2. In the Certify dialog the "Advanced" expander lacks a focus indicator.

Fixed for master but not yet tested.

1. In the Certificate Details dialog NVDA does not read the labels associated to the key properties when a property gets focus, e.g. it reads the expiration date, but it does not read the label "Valid until".

@aheinecke What do you think about this?

This is now ready for testing.

Is this still an issue or is the new gpgconf -X feature sufficient to detect this case?

An outer signature or even a new packet to sign the list of encrypted session keys might also be an option which does not disturb older implementations.

Is that still required wit the new gpgme global flag "inst-type"?

Ready for testing

Would running the different --list-options in parallel make sense? Or would the block each other?

The issue with rWe06c325a9a29 was that it linked in all breeze icons and nowadays would also link in all breeze-dark icons. Which increased the size of Kleopatra so much that there was no performance gain and the fallbacks were still checked. This might require a fix in Qt / Kiconloader not to use fallbacks and also to only resource up the subset of icons which we actually use and package.

In QGPGME which is used by GpgOL and Kleopatra we have solved this by loading the configuration only once and then reusing it. I see no need to change something in gpgconf here.

@werner - having another argument might be useful. Indeed, pthread_atfork has three callback functions as its arguments (prepare, parent, and child).

I general I agree.

There is a utility named kbxutil which can be sued to dump the pubring.kbx file without any post-processing by gpg. I would check whether there are any other keys after the VideoLAN key. iirc, kbxutil ist not commonly installed; you may need to build the software yourself or copy the pubring.kbx to Linux and check it here.

To have clear semantics, I propose a change to gpgrt_spawn_process_fd (calling SPAWN_CB, instead of AFTER_FORK_CB, and give it return value), and exporting gpgrt_close_all_fds to users.

By the commit rE43c1e85fe29a: spawn: Expose spawn functions., spawn functions are exposed now. The API is compatible to the one of internal functions in GnuPG master (2.3).
Semantics is not well-defined portably for:

• gpgrt_spawn_process: EXCEPT only makes sense in POSIX. User could expect that the API does closing all fds except fds specified by EXCEPT in POSIX.
• gpgrt_spawn_process_fd: AFTER_FORK_CB only makes sense in POSIX. User could specify the callback so that it can control sigmask, envvar, open/close/dup-ing file descriptors, making sure releasing some resources beforehand, etc.

@gniibe - Thanks for the quick response. It now works for me.
cu Andreas

@aheinecke Please show me how you configure your libassuan-master (and the output which detects host's gpg-error-config erroneously).

@ametzler1 Thank you. That was because of my bad fix.
Fixed in rMf1802682c3c8: python: Fix configure generating setup.py.

the pushed fix breaks when libgpg-error does not require special CFLAGS, i.e. when @GPG_ERROR_CFLAGS@ expands to an empty string:

I have pushed the patch, but still it did not work for me properly over everything and I had to add --enable-install-gpg-error-config to libgpg-error. This was because of at least the 64 bit build of libassuan-master it picked up gpg-error-config from my host system. I then tried to add --with-gpg-error-prefix to the assuan call but that failed because it only looked for gpg-error-config in this prefix and not for any gpgrt-config and failed immediately with a command not found error.

Here is the Log-File.
No, this mails in private-folder and not shared.
We have reproduced this issue on some W10 and W11 Systems with last build from Outlook

In that case could you please attach a basic log from selecting an S/MIME Mail with S/MIME disabled? Activatable under GpgOL options / logging

no, SMIME was not activated, the error still appeared and only when the GPG plugin was completely deactivated could Outlook read SMIME properly