diff --git a/git.spec b/git.spec
index 1098420..caf8df8 100644
--- a/git.spec
+++ b/git.spec
@@ -96,7 +96,7 @@
 #global rcrev   .rc0
 
 Name:           git
-Version:        2.30.1
+Version:        2.30.2
 Release:        1%{?rcrev}%{?dist}
 Summary:        Fast Version Control System
 License:        GPLv2
@@ -113,7 +113,7 @@ Source1:        https://www.kernel.org/pub/software/scm/git/%{?rcrev:testing/}%{
 #
 # https://git.kernel.org/cgit/git/git.git/tag/?h=junio-gpg-pub
 # https://git.kernel.org/cgit/git/git.git/blob/?h=junio-gpg-pub&id=7214aea37915ee2c4f6369eb9dea520aec7d855b
-Source9:        gpgkey-junio.asc
+Source2:        gpgkey-junio.asc
 
 # Local sources begin at 10 to allow for additional future upstream sources
 Source11:       git.xinetd.in
@@ -152,11 +152,12 @@ BuildRequires:  diffutils
 BuildRequires:  emacs-common
 %endif
 # endif emacs-common
-%if 0%{?rhel} == 7
-# Require epel-rpm-macros for the %%build_cflags and %%build_ldflags macros
+%if 0%{?rhel} && 0%{?rhel} < 9
+# Require epel-rpm-macros for the %%gpgverify macro on EL-7/EL-8, and
+# %%build_cflags & %%build_ldflags on EL-7.
 BuildRequires:  epel-rpm-macros
 %endif
-# endif rhel == 7
+# endif rhel < 9
 BuildRequires:  expat-devel
 BuildRequires:  findutils
 BuildRequires:  gawk
@@ -192,6 +193,7 @@ BuildRequires:  systemd
 # endif use_systemd
 BuildRequires:  tcl
 BuildRequires:  tk
+BuildRequires:  xz
 BuildRequires:  zlib-devel >= 1.2
 
 %if %{with tests}
@@ -323,6 +325,7 @@ Requires:       git-credential-libsecret = %{version}-%{release}
 Requires:       git-cvs = %{version}-%{release}
 %endif
 # endif with cvs
+Requires:       git-daemon = %{version}-%{release}
 Requires:       git-email = %{version}-%{release}
 Requires:       git-gui = %{version}-%{release}
 %if %{with p4}
@@ -520,16 +523,8 @@ Requires:       subversion
 
 %prep
 # Verify GPG signatures
-gpghome="$(mktemp -qd)" # Ensure we don't use any existing gpg keyrings
-# Convert the ascii-armored key to binary
-# (use --yes to ensure an existing dearmored key is overwritten)
-gpg2 --homedir "$gpghome" --dearmor --quiet --yes %{SOURCE9}
-xz -dc %{SOURCE0} | # Upstream signs the uncompressed tarballs
-    gpgv2 --homedir "$gpghome" --quiet --keyring %{SOURCE9}.gpg %{SOURCE1} -
-rm -rf "$gpghome" # Cleanup tmp gpg home dir
+xz -dc '%{SOURCE0}' | %{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data=-
 
-# Ensure a blank line follows autosetup, el6 chokes otherwise
-# https://bugzilla.redhat.com/1310704
 %autosetup -p1 -n %{name}-%{version}%{?rcrev}
 
 # Install print-failed-test-output script
@@ -883,16 +878,6 @@ GIT_SKIP_TESTS="$GIT_SKIP_TESTS t9115"
 %endif
 # endif %%{power64}
 
-%ifarch s390x
-# Skip tests which fail on s390x
-#
-# t7812-grep-icase-non-ascii's "PCRE v2: grep non-ASCII from invalid UTF-8
-# data" test fails on big-endian arches.  This is known upstream and will
-# hopefully be resolved soon (2019/10/24, tmz)
-GIT_SKIP_TESTS="$GIT_SKIP_TESTS t7812.11"
-%endif
-# endif s390x
-
 export GIT_SKIP_TESTS
 
 # Set LANG so various UTF-8 tests are run
@@ -1085,6 +1070,22 @@ rmdir --ignore-fail-on-non-empty "$testdir"
 %{?with_docs:%{_pkgdocdir}/git-svn.html}
 
 %changelog
+* Tue Mar 09 2021 Todd Zullinger <tmz@pobox.com> - 2.30.2-1
+- update to 2.30.2 (CVE-2021-21300)
+
+* Tue Mar 02 2021 Todd Zullinger <tmz@pobox.com> - 2.30.1-3
+- use %%{gpgverify} macro to verify tarball signature
+
+* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2.30.1-2.1
+- Rebuilt for updated systemd-rpm-macros
+  See https://pagure.io/fesco/issue/2583.
+
+* Thu Feb 18 2021 Ondřej Pohořelský <opohorel@redhat.com - 2.30.1-2
+- include git-daemon in git-all meta-package
+
+* Thu Feb 18 2021 Todd Zullinger <tmz@pobox.com>
+- re-enable t7812-grep-icase-non-ascii on s390x
+
 * Tue Feb 09 2021 Todd Zullinger <tmz@pobox.com> - 2.30.1-1
 - update to 2.30.1
 
diff --git a/sources b/sources
index 8265a5c..de8021b 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (git-2.30.1.tar.xz) = b3567d251c73807857f05f46cae3acb4e0d876590d122229c05509d5eb17fc3eee0ba97a1b2068070b399085f7a92aa2493c4833b98f65b8ef15fc279798caa3
-SHA512 (git-2.30.1.tar.sign) = 74f03e9b38fb33cfc8bf8d17ac108c769663acfd4b72c5fade4410b06b6c7c29479a82f58409ba780468f56e0ce24bc86f118e7f31060941067c34f02778f6e2
+SHA512 (git-2.30.2.tar.xz) = 4f7e1c30f8eee849d1febeda872d56c60c5d051a31726505a4c7bab11b274d3a2ab5588f910b7b49c5c0ec5228a18457f705c7b66e8bbdf809d3c75c59032b7e
+SHA512 (git-2.30.2.tar.sign) = 36aed3ddda7d60899970c63da7afd5e64a27d1a0998aaeabfcdb8f3865b5629f8b9b039cd3b23532d358b995bd700dfbe0624c48568ac102763498a1fc409b0c