diff --git a/.gitignore b/.gitignore
index ba494e6..10bfc66 100644
--- a/.gitignore
+++ b/.gitignore
@@ -34,3 +34,5 @@ gnupg-2.0.16.tar.bz2.sig
 /gnupg-2.1.8.tar.bz2.sig
 /gnupg-2.1.9.tar.bz2
 /gnupg-2.1.9.tar.bz2.sig
+/gnupg-2.1.10.tar.bz2
+/gnupg-2.1.10.tar.bz2.sig
diff --git a/gnupg-2.0.20-secmem.patch b/gnupg-2.0.20-secmem.patch
deleted file mode 100644
index 9b115d6..0000000
--- a/gnupg-2.0.20-secmem.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-diff -up gnupg-2.0.20/g10/gpg.c.secmem gnupg-2.0.20/g10/gpg.c
---- gnupg-2.0.20/g10/gpg.c.secmem	2013-05-10 14:55:46.000000000 +0200
-+++ gnupg-2.0.20/g10/gpg.c	2013-05-15 14:13:50.989541530 +0200
-@@ -794,7 +794,7 @@ make_libversion (const char *libname, co
- 
-   if (maybe_setuid)
-     {
--      gcry_control (GCRYCTL_INIT_SECMEM, 0, 0);  /* Drop setuid. */
-+      gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0);  /* Drop setuid. */
-       maybe_setuid = 0;
-     }
-   s = getfnc (NULL);
-@@ -898,7 +898,7 @@ build_list (const char *text, char lette
-   char *string;
- 
-   if (maybe_setuid)
--    gcry_control (GCRYCTL_INIT_SECMEM, 0, 0);  /* Drop setuid. */
-+    gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0);  /* Drop setuid. */
- 
-   indent = utf8_charcount (text);
-   len = 0;
-diff -up gnupg-2.0.20/sm/gpgsm.c.secmem gnupg-2.0.20/sm/gpgsm.c
---- gnupg-2.0.20/sm/gpgsm.c.secmem	2013-05-10 14:55:49.000000000 +0200
-+++ gnupg-2.0.20/sm/gpgsm.c	2013-05-15 14:11:18.819249598 +0200
-@@ -493,7 +493,7 @@ make_libversion (const char *libname, co
- 
-   if (maybe_setuid)
-     {
--      gcry_control (GCRYCTL_INIT_SECMEM, 0, 0);  /* Drop setuid. */
-+      gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0);  /* Drop setuid. */
-       maybe_setuid = 0;
-     }
-   s = getfnc (NULL);
diff --git a/gnupg-2.1.10-build.patch b/gnupg-2.1.10-build.patch
new file mode 100644
index 0000000..3252b90
--- /dev/null
+++ b/gnupg-2.1.10-build.patch
@@ -0,0 +1,56 @@
+diff -up gnupg-2.1.10/dirmngr/Makefile.am.build gnupg-2.1.10/dirmngr/Makefile.am
+--- gnupg-2.1.10/dirmngr/Makefile.am.build	2015-11-30 17:39:52.000000000 +0100
++++ gnupg-2.1.10/dirmngr/Makefile.am	2015-12-07 16:14:06.865576290 +0100
+@@ -131,7 +131,7 @@ endif
+ t_http_SOURCES = t-http.c http.c dns-stuff.c
+ t_http_CFLAGS  = -DWITHOUT_NPTH=1 \
+ 	         $(LIBGCRYPT_CFLAGS) $(NTBTLS_CFLAGS) $(LIBGNUTLS_CFLAGS) \
+-                 $(GPG_ERROR_CFLAGS)
++                 $(GPG_ERROR_CFLAGS) $(LIBASSUAN_CFLAGS)
+ t_http_LDADD   = $(t_common_ldadd) \
+ 	         $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(DNSLIBS)
+ 
+@@ -139,7 +139,7 @@ t_ldap_parse_uri_SOURCES = \
+ 	t-ldap-parse-uri.c ldap-parse-uri.c ldap-parse-uri.h \
+         http.c dns-stuff.c \
+         $(ldap_url) $(t_common_src)
+-t_ldap_parse_uri_CFLAGS = -DWITHOUT_NPTH=1
++t_ldap_parse_uri_CFLAGS = -DWITHOUT_NPTH=1 $(LIBASSUAN_CFLAGS)
+ t_ldap_parse_uri_LDADD = $(ldaplibs) $(t_common_ldadd) $(DNSLIBS)
+ 
+ t_dns_stuff_CFLAGS = -DWITHOUT_NPTH=1
+diff -up gnupg-2.1.10/dirmngr/Makefile.in.build gnupg-2.1.10/dirmngr/Makefile.in
+--- gnupg-2.1.10/dirmngr/Makefile.in.build	2015-12-04 10:57:05.000000000 +0100
++++ gnupg-2.1.10/dirmngr/Makefile.in	2015-12-07 16:14:06.866576314 +0100
+@@ -608,7 +608,7 @@ module_tests = t-dns-stuff $(am__append_
+ t_http_SOURCES = t-http.c http.c dns-stuff.c
+ t_http_CFLAGS = -DWITHOUT_NPTH=1 \
+ 	         $(LIBGCRYPT_CFLAGS) $(NTBTLS_CFLAGS) $(LIBGNUTLS_CFLAGS) \
+-                 $(GPG_ERROR_CFLAGS)
++                 $(GPG_ERROR_CFLAGS) $(LIBASSUAN_CFLAGS)
+ 
+ t_http_LDADD = $(t_common_ldadd) \
+ 	         $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(DNSLIBS)
+@@ -618,7 +618,7 @@ t_ldap_parse_uri_SOURCES = \
+         http.c dns-stuff.c \
+         $(ldap_url) $(t_common_src)
+ 
+-t_ldap_parse_uri_CFLAGS = -DWITHOUT_NPTH=1
++t_ldap_parse_uri_CFLAGS = -DWITHOUT_NPTH=1 $(LIBASSUAN_CFLAGS)
+ t_ldap_parse_uri_LDADD = $(ldaplibs) $(t_common_ldadd) $(DNSLIBS)
+ t_dns_stuff_CFLAGS = -DWITHOUT_NPTH=1
+ t_dns_stuff_SOURCES = t-dns-stuff.c dns-stuff.c
+diff -up gnupg-2.1.10/tests/openpgp/gpgtar.test.build gnupg-2.1.10/tests/openpgp/gpgtar.test
+--- gnupg-2.1.10/tests/openpgp/gpgtar.test.build	2015-11-30 17:39:52.000000000 +0100
++++ gnupg-2.1.10/tests/openpgp/gpgtar.test	2015-12-07 16:29:25.625224112 +0100
+@@ -30,6 +30,10 @@ GPGARGS="--trust-model=always"
+ GPGTAR="../../tools/gpgtar"
+ GPGZIP="sh ../../tools/gpg-zip"
+ 
++if [ ! -f "$GPGTAR" ] ; then
++    exit 77
++fi
++
+ for TOOL in "$GPGTAR" "$GPGZIP"
+ do
+     rm -rf -- "${TESTDIR}"
diff --git a/gnupg-2.1.10-file-is-digest.patch b/gnupg-2.1.10-file-is-digest.patch
new file mode 100644
index 0000000..ed2bb6c
--- /dev/null
+++ b/gnupg-2.1.10-file-is-digest.patch
@@ -0,0 +1,183 @@
+diff -up gnupg-2.1.10/g10/gpg.c.file-is-digest gnupg-2.1.10/g10/gpg.c
+--- gnupg-2.1.10/g10/gpg.c.file-is-digest	2015-12-07 15:34:19.552188024 +0100
++++ gnupg-2.1.10/g10/gpg.c	2015-12-07 15:36:56.977904083 +0100
+@@ -355,6 +355,7 @@ enum cmd_and_opt_values
+     oTTYtype,
+     oLCctype,
+     oLCmessages,
++    oFileIsDigest,
+     oXauthority,
+     oGroup,
+     oUnGroup,
+@@ -754,6 +755,7 @@ static ARGPARSE_OPTS opts[] = {
+   ARGPARSE_s_s (oPersonalCompressPreferences,
+                                          "personal-compress-preferences", "@"),
+   ARGPARSE_s_s (oFakedSystemTime, "faked-system-time", "@"),
++  ARGPARSE_s_n (oFileIsDigest, "file-is-digest", "@"),
+   ARGPARSE_s_s (oWeakDigest, "weak-digest","@"),
+   ARGPARSE_s_n (oUnwrap, "unwrap", "@"),
+   ARGPARSE_s_n (oOnlySignTextIDs, "only-sign-text-ids", "@"),
+@@ -2484,6 +2486,7 @@ main (int argc, char **argv)
+     set_homedir (default_homedir ());
+     opt.passphrase_repeat = 1;
+     opt.emit_version = 1; /* Limit to the major number.  */
++    opt.file_is_digest=0;
+     opt.weak_digests = NULL;
+     additional_weak_digest("MD5");
+ 
+@@ -3022,6 +3025,7 @@ main (int argc, char **argv)
+ 	    opt.verify_options&=~VERIFY_SHOW_PHOTOS;
+ 	    break;
+ 	  case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break;
++	  case oFileIsDigest: opt.file_is_digest = 1; break;
+ 
+ 	  case oForceMDC: opt.force_mdc = 1; break;
+ 	  case oNoForceMDC: opt.force_mdc = 0; break;
+diff -up gnupg-2.1.10/g10/options.h.file-is-digest gnupg-2.1.10/g10/options.h
+--- gnupg-2.1.10/g10/options.h.file-is-digest	2015-11-30 17:39:52.000000000 +0100
++++ gnupg-2.1.10/g10/options.h	2015-12-07 15:34:19.555188095 +0100
+@@ -205,6 +205,7 @@ struct
+   int no_auto_check_trustdb;
+   int preserve_permissions;
+   int no_homedir_creation;
++  int file_is_digest;
+   struct groupitem *grouplist;
+   int mangle_dos_filenames;
+   int enable_progress_filter;
+diff -up gnupg-2.1.10/g10/sign.c.file-is-digest gnupg-2.1.10/g10/sign.c
+--- gnupg-2.1.10/g10/sign.c.file-is-digest	2015-11-30 17:39:52.000000000 +0100
++++ gnupg-2.1.10/g10/sign.c	2015-12-07 15:34:19.555188095 +0100
+@@ -41,6 +41,7 @@
+ #include "pkglue.h"
+ #include "sysutils.h"
+ #include "call-agent.h"
++#include "host2net.h"
+ 
+ 
+ #ifdef HAVE_DOSISH_SYSTEM
+@@ -681,8 +682,12 @@ write_signature_packets (SK_LIST sk_list
+           mk_notation_policy_etc (sig, NULL, pk);
+         }
+ 
+-      hash_sigversion_to_magic (md, sig);
+-      gcry_md_final (md);
++      if (!opt.file_is_digest) {
++	hash_sigversion_to_magic (md, sig);
++	gcry_md_final (md);
++      } else if (sig->version >= 4) {
++	log_bug("file-is-digest doesn't work with v4 sigs\n");
++      }
+ 
+       rc = do_sign (pk, sig, md, hash_for (pk), cache_nonce);
+       gcry_md_close (md);
+@@ -740,6 +745,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
+     SK_LIST sk_rover = NULL;
+     int multifile = 0;
+     u32 duration=0;
++    int sigclass = 0x00;
++    u32 timestamp = 0;
+ 
+     pfx = new_progress_context ();
+     afx = new_armor_context ();
+@@ -756,7 +763,16 @@ sign_file (ctrl_t ctrl, strlist_t filena
+ 	fname = NULL;
+ 
+     if( fname && filenames->next && (!detached || encryptflag) )
+-	log_bug("multiple files can only be detached signed");
++	log_bug("multiple files can only be detached signed\n");
++
++    if (opt.file_is_digest && (multifile || !fname))
++	log_bug("file-is-digest only works with one file\n");
++    if (opt.file_is_digest && !detached)
++	log_bug("file-is-digest can only write detached signatures\n");
++    if (opt.file_is_digest && !opt.def_digest_algo)
++	log_bug("file-is-digest needs --digest-algo\n");
++    if (opt.file_is_digest && opt.textmode)
++	log_bug("file-is-digest doesn't work with --textmode\n");
+ 
+     if(encryptflag==2
+        && (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek)))
+@@ -777,7 +793,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
+       goto leave;
+ 
+     /* prepare iobufs */
+-    if( multifile )  /* have list of filenames */
++    if( multifile || opt.file_is_digest)  /* have list of filenames */
+ 	inp = NULL; /* we do it later */
+     else {
+       inp = iobuf_open(fname);
+@@ -915,7 +931,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
+     for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next)
+       gcry_md_enable (mfx.md, hash_for (sk_rover->pk));
+ 
+-    if( !multifile )
++    if( !multifile && !opt.file_is_digest )
+ 	iobuf_push_filter( inp, md_filter, &mfx );
+ 
+     if( detached && !encryptflag)
+@@ -970,6 +986,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
+ 
+     write_status_begin_signing (mfx.md);
+ 
++    sigclass = opt.textmode && !outfile? 0x01 : 0x00;
++
+     /* Setup the inner packet. */
+     if( detached ) {
+ 	if( multifile ) {
+@@ -1010,6 +1028,45 @@ sign_file (ctrl_t ctrl, strlist_t filena
+ 	    if( opt.verbose )
+               log_printf ("\n");
+ 	}
++	else if (opt.file_is_digest) {
++	    byte *mdb, ts[5];
++	    size_t mdlen;
++	    const char *fp;
++	    int c, d;
++
++	    gcry_md_final(mfx.md);
++	    /* this assumes gcry_md_read returns the same buffer */
++	    mdb = gcry_md_read(mfx.md, opt.def_digest_algo);
++		mdlen = gcry_md_get_algo_dlen(opt.def_digest_algo);
++	    if (strlen(fname) != mdlen * 2 + 11)
++	        log_bug("digests must be %zu + @ + 5 bytes\n", mdlen);
++	    d = -1;
++	    for (fp = fname ; *fp; ) {
++		c = *fp++;
++		if (c >= '0' && c <= '9')
++		    c -= '0';
++		else if (c >= 'a' && c <= 'f')
++		    c -= 'a' - 10;
++		else if (c >= 'A' && c <= 'F')
++		    c -= 'A' - 10;
++		else
++		    log_bug("filename is not hex\n");
++		if (d >= 0) {
++		    *mdb++ = d << 4 | c;
++		    c = -1;
++		    if (--mdlen == 0) {
++			mdb = ts;
++			if (*fp++ != '@')
++			    log_bug("missing time separator\n");
++		    }
++		}
++		d = c;
++	    }
++	    sigclass = ts[0];
++	    if (sigclass != 0x00 && sigclass != 0x01)
++		log_bug("bad cipher class\n");
++	    timestamp = buf32_to_u32(ts + 1);
++	}
+ 	else {
+ 	    /* read, so that the filter can calculate the digest */
+ 	    while( iobuf_get(inp) != -1 )
+@@ -1027,8 +1084,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
+ 
+     /* write the signatures */
+     rc = write_signature_packets (sk_list, out, mfx.md,
+-                                  opt.textmode && !outfile? 0x01 : 0x00,
+-				  0, duration, detached ? 'D':'S', NULL);
++                                  sigclass,
++				  timestamp, duration, detached ? 'D':'S', NULL);
+     if( rc )
+         goto leave;
+ 
diff --git a/gnupg-2.1.10-secmem.patch b/gnupg-2.1.10-secmem.patch
new file mode 100644
index 0000000..e263509
--- /dev/null
+++ b/gnupg-2.1.10-secmem.patch
@@ -0,0 +1,33 @@
+diff -up gnupg-2.1.10/g10/gpg.c.secmem gnupg-2.1.10/g10/gpg.c
+--- gnupg-2.1.10/g10/gpg.c.secmem	2015-12-04 10:53:27.000000000 +0100
++++ gnupg-2.1.10/g10/gpg.c	2015-12-07 15:32:38.922812652 +0100
+@@ -889,7 +889,7 @@ make_libversion (const char *libname, co
+ 
+   if (maybe_setuid)
+     {
+-      gcry_control (GCRYCTL_INIT_SECMEM, 0, 0);  /* Drop setuid. */
++      gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0);  /* Drop setuid. */
+       maybe_setuid = 0;
+     }
+   s = getfnc (NULL);
+@@ -1041,7 +1041,7 @@ build_list (const char *text, char lette
+   char *string;
+ 
+   if (maybe_setuid)
+-    gcry_control (GCRYCTL_INIT_SECMEM, 0, 0);  /* Drop setuid. */
++    gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0);  /* Drop setuid. */
+ 
+   indent = utf8_charcount (text, -1);
+   len = 0;
+diff -up gnupg-2.1.10/sm/gpgsm.c.secmem gnupg-2.1.10/sm/gpgsm.c
+--- gnupg-2.1.10/sm/gpgsm.c.secmem	2015-11-30 17:39:52.000000000 +0100
++++ gnupg-2.1.10/sm/gpgsm.c	2015-12-07 15:31:17.226884207 +0100
+@@ -530,7 +530,7 @@ make_libversion (const char *libname, co
+ 
+   if (maybe_setuid)
+     {
+-      gcry_control (GCRYCTL_INIT_SECMEM, 0, 0);  /* Drop setuid. */
++      gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0);  /* Drop setuid. */
+       maybe_setuid = 0;
+     }
+   s = getfnc (NULL);
diff --git a/gnupg-2.1.3-file-is-digest.patch b/gnupg-2.1.3-file-is-digest.patch
deleted file mode 100644
index fb4e34f..0000000
--- a/gnupg-2.1.3-file-is-digest.patch
+++ /dev/null
@@ -1,183 +0,0 @@
-diff -up gnupg-2.1.3/g10/gpg.c.file-is-digest gnupg-2.1.3/g10/gpg.c
---- gnupg-2.1.3/g10/gpg.c.file-is-digest	2015-04-16 17:54:20.327168135 +0200
-+++ gnupg-2.1.3/g10/gpg.c	2015-04-16 17:54:20.330168205 +0200
-@@ -352,6 +352,7 @@ enum cmd_and_opt_values
-     oTTYtype,
-     oLCctype,
-     oLCmessages,
-+    oFileIsDigest,
-     oXauthority,
-     oGroup,
-     oUnGroup,
-@@ -738,6 +739,7 @@ static ARGPARSE_OPTS opts[] = {
-   ARGPARSE_s_s (oPersonalCompressPreferences,
-                                          "personal-compress-preferences", "@"),
-   ARGPARSE_s_s (oFakedSystemTime, "faked-system-time", "@"),
-+  ARGPARSE_s_n (oFileIsDigest, "file-is-digest", "@"),
- 
-   /* Aliases.  I constantly mistype these, and assume other people do
-      as well. */
-@@ -2149,6 +2151,7 @@ main (int argc, char **argv)
-     set_homedir (default_homedir ());
-     opt.passphrase_repeat = 1;
-     opt.emit_version = 1; /* Limit to the major number.  */
-+    opt.file_is_digest=0;
- 
-     /* Check whether we have a config file on the command line.  */
-     orig_argc = argc;
-@@ -2661,6 +2664,7 @@ main (int argc, char **argv)
- 	    opt.verify_options&=~VERIFY_SHOW_PHOTOS;
- 	    break;
- 	  case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break;
-+	  case oFileIsDigest: opt.file_is_digest = 1; break;
- 
- 	  case oForceMDC: opt.force_mdc = 1; break;
- 	  case oNoForceMDC: opt.force_mdc = 0; break;
-diff -up gnupg-2.1.3/g10/options.h.file-is-digest gnupg-2.1.3/g10/options.h
---- gnupg-2.1.3/g10/options.h.file-is-digest	2015-04-06 13:41:53.000000000 +0200
-+++ gnupg-2.1.3/g10/options.h	2015-04-16 17:54:20.330168205 +0200
-@@ -194,6 +194,7 @@ struct
-   int no_auto_check_trustdb;
-   int preserve_permissions;
-   int no_homedir_creation;
-+  int file_is_digest;
-   struct groupitem *grouplist;
-   int mangle_dos_filenames;
-   int enable_progress_filter;
-diff -up gnupg-2.1.3/g10/sign.c.file-is-digest gnupg-2.1.3/g10/sign.c
---- gnupg-2.1.3/g10/sign.c.file-is-digest	2015-04-05 19:43:32.000000000 +0200
-+++ gnupg-2.1.3/g10/sign.c	2015-04-16 17:56:08.764693096 +0200
-@@ -41,6 +41,7 @@
- #include "pkglue.h"
- #include "sysutils.h"
- #include "call-agent.h"
-+#include "host2net.h"
- 
- 
- #ifdef HAVE_DOSISH_SYSTEM
-@@ -706,8 +707,12 @@ write_signature_packets (SK_LIST sk_list
-           mk_notation_policy_etc (sig, NULL, pk);
-         }
- 
--      hash_sigversion_to_magic (md, sig);
--      gcry_md_final (md);
-+      if (!opt.file_is_digest) {
-+	hash_sigversion_to_magic (md, sig);
-+	gcry_md_final (md);
-+      } else if (sig->version >= 4) {
-+	log_bug("file-is-digest doesn't work with v4 sigs\n");
-+      }
- 
-       rc = do_sign (pk, sig, md, hash_for (pk), cache_nonce);
-       gcry_md_close (md);
-@@ -765,6 +770,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
-     SK_LIST sk_rover = NULL;
-     int multifile = 0;
-     u32 duration=0;
-+    int sigclass = 0x00;
-+    u32 timestamp = 0;
- 
-     pfx = new_progress_context ();
-     afx = new_armor_context ();
-@@ -781,7 +788,16 @@ sign_file (ctrl_t ctrl, strlist_t filena
- 	fname = NULL;
- 
-     if( fname && filenames->next && (!detached || encryptflag) )
--	log_bug("multiple files can only be detached signed");
-+	log_bug("multiple files can only be detached signed\n");
-+
-+    if (opt.file_is_digest && (multifile || !fname))
-+	log_bug("file-is-digest only works with one file\n");
-+    if (opt.file_is_digest && !detached)
-+	log_bug("file-is-digest can only write detached signatures\n");
-+    if (opt.file_is_digest && !opt.def_digest_algo)
-+	log_bug("file-is-digest needs --digest-algo\n");
-+    if (opt.file_is_digest && opt.textmode)
-+	log_bug("file-is-digest doesn't work with --textmode\n");
- 
-     if(encryptflag==2
-        && (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek)))
-@@ -802,7 +818,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
-       goto leave;
- 
-     /* prepare iobufs */
--    if( multifile )  /* have list of filenames */
-+    if( multifile || opt.file_is_digest)  /* have list of filenames */
- 	inp = NULL; /* we do it later */
-     else {
-       inp = iobuf_open(fname);
-@@ -940,7 +956,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
-     for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next)
-       gcry_md_enable (mfx.md, hash_for (sk_rover->pk));
- 
--    if( !multifile )
-+    if( !multifile && !opt.file_is_digest )
- 	iobuf_push_filter( inp, md_filter, &mfx );
- 
-     if( detached && !encryptflag)
-@@ -995,6 +1011,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
- 
-     write_status_begin_signing (mfx.md);
- 
-+    sigclass = opt.textmode && !outfile? 0x01 : 0x00;
-+
-     /* Setup the inner packet. */
-     if( detached ) {
- 	if( multifile ) {
-@@ -1035,6 +1053,45 @@ sign_file (ctrl_t ctrl, strlist_t filena
- 	    if( opt.verbose )
-               log_printf ("\n");
- 	}
-+	else if (opt.file_is_digest) {
-+	    byte *mdb, ts[5];
-+	    size_t mdlen;
-+	    const char *fp;
-+	    int c, d;
-+
-+	    gcry_md_final(mfx.md);
-+	    /* this assumes gcry_md_read returns the same buffer */
-+	    mdb = gcry_md_read(mfx.md, opt.def_digest_algo);
-+		mdlen = gcry_md_get_algo_dlen(opt.def_digest_algo);
-+	    if (strlen(fname) != mdlen * 2 + 11)
-+	        log_bug("digests must be %zu + @ + 5 bytes\n", mdlen);
-+	    d = -1;
-+	    for (fp = fname ; *fp; ) {
-+		c = *fp++;
-+		if (c >= '0' && c <= '9')
-+		    c -= '0';
-+		else if (c >= 'a' && c <= 'f')
-+		    c -= 'a' - 10;
-+		else if (c >= 'A' && c <= 'F')
-+		    c -= 'A' - 10;
-+		else
-+		    log_bug("filename is not hex\n");
-+		if (d >= 0) {
-+		    *mdb++ = d << 4 | c;
-+		    c = -1;
-+		    if (--mdlen == 0) {
-+			mdb = ts;
-+			if (*fp++ != '@')
-+			    log_bug("missing time separator\n");
-+		    }
-+		}
-+		d = c;
-+	    }
-+	    sigclass = ts[0];
-+	    if (sigclass != 0x00 && sigclass != 0x01)
-+		log_bug("bad cipher class\n");
-+	    timestamp = buf32_to_u32(ts + 1);
-+	}
- 	else {
- 	    /* read, so that the filter can calculate the digest */
- 	    while( iobuf_get(inp) != -1 )
-@@ -1052,8 +1109,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
- 
-     /* write the signatures */
-     rc = write_signature_packets (sk_list, out, mfx.md,
--                                  opt.textmode && !outfile? 0x01 : 0x00,
--				  0, duration, detached ? 'D':'S', NULL);
-+                                  sigclass,
-+				  timestamp, duration, detached ? 'D':'S', NULL);
-     if( rc )
-         goto leave;
- 
diff --git a/gnupg2.spec b/gnupg2.spec
index 5a61c00..906fdce 100644
--- a/gnupg2.spec
+++ b/gnupg2.spec
@@ -1,6 +1,6 @@
 Summary: Utility for secure communication and data storage
 Name:    gnupg2
-Version: 2.1.9
+Version: 2.1.10
 Release: 1%{?dist}
 
 License: GPLv3+
@@ -10,11 +10,13 @@ Source1: ftp://ftp.gnupg.org/gcrypt/%{?pre:alpha/}gnupg/gnupg-%{version}%{?pre}.
 # svn export svn://cvs.gnupg.org/gnupg/trunk gnupg2; tar cjf gnupg-<date>svn.tar.bz2 gnupg2
 #Source0: gnupg2-20090809svn.tar.bz2
 Patch1:  gnupg-2.0.20-insttools.patch
-Patch3:  gnupg-2.0.20-secmem.patch
+# needed for compatibility with system FIPS mode
+Patch3:  gnupg-2.1.10-secmem.patch
 # non-upstreamable patch adding file-is-digest option needed for Copr
-Patch4:  gnupg-2.1.3-file-is-digest.patch
+Patch4:  gnupg-2.1.10-file-is-digest.patch
 Patch5:  gnupg-2.1.1-ocsp-keyusage.patch
 Patch6:  gnupg-2.1.1-fips-algo.patch
+Patch7:  gnupg-2.1.10-build.patch
 
 URL:     http://www.gnupg.org/
 
@@ -34,6 +36,8 @@ BuildRequires: npth-devel
 BuildRequires: readline-devel ncurses-devel
 BuildRequires: zlib-devel
 BuildRequires: gnutls-devel
+BuildRequires: sqlite-devel
+BuildRequires: fuse
 
 Requires(post): /sbin/install-info
 Requires(postun): /sbin/install-info
@@ -85,6 +89,7 @@ to the base GnuPG package
 %patch4 -p1 -b .file-is-digest
 %patch5 -p1 -b .keyusage
 %patch6 -p1 -b .fips
+%patch7 -p1 -b .build
 
 # pcsc-lite library major: 0 in 1.2.0, 1 in 1.2.9+ (dlopen()'d in pcsc-wrapper)
 # Note: this is just the name of the default shared lib to load in scdaemon,
@@ -99,6 +104,7 @@ sed -i -e 's/"libpcsclite\.so"/"%{pcsclib}"/' scd/scdaemon.c
 %configure \
   --disable-rpath \
   --disable-gpgtar \
+  --enable-g13 \
   --enable-standard-socket
 
 # need scratch gpg database for tests
@@ -207,6 +213,9 @@ fi
 
 
 %changelog
+* Mon Dec  7 2015 Tomáš Mráz <tmraz@redhat.com> - 2.1.10-1
+- upgrade to 2.1.10
+
 * Mon Oct 12 2015 Tomáš Mráz <tmraz@redhat.com> - 2.1.9-1
 - upgrade to 2.1.9
 
diff --git a/sources b/sources
index 1a9799e..df46e80 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-0aabfec527b4b0b11a823c8a8ef9a9ab  gnupg-2.1.9.tar.bz2
-47c2222a4c9ac1e424fedcc76d9e8e70  gnupg-2.1.9.tar.bz2.sig
+f0a7cb09fe119f8b82eba7efecd27dc0  gnupg-2.1.10.tar.bz2
+a57f611b9393e20cc40af6959d3e1084  gnupg-2.1.10.tar.bz2.sig