diff --git a/codegen/gen_codec.ysl2 b/codegen/gen_codec.ysl2
index 8aae0382..131c0fe9 100644
--- a/codegen/gen_codec.ysl2
+++ b/codegen/gen_codec.ysl2
@@ -152,8 +152,13 @@ tstylesheet {
 
             *msg = NULL;
             «@name»_t *_msg = NULL;
-            uper_decode_complete(NULL, &asn_DEF_«@name», (void **) &_msg, data, size);
-            if (!_msg)
+            asn_dec_rval_t rval = uper_decode_complete(NULL, &asn_DEF_«@name», (void **) &_msg, data, size);
+
+            // N.B: If you plan on having messages were the full message isn't consumed by decoding here,
+            // then please look into uper_decode_complete; we still may get a message, even if to contains
+            // nothing. RC_FAIL is an obvious case, but we also need to fail if RC_WMORE is the code, especially
+            // if rval.consumed == 0. Volker, please look into this and decide what you want.
+            if (!_msg || rval.code != RC_OK)
                 return PEP_«yml:ucase(@name)»_ILLEGAL_MESSAGE;
 
             *msg = _msg;
diff --git a/codegen/gen_statemachine.ysl2 b/codegen/gen_statemachine.ysl2
index bc206dff..07019b6f 100644
--- a/codegen/gen_statemachine.ysl2
+++ b/codegen/gen_statemachine.ysl2
@@ -1705,7 +1705,7 @@ tstylesheet {
 
             switch (event) {
                 case None:
-                    «../@name»_SERVICE_LOG("received Timeout event", "ignoring");
+                    // received Timeout event, ignoring
                     break;
      
         ||
diff --git a/src/engine_sql.c b/src/engine_sql.c
index a983c5ea..344fb96d 100644
--- a/src/engine_sql.c
+++ b/src/engine_sql.c
@@ -713,7 +713,7 @@ static PEP_STATUS _create_core_tables(PEP_SESSION session) {
             "   timestamp integer default (datetime('now')),\n"
             "   primary key (address, user_id)\n"
             ");\n"
-            "create index if not exists identity_userid_addr on identity(address, user_id);\n"
+            "create index if not exists identity_userid on identity (user_id);\n"
             "create table if not exists trust (\n"
             "   user_id text not null\n"
             "       references person (id)\n"
@@ -1548,6 +1548,27 @@ static PEP_STATUS _upgrade_DB_to_ver_18(PEP_SESSION session) {
     return _force_upgrade_own_latest_message_version(session);
 }
 
+static PEP_STATUS _upgrade_DB_to_ver_19(PEP_SESSION session) {
+    int int_result = sqlite3_exec(
+            session->db,
+            /* This index was useless: it was an index on the (multi-column)
+               primary key, always implemented using an index which gets also
+               used in queries. */
+            "drop index if exists identity_userid_addr;\n"
+            "\n"
+            "create index if not exists identity_userid on identity (user_id);\n",
+            NULL,
+            NULL,
+            NULL
+    );
+    assert(int_result == SQLITE_OK);
+
+    if (int_result != SQLITE_OK)
+        return PEP_UNKNOWN_DB_ERROR;
+
+    return PEP_STATUS_OK;
+}
+
 // Honestly, the upgrades should be redone in a transaction IMHO.
 static PEP_STATUS _check_and_execute_upgrades(PEP_SESSION session, int version) {
     PEP_STATUS status = PEP_STATUS_OK;
@@ -1620,6 +1641,10 @@ static PEP_STATUS _check_and_execute_upgrades(PEP_SESSION session, int version)
             if (status != PEP_STATUS_OK)
                 return status;
         case 18:
+            status = _upgrade_DB_to_ver_19(session);
+            if (status != PEP_STATUS_OK)
+                return status;
+        case 19:
             break;
         default:
             return PEP_ILLEGAL_VALUE;
diff --git a/src/engine_sql.h b/src/engine_sql.h
index 0bcd6415..25d98ea4 100644
--- a/src/engine_sql.h
+++ b/src/engine_sql.h
@@ -3,7 +3,7 @@
 #include "pEp_internal.h"
 
 // increment this when patching DDL
-#define _DDL_USER_VERSION "18"
+#define _DDL_USER_VERSION "19"
 
 PEP_STATUS init_databases(PEP_SESSION session);
 PEP_STATUS pEp_sql_init(PEP_SESSION session);
diff --git a/src/pEpEngine.c b/src/pEpEngine.c
index 1dac1961..31e7f9b6 100644
--- a/src/pEpEngine.c
+++ b/src/pEpEngine.c
@@ -161,6 +161,12 @@ DYNAMIC_API void release(PEP_SESSION session)
                 sqlite3_close_v2(session->system_db);
         }
 
+        if (!EMPTYSTR(session->curr_passphrase)) {
+            free (session->curr_passphrase);
+            /* In case the following freeing code still uses the field. */
+            session->curr_passphrase = NULL;
+        }
+
         release_transport_system(session, out_last);
         release_cryptotech(session, out_last);
         free(session);
diff --git a/test/src/ElevatedAttachmentsTest.cc b/test/src/ElevatedAttachmentsTest.cc
index 9b6812f6..aeb4a768 100644
--- a/test/src/ElevatedAttachmentsTest.cc
+++ b/test/src/ElevatedAttachmentsTest.cc
@@ -226,6 +226,8 @@ TEST_F(ElevatedAttachmentsTest, check_encrypt_decrypt_message) {
     msg->shortmsg = strdup("Yo Bob!");
     msg->longmsg = strdup("Look at my hot new sender fpr field!");
 
+    // Volker: This is a sloppy way to test - it got processed as a real distribution message because data has meaning
+    //         and happily exposed a bug in your generation code, but... well, you know better :)
     const char *distribution = "simulation of distribution data";
     msg->attachments = new_bloblist(strdup(distribution), strlen(distribution)
             + 1, "application/pEp.distribution", "distribution.pEp");