diff --git a/.SRCINFO b/.SRCINFO
index e3c096f..5cf73ac 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,6 +1,6 @@
 pkgbase = gnupg-scdaemon-shared-access
 	pkgdesc = This package adds shared-access option that uses PCSC_SHARE_SHARED for pcsc_connect in scdaemon when using pcsc backend for smartcard access
-	pkgver = 2.2.17
+	pkgver = 2.2.18
 	pkgrel = 1
 	url = https://www.gnupg.org/
 	install = install
@@ -25,20 +25,22 @@ pkgbase = gnupg-scdaemon-shared-access
 	optdepends = pcsclite: scdaemon
 	provides = gnupg
 	provides = dirmngr
-	provides = gnupg=2.2.17
-	provides = gnupg2=2.2.17
+	provides = gnupg=2.2.18
+	provides = gnupg2=2.2.18
 	conflicts = gnupg
 	conflicts = dirmngr
 	conflicts = gnupg2
-	source = https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.17.tar.bz2
-	source = https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.17.tar.bz2.sig
+	source = https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.18.tar.bz2
+	source = https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.18.tar.bz2.sig
+	source = self-sigs-only.patch
 	source = scdaemon_shared-access.patch
 	validpgpkeys = D8692123C4065DEA5E0F3AB5249B39D24F25E3B6
 	validpgpkeys = 46CC730865BB5C78EBABADCF04376F3EE0856959
 	validpgpkeys = 031EC2536E580D8EA286A9F22071B08A33BD3F06
 	validpgpkeys = D238EA65D64C67ED4C3073F28A861B1C7EFD60D9
-	sha256sums = afa262868e39b651a2db4c071fba90415154243e83a830ca00516f9a807fd514
+	sha256sums = 30d37ce2ca55b2b9b61480b2a175a3b22066ab41cd3f84688448919b566dec0a
 	sha256sums = SKIP
+	sha256sums = 0130c43321c16f53ab2290833007212f8a26b1b73bd4edc2b2b1c9db2b2d0218
 	sha256sums = aa46b372830dd8ed355a86a1677c50c6be8178f847c09b7291f47a1dc3ea02dc
 
 pkgname = gnupg-scdaemon-shared-access
diff --git a/PKGBUILD b/PKGBUILD
index 115b842..1217adf 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -6,7 +6,7 @@
 
 _pkgname=gnupg
 pkgname=gnupg-scdaemon-shared-access
-pkgver=2.2.17
+pkgver=2.2.18
 pkgrel=1
 pkgdesc='This package adds shared-access option that uses PCSC_SHARE_SHARED for pcsc_connect in scdaemon when using pcsc backend for smartcard access'
 url='https://www.gnupg.org/'
@@ -24,9 +24,11 @@ validpgpkeys=('D8692123C4065DEA5E0F3AB5249B39D24F25E3B6'
               '031EC2536E580D8EA286A9F22071B08A33BD3F06'
               'D238EA65D64C67ED4C3073F28A861B1C7EFD60D9')
 source=("https://gnupg.org/ftp/gcrypt/${_pkgname}/${_pkgname}-${pkgver}.tar.bz2"{,.sig}
+        "self-sigs-only.patch"
         "scdaemon_shared-access.patch")
-sha256sums=('afa262868e39b651a2db4c071fba90415154243e83a830ca00516f9a807fd514'
+sha256sums=('30d37ce2ca55b2b9b61480b2a175a3b22066ab41cd3f84688448919b566dec0a'
             'SKIP'
+            '0130c43321c16f53ab2290833007212f8a26b1b73bd4edc2b2b1c9db2b2d0218'
             'aa46b372830dd8ed355a86a1677c50c6be8178f847c09b7291f47a1dc3ea02dc')
 
 install=install
@@ -37,6 +39,7 @@ provides=('gnupg' 'dirmngr' "gnupg=${pkgver}" "gnupg2=${pkgver}")
 prepare() {
 	cd "${srcdir}/${_pkgname}-${pkgver}"
 	sed '/noinst_SCRIPTS = gpg-zip/c sbin_SCRIPTS += gpg-zip' -i tools/Makefile.in
+        patch -R -p1 -i ../self-sigs-only.patch
 	patch -p1 -t -N < "${srcdir}/scdaemon_shared-access.patch"
 }
 
diff --git a/self-sigs-only.patch b/self-sigs-only.patch
new file mode 100644
index 0000000..3d74063
--- /dev/null
+++ b/self-sigs-only.patch
@@ -0,0 +1,56 @@
+From: Werner Koch <wk@gnupg.org>
+Date: Thu, 4 Jul 2019 13:45:39 +0000 (+0200)
+Subject: gpg: Add "self-sigs-only" and "import-clean" to the keyserver options.
+X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff_plain;h=23c978640812d123eaffd4108744bdfcf48f7c93
+
+gpg: Add "self-sigs-only" and "import-clean" to the keyserver options.
+
+* g10/gpg.c (main): Change default.
+--
+
+Due to the DoS attack on the keyeservers we do not anymore default to
+import key signatures.  That makes the keyserver unsuable for getting
+keys for the WoT but it still allows to retriev keys - even if that
+takes long to download the large keyblocks.
+
+To revert to the old behavior add
+
+  keyserver-optiions  no-self-sigs-only,no-import-clean
+
+to gpg.conf.
+
+GnuPG-bug-id: 4607
+Signed-off-by: Werner Koch <wk@gnupg.org>
+---
+
+diff --git a/doc/gpg.texi b/doc/gpg.texi
+index 8feab8218..9513a4e0f 100644
+--- a/doc/gpg.texi
++++ b/doc/gpg.texi
+@@ -1917,6 +1917,11 @@ are available for all keyserver types, some common options are:
+ 
+ @end table
+ 
++The default list of options is: "self-sigs-only, import-clean,
++repair-keys, repair-pks-subkey-bug, export-attributes,
++honor-pka-record".
++
++
+ @item --completes-needed @var{n}
+ @opindex compliant-needed
+ Number of completely trusted users to introduce a new
+diff --git a/g10/gpg.c b/g10/gpg.c
+index 66e47dde5..0bbe72394 100644
+--- a/g10/gpg.c
++++ b/g10/gpg.c
+@@ -2424,7 +2424,9 @@ main (int argc, char **argv)
+     opt.import_options = IMPORT_REPAIR_KEYS;
+     opt.export_options = EXPORT_ATTRIBUTES;
+     opt.keyserver_options.import_options = (IMPORT_REPAIR_KEYS
+-					    | IMPORT_REPAIR_PKS_SUBKEY_BUG);
++					    | IMPORT_REPAIR_PKS_SUBKEY_BUG
++                                            | IMPORT_SELF_SIGS_ONLY
++                                            | IMPORT_CLEAN);
+     opt.keyserver_options.export_options = EXPORT_ATTRIBUTES;
+     opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD;
+     opt.verify_options = (LIST_SHOW_UID_VALIDITY