The LTS branch 2.2 (2.2.42) claims to need libgpg-error 1.27 and libksba 1.3.5
However, the actual requisites turn out to be libgpg-error-1.38 (due to the use of gpgrt_reallocarray, there are also other usages requiring libgpg-error > 1.27 but less than 1.38) and libksba-1.4.0 (use of functions like ‘ksba_der_add_val’ on sm/sign.c: write_detached_signature)
While there may not be a 2.2.43, it would be nice to fix this if it actually happens.