diff --git a/gnupg-2.0.21.tar.bz2 b/gnupg-2.0.21.tar.bz2
deleted file mode 100644
index d5090d0..0000000
--- a/gnupg-2.0.21.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:00df8902c7cef4d2440d36ca2a45985853eb36c34a4163bc995c3578030eeef5
-size 4300604
diff --git a/gnupg-2.0.21.tar.bz2.sig b/gnupg-2.0.21.tar.bz2.sig
deleted file mode 100644
index 4776f67..0000000
Binary files a/gnupg-2.0.21.tar.bz2.sig and /dev/null differ
diff --git a/gnupg-2.0.22.tar.bz2 b/gnupg-2.0.22.tar.bz2
new file mode 100644
index 0000000..348852d
--- /dev/null
+++ b/gnupg-2.0.22.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:437d0ab259854359fc48aa8795af80cff4975e559c111c92c03d0bc91408e251
+size 4277117
diff --git a/gnupg-2.0.22.tar.bz2.sig b/gnupg-2.0.22.tar.bz2.sig
new file mode 100644
index 0000000..462c9be
Binary files /dev/null and b/gnupg-2.0.22.tar.bz2.sig differ
diff --git a/gnupg-2.0.9-RSA_ES.patch b/gnupg-2.0.9-RSA_ES.patch
index 656254a..e66e23b 100644
--- a/gnupg-2.0.9-RSA_ES.patch
+++ b/gnupg-2.0.9-RSA_ES.patch
@@ -3,43 +3,43 @@
 # g10/misc.c |    8 ++++++++
 # 1 file changed, 8 insertions(+)
 #
-Index: gnupg-2.0.20/g10/misc.c
+Index: gnupg-2.0.22/g10/misc.c
 ===================================================================
---- gnupg-2.0.20.orig/g10/misc.c	2013-05-10 13:55:47.000000000 +0100
-+++ gnupg-2.0.20/g10/misc.c	2013-05-10 19:57:18.000000000 +0100
-@@ -1326,6 +1326,8 @@ pubkey_get_npkey( int algo )
+--- gnupg-2.0.22.orig/g10/misc.c	2013-10-04 16:54:48.000000000 +0100
++++ gnupg-2.0.22/g10/misc.c	2013-10-05 12:39:16.000000000 +0100
+@@ -1333,6 +1333,8 @@ pubkey_get_npkey( int algo )
  
    if (algo == GCRY_PK_ELG_E)
      algo = GCRY_PK_ELG;
 +  if (algo == GCRY_PK_RSA_E || algo == GCRY_PK_RSA_S)
 +    algo = GCRY_PK_RSA;
-   if (gcry_pk_algo_info( algo, GCRYCTL_GET_ALGO_NPKEY, NULL, &n))
+   if (gcry_pk_algo_info (map_pk_openpgp_to_gcry (algo),
+                          GCRYCTL_GET_ALGO_NPKEY, NULL, &n))
      n = 0;
-   return n;
-@@ -1339,6 +1341,8 @@ pubkey_get_nskey( int algo )
+@@ -1353,6 +1355,8 @@ pubkey_get_nskey( int algo )
  
    if (algo == GCRY_PK_ELG_E)
      algo = GCRY_PK_ELG;
 +  if (algo == GCRY_PK_RSA_E || algo == GCRY_PK_RSA_S)
 +    algo = GCRY_PK_RSA;
-   if (gcry_pk_algo_info( algo, GCRYCTL_GET_ALGO_NSKEY, NULL, &n ))
+   if (gcry_pk_algo_info (map_pk_openpgp_to_gcry (algo),
+                          GCRYCTL_GET_ALGO_NSKEY, NULL, &n ))
      n = 0;
-   return n;
-@@ -1352,6 +1356,8 @@ pubkey_get_nsig( int algo )
+@@ -1373,6 +1377,8 @@ pubkey_get_nsig( int algo )
  
    if (algo == GCRY_PK_ELG_E)
      algo = GCRY_PK_ELG;
 +  if (algo == GCRY_PK_RSA_E || algo == GCRY_PK_RSA_S)
 +    algo = GCRY_PK_RSA;
-   if (gcry_pk_algo_info( algo, GCRYCTL_GET_ALGO_NSIGN, NULL, &n))
+   if (gcry_pk_algo_info (map_pk_openpgp_to_gcry (algo),
+                          GCRYCTL_GET_ALGO_NSIGN, NULL, &n))
      n = 0;
-   return n;
-@@ -1365,6 +1371,8 @@ pubkey_get_nenc( int algo )
+@@ -1393,6 +1399,8 @@ pubkey_get_nenc( int algo )
  
    if (algo == GCRY_PK_ELG_E)
      algo = GCRY_PK_ELG;
 +  if (algo == GCRY_PK_RSA_E || algo == GCRY_PK_RSA_S)
 +    algo = GCRY_PK_RSA;
-   if (gcry_pk_algo_info( algo, GCRYCTL_GET_ALGO_NENCR, NULL, &n ))
+   if (gcry_pk_algo_info (map_pk_openpgp_to_gcry (algo),
+                          GCRYCTL_GET_ALGO_NENCR, NULL, &n ))
      n = 0;
-   return n;
diff --git a/gpg2-CVE-2013-4351.patch b/gpg2-CVE-2013-4351.patch
deleted file mode 100644
index ec1b1bc..0000000
--- a/gpg2-CVE-2013-4351.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-commit 8f8f3984e82a025cf1384132a419f67f39c7e07d 
-Author: Werner Koch <wk <at> gnupg.org>
-Date:   Fri Mar 15 15:46:03 2013 +0100
-
-    gpg: Distinguish between missing and cleared key flags.
-
-    * include/cipher.h (PUBKEY_USAGE_NONE): New.
-    * g10/getkey.c (parse_key_usage): Set new flag.
-    --
-
-    We do not want to use the default capabilities (derived from the
-    algorithm) if any key flags are given in a signature.  Thus if key
-    flags are used in any way, the default key capabilities are never
-    used.
-
-    This allows to create a key with key flags set to all zero so it can't
-    be used.  This better reflects common sense.
-
-	Modified g10/getkey.c
-Index: gnupg-2.0.9/g10/getkey.c
-===================================================================
---- gnupg-2.0.9.orig/g10/getkey.c	2013-09-16 16:51:02.752624501 +0200
-+++ gnupg-2.0.9/g10/getkey.c	2013-09-16 16:54:20.955952692 +0200
-@@ -1457,13 +1457,19 @@ parse_key_usage(PKT_signature *sig)
- 
-       if(flags)
- 	key_usage |= PUBKEY_USAGE_UNKNOWN;
-+
-+      if (!key_usage)
-+	key_usage |= PUBKEY_USAGE_NONE;
-     }
-+  else if (p) /* Key flags of length zero.  */
-+    key_usage |= PUBKEY_USAGE_NONE;
- 
-   /* We set PUBKEY_USAGE_UNKNOWN to indicate that this key has a
-      capability that we do not handle.  This serves to distinguish
-      between a zero key usage which we handle as the default
-      capabilities for that algorithm, and a usage that we do not
--     handle. */
-+     handle.  Likewise we use PUBKEY_USAGE_NONE to indicate that
-+     key_flags have been given but they do not specify any usage.  */
- 
-   return key_usage;
- }
-Index: gnupg-2.0.9/include/cipher.h
-===================================================================
---- gnupg-2.0.9.orig/include/cipher.h	2013-09-16 16:51:02.752624501 +0200
-+++ gnupg-2.0.9/include/cipher.h	2013-09-16 16:56:27.028429026 +0200
-@@ -62,6 +62,11 @@
- #define PUBKEY_USAGE_CERT    GCRY_PK_USAGE_CERT  /* Also good to certify keys. */
- #define PUBKEY_USAGE_AUTH    GCRY_PK_USAGE_AUTH  /* Good for authentication. */
- #define PUBKEY_USAGE_UNKNOWN GCRY_PK_USAGE_UNKN  /* Unknown usage flag. */
-+#define PUBKEY_USAGE_NONE    256                 /* No usage given. */
-+#if  (GCRY_PK_USAGE_SIGN | GCRY_PK_USAGE_ENCR | GCRY_PK_USAGE_CERT \
-+      | GCRY_PK_USAGE_AUTH | GCRY_PK_USAGE_UNKN) >= 256
-+# error Please choose another value for PUBKEY_USAGE_NONE
-+#endif
- 
- #define DIGEST_ALGO_MD5       /*  1 */ GCRY_MD_MD5
- #define DIGEST_ALGO_SHA1      /*  2 */ GCRY_MD_SHA1
diff --git a/gpg2.changes b/gpg2.changes
index 1545167..4b061f3 100644
--- a/gpg2.changes
+++ b/gpg2.changes
@@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Sat Oct  5 11:44:42 UTC 2013 - andreas.stieger@gmx.de
+
+- update to 2.0.22 [bnc#844175]
+  * Fixed possible infinite recursion in the compressed packet
+    parser. [CVE-2013-4402]
+  * Improved support for some card readers.
+  * Prepared building with the forthcoming Libgcrypt 1.6.
+  * Protect against rogue keyservers sending secret keys.
+- remove gpg2-CVE-2013-4351.patch, committed upstream
+
 -------------------------------------------------------------------
 Mon Sep 16 11:08:55 UTC 2013 - vcizek@suse.com
 
diff --git a/gpg2.spec b/gpg2.spec
index b44bf64..7361834 100644
--- a/gpg2.spec
+++ b/gpg2.spec
@@ -17,7 +17,7 @@
 
 
 Name:           gpg2
-Version:        2.0.21
+Version:        2.0.22
 Release:        0
 BuildRequires:  automake >= 1.10
 BuildRequires:  expect
@@ -64,7 +64,6 @@ Patch8:         gnupg-set_umask_before_open_outfile.patch
 Patch9:         gnupg-detect_FIPS_mode.patch
 # PATCH-FIX-OPENSUSE coolo@suse.de -- automake 1.13 already includes $SHELL
 Patch10:        gnupg-2.0.20-automake113.diff
-Patch11:        gpg2-CVE-2013-4351.patch
 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
@@ -84,7 +83,6 @@ gpg-agent, and a keybox library.
 %patch8 -p1
 %patch9 -p1
 %patch10 -p1
-%patch11 -p1
 
 %build
 autoreconf -fi