Thank you. Merged and pushed.

Applied and pushed.

@werner No problem. Just go ahead.

Done in 2.3.0.

Done in 2.3.0.

Done in 2.3.

Thank you.

Thank you. Applied and pushed.

Thank you. I'll take care of this.

Do we have CVE number assigned?

Thank you for your publishing your key of CB6BE1D0D7D1594A.
I applied and pushed your changes.

Thanks. Note, that the same code is in gnupg2 in common/exechelp-posix.c:736

Thank you.
Applied both to STABLE-BRANCH-2-2 and master (changing new function name).

So, in my opinion, applying the patch for ElGamal exponent blinding is enough (for now).

For DSA, I had assumed similar attack could be effective.

CC_FOR_BUILD is used for building executables for the build machine.
CC_FOR_BUILD may be different to CC (for target).

For gpgrt_wait_processes, I modified it to skip invalid PID.
The change is: rE956c40f106ea: core: Fix gpgrt_wait_processes, by skipping invalid PID.

Thank you.
For get_attr_l, I pushed a fix as rE89a353f418f5: build: Fix gpgrt-config for handling 'Requires' field.

IIUC... Could you please try this patch?

diff --git a/random/rndlinux.c b/random/rndlinux.c
index a7a78906..c20c5d4c 100644
--- a/random/rndlinux.c
+++ b/random/rndlinux.c
@@ -35,10 +35,13 @@
 #if defined(__APPLE__) && defined(__MACH__)
 #include <Availability.h>
 #ifdef __MAC_10_11
+#include <TargetConditionals.h>
+#if !defined(TARGET_OS_IPHONE) || TARGET_OS_IPHONE == 0
 extern int getentropy (void *buf, size_t buflen) __attribute__ ((weak_import));
 #define HAVE_GETENTROPY
 #endif
 #endif
+#endif
 #if defined(__linux__) || !defined(HAVE_GETENTROPY)
 #ifdef HAVE_SYSCALL
 # include <sys/syscall.h>

Fixed in 1.42.

I was wrong in my last comment. Escaping by another \ is needed.

Or, if we keep the code of newline (so that it will eventually support path with a space in future):

Thank you. Sorry for the use of GNU sed extension. It could be just a whitespace, if it's OK not to support path having a space.
sed -n -e "/^libraries/{s/libraries: =//;s/:/ /gp}") should work.

I wonder if this works in your use case:

diff --git a/m4/gpg-error.m4 b/m4/gpg-error.m4
index d910754e..aeedaf10 100644
--- a/m4/gpg-error.m4
+++ b/m4/gpg-error.m4
@@ -65,7 +65,7 @@ AC_DEFUN([AM_PATH_GPG_ERROR],
   min_gpg_error_version=ifelse([$1], ,1.33,$1)
   ok=no

If it is new, it may be the change of this commit rC8e3cd4c4677c: build: Update gpg-error.m4.

We are in transition from old gpg-error-config to new gpgrt-config. <-- This is the cause, while I tried to cover most use cases.

The optimization introduced for curve 25519 and curve 448 en-bugged for usage of direct MPI.

It's OK not supporting generation in PostScript format.
Thus, we can remove image_eps support.
Then, convert is not required any more.

Ah, I see that when there is no card reader, it returns "Service is not running" with PC/SC.
Let's fix that.

Here are example files produced by GnuPG 2.3-beta:
S part has preceding zero:

We could add compatibility mode for Ed25519 signature to conform well-formed MPI (expecting recovery).

Thank you. Applied and pushed.

For the pogo-pin test clip to flash, it is available in China.

Pushed the change. Please test.

See the comment in rE13918d05a333: Allow building with --disable-threads. for ABI incompatibility.

I'm sorry, if my wording sounded harsh.