diff --git a/gnupg-2.2.20.tar.bz2 b/gnupg-2.2.20.tar.bz2
deleted file mode 100644
index a1c9c43..0000000
--- a/gnupg-2.2.20.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:04a7c9d48b74c399168ee8270e548588ddbe52218c337703d7f06373d326ca30
-size 6786913
diff --git a/gnupg-2.2.20.tar.bz2.sig b/gnupg-2.2.20.tar.bz2.sig
deleted file mode 100644
index 2f2868c..0000000
Binary files a/gnupg-2.2.20.tar.bz2.sig and /dev/null differ
diff --git a/gnupg-2.2.21.tar.bz2 b/gnupg-2.2.21.tar.bz2
new file mode 100644
index 0000000..2153d1d
--- /dev/null
+++ b/gnupg-2.2.21.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:61e83278fb5fa7336658a8b73ab26f379d41275bb1c7c6e694dd9f9a6e8e76ec
+size 6813160
diff --git a/gnupg-2.2.21.tar.bz2.sig b/gnupg-2.2.21.tar.bz2.sig
new file mode 100644
index 0000000..6066e3d
Binary files /dev/null and b/gnupg-2.2.21.tar.bz2.sig differ
diff --git a/gnupg-gpgme-t-encrypt-sym.patch b/gnupg-gpgme-t-encrypt-sym.patch
new file mode 100644
index 0000000..4cf0601
--- /dev/null
+++ b/gnupg-gpgme-t-encrypt-sym.patch
@@ -0,0 +1,21 @@
+Index: gnupg-2.2.21/agent/command.c
+===================================================================
+--- gnupg-2.2.21.orig/agent/command.c
++++ gnupg-2.2.21/agent/command.c
+@@ -1595,11 +1595,14 @@ cmd_get_passphrase (assuan_context_t ctx
+               pi2->failed_tries = 0;
+               continue;
+             }
+-          if (*pi->pin && !pi->repeat_okay)
++          if (*pi->pin && !pi->repeat_okay
++              && ctrl->pinentry_mode != PINENTRY_MODE_LOOPBACK)
+             {
+               /* The passphrase is empty and the pinentry did not
+                * already run the repetition check, do it here.  This
+-               * is only called when using an old and  simple pinentry. */
++               * is only called when using an old and simple pinentry.
++               * It is neither called in loopback mode because the
++               * caller does any passphrase repetition by herself. */
+               xfree (response);
+               response = NULL;
+               rc = agent_get_passphrase (ctrl, &response,
diff --git a/gpg2.changes b/gpg2.changes
index adae416..41306de 100644
--- a/gpg2.changes
+++ b/gpg2.changes
@@ -1,3 +1,37 @@
+-------------------------------------------------------------------
+Tue Jul 14 10:22:22 UTC 2020 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
+
+- Fix regression in latest gpg2 that makes gpgme fail to build [bsc#1174007]
+- Add gnupg-gpgme-t-encrypt-sym.patch
+
+-------------------------------------------------------------------
+Thu Jul  9 11:36:57 UTC 2020 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- GnuPG 2.2.21:
+  * gpg: Improve symmetric decryption speed by about 25%
+  * gpg: Support decryption of AEAD encrypted data packets
+  * gpg: Add option --no-include-key-block
+  * gpg: Allow for extra padding in ECDH
+  * gpg: Only a single pinentry is shown for symmetric encryption if
+    the pinentry supports this
+  * gpg: Print a note if no keys are given to --delete-key
+  * gpg,gpgsm: The ridiculous passphrase quality bar is not anymore
+    shown
+  * gpgsm: Certificates without a CRL distribution point are now
+    considered valid without looking up a CRL. The new option
+    --enable-issuer-based-crl-check can be used to revert to the
+    former behaviour
+  * gpgsm: Support rsaPSS signature verification
+  * gpgsm: Unless CRL checking is disabled lookup a missing issuer
+    certificate using the certificate's authorityInfoAccess
+  * gpgsm: Print the certificate's serial number also in decimal
+    notation
+  * gpgsm: Fix possible NULL-deref in messages of --gen-key
+  * scd: Support the CardOS 5 based D-Trust Card 3.1
+  * dirmngr: Allow http URLs with "LOOKUP --url"
+  * wkd: Take name of sendmail from configure. Fixes an OpenBSD
+    specific bug
+
 -------------------------------------------------------------------
 Thu Apr 30 13:59:33 UTC 2020 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
 
diff --git a/gpg2.spec b/gpg2.spec
index bfdd1fe..ff9d6ff 100644
--- a/gpg2.spec
+++ b/gpg2.spec
@@ -17,7 +17,7 @@
 
 
 Name:           gpg2
-Version:        2.2.20
+Version:        2.2.21
 Release:        0
 Summary:        File encryption, decryption, signature creation and verification utility
 License:        GPL-3.0-or-later
@@ -40,6 +40,8 @@ Patch13:        gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_duri
 Patch14:        gnupg-add-test-cases-for-import-without-uid.patch
 Patch15:        gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch
 Patch1124847:   gnupg-gpg-agent-ulimit.patch
+# PATCH-FIX-UPSTREAM bsc#1174007 gpgme: Fails to build with latest gpg-2.2.21
+Patch16:        gnupg-gpgme-t-encrypt-sym.patch
 BuildRequires:  expect
 BuildRequires:  fdupes
 BuildRequires:  libassuan-devel >= 2.5.0
@@ -105,6 +107,7 @@ gpgsm, or via the gpg-connect-agent tool.
 %patch13 -p1
 %patch14 -p1
 %patch15 -p1
+%patch16 -p1
 touch -d 2018-05-04 doc/gpg.texi # to compensate for patch11 in order to not have man pages and info files have the build date (boo#1047218)
 
 %build