diff --git a/gnupg2-yk5.patch b/gnupg2-yk5.patch
deleted file mode 100644
index 2b5cc17..0000000
--- a/gnupg2-yk5.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-From f34b9147eb3070bce80d53febaa564164cd6c977 Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <gniibe@fsij.org>
-Date: Wed, 13 Jul 2022 10:40:55 +0900
-Subject: [PATCH GnuPG] scd:openpgp: Fix workaround for Yubikey heuristics.
-
-* scd/app-openpgp.c (parse_algorithm_attribute): Handle the case
-of firmware 5.4, too.
-
---
-
-GnuPG-bug-id: 6070
-Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
----
- scd/app-openpgp.c | 29 +++++++++++++++++++++--------
- 1 file changed, 21 insertions(+), 8 deletions(-)
-
-diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
-index 8bb346a86..4667416df 100644
---- a/scd/app-openpgp.c
-+++ b/scd/app-openpgp.c
-@@ -6259,15 +6259,28 @@ parse_algorithm_attribute (app_t app, int keyno)
-       app->app_local->keyattr[keyno].ecc.algo = *buffer;
-       app->app_local->keyattr[keyno].ecc.flags = 0;
- 
--      if (APP_CARD(app)->cardtype == CARDTYPE_YUBIKEY
--	  || buffer[buflen-1] == 0x00 || buffer[buflen-1] == 0xff)
--        { /* Found "pubkey required"-byte for private key template.  */
--          oidlen--;
--          if (buffer[buflen-1] == 0xff)
--            app->app_local->keyattr[keyno].ecc.flags |= ECC_FLAG_PUBKEY;
-+      if (APP_CARD(app)->cardtype == CARDTYPE_YUBIKEY)
-+        {
-+          /* Yubikey implementations vary.
-+           * Firmware version 5.2 returns "pubkey required"-byte with
-+           * 0x00, but after removal and second time insertion, it
-+           * returns bogus value there.
-+           * Firmware version 5.4 returns none.
-+           */
-+          curve = ecc_curve (buffer + 1, oidlen);
-+          if (!curve)
-+            curve = ecc_curve (buffer + 1, oidlen - 1);
-+        }
-+      else
-+        {
-+          if (buffer[buflen-1] == 0x00 || buffer[buflen-1] == 0xff)
-+            { /* Found "pubkey required"-byte for private key template.  */
-+              oidlen--;
-+              if (buffer[buflen-1] == 0xff)
-+                app->app_local->keyattr[keyno].ecc.flags |= ECC_FLAG_PUBKEY;
-+            }
-+          curve = ecc_curve (buffer + 1, oidlen);
-         }
--
--      curve = ecc_curve (buffer + 1, oidlen);
- 
-       if (!curve)
-         {
--- 
-2.37.1
-
diff --git a/gnupg2.spec b/gnupg2.spec
index 1baeb26..79be3cf 100644
--- a/gnupg2.spec
+++ b/gnupg2.spec
@@ -3,12 +3,12 @@
 # Releases are occasionally signed with a brainpool key, which we cannot
 # (currently) use.  In such cases, set skip_verify to 1 and manually verify
 # the upstream source.
-%global skip_verify 1
+%global skip_verify 0
 
 Summary: Utility for secure communication and data storage
 Name:    gnupg2
-Version: 2.3.7
-Release: 5%{?dist}
+Version: 2.3.8
+Release: 1%{?dist}
 
 License: GPLv3+
 Source0: https://gnupg.org/ftp/gcrypt/%{?pre:alpha/}gnupg/gnupg-%{version}%{?pre}.tar.bz2
@@ -29,9 +29,6 @@ Patch21: gnupg-2.2.18-gpg-allow-import-of-previously-known-keys-even-without-UI.
 Patch22: gnupg-2.2.18-gpg-accept-subkeys-with-a-good-revocation-but-no-self-sig.patch
 # Fixes for issues found in Coverity scan - reported upstream
 Patch30: gnupg-2.2.21-coverity.patch
-# Fix Yubikey 5 detection (#2107766)
-# https://dev.gnupg.org/rGf34b9147eb3070bce80d53febaa564164cd6c977
-Patch31: gnupg2-yk5.patch
 
 
 URL:     https://www.gnupg.org/
@@ -122,7 +119,6 @@ to the base GnuPG package
 %patch22 -p1 -b .good_revoc
 
 %patch30 -p1 -b .coverity
-%patch31 -p1 -b .yk5
 
 # pcsc-lite library major: 0 in 1.2.0, 1 in 1.2.9+ (dlopen()'d in pcsc-wrapper)
 # Note: this is just the name of the default shared lib to load in scdaemon,
@@ -224,6 +220,9 @@ make -k check
 
 
 %changelog
+* Mon Oct 17 2022 Todd Zullinger <tmz@pobox.com> - 2.3.8-1
+- update to 2.3.8
+
 * Mon Oct 17 2022 Todd Zullinger <tmz@pobox.com> - 2.3.7-5
 - verify upstream signatures in %%prep, unless bootstrapping
 
diff --git a/sources b/sources
index 79eb981..6115bc7 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (gnupg-2.3.7.tar.bz2) = c7fe169050ef17051cdaac9ad476e7ea792483baad1208fc359d568fa9e138d920ecaa2cd9cae73b20f5472a7d8ca6540a62062ff7a06055cc656b0eb4b917b9
-SHA512 (gnupg-2.3.7.tar.bz2.sig) = 0257034b3e7ac390dadb151c656ff59822dacedaddca4ad6b5980b3e03a468ada47553e6a1fcff6a12c64ae2f9c15b245df855cd424b010041df8daaaab9a1b8
+SHA512 (gnupg-2.3.8.tar.bz2) = 6df8b1c53f0112c358f9f9eac732dd4ca13bcec24fc55a7d4a606587da988c5b7bb4c61be52b8b7769f1536dd2043087e6eb5cf224991cb0b2ed38ad00717ee2
+SHA512 (gnupg-2.3.8.tar.bz2.sig) = d97a92c245df997dbff800b25872e9f0769b20e9336b12682b4539fd4fe0e9c2dada7af397b8afeeeba316100b8f4dd86ba96e1dc62cee70158927229b0a015d