diff --git a/SOURCES/rpm-4.14.3-GPG-Switch-back-to-pipe-7-for-signing.patch b/SOURCES/rpm-4.14.3-GPG-Switch-back-to-pipe-7-for-signing.patch
new file mode 100644
index 0000000..8e4e835
--- /dev/null
+++ b/SOURCES/rpm-4.14.3-GPG-Switch-back-to-pipe-7-for-signing.patch
@@ -0,0 +1,186 @@
+diff -up rpm-4.14.3/sign/rpmgensig.c.orig rpm-4.14.3/sign/rpmgensig.c
+--- rpm-4.14.3/sign/rpmgensig.c.orig	2020-06-26 15:57:43.781333983 +0200
++++ rpm-4.14.3/sign/rpmgensig.c	2020-06-26 15:58:29.819229616 +0200
+@@ -8,7 +8,6 @@
+ #include <errno.h>
+ #include <sys/wait.h>
+ #include <popt.h>
+-#include <libgen.h>
+ 
+ #include <rpm/rpmlib.h>			/* RPMSIGTAG & related */
+ #include <rpm/rpmmacro.h>
+@@ -33,68 +32,6 @@ typedef struct sigTarget_s {
+     rpm_loff_t size;
+ } *sigTarget;
+ 
+-/*
+- * There is no function for creating unique temporary fifos so create
+- * unique temporary directory and then create fifo in it.
+- */
+-static char *mkTempFifo(void)
+-{
+-    char *tmppath = NULL, *tmpdir = NULL, *fifofn = NULL;
+-    mode_t mode;
+-
+-    tmppath = rpmExpand("%{_tmppath}", NULL);
+-    if (rpmioMkpath(tmppath, 0755, (uid_t) -1, (gid_t) -1))
+-	goto exit;
+-
+-
+-    tmpdir = rpmGetPath(tmppath, "/rpm-tmp.XXXXXX", NULL);
+-    mode = umask(0077);
+-    tmpdir = mkdtemp(tmpdir);
+-    umask(mode);
+-    if (tmpdir == NULL) {
+-	rpmlog(RPMLOG_ERR, _("error creating temp directory %s: %m\n"),
+-	    tmpdir);
+-	tmpdir = _free(tmpdir);
+-	goto exit;
+-    }
+-
+-    fifofn = rpmGetPath(tmpdir, "/fifo", NULL);
+-    if (mkfifo(fifofn, 0600) == -1) {
+-	rpmlog(RPMLOG_ERR, _("error creating fifo %s: %m\n"), fifofn);
+-	fifofn = _free(fifofn);
+-    }
+-
+-exit:
+-    if (fifofn == NULL && tmpdir != NULL)
+-	unlink(tmpdir);
+-
+-    free(tmppath);
+-    free(tmpdir);
+-
+-    return fifofn;
+-}
+-
+-/* Delete fifo and then temporary directory in which it was located */
+-static int rpmRmTempFifo(const char *fn)
+-{
+-    int rc = 0;
+-    char *dfn = NULL, *dir = NULL;
+-
+-    if ((rc = unlink(fn)) != 0) {
+-	rpmlog(RPMLOG_ERR, _("error delete fifo %s: %m\n"), fn);
+-	return rc;
+-    }
+-
+-    dfn = xstrdup(fn);
+-    dir = dirname(dfn);
+-
+-    if ((rc = rmdir(dir)) != 0)
+-	rpmlog(RPMLOG_ERR, _("error delete directory %s: %m\n"), dir);
+-    free(dfn);
+-
+-    return rc;
+-}
+-
+ static int closeFile(FD_t *fdp)
+ {
+     if (fdp == NULL || *fdp == NULL)
+@@ -241,27 +178,38 @@ exit:
+ static int runGPG(sigTarget sigt, const char *sigfile)
+ {
+     int pid = 0, status;
+-    FD_t fnamedPipe = NULL;
+-    char *namedPipeName = NULL;
++    int pipefd[2];
++    FILE *fpipe = NULL;
+     unsigned char buf[BUFSIZ];
+     ssize_t count;
+     ssize_t wantCount;
+     rpm_loff_t size;
+     int rc = 1; /* assume failure */
+ 
+-    namedPipeName = mkTempFifo();
++    if (pipe(pipefd) < 0) {
++        rpmlog(RPMLOG_ERR, _("Could not create pipe for signing: %m\n"));
++        goto exit;
++    }
+ 
+-    rpmPushMacro(NULL, "__plaintext_filename", NULL, namedPipeName, -1);
++    rpmPushMacro(NULL, "__plaintext_filename", NULL, "-", -1);
+     rpmPushMacro(NULL, "__signature_filename", NULL, sigfile, -1);
+ 
+     if (!(pid = fork())) {
+ 	char *const *av;
+ 	char *cmd = NULL;
+-	const char *gpg_path = rpmExpand("%{?_gpg_path}", NULL);
++	const char *tty = ttyname(STDIN_FILENO);
++	const char *gpg_path = NULL;
++
++	if (!getenv("GPG_TTY") && (!tty || setenv("GPG_TTY", tty, 0)))
++	    rpmlog(RPMLOG_WARNING, _("Could not set GPG_TTY to stdin: %m\n"));
+ 
++	gpg_path = rpmExpand("%{?_gpg_path}", NULL);
+ 	if (gpg_path && *gpg_path != '\0')
+ 	    (void) setenv("GNUPGHOME", gpg_path, 1);
+ 
++	dup2(pipefd[0], STDIN_FILENO);
++	close(pipefd[1]);
++
+ 	unsetenv("MALLOC_CHECK_");
+ 	cmd = rpmExpand("%{?__gpg_sign_cmd}", NULL);
+ 	rc = poptParseArgvString(cmd, NULL, (const char ***)&av);
+@@ -276,9 +224,10 @@ static int runGPG(sigTarget sigt, const
+     rpmPopMacro(NULL, "__plaintext_filename");
+     rpmPopMacro(NULL, "__signature_filename");
+ 
+-    fnamedPipe = Fopen(namedPipeName, "w");
+-    if (!fnamedPipe) {
+-	rpmlog(RPMLOG_ERR, _("Fopen failed\n"));
++    close(pipefd[0]);
++    fpipe = fdopen(pipefd[1], "w");
++    if (!fpipe) {
++	rpmlog(RPMLOG_ERR, _("Could not open pipe for writing: %m\n"));
+ 	goto exit;
+     }
+ 
+@@ -291,8 +240,8 @@ static int runGPG(sigTarget sigt, const
+     size = sigt->size;
+     wantCount = size < sizeof(buf) ? size : sizeof(buf);
+     while ((count = Fread(buf, sizeof(buf[0]), wantCount, sigt->fd)) > 0) {
+-	Fwrite(buf, sizeof(buf[0]), count, fnamedPipe);
+-	if (Ferror(fnamedPipe)) {
++	fwrite(buf, sizeof(buf[0]), count, fpipe);
++	if (ferror(fpipe)) {
+ 	    rpmlog(RPMLOG_ERR, _("Could not write to pipe\n"));
+ 	    goto exit;
+ 	}
+@@ -304,8 +253,13 @@ static int runGPG(sigTarget sigt, const
+ 		sigt->fileName, Fstrerror(sigt->fd));
+ 	goto exit;
+     }
+-    Fclose(fnamedPipe);
+-    fnamedPipe = NULL;
++
++exit:
++
++    if (fpipe)
++	fclose(fpipe);
++    if (pipefd[1])
++	close(pipefd[1]);
+ 
+     (void) waitpid(pid, &status, 0);
+     pid = 0;
+@@ -314,20 +268,6 @@ static int runGPG(sigTarget sigt, const
+     } else {
+ 	rc = 0;
+     }
+-
+-exit:
+-
+-    if (fnamedPipe)
+-	Fclose(fnamedPipe);
+-
+-    if (pid)
+-	waitpid(pid, &status, 0);
+-
+-    if (namedPipeName) {
+-	rpmRmTempFifo(namedPipeName);
+-	free(namedPipeName);
+-    }
+-
+     return rc;
+ }
+ 
diff --git a/SPECS/rpm.spec b/SPECS/rpm.spec
index 3677afc..1cef8f9 100644
--- a/SPECS/rpm.spec
+++ b/SPECS/rpm.spec
@@ -30,7 +30,7 @@
 
 %global rpmver 4.14.3
 #global snapver rc2
-%global rel 3
+%global rel 4
 
 %global srcver %{version}%{?snapver:-%{snapver}}
 %global srcdir %{?snapver:testing}%{!?snapver:%{name}-%(echo %{version} | cut -d'.' -f1-2).x}
@@ -91,6 +91,7 @@ Patch139: 0001-Make-check-buildroot-check-the-build-files-in-parall.patch
 Patch140: 0001-Fix-resource-leaks-on-zstd-open-error-paths.patch
 # XXX should be before 0001-Pass-RPM_BUILD_NCPUS-to-build-scripts.patch
 Patch141: 0001-Isolate-_smp_build_ncpus-and-use-it-for-_smp_mflags.patch
+Patch142: rpm-4.14.3-GPG-Switch-back-to-pipe-7-for-signing.patch
 
 # Python 3 string API sanity
 Patch500: 0001-In-Python-3-return-all-our-string-data-as-surrogate-.patch
@@ -652,6 +653,9 @@ make check || cat tests/rpmtests.log
 %doc doc/librpm/html/*
 
 %changelog
+* Fri Jun 26 2020 Michal Domonkos <mdomonko@redhat.com> - 4.14.3-4
+- Fix hang when signing with expired key (#1746353)
+
 * Wed May 13 2020 Panu Matilainen <pmatilai@redhat.com> - 4.14.3-3
 - Fix configure option for --with ndb (#1817010, Matthew Almond)