diff --git a/SOURCES/0001-Add-limits-to-autopatch-macro.patch b/SOURCES/0001-Add-limits-to-autopatch-macro.patch
new file mode 100644
index 0000000..3235922
--- /dev/null
+++ b/SOURCES/0001-Add-limits-to-autopatch-macro.patch
@@ -0,0 +1,44 @@
+From f00bb5be9caa62220c6aeaf3f7264840d5c089e3 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
+Date: Tue, 5 Feb 2019 18:15:47 +0100
+Subject: [PATCH] Add limits to autopatch macro
+
+Limits allow to apply only range of patches with given parameters.
+Useful if something needs to be done between patch sets. Allows applying
+of patches with different -pX parameter in one spec file.
+
+Resolves: #626
+Co-authored-by: Florian Festi <ffesti@redhat.com>
+---
+ macros.in | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/macros.in b/macros.in
+index 7b5b63020..912ad5997 100644
+--- a/macros.in
++++ b/macros.in
+@@ -1265,11 +1265,19 @@ else\
+ end}
+ 
+ # Automatically apply all patches
+-%autopatch(vp:)\
++# -m<min>       Apply patches with number >= min only
++# -M<max>       Apply patches with number <= max only
++%autopatch(vp:m:M:)\
+ %{lua:\
+ local options = rpm.expand("%{!-v:-q} %{-p:-p%{-p*}} ")\
++local low_limit = tonumber(rpm.expand("%{-m:%{-m*}}"))\
++local high_limit = tonumber(rpm.expand("%{-M:%{-M*}}"))\
+ for i, p in ipairs(patches) do\
+-    print(rpm.expand("%apply_patch -m %{basename:"..p.."}  "..options..p.." "..i.."\\n"))\
++    local inum = patch_nums[i]\
++    if ((not low_limit or inum>=low_limit) and (not high_limit or inum<=high_limit)) \
++    then\
++        print(rpm.expand("%apply_patch -m %{basename:"..p.."}  "..options..p.." "..i.."\\n")) \
++    end\
+ end}
+ 
+ # One macro to (optionally) do it all.
+-- 
+2.26.2
+
diff --git a/SOURCES/0001-Always-close-libelf-handle-1313.patch b/SOURCES/0001-Always-close-libelf-handle-1313.patch
new file mode 100644
index 0000000..81a1296
--- /dev/null
+++ b/SOURCES/0001-Always-close-libelf-handle-1313.patch
@@ -0,0 +1,32 @@
+From 38c03ddb18e86c84d89af695f72442d8365eb64e Mon Sep 17 00:00:00 2001
+From: Florian Festi <ffesti@redhat.com>
+Date: Tue, 21 Jul 2020 10:45:20 +0200
+Subject: [PATCH] Always close libelf handle (#1313)
+
+Otherwise executables that are not proper elf files are leaking libelf
+handles. This results in file being left open (mmap'ed) and fails the
+build on NFS as those files can't be deleted properly there.
+
+Resolves: rhbz#1840728
+See also: https://bugzilla.redhat.com/show_bug.cgi?id=1840728
+---
+ build/files.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/build/files.c b/build/files.c
+index f675306f7..62489c07c 100644
+--- a/build/files.c
++++ b/build/files.c
+@@ -1935,8 +1935,8 @@ static int generateBuildIDs(FileList fl, ARGV_t *files)
+ 			if (terminate)
+ 			    rc = 1;
+ 		    }
+-		    elf_end (elf);
+ 		}
++		elf_end (elf);
+ 		close (fd);
+ 	    }
+ 	}
+-- 
+2.26.2
+
diff --git a/SOURCES/0001-Fix-python-ts.addErase-not-raising-exception-on-not-.patch b/SOURCES/0001-Fix-python-ts.addErase-not-raising-exception-on-not-.patch
new file mode 100644
index 0000000..809f065
--- /dev/null
+++ b/SOURCES/0001-Fix-python-ts.addErase-not-raising-exception-on-not-.patch
@@ -0,0 +1,102 @@
+From 60066aba510b3ff4a7db092021aae71948e3f8be Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Thu, 4 Jun 2020 11:18:01 +0300
+Subject: [PATCH] Fix python ts.addErase() not raising exception on not-found
+ packages
+
+The code would only raise an exception if TransactionSetCore.addErase()
+returned an error, but the catch is that with many kinds of argument
+types we'd silently skip the whole addition because no headers were found.
+This looks to be a regression introduced some eleven years ago in
+commit 9b20c706a4f93266450fae2f94007343b2e8fd9e.
+
+As a special case, a match iterator argument will not raise an exception
+if it doesn't actually match anything.
+
+Fixes: #1214
+---
+ python/rpm/transaction.py | 26 +++++++++++++++-----------
+ tests/rpmpython.at        | 22 ++++++++++++++++++++++
+ 2 files changed, 37 insertions(+), 11 deletions(-)
+
+diff --git a/python/rpm/transaction.py b/python/rpm/transaction.py
+index 7c4a551d3..3c9ddb207 100644
+--- a/python/rpm/transaction.py
++++ b/python/rpm/transaction.py
+@@ -91,14 +91,22 @@ class TransactionSet(TransactionSetCore):
+ 
+     def addErase(self, item):
+         hdrs = []
+-        if isinstance(item, rpm.hdr):
+-            hdrs = [item]
+-        elif isinstance(item, rpm.mi):
++        # match iterators are passed on as-is
++        if isinstance(item, rpm.mi):
+             hdrs = item
+-        elif isinstance(item, int):
+-            hdrs = self.dbMatch(rpm.RPMDBI_PACKAGES, item)
+-        elif isinstance(item, _string_types):
+-            hdrs = self.dbMatch(rpm.RPMDBI_LABEL, item)
++        elif isinstance(item, rpm.hdr):
++            hdrs.append(item)
++        elif isinstance(item, (int, _string_types)):
++            if isinstance(item, int):
++                dbi = rpm.RPMDBI_PACKAGES
++            else:
++                dbi = rpm.RPMDBI_LABEL
++
++            for h in self.dbMatch(dbi, item):
++                hdrs.append(h)
++
++            if not hdrs:
++                raise rpm.error("package not installed")
+         else:
+             raise TypeError("invalid type %s" % type(item))
+ 
+@@ -106,10 +114,6 @@ class TransactionSet(TransactionSetCore):
+             if not TransactionSetCore.addErase(self, h):
+                 raise rpm.error("package not installed")
+ 
+-        # garbage collection should take care but just in case...
+-        if isinstance(hdrs, rpm.mi):
+-            del hdrs
+-
+     def run(self, callback, data):
+         rc = TransactionSetCore.run(self, callback, data, self._probFilter)
+ 
+diff --git a/tests/rpmpython.at b/tests/rpmpython.at
+index 3a7c251f1..de39c8417 100644
+--- a/tests/rpmpython.at
++++ b/tests/rpmpython.at
+@@ -201,6 +201,28 @@ for e in ts:
+ [foo-1.0-1.noarch]
+ )
+ 
++RPMPY_TEST([add erasure to transaction],[
++ts = rpm.ts()
++for i in ['foo', 1234]:
++    myprint('addErase %s' % i)
++    try:
++        ts.addErase(i)
++    except rpm.error as err:
++        myprint(err)
++myprint('addErase mi')
++mi = ts.dbMatch('name', 'foo')
++try:
++    ts.addErase(mi)
++except rpm.error as err:
++    myprint(err)
++],
++[addErase foo
++package not installed
++addErase 1234
++package not installed
++addErase mi]
++)
++
+ RPMPY_TEST([add bogus package to transaction 1],[
+ ts = rpm.ts()
+ h = rpm.hdr()
+-- 
+2.26.2
+
diff --git a/SOURCES/0001-Introduce-patch_nums-and-source_nums-Lua-variables-i.patch b/SOURCES/0001-Introduce-patch_nums-and-source_nums-Lua-variables-i.patch
new file mode 100644
index 0000000..ccf39e3
--- /dev/null
+++ b/SOURCES/0001-Introduce-patch_nums-and-source_nums-Lua-variables-i.patch
@@ -0,0 +1,63 @@
+From 9ad4b813483f8cf6c641f56387248b33b6dfc570 Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Wed, 20 Feb 2019 15:28:30 +0200
+Subject: [PATCH] Introduce patch_nums and source_nums Lua variables in spec
+ context
+
+The pre-existing patches and sources variables only contains patch and
+source filenames, but for some purposes we need access to the associated
+patch/source number too. We could use the number as the table key, but
+that would make the table unsorted. That we could handle in our own
+macros, but would break compatibility for anybody doing custom stuff
+with these. So it seems best to just add parallel arrays sharing the
+same array indexes so that both values are as easily accessible,
+depending on the need.
+
+Inspired by Pascal "Pixel" Rigaux's similar patch in Mageia, which differs
+in that the number-arrays are indexed by the filename and is unordered.
+Compared to patches/sources this seemed against principle of least
+surprise, and is slightly more cumbersome int the case we want the number
+directly, such as in PR #626. The variable names differ so there
+is no incompatibility to that downstream patch introduced.
+---
+ build/parsePreamble.c | 9 +++++++++
+ build/spec.c          | 3 ++-
+ 2 files changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/build/parsePreamble.c b/build/parsePreamble.c
+index 812c41f9f..9520bac4b 100644
+--- a/build/parsePreamble.c
++++ b/build/parsePreamble.c
+@@ -322,6 +322,15 @@ static int addSource(rpmSpec spec, Package pkg, const char *field, rpmTagVal tag
+ 	    rpmluaSetVar(lua, var);
+ 	    rpmluavFree(var);
+ 	    rpmluaPop(lua);
++
++	    what = (flag & RPMBUILD_ISPATCH) ? "patch_nums" : "source_nums";
++	    rpmluaPushTable(lua, what);
++	    var = rpmluavNew();
++	    rpmluavSetListMode(var, 1);
++	    rpmluavSetValueNum(var, p->num);
++	    rpmluaSetVar(lua, var);
++	    rpmluavFree(var);
++	    rpmluaPop(lua);
+ 	}
+ #endif
+ 	free(body);
+diff --git a/build/spec.c b/build/spec.c
+index 80eaca611..55095c6ce 100644
+--- a/build/spec.c
++++ b/build/spec.c
+@@ -305,7 +305,8 @@ rpmSpec newSpec(void)
+ #ifdef WITH_LUA
+     /* make sure patches and sources tables always exist */
+     rpmlua lua = NULL; /* global state */
+-    const char * luavars[] = { "patches", "sources", NULL, };
++    const char * luavars[] = { "patches", "sources",
++			       "patch_nums", "source_nums", NULL, };
+     for (const char **vp = luavars; vp && *vp; vp++) {
+ 	rpmluaDelVar(lua, *vp);
+ 	rpmluaPushTable(lua, *vp);
+-- 
+2.26.2
+
diff --git a/SOURCES/0001-When-doing-the-same-thing-more-than-once-use-a-loop.patch b/SOURCES/0001-When-doing-the-same-thing-more-than-once-use-a-loop.patch
new file mode 100644
index 0000000..9e9ee45
--- /dev/null
+++ b/SOURCES/0001-When-doing-the-same-thing-more-than-once-use-a-loop.patch
@@ -0,0 +1,38 @@
+From 9cbc1fe444b048c3f7cf5ea09ab650d1c146d54a Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Wed, 20 Feb 2019 14:49:19 +0200
+Subject: [PATCH] When doing the same thing more than once, use a loop...
+
+No functional changes but this'll simplify the next commit quite a bit.
+---
+ build/spec.c | 12 +++++-------
+ 1 file changed, 5 insertions(+), 7 deletions(-)
+
+diff --git a/build/spec.c b/build/spec.c
+index e414e4102..80eaca611 100644
+--- a/build/spec.c
++++ b/build/spec.c
+@@ -303,15 +303,13 @@ rpmSpec newSpec(void)
+     spec->pool = rpmstrPoolCreate();
+     
+ #ifdef WITH_LUA
+-    {
+     /* make sure patches and sources tables always exist */
+     rpmlua lua = NULL; /* global state */
+-    rpmluaDelVar(lua, "patches");
+-    rpmluaDelVar(lua, "sources");
+-    rpmluaPushTable(lua, "patches");
+-    rpmluaPushTable(lua, "sources");
+-    rpmluaPop(lua);
+-    rpmluaPop(lua);
++    const char * luavars[] = { "patches", "sources", NULL, };
++    for (const char **vp = luavars; vp && *vp; vp++) {
++	rpmluaDelVar(lua, *vp);
++	rpmluaPushTable(lua, *vp);
++	rpmluaPop(lua);
+     }
+ #endif
+     return spec;
+-- 
+2.26.2
+
diff --git a/SOURCES/0001-Work-around-buggy-signature-region-preventing-resign.patch b/SOURCES/0001-Work-around-buggy-signature-region-preventing-resign.patch
new file mode 100644
index 0000000..54dd45f
--- /dev/null
+++ b/SOURCES/0001-Work-around-buggy-signature-region-preventing-resign.patch
@@ -0,0 +1,44 @@
+From 8fefd2bd21b30996ad0748eab6baadf915610642 Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Thu, 13 Aug 2020 13:29:10 +0300
+Subject: [PATCH] Work around buggy signature region preventing resigning
+ (RhBug:1851508)
+
+Various proprietary packages in the wild have subtly malformed data
+in the signature header, in particular wrt the immutable region size,
+presumably from using some in-house/3rd party signing tools which do
+not understand the immutable region business at all. This can prevent
+resigning and signature deletion on such packages due to the more
+thorough checking that rpmsign does.
+
+As the old wisdom goes, be liberal in what you accept... we can easily
+work around the crud by just taking a fresh copy of the contents that
+are legit as such (otherwise the package would be uninstallable).
+
+
+Adjusted for 4.14.3
+
+--- rpm-4.14.3/sign/rpmgensig.c.orig	2020-10-29 16:00:38.785229048 +0100
++++ rpm-4.14.3/sign/rpmgensig.c	2020-10-29 16:08:55.997791345 +0100
+@@ -401,12 +401,19 @@
+ 
+     if (headerGet(*hdrp, tag, utd, HEADERGET_DEFAULT)) {
+ 	oh = headerCopyLoad(utd->data);
+-	nh = headerCopy(oh);
+-	headerFree(oh);
+ 	rpmtdFreeData(utd);
++    } else {
++	/* XXX should we warn if the immutable region is corrupt/missing? */
++	oh = headerLink(*hdrp);
++    }
++
++    if (oh) {
++	/* Perform a copy to eliminate crud from buggy signing tools etc */
++	nh = headerCopy(oh);
+ 	headerFree(*hdrp);
+ 	*hdrp = headerLink(nh);
+ 	headerFree(nh);
++	headerFree(oh);
+     }
+ }
+ 
diff --git a/SPECS/rpm.spec b/SPECS/rpm.spec
index 1cef8f9..00927d7 100644
--- a/SPECS/rpm.spec
+++ b/SPECS/rpm.spec
@@ -30,7 +30,7 @@
 
 %global rpmver 4.14.3
 #global snapver rc2
-%global rel 4
+%global rel 10
 
 %global srcver %{version}%{?snapver:-%{snapver}}
 %global srcdir %{?snapver:testing}%{!?snapver:%{name}-%(echo %{version} | cut -d'.' -f1-2).x}
@@ -92,6 +92,12 @@ Patch140: 0001-Fix-resource-leaks-on-zstd-open-error-paths.patch
 # XXX should be before 0001-Pass-RPM_BUILD_NCPUS-to-build-scripts.patch
 Patch141: 0001-Isolate-_smp_build_ncpus-and-use-it-for-_smp_mflags.patch
 Patch142: rpm-4.14.3-GPG-Switch-back-to-pipe-7-for-signing.patch
+Patch143: 0001-Work-around-buggy-signature-region-preventing-resign.patch
+Patch144: 0001-Fix-python-ts.addErase-not-raising-exception-on-not-.patch
+Patch145: 0001-Always-close-libelf-handle-1313.patch
+Patch146: 0001-When-doing-the-same-thing-more-than-once-use-a-loop.patch
+Patch147: 0001-Introduce-patch_nums-and-source_nums-Lua-variables-i.patch
+Patch148: 0001-Add-limits-to-autopatch-macro.patch
 
 # Python 3 string API sanity
 Patch500: 0001-In-Python-3-return-all-our-string-data-as-surrogate-.patch
@@ -653,6 +659,20 @@ make check || cat tests/rpmtests.log
 %doc doc/librpm/html/*
 
 %changelog
+* Sun Jan 10 2021 Michal Domonkos <mdomonko@redhat.com> - 4.14.3-10
+- Rebuild for libimaevm soname bump, now for real (#1896046)
+
+* Thu Jan 07 2021 Florian Festi <ffesti@redhat.com> - 4.14.3-8
+- Add limits to autopatch macro (#1834931)
+
+* Thu Dec 03 2020 Michal Domonkos <mdomonko@redhat.com> - 4.14.3-6
+- Rebuild for libimaevm soname bump (#1896046)
+
+* Fri Oct 30 2020 Florian Festi <ffesti@redhat.com> - 4.14.3-5
+- Don't error out when replacing an invalid signature (#1874062)
+- Raise an expection when erasing a package fails in Python (#1872623)
+- Fix builds on NFS filesystems (#1840728)
+
 * Fri Jun 26 2020 Michal Domonkos <mdomonko@redhat.com> - 4.14.3-4
 - Fix hang when signing with expired key (#1746353)