diff --git a/SOURCES/rpm-4.11.x-Fix-Python-hdr-refcount.patch b/SOURCES/rpm-4.11.x-Fix-Python-hdr-refcount.patch
new file mode 100644
index 0000000..99f8420
--- /dev/null
+++ b/SOURCES/rpm-4.11.x-Fix-Python-hdr-refcount.patch
@@ -0,0 +1,72 @@
+From 40326b5724b0cd55a21b2d86eeef344e4826f863 Mon Sep 17 00:00:00 2001
+From: Florian Festi <ffesti@redhat.com>
+Date: Thu, 20 Oct 2016 16:06:06 +0200
+Subject: [PATCH] Do not call headerLink() in hdr_Wrap()
+
+as headers often already have an ref count of 1.
+Add headerLink() only where it is necessary.
+Plugs memory leaks in Python binding
+Resolves: rhbz:#1358467
+---
+ python/header-py.c | 4 ++--
+ python/rpmmi-py.c  | 2 ++
+ python/rpmts-py.c  | 1 -
+ 3 files changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/python/header-py.c b/python/header-py.c
+index 63167d9..5d98f89 100644
+--- a/python/header-py.c
++++ b/python/header-py.c
+@@ -394,6 +394,7 @@ static PyObject *hdr_new(PyTypeObject *subtype, PyObject *args, PyObject *kwds)
+ 	h = headerNew();
+     } else if (CAPSULE_CHECK(obj)) {
+ 	h = CAPSULE_EXTRACT(obj, "rpm._C_Header");
++	headerLink(h);
+     } else if (hdrObject_Check(obj)) {
+ 	h = headerCopy(((hdrObject*) obj)->h);
+     } else if (PyBytes_Check(obj)) {
+@@ -778,8 +779,7 @@ PyObject * hdr_Wrap(PyTypeObject *subtype, Header h)
+ {
+     hdrObject * hdr = (hdrObject *)subtype->tp_alloc(subtype, 0);
+     if (hdr == NULL) return NULL;
+-
+-    hdr->h = headerLink(h);
++    hdr->h = h;
+     return (PyObject *) hdr;
+ }
+ 
+diff --git a/python/rpmmi-py.c b/python/rpmmi-py.c
+index 0e27575..379cafb 100644
+--- a/python/rpmmi-py.c
++++ b/python/rpmmi-py.c
+@@ -1,6 +1,7 @@
+ #include "rpmsystem-py.h"
+ 
+ #include <rpm/rpmdb.h>
++#include <rpm/header.h>
+ 
+ #include "rpmmi-py.h"
+ #include "header-py.h"
+@@ -74,6 +75,7 @@ rpmmi_iternext(rpmmiObject * s)
+ 	s->mi = rpmdbFreeIterator(s->mi);
+ 	return NULL;
+     }
++    headerLink(h);
+     return hdr_Wrap(&hdr_Type, h);
+ }
+ 
+diff --git a/python/rpmts-py.c b/python/rpmts-py.c
+index 13951df..f05371c 100644
+--- a/python/rpmts-py.c
++++ b/python/rpmts-py.c
+@@ -384,7 +384,6 @@ rpmts_HdrFromFdno(rpmtsObject * s, PyObject *arg)
+ 
+     if (rpmrc == RPMRC_OK) {
+ 	ho = hdr_Wrap(&hdr_Type, h);
+-	h = headerFree(h); /* ref held by python object */
+     } else {
+ 	Py_INCREF(Py_None);
+ 	ho = Py_None;
+-- 
+2.9.3
+
diff --git a/SOURCES/rpm-4.11.x-Fix-off-by-one-base64.patch b/SOURCES/rpm-4.11.x-Fix-off-by-one-base64.patch
new file mode 100644
index 0000000..24cca69
--- /dev/null
+++ b/SOURCES/rpm-4.11.x-Fix-off-by-one-base64.patch
@@ -0,0 +1,30 @@
+From 0964912b94f9f48a0a812fbfbb2f996dbd93eff0 Mon Sep 17 00:00:00 2001
+From: Jonathan Wakely <github@kayari.org>
+Date: Wed, 25 May 2016 12:31:19 +0100
+Subject: [PATCH] Fix off-by-one error
+
+There's an off-by-one error in base64_decode_value which results in undefined behaviour:
+
+    void* out;
+    size_t len;
+    rpmBase64Decode("\x7b", &out, &len);
+---
+ rpmio/base64.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/rpmio/base64.c b/rpmio/base64.c
+index 60e67d4..4424aab 100644
+--- a/rpmio/base64.c
++++ b/rpmio/base64.c
+@@ -104,7 +104,7 @@ static int base64_decode_value(unsigned char value_in)
+ {
+ 	static const int decoding[] = {62,-1,-1,-1,63,52,53,54,55,56,57,58,59,60,61,-1,-1,-1,-2,-1,-1,-1,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,-1,-1,-1,-1,-1,-1,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51};
+ 	value_in -= 43;
+-	if (value_in > sizeof(decoding)/sizeof(int))
++	if (value_in >= sizeof(decoding)/sizeof(int))
+ 		return -1;
+ 	return decoding[value_in];
+ }
+-- 
+2.9.3
+
diff --git a/SOURCES/rpm-4.11.x-export-verifysigs-to-python.patch b/SOURCES/rpm-4.11.x-export-verifysigs-to-python.patch
new file mode 100644
index 0000000..76e2e7d
--- /dev/null
+++ b/SOURCES/rpm-4.11.x-export-verifysigs-to-python.patch
@@ -0,0 +1,87 @@
+diff -up rpm-4.11.3/lib/rpmchecksig.c.orig rpm-4.11.3/lib/rpmchecksig.c
+--- rpm-4.11.3/lib/rpmchecksig.c.orig	2013-11-22 11:31:31.000000000 +0100
++++ rpm-4.11.3/lib/rpmchecksig.c	2017-03-15 18:18:20.688251955 +0100
+@@ -242,8 +242,8 @@ static void formatResult(rpmTagVal sigta
+     free(msg);
+ }
+ 
+-static int rpmpkgVerifySigs(rpmKeyring keyring, rpmQueryFlags flags,
+-			   FD_t fd, const char *fn)
++int rpmpkgVerifySigs(rpmKeyring keyring, rpmQueryFlags flags, FD_t fd,
++                     const char *fn)
+ {
+ 
+     char *buf = NULL;
+diff -up rpm-4.11.3/lib/rpmcli.h.orig rpm-4.11.3/lib/rpmcli.h
+--- rpm-4.11.3/lib/rpmcli.h.orig	2014-02-05 14:04:02.000000000 +0100
++++ rpm-4.11.3/lib/rpmcli.h	2017-03-15 18:18:20.689251950 +0100
+@@ -254,6 +254,17 @@ int showVerifyPackage(QVA_t qva, rpmts t
+  */
+ int rpmVerifySignatures(QVA_t qva, rpmts ts, FD_t fd, const char * fn);
+ 
++/**
++ * Check package and header signatures.
++ * @param keyring	keyring handle
++ * @param flags		flags to control what to verify
++ * @param fd		package file handle
++ * @param fn		package file name
++ * @return		0 on success, 1 on failure
++ */
++int rpmpkgVerifySigs(rpmKeyring keyring, rpmQueryFlags flags, FD_t fd,
++                     const char *fn);
++
+ /** \ingroup rpmcli
+  * Verify package install.
+  * @todo hack: RPMQV_ALL can pass char ** arglist = NULL, not char * arg. Union?
+diff -up rpm-4.11.3/python/rpmts-py.c.orig rpm-4.11.3/python/rpmts-py.c
+--- rpm-4.11.3/python/rpmts-py.c.orig	2014-02-05 14:04:02.000000000 +0100
++++ rpm-4.11.3/python/rpmts-py.c	2017-03-15 18:18:20.689251950 +0100
+@@ -7,6 +7,8 @@
+ #include <rpm/rpmpgp.h>
+ #include <rpm/rpmdb.h>
+ #include <rpm/rpmbuild.h>
++#include <rpm/rpmcli.h>
++#include <rpm/rpmkeyring.h>
+ 
+ #include "header-py.h"
+ #include "rpmds-py.h"	/* XXX for rpmdsNew */
+@@ -671,6 +672,24 @@ exit:
+     return mio;
+ }
+ 
++static PyObject *
++rpmts_VerifySigs(rpmtsObject * s, PyObject * args)
++{
++    rpmfdObject *fdo = NULL;
++    char *fn = NULL;
++    rpmQueryFlags flags = (VERIFY_DIGEST|VERIFY_SIGNATURE);
++    int rc = 1;
++
++    if (!PyArg_ParseTuple(args, "O&s|i:VerifySigs", rpmfdFromPyObject, &fdo,
++                          &fn, &flags))
++        return NULL;
++
++    rpmKeyring keyring = rpmtsGetKeyring(s->ts, 1);
++    rc = rpmpkgVerifySigs(keyring, flags, rpmfdGetFd(fdo), fn);
++    rpmKeyringFree(keyring);
++    return PyBool_FromLong(rc == 0);
++}
++
+ static struct PyMethodDef rpmts_methods[] = {
+  {"addInstall",	(PyCFunction) rpmts_AddInstall,	METH_VARARGS,
+ 	NULL },
+@@ -729,6 +748,14 @@ Remove all elements from the transaction
+  {"dbIndex",     (PyCFunction) rpmts_index,	METH_VARARGS|METH_KEYWORDS,
+ "ts.dbIndex(TagN) -> ii\n\
+ - Create a key iterator for the default transaction rpmdb.\n" },
++ {"_verifySigs",         (PyCFunction) rpmts_VerifySigs, METH_VARARGS,
++  "ts._verifySigs(fdno, fn, [flags]) -- Verify package signature\n\n"
++  "Returns True if it verifies, False otherwise.\n\n"
++  "Args:\n"
++  "  fdno  : file descriptor of the package to verify\n"
++  "  fn    : package file name (just for logging purposes)\n"
++  "  flags : bitfield to control what to verify\n"
++  "          (default is rpm.VERIFY_SIGNATURE | rpm.VERIFY_DIGEST)"},
+     {NULL,		NULL}		/* sentinel */
+ };
+ 
diff --git a/SOURCES/rpm-4.11.x-perl.req-skip-my-var-block.patch b/SOURCES/rpm-4.11.x-perl.req-skip-my-var-block.patch
new file mode 100644
index 0000000..61ef41b
--- /dev/null
+++ b/SOURCES/rpm-4.11.x-perl.req-skip-my-var-block.patch
@@ -0,0 +1,39 @@
+From 4a9b7f547ce1bb6b0b352d2e29ae4b0d3bddebfb Mon Sep 17 00:00:00 2001
+From: Florian Festi <ffesti@redhat.com>
+Date: Mon, 13 Mar 2017 11:20:11 +0100
+Subject: [PATCH] perl.req: Also skip blocks with my var = <<
+
+Before only
+var = <<BLOCK
+ foo
+BLOCK
+
+was skipped.
+
+But
+
+my var = <<BLOCK
+
+is also valid perl and needs to be skipped for dependency scanning.
+---
+ scripts/perl.req | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/scripts/perl.req b/scripts/perl.req
+index 7155518..52bd301 100755
+--- a/scripts/perl.req
++++ b/scripts/perl.req
+@@ -104,8 +104,8 @@ sub process_file {
+ 
+     # skip the "= <<" block
+ 
+-    if (m/^\s*\$(?:.*)\s*=\s*<<\s*(["'`])(.+?)\1/ ||
+-        m/^\s*\$(.*)\s*=\s*<<(\w+)\s*;/) {
++    if (m/^\s*(?:my\s*)?\$(?:.*)\s*=\s*<<\s*(["'`])(.+?)\1/ ||
++        m/^\s*(?:my\s*)?\$(.*)\s*=\s*<<(\w+)\s*;/) {
+       $tag = $2;
+       while (<FILE>) {
+         chomp;
+-- 
+2.9.3
+
diff --git a/SOURCES/rpm-4.11.x-sources-to-lua-variables.patch b/SOURCES/rpm-4.11.x-sources-to-lua-variables.patch
new file mode 100644
index 0000000..a5ea75d
--- /dev/null
+++ b/SOURCES/rpm-4.11.x-sources-to-lua-variables.patch
@@ -0,0 +1,43 @@
+From 344f938670b8f7400ef177945cef5552783d450f Mon Sep 17 00:00:00 2001
+From: Lubos Kardos <lkardos@redhat.com>
+Date: Fri, 10 Apr 2015 17:28:17 +0200
+Subject: [PATCH] Fix adding of sources to lua variables during recursive
+ parsing of spec
+
+- Before this fix sources and patches weren't added to lua variables
+  "sources" and "patches" if they were located in spec file after tag
+  "BuildArch". Now it works.(rhbz:#1084309)
+---
+ build/parsePreamble.c | 2 +-
+ build/spec.c          | 2 ++
+ 2 files changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/build/parsePreamble.c b/build/parsePreamble.c
+index 21160cd..521068c 100644
+--- a/build/parsePreamble.c
++++ b/build/parsePreamble.c
+@@ -308,7 +308,7 @@ static int addSource(rpmSpec spec, Package pkg, const char *field, rpmTagVal tag
+ 	addMacro(spec->macros, buf, NULL, p->fullSource, RMIL_SPEC);
+ 	free(buf);
+ #ifdef WITH_LUA
+-	if (!spec->recursing) {
++	{
+ 	    rpmlua lua = NULL; /* global state */
+ 	    const char * what = (flag & RPMBUILD_ISPATCH) ? "patches" : "sources";
+ 	    rpmluaPushTable(lua, what);
+diff --git a/build/spec.c b/build/spec.c
+index d06e2c1..1db5d15 100644
+--- a/build/spec.c
++++ b/build/spec.c
+@@ -239,6 +239,8 @@ rpmSpec newSpec(void)
+     {
+     /* make sure patches and sources tables always exist */
+     rpmlua lua = NULL; /* global state */
++    rpmluaDelVar(lua, "patches");
++    rpmluaDelVar(lua, "sources");
+     rpmluaPushTable(lua, "patches");
+     rpmluaPushTable(lua, "sources");
+     rpmluaPop(lua);
+-- 
+2.9.3
+
diff --git a/SOURCES/rpm-4.11.x-verify-data-range.patch b/SOURCES/rpm-4.11.x-verify-data-range.patch
new file mode 100644
index 0000000..a90614c
--- /dev/null
+++ b/SOURCES/rpm-4.11.x-verify-data-range.patch
@@ -0,0 +1,96 @@
+Adjusted lib/package.c section to apply, and 4.11.x requires the
+same change in lib/signature.c as well.
+
+From 89dce2b91d7d73a1e225461a7392c3d6d7a30a95 Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Wed, 19 Oct 2016 14:48:08 +0300
+Subject: [PATCH] Verify data is within range and does not overlap in
+ headerVerifyInfo()
+
+Checking whether data start offset is within header data area is of no use
+whatsoever if the entire chunk doesn't fit. Validate the entire data
+fits within range and that it does not overlap, however with string
+types we can only check the array size is sane but we cant check the
+actual content.
+
+Adjust the upper limit for region trailer in headerVerifyRegion() so
+it fits the new rules, but in reality calling headerVerifyInfo() for
+the region tags is rather pointless since they're so different.
+
+Partial fix for RhBug:1373107.
+---
+ lib/header.c  | 21 ++++++++++++++++-----
+ lib/package.c |  2 +-
+ 2 files changed, 17 insertions(+), 6 deletions(-)
+
+diff --git a/lib/header.c b/lib/header.c
+index 7f7c115..cac5c94 100644
+--- a/lib/header.c
++++ b/lib/header.c
+@@ -196,7 +196,8 @@ int headerVerifyInfo(int il, int dl, const void * pev, void * iv, int negate)
+ {
+     entryInfo pe = (entryInfo) pev;
+     entryInfo info = iv;
+-    int i;
++    int i, tsize;
++    int32_t end = 0;
+ 
+     for (i = 0; i < il; i++) {
+ 	info->tag = ntohl(pe[i].tag);
+@@ -206,16 +207,26 @@ int headerVerifyInfo(int il, int dl, const void * pev, void * iv, int negate)
+ 	    info->offset = -info->offset;
+ 	info->count = ntohl(pe[i].count);
+ 
++	/* Previous data must not overlap */
++	if (end > info->offset)
++	    return i;
++
+ 	if (hdrchkType(info->type))
+ 	    return i;
+ 	if (hdrchkAlign(info->type, info->offset))
+ 	    return i;
+-	if (hdrchkRange(dl, info->offset))
+-	    return i;
+-	if (hdrchkData(info->count))
+-	    return i;
+ 
++	/* For string types we can only check the array size is sane */
++	tsize = typeSizes[info->type];
++	if (tsize < 1)
++	    tsize = 1;
++
++	/* Verify the data actually fits */
++	end = info->offset + (info->count * tsize);
++	if (hdrchkRange(dl, end))
++	    return i;
+     }
++
+     return -1;
+ }
+
+diff --git a/lib/package.c b/lib/package.c
+index b6bea09..bb83163 100644
+--- a/lib/package.c
++++ b/lib/package.c
+@@ -339,7 +339,7 @@ static rpmRC headerVerify(rpmKeyring keyring, rpmVSFlags vsflags,
+     (void) memcpy(&info, regionEnd, REGION_TAG_COUNT);
+     regionEnd += REGION_TAG_COUNT;
+ 
+-    if (headerVerifyInfo(1, il * sizeof(*pe), &info, &entry.info, 1) != -1 ||
++    if (headerVerifyInfo(1, il * sizeof(*pe) + REGION_TAG_COUNT, &info, &entry.info, 1) != -1 ||
+ 	!(entry.info.tag == RPMTAG_HEADERIMMUTABLE
+        && entry.info.type == REGION_TAG_TYPE
+        && entry.info.count == REGION_TAG_COUNT))
+diff --git a/lib/signature.c b/lib/signature.c
+index d8017dc..ddf2eb8 100644
+--- a/lib/signature.c
++++ b/lib/signature.c
+@@ -165,7 +165,7 @@ rpmRC rpmReadSignature(FD_t fd, Header * sighp, sigType sig_type, char ** msg)
+ 	}
+ 	dataEnd += REGION_TAG_COUNT;
+ 
+-	xx = headerVerifyInfo(1, il * sizeof(*pe), &info, &entry.info, 1);
++	xx = headerVerifyInfo(1, il * sizeof(*pe) + REGION_TAG_COUNT, &info, &entry.info, 1);
+ 	if (xx != -1 ||
+ 	    !((entry.info.tag == RPMTAG_HEADERSIGNATURES || entry.info.tag == RPMTAG_HEADERIMAGE)
+ 	   && entry.info.type == REGION_TAG_TYPE
diff --git a/SPECS/rpm.spec b/SPECS/rpm.spec
index 42a5afb..8b445aa 100644
--- a/SPECS/rpm.spec
+++ b/SPECS/rpm.spec
@@ -21,7 +21,7 @@
 Summary: The RPM package management system
 Name: rpm
 Version: %{rpmver}
-Release: %{?snapver:0.%{snapver}.}21%{?dist}
+Release: %{?snapver:0.%{snapver}.}25%{?dist}
 Group: System Environment/Base
 Url: http://www.rpm.org/
 Source0: http://rpm.org/releases/rpm-4.11.x/%{name}-%{srcver}.tar.bz2
@@ -77,6 +77,11 @@ Patch174: rpm-4.11.x-define-PY_SSIZE_T_CLEAN.patch
 Patch175: rpm-4.11.x-python-binding-test-case.patch
 Patch176: rpm-4.11.x-Add-noplugins.patch
 Patch177: rpm-4.11.x-no-longer-config.patch
+Patch178: rpm-4.11.x-Fix-off-by-one-base64.patch
+Patch179: rpm-4.11.x-sources-to-lua-variables.patch
+Patch180: rpm-4.11.x-Fix-Python-hdr-refcount.patch
+Patch181: rpm-4.11.x-perl.req-skip-my-var-block.patch
+Patch182: rpm-4.11.x-verify-data-range.patch
 
 # Filter soname dependencies by name
 Patch200: rpm-4.11.x-filter-soname-deps.patch
@@ -101,6 +106,7 @@ Patch310: rpm-4.11.x-CVE-2014-8118.patch
 Patch311: rpm-4.11.3-update-config.guess.patch
 Patch312: rpm-4.11.x-man-systemd-inhibit.patch
 Patch313: rpm-4.11.x-quiet-signing.patch
+Patch314: rpm-4.11.x-export-verifysigs-to-python.patch
 
 # Temporary Patch to provide support for updates
 Patch400: rpm-4.10.90-rpmlib-filesystem-check.patch
@@ -324,7 +330,11 @@ Requires: rpm-libs%{_isa} = %{version}-%{release}
 %patch175 -p1 -b .py_size_test
 %patch176 -p1 -b .noplugins
 %patch177 -p1 -b .noconfig
-
+%patch178 -p1 -b .offbyone
+%patch179 -p1 -b .sourceslua
+%patch180 -p1 -b .hdrrefcnt
+%patch181 -p1 -b .perlblock
+%patch182 -p1 -b .verifysignature
 
 %patch200 -p1 -b .filter-soname-deps
 %patch201 -p1 -b .dont-filter-ld64
@@ -341,6 +351,7 @@ Requires: rpm-libs%{_isa} = %{version}-%{release}
 %patch311 -p1 -b .config.guess
 %patch312 -p1 -b .man-inhibit
 %patch313 -p1 -b .quiet-sign
+%patch314 -p1 -b .verifysig
 
 %patch400 -p1 -b .rpmlib-filesystem-check
 %patch401 -p1 -b .disable-collection-plugins
@@ -482,7 +493,6 @@ exit 0
 %{_bindir}/rpmverify
 
 %{_mandir}/man8/rpm.8*
-%{_mandir}/man8/rpm-plugin-systemd-inhibit.8*
 %{_mandir}/man8/rpmdb.8*
 %{_mandir}/man8/rpmkeys.8*
 %{_mandir}/man8/rpm2cpio.8*
@@ -521,6 +531,7 @@ exit 0
 %files plugin-systemd-inhibit
 %{_libdir}/rpm-plugins
 %{_libdir}/rpm-plugins/systemd_inhibit.so
+%{_mandir}/man8/rpm-plugin-systemd-inhibit.8*
 %endif
 
 %files build-libs
@@ -582,6 +593,22 @@ exit 0
 %doc COPYING doc/librpm/html/*
 
 %changelog
+* Fri Mar 17 2017 Panu Matilainen <pmatilai@redhat.com> - 4.11.3-25
+- Really fix #1371487
+
+* Thu Mar 16 2017 Florian Festi <ffesti@redhat.com> - 4.11.3-24
+- Fix include in patch for #1343692
+- Disable patch for (#1371487) temporarily
+
+* Mon Mar 13 2017 Florian Festi <ffesti@redhat.com> - 4.11.3-22
+- Move rpm-plugin-systemd-inhibit man page to that package (#1360706)
+- Fix off by one error in base64 code (#1341913)
+- Add sources to lua to prevent %%autosetup failing in some cases (#1359084)
+- Fix refcounting for Python hdr objects (#1358467)
+- Perl dependecy generator: Skip blocks after variable definitions (#1378307)
+- Verify signatures properly (#1371487)
+- Export function in Python binding for yum (#1343692)
+
 * Tue Jul 26 2016 Florian Festi <ffesti@redhat.com> - 4.11.3-21
 - Fix --sign for rpmbuild with --quiet (#1293483)
 - Adjusted fix for --noplugins option (#1264031)