Thanks for your information.
Hum, you are using gpg-agent for SSH access.

Perhaps, it's better to remove -no-install flag in tests/Makefile.am, so that test programs will be wrapper script by libtool.

It seems it's Ubuntu specific: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1796563

I think that all that we can do is to improve documentation.

Apparently, it's an error from your installed /usr/local/opt/libgpg-error/lib/libgpg-error.0.dylib (you have some configuration to prefer this library), while your configure is for /usr/local/lib (because you specify no --prefix).

Please let us know the version of GnuPG, the output of gpg --card-status when inserted, and how gpg is not working well, etc.

How scdaemon responds when there is no card available?

In FreeBSD, getrandom(3) became available, when getrandom(2) was added. <-- This is my theory.
If this is true, just use getrandom(3), not using getrandom(2) by syscall.

It became common, because many people now use larger keys.
For RSA-4096, three simultaneous connections for decryption may cause the failure.
In the experimental patch of D472: Limit active connections for gpg-agent, I limit gpg-agent to accept two connections only.

increment the counter is better done by the looping main thread.

This is an experimental patch. So, I just reuse SIGUSR1 to wake up "select"-ing thread by kill(2).
I put limit-active-connections 2 in gpg-agent.conf for the test with run-threaded of gpgme.

For my case, with $GNUPGHOME/gpg-agent.conf having debug-all, I observed that rsa_decrypt failes with 'Cannot allocate memory', after debug output of 'res'.
Reading libgcrypt/cipher/rsa.c, it is line 1439, where it calls sexp_build (MPI of PLAIN into SEXP of R_PLAIN).
I think that it does indeed memory failure here.
Having "auto-expand-secmem" in gpg-agent.conf, it goes well.

I decided not to backport UIF things.
Other fixes (KDF and memory leak) were done.
If this decision will be re-evaluated, remember the backport of the commit rG05d163aebc04: scd: Make "learn" report about KDF data object. doesn't have UIF change.

Perhaps, the changes for UIF (user interaction flag) is not needed to be backported now.
Because the feature is not yet used by any OpenPGP card implementation.
I am testing with Gnuk, but it's still experimental even for Gnuk.

So far, so good.

I think that it's good to rewrite enum_secret_keys in g10/skclist.c.

The bug is gone by rG79f165d7a8bc: gpg: Make --skip-hidden-recipients work again..

Here are warnings:

If we can assume C99, we have the type.
I know, it is not guaranteed to be enough size. For particular host (Windows 64-bit), it works.