Perhaps, the missing length information in compressed data packet is confusing. The length can be determined by the assumption of existence of 22-byte MDC packet.

Here is my understanding.

Closing.

Initial development finished.
Now, my plan is:

• a bit more tweaks for gpg-error-config-old to support new ways (such as --variable=*)
• testing on *BSD
• not including gpg-error-config-new to next libgpg-error 1.33
  • Now, gpg-error-config-old has forward compatibility, so, no problem
  • Possibly include new gpg-error.m4???
• After 1.33, merge the branch (not directly by "merge" but merging all changes with relevant commit logs) to master of libgpg-error. This means:
  • gpg-error-config-new
  • checking difference between old and new at build-time
  • "make check" tests difference between gpg-error-config(-new) and pkg-config (if available)
• 1.34 1.33 will have all new features
• Then, we will migrate other software of our GnuPG
  • libassuan
  • libgcrypt
  • libksba
  • libnpth
  • ntbtls
  • gpgme

I can see MDC packet of 22-byte (which starts by 0xd3 0x14, and then 20-byte SHA-1 hash), when SEIP data packet is decrypted.
I don't see your situation.
How about with no compression (-z 0)? I mean, compression is not applied to MDC packet.

The implementation by Bourne shell is not perfect. Parsing .pc file depends on glob pattern match, which would have unexpected behavior in some cases (e.g. when .pc has no variable definitions and it only has "Requires: somepackage >= 1.0", the line matches glob pattern of "*=*" which looks like variable definition).

By rEfb1d0cd7105e: Support module dependency., it supports version dependency handling.
While it's far from pkg-config replacement, I think that we can use the script for all GnuPG software with *.pc file.
I mean, this single script for all.

Today, I wrote a script:

Up to rEe0aecec6d040: Remove AC_CONFIG_COMMANDS for gpg-error-config., now it supports dependency of modules and multiple modules.
A single shell script can be same content (but only names differ).
It only supports features used by our *-config command, though. (Not support --static yet, for example)

In gniibe/pkg-config-support branch of libgpg-error, I put my attempt to the improvement.
Now, gpg-error-config is a shell script which uses gpg-error.pc.
This way, we can avoid to introduce more of our local incompatible change against pkg-config, keeping pkg-config style easier.
Now, we have incompatible things: --mt and --host, I'd like to encourage to switch to new compatible use of --variable=mtlibs, --variable=mtcflags, and --variable=host.

When we will actually extend the fingerprints, more changes (spec and implementation) will be required because of the length limitation of DO 0x6E.
See https://dev.gnupg.org/T4097

In master, commit from rGce2f71760155: g10: Change decryption key selection for public key encryption. until rG84cc55880a58: g10: Prefer to available card keys for decryption. fixed this.

I think it's good to close this as "resolved", since many fixes have been done, and I don't have remaining issue.
@wiz Please open another ticket for your next try.

This entry was created based on the conversation at #gnupg channel.
I can't reproduce keep hanging.
I confirmed that pinentry vanished (perhaps, because of timeout).

Thanks for the information.

I don't understand the reason why 0x6E (Application Related Data) can be so long. What OpenPGP card implementation do you have?

OK, I take this ticket.

Obvious benefit will be:

• It will be easier for developers who use pkg-config for their applications, and want to use gpgme. They can use pkg-config for gpgme.

Done for npth.

No, it is your fix: rG278d87465685: gpg: Clear the symmetric passphrase cache for encrypted session keys..
Please cherry pick it to 2.2 branch.

Fixed in master and 2.2 branch.

I found two more cases. Those are included in the fix.

Good catch. Thank you.