac1_clone.list_transports()) == 2
-
-    ac1_clone.add_transport_from_qr(qr)
-    ac1.wait_for_event(EventType.TRANSPORTS_MODIFIED)
-    wait_for_io_started(ac1)
-    assert len(ac1.list_transports()) == 3
-    assert len(ac1_clone.list_transports()) == 3
-
-    log.section("ac1 clone removes second transport")
-    [transport1, transport2, transport3] = ac1_clone.list_transports()
-    addr3 = transport3["addr"]
-    ac1_clone.delete_transport(transport2["addr"])
-
-    ac1.wait_for_event(EventType.TRANSPORTS_MODIFIED)
-    wait_for_io_started(ac1)
-    [transport1, transport3] = ac1.list_transports()
-
-    log.section("ac1 changes the primary transport")
-    ac1.set_config("configured_addr", transport3["addr"])
-
-    # One event for updated `add_timestamp` of the new primary transport,
-    # one event for the `configured_addr` update.
-    ac1_clone.wait_for_event(EventType.TRANSPORTS_MODIFIED)
-    ac1_clone.wait_for_event(EventType.TRANSPORTS_MODIFIED)
-    [transport1, transport3] = ac1_clone.list_transports()
-    assert ac1_clone.get_config("configured_addr") == addr3
-
-    log.section("ac1 removes the first transport")
-    ac1.delete_transport(transport1["addr"])
-
-    ac1_clone.wait_for_event(EventType.TRANSPORTS_MODIFIED)
-    wait_for_io_started(ac1_clone)
-    [transport3] = ac1_clone.list_transports()
-    assert transport3["addr"] == addr3
-    assert ac1_clone.get_config("configured_addr") == addr3
-
-    ac2_chat = ac2.create_chat(ac1)
-    ac2_chat.send_text("Hello!")
-
-    assert ac1.wait_for_incoming_msg().get_snapshot().text == "Hello!"
-    assert ac1_clone.wait_for_incoming_msg().get_snapshot().text == "Hello!"
-
-
-def test_transport_sync_new_as_primary(acfactory, log) -> None:
-    """Test synchronization of new transport as primary between devices."""
-    ac1, bob = acfactory.get_online_accounts(2)
-    ac1_clone = ac1.clone()
-    ac1_clone.bring_online()
-
-    qr = acfactory.get_account_qr()
-
-    ac1.add_transport_from_qr(qr)
-    ac1_transports = ac1.list_transports()
-    assert len(ac1_transports) == 2
-    [transport1, transport2] = ac1_transports
-    ac1_clone.wait_for_event(EventType.TRANSPORTS_MODIFIED)
-    assert len(ac1_clone.list_transports()) == 2
-    assert ac1_clone.get_config("configured_addr") == transport1["addr"]
-
-    log.section("ac1 changes the primary transport")
-    ac1.set_config("configured_addr", transport2["addr"])
-
-    ac1_clone.wait_for_event(EventType.TRANSPORTS_MODIFIED)
-    assert ac1_clone.get_config("configured_addr") == transport2["addr"]
-
-    log.section("ac1_clone receives a message via the new primary transport")
-    ac1_chat = ac1.create_chat(bob)
-    ac1_chat.send_text("Hello!")
-    bob_chat_id = bob.wait_for_incoming_msg_event().chat_id
-    bob_chat = bob.get_chat_by_id(bob_chat_id)
-    bob_chat.accept()
-    bob_chat.send_text("hello back")
-    assert ac1_clone.wait_for_incoming_msg().get_snapshot().text == "hello back"
-
-
-def test_recognize_self_address(acfactory) -> None:
-    alice, bob = acfactory.get_online_accounts(2)
-
-    bob_chat = bob.create_chat(alice)
-
-    qr = acfactory.get_account_qr()
-    alice.add_transport_from_qr(qr)
-
-    new_alice_addr = alice.list_transports()[1]["addr"]
-    alice.set_config("configured_addr", new_alice_addr)
-
-    bob_chat.send_text("Hello!")
-    msg = alice.wait_for_incoming_msg().get_snapshot()
-    assert msg.chat == alice.create_chat(bob)
-
-
-def test_transport_limit(acfactory) -> None:
-    """Test transports limit."""
-    account = acfactory.get_online_account()
-    qr = acfactory.get_account_qr()
-
-    limit = 5
-
-    for _ in range(1, limit):
-        account.add_transport_from_qr(qr)
-
-    assert len(account.list_transports()) == limit
-
-    with pytest.raises(JsonRpcError):
-        account.add_transport_from_qr(qr)
-
-    second_addr = account.list_transports()[1]["addr"]
-    account.delete_transport(second_addr)
-
-    # test that adding a transport after deleting one works again
-    account.add_transport_from_qr(qr)
-
-
-def test_message_info_imap_urls(acfactory) -> None:
-    """Test that message info contains IMAP URLs of where the message was received."""
-    alice, bob = acfactory.get_online_accounts(2)
-
-    qr = acfactory.get_account_qr()
-    for i in range(3):
-        alice.add_transport_from_qr(qr)
-        # Wait for all transports to go IDLE after adding each one.
-        for _ in range(i + 1):
-            alice.bring_online()
-
-    # Enable multi-device mode so messages are not deleted immediately.
-    alice.set_config("bcc_self", "1")
-
-    # Bob creates chat, learning about Alice's currently selected transport.
-    # This is where he will send the message.
-    bob_chat = bob.create_chat(alice)
-
-    # Alice switches to another transport and removes the rest of the transports.
-    new_alice_addr = alice.list_transports()[1]["addr"]
-    alice.set_config("configured_addr", new_alice_addr)
-    removed_addrs = []
-    for transport in alice.list_transports():
-        if transport["addr"] != new_alice_addr:
-            alice.delete_transport(transport["addr"])
-            removed_addrs.append(transport["addr"])
-    alice.stop_io()
-    alice.start_io()
-
-    bob_chat.send_text("Hello!")
-
-    msg = alice.wait_for_incoming_msg()
-    msg_info = msg.get_info()
-    assert new_alice_addr in msg_info
-    for removed_addr in removed_addrs:
-        assert removed_addr not in msg_info
-    assert f"{new_alice_addr}/INBOX" in msg_info
-
-
-def test_remove_primary_transport(acfactory, log) -> None:
-    """Test that after removing the primary relay, Alice can still receive messages."""
-    alice, bob = acfactory.get_online_accounts(2)
-    qr = acfactory.get_account_qr()
-
-    alice.add_transport_from_qr(qr)
-    alice.bring_online()
-
-    bob_chat = bob.create_chat(alice)
-    alice.create_chat(bob)
-
-    log.section("Alice sets up second transport")
-    [transport1, transport2] = alice.list_transports()
-    alice.set_config("configured_addr", transport2["addr"])
-
-    bob_chat.send_text("Hello!")
-    msg1 = alice.wait_for_incoming_msg().get_snapshot()
-    assert msg1.text == "Hello!"
-
-    log.section("Alice removes the primary relay")
-    alice.delete_transport(transport1["addr"])
-    alice.stop_io()
-    alice.start_io()
-
-    bob_chat.send_text("Hello again!")
-    msg2 = alice.wait_for_incoming_msg().get_snapshot()
-    assert msg2.text == "Hello again!"
-    assert msg2.chat.get_basic_snapshot().chat_type == ChatType.SINGLE
-    assert msg2.chat == alice.create_chat(bob)
--- a/deltachat-rpc-client/tests/test_securejoin.py
+++ b/deltachat-rpc-client/tests/test_securejoin.py
@@ -140,15 +140,15 @@ def test_qr_securejoin_broadcast(acfactory, all_devices_online):
        return chat

    def wait_for_broadcast_messages(ac):
-        snapshot1 = ac.wait_for_incoming_msg().get_snapshot()
-        assert snapshot1.text == "You joined the channel."
-
-        snapshot2 = ac.wait_for_incoming_msg().get_snapshot()
-        assert snapshot2.text == "Hello everyone!"
-
        chat = get_broadcast(ac)
-        assert snapshot1.chat_id == chat.id
-        assert snapshot2.chat_id == chat.id
+
+        snapshot = ac.wait_for_incoming_msg().get_snapshot()
+        assert snapshot.text == "You joined the channel."
+        assert snapshot.chat_id == chat.id
+
+        snapshot = ac.wait_for_incoming_msg().get_snapshot()
+        assert snapshot.text == "Hello everyone!"
+        assert snapshot.chat_id == chat.id

    def check_account(ac, contact, inviter_side, please_wait_info_msg=False):
        # Check that the chat partner is verified.
@@ -158,34 +158,29 @@ def test_qr_securejoin_broadcast(acfactory, all_devices_online):
        chat = get_broadcast(ac)
        chat_msgs = chat.get_messages()

-        encrypted_msg = chat_msgs.pop(0).get_snapshot()
+        if please_wait_info_msg:
+            first_msg = chat_msgs.pop(0).get_snapshot()
+            assert first_msg.text == "Establishing guaranteed end-to-end encryption, please wait…"
+            assert first_msg.is_info
+
+        encrypted_msg = chat_msgs[0].get_snapshot()
        assert encrypted_msg.text == "Messages are end-to-end encrypted."
        assert encrypted_msg.is_info

-        if please_wait_info_msg:
-            first_msg = chat_msgs.pop(0).get_snapshot()
-            assert "invited you to join this channel" in first_msg.text
-            assert first_msg.is_info
-
+        member_added_msg = chat_msgs[1].get_snapshot()
        if inviter_side:
-            member_added_msg = chat_msgs.pop(0).get_snapshot()
            assert member_added_msg.text == f"Member {contact_snapshot.display_name} added."
-            assert member_added_msg.info_contact_id == contact_snapshot.id
        else:
-            if chat_msgs[0].get_snapshot().text == "You joined the channel.":
-                member_added_msg = chat_msgs.pop(0).get_snapshot()
-            else:
-                member_added_msg = chat_msgs.pop(1).get_snapshot()
-                assert member_added_msg.text == "You joined the channel."
+            assert member_added_msg.text == "You joined the channel."
        assert member_added_msg.is_info

-        hello_msg = chat_msgs.pop(0).get_snapshot()
+        hello_msg = chat_msgs[2].get_snapshot()
        assert hello_msg.text == "Hello everyone!"
        assert not hello_msg.is_info
        assert hello_msg.show_padlock
        assert hello_msg.error is None

-        assert len(chat_msgs) == 0
+        assert len(chat_msgs) == 3

        chat_snapshot = chat.get_full_snapshot()
        assert chat_snapshot.is_encrypted
@@ -701,6 +696,6 @@ def test_withdraw_securejoin_qr(acfactory):
        event = alice.wait_for_event()
        if (
            event.kind == EventType.WARNING
-            and "Ignoring RequestWithAuth message because of invalid auth code." in event.msg
+            and "Ignoring vg-request-with-auth message because of invalid auth code." in event.msg
        ):
            break
--- a/deltachat-rpc-client/tests/test_something.py
+++ b/deltachat-rpc-client/tests/test_something.py
@@ -10,10 +10,10 @@ from unittest.mock import MagicMock

 import pytest

-from deltachat_rpc_client import EventType, events
+from deltachat_rpc_client import Contact, EventType, Message, events
 from deltachat_rpc_client.const import DownloadState, MessageState
 from deltachat_rpc_client.pytestplugin import E2EE_INFO_MSGS
-from deltachat_rpc_client.rpc import JsonRpcError, Rpc
+from deltachat_rpc_client.rpc import JsonRpcError


 def test_system_info(rpc) -> None:
@@ -90,9 +90,12 @@ def test_lowercase_address(acfactory) -> None:
    assert account.get_config("configured_addr") == addr
    assert account.list_transports()[0]["addr"] == addr

-    param = account.get_info()["used_transport_settings"]
-    assert addr in param
-    assert addr_upper not in param
+    for param in [
+        account.get_info()["used_account_settings"],
+        account.get_info()["entered_account_settings"],
+    ]:
+        assert addr in param
+        assert addr_upper not in param


 def test_configure_ip(acfactory) -> None:
@@ -273,9 +276,6 @@ def test_chat(acfactory) -> None:
    assert group.get_messages()
    group.get_fresh_message_count()
    group.mark_noticed()
-    assert group.get_fresh_message_count() == 0
-    group.mark_fresh()
-    assert group.get_fresh_message_count() > 0
    assert group.get_contacts()
    assert group.get_past_contacts() == []
    group.remove_contact(alice_contact_bob)
@@ -336,27 +336,26 @@ def test_receive_imf_failure(acfactory) -> None:
    alice_contact_bob = alice.create_contact(bob, "Bob")
    alice_chat_bob = alice_contact_bob.create_chat()

-    bob.set_config("simulate_receive_imf_error", "1")
+    bob.set_config("fail_on_receiving_full_msg", "1")
    alice_chat_bob.send_text("Hello!")
    event = bob.wait_for_event(EventType.MSGS_CHANGED)
    assert event.chat_id == bob.get_device_chat().id
    msg_id = event.msg_id
    message = bob.get_message_by_id(msg_id)
    snapshot = message.get_snapshot()
-    version = bob.get_info()["deltachat_core_version"]
    assert (
        snapshot.text == "❌ Failed to receive a message:"
-        " Condition failed: `!context.get_config_bool(Config::SimulateReceiveImfError).await?`."
-        f" Core version {version}."
+        " Condition failed: `!context.get_config_bool(Config::FailOnReceivingFullMsg).await?`."
        " Please report this bug to delta@merlinux.eu or https://support.delta.chat/."
    )

    # The failed message doesn't break the IMAP loop.
-    bob.set_config("simulate_receive_imf_error", "0")
+    bob.set_config("fail_on_receiving_full_msg", "0")
    alice_chat_bob.send_text("Hello again!")
    message = bob.wait_for_incoming_msg()
    snapshot = message.get_snapshot()
    assert snapshot.text == "Hello again!"
+    assert snapshot.download_state == DownloadState.DONE
    assert snapshot.error is None


@@ -374,48 +373,17 @@ def test_selfavatar_sync(acfactory, data, log) -> None:
    alice.set_config("selfavatar", image)
    avatar_config = alice.get_config("selfavatar")
    avatar_hash = os.path.basename(avatar_config)
-    logging.info(f"Avatar hash is {avatar_hash}")
+    print("Info: avatar hash is ", avatar_hash)

    log.section("First device receives avatar change")
    alice2.wait_for_event(EventType.SELFAVATAR_CHANGED)
    avatar_config2 = alice2.get_config("selfavatar")
    avatar_hash2 = os.path.basename(avatar_config2)
-    logging.info(f"Avatar hash on second device is {avatar_hash2}")
+    print("Info: avatar hash on second device is ", avatar_hash2)
    assert avatar_hash == avatar_hash2
    assert avatar_config != avatar_config2


-def test_dont_move_sync_msgs(acfactory, direct_imap):
-    addr, password = acfactory.get_credentials()
-    ac1 = acfactory.get_unconfigured_account()
-    ac1.set_config("bcc_self", "1")
-    ac1.set_config("fix_is_chatmail", "1")
-    ac1.add_or_update_transport({"addr": addr, "password": password})
-    ac1.start_io()
-    ac1_direct_imap = direct_imap(ac1)
-
-    # Sync messages may also be sent during configuration.
-    ac1.wait_for_event(EventType.MSG_DELIVERED)
-    ac1_direct_imap.select_folder("Inbox")
-    while True:
-        if len(ac1_direct_imap.get_all_messages()) == 1:
-            break
-        time.sleep(1)
-
-    ac1.set_config("displayname", "Alice")
-    ac1.wait_for_event(EventType.MSG_DELIVERED)
-    ac1.set_config("displayname", "Bob")
-    ac1.wait_for_event(EventType.MSG_DELIVERED)
-
-    # Message may not be delivered to IMAP immediately
-    # after sending over SMTP,
-    # retry until they are delivered to IMAP.
-    while True:
-        if len(ac1_direct_imap.get_all_messages()) == 3:
-            break
-        time.sleep(1)
-
-
 def test_reaction_seen_on_another_dev(acfactory) -> None:
    alice, bob = acfactory.get_online_accounts(2)
    alice2 = alice.clone()
@@ -499,7 +467,7 @@ def test_bot(acfactory) -> None:


 def test_wait_next_messages(acfactory) -> None:
-    alice = acfactory.get_online_account()
+    alice = acfactory.new_configured_account()

    # Create a bot account so it does not receive device messages in the beginning.
    addr, password = acfactory.get_credentials()
@@ -507,7 +475,6 @@ def test_wait_next_messages(acfactory) -> None:
    bot.set_config("bot", "1")
    bot.add_or_update_transport({"addr": addr, "password": password})
    assert bot.is_configured()
-    bot.bring_online()

    # There are no old messages and the call returns immediately.
    assert not bot.wait_next_messages()
@@ -540,103 +507,6 @@ def test_import_export_backup(acfactory, tmp_path) -> None:
    assert alice2.manager.get_system_info()


-def test_import_export_online_all(acfactory, tmp_path, data, log) -> None:
-    (ac1, some1) = acfactory.get_online_accounts(2)
-
-    log.section("create some chat content")
-    some1_addr = some1.get_config("addr")
-    chat1 = ac1.create_contact(some1).create_chat()
-    chat1.send_text("msg1")
-    assert len(ac1.get_contacts()) == 1
-
-    original_image_path = data.get_path("image/avatar64x64.png")
-    chat1.send_file(str(original_image_path))
-
-    # Add another 100KB file that ensures that the progress is smooth enough
-    path = tmp_path / "attachment.txt"
-    with path.open("w") as file:
-        file.truncate(100000)
-    chat1.send_file(str(path))
-
-    def assert_account_is_proper(ac):
-        contacts = ac.get_contacts()
-        assert len(contacts) == 1
-        contact2 = contacts[0]
-        assert contact2.get_snapshot().address == some1_addr
-        chat2 = contact2.create_chat()
-        messages = chat2.get_messages()
-        assert len(messages) == 3 + E2EE_INFO_MSGS
-        assert messages[0 + E2EE_INFO_MSGS].get_snapshot().text == "msg1"
-        snapshot = messages[1 + E2EE_INFO_MSGS].get_snapshot()
-        assert snapshot.file_mime == "image/png"
-        assert os.stat(snapshot.file).st_size == os.stat(original_image_path).st_size
-        ac.set_config("displayname", "new displayname")
-        assert ac.get_config("displayname") == "new displayname"
-
-    assert_account_is_proper(ac1)
-
-    backupdir = tmp_path / "backup"
-    backupdir.mkdir()
-
-    log.section(f"export all to {backupdir}")
-    ac1.stop_io()
-    ac1.export_backup(backupdir)
-    progress = 0
-    files_written = []
-    while True:
-        event = ac1.wait_for_event()
-        if event.kind == EventType.IMEX_PROGRESS:
-            assert event.progress > 0  # Progress 0 indicates error.
-            assert event.progress < progress + 250
-            progress = event.progress
-            if progress == 1000:
-                break
-        elif event.kind == EventType.IMEX_FILE_WRITTEN:
-            files_written.append(event.path)
-        else:
-            logging.info(event)
-    assert len(files_written) == 1
-    assert os.path.exists(files_written[0])
-    ac1.start_io()
-
-    log.section("get fresh empty account")
-    ac2 = acfactory.get_unconfigured_account()
-
-    log.section("import backup and check it's proper")
-    ac2.import_backup(files_written[0])
-    progress = 0
-    while True:
-        event = ac2.wait_for_event()
-        if event.kind == EventType.IMEX_PROGRESS:
-            assert event.progress > 0  # Progress 0 indicates error.
-            assert event.progress < progress + 250
-            progress = event.progress
-            if progress == 1000:
-                break
-        else:
-            logging.info(event)
-    assert_account_is_proper(ac1)
-    assert_account_is_proper(ac2)
-
-    log.section(f"Second-time export all to {backupdir}")
-    ac1.stop_io()
-    ac1.export_backup(backupdir)
-    while True:
-        event = ac1.wait_for_event()
-        if event.kind == EventType.IMEX_PROGRESS:
-            assert event.progress > 0
-            if event.progress == 1000:
-                break
-        elif event.kind == EventType.IMEX_FILE_WRITTEN:
-            files_written.append(event.path)
-        else:
-            logging.info(event)
-    assert len(files_written) == 2
-    assert os.path.exists(files_written[1])
-    assert files_written[1] != files_written[0]
-    assert len(list(backupdir.glob("*.tar"))) == 2
-
-
 def test_import_export_keys(acfactory, tmp_path) -> None:
    alice, bob = acfactory.get_online_accounts(2)

@@ -668,24 +538,6 @@ def test_openrpc_command_line() -> None:
    assert "methods" in openrpc


-def test_early_failure(tmp_path) -> None:
-    """Test that Rpc.start() raises on invalid accounts directories."""
-    # A file instead of a directory.
-    file_path = tmp_path / "not_a_dir"
-    file_path.write_text("I am a file, not a directory")
-    rpc = Rpc(accounts_dir=str(file_path))
-    with pytest.raises(JsonRpcError, match="(?i)directory"):
-        rpc.start()
-
-    # A non-empty directory that is not a deltachat accounts directory.
-    non_dc_dir = tmp_path / "invalid_dir"
-    non_dc_dir.mkdir()
-    (non_dc_dir / "some_file").write_text("content")
-    rpc = Rpc(accounts_dir=str(non_dc_dir))
-    with pytest.raises(JsonRpcError, match="invalid_dir"):
-        rpc.start()
-
-
 def test_provider_info(rpc) -> None:
    account_id = rpc.add_account()

@@ -738,6 +590,60 @@ def test_mdn_doesnt_break_autocrypt(acfactory) -> None:
    assert snapshot.show_padlock


+def test_reaction_to_partially_fetched_msg(acfactory, tmp_path):
+    """See https://github.com/deltachat/deltachat-core-rust/issues/3688 "Partially downloaded
+    messages are received out of order".
+
+    If the Inbox contains X small messages followed by Y large messages followed by Z small
+    messages, Delta Chat first downloaded a batch of X+Z messages, and then a batch of Y messages.
+
+    This bug was discovered by @Simon-Laux while testing reactions PR #3644 and can be reproduced
+    with online test as follows:
+    - Bob enables download limit and goes offline.
+    - Alice sends a large message to Bob and reacts to this message with a thumbs-up.
+    - Bob goes online
+    - Bob first processes a reaction message and throws it away because there is no corresponding
+      message, then processes a partially downloaded message.
+    - As a result, Bob does not see a reaction
+    """
+    download_limit = 300000
+    ac1, ac2 = acfactory.get_online_accounts(2)
+    ac1_addr = ac1.get_config("addr")
+    chat = ac1.create_chat(ac2)
+    ac2.set_config("download_limit", str(download_limit))
+    ac2.stop_io()
+
+    logging.info("sending small+large messages from ac1 to ac2")
+    msgs = []
+    msgs.append(chat.send_text("hi"))
+    path = tmp_path / "large"
+    path.write_bytes(os.urandom(download_limit + 1))
+    msgs.append(chat.send_file(str(path)))
+    for m in msgs:
+        m.wait_until_delivered()
+
+    logging.info("sending a reaction to the large message from ac1 to ac2")
+    # TODO: Find the reason of an occasional message reordering on the server (so that the reaction
+    # has a lower UID than the previous message). W/a is to sleep for some time to let the reaction
+    # have a later INTERNALDATE.
+    time.sleep(1.1)
+    react_str = "\N{THUMBS UP SIGN}"
+    msgs.append(msgs[-1].send_reaction(react_str))
+    msgs[-1].wait_until_delivered()
+
+    ac2.start_io()
+
+    logging.info("wait for ac2 to receive a reaction")
+    msg2 = Message(ac2, ac2.wait_for_reactions_changed().msg_id)
+    assert msg2.get_sender_contact().get_snapshot().address == ac1_addr
+    assert msg2.get_snapshot().download_state == DownloadState.AVAILABLE
+    reactions = msg2.get_reactions()
+    contacts = [Contact(ac2, int(i)) for i in reactions.reactions_by_contact]
+    assert len(contacts) == 1
+    assert contacts[0].get_snapshot().address == ac1_addr
+    assert list(reactions.reactions_by_contact.values())[0] == [react_str]
+
+
@pytest.mark.parametrize("n_accounts", [3, 2])
 def test_download_limit_chat_assignment(acfactory, tmp_path, n_accounts):
    download_limit = 300000
@@ -754,167 +660,22 @@ def test_download_limit_chat_assignment(acfactory, tmp_path, n_accounts):
        contact = alice.create_contact(account)
        alice_group.add_contact(contact)

+    bob_chat_alice = bob.create_chat(alice)
    bob.set_config("download_limit", str(download_limit))

    alice_group.send_text("hi")
    snapshot = bob.wait_for_incoming_msg().get_snapshot()
    assert snapshot.text == "hi"
-    bob_group = snapshot.chat

    path = tmp_path / "large"
    path.write_bytes(os.urandom(download_limit + 1))

-    n_done = 0
    for i in range(10):
        logging.info("Sending message %s", i)
        alice_group.send_file(str(path))
        snapshot = bob.wait_for_incoming_msg().get_snapshot()
-        if snapshot.download_state == DownloadState.DONE:
-            n_done += 1
-            # Work around lost and reordered pre-messages.
-            assert n_done <= 1
-        else:
-            assert snapshot.download_state == DownloadState.AVAILABLE
-        assert snapshot.chat == bob_group
-
-
-def test_download_small_msg_first(acfactory, tmp_path):
-    download_limit = 70000
-
-    alice, bob0 = acfactory.get_online_accounts(2)
-    bob1 = bob0.clone()
-    bob1.set_config("download_limit", str(download_limit))
-
-    chat = alice.create_chat(bob0)
-    path = tmp_path / "large_enough"
-    path.write_bytes(os.urandom(download_limit + 1))
-    # Less than 140K, so sent w/o a pre-message.
-    chat.send_file(str(path))
-    chat.send_text("hi")
-    bob0.create_chat(alice)
-    assert bob0.wait_for_incoming_msg().get_snapshot().text == ""
-    assert bob0.wait_for_incoming_msg().get_snapshot().text == "hi"
-
-    bob1.start_io()
-    bob1.create_chat(alice)
-    assert bob1.wait_for_incoming_msg().get_snapshot().text == "hi"
-    assert bob1.wait_for_incoming_msg().get_snapshot().text == ""
-
-
-@pytest.mark.parametrize("delete_chat", [False, True])
-def test_delete_available_msg(acfactory, tmp_path, direct_imap, delete_chat):
-    """
-    Tests `DownloadState.AVAILABLE` message deletion on the receiver side.
-    Also tests pre- and post-message deletion on the sender side.
-    """
-    # Min. UI setting as of v2.35
-    download_limit = 163840
-    alice, bob = acfactory.get_online_accounts(2)
-    bob.set_config("download_limit", str(download_limit))
-    # Avoid immediate deletion from the server
-    alice.set_config("bcc_self", "1")
-    bob.set_config("bcc_self", "1")
-
-    chat_alice = alice.create_chat(bob)
-    path = tmp_path / "large"
-    path.write_bytes(os.urandom(download_limit + 1))
-    msg_alice = chat_alice.send_file(str(path))
-    msg_bob = bob.wait_for_incoming_msg()
-    msg_bob_snapshot = msg_bob.get_snapshot()
-    assert msg_bob_snapshot.download_state == DownloadState.AVAILABLE
-    chat_bob = bob.get_chat_by_id(msg_bob_snapshot.chat_id)
-
-    # Avoid DeleteMessages sync message
-    bob.set_config("bcc_self", "0")
-    if delete_chat:
-        chat_bob.delete()
-    else:
-        bob.delete_messages([msg_bob])
-    alice.wait_for_event(EventType.SMTP_MESSAGE_SENT)
-    alice.wait_for_event(EventType.SMTP_MESSAGE_SENT)
-    alice.set_config("bcc_self", "0")
-    if delete_chat:
-        chat_alice.delete()
-    else:
-        alice.delete_messages([msg_alice])
-    for acc in [bob, alice]:
-        if not delete_chat:
-            acc.wait_for_event(EventType.MSG_DELETED)
-        acc_direct_imap = direct_imap(acc)
-        # Messages may be deleted separately
-        while True:
-            acc.wait_for_event(EventType.IMAP_MESSAGE_DELETED)
-            while True:
-                event = acc.wait_for_event()
-                if event.kind == EventType.INFO and "Close/expunge succeeded." in event.msg:
-                    break
-            if len(acc_direct_imap.get_all_messages()) == 0:
-                break
-
-
-def test_delete_fully_downloaded_msg(acfactory, tmp_path, direct_imap):
-    alice, bob = acfactory.get_online_accounts(2)
-    # Avoid immediate deletion from the server
-    bob.set_config("bcc_self", "1")
-
-    chat_alice = alice.create_chat(bob)
-    path = tmp_path / "large"
-    # Big enough to be sent with a pre-message
-    path.write_bytes(os.urandom(300000))
-    chat_alice.send_file(str(path))
-
-    msg = bob.wait_for_incoming_msg()
-    msg_snapshot = msg.get_snapshot()
-    assert msg_snapshot.download_state == DownloadState.AVAILABLE
-    msgs_changed_event = bob.wait_for_msgs_changed_event()
-    assert msgs_changed_event.msg_id == msg.id
-    msg_snapshot = msg.get_snapshot()
-    assert msg_snapshot.download_state == DownloadState.DONE
-
-    bob_direct_imap = direct_imap(bob)
-    assert len(bob_direct_imap.get_all_messages()) == 2
-    # Avoid DeleteMessages sync message
-    bob.set_config("bcc_self", "0")
-    bob.delete_messages([msg])
-    bob.wait_for_event(EventType.MSG_DELETED)
-    # Messages may be deleted separately
-    while True:
-        bob.wait_for_event(EventType.IMAP_MESSAGE_DELETED)
-        while True:
-            event = bob.wait_for_event()
-            if event.kind == EventType.INFO and "Close/expunge succeeded." in event.msg:
-                break
-        if len(bob_direct_imap.get_all_messages()) == 0:
-            break
-
-
-def test_imap_autodelete_fully_downloaded_msg(acfactory, tmp_path, direct_imap):
-    alice, bob = acfactory.get_online_accounts(2)
-
-    chat_alice = alice.create_chat(bob)
-    path = tmp_path / "large"
-    # Big enough to be sent with a pre-message
-    path.write_bytes(os.urandom(300000))
-    chat_alice.send_file(str(path))
-
-    msg = bob.wait_for_incoming_msg()
-    msg_snapshot = msg.get_snapshot()
-    assert msg_snapshot.download_state == DownloadState.AVAILABLE
-    msgs_changed_event = bob.wait_for_msgs_changed_event()
-    assert msgs_changed_event.msg_id == msg.id
-    msg_snapshot = msg.get_snapshot()
-    assert msg_snapshot.download_state == DownloadState.DONE
-
-    bob_direct_imap = direct_imap(bob)
-    # Messages may be deleted separately
-    while True:
-        if len(bob_direct_imap.get_all_messages()) == 0:
-            break
-        bob.wait_for_event(EventType.IMAP_MESSAGE_DELETED)
-        while True:
-            event = bob.wait_for_event()
-            if event.kind == EventType.INFO and "Close/expunge succeeded." in event.msg:
-                break
+        assert snapshot.download_state == DownloadState.AVAILABLE
+        assert snapshot.chat == bob_chat_alice


 def test_markseen_contact_request(acfactory):
@@ -940,47 +701,6 @@ def test_markseen_contact_request(acfactory):
    assert message2.get_snapshot().state == MessageState.IN_SEEN


-@pytest.mark.parametrize("team_profile", [True, False])
-def test_no_markseen_in_team_profile(team_profile, acfactory):
-    """
-    Test that seen status is synchronized iff `team_profile` isn't set.
-    """
-    alice, bob = acfactory.get_online_accounts(2)
-    if team_profile:
-        bob.set_config("team_profile", "1")
-
-    # Bob sets up a second device.
-    bob2 = bob.clone()
-    bob2.start_io()
-
-    alice_chat_bob = alice.create_chat(bob)
-    bob_chat_alice = bob.create_chat(alice)
-    bob2.create_chat(alice)
-    alice_chat_bob.send_text("Hello Bob!")
-
-    message = bob.wait_for_incoming_msg()
-    message2 = bob2.wait_for_incoming_msg()
-    assert message2.get_snapshot().state == MessageState.IN_FRESH
-
-    message.mark_seen()
-
-    # Send a message and wait until it arrives
-    # in order to wait until Bob2 gets the markseen message.
-    # This also tests that outgoing messages
-    # don't mark preceeding messages as seen in team profiles.
-    bob_chat_alice.send_text("Outgoing message")
-    while True:
-        outgoing = bob2.wait_for_msg(EventType.MSGS_CHANGED)
-        if outgoing.id != 0:
-            break
-    assert outgoing.get_snapshot().text == "Outgoing message"
-
-    if team_profile:
-        assert message2.get_snapshot().state == MessageState.IN_FRESH
-    else:
-        assert message2.get_snapshot().state == MessageState.IN_SEEN
-
-
 def test_read_receipt(acfactory):
    """
    Test sending a read receipt and ensure it is attributed to the correct contact.
@@ -1000,9 +720,6 @@ def test_read_receipt(acfactory):
    assert len(read_receipts) == 1
    assert read_receipts[0].contact_id == alice_contact_bob.id

-    read_receipt_cnt = read_msg.get_read_receipt_count()
-    assert read_receipt_cnt == 1
-

 def test_get_http_response(acfactory):
    alice = acfactory.new_configured_account()
@@ -1015,7 +732,7 @@ def test_configured_imap_certificate_checks(acfactory):
    alice = acfactory.new_configured_account()

    # Certificate checks should be configured (not None)
-    assert "cert_strict" in alice.get_info().used_transport_settings
+    assert "cert_strict" in alice.get_info().used_account_settings

    # "cert_old_automatic" is the value old Delta Chat core versions used
    # to mean user entered "imap_certificate_checks=0" (Automatic)
@@ -1028,7 +745,7 @@ def test_configured_imap_certificate_checks(acfactory):
    #
    # Core 1.142.4, 1.142.5 and 1.142.6 saved this value due to bug.
    # This test is a regression test to prevent this happening again.
-    assert "cert_old_automatic" not in alice.get_info().used_transport_settings
+    assert "cert_old_automatic" not in alice.get_info().used_account_settings


 def test_no_old_msg_is_fresh(acfactory):
@@ -1140,15 +857,15 @@ def test_leave_broadcast(acfactory, all_devices_online):
        contact_snapshot = contact.get_snapshot()
        chat_msgs = chat.get_messages()

+        if please_wait_info_msg:
+            first_msg = chat_msgs.pop(0).get_snapshot()
+            assert first_msg.text == "Establishing guaranteed end-to-end encryption, please wait…"
+            assert first_msg.is_info
+
        encrypted_msg = chat_msgs.pop(0).get_snapshot()
        assert encrypted_msg.text == "Messages are end-to-end encrypted."
        assert encrypted_msg.is_info

-        if please_wait_info_msg:
-            first_msg = chat_msgs.pop(0).get_snapshot()
-            assert "invited you to join this channel" in first_msg.text
-            assert first_msg.is_info
-
        member_added_msg = chat_msgs.pop(0).get_snapshot()
        if inviter_side:
            assert member_added_msg.text == f"Member {contact_snapshot.display_name} added."
@@ -1206,30 +923,6 @@ def test_leave_broadcast(acfactory, all_devices_online):
    check_account(bob2, bob2.create_contact(alice), inviter_side=False)


-def test_leave_and_delete_group(acfactory, log):
-    alice, bob = acfactory.get_online_accounts(2)
-
-    log.section("Alice creates a group")
-    alice_chat = alice.create_group("Group")
-    alice_chat.add_contact(bob)
-    assert len(alice_chat.get_contacts()) == 2  # Alice and Bob
-    alice_chat.send_text("hello")
-
-    log.section("Bob sees the group, and leaves and deletes it")
-    msg = bob.wait_for_incoming_msg().get_snapshot()
-    assert msg.text == "hello"
-    msg.chat.accept()
-
-    msg.chat.leave()
-    # Bob deletes the chat. This must not prevent the leave message from being sent.
-    msg.chat.delete()
-
-    log.section("Alice receives the delete message")
-    # After Bob left, only Alice will be left in the group:
-    while len(alice_chat.get_contacts()) != 1:
-        alice.wait_for_event(EventType.CHAT_MODIFIED)
-
-
 def test_immediate_autodelete(acfactory, direct_imap, log):
    ac1, ac2 = acfactory.get_online_accounts(2)

@@ -1262,123 +955,3 @@ def test_immediate_autodelete(acfactory, direct_imap, log):
    ev = ac1.wait_for_event(EventType.MSG_READ)
    assert ev.chat_id == chat1.id
    assert ev.msg_id == sent_msg.id
-
-
-def test_background_fetch(acfactory, dc):
-    ac1, ac2 = acfactory.get_online_accounts(2)
-    ac1.stop_io()
-
-    ac1_chat = ac1.create_chat(ac2)
-
-    ac2_chat = ac2.create_chat(ac1)
-    ac2_chat.send_text("Hello!")
-
-    while True:
-        dc.background_fetch(300)
-        messages = ac1_chat.get_messages()
-        snapshot = messages[-1].get_snapshot()
-        if snapshot.text == "Hello!":
-            break
-
-    # Stopping background fetch immediately after starting
-    # does not result in any errors.
-    background_fetch_future = dc.background_fetch.future(300)
-    dc.stop_background_fetch()
-    background_fetch_future()
-
-    # Starting background fetch with zero timeout is ok,
-    # it should terminate immediately.
-    dc.background_fetch(0)
-
-    # Background fetch can still be used to send and receive messages.
-    ac2_chat.send_text("Hello again!")
-
-    while True:
-        dc.background_fetch(300)
-        messages = ac1_chat.get_messages()
-        snapshot = messages[-1].get_snapshot()
-        if snapshot.text == "Hello again!":
-            break
-
-
-def test_message_exists(acfactory):
-    ac1, ac2 = acfactory.get_online_accounts(2)
-    chat = ac1.create_chat(ac2)
-    message1 = chat.send_text("Hello!")
-    message2 = chat.send_text("Hello again!")
-    assert message1.exists()
-    assert message2.exists()
-
-    ac1.delete_messages([message1])
-    assert not message1.exists()
-    assert message2.exists()
-
-    # There is no error when checking if
-    # the message exists for deleted account.
-    ac1.remove()
-    assert not message1.exists()
-    assert not message2.exists()
-
-
-def test_synchronize_member_list_on_group_rejoin(acfactory, log):
-    """
-    Test that user recreates group member list when it joins the group again.
-    ac1 creates a group with two other accounts: ac2 and ac3
-    Then it removes ac2, removes ac3 and adds ac2 back.
-    ac2 did not see that ac3 is removed, so it should rebuild member list from scratch.
-    """
-    log.section("setting up accounts, accepted with each other")
-    ac1, ac2, ac3 = accounts = acfactory.get_online_accounts(3)
-
-    log.section("ac1: creating group chat with 2 other members")
-    chat = ac1.create_group("title1")
-    chat.add_contact(ac2)
-    chat.add_contact(ac3)
-
-    log.section("ac1: send message to new group chat")
-    msg = chat.send_text("hello")
-    assert chat.num_contacts() == 3
-
-    log.section("checking that the chat arrived correctly")
-    for ac in accounts[1:]:
-        msg = ac.wait_for_incoming_msg().get_snapshot()
-        assert msg.text == "hello"
-        assert msg.chat.num_contacts() == 3
-        msg.chat.accept()
-
-    log.section("ac1: removing ac2")
-    chat.remove_contact(ac2)
-
-    log.section("ac2: wait for a message about removal from the chat")
-    ac2.wait_for_incoming_msg()
-    log.section("ac1: removing ac3")
-    chat.remove_contact(ac3)
-
-    log.section("ac1: adding ac2 back")
-    chat.add_contact(ac2)
-
-    log.section("ac2: check that ac3 is removed")
-    msg = ac2.wait_for_incoming_msg()
-
-    assert chat.num_contacts() == 2
-    assert msg.get_snapshot().chat.num_contacts() == 2
-
-
-def test_large_message(acfactory) -> None:
-    """
-    Test sending large message without download limit set,
-    so it is sent with pre-message but downloaded without user interaction.
-    """
-    alice, bob = acfactory.get_online_accounts(2)
-
-    alice_chat_bob = alice.create_chat(bob)
-    alice_chat_bob.send_message(
-        "Hello World, this message is bigger than 5 bytes",
-        file="../test-data/image/screenshot.jpg",
-    )
-
-    msg = bob.wait_for_incoming_msg()
-    msgs_changed_event = bob.wait_for_msgs_changed_event()
-    assert msg.id == msgs_changed_event.msg_id
-    snapshot = msg.get_snapshot()
-    assert snapshot.text == "Hello World, this message is bigger than 5 bytes"
--- a/deltachat-rpc-server/Cargo.toml
+++ b/deltachat-rpc-server/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "deltachat-rpc-server"
-version = "2.48.0"
+version = "2.26.0"
 description = "DeltaChat JSON-RPC server"
 edition = "2021"
 readme = "README.md"
--- a/deltachat-rpc-server/npm-package/package.json
+++ b/deltachat-rpc-server/npm-package/package.json
@@ -15,5 +15,5 @@
  },
  "type": "module",
  "types": "index.d.ts",
-  "version": "2.48.0"
+  "version": "2.26.0"
 }
--- a/deltachat-rpc-server/src/main.rs
+++ b/deltachat-rpc-server/src/main.rs
@@ -24,14 +24,6 @@ use yerpc::{RpcClient, RpcSession};

 #[tokio::main(flavor = "multi_thread")]
 async fn main() {
-    // Logs from `log` crate and traces from `tracing` crate
-    // are configurable with `RUST_LOG` environment variable
-    // and go to stderr to avoid interfering with JSON-RPC using stdout.
-    tracing_subscriber::fmt()
-        .with_env_filter(EnvFilter::from_default_env())
-        .with_writer(std::io::stderr)
-        .init();
-
    let r = main_impl().await;
    // From tokio documentation:
    // "For technical reasons, stdin is implemented by using an ordinary blocking read on a separate
@@ -51,7 +43,7 @@ async fn main_impl() -> Result<()> {
            if let Some(arg) = args.next() {
                return Err(anyhow!("Unrecognized argument {arg:?}"));
            }
-            eprintln!("{DC_VERSION_STR}");
+            eprintln!("{}", &*DC_VERSION_STR);
            return Ok(());
        } else if first_arg.to_str() == Some("--openrpc") {
            if let Some(arg) = args.next() {
@@ -72,6 +64,14 @@ async fn main_impl() -> Result<()> {
    #[cfg(target_family = "unix")]
    let mut sigterm = signal_unix::signal(signal_unix::SignalKind::terminate())?;

+    // Logs from `log` crate and traces from `tracing` crate
+    // are configurable with `RUST_LOG` environment variable
+    // and go to stderr to avoid interfering with JSON-RPC using stdout.
+    tracing_subscriber::fmt()
+        .with_env_filter(EnvFilter::from_default_env())
+        .with_writer(std::io::stderr)
+        .init();
+
    let path = std::env::var("DC_ACCOUNTS_PATH").unwrap_or_else(|_| "accounts".to_string());
    log::info!("Starting with accounts directory `{path}`.");
    let writable = true;
--- a/deny.toml
+++ b/deny.toml
@@ -12,18 +12,6 @@ ignore = [

    # Unmaintained paste
    "RUSTSEC-2024-0436",
-
-    # Unmaintained rustls-pemfile
-    # It is a transitive dependency of iroh 0.35.0,
-    # this should be fixed by upgrading to iroh 1.0 once it is released.
-    "RUSTSEC-2025-0134",
-
-    # rustls-webpki v0.102.8
-    # We cannot upgrade to >=0.103.10 because
-    # it is a transitive dependency of iroh 0.35.0
-    # which depends on ^0.102.
-    # <https://rustsec.org/advisories/RUSTSEC-2026-0049>
-    "RUSTSEC-2026-0049",
 ]

 [bans]
@@ -34,24 +22,22 @@ ignore = [
 skip = [
     { name = "async-channel", version = "1.9.0" },
     { name = "bitflags", version = "1.3.2" },
-     { name = "constant_time_eq", version = "0.3.1" },
     { name = "derive_more-impl", version = "1.0.0" },
     { name = "derive_more", version = "1.0.0" },
     { name = "event-listener", version = "2.5.3" },
     { name = "getrandom", version = "0.2.12" },
+     { name = "hashbrown", version = "0.14.5" },
     { name = "heck", version = "0.4.1" },
     { name = "http", version = "0.2.12" },
     { name = "linux-raw-sys", version = "0.4.14" },
-     { name = "lru", version = "0.12.5" },
+     { name = "lru", version = "0.12.3" },
     { name = "netlink-packet-route", version = "0.17.1" },
     { name = "nom", version = "7.1.3" },
     { name = "rand_chacha", version = "0.3.1" },
     { name = "rand_core", version = "0.6.4" },
     { name = "rand", version = "0.8.5" },
     { name = "rustix", version = "0.38.44" },
-     { name = "rustls-webpki", version = "0.102.8" },
     { name = "serdect", version = "0.2.0" },
-     { name = "socket2", version = "0.5.9" },
     { name = "spin", version = "0.9.8" },
     { name = "strum_macros", version = "0.26.2" },
     { name = "strum", version = "0.26.2" },
@@ -76,6 +62,7 @@ skip = [
     { name = "windows_x86_64_gnu" },
     { name = "windows_x86_64_gnullvm" },
     { name = "windows_x86_64_msvc" },
+     { name = "zerocopy", version = "0.7.32" },
 ]


--- a/draft/aeap-mvp.md
+++ b/draft/aeap-mvp.md
@@ -0,0 +1,127 @@
+AEAP MVP
+========
+
+Changes to the UIs
+------------------
+
+- The secondary self addresses (see below) are shown in the UI, but not editable.
+
+- When the user changed the email address in the configure screen, show a dialog to the user, either directly explaining things or with a link to the FAQ (see "Other" below)
+
+Changes in the core
+-------------------
+
+- [x] We have one primary self address and any number of secondary self addresses. `is_self_addr()` checks all of them.
+
+- [x] If the user does a reconfigure and changes the email address, the previous address is added as a secondary self address.
+
+  - don't forget to deduplicate secondary self addresses in case the user switches back and forth between addresses).
+
+  - The key stays the same.
+
+- [x] No changes for 1:1 chats, there simply is a new one. (This works since, contrary to group messages, messages sent to a 1:1 chat are not assigned to the group chat but always to the 1:1 chat with the sender. So it's not a problem that the new messages might be put into the old chat if they are a reply to a message there.)
+
+- [ ] When sending a message: If any of the secondary self addrs is in the chat's member list, remove it locally (because we just transitioned away from it). We add a log message for this (alternatively, a system message in the chat would be more visible).
+
+- [x] ([#3385](https://github.com/deltachat/deltachat-core-rust/pull/3385)) When receiving a message: If the key exists, but belongs to another address (we may want to benchmark this)
+  AND there is a `Chat-Version` header\
+  AND the message is signed correctly
+  AND the From address is (also) in the encrypted (and therefore signed) headers <sup>[[1]](#myfootnote1)</sup>\
+  AND the message timestamp is newer than the contact's `lastseen` (to prevent changing the address back when messages arrive out of order) (this condition is not that important since we will have eventual consistency even without it):
+
+  Replace the contact in _all_ groups, possibly deduplicate the members list, and add a system message to all of these chats.
+  
+  - Note that we can't simply compare the keys byte-by-byte, since the UID may have changed, or the sender may have rotated the key and signed the new key with the old one.
+
+<a name="myfootnote1">[1]</a>: Without this check, an attacker could replay a message from Alice to Bob. Then Bob's device would do an AEAP transition from Alice's to the attacker's address, allowing for easier phishing.
+
+<details>
+<summary>More details about this</summary>
+Suppose Alice sends a message to Evil (or to a group with both Evil and Bob). Evil then forwards the message to Bob, changing the From and To headers (and if necessary Message-Id) and replacing `addr=alice@example.org;` in the autocrypt header with `addr=evil@example.org;`.
+
+Then Bob's device sees that there is a message which is signed by Alice's key and comes from Evil's address and would do the AEAP transition, i.e. replace Alice with Evil in all groups and show a message "Alice changed their address from alice@example.org to evil@example.org". Disadvantages for Evil are that Bob's message will be shown on Alice's device, possibly creating confusion/suspicion, and that the usual "Setup changed for..." message will be shown the next time Evil sends a message (because Evil doesn't know Alice's private key).
+
+Possible mitigations:
+- if we make the AEAP device message sth. like "Automatically removed alice@example.org and added evil@example.org", then this will create more suspicion, making the phishing harder (we didn't talk about what what the wording should be at all yet).
+- Add something similar to replay protection to our Autocrypt implementation. This could be done e.g. by adding a second `From` header to the protected headers. If it's present, the receiver then requires it to be the same as the outer `From`, and if it's not present, we don't do AEAP --> **That's what we implemented**
+
+Note that usually a mail is signed by a key that has a UID matching the from address.
+
+  That's not mandatory for Autocrypt (and in fact, we just keep the old UID when changing the self address, so with AEAP the UID will actually be different than the from address sometimes)
+
+  https://autocrypt.org/level1.html#openpgp-based-key-data says:
+  > The content of the user id packet is only decorative
+
+</details>
+
+### Notes:
+  
+- We treat protected and non-protected chats the same
+- We leave the aeap transition statement away since it seems not to be needed, makes things harder on the sending side, wastes some network traffic, and is worse for privacy (since more people know what old addresses you had).
+- As soon as we encrypt read receipts, sending a read receipt will be enough to tell a lot of people that you transitioned
+- AEAP will make the problem of inconsistent group state worse, both because it doesn't work if the message is unencrypted (even if the design allowed it, it would be problematic security-wise) and because some chat partners may have gotten the transition and some not. We should do something against this at some point in the future, like asking the user whether they want to add/remove the members to restore consistent group state.
+
+#### Downsides of this design:
+- Inconsistent group state: Suppose Alice does an AEAP transition and sends a 1:1 message to Bob, so Bob rewrites Alice's contact. Alice, Bob and Charlie are together in a group. Before Alice writes to this group, Bob and Charlie will have different membership lists, and Bob will send messages to Alice's new address, while Charlie will send them to her old address.
+
+#### Upsides:
+- With this approach, it's easy to switch to a model where the info about the transition is encoded in the PGP key. Since the key is gossiped, the information about the transition will spread virally.
+- Faster transition: If you send a message to e.g. "Delta Chat Dev", all members of the "sub-group" "delta android" will know of your transition.
+
+### Alternatives and old discussions/plans:
+
+- Change the contact instead of rewriting the group member lists. This seems to call for more trouble since we will end up with multiple contacts having the same email address.
+
+- If needed, we could add a header a) indicating that the sender did an address transition or b) listing all the secondary (old) addresses.  For now, there is no big enough benefit to warrant introducing another header and its processing on the receiver side (including all the necessary checks and handling of error cases). Instead, we only check for the `Chat-Version` header to prevent accidental transitions when an MUA user sends a message from another email address with the same key.
+
+- The condition for a transition temporarily was:
+
+  > When receiving a message: If we are going to assign a message to a chat, but the sender is not a member of this chat\
+  > AND the signing key is the same as the direct (non-gossiped) key of one of the chat members\
+  > AND ...
+
+  However, this would mean that in 1:1 messages can't trigger a transition, since we don't assign private messages to the parent chat, but always to the 1:1 chat with the sender.
+  
+<details>
+<summary>Some previous state of the discussion, which temporarily lived in an issue description</summary>
+Summarizing the discussions from https://github.com/deltachat/deltachat-core-rust/pull/2896, mostly quoting @hpk42:
+
+1. (DONE) At the time of configure we push the current primary to become a secondary. 
+
+2. When a message is sent out to a chat, and the message is encrypted, and we have secondary addresses, then we 
+  a) add a protected "AEAP-Replacement" header that contains all secondary addresses 
+  b) if any of the secondary addresses is in the chat's member list, we remove it and leave a system message that we did so
+3. When an encrypted message with a replacement header is received, replace the e-mail address of all secondary contacts (if they exist) with the new primary and drop a sysmessage in all chats the secondary is member off.  This might (in edge cases) result in chats that have two or more contacts with the same e-mail address.  We might ignore this for a first release and just log a warning.  Let's maybe not get hung up on this case before everything else works. 
+
+Notes: 
+- for now we will send out aeap replacement headers forever, there is no termination condition other than lack of secondary addresses.  I think that's fine for now.  Later on we might introduce options to remove secondary addresses but i wouldn't do this for a first release/PR. 
+- the design is resilient against changing e-mail providers from A to B to C and then back to A, with partially updated chats and diverging views from recipients/contacts on this transition.  In the end, you will have a primary and some secondaries, and when you start sending out messages everybody will eventually synchronize when they receive the current state of primaries/secondaries. 
+- of course on incoming message for need to check for each stated secondary address in the replacement header that it uses the same signature as the signature we verified as valid with the incoming message  **-->  Also we have to somehow make sure that the signing key was not just gossiped from some random other person in some group.**
+- there are no extra flags/columns in the database needed (i hope) 
+
+#### Downsides of the chosen approach:
+- Inconsistent group state: Suppose Alice does an AEAP transition and sends a 1:1 message to Bob, so Bob rewrites Alice's contact. Alice, Bob and Charlie are together in a group. Before Alice writes to this group, Bob and Charlie will have different membership lists, and Bob will send messages to Alice's new address, while Charlie will send them to her old address.
+- There will be multiple contacts with the same address in the database. We will have to do something against this at some point.
+
+The most obvious alternative would be to create a new contact with the new address and replace the old contact in the groups.
+
+#### Upsides:
+- With this approach, it's easier to switch to a model where the info about the transition is encoded in the PGP key. Since the key is gossiped, the information about the transition will spread virally.
+- (Also, less important: Slightly faster transition: If you send a message to e.g. "Delta Chat Dev", all members of the "sub-group" "delta android" will know of your transition.)
+- It's easier to implement (if too many problems turn up, we can still switch to another approach and didn't waste that much development time.)
+
+[full messages](https://github.com/deltachat/deltachat-core-rust/pull/2896#discussion_r852002161)
+  
+_end of the previous state of the discussion_  
+
+</details>
+  
+Other
+-----
+
+- The user is responsible that messages to the old address arrive at the new address, for example by configuring the old provider to forward all emails to the new one.
+
+Notes during implementing
+========================
+
+- As far as I understand the code, unencrypted messages are unsigned. So, the transition only works if both sides have the other side's key.
--- a/flake.lock
+++ b/flake.lock
@@ -47,11 +47,11 @@
        "rust-analyzer-src": "rust-analyzer-src"
      },
      "locked": {
-        "lastModified": 1763361733,
-        "narHash": "sha256-ka7dpwH3HIXCyD2wl5F7cPLeRbqZoY2ullALsvxdPt8=",
+        "lastModified": 1747291057,
+        "narHash": "sha256-9Wir6aLJAeJKqdoQUiwfKdBn7SyNXTJGRSscRyVOo2Y=",
        "owner": "nix-community",
        "repo": "fenix",
-        "rev": "6c8d48e3b0ae371b19ac1485744687b788e80193",
+        "rev": "76ffc1b7b3ec8078fe01794628b6abff35cbda8f",
        "type": "github"
      },
      "original": {
@@ -147,11 +147,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1762977756,
-        "narHash": "sha256-4PqRErxfe+2toFJFgcRKZ0UI9NSIOJa+7RXVtBhy4KE=",
+        "lastModified": 1747179050,
+        "narHash": "sha256-qhFMmDkeJX9KJwr5H32f1r7Prs7XbQWtO0h3V0a0rFY=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "c5ae371f1a6a7fd27823bc500d9390b38c05fa55",
+        "rev": "adaa24fbf46737f3f1b5497bf64bae750f82942e",
        "type": "github"
      },
      "original": {
@@ -202,11 +202,11 @@
    "rust-analyzer-src": {
      "flake": false,
      "locked": {
-        "lastModified": 1762860488,
-        "narHash": "sha256-rMfWMCOo/pPefM2We0iMBLi2kLBAnYoB9thi4qS7uk4=",
+        "lastModified": 1746889290,
+        "narHash": "sha256-h3LQYZgyv2l3U7r+mcsrEOGRldaK0zJFwAAva4hV/6g=",
        "owner": "rust-lang",
        "repo": "rust-analyzer",
-        "rev": "2efc80078029894eec0699f62ec8d5c1a56af763",
+        "rev": "2bafe9d96c6734aacfd49e115f6cf61e7adc68bc",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@@ -1,5 +1,5 @@
 {
-  description = "Chatmail core";
+  description = "Delta Chat core";
  inputs = {
    fenix.url = "github:nix-community/fenix";
    flake-utils.url = "github:numtide/flake-utils";
@@ -14,15 +14,7 @@
        pkgs = nixpkgs.legacyPackages.${system};
        inherit (pkgs.stdenv) isDarwin;
        fenixPkgs = fenix.packages.${system};
-        fenixToolchain = fenixPkgs.combine [
-          fenixPkgs.stable.rustc
-          fenixPkgs.stable.cargo
-          fenixPkgs.stable.rust-std
-        ];
-        naersk' = pkgs.callPackage naersk {
-          cargo = fenixToolchain;
-          rustc = fenixToolchain;
-        };
+        naersk' = pkgs.callPackage naersk { };
        manifest = (pkgs.lib.importTOML ./Cargo.toml).package;
        androidSdk = android.sdk.${system} (sdkPkgs:
          builtins.attrValues {
@@ -42,6 +34,7 @@
            ./Cargo.lock
            ./Cargo.toml
            ./CMakeLists.txt
+            ./CONTRIBUTING.md
            ./deltachat_derive
            ./deltachat-contact-tools
            ./deltachat-ffi
@@ -478,12 +471,6 @@
              };

            libdeltachat =
-              let
-                rustPlatform = (pkgs.makeRustPlatform {
-                  cargo = fenixToolchain;
-                  rustc = fenixToolchain;
-                });
-              in
              pkgs.stdenv.mkDerivation {
                pname = "libdeltachat";
                version = manifest.version;
@@ -493,9 +480,8 @@
                nativeBuildInputs = [
                  pkgs.perl # Needed to build vendored OpenSSL.
                  pkgs.cmake
-                  rustPlatform.cargoSetupHook
-                  fenixPkgs.stable.rustc
-                  fenixPkgs.stable.cargo
+                  pkgs.rustPlatform.cargoSetupHook
+                  pkgs.cargo
                ];

                postInstall = ''
--- a/python/examples/test_examples.py
+++ b/python/examples/test_examples.py
@@ -14,7 +14,6 @@ def datadir():
    return None


-@pytest.mark.skip("The test is flaky in CI and crashes the interpreter as of 2025-11-12")
 def test_echo_quit_plugin(acfactory, lp):
    lp.sec("creating one echo_and_quit bot")
    botproc = acfactory.run_bot_process(echo_and_quit)
--- a/python/pyproject.toml
+++ b/python/pyproject.toml
@@ -1,20 +1,20 @@
 [build-system]
-requires = ["setuptools>=77", "wheel", "cffi>=1.0.0", "pkgconfig"]
+requires = ["setuptools>=45", "wheel", "cffi>=1.0.0", "pkgconfig"]
 build-backend = "setuptools.build_meta"

 [project]
 name = "deltachat"
-version = "2.48.0"
-license = "MPL-2.0"
+version = "2.26.0"
 description = "Python bindings for the Delta Chat Core library using CFFI against the Rust-implemented libdeltachat"
 readme = "README.rst"
-requires-python = ">=3.10"
+requires-python = ">=3.8"
 authors = [
    { name = "holger krekel, Floris Bruynooghe, Bjoern Petersen and contributors" },
 ]
 classifiers = [
    "Development Status :: 5 - Production/Stable",
    "Intended Audience :: Developers",
+    "License :: OSI Approved :: Mozilla Public License 2.0 (MPL 2.0)",
    "Programming Language :: Python :: 3",
    "Topic :: Communications :: Chat",
    "Topic :: Communications :: Email",
@@ -23,6 +23,7 @@ classifiers = [
 dependencies = [
    "cffi>=1.0.0",
    "imap-tools",
+    "importlib_metadata;python_version<'3.8'",
    "pluggy",
    "requests",
 ]
--- a/python/src/deltachat/account.py
+++ b/python/src/deltachat/account.py
@@ -553,6 +553,17 @@ class Account:
    def imex(self, path: str, imex_cmd: int, passphrase: Optional[str] = None) -> None:
        lib.dc_imex(self._dc_context, imex_cmd, as_dc_charpointer(path), as_dc_charpointer(passphrase))

+    def initiate_key_transfer(self) -> str:
+        """return setup code after a Autocrypt setup message
+        has been successfully sent to our own e-mail address ("self-sent message").
+        If sending out was unsuccessful, a RuntimeError is raised.
+        """
+        self.check_is_configured()
+        res = lib.dc_initiate_key_transfer(self._dc_context)
+        if res == ffi.NULL:
+            raise RuntimeError("could not send out autocrypt setup message")
+        return from_dc_charpointer(res)
+
    def get_setup_contact_qr(self) -> str:
        """get/create Setup-Contact QR Code as ascii-string.

--- a/python/src/deltachat/message.py
+++ b/python/src/deltachat/message.py
@@ -167,6 +167,14 @@ class Message:
        """return True if this message is a system/info message."""
        return bool(lib.dc_msg_is_info(self._dc_msg))

+    def is_setup_message(self):
+        """return True if this message is a setup message."""
+        return lib.dc_msg_is_setupmessage(self._dc_msg)
+
+    def get_setupcodebegin(self) -> str:
+        """return the first characters of a setup code in a setup message."""
+        return from_dc_charpointer(lib.dc_msg_get_setupcodebegin(self._dc_msg))
+
    def is_encrypted(self):
        """return True if this message was encrypted."""
        return bool(lib.dc_msg_get_showpadlock(self._dc_msg))
@@ -190,6 +198,12 @@ class Message:
        """Get a message summary as a single line of text. Typically used for notifications."""
        return from_dc_charpointer(lib.dc_msg_get_summarytext(self._dc_msg, width))

+    def continue_key_transfer(self, setup_code):
+        """extract key and use it as primary key for this account."""
+        res = lib.dc_continue_key_transfer(self.account._dc_context, self.id, as_dc_charpointer(setup_code))
+        if res == 0:
+            raise ValueError("Importing the key from Autocrypt Setup Message failed")
+
    @props.with_doc
    def time_sent(self):
        """UTC time when the message was sent.
--- a/python/src/deltachat/testplugin.py
+++ b/python/src/deltachat/testplugin.py
@@ -522,6 +522,7 @@ class ACFactory:
        ac = self.get_unconfigured_account()
        assert "addr" in configdict and "mail_pw" in configdict, configdict
        configdict.setdefault("bcc_self", False)
+        configdict.setdefault("mvbox_move", False)
        configdict.setdefault("sync_msgs", False)
        configdict.setdefault("delete_server_after", 0)
        ac.update_config(configdict)
--- a/python/tests/test_0_complex_or_slow.py
+++ b/python/tests/test_0_complex_or_slow.py
@@ -1,3 +1,4 @@
+import sys
 import time

 import deltachat as dc
@@ -62,6 +63,56 @@ class TestGroupStressTests:
        # Message should be encrypted because keys of other members are gossiped
        assert msg.is_encrypted()

+    def test_synchronize_member_list_on_group_rejoin(self, acfactory, lp):
+        """
+        Test that user recreates group member list when it joins the group again.
+        ac1 creates a group with two other accounts: ac2 and ac3
+        Then it removes ac2, removes ac3 and adds ac2 back.
+        ac2 did not see that ac3 is removed, so it should rebuild member list from scratch.
+        """
+        lp.sec("setting up accounts, accepted with each other")
+        accounts = acfactory.get_online_accounts(3)
+        acfactory.introduce_each_other(accounts)
+        ac1, ac2, ac3 = accounts
+
+        lp.sec("ac1: creating group chat with 2 other members")
+        chat = ac1.create_group_chat("title1", contacts=[ac2, ac3])
+        assert not chat.is_promoted()
+
+        lp.sec("ac1: send message to new group chat")
+        msg = chat.send_text("hello")
+        assert chat.is_promoted() and msg.is_encrypted()
+
+        assert chat.num_contacts() == 3
+
+        lp.sec("checking that the chat arrived correctly")
+        for ac in accounts[1:]:
+            msg = ac._evtracker.wait_next_incoming_message()
+            assert msg.text == "hello"
+            print("chat is", msg.chat)
+            assert msg.chat.num_contacts() == 3
+
+        lp.sec("ac1: removing ac2")
+        chat.remove_contact(ac2)
+
+        lp.sec("ac2: wait for a message about removal from the chat")
+        msg = ac2._evtracker.wait_next_incoming_message()
+
+        lp.sec("ac1: removing ac3")
+        chat.remove_contact(ac3)
+
+        lp.sec("ac1: adding ac2 back")
+        # Group is promoted, message is sent automatically
+        assert chat.is_promoted()
+        chat.add_contact(ac2)
+
+        lp.sec("ac2: check that ac3 is removed")
+        msg = ac2._evtracker.wait_next_incoming_message()
+
+        assert chat.num_contacts() == 2
+        assert msg.chat.num_contacts() == 2
+        acfactory.dump_imap_summary(sys.stdout)
+

 def test_qr_verified_group_and_chatting(acfactory, lp):
    ac1, ac2, ac3 = acfactory.get_online_accounts(3)
--- a/python/tests/test_1_online.py
+++ b/python/tests/test_1_online.py
@@ -1,6 +1,7 @@
 import os
 import queue
 import sys
+import base64
 from datetime import datetime, timezone

 import pytest
@@ -8,6 +9,7 @@ from imap_tools import AND

 import deltachat as dc
 from deltachat import account_hookimpl, Message
+from deltachat.tracker import ImexTracker
 from deltachat.testplugin import E2EE_INFO_MSGS


@@ -220,6 +222,71 @@ def test_webxdc_huge_update(acfactory, data, lp):
    assert update["payload"] == payload


+def test_webxdc_download_on_demand(acfactory, data, lp):
+    ac1, ac2 = acfactory.get_online_accounts(2)
+    acfactory.introduce_each_other([ac1, ac2])
+    chat = acfactory.get_accepted_chat(ac1, ac2)
+
+    msg1 = Message.new_empty(ac1, "webxdc")
+    msg1.set_text("message1")
+    msg1.set_file(data.get_path("webxdc/minimal.xdc"))
+    msg1 = chat.send_msg(msg1)
+    assert msg1.is_webxdc()
+    assert msg1.filename
+
+    msg2 = ac2._evtracker.wait_next_incoming_message()
+    assert msg2.is_webxdc()
+
+    lp.sec("ac2 sets download limit")
+    ac2.set_config("download_limit", "100")
+    assert msg1.send_status_update({"payload": base64.b64encode(os.urandom(300000))}, "some test data")
+    ac2_update = ac2._evtracker.wait_next_incoming_message()
+    assert ac2_update.download_state == dc.const.DC_DOWNLOAD_AVAILABLE
+    assert not msg2.get_status_updates()
+
+    ac2_update.download_full()
+    ac2._evtracker.get_matching("DC_EVENT_WEBXDC_STATUS_UPDATE")
+    assert msg2.get_status_updates()
+
+    # Get a event notifying that the message disappeared from the chat.
+    msgs_changed_event = ac2._evtracker.get_matching("DC_EVENT_MSGS_CHANGED")
+    assert msgs_changed_event.data1 == msg2.chat.id
+    assert msgs_changed_event.data2 == 0
+
+
+def test_enable_mvbox_move(acfactory, lp):
+    (ac1,) = acfactory.get_online_accounts(1)
+
+    lp.sec("ac2: start without mvbox thread")
+    ac2 = acfactory.new_online_configuring_account(mvbox_move=False)
+    acfactory.bring_accounts_online()
+
+    lp.sec("ac2: configuring mvbox")
+    ac2.set_config("mvbox_move", "1")
+
+    lp.sec("ac1: send message and wait for ac2 to receive it")
+    acfactory.get_accepted_chat(ac1, ac2).send_text("message1")
+    assert ac2._evtracker.wait_next_incoming_message().text == "message1"
+
+
+def test_move_sync_msgs(acfactory):
+    ac1 = acfactory.new_online_configuring_account(bcc_self=True, sync_msgs=True, fix_is_chatmail=True)
+    acfactory.bring_accounts_online()
+
+    ac1.direct_imap.select_folder("DeltaChat")
+    # Sync messages may also be sent during the configuration.
+    mvbox_msg_cnt = len(ac1.direct_imap.get_all_messages())
+
+    ac1.set_config("displayname", "Alice")
+    ac1._evtracker.get_matching("DC_EVENT_MSG_DELIVERED")
+    ac1.set_config("displayname", "Bob")
+    ac1._evtracker.get_matching("DC_EVENT_MSG_DELIVERED")
+    ac1.direct_imap.select_folder("Inbox")
+    assert len(ac1.direct_imap.get_all_messages()) == 0
+    ac1.direct_imap.select_folder("DeltaChat")
+    assert len(ac1.direct_imap.get_all_messages()) == mvbox_msg_cnt + 2
+
+
 def test_forward_messages(acfactory, lp):
    ac1, ac2 = acfactory.get_online_accounts(2)
    chat = ac1.create_chat(ac2)
@@ -335,7 +402,7 @@ def test_long_group_name(acfactory, lp):


 def test_send_self_message(acfactory, lp):
-    ac1 = acfactory.new_online_configuring_account(bcc_self=True)
+    ac1 = acfactory.new_online_configuring_account(mvbox_move=True, bcc_self=True)
    acfactory.bring_accounts_online()
    lp.sec("ac1: create self chat")
    chat = ac1.get_self_contact().create_chat()
@@ -494,7 +561,7 @@ def test_reply_privately(acfactory):


 def test_mdn_asymmetric(acfactory, lp):
-    ac1 = acfactory.new_online_configuring_account()
+    ac1 = acfactory.new_online_configuring_account(mvbox_move=True)
    ac2 = acfactory.new_online_configuring_account()
    acfactory.bring_accounts_online()

@@ -523,14 +590,20 @@ def test_mdn_asymmetric(acfactory, lp):
    ac2.mark_seen_messages([msg])

    lp.sec("ac1: waiting for incoming activity")
+    # MDN should be moved even though MDNs are already disabled
+    ac1._evtracker.get_matching("DC_EVENT_IMAP_MESSAGE_MOVED")
+
    assert len(chat.get_messages()) == 1 + E2EE_INFO_MSGS

    # Wait for the message to be marked as seen on IMAP.
-    ac1._evtracker.get_info_contains("Marked messages [0-9]+ in folder INBOX as seen.")
+    ac1._evtracker.get_info_contains("Marked messages [0-9]+ in folder DeltaChat as seen.")

    # MDN is received even though MDNs are already disabled
    assert msg_out.is_out_mdn_received()

+    ac1.direct_imap.select_config_folder("mvbox")
+    assert len(list(ac1.direct_imap.conn.fetch(AND(seen=True)))) == 1
+

 def test_send_receive_encrypt(acfactory, lp):
    ac1, ac2 = acfactory.get_online_accounts(2)
@@ -753,6 +826,86 @@ def test_send_and_receive_image(acfactory, lp, data):
    assert m == msg_in


+def test_import_export_online_all(acfactory, tmp_path, data, lp):
+    (ac1, some1) = acfactory.get_online_accounts(2)
+
+    lp.sec("create some chat content")
+    some1_addr = some1.get_config("addr")
+    chat1 = ac1.create_contact(some1).create_chat()
+    chat1.send_text("msg1")
+    assert len(ac1.get_contacts()) == 1
+
+    original_image_path = data.get_path("d.png")
+    chat1.send_image(original_image_path)
+
+    # Add another 100KB file that ensures that the progress is smooth enough
+    path = tmp_path / "attachment.txt"
+    with path.open("w") as file:
+        file.truncate(100000)
+    chat1.send_file(str(path))
+
+    def assert_account_is_proper(ac):
+        contacts = ac.get_contacts()
+        assert len(contacts) == 1
+        contact2 = contacts[0]
+        assert contact2.addr == some1_addr
+        chat2 = contact2.create_chat()
+        messages = chat2.get_messages()
+        assert len(messages) == 3 + E2EE_INFO_MSGS
+        assert messages[0 + E2EE_INFO_MSGS].text == "msg1"
+        assert messages[1 + E2EE_INFO_MSGS].filemime == "image/png"
+        assert os.stat(messages[1 + E2EE_INFO_MSGS].filename).st_size == os.stat(original_image_path).st_size
+        ac.set_config("displayname", "new displayname")
+        assert ac.get_config("displayname") == "new displayname"
+
+    assert_account_is_proper(ac1)
+
+    backupdir = tmp_path / "backup"
+    backupdir.mkdir()
+
+    lp.sec(f"export all to {backupdir}")
+    with ac1.temp_plugin(ImexTracker()) as imex_tracker:
+        ac1.stop_io()
+        ac1.imex(str(backupdir), dc.const.DC_IMEX_EXPORT_BACKUP)
+
+        # check progress events for export
+        assert imex_tracker.wait_progress(1, progress_upper_limit=249)
+        assert imex_tracker.wait_progress(250, progress_upper_limit=499)
+        assert imex_tracker.wait_progress(500, progress_upper_limit=749)
+        assert imex_tracker.wait_progress(750, progress_upper_limit=999)
+
+        paths = imex_tracker.wait_finish()
+        assert len(paths) == 1
+        path = paths[0]
+        assert os.path.exists(path)
+        ac1.start_io()
+
+    lp.sec("get fresh empty account")
+    ac2 = acfactory.get_unconfigured_account()
+
+    lp.sec("get latest backup file")
+    path2 = ac2.get_latest_backupfile(str(backupdir))
+    assert path2 == path
+
+    lp.sec("import backup and check it's proper")
+    with ac2.temp_plugin(ImexTracker()) as imex_tracker:
+        ac2.import_all(path)
+
+        # check progress events for import
+        assert imex_tracker.wait_progress(1, progress_upper_limit=249)
+        assert imex_tracker.wait_progress(1000)
+
+    assert_account_is_proper(ac1)
+    assert_account_is_proper(ac2)
+
+    lp.sec(f"Second-time export all to {backupdir}")
+    ac1.stop_io()
+    path2 = ac1.export_all(str(backupdir))
+    assert os.path.exists(path2)
+    assert path2 != path
+    assert ac2.get_latest_backupfile(str(backupdir)) == path2
+
+
 def test_qr_email_capitalization(acfactory, lp):
    """Regression test for a bug
    that resulted in failure to propagate verification
@@ -932,6 +1085,7 @@ def test_set_get_group_image(acfactory, data, lp):

 def test_connectivity(acfactory, lp):
    ac1, ac2 = acfactory.get_online_accounts(2)
+    ac1.set_config("scan_all_folders_debounce_secs", "0")

    ac1._evtracker.wait_for_connectivity(dc.const.DC_CONNECTIVITY_CONNECTED)

@@ -1141,17 +1295,16 @@ def test_configure_error_msgs_invalid_server(acfactory):
        ev = ac2._evtracker.get_matching("DC_EVENT_CONFIGURE_PROGRESS")
        if ev.data1 == 0:
            break
-    err_lower = ev.data2.lower()
    # Can't connect so it probably should say something about "internet"
    # again, should not repeat itself
    # If this fails then probably `e.msg.to_lowercase().contains("could not resolve")`
    # in configure.rs returned false because the error message was changed
    # (i.e. did not contain "could not resolve" anymore)
-    assert (err_lower.count("internet") + err_lower.count("network")) == 1
+    assert (ev.data2.count("internet") + ev.data2.count("network")) == 1
    # Should mention that it can't connect:
-    assert err_lower.count("connect") == 1
+    assert ev.data2.count("connect") == 1
    # The users do not know what "configuration" is
-    assert "configuration" not in err_lower
+    assert "configuration" not in ev.data2.lower()


 def test_status(acfactory):
--- a/python/tests/test_3_offline.py
+++ b/python/tests/test_3_offline.py
@@ -35,7 +35,7 @@ class TestOfflineAccountBasic:
        d = ac1.get_info()
        assert d["arch"]
        assert d["number_of_chats"] == "0"
-        assert d["bcc_self"] == "0"
+        assert d["bcc_self"] == "1"

    def test_is_not_configured(self, acfactory):
        ac1 = acfactory.get_unconfigured_account()
@@ -52,24 +52,24 @@ class TestOfflineAccountBasic:

    def test_set_config_int_conversion(self, acfactory):
        ac1 = acfactory.get_unconfigured_account()
-        ac1.set_config("bcc_self", False)
-        assert ac1.get_config("bcc_self") == "0"
-        ac1.set_config("bcc_self", True)
-        assert ac1.get_config("bcc_self") == "1"
-        ac1.set_config("bcc_self", 0)
-        assert ac1.get_config("bcc_self") == "0"
-        ac1.set_config("bcc_self", 1)
-        assert ac1.get_config("bcc_self") == "1"
+        ac1.set_config("mvbox_move", False)
+        assert ac1.get_config("mvbox_move") == "0"
+        ac1.set_config("mvbox_move", True)
+        assert ac1.get_config("mvbox_move") == "1"
+        ac1.set_config("mvbox_move", 0)
+        assert ac1.get_config("mvbox_move") == "0"
+        ac1.set_config("mvbox_move", 1)
+        assert ac1.get_config("mvbox_move") == "1"

    def test_update_config(self, acfactory):
        ac1 = acfactory.get_unconfigured_account()
-        ac1.update_config({"bcc_self": True})
-        assert ac1.get_config("bcc_self") == "1"
+        ac1.update_config({"mvbox_move": False})
+        assert ac1.get_config("mvbox_move") == "0"

    def test_has_bccself(self, acfactory):
        ac1 = acfactory.get_unconfigured_account()
        assert "bcc_self" in ac1.get_config("sys.config_keys").split()
-        assert ac1.get_config("bcc_self") == "0"
+        assert ac1.get_config("bcc_self") == "1"

    def test_selfcontact_if_unconfigured(self, acfactory):
        ac1 = acfactory.get_unconfigured_account()
@@ -258,6 +258,9 @@ class TestOfflineChat:
        with pytest.raises(ValueError):
            ac1.set_stock_translation(dc.const.DC_STR_FILE, "xyz %1$s")
        ac1._evtracker.get_matching("DC_EVENT_WARNING")
+        with pytest.raises(ValueError):
+            ac1.set_stock_translation(dc.const.DC_STR_CONTACT_NOT_VERIFIED, "xyz %2$s")
+        ac1._evtracker.get_matching("DC_EVENT_WARNING")
        with pytest.raises(ValueError):
            ac1.set_stock_translation(500, "xyz %1$s")
        ac1._evtracker.get_matching("DC_EVENT_WARNING")
@@ -558,12 +561,6 @@ class TestOfflineChat:
        assert messages[0 + E2EE_INFO_MSGS].text == "msg1"
        assert os.path.exists(messages[1 + E2EE_INFO_MSGS].filename)

-    @pytest.mark.skip(
-        reason="We didn't find a way to correctly reset an account after a failed import attempt "
-        "while simultaneously making sure "
-        "that the password of an encrypted account survives a failed import attempt. "
-        "Since passphrases are not really supported anymore, we decided to just disable the test.",
-    )
    def test_import_encrypted_bak_into_encrypted_acct(self, acfactory, tmp_path):
        """
        Test that account passphrase isn't lost if backup failed to be imported.
--- a/python/tests/test_4_lowlevel.py
+++ b/python/tests/test_4_lowlevel.py
@@ -111,7 +111,7 @@ def test_dc_close_events(acfactory):
    register_global_plugin(ShutdownPlugin())
    assert hasattr(ac1, "_dc_context")
    ac1.shutdown()
-    shutdowns.get()
+    shutdowns.get(timeout=2)


 def test_wrong_db(tmp_path):
@@ -221,7 +221,7 @@ def test_logged_ac_process_ffi_failure(acfactory):

    # cause any event eg contact added/changed
    ac1.create_contact("something@example.org")
-    res = cap.get()
+    res = cap.get(timeout=10)
    assert "ac_process_ffi_event" in res
    assert "ZeroDivisionError" in res
    assert "Traceback" in res
--- a/python/tox.ini
+++ b/python/tox.ini
@@ -46,7 +46,7 @@ deps =
 commands =
    ruff format --diff setup.py src/deltachat examples/ tests/
    ruff check src/deltachat tests/ examples/
-    rst-lint README.rst
+    rst-lint --encoding 'utf-8' README.rst

 [testenv:mypy]
 deps =
--- a/release-date.in
+++ b/release-date.in
@@ -1 +1 @@
-2026-03-30
+2025-11-11
--- a/scripts/README.md
+++ b/scripts/README.md
@@ -26,10 +26,10 @@ and an own build machine.
   i.e. `deltachat-rpc-client` and `deltachat-rpc-server`.

 - `remote_tests_python.sh` rsyncs to a build machine and runs
-  JSON-RPC Python tests remotely on the build machine. 
+  `run-python-test.sh` remotely on the build machine. 

 - `remote_tests_rust.sh` rsyncs to the build machine and runs
-  Rust tests remotely on the build machine. 
+  `run-rust-test.sh` remotely on the build machine. 

 - `run-doxygen.sh` generates C-docs which are then uploaded to https://c.delta.chat/

--- a/scripts/coredeps/install-rust.sh
+++ b/scripts/coredeps/install-rust.sh
@@ -7,7 +7,7 @@ set -euo pipefail
 #
 # Avoid using rustup here as it depends on reading /proc/self/exe and
 # has problems running under QEMU.
-RUST_VERSION=1.94.0
+RUST_VERSION=1.91.0

 ARCH="$(uname -m)"
 test -f "/lib/libc.musl-$ARCH.so.1" && LIBC=musl || LIBC=gnu
--- a/scripts/deny.sh
+++ b/scripts/deny.sh
@@ -3,4 +3,4 @@
 # Update package cache without changing the lockfile.
 cargo update --dry-run

-cargo deny --workspace --all-features --locked check -D warnings
+cargo deny --workspace --all-features check -D warnings
--- a/scripts/remote_tests_python.sh
+++ b/scripts/remote_tests_python.sh
@@ -1,32 +1,45 @@
-#!/usr/bin/env bash
-set -euo pipefail
+#!/bin/bash 

-set -x
-if ! test -v SSHTARGET; then
-	echo >&2 SSHTARGET is not set
-	exit 1
-fi
-BUILDDIR=ci_builds/chatmailcore
+BUILD_ID=${1:?specify build ID}
+
+SSHTARGET=${SSHTARGET-ci@b1.delta.chat}
+BUILDDIR=ci_builds/$BUILD_ID

 echo "--- Copying files to $SSHTARGET:$BUILDDIR"

-rsync -az --delete --mkpath --files-from=<(git ls-files) ./ "$SSHTARGET:$BUILDDIR"
+set -xe
+
+ssh -oBatchMode=yes -oStrictHostKeyChecking=no  $SSHTARGET mkdir -p "$BUILDDIR"
+git ls-files >.rsynclist 
+# we seem to need .git for setuptools_scm versioning 
+find .git >>.rsynclist
+rsync --delete --files-from=.rsynclist -az ./ "$SSHTARGET:$BUILDDIR"
+
+set +x

 echo "--- Running Python tests remotely"

-ssh -oBatchMode=yes -- "$SSHTARGET" <<_HERE
+ssh $SSHTARGET <<_HERE
    set +x -e

    # make sure all processes exit when ssh dies
    shopt -s huponexit

-    export RUSTC_WRAPPER=\`command -v sccache\`
+    export RUSTC_WRAPPER=\`which sccache\`
    cd $BUILDDIR
+    export TARGET=release
    export CHATMAIL_DOMAIN=$CHATMAIL_DOMAIN

-    scripts/make-rpc-testenv.sh
-    . venv/bin/activate
+    #we rely on tox/virtualenv being available in the host
+    #rm -rf virtualenv venv
+    #virtualenv -q -p python3.7 venv 
+    #source venv/bin/activate
+    #pip install -q tox virtualenv

-    cd deltachat-rpc-client
-    pytest -n6 $@
+    set -x
+    which python
+    source \$HOME/venv/bin/activate
+    which python
+
+    bash scripts/run-python-test.sh 
 _HERE
--- a/scripts/remote_tests_rust.sh
+++ b/scripts/remote_tests_rust.sh
@@ -1,25 +1,29 @@
-#!/usr/bin/env bash
-set -euo pipefail
+#!/bin/bash 

-if ! test -v SSHTARGET; then
-        echo >&2 SSHTARGET is not set
-        exit 1
-fi
-BUILDDIR=ci_builds/chatmailcore
+BUILD_ID=${1:?specify build ID}
+
+SSHTARGET=${SSHTARGET-ci@b1.delta.chat}
+BUILDDIR=ci_builds/$BUILD_ID
+
+set -e

 echo "--- Copying files to $SSHTARGET:$BUILDDIR"

-rsync -az --delete --mkpath --files-from=<(git ls-files) ./ "$SSHTARGET:$BUILDDIR"
+ssh -oBatchMode=yes -oStrictHostKeyChecking=no $SSHTARGET mkdir -p "$BUILDDIR"
+git ls-files >.rsynclist
+rsync --delete --files-from=.rsynclist -az ./ "$SSHTARGET:$BUILDDIR"

 echo "--- Running Rust tests remotely"

-ssh -oBatchMode=yes -- "$SSHTARGET" <<_HERE
+ssh $SSHTARGET <<_HERE
    set +x -e
    # make sure all processes exit when ssh dies
    shopt -s huponexit
-    export RUSTC_WRAPPER=\`command -v sccache\`
+    export RUSTC_WRAPPER=\`which sccache\`
    cd $BUILDDIR
+    export TARGET=x86_64-unknown-linux-gnu
+    export RUSTC_WRAPPER=sccache

-    cargo nextest run
+    bash scripts/run-rust-test.sh
 _HERE

--- a/scripts/run_all.sh
+++ b/scripts/run_all.sh
@@ -31,6 +31,6 @@ unset CHATMAIL_DOMAIN

 # Try to build wheels for a range of interpreters, but don't fail if they are not available.
 # E.g. musllinux_1_1 does not have PyPy interpreters as of 2022-07-10
-tox --workdir "$TOXWORKDIR" -e py310,py311,py312,py313,pypy310 --skip-missing-interpreters true
+tox --workdir "$TOXWORKDIR" -e py38,py39,py310,py311,py312,py313,pypy38,pypy39,pypy310 --skip-missing-interpreters true

 auditwheel repair "$TOXWORKDIR"/wheelhouse/deltachat* -w "$TOXWORKDIR/wheelhouse"
--- a/scripts/set_core_version.py
+++ b/scripts/set_core_version.py
@@ -100,7 +100,7 @@ def main():

    today = datetime.date.today().isoformat()

-    if not newversion.endswith("-dev"):
+    if "alpha" not in newversion:
        found = False
        for line in Path("CHANGELOG.md").open():
            if line == f"## [{newversion}] - {today}\n":
--- a/scripts/update-provider-database.sh
+++ b/scripts/update-provider-database.sh
@@ -6,11 +6,11 @@ set -euo pipefail
 export TZ=UTC

 # Provider database revision.
-REV=996c4bc82be5a7404f70b185ff062da33bfa98d9
+REV=d041136c19a48b493823b46d472f12b9ee94ae80

 CORE_ROOT="$PWD"
 TMP="$(mktemp -d)"
-git clone --filter=blob:none https://github.com/chatmail/provider-db.git "$TMP"
+git clone --filter=blob:none https://github.com/deltachat/provider-db.git "$TMP"
 cd "$TMP"
 git checkout "$REV"
 DATE=$(git show -s --format=%cs)
--- a/spec.md
+++ b/spec.md
@@ -39,24 +39,9 @@ Messages SHOULD be encrypted by the
 [Autocrypt](https://autocrypt.org/level1.html) standard;
 `prefer-encrypt=mutual` MAY be set by default.

-Meta data SHOULD be encrypted
-by the [Header Protection](https://www.rfc-editor.org/rfc/rfc9788.html) standard
-with the following [Header Confidentiality Policy](https://www.rfc-editor.org/rfc/rfc9788.html#name-header-confidentiality-poli):
-```
-hcp_chat(name, val_in) → val_out:
-    if lower(name) is 'from':
-        assert that val_in is an RFC 5322 mailbox
-        return the RFC 5322 addr-spec part of val_in
-    else if lower(name) is 'to':
-        return '"hidden-recipients": ;'
-    else if lower(name) is 'date':
-        return the UTC form of a random date within the last 7 days
-    else if lower(name) is 'subject':
-        return '[...]'
-    else if lower(name) is in ['message-id', 'chat-is-post-message']:
-        return val_in
-    return null
-```
+Meta data (at least the subject and all chat-headers) SHOULD be encrypted
+by the [Protected Headers](https://tools.ietf.org/id/draft-autocrypt-lamps-protected-headers-02.html) standard.
+

 # Outgoing messages

--- a/src/accounts.rs
+++ b/src/accounts.rs
@@ -3,12 +3,8 @@
 use std::collections::{BTreeMap, BTreeSet};
 use std::future::Future;
 use std::path::{Path, PathBuf};
-use std::sync::Arc;

 use anyhow::{Context as _, Result, bail, ensure};
-use async_channel::{self, Receiver, Sender};
-use futures::FutureExt as _;
-use futures_lite::FutureExt as _;
 use serde::{Deserialize, Serialize};
 use tokio::fs;
 use tokio::io::AsyncWriteExt;
@@ -45,32 +41,16 @@ pub struct Accounts {

    /// Push notification subscriber shared between accounts.
    push_subscriber: PushSubscriber,
-
-    /// Channel sender to cancel ongoing background_fetch().
-    ///
-    /// If background_fetch() is not running, this is `None`.
-    /// New background_fetch() should not be started if this
-    /// contains `Some`.
-    background_fetch_interrupt_sender: Arc<parking_lot::Mutex<Option<Sender<()>>>>,
 }

 impl Accounts {
    /// Loads or creates an accounts folder at the given `dir`.
    pub async fn new(dir: PathBuf, writable: bool) -> Result<Self> {
-        if writable {
-            Self::ensure_accounts_dir(&dir).await?;
+        if writable && !dir.exists() {
+            Accounts::create(&dir).await?;
        }
-        let events = Events::new();
-        Accounts::open(events, dir, writable).await
-    }

-    /// Loads or creates an accounts folder at the given `dir`.
-    /// Uses an existing events channel.
-    pub async fn new_with_events(dir: PathBuf, writable: bool, events: Events) -> Result<Self> {
-        if writable {
-            Self::ensure_accounts_dir(&dir).await?;
-        }
-        Accounts::open(events, dir, writable).await
+        Accounts::open(dir, writable).await
    }

    /// Get the ID used to log events.
@@ -81,33 +61,27 @@ impl Accounts {
        0
    }

-    /// Ensures the accounts directory and config file exist.
-    /// Creates them if the directory doesn't exist, or if it exists but is empty.
-    /// Errors if the directory exists with files but no config.
-    async fn ensure_accounts_dir(dir: &Path) -> Result<()> {
-        if !dir.exists() {
-            fs::create_dir_all(dir)
-                .await
-                .context("Failed to create folder")?;
-            Config::new(dir).await?;
-        } else if !dir.join(CONFIG_NAME).exists() {
-            let mut rd = fs::read_dir(dir).await?;
-            ensure!(rd.next_entry().await?.is_none(), "{dir:?} is not empty");
-            Config::new(dir).await?;
-        }
+    /// Creates a new default structure.
+    async fn create(dir: &Path) -> Result<()> {
+        fs::create_dir_all(dir)
+            .await
+            .context("failed to create folder")?;
+
+        Config::new(dir).await?;
+
        Ok(())
    }

    /// Opens an existing accounts structure. Will error if the folder doesn't exist,
    /// no account exists and no config exists.
-    async fn open(events: Events, dir: PathBuf, writable: bool) -> Result<Self> {
+    async fn open(dir: PathBuf, writable: bool) -> Result<Self> {
        ensure!(dir.exists(), "directory does not exist");

        let config_file = dir.join(CONFIG_NAME);
        ensure!(config_file.exists(), "{config_file:?} does not exist");

        let config = Config::from_file(config_file, writable).await?;
-
+        let events = Events::new();
        let stockstrings = StockStrings::new();
        let push_subscriber = PushSubscriber::new();
        let accounts = config
@@ -122,7 +96,6 @@ impl Accounts {
            events,
            stockstrings,
            push_subscriber,
-            background_fetch_interrupt_sender: Default::default(),
        })
    }

@@ -379,11 +352,6 @@ impl Accounts {
    ///
    /// This is an auxiliary function and not part of public API.
    /// Use [Accounts::background_fetch] instead.
-    ///
-    /// This function is cancellation-safe.
-    /// It is intended to be cancellable,
-    /// either because of the timeout or because background
-    /// fetch was explicitly cancelled.
    async fn background_fetch_no_timeout(accounts: Vec<Context>, events: Events) {
        let n_accounts = accounts.len();
        events.emit(Event {
@@ -392,11 +360,6 @@ impl Accounts {
                "Starting background fetch for {n_accounts} accounts."
            )),
        });
-        ::tracing::event!(
-            ::tracing::Level::INFO,
-            account_id = 0,
-            "Starting background fetch for {n_accounts} accounts."
-        );
        let mut set = JoinSet::new();
        for account in accounts {
            set.spawn(async move {
@@ -412,41 +375,17 @@ impl Accounts {
                "Finished background fetch for {n_accounts} accounts."
            )),
        });
-        ::tracing::event!(
-            ::tracing::Level::INFO,
-            account_id = 0,
-            "Finished background fetch for {n_accounts} accounts."
-        );
    }

    /// Auxiliary function for [Accounts::background_fetch].
-    ///
-    /// Runs `background_fetch` until it finishes
-    /// or until the timeout.
-    ///
-    /// Produces `AccountsBackgroundFetchDone` event in every case
-    /// and clears [`Self::background_fetch_interrupt_sender`]
-    /// so a new background fetch can be started.
-    ///
-    /// This function is not cancellation-safe.
-    /// Cancelling it before it returns may result
-    /// in not being able to run any new background fetch
-    /// if interrupt sender was not cleared.
    async fn background_fetch_with_timeout(
        accounts: Vec<Context>,
        events: Events,
        timeout: std::time::Duration,
-        interrupt_sender: Arc<parking_lot::Mutex<Option<Sender<()>>>>,
-        interrupt_receiver: Option<Receiver<()>>,
    ) {
-        let Some(interrupt_receiver) = interrupt_receiver else {
-            // Nothing to do if we got no interrupt receiver.
-            return;
-        };
        if let Err(_err) = tokio::time::timeout(
            timeout,
-            Self::background_fetch_no_timeout(accounts, events.clone())
-                .race(interrupt_receiver.recv().map(|_| ())),
+            Self::background_fetch_no_timeout(accounts, events.clone()),
        )
        .await
        {
@@ -454,26 +393,15 @@ impl Accounts {
                id: 0,
                typ: EventType::Warning("Background fetch timed out.".to_string()),
            });
-            ::tracing::event!(
-                ::tracing::Level::WARN,
-                account_id = 0,
-                "Background fetch timed out."
-            );
        }
        events.emit(Event {
            id: 0,
            typ: EventType::AccountsBackgroundFetchDone,
        });
-        (*interrupt_sender.lock()) = None;
    }

    /// Performs a background fetch for all accounts in parallel with a timeout.
    ///
-    /// Ongoing background fetch can also be cancelled manually
-    /// by calling `stop_background_fetch()`, in which case it will
-    /// return immediately even before the timeout expiration
-    /// or finishing fetching.
-    ///
    /// The `AccountsBackgroundFetchDone` event is emitted at the end,
    /// process all events until you get this one and you can safely return to the background
    /// without forgetting to create notifications caused by timing race conditions.
@@ -486,39 +414,7 @@ impl Accounts {
    ) -> impl Future<Output = ()> + use<> {
        let accounts: Vec<Context> = self.accounts.values().cloned().collect();
        let events = self.events.clone();
-        let (sender, receiver) = async_channel::bounded(1);
-        let receiver = {
-            let mut lock = self.background_fetch_interrupt_sender.lock();
-            if (*lock).is_some() {
-                // Another background_fetch() is already running,
-                // return immeidately.
-                None
-            } else {
-                *lock = Some(sender);
-                Some(receiver)
-            }
-        };
-        Self::background_fetch_with_timeout(
-            accounts,
-            events,
-            timeout,
-            self.background_fetch_interrupt_sender.clone(),
-            receiver,
-        )
-    }
-
-    /// Interrupts ongoing background_fetch() call,
-    /// making it return early.
-    ///
-    /// This method allows to cancel background_fetch() early,
-    /// e.g. on Android, when `Service.onTimeout` is called.
-    ///
-    /// If there is no ongoing background_fetch(), does nothing.
-    pub fn stop_background_fetch(&self) {
-        let mut lock = self.background_fetch_interrupt_sender.lock();
-        if let Some(sender) = lock.take() {
-            sender.try_send(()).ok();
-        }
+        Self::background_fetch_with_timeout(accounts, events, timeout)
    }

    /// Emits a single event.
@@ -591,7 +487,6 @@ impl Config {
    }

    #[cfg(not(target_os = "ios"))]
-    #[expect(clippy::arithmetic_side_effects)]
    async fn create_lock_task(dir: PathBuf) -> Result<Option<JoinHandle<anyhow::Result<()>>>> {
        let lockfile = dir.join(LOCKFILE_NAME);
        let mut lock = fd_lock::RwLock::new(fs::File::create(lockfile).await?);
@@ -686,27 +581,13 @@ impl Config {
        file.write_all(toml::to_string_pretty(&self.inner)?.as_bytes())
            .await
            .context("failed to write a tmp config")?;
-
-        // We use `sync_all()` and not `sync_data()` here.
-        // This translates to `fsync()` instead of `fdatasync()`.
-        // `fdatasync()` may be insufficient for newely created files
-        // and may not even synchronize the file size on some operating systems,
-        // resulting in a truncated file.
-        file.sync_all()
+        file.sync_data()
            .await
            .context("failed to sync a tmp config")?;
        drop(file);
        fs::rename(&tmp_path, &self.file)
            .await
            .context("failed to rename config")?;
-        // Sync the rename().
-        #[cfg(not(windows))]
-        {
-            let parent = self.file.parent().context("No parent directory")?;
-            let parent_file = fs::File::open(parent).await?;
-            parent_file.sync_all().await?;
-        }
-
        Ok(())
    }

@@ -723,12 +604,13 @@ impl Config {
        // Convert them to relative paths.
        let mut modified = false;
        for account in &mut config.inner.accounts {
-            if account.dir.is_absolute()
-                && let Some(old_path_parent) = account.dir.parent()
-                && let Ok(new_path) = account.dir.strip_prefix(old_path_parent)
-            {
-                account.dir = new_path.to_path_buf();
-                modified = true;
+            if account.dir.is_absolute() {
+                if let Some(old_path_parent) = account.dir.parent() {
+                    if let Ok(new_path) = account.dir.strip_prefix(old_path_parent) {
+                        account.dir = new_path.to_path_buf();
+                        modified = true;
+                    }
+                }
            }
        }
        if modified && writable {
@@ -772,7 +654,6 @@ impl Config {
    }

    /// Creates a new account in the account manager directory.
-    #[expect(clippy::arithmetic_side_effects)]
    async fn new_account(&mut self) -> Result<AccountConfig> {
        let id = {
            let id = self.inner.next_id;
@@ -862,7 +743,6 @@ impl Config {
 ///
 /// Without this workaround removing account may fail on Windows with an error
 /// "The process cannot access the file because it is being used by another process. (os error 32)".
-#[expect(clippy::arithmetic_side_effects)]
 async fn try_many_times<F, Fut, T>(f: F) -> std::result::Result<(), T>
 where
    F: Fn() -> Fut,
@@ -934,26 +814,6 @@ mod tests {
        }
    }

-    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-    async fn test_account_new_empty_existing_dir() {
-        let dir = tempfile::tempdir().unwrap();
-        let p: PathBuf = dir.path().join("accounts");
-
-        // A non-empty directory without accounts.toml should fail.
-        fs::create_dir_all(&p).await.unwrap();
-        fs::write(p.join("stray_file.txt"), b"hello").await.unwrap();
-        assert!(Accounts::new(p.clone(), true).await.is_err());
-
-        // Clean up to an empty directory.
-        fs::remove_file(p.join("stray_file.txt")).await.unwrap();
-
-        // An empty directory without accounts.toml should succeed.
-        let mut accounts = Accounts::new(p.clone(), true).await.unwrap();
-        assert_eq!(accounts.accounts.len(), 0);
-        let id = accounts.add_account().await.unwrap();
-        assert_eq!(id, 1);
-    }
-
    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
    async fn test_account_new_open_conflict() {
        let dir = tempfile::tempdir().unwrap();
@@ -1249,11 +1109,13 @@ mod tests {
        let account1 = accounts.get_account(1).context("failed to get account 1")?;
        let account2 = accounts.get_account(2).context("failed to get account 2")?;

-        assert_eq!(stock_str::no_messages(&account1), "No messages.");
-        assert_eq!(stock_str::no_messages(&account2), "No messages.");
-        account1.set_stock_translation(StockMessage::NoMessages, "foobar".to_string())?;
-        assert_eq!(stock_str::no_messages(&account1), "foobar");
-        assert_eq!(stock_str::no_messages(&account2), "foobar");
+        assert_eq!(stock_str::no_messages(&account1).await, "No messages.");
+        assert_eq!(stock_str::no_messages(&account2).await, "No messages.");
+        account1
+            .set_stock_translation(StockMessage::NoMessages, "foobar".to_string())
+            .await?;
+        assert_eq!(stock_str::no_messages(&account1).await, "foobar");
+        assert_eq!(stock_str::no_messages(&account2).await, "foobar");

        Ok(())
    }
--- a/src/aheader.rs
+++ b/src/aheader.rs
@@ -47,11 +47,11 @@ pub struct Aheader {
    pub public_key: SignedPublicKey,
    pub prefer_encrypt: EncryptPreference,

-    /// Whether `_verified` attribute is present.
-    ///
-    /// `_verified` attribute is an extension to `Autocrypt-Gossip`
-    /// header that is used to tell that the sender
-    /// marked this key as verified.
+    // Whether `_verified` attribute is present.
+    //
+    // `_verified` attribute is an extension to `Autocrypt-Gossip`
+    // header that is used to tell that the sender
+    // marked this key as verified.
    pub verified: bool,
 }

@@ -73,7 +73,6 @@ impl fmt::Display for Aheader {
        let keydata = self.public_key.to_base64().chars().enumerate().fold(
            String::new(),
            |mut res, (i, c)| {
-                #[expect(clippy::arithmetic_side_effects)]
                if i % 78 == 78 - "keydata=".len() {
                    res.push(' ')
                }
@@ -108,11 +107,13 @@ impl FromStr for Aheader {
            .remove("keydata")
            .context("keydata attribute is not found")
            .and_then(|raw| {
-                SignedPublicKey::from_base64(&raw).context("Autocrypt key cannot be decoded")
+                SignedPublicKey::from_base64(&raw).context("autocrypt key cannot be decoded")
+            })
+            .and_then(|key| {
+                key.verify()
+                    .and(Ok(key))
+                    .context("autocrypt key cannot be verified")
            })?;
-        public_key
-            .verify_bindings()
-            .context("Autocrypt key cannot be verified")?;

        let prefer_encrypt = attributes
            .remove("prefer-encrypt")
--- a/src/blob.rs
+++ b/src/blob.rs
@@ -1,6 +1,6 @@
 //! # Blob directory management.

-use std::cmp::max;
+use core::cmp::max;
 use std::io::{Cursor, Seek};
 use std::iter::FusedIterator;
 use std::mem;
@@ -256,7 +256,7 @@ impl<'a> BlobObject<'a> {

    /// Recode image to avatar size.
    pub async fn recode_to_avatar_size(&mut self, context: &Context) -> Result<()> {
-        let (max_wh, max_bytes) =
+        let (img_wh, max_bytes) =
            match MediaQuality::from_i32(context.get_config_int(Config::MediaQuality).await?)
                .unwrap_or_default()
            {
@@ -273,7 +273,7 @@ impl<'a> BlobObject<'a> {
        let is_avatar = true;
        self.check_or_recode_to_size(
            context, None, // The name of an avatar doesn't matter
-            viewtype, max_wh, max_bytes, is_avatar,
+            viewtype, img_wh, max_bytes, is_avatar,
        )?;

        Ok(())
@@ -294,7 +294,7 @@ impl<'a> BlobObject<'a> {
        name: Option<String>,
        viewtype: &mut Viewtype,
    ) -> Result<String> {
-        let (max_wh, max_bytes) =
+        let (img_wh, max_bytes) =
            match MediaQuality::from_i32(context.get_config_int(Config::MediaQuality).await?)
                .unwrap_or_default()
            {
@@ -305,15 +305,13 @@ impl<'a> BlobObject<'a> {
                MediaQuality::Worse => (constants::WORSE_IMAGE_SIZE, constants::WORSE_IMAGE_BYTES),
            };
        let is_avatar = false;
-        self.check_or_recode_to_size(context, name, viewtype, max_wh, max_bytes, is_avatar)
+        self.check_or_recode_to_size(context, name, viewtype, img_wh, max_bytes, is_avatar)
    }

-    /// Checks or recodes the image so that it fits into limits on width/height and/or byte size.
+    /// Checks or recodes the image so that it fits into limits on width/height and byte size.
    ///
-    /// If `!is_avatar`, then if `max_bytes` is exceeded, reduces the image to `max_wh` and proceeds
-    /// with the result (even if `max_bytes` is still exceeded).
-    ///
-    /// If `is_avatar`, the resolution will be reduced in a loop until the image fits `max_bytes`.
+    /// If `!is_avatar`, then if `max_bytes` is exceeded, reduces the image to `img_wh` and proceeds
+    /// with the result without rechecking.
    ///
    /// This modifies the blob object in-place.
    ///
@@ -321,13 +319,12 @@ impl<'a> BlobObject<'a> {
    /// then the updated user-visible filename will be returned;
    /// this may be necessary because the format may be changed to JPG,
    /// i.e. "image.png" -> "image.jpg".
-    #[expect(clippy::arithmetic_side_effects)]
    fn check_or_recode_to_size(
        &mut self,
        context: &Context,
        name: Option<String>,
        viewtype: &mut Viewtype,
-        max_wh: u32,
+        mut img_wh: u32,
        max_bytes: usize,
        is_avatar: bool,
    ) -> Result<String> {
@@ -389,14 +386,7 @@ impl<'a> BlobObject<'a> {
                _ => img,
            };

-            // max_wh is the maximum image width and height, i.e. the resolution-limit.
-            // target_wh target-resolution for resizing the image.
-            let exceeds_wh = img.width() > max_wh || img.height() > max_wh;
-            let mut target_wh = if exceeds_wh {
-                max_wh
-            } else {
-                max(img.width(), img.height())
-            };
+            let exceeds_wh = img.width() > img_wh || img.height() > img_wh;
            let exceeds_max_bytes = nr_bytes > max_bytes as u64;

            let jpeg_quality = 75;
@@ -435,6 +425,15 @@ impl<'a> BlobObject<'a> {
                        });

            if do_scale {
+                if !exceeds_wh {
+                    img_wh = max(img.width(), img.height());
+                    // PNGs and WebPs may be huge because of animation, which is lost by the `image`
+                    // crate when recoding, so don't scale them down.
+                    if matches!(fmt, ImageFormat::Jpeg) || !encoded.is_empty() {
+                        img_wh = img_wh * 2 / 3;
+                    }
+                }
+
                loop {
                    if mem::take(&mut add_white_bg) {
                        self::add_white_bg(&mut img);
@@ -449,9 +448,9 @@ impl<'a> BlobObject<'a> {
                    // usually has less pixels by cropping, UI that needs to wait anyways,
                    // and also benefits from slightly better (5%) encoding of Triangle-filtered images.
                    let new_img = if is_avatar {
-                        img.resize(target_wh, target_wh, image::imageops::FilterType::Triangle)
+                        img.resize(img_wh, img_wh, image::imageops::FilterType::Triangle)
                    } else {
-                        img.thumbnail(target_wh, target_wh)
+                        img.thumbnail(img_wh, img_wh)
                    };

                    if encoded_img_exceeds_bytes(
@@ -462,19 +461,19 @@ impl<'a> BlobObject<'a> {
                        &mut encoded,
                    )? && is_avatar
                    {
-                        if target_wh < 20 {
+                        if img_wh < 20 {
                            return Err(format_err!(
                                "Failed to scale image to below {max_bytes}B.",
                            ));
                        }

-                        target_wh = target_wh * 2 / 3;
+                        img_wh = img_wh * 2 / 3;
                    } else {
                        info!(
                            context,
                            "Final scaled-down image size: {}B ({}px).",
                            encoded.len(),
-                            target_wh
+                            img_wh
                        );
                        break;
                    }
--- a/src/blob/blob_tests.rs
+++ b/src/blob/blob_tests.rs
@@ -173,8 +173,11 @@ async fn test_selfavatar_outside_blobdir() {
        .unwrap();
    let avatar_blob = t.get_config(Config::Selfavatar).await.unwrap().unwrap();
    let avatar_path = Path::new(&avatar_blob);
+    assert!(
+        avatar_blob.ends_with("7dde69e06b5ae6c27520a436bbfd65b.jpg"),
+        "The avatar filename should be its hash, put instead it's {avatar_blob}"
+    );
    let scaled_avatar_size = file_size(avatar_path).await;
-    info!(&t, "Scaled avatar size: {scaled_avatar_size}.");
    assert!(scaled_avatar_size < avatar_bytes.len() as u64);

    check_image_size(avatar_src, 1000, 1000);
@@ -184,11 +187,6 @@ async fn test_selfavatar_outside_blobdir() {
        constants::BALANCED_AVATAR_SIZE,
    );

-    assert!(
-        avatar_blob.ends_with("2a048b6fcd86448032b854ea1ad7608.jpg"),
-        "The avatar filename should be its hash, but instead it's {avatar_blob}"
-    );
-
    let mut blob = BlobObject::create_and_deduplicate(&t, avatar_path, avatar_path).unwrap();
    let viewtype = &mut Viewtype::Image;
    let strict_limits = true;
@@ -798,56 +796,3 @@ async fn test_create_and_deduplicate_from_bytes() -> Result<()> {

    Ok(())
 }
-
-/// Tests that an image that already fits into the width limit,
-/// but not the bytes limit,
-/// is compressed without changing the resolution.
-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_recode_without_downscaling() -> Result<()> {
-    let t = &TestContext::new().await;
-
-    let image = include_bytes!("../../test-data/image/screenshot120x120.jpg");
-    const { assert!(120 < constants::WORSE_AVATAR_SIZE) };
-
-    for is_avatar in [true, false] {
-        let mut blob =
-            BlobObject::create_and_deduplicate_from_bytes(t, image, "image.jpg").unwrap();
-        let image_path = blob.to_abs_path();
-        check_image_size(&image_path, 120, 120);
-
-        assert!(
-            fs::metadata(&image_path).await.unwrap().len() > constants::WORSE_AVATAR_BYTES as u64
-        );
-
-        // Repeat the check, because a second call to `check_or_recode_to_size()`
-        // is not supposed to change anything:
-        let mut imgs = vec![];
-        for _ in 0..2 {
-            let mut viewtype = Viewtype::Image;
-            let new_name = blob.check_or_recode_to_size(
-                t,
-                Some("image.jpg".to_string()),
-                &mut viewtype,
-                constants::WORSE_AVATAR_SIZE,
-                constants::WORSE_AVATAR_BYTES,
-                is_avatar,
-            )?;
-            let image_path = blob.to_abs_path();
-            assert_eq!(new_name, "image.jpg"); // The name shall not have changed
-            assert_eq!(viewtype, Viewtype::Image); // The viewtype shall not have changed
-            let img = check_image_size(&image_path, 120, 120); // The resolution shall not have changed
-            imgs.push(img);
-
-            let new_image_bytes = fs::metadata(&image_path).await.unwrap().len();
-            assert!(
-                new_image_bytes < constants::WORSE_AVATAR_BYTES as u64,
-                "The new image size, {new_image_bytes}, should be lower than {}, is_avatar={is_avatar}",
-                constants::WORSE_AVATAR_BYTES
-            );
-        }
-
-        assert_eq!(imgs[0], imgs[1]);
-    }
-
-    Ok(())
-}
--- a/src/calls.rs
+++ b/src/calls.rs
@@ -4,23 +4,21 @@
 //! This means, the "Call ID" is a "Message ID" - similar to Webxdc IDs.
 use crate::chat::ChatIdBlocked;
 use crate::chat::{Chat, ChatId, send_msg};
-use crate::config::Config;
 use crate::constants::{Blocked, Chattype};
 use crate::contact::ContactId;
-use crate::context::{Context, WeakContext};
+use crate::context::Context;
 use crate::events::EventType;
 use crate::headerdef::HeaderDef;
 use crate::log::warn;
-use crate::message::{Message, MsgId, Viewtype, markseen_msgs};
+use crate::message::{self, Message, MsgId, Viewtype};
 use crate::mimeparser::{MimeMessage, SystemMessage};
 use crate::net::dns::lookup_host_with_cache;
 use crate::param::Param;
-use crate::stock_str;
-use crate::tools::{normalize_text, time};
+use crate::tools::time;
 use anyhow::{Context as _, Result, ensure};
-use deltachat_derive::{FromSql, ToSql};
-use num_traits::FromPrimitive;
+use sdp::SessionDescription;
 use serde::Serialize;
+use std::io::Cursor;
 use std::str::FromStr;
 use std::time::Duration;
 use tokio::task;
@@ -35,7 +33,7 @@ use tokio::time::sleep;
 ///
 /// For the caller, this means they should also not wait longer,
 /// as the callee won't start the call afterwards.
-const RINGING_SECONDS: i64 = 120;
+const RINGING_SECONDS: i64 = 60;

 // For persisting parameters in the call, we use Param::Arg*

@@ -79,7 +77,6 @@ impl CallInfo {
    }

    fn remaining_ring_seconds(&self) -> i64 {
-        #[expect(clippy::arithmetic_side_effects)]
        let remaining_seconds = self.msg.timestamp_sent + RINGING_SECONDS - time();
        remaining_seconds.clamp(0, RINGING_SECONDS)
    }
@@ -89,7 +86,7 @@ impl CallInfo {
            .sql
            .execute(
                "UPDATE msgs SET txt=?, txt_normalized=? WHERE id=?",
-                (text, normalize_text(text), self.msg.id),
+                (text, message::normalize_text(text), self.msg.id),
            )
            .await?;
        Ok(())
@@ -104,12 +101,10 @@ impl CallInfo {
        };

        if self.is_incoming() {
-            let incoming_call_str = stock_str::incoming_call(context, self.has_video_initially());
-            self.update_text(context, &format!("{incoming_call_str}\n{duration}"))
+            self.update_text(context, &format!("Incoming call\n{duration}"))
                .await?;
        } else {
-            let outgoing_call_str = stock_str::outgoing_call(context, self.has_video_initially());
-            self.update_text(context, &format!("{outgoing_call_str}\n{duration}"))
+            self.update_text(context, &format!("Outgoing call\n{duration}"))
                .await?;
        }
        Ok(())
@@ -128,14 +123,6 @@ impl CallInfo {
        self.msg.param.exists(CALL_ACCEPTED_TIMESTAMP)
    }

-    /// Returns true if the call is started as a video call.
-    pub fn has_video_initially(&self) -> bool {
-        self.msg
-            .param
-            .get_bool(Param::WebrtcHasVideoInitially)
-            .unwrap_or(false)
-    }
-
    /// Returns true if the call is missed
    /// because the caller canceled it
    /// explicitly before ringing stopped.
@@ -174,7 +161,6 @@ impl CallInfo {
    }

    /// Returns call duration in seconds.
-    #[expect(clippy::arithmetic_side_effects)]
    pub fn duration_seconds(&self) -> i64 {
        if let (Some(start), Some(end)) = (
            self.msg.param.get_i64(CALL_ACCEPTED_TIMESTAMP),
@@ -196,7 +182,6 @@ impl Context {
        &self,
        chat_id: ChatId,
        place_call_info: String,
-        has_video_initially: bool,
    ) -> Result<MsgId> {
        let chat = Chat::load_from_db(self, chat_id).await?;
        ensure!(
@@ -205,21 +190,17 @@ impl Context {
        );
        ensure!(!chat.is_self_talk(), "Cannot call self");

-        let outgoing_call_str = stock_str::outgoing_call(self, has_video_initially);
        let mut call = Message {
            viewtype: Viewtype::Call,
-            text: outgoing_call_str,
+            text: "Outgoing call".into(),
            ..Default::default()
        };
        call.param.set(Param::WebrtcRoom, &place_call_info);
-        call.param
-            .set_int(Param::WebrtcHasVideoInitially, has_video_initially.into());
        call.id = send_msg(self, chat_id, &mut call).await?;

        let wait = RINGING_SECONDS;
-        let context = self.get_weak_context();
        task::spawn(Context::emit_end_call_if_unaccepted(
-            context,
+            self.clone(),
            wait.try_into()?,
            call.id,
        ));
@@ -247,7 +228,6 @@ impl Context {
        if chat.is_contact_request() {
            chat.id.accept(self).await?;
        }
-        markseen_msgs(self, vec![call_id]).await?;

        // send an acceptance message around: to the caller as well as to the other devices of the callee
        let mut msg = Message {
@@ -264,7 +244,6 @@ impl Context {
        self.emit_event(EventType::IncomingCallAccepted {
            msg_id: call.msg.id,
            chat_id: call.msg.chat_id,
-            from_this_device: true,
        });
        self.emit_msgs_changed(call.msg.chat_id, call_id);
        Ok(())
@@ -283,13 +262,10 @@ impl Context {
        if !call.is_accepted() {
            if call.is_incoming() {
                call.mark_as_ended(self).await?;
-                markseen_msgs(self, vec![call_id]).await?;
-                let declined_call_str = stock_str::declined_call(self);
-                call.update_text(self, &declined_call_str).await?;
+                call.update_text(self, "Declined call").await?;
            } else {
                call.mark_as_canceled(self).await?;
-                let canceled_call_str = stock_str::canceled_call(self);
-                call.update_text(self, &canceled_call_str).await?;
+                call.update_text(self, "Canceled call").await?;
            }
        } else {
            call.mark_as_ended(self).await?;
@@ -315,12 +291,11 @@ impl Context {
    }

    async fn emit_end_call_if_unaccepted(
-        context: WeakContext,
+        context: Context,
        wait: u64,
        call_id: MsgId,
    ) -> Result<()> {
        sleep(Duration::from_secs(wait)).await;
-        let context = context.upgrade()?;
        let Some(mut call) = context.load_call_by_id(call_id).await? else {
            warn!(
                context,
@@ -331,12 +306,10 @@ impl Context {
        if !call.is_accepted() && !call.is_ended() {
            if call.is_incoming() {
                call.mark_as_canceled(&context).await?;
-                let missed_call_str = stock_str::missed_call(&context);
-                call.update_text(&context, &missed_call_str).await?;
+                call.update_text(&context, "Missed call").await?;
            } else {
                call.mark_as_ended(&context).await?;
-                let canceled_call_str = stock_str::canceled_call(&context);
-                call.update_text(&context, &canceled_call_str).await?;
+                call.update_text(&context, "Canceled call").await?;
            }
            context.emit_msgs_changed(call.msg.chat_id, call_id);
            context.emit_event(EventType::CallEnded {
@@ -361,54 +334,48 @@ impl Context {

            if call.is_incoming() {
                if call.is_stale() {
-                    let missed_call_str = stock_str::missed_call(self);
-                    call.update_text(self, &missed_call_str).await?;
+                    call.update_text(self, "Missed call").await?;
                    self.emit_incoming_msg(call.msg.chat_id, call_id); // notify missed call
                } else {
-                    let incoming_call_str =
-                        stock_str::incoming_call(self, call.has_video_initially());
-                    call.update_text(self, &incoming_call_str).await?;
+                    call.update_text(self, "Incoming call").await?;
                    self.emit_msgs_changed(call.msg.chat_id, call_id); // ringing calls are not additionally notified
-                    let can_call_me = match who_can_call_me(self).await? {
-                        WhoCanCallMe::Contacts => ChatIdBlocked::lookup_by_contact(self, from_id)
-                            .await?
-                            .is_some_and(|chat_id_blocked| {
-                                match chat_id_blocked.blocked {
-                                    Blocked::Not => true,
-                                    Blocked::Yes | Blocked::Request => {
-                                        // Do not notify about incoming calls
-                                        // from contact requests and blocked contacts.
-                                        //
-                                        // User can still access the call and accept it
-                                        // via the chat in case of contact requests.
-                                        false
-                                    }
-                                }
-                            }),
-                        WhoCanCallMe::Everybody => ChatIdBlocked::lookup_by_contact(self, from_id)
-                            .await?
-                            .is_none_or(|chat_id_blocked| chat_id_blocked.blocked != Blocked::Yes),
-                        WhoCanCallMe::Nobody => false,
+                    let has_video = match sdp_has_video(&call.place_call_info) {
+                        Ok(has_video) => has_video,
+                        Err(err) => {
+                            warn!(self, "Failed to determine if SDP offer has video: {err:#}.");
+                            false
+                        }
                    };
-                    if can_call_me {
-                        self.emit_event(EventType::IncomingCall {
-                            msg_id: call.msg.id,
-                            chat_id: call.msg.chat_id,
-                            place_call_info: call.place_call_info.to_string(),
-                            has_video: call.has_video_initially(),
-                        });
+                    if let Some(chat_id_blocked) =
+                        ChatIdBlocked::lookup_by_contact(self, from_id).await?
+                    {
+                        match chat_id_blocked.blocked {
+                            Blocked::Not => {
+                                self.emit_event(EventType::IncomingCall {
+                                    msg_id: call.msg.id,
+                                    chat_id: call.msg.chat_id,
+                                    place_call_info: call.place_call_info.to_string(),
+                                    has_video,
+                                });
+                            }
+                            Blocked::Yes | Blocked::Request => {
+                                // Do not notify about incoming calls
+                                // from contact requests and blocked contacts.
+                                //
+                                // User can still access the call and accept it
+                                // via the chat in case of contact requests.
+                            }
+                        }
                    }
                    let wait = call.remaining_ring_seconds();
-                    let context = self.get_weak_context();
                    task::spawn(Context::emit_end_call_if_unaccepted(
-                        context,
+                        self.clone(),
                        wait.try_into()?,
                        call.msg.id,
                    ));
                }
            } else {
-                let outgoing_call_str = stock_str::outgoing_call(self, call.has_video_initially());
-                call.update_text(self, &outgoing_call_str).await?;
+                call.update_text(self, "Outgoing call").await?;
                self.emit_msgs_changed(call.msg.chat_id, call_id);
            }
        } else {
@@ -430,7 +397,6 @@ impl Context {
                        self.emit_event(EventType::IncomingCallAccepted {
                            msg_id: call.msg.id,
                            chat_id: call.msg.chat_id,
-                            from_this_device: false,
                        });
                    } else {
                        let accept_call_info = mime_message
@@ -459,23 +425,19 @@ impl Context {
                        if call.is_incoming() {
                            if from_id == ContactId::SELF {
                                call.mark_as_ended(self).await?;
-                                let declined_call_str = stock_str::declined_call(self);
-                                call.update_text(self, &declined_call_str).await?;
+                                call.update_text(self, "Declined call").await?;
                            } else {
                                call.mark_as_canceled(self).await?;
-                                let missed_call_str = stock_str::missed_call(self);
-                                call.update_text(self, &missed_call_str).await?;
+                                call.update_text(self, "Missed call").await?;
                            }
                        } else {
                            // outgoing
                            if from_id == ContactId::SELF {
                                call.mark_as_canceled(self).await?;
-                                let canceled_call_str = stock_str::canceled_call(self);
-                                call.update_text(self, &canceled_call_str).await?;
+                                call.update_text(self, "Canceled call").await?;
                            } else {
                                call.mark_as_ended(self).await?;
-                                let declined_call_str = stock_str::declined_call(self);
-                                call.update_text(self, &declined_call_str).await?;
+                                call.update_text(self, "Declined call").await?;
                            }
                        }
                    } else {
@@ -531,6 +493,19 @@ impl Context {
    }
 }

+/// Returns true if SDP offer has a video.
+pub fn sdp_has_video(sdp: &str) -> Result<bool> {
+    let mut cursor = Cursor::new(sdp);
+    let session_description =
+        SessionDescription::unmarshal(&mut cursor).context("Failed to parse SDP")?;
+    for media_description in &session_description.media_descriptions {
+        if media_description.media_name.media == "video" {
+            return Ok(true);
+        }
+    }
+    Ok(false)
+}
+
 /// State of the call for display in the message bubble.
 #[derive(Debug, PartialEq, Eq)]
 pub enum CallState {
@@ -628,7 +603,33 @@ struct IceServer {
    pub credential: Option<String>,
 }

-/// Creates ICE servers from a line received over IMAP METADATA.
+/// Creates JSON with ICE servers.
+async fn create_ice_servers(
+    context: &Context,
+    hostname: &str,
+    port: u16,
+    username: &str,
+    password: &str,
+) -> Result<String> {
+    // Do not use cache because there is no TLS.
+    let load_cache = false;
+    let urls: Vec<String> = lookup_host_with_cache(context, hostname, port, "", load_cache)
+        .await?
+        .into_iter()
+        .map(|addr| format!("turn:{addr}"))
+        .collect();
+
+    let ice_server = IceServer {
+        urls,
+        username: Some(username.to_string()),
+        credential: Some(password.to_string()),
+    };
+
+    let json = serde_json::to_string(&[ice_server])?;
+    Ok(json)
+}
+
+/// Creates JSON with ICE servers from a line received over IMAP METADATA.
 ///
 /// IMAP METADATA returns a line such as
 /// `example.com:3478:1758650868:8Dqkyyu11MVESBqjbIylmB06rv8=`
@@ -638,107 +639,20 @@ struct IceServer {
 /// while `8Dqkyyu11MVESBqjbIylmB06rv8=`
 /// is the password.
 pub(crate) async fn create_ice_servers_from_metadata(
+    context: &Context,
    metadata: &str,
-) -> Result<(i64, Vec<UnresolvedIceServer>)> {
+) -> Result<(i64, String)> {
    let (hostname, rest) = metadata.split_once(':').context("Missing hostname")?;
    let (port, rest) = rest.split_once(':').context("Missing port")?;
    let port = u16::from_str(port).context("Failed to parse the port")?;
    let (ts, password) = rest.split_once(':').context("Missing timestamp")?;
    let expiration_timestamp = i64::from_str(ts).context("Failed to parse the timestamp")?;
-    let ice_servers = vec![UnresolvedIceServer::Turn {
-        hostname: hostname.to_string(),
-        port,
-        username: ts.to_string(),
-        credential: password.to_string(),
-    }];
+    let ice_servers = create_ice_servers(context, hostname, port, ts, password).await?;
    Ok((expiration_timestamp, ice_servers))
 }

-/// STUN or TURN server with unresolved DNS name.
-#[derive(Debug, Clone)]
-pub(crate) enum UnresolvedIceServer {
-    /// STUN server.
-    Stun { hostname: String, port: u16 },
-
-    /// TURN server with the username and password.
-    Turn {
-        hostname: String,
-        port: u16,
-        username: String,
-        credential: String,
-    },
-}
-
-/// Resolves domain names of ICE servers.
-///
-/// On failure to resolve, logs the error
-/// and skips the server, but does not fail.
-pub(crate) async fn resolve_ice_servers(
-    context: &Context,
-    unresolved_ice_servers: Vec<UnresolvedIceServer>,
-) -> Result<String> {
-    let mut result: Vec<IceServer> = Vec::new();
-
-    // Do not use cache because there is no TLS.
-    let load_cache = false;
-
-    for unresolved_ice_server in unresolved_ice_servers {
-        match unresolved_ice_server {
-            UnresolvedIceServer::Stun { hostname, port } => {
-                match lookup_host_with_cache(context, &hostname, port, "", load_cache).await {
-                    Ok(addrs) => {
-                        let urls: Vec<String> = addrs
-                            .into_iter()
-                            .map(|addr| format!("stun:{addr}"))
-                            .collect();
-                        let stun_server = IceServer {
-                            urls,
-                            username: None,
-                            credential: None,
-                        };
-                        result.push(stun_server);
-                    }
-                    Err(err) => {
-                        warn!(
-                            context,
-                            "Failed to resolve STUN {hostname}:{port}: {err:#}."
-                        );
-                    }
-                }
-            }
-            UnresolvedIceServer::Turn {
-                hostname,
-                port,
-                username,
-                credential,
-            } => match lookup_host_with_cache(context, &hostname, port, "", load_cache).await {
-                Ok(addrs) => {
-                    let urls: Vec<String> = addrs
-                        .into_iter()
-                        .map(|addr| format!("turn:{addr}"))
-                        .collect();
-                    let turn_server = IceServer {
-                        urls,
-                        username: Some(username),
-                        credential: Some(credential),
-                    };
-                    result.push(turn_server);
-                }
-                Err(err) => {
-                    warn!(
-                        context,
-                        "Failed to resolve TURN {hostname}:{port}: {err:#}."
-                    );
-                }
-            },
-        }
-    }
-    let json = serde_json::to_string(&result)?;
-    Ok(json)
-}
-
 /// Creates JSON with ICE servers when no TURN servers are known.
-pub(crate) fn create_fallback_ice_servers() -> Vec<UnresolvedIceServer> {
+pub(crate) async fn create_fallback_ice_servers(context: &Context) -> Result<String> {
    // Do not use public STUN server from https://stunprotocol.org/.
    // It changes the hostname every year
    // (e.g. stunserver2025.stunprotocol.org
@@ -746,18 +660,25 @@ pub(crate) fn create_fallback_ice_servers() -> Vec<UnresolvedIceServer> {
    // because of bandwidth costs:
    // <https://github.com/jselbie/stunserver/issues/50>

-    vec![
-        UnresolvedIceServer::Stun {
-            hostname: "nine.testrun.org".to_string(),
-            port: STUN_PORT,
-        },
-        UnresolvedIceServer::Turn {
-            hostname: "turn.delta.chat".to_string(),
-            port: STUN_PORT,
-            username: "public".to_string(),
-            credential: "o4tR7yG4rG2slhXqRUf9zgmHz".to_string(),
-        },
-    ]
+    // We use nine.testrun.org for a default STUN server.
+    let hostname = "nine.testrun.org";
+
+    // Do not use cache because there is no TLS.
+    let load_cache = false;
+    let urls: Vec<String> = lookup_host_with_cache(context, hostname, STUN_PORT, "", load_cache)
+        .await?
+        .into_iter()
+        .map(|addr| format!("stun:{addr}"))
+        .collect();
+
+    let ice_server = IceServer {
+        urls,
+        username: None,
+        credential: None,
+    };
+
+    let json = serde_json::to_string(&[ice_server])?;
+    Ok(json)
 }

 /// Returns JSON with ICE servers.
@@ -771,39 +692,11 @@ pub(crate) fn create_fallback_ice_servers() -> Vec<UnresolvedIceServer> {
 /// <https://github.com/deltachat/deltachat-desktop/issues/5447>.
 pub async fn ice_servers(context: &Context) -> Result<String> {
    if let Some(ref metadata) = *context.metadata.read().await {
-        let ice_servers = resolve_ice_servers(context, metadata.ice_servers.clone()).await?;
-        Ok(ice_servers)
+        Ok(metadata.ice_servers.clone())
    } else {
        Ok("[]".to_string())
    }
 }

-/// "Who can call me" config options.
-#[derive(
-    Debug, Default, Display, Clone, Copy, PartialEq, Eq, FromPrimitive, ToPrimitive, FromSql, ToSql,
-)]
-#[repr(u8)]
-pub enum WhoCanCallMe {
-    /// Everybody can call me if they are not blocked.
-    ///
-    /// This includes contact requests.
-    Everybody = 0,
-
-    /// Every contact who is not blocked and not a contact request, can call.
-    #[default]
-    Contacts = 1,
-
-    /// Nobody can call me.
-    Nobody = 2,
-}
-
-/// Returns currently configuration of the "who can call me" option.
-async fn who_can_call_me(context: &Context) -> Result<WhoCanCallMe> {
-    let who_can_call_me =
-        WhoCanCallMe::from_i32(context.get_config_int(Config::WhoCanCallMe).await?)
-            .unwrap_or_default();
-    Ok(who_can_call_me)
-}
-
 #[cfg(test)]
 mod calls_tests;
--- a/src/calls/calls_tests.rs
+++ b/src/calls/calls_tests.rs
@@ -2,8 +2,7 @@ use super::*;
 use crate::chat::forward_msgs;
 use crate::config::Config;
 use crate::constants::DC_CHAT_ID_TRASH;
-use crate::message::MessageState;
-use crate::receive_imf::receive_imf;
+use crate::receive_imf::{receive_imf, receive_imf_from_inbox};
 use crate::test_utils::{TestContext, TestContextManager};

 struct CallSetup {
@@ -26,6 +25,13 @@ async fn assert_text(t: &TestContext, call_id: MsgId, text: &str) -> Result<()>
 const PLACE_INFO: &str = "v=0\r\no=alice 2890844526 2890844526 IN IP4 host.anywhere.com\r\ns=-\r\nc=IN IP4 host.anywhere.com\r\nt=0 0\r\nm=audio 62986 RTP/AVP 0 4 18\r\na=rtpmap:0 PCMU/8000\r\na=rtpmap:4 G723/8000\r\na=rtpmap:18 G729/8000\r\na=inactive\r\n";
 const ACCEPT_INFO: &str = "v=0\r\no=bob 2890844730 2890844731 IN IP4 host.example.com\r\ns=\r\nc=IN IP4 host.example.com\r\nt=0 0\r\nm=audio 54344 RTP/AVP 0 4\r\na=rtpmap:0 PCMU/8000\r\na=rtpmap:4 G723/8000\r\na=inactive\r\n";

+/// Example from <https://datatracker.ietf.org/doc/rfc9143/>
+/// with `s= ` replaced with `s=-`.
+///
+/// `s=` cannot be empty according to RFC 3264,
+/// so it is more clear as `s=-`.
+const PLACE_INFO_VIDEO: &str = "v=0\r\no=alice 2890844526 2890844526 IN IP6 2001:db8::3\r\ns=-\r\nc=IN IP6 2001:db8::3\r\nt=0 0\r\na=group:BUNDLE foo bar\r\n\r\nm=audio 10000 RTP/AVP 0 8 97\r\nb=AS:200\r\na=mid:foo\r\na=rtcp-mux\r\na=rtpmap:0 PCMU/8000\r\na=rtpmap:8 PCMA/8000\r\na=rtpmap:97 iLBC/8000\r\na=extmap:1 urn:ietf:params:rtp-hdrext:sdes:mid\r\n\r\nm=video 10002 RTP/AVP 31 32\r\nb=AS:1000\r\na=mid:bar\r\na=rtcp-mux\r\na=rtpmap:31 H261/90000\r\na=rtpmap:32 MPV/90000\r\na=extmap:1 urn:ietf:params:rtp-hdrext:sdes:mid\r\n";
+
 async fn setup_call() -> Result<CallSetup> {
    let mut tcm = TestContextManager::new();
    let alice = tcm.alice().await;
@@ -46,7 +52,7 @@ async fn setup_call() -> Result<CallSetup> {
    bob2.create_chat(&alice).await;

    let test_msg_id = alice
-        .place_outgoing_call(alice_chat.id, PLACE_INFO.to_string(), true)
+        .place_outgoing_call(alice_chat.id, PLACE_INFO.to_string())
        .await?;
    let sent1 = alice.pop_sent_msg().await;
    assert_eq!(sent1.sender_msg_id, test_msg_id);
@@ -62,8 +68,7 @@ async fn setup_call() -> Result<CallSetup> {
        assert!(!info.is_incoming());
        assert!(!info.is_accepted());
        assert_eq!(info.place_call_info, PLACE_INFO);
-        assert_eq!(info.has_video_initially(), true);
-        assert_text(t, m.id, "Outgoing video call").await?;
+        assert_text(t, m.id, "Outgoing call").await?;
        assert_eq!(call_state(t, m.id).await?, CallState::Alerting);
    }

@@ -84,8 +89,7 @@ async fn setup_call() -> Result<CallSetup> {
        assert!(info.is_incoming());
        assert!(!info.is_accepted());
        assert_eq!(info.place_call_info, PLACE_INFO);
-        assert_eq!(info.has_video_initially(), true);
-        assert_text(t, m.id, "Incoming video call").await?;
+        assert_text(t, m.id, "Incoming call").await?;
        assert_eq!(call_state(t, m.id).await?, CallState::Alerting);
    }

@@ -116,28 +120,9 @@ async fn accept_call() -> Result<CallSetup> {
    // Bob accepts the incoming call
    bob.accept_incoming_call(bob_call.id, ACCEPT_INFO.to_string())
        .await?;
-    assert_eq!(bob_call.id.get_state(&bob).await?, MessageState::InSeen);
-    // Bob sends an MDN to Alice.
-    assert_eq!(
-        bob.sql
-            .count(
-                "SELECT COUNT(*) FROM smtp_mdns WHERE msg_id=? AND from_id=?",
-                (bob_call.id, bob_call.from_id)
-            )
-            .await?,
-        1
-    );
-    assert_text(&bob, bob_call.id, "Incoming video call").await?;
+    assert_text(&bob, bob_call.id, "Incoming call").await?;
    bob.evtracker
-        .get_matching(|evt| {
-            matches!(
-                evt,
-                EventType::IncomingCallAccepted {
-                    from_this_device: true,
-                    ..
-                }
-            )
-        })
+        .get_matching(|evt| matches!(evt, EventType::IncomingCallAccepted { .. }))
        .await;
    let sent2 = bob.pop_sent_msg().await;
    let info = bob
@@ -149,17 +134,9 @@ async fn accept_call() -> Result<CallSetup> {
    assert_eq!(call_state(&bob, bob_call.id).await?, CallState::Active);

    bob2.recv_msg_trash(&sent2).await;
-    assert_text(&bob, bob_call.id, "Incoming video call").await?;
+    assert_text(&bob, bob_call.id, "Incoming call").await?;
    bob2.evtracker
-        .get_matching(|evt| {
-            matches!(
-                evt,
-                EventType::IncomingCallAccepted {
-                    from_this_device: false,
-                    ..
-                }
-            )
-        })
+        .get_matching(|evt| matches!(evt, EventType::IncomingCallAccepted { .. }))
        .await;
    let info = bob2
        .load_call_by_id(bob2_call.id)
@@ -170,7 +147,7 @@ async fn accept_call() -> Result<CallSetup> {

    // Alice receives the acceptance message
    alice.recv_msg_trash(&sent2).await;
-    assert_text(&alice, alice_call.id, "Outgoing video call").await?;
+    assert_text(&alice, alice_call.id, "Outgoing call").await?;
    let ev = alice
        .evtracker
        .get_matching(|evt| matches!(evt, EventType::OutgoingCallAccepted { .. }))
@@ -192,7 +169,7 @@ async fn accept_call() -> Result<CallSetup> {
    assert_eq!(call_state(&alice, alice_call.id).await?, CallState::Active);

    alice2.recv_msg_trash(&sent2).await;
-    assert_text(&alice2, alice2_call.id, "Outgoing video call").await?;
+    assert_text(&alice2, alice2_call.id, "Outgoing call").await?;
    alice2
        .evtracker
        .get_matching(|evt| matches!(evt, EventType::OutgoingCallAccepted { .. }))
@@ -228,21 +205,10 @@ async fn test_accept_call_callee_ends() -> Result<()> {
        bob2_call,
        ..
    } = accept_call().await?;
-    assert_eq!(bob_call.id.get_state(&bob).await?, MessageState::InSeen);

    // Bob has accepted the call and also ends it
    bob.end_call(bob_call.id).await?;
-    // Bob sends an MDN to Alice.
-    assert_eq!(
-        bob.sql
-            .count(
-                "SELECT COUNT(*) FROM smtp_mdns WHERE msg_id=? AND from_id=?",
-                (bob_call.id, bob_call.from_id)
-            )
-            .await?,
-        1
-    );
-    assert_text(&bob, bob_call.id, "Incoming video call\n<1 minute").await?;
+    assert_text(&bob, bob_call.id, "Incoming call\n<1 minute").await?;
    bob.evtracker
        .get_matching(|evt| matches!(evt, EventType::CallEnded { .. }))
        .await;
@@ -253,7 +219,7 @@ async fn test_accept_call_callee_ends() -> Result<()> {
    ));

    bob2.recv_msg_trash(&sent3).await;
-    assert_text(&bob2, bob2_call.id, "Incoming video call\n<1 minute").await?;
+    assert_text(&bob2, bob2_call.id, "Incoming call\n<1 minute").await?;
    bob2.evtracker
        .get_matching(|evt| matches!(evt, EventType::CallEnded { .. }))
        .await;
@@ -264,7 +230,7 @@ async fn test_accept_call_callee_ends() -> Result<()> {

    // Alice receives the ending message
    alice.recv_msg_trash(&sent3).await;
-    assert_text(&alice, alice_call.id, "Outgoing video call\n<1 minute").await?;
+    assert_text(&alice, alice_call.id, "Outgoing call\n<1 minute").await?;
    alice
        .evtracker
        .get_matching(|evt| matches!(evt, EventType::CallEnded { .. }))
@@ -275,7 +241,7 @@ async fn test_accept_call_callee_ends() -> Result<()> {
    ));

    alice2.recv_msg_trash(&sent3).await;
-    assert_text(&alice2, alice2_call.id, "Outgoing video call\n<1 minute").await?;
+    assert_text(&alice2, alice2_call.id, "Outgoing call\n<1 minute").await?;
    alice2
        .evtracker
        .get_matching(|evt| matches!(evt, EventType::CallEnded { .. }))
@@ -305,7 +271,7 @@ async fn test_accept_call_caller_ends() -> Result<()> {

    // Bob has accepted the call but Alice ends it
    alice.end_call(alice_call.id).await?;
-    assert_text(&alice, alice_call.id, "Outgoing video call\n<1 minute").await?;
+    assert_text(&alice, alice_call.id, "Outgoing call\n<1 minute").await?;
    alice
        .evtracker
        .get_matching(|evt| matches!(evt, EventType::CallEnded { .. }))
@@ -317,7 +283,7 @@ async fn test_accept_call_caller_ends() -> Result<()> {
    ));

    alice2.recv_msg_trash(&sent3).await;
-    assert_text(&alice2, alice2_call.id, "Outgoing video call\n<1 minute").await?;
+    assert_text(&alice2, alice2_call.id, "Outgoing call\n<1 minute").await?;
    alice2
        .evtracker
        .get_matching(|evt| matches!(evt, EventType::CallEnded { .. }))
@@ -329,7 +295,7 @@ async fn test_accept_call_caller_ends() -> Result<()> {

    // Bob receives the ending message
    bob.recv_msg_trash(&sent3).await;
-    assert_text(&bob, bob_call.id, "Incoming video call\n<1 minute").await?;
+    assert_text(&bob, bob_call.id, "Incoming call\n<1 minute").await?;
    bob.evtracker
        .get_matching(|evt| matches!(evt, EventType::CallEnded { .. }))
        .await;
@@ -339,7 +305,7 @@ async fn test_accept_call_caller_ends() -> Result<()> {
    ));

    bob2.recv_msg_trash(&sent3).await;
-    assert_text(&bob2, bob2_call.id, "Incoming video call\n<1 minute").await?;
+    assert_text(&bob2, bob2_call.id, "Incoming call\n<1 minute").await?;
    bob2.evtracker
        .get_matching(|evt| matches!(evt, EventType::CallEnded { .. }))
        .await;
@@ -367,18 +333,8 @@ async fn test_callee_rejects_call() -> Result<()> {
    } = setup_call().await?;

    // Bob has accepted Alice before, but does not want to talk with Alice
+    bob_call.chat_id.accept(&bob).await?;
    bob.end_call(bob_call.id).await?;
-    assert_eq!(bob_call.id.get_state(&bob).await?, MessageState::InSeen);
-    // Bob sends an MDN to Alice.
-    assert_eq!(
-        bob.sql
-            .count(
-                "SELECT COUNT(*) FROM smtp_mdns WHERE msg_id=? AND from_id=?",
-                (bob_call.id, bob_call.from_id)
-            )
-            .await?,
-        1
-    );
    assert_text(&bob, bob_call.id, "Declined call").await?;
    bob.evtracker
        .get_matching(|evt| matches!(evt, EventType::CallEnded { .. }))
@@ -419,35 +375,6 @@ async fn test_callee_rejects_call() -> Result<()> {
    Ok(())
 }

-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_callee_sees_contact_request_call() -> Result<()> {
-    let mut tcm = TestContextManager::new();
-    let alice = &tcm.alice().await;
-    let bob = &tcm.bob().await;
-
-    let alice_chat = alice.create_chat(bob).await;
-    alice
-        .place_outgoing_call(alice_chat.id, PLACE_INFO.to_string(), true)
-        .await?;
-    let sent1 = alice.pop_sent_msg().await;
-    let bob_call = bob.recv_msg(&sent1).await;
-    // Bob can't end_call() because the contact request isn't accepted, but he can mark the call as
-    // seen.
-    markseen_msgs(bob, vec![bob_call.id]).await?;
-    assert_eq!(bob_call.id.get_state(bob).await?, MessageState::InSeen);
-    // Bob sends an MDN only to self so that an unaccepted contact can't know anything.
-    assert_eq!(
-        bob.sql
-            .count(
-                "SELECT COUNT(*) FROM smtp_mdns WHERE msg_id=? AND from_id=?",
-                (bob_call.id, ContactId::SELF)
-            )
-            .await?,
-        1
-    );
-    Ok(())
-}
-
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_caller_cancels_call() -> Result<()> {
    // Alice calls Bob
@@ -498,7 +425,7 @@ async fn test_caller_cancels_call() -> Result<()> {
    // Test that message summary says it is a missed call.
    let bob_call_msg = Message::load_from_db(&bob, bob_call.id).await?;
    let summary = bob_call_msg.get_summary(&bob, None).await?;
-    assert_eq!(summary.text, "🎥 Missed call");
+    assert_eq!(summary.text, "📞 Missed call");

    bob2.recv_msg_trash(&sent3).await;
    assert_text(&bob2, bob2_call.id, "Missed call").await?;
@@ -598,6 +525,13 @@ async fn test_update_call_text() -> Result<()> {
    Ok(())
 }

+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_sdp_has_video() {
+    assert!(sdp_has_video("foobar").is_err());
+    assert_eq!(sdp_has_video(PLACE_INFO).unwrap(), false);
+    assert_eq!(sdp_has_video(PLACE_INFO_VIDEO).unwrap(), true);
+}
+
 /// Tests that calls are forwarded as text messages.
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_forward_call() -> Result<()> {
@@ -608,7 +542,7 @@ async fn test_forward_call() -> Result<()> {

    let alice_bob_chat = alice.create_chat(bob).await;
    let alice_msg_id = alice
-        .place_outgoing_call(alice_bob_chat.id, PLACE_INFO.to_string(), true)
+        .place_outgoing_call(alice_bob_chat.id, PLACE_INFO.to_string())
        .await
        .context("Failed to place a call")?;
    let alice_call = Message::load_from_db(alice, alice_msg_id).await?;
@@ -676,3 +610,65 @@ async fn test_end_text_call() -> Result<()> {

    Ok(())
 }
+
+/// Tests that partially downloaded "call ended"
+/// messages are not processed.
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_no_partial_calls() -> Result<()> {
+    let mut tcm = TestContextManager::new();
+    let alice = &tcm.alice().await;
+
+    let seen = false;
+
+    // The messages in the test
+    // have no `Date` on purpose,
+    // so they are treated as new.
+    let received_call = receive_imf(
+        alice,
+        b"From: bob@example.net\n\
+        To: alice@example.org\n\
+        Message-ID: <first@example.net>\n\
+        Chat-Version: 1.0\n\
+        Chat-Content: call\n\
+        Chat-Webrtc-Room: YWFhYWFhYWFhCg==\n\
+        \n\
+        Hello, this is a call\n",
+        seen,
+    )
+    .await?
+    .unwrap();
+    assert_eq!(received_call.msg_ids.len(), 1);
+    let call_msg = Message::load_from_db(alice, received_call.msg_ids[0])
+        .await
+        .unwrap();
+    assert_eq!(call_msg.viewtype, Viewtype::Call);
+    assert_eq!(call_state(alice, call_msg.id).await?, CallState::Alerting);
+
+    let imf_raw = b"From: bob@example.net\n\
+        To: alice@example.org\n\
+        Message-ID: <second@example.net>\n\
+        In-Reply-To: <first@example.net>\n\
+        Chat-Version: 1.0\n\
+        Chat-Content: call-ended\n\
+        \n\
+        Call ended\n";
+    receive_imf_from_inbox(
+        alice,
+        "second@example.net",
+        imf_raw,
+        seen,
+        Some(imf_raw.len().try_into().unwrap()),
+    )
+    .await?;
+
+    // The call is still not ended.
+    assert_eq!(call_state(alice, call_msg.id).await?, CallState::Alerting);
+
+    // Fully downloading the message ends the call.
+    receive_imf_from_inbox(alice, "second@example.net", imf_raw, seen, None)
+        .await
+        .context("Failed to fully download end call message")?;
+    assert_eq!(call_state(alice, call_msg.id).await?, CallState::Missed);
+
+    Ok(())
+}
--- a/src/chat.rs
+++ b/src/chat.rs
--- a/src/chat/chat_tests.rs
+++ b/src/chat/chat_tests.rs
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
iequidoo	88fae8b813	feat: Don't copy References and In-Reply-To to outer headers This implements the suggestion from https://www.rfc-editor.org/rfc/rfc9788.html#name-offering-more-ambitious-hea of "Header Protection for Cryptographically Protected Email".	2025-11-14 05:41:24 -03:00
iequidoo	8c09ca3691	feat: Do not copy Auto-Submitted header into outer part Before, copying Auto-Submitted to the outer headers was needed for moving such messages, e.g. multi-device sync messages, to the DeltaChat folder. Now all encrypted messages are moved.	2025-11-14 05:07:25 -03:00
iequidoo	a9949f87c2	feat: Do not copy Chat-Version header into outer part Chat-Version is used sometimes by Sieve filters to move messages to DeltaChat folder: `37beed6ad9/data/conf/dovecot/global_sieve_before` This probably prevents notifications to MUAs that don't watch DeltaChat but watch INBOX. There are however disadvantages to exposing Chat-Version: 1. Spam filters may not like this header and it is difficult or impossible to tell if `Chat-Version` plays role in rejecting the message or delivering it into Spam folder. If there is no such header visible to the spam filter, this possibility can be ruled out. 2. Replies to chat messages may have no `Chat-Version` but have to be moved anyway. 3. The user may have no control over the Sieve filter, but it comes preconfigured in mailcow, so it is not possible to disable it on the client. Thanks to link2xt for providing this motivation. NOTE: Old Delta Chat will assign partially downloaded replies to an ad-hoc group with the sender instead of the 1:1 chat, but we're removing partial downloads anyway.	2025-11-14 05:07:25 -03:00
iequidoo	e95e40c94f	feat: Move all encrypted messages to mvbox if MvboxMove is on Before, only replies to chat messages were moved to the mvbox because we're removing Chat-Version from outer headers, but there's no much sense in moving only replies and not moving original messages and MDNs. Instead, move all encrypted messages. Users should be informed about this in UIs, so if a user has another PGP-capable MUA, probably they should disable MvboxMove. Moreover, untying this logic from References and In-Reply-To allows to remove them from outer headers too, the "Header Protection for Cryptographically Protected Email" RFC even suggests such a behavior: https://datatracker.ietf.org/doc/html/rfc9788#name-offering-more-ambitious-hea.	2025-11-14 05:07:25 -03:00
iequidoo	9e0e0dcaf7	feat: Don't download group messages unconditionally There was a comment that group messages should always be downloaded to avoid inconsistent group state, but this is solved by the group consistency algo nowadays in the sense that inconsistent group state won't spread to other members if we send to the group. Moreover, encrypted messages are now always downloaded, and unencrypted chat replies too, and as for ad-hoc groups, `Config::ShowEmails` controls everything.	2025-11-14 05:07:25 -03:00
iequidoo	37d9b704dc	feat: imap: Don't prefetch Chat-Version; try to find out message encryption state instead Instead, prefetch Secure-Join, Content-Type and Subject headers, try to find out if the message is encrypted, i.e.: - if its Content-Type is "multipart/encrypted" - or Subject is "..." or "[...]" as some MUAs use "multipart/mixed"; we can't only look at Subject as it's not mandatory; and depending on this decide on the target folder and whether the message should be downloaded. There's no much sense in downloading unencrypted "Chat-Version"-containing messages if `ShowEmails` is `Off` or `AcceptedContacts`, unencrypted Delta Chat messages should be considered as usual emails, there's even the "New E-Mail" feature in UIs nowadays which sends such messages. Don't prefetch Auto-Submitted as well, this becomes unnecessary. Changed behavior: before, "Chat-Version"-containing messages were moved from INBOX to DeltaChat, now such encrypted messages may remain in INBOX -- if there's no parent message or it's not `MessengerMessage`. Don't unconditionally move encrypted messages yet because the account may be shared with other software which doesn't and shouldn't look into the DeltaChat folder.	2025-11-14 05:07:25 -03:00
@@ -1 +1 @@
 -03-30
 -11-11