I was wrong. gpg (scdaemon) needed to be fixed with more changes for the interaction with pinentry.

I pushed my patch for gpg, since it does not break anything, just allow empty passphrase input (to skip).
I also pushed my patch for gpgme. I believe that it's correct.

gpg 2.2 does: when it sees PKT_PUBKEY_ENC it asks a user to try decrypting the session key. when it sees PKT_SYMKEY_ENC it asks a user to try decrypting the encrypted session key by passphrase. When one of tries successes, it use the result (the session key) to decrypt PKT_ENCRYPTED_* packet. When there are multiple PKT_PUBKEY_ENC and PKT_SYMKEY_ENC, gpg 2.2 handles sequentially.

I was too optimistic. GPGME is required the following change, too:

diff --git a/src/passphrase.c b/src/passphrase.c
index 140cd03a..d07afa91 100644
--- a/src/passphrase.c
+++ b/src/passphrase.c
@@ -114,6 +114,11 @@ _gpgme_passphrase_status_handler (void *priv, gpgme_status_code_t code,
     case GPGME_STATUS_CANCELED_BY_USER:
       return gpg_error (GPG_ERR_CANCELED);

I'd propose applying the patch of mine above to gpg, and suggest users to input empty pass phrase to skip (instead of cancelling).
This could be a minimum change (only gpg). Or else, gpgme needs to change to ignore CANCEL status; I think that it's not easy change.

Possibly, it was the same cause as T8052 (the bug in libgpg-error spawning a process).

I looked at sm/keydb.c:keydb_set_ephemeral function. It says:

How did you configure? If possible, please show us the configure options when you built.
Did it work in older version(s) of libgpg-error?

It seemed that the reporter (also) claimed that a git repo could be weak/vulnerable when X.509 signature is used to validate the commits.

For the record (to show we don't hide a problem), I add some information.

It should be solved by the upstream (libtool, gnulib, and possibly autoconf/automake). The solution would be refactoring AC_PROG_LD and AC_LIB_PROG_LD factoring out common things like handling use of GNU LD.

The reporter informed:
CVE-2025-69913

I found that it's not that simple to accept the case of no newline at the end.
Because we need to handle the edge case where no newline occurs at the maximum buffer length, too.
It's something like the following.

Also applied to 2.4 branch.

Also applied to 2.4 branch.

Libraries have been fixed (as well as GnuPG itself), so, closing.

Fixed in 1.12.1.

rG62b8bf2f introduced the regression. The intent of the fix was about comparison of -----END , which has nine characters.
But it also added afx->buffer_pos ==1, that affected.

Applied the change in: rK86c6e972421a: Fix a memory leak in _ksba_ber_decoder_decode.

Fixed in 1.12.0.

Fixed in libgpg-error 1.59.

Like this patch?

I found a possible leak and a possible access of freed memory.

@thesamesam Thanks a lot.
I managed to replicate the failure somehow (for me, it fails at the importing the key).

Please tell us the information of your environment.
What the versions of gpg and gpg-agent?

Here is an attempt of mine this week:

diff --git a/g10/call-agent.c b/g10/call-agent.c
index 5e13a3e52..8949fad17 100644
--- a/g10/call-agent.c
+++ b/g10/call-agent.c
@@ -3290,13 +3290,14 @@ confirm_status_cb (void *opaque, const char *line)
    message.  If FORCE is true the agent is advised not to ask for
    confirmation. */
 gpg_error_t
-agent_delete_key (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
+agent_delete_key (ctrl_t ctrl, const char *keygrip, const char *desc,
                   int force)
 {
   gpg_error_t err;
   char line[ASSUAN_LINELENGTH];
   struct default_inq_parm_s dfltparm;
   struct confirm_parm_s confirm_parm;
+  const char *keygrip2 = NULL;

The fix causes a regression. Reported: https://lists.gnupg.org/pipermail/gnupg-devel/2026-February/036218.html

This is not 2.5-only.

No, OpenBSD's implementation of POSIX semaphore is different to NetBSD.
(It doesn't support PSHARED=1.)

Possibly, it is related to the NetBSD failure of T8065.
If importing the secret key fails (which invokes gpg-agent), decryption cannot be succeeded.
I will check OpenBSD implementation of POSIX semaphore, if it's similar to NetBSD one.

Investigating GNU ld, I learned that there is no easy way (~= no way) to suppress the warnings (other than 2>/dev/null). It was implemented by the special section named gnu.warning.SYM where SYM is a symbol. I think that this is not-so-good for glibc to notify its users about possible static link problem, by gnu.warning.SYM.

I found two issues in libgpg-error for spawning functions.

POSIX documentation never says that PSHARED=0 prevents sharing among processes. In my opinion, it still conforms to POSIX even when a PSHARED=0 semaphore can be shared between parent and child processes.

In tests/migrations, (unlike tests/openpgp and tests/cms), the tests do not prepare gpg-agent, but it is gpg which invokes gpg-agent if needed.
Because of that, on NetBSD (where POSIX semaphore has a different semantics), it hangs with gpg --list-secret-key, when gpg tries to spawn the gpg-agent process.
In the old code of 2.4, it simply ignores about the npth_protect and npth_unprotect sequence when calling fork to spawn a process.
New code in libgpg-error cares about npth_protect and npth_unprotect sequence but it was not sufficient; We need to care about NetBSD's semantics. Child process should not call npth_protect. With shared semantics, child process's calling npth_protect affects to cause parent process: it hangs.

@wiz Thank you for your quick feedback.

Thank you for the log.