import rpm-4.14.3-23.el8

SOURCES/rpm-4.14.3-add-path-query-option.patch

@@ -0,0 +1,197 @@
+From 013cd4ba63c35fa75feeccde0022d56e68bc5845 Mon Sep 17 00:00:00 2001
+From: Michal Domonkos <mdomonko@redhat.com>
+Date: Mon, 16 Aug 2021 18:21:02 +0200
+Subject: [PATCH] Add support for RPMDBI_BASENAMES on file queries
+
+There are legitimate reasons (such as rhbz#1940895 or the included test)
+for wanting the former behavior where all file states were considered in
+file queries prior to commit 9ad57bda4a82b9847826daa766b4421d877bb3d9,
+so celebrate the tenth anniversary of that commit by adding a CLI switch
+(a new package selector --path), as contemplated back then.
+
+Update the man page for --file to reflect it's current behavior and make
+--path that more obvious.
+
+Resolves: rhbz#1940895
+
+Combined with:
+d1aebda01033bc8ba0d748b49f6fad9a5c0caa3f
+f62b6d27cd741406a52a7e9c5b1d6f581dbd3af8
+
+Backported for 4.14.3.
+---
+ doc/rpm.8         |  9 ++++++--
+ lib/poptQV.c      |  6 +++++-
+ lib/query.c       |  7 +++++--
+ lib/rpmcli.h      |  1 +
+ tests/rpmquery.at | 52 +++++++++++++++++++++++++++++++++++++++++++++++
+ 5 files changed, 70 insertions(+), 5 deletions(-)
+
+diff --git a/doc/rpm.8 b/doc/rpm.8
+index 15a3db25f..74604c8ec 100644
+--- a/doc/rpm.8
++++ b/doc/rpm.8
+@@ -57,7 +57,7 @@ rpm \- RPM Package Manager
+ .PP
+ 
+  [\fB\fIPACKAGE_NAME\fB\fR]
+- [\fB-a,--all [\fISELECTOR\fR]\fR] [\fB-f,--file \fIFILE\fB\fR]
++ [\fB-a,--all [\fISELECTOR\fR]\fR] [\fB-f,--file \fIFILE\fB\fR] [\fB--path \fIPATH\fB\fR]
+  [\fB-g,--group \fIGROUP\fB\fR] {\fB-p,--package \fIPACKAGE_FILE\fB\fR]
+  [\fB--hdrid \fISHA1\fB\fR] [\fB--pkgid \fIMD5\fB\fR] [\fB--tid \fITID\fB\fR]
+  [\fB--querybynumber \fIHDRNUM\fB\fR] [\fB--triggeredby \fIPACKAGE_NAME\fB\fR]
+@@ -555,7 +555,7 @@ starts with "b".
+ List duplicated packages.
+ .TP
+ \fB-f, --file \fIFILE\fB\fR
+-Query package owning \fIFILE\fR.
++Query package owning installed \fIFILE\fR.
+ .TP
+ \fB--filecaps\fR
+ List file names with POSIX1.e capabilities.
+@@ -598,6 +598,11 @@ that will be expanded to paths that are substituted in place of
+ the package manifest as additional \fIPACKAGE_FILE\fR
+ arguments to the query.
+ .TP
++\fB--path \fIPATH\fB\fR
++Query package(s) owning \fIPATH\fR, whether the file is installed or not.
++Multiple packages may own a \fIPATH\fR, but the file is only owned by the
++package installed last.
++.TP
+ \fB--pkgid \fIMD5\fB\fR
+ Query package that contains a given package identifier, i.e. the
+ \fIMD5\fR digest of the combined header and
+diff --git a/lib/poptQV.c b/lib/poptQV.c
+index 9021d7b3c..f752d8b82 100644
+--- a/lib/poptQV.c
++++ b/lib/poptQV.c
+@@ -27,6 +27,7 @@ struct rpmQVKArguments_s rpmQVKArgs;
+ #define POPT_WHATENHANCES	-1014
+ #define POPT_WHATOBSOLETES	-1015
+ #define POPT_WHATCONFLICTS	-1016
++#define POPT_QUERYBYPATH	-1017
+ 
+ /* ========== Query/Verify/Signature source args */
+ static void rpmQVSourceArgCallback( poptContext con,
+@@ -58,6 +59,7 @@ static void rpmQVSourceArgCallback( poptContext con,
+     case POPT_WHATSUPPLEMENTS: qva->qva_source |= RPMQV_WHATSUPPLEMENTS; break;
+     case POPT_WHATENHANCES: qva->qva_source |= RPMQV_WHATENHANCES; break;
+     case POPT_TRIGGEREDBY: qva->qva_source |= RPMQV_TRIGGEREDBY; break;
++    case POPT_QUERYBYPATH: qva->qva_source |= RPMQV_PATH_ALL; break;
+     case POPT_QUERYBYPKGID: qva->qva_source |= RPMQV_PKGID; break;
+     case POPT_QUERYBYHDRID: qva->qva_source |= RPMQV_HDRID; break;
+     case POPT_QUERYBYTID: qva->qva_source |= RPMQV_TID; break;
+@@ -80,7 +82,9 @@ struct poptOption rpmQVSourcePoptTable[] = {
+  { "checksig", 'K', POPT_ARGFLAG_DOC_HIDDEN, NULL, 'K',
+ 	N_("rpm checksig mode"), NULL },
+  { "file", 'f', 0, 0, 'f',
+-	N_("query/verify package(s) owning file"), "FILE" },
++	N_("query/verify package(s) owning installed file"), "FILE" },
++ { "path", '\0', 0, 0, POPT_QUERYBYPATH,
++	N_("query/verify package(s) owning path, installed or not"), "PATH" },
+  { "group", 'g', 0, 0, 'g',
+ 	N_("query/verify package(s) in group"), "GROUP" },
+  { "package", 'p', 0, 0, 'p',
+diff --git a/lib/query.c b/lib/query.c
+index 26cdecf10..e6ea1fa2d 100644
+--- a/lib/query.c
++++ b/lib/query.c
+@@ -440,6 +440,7 @@ static rpmdbMatchIterator initQueryIterator(QVA_t qva, rpmts ts, const char * ar
+ 	}
+ 	/* fallthrough on absolute and relative paths */
+     case RPMQV_PATH:
++    case RPMQV_PATH_ALL:
+     {   char * fn;
+ 
+ 	for (s = arg; *s != '\0'; s++)
+@@ -458,8 +459,10 @@ static rpmdbMatchIterator initQueryIterator(QVA_t qva, rpmts ts, const char * ar
+ 	    fn = xstrdup(arg);
+ 	(void) rpmCleanPath(fn);
+ 
+-	/* XXX Add a switch to enable former BASENAMES behavior? */
+-	mi = rpmtsInitIterator(ts, RPMDBI_INSTFILENAMES, fn, 0);
++	rpmDbiTagVal tag = RPMDBI_INSTFILENAMES;
++	if (qva->qva_source == RPMQV_PATH_ALL)
++	    tag = RPMDBI_BASENAMES;
++	mi = rpmtsInitIterator(ts, tag, fn, 0);
+ 	if (mi == NULL)
+ 	    mi = rpmtsInitIterator(ts, RPMDBI_PROVIDENAME, fn, 0);
+ 
+diff --git a/lib/rpmcli.h b/lib/rpmcli.h
+index 99af2585a..c0d07d137 100644
+--- a/lib/rpmcli.h
++++ b/lib/rpmcli.h
+@@ -102,6 +102,7 @@ enum rpmQVSources_e {
+     RPMQV_SPECBUILTRPMS,	/*!< ... from pkgs which would be built from spec */
+     RPMQV_WHATOBSOLETES,	/*!< ... from obsoletes db search. */
+     RPMQV_WHATCONFLICTS,	/*!< ... from conflicts db search. */
++    RPMQV_PATH_ALL,	/*!< ... from file path db search (all states). */
+ };
+ 
+ typedef rpmFlags rpmQVSources;
+diff --git a/tests/rpmquery.at b/tests/rpmquery.at
+index 36c62339a..ad580f664 100644
+--- a/tests/rpmquery.at
++++ b/tests/rpmquery.at
+@@ -194,6 +194,58 @@ runroot rpm \
+ 
+ AT_CLEANUP
+ 
++# ------------------------------
++# query a package by a file
++AT_SETUP([rpm -qf])
++AT_KEYWORDS([query])
++AT_CHECK([
++RPMDB_INIT
++runroot rpm \
++  --nodeps \
++  -i /data/RPMS/hello-1.0-1.i386.rpm
++runroot rpm \
++  -qf /usr/local/bin/hello
++],
++[0],
++[hello-1.0-1.i386
++],
++[])
++AT_CLEANUP
++
++AT_SETUP([rpm -qf on non-installed file])
++AT_KEYWORDS([query])
++AT_CHECK([
++RPMDB_INIT
++runroot rpm \
++  --nodeps \
++  --excludedocs \
++  -i /data/RPMS/hello-1.0-1.i386.rpm
++runroot rpm \
++  -qf /usr/share/doc/hello-1.0/FAQ
++],
++[1],
++[],
++[error: file /usr/share/doc/hello-1.0/FAQ: No such file or directory
++])
++AT_CLEANUP
++
++AT_SETUP([rpm -q --path on non-installed file])
++AT_KEYWORDS([query])
++AT_CHECK([
++RPMDB_INIT
++runroot rpm \
++  --nodeps \
++  --excludedocs \
++  -i /data/RPMS/hello-1.0-1.i386.rpm
++runroot rpm \
++  -q --path /usr/share/doc/hello-1.0/FAQ
++],
++[0],
++[hello-1.0-1.i386
++],
++[])
++AT_CLEANUP
++
+ # ------------------------------
+ AT_SETUP([integer array query])
+ AT_KEYWORDS([query])
+-- 
+2.35.1
+

SOURCES/rpm-4.14.3-fix-spurious-transfiletriggerpostun-execution.patch

@@ -0,0 +1,184 @@
+From f17aa638649fb8de730fecdbc906dc869b626ba5 Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Tue, 16 Nov 2021 11:49:18 +0200
+Subject: [PATCH 1/2] Fix spurious %transfiletriggerpostun execution
+ (RhBug:2023311)
+
+If a package has multiple %transfiletriggerpostun triggers, any one
+of them matching would cause all of them to run, due to disconnect
+in the intel gathering stage: we'd gather all the headers with matching
+files into a lump, and then add any postun triggers found in them,
+but this loses the triggering file information and causes all postuns
+to run.
+
+The triggers need to be added while looping over the file matches,
+like runFileTriggers() does. Doing so actually simplifies the code.
+These should really be unified to use the same code, but leaving
+that exercise to another rainy day.
+---
+ lib/rpmtriggers.c | 64 +++++++++++++++++++++++------------------------
+ 1 file changed, 31 insertions(+), 33 deletions(-)
+
+diff --git a/lib/rpmtriggers.c b/lib/rpmtriggers.c
+index 0827af0c2..dc457f7cc 100644
+--- a/lib/rpmtriggers.c
++++ b/lib/rpmtriggers.c
+@@ -97,19 +97,37 @@ static void rpmtriggersSortAndUniq(rpmtriggers trigs)
+     }
+ }
+ 
++static void addTriggers(rpmts ts, Header trigH, rpmsenseFlags filter)
++{
++    int tix = 0;
++    rpmds ds;
++    rpmds triggers = rpmdsNew(trigH, RPMTAG_TRANSFILETRIGGERNAME, 0);
++
++    while ((ds = rpmdsFilterTi(triggers, tix))) {
++	if ((rpmdsNext(ds) >= 0) && (rpmdsFlags(ds) & filter)) {
++	    struct rpmtd_s priorities;
++
++	    if (headerGet(trigH, RPMTAG_TRANSFILETRIGGERPRIORITIES,
++			&priorities, HEADERGET_MINMEM)) {
++		rpmtdSetIndex(&priorities, tix);
++		rpmtriggersAdd(ts->trigs2run, headerGetInstance(trigH),
++				tix, *rpmtdGetUint32(&priorities));
++	    }
++	}
++	rpmdsFree(ds);
++	tix++;
++    }
++    rpmdsFree(triggers);
++}
++
+ void rpmtriggersPrepPostUnTransFileTrigs(rpmts ts, rpmte te)
+ {
+-    rpmdbMatchIterator mi;
+     rpmdbIndexIterator ii;
+-    Header trigH;
+     const void *key;
+     size_t keylen;
+     rpmfiles files;
+-    rpmds rpmdsTriggers;
+-    rpmds rpmdsTrigger;
+ 
+     ii = rpmdbIndexIteratorInit(rpmtsGetRdb(ts), RPMDBI_TRANSFILETRIGGERNAME);
+-    mi = rpmdbNewIterator(rpmtsGetRdb(ts), RPMDBI_PACKAGES);
+     files = rpmteFiles(te);
+ 
+     /* Iterate over file triggers in rpmdb */
+@@ -121,39 +139,19 @@ void rpmtriggersPrepPostUnTransFileTrigs(rpmts ts, rpmte te)
+ 	rpmfi fi = rpmfilesFindPrefix(files, pfx);
+ 	while (rpmfiNext(fi) >= 0) {
+ 	    if (RPMFILE_IS_INSTALLED(rpmfiFState(fi))) {
+-		/* If yes then store it */
+-		rpmdbAppendIterator(mi, rpmdbIndexIteratorPkgOffsets(ii),
+-				rpmdbIndexIteratorNumPkgs(ii));
+-		break;
++		unsigned int npkg = rpmdbIndexIteratorNumPkgs(ii);
++		const unsigned int *offs = rpmdbIndexIteratorPkgOffsets(ii);
++		/* Save any matching postun triggers */
++		for (int i = 0; i < npkg; i++) {
++		    Header h = rpmdbGetHeaderAt(rpmtsGetRdb(ts), offs[i]);
++		    addTriggers(ts, h, RPMSENSE_TRIGGERPOSTUN);
++		    headerFree(h);
++		}
+ 	    }
+ 	}
+ 	rpmfiFree(fi);
+     }
+     rpmdbIndexIteratorFree(ii);
+-
+-    if (rpmdbGetIteratorCount(mi)) {
+-	/* Filter triggers and save only trans postun triggers into ts */
+-	while ((trigH = rpmdbNextIterator(mi)) != NULL) {
+-	    int tix = 0;
+-	    rpmdsTriggers = rpmdsNew(trigH, RPMTAG_TRANSFILETRIGGERNAME, 0);
+-	    while ((rpmdsTrigger = rpmdsFilterTi(rpmdsTriggers, tix))) {
+-		if ((rpmdsNext(rpmdsTrigger) >= 0) &&
+-		    (rpmdsFlags(rpmdsTrigger) & RPMSENSE_TRIGGERPOSTUN)) {
+-		    struct rpmtd_s priorities;
+-
+-		    headerGet(trigH, RPMTAG_TRANSFILETRIGGERPRIORITIES,
+-				&priorities, HEADERGET_MINMEM);
+-		    rpmtdSetIndex(&priorities, tix);
+-		    rpmtriggersAdd(ts->trigs2run, rpmdbGetIteratorOffset(mi),
+-				    tix, *rpmtdGetUint32(&priorities));
+-		}
+-		rpmdsFree(rpmdsTrigger);
+-		tix++;
+-	    }
+-	    rpmdsFree(rpmdsTriggers);
+-	}
+-    }
+-    rpmdbFreeIterator(mi);
+     rpmfilesFree(files);
+ }
+ 
+-- 
+2.35.1
+
+From e617e7c550d3523998707c55f96b37ede2c48c78 Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Wed, 2 Feb 2022 13:46:23 +0200
+Subject: [PATCH 2/2] Really fix spurious %transfiletriggerpostun execution
+ (RhBug:2023311)
+
+Commit b3d672a5523dfec033160e5cc866432a0e808649 got the base reasoning
+in the ballpark but the code all wrong, introducing a severe performance
+regression without actually fixing what it claimed to.
+
+The missing incredient is actually comparing the current prefix with the
+triggers in matched package (trying to describe this makes my head
+spin): a package may have multiple triggers on multiple prefixes and
+we need to make sure we only execute triggers of this type, from this
+prefix.
+
+This stuff really needs more and better testcases.
+
+Fixes: b3d672a5523dfec033160e5cc866432a0e808649
+---
+ lib/rpmtriggers.c | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/lib/rpmtriggers.c b/lib/rpmtriggers.c
+index dc457f7cc..c652981be 100644
+--- a/lib/rpmtriggers.c
++++ b/lib/rpmtriggers.c
+@@ -97,14 +97,16 @@ static void rpmtriggersSortAndUniq(rpmtriggers trigs)
+     }
+ }
+ 
+-static void addTriggers(rpmts ts, Header trigH, rpmsenseFlags filter)
++static void addTriggers(rpmts ts, Header trigH, rpmsenseFlags filter,
++			const char *prefix)
+ {
+     int tix = 0;
+     rpmds ds;
+     rpmds triggers = rpmdsNew(trigH, RPMTAG_TRANSFILETRIGGERNAME, 0);
+ 
+     while ((ds = rpmdsFilterTi(triggers, tix))) {
+-	if ((rpmdsNext(ds) >= 0) && (rpmdsFlags(ds) & filter)) {
++	if ((rpmdsNext(ds) >= 0) && (rpmdsFlags(ds) & filter) &&
++		strcmp(prefix, rpmdsN(ds)) == 0) {
+ 	    struct rpmtd_s priorities;
+ 
+ 	    if (headerGet(trigH, RPMTAG_TRANSFILETRIGGERPRIORITIES,
+@@ -141,12 +143,13 @@ void rpmtriggersPrepPostUnTransFileTrigs(rpmts ts, rpmte te)
+ 	    if (RPMFILE_IS_INSTALLED(rpmfiFState(fi))) {
+ 		unsigned int npkg = rpmdbIndexIteratorNumPkgs(ii);
+ 		const unsigned int *offs = rpmdbIndexIteratorPkgOffsets(ii);
+-		/* Save any matching postun triggers */
++		/* Save any postun triggers matching this prefix */
+ 		for (int i = 0; i < npkg; i++) {
+ 		    Header h = rpmdbGetHeaderAt(rpmtsGetRdb(ts), offs[i]);
+-		    addTriggers(ts, h, RPMSENSE_TRIGGERPOSTUN);
++		    addTriggers(ts, h, RPMSENSE_TRIGGERPOSTUN, pfx);
+ 		    headerFree(h);
+ 		}
++		break;
+ 	    }
+ 	}
+ 	rpmfiFree(fi);
+-- 
+2.35.1
+

SOURCES/rpm-4.14.3-macroize-find-debuginfo-script-location.patch

@@ -0,0 +1,38 @@
+From 77007d68782b66f2d00d7b200516731246876dca Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Thu, 27 May 2021 13:58:58 +0300
+Subject: [PATCH] Macroize find-debuginfo script location
+
+Makes it easier to handle varying paths, mainly in preparation for the
+next step.
+
+Backported for 4.14.3.
+---
+ macros.in | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/macros.in b/macros.in
+index a6069ee4d..be28a3b28 100644
+--- a/macros.in
++++ b/macros.in
+@@ -82,6 +82,8 @@
+ %__remsh		%{__rsh}
+ %__strip		@__STRIP@
+ 
++%__find_debuginfo	%{_rpmconfigdir}/find-debuginfo.sh
++
+ # XXX avoid failures if tools are not installed when rpm is built.
+ %__libtoolize		libtoolize
+ %__aclocal		aclocal
+@@ -177,7 +179,7 @@
+ #	the script.  See the script for details.
+ #
+ %__debug_install_post   \
+-    %{_rpmconfigdir}/find-debuginfo.sh \\\
++    %{__find_debuginfo} \\\
+     %{?_smp_mflags} \\\
+     %{?_missing_build_ids_terminate_build:--strict-build-id} \\\
+     %{?_no_recompute_build_ids:-n} \\\
+-- 
+2.33.1
+

SOURCES/rpm-4.14.3-skip-recorded-symlinks-in-setperms.patch

@@ -0,0 +1,40 @@
+From 2e61e5846f8301f85da9d30281538ea736d96fd0 Mon Sep 17 00:00:00 2001
+From: Michal Domonkos <mdomonko@redhat.com>
+Date: Tue, 7 Dec 2021 08:08:37 +0100
+Subject: [PATCH] Skip recorded symlinks in --setperms (RhBug:1900662)
+
+If a package contains a symlink in the buildroot which is declared as a
+ghost or config file but is a regular file or directory on the system
+where it's installed, a --setperms call will reset its permissions to
+those of a symlink (777 on Linux), which almost certainly is not the
+correct thing to do.
+
+To fix that, just skip files that were recorded as symlinks.
+
+This is a special case of a general issue in --setperms; since file
+permission semantics may change depending on the file type, to stay on
+the safe side, any (ghost or config) file whose type changes after
+installation should probably be skipped.  However, symlinks are the most
+prominent case here, so let's just focus on that now and avoid adding
+too much cleverness to a popt alias (this got us into trouble not too
+long ago, see commits 38c2f6e and 0d83637).  We may revisit this in the
+eventual C implementation.
+---
+ rpmpopt.in | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/rpmpopt.in b/rpmpopt.in
+index 67fcabfb1..e130a5d05 100644
+--- a/rpmpopt.in
++++ b/rpmpopt.in
+@@ -44,6 +44,7 @@ rpm	alias --scripts --qf '\
+ 	--POPTdesc=$"list install/erase scriptlets from package(s)"
+ 
+ rpm	alias --setperms -q --qf '[\[ -L %{FILENAMES:shescape} \] || \
++        \[ -n %{FILELINKTOS:shescape} \] || \
+         ( \[ $((%{FILEFLAGS} & 2#1001000)) != 0 \] && \[ ! -e %{FILENAMES:shescape} \] ) || \
+         chmod %7{FILEMODES:octal} %{FILENAMES:shescape}\n]' \
+ 		   --pipe "grep -v \(none\) | grep '^. -L ' | sed 's/chmod .../chmod /' | sh" \
+-- 
+2.35.1
+

SPECS/rpm.spec

@@ -32,7 +32,7 @@
 
 %global rpmver 4.14.3
 #global snapver rc2
-%global rel 19
+%global rel 23
 
 %global srcver %{version}%{?snapver:-%{snapver}}
 %global srcdir %{?snapver:testing}%{!?snapver:%{name}-%(echo %{version} | cut -d'.' -f1-2).x}
@@ -44,7 +44,7 @@
 Summary: The RPM package management system
 Name: rpm
 Version: %{rpmver}
-Release: %{?snapver:0.%{snapver}.}%{rel}%{?dist}.2
+Release: %{?snapver:0.%{snapver}.}%{rel}%{?dist}
 Group: System Environment/Base
 Url: http://www.rpm.org/
 Source0: http://ftp.rpm.org/releases/%{srcdir}/%{name}-%{srcver}.tar.bz2
@@ -109,7 +109,11 @@ Patch154: rpm-4.14.3-more-careful-sig-hdr-copy.patch
 Patch156: rpm-4.14.3-hdrblobInit-add-bounds-check.patch
 Patch157: rpm-4.14.3-add-read-only-support-for-sqlite.patch
 Patch158: rpm-4.14.3-imp-covscan-fixes.patch
-Patch159: rpm-4.14.3-validate-and-require-subkey-binding-sigs.patch
+Patch159: rpm-4.14.3-add-path-query-option.patch
+Patch160: rpm-4.14.3-macroize-find-debuginfo-script-location.patch
+Patch161: rpm-4.14.3-validate-and-require-subkey-binding-sigs.patch
+Patch162: rpm-4.14.3-fix-spurious-transfiletriggerpostun-execution.patch
+Patch163: rpm-4.14.3-skip-recorded-symlinks-in-setperms.patch
 
 # Python 3 string API sanity
 Patch500: 0001-In-Python-3-return-all-our-string-data-as-surrogate-.patch
@@ -690,11 +694,20 @@ make check || cat tests/rpmtests.log
 %doc doc/librpm/html/*
 
 %changelog
-* Mon Jan 10 2022 Michal Domonkos <mdomonko@redhat.com> - 4.14.3-19.2
-- Address covscan issues in binding sigs validation patch (#2022537)
+* Tue Apr 05 2022 Michal Domonkos <mdomonko@redhat.com> - 4.14.3-23
+- Fix minor ABI regression in rpmcli.h (#1940895)
 
-* Thu Jan 06 2022 Michal Domonkos <mdomonko@redhat.com> - 4.14.3-19.1
-- Validate and require subkey binding sigs on PGP pubkeys (#2022537)
+* Tue Feb 15 2022 Michal Domonkos <mdomonko@redhat.com> - 4.14.3-22
+- Fix spurious %transfiletriggerpostun execution (#2023693)
+- Skip recorded symlinks in --setperms (#1900662)
+
+* Mon Jan 10 2022 Michal Domonkos <mdomonko@redhat.com> - 4.14.3-21
+- Address covscan issues in binding sigs validation patch (#1958480)
+
+* Thu Dec 09 2021 Michal Domonkos <mdomonko@redhat.com> - 4.14.3-20
+- Add --path query option (#1940895)
+- Macroize find-debuginfo script location (#2019540)
+- Validate and require subkey binding sigs on PGP pubkeys (#1958480)
 - Fixes CVE-2021-3521
 
 * Wed Oct 06 2021 Michal Domonkos <mdomonko@redhat.com> - 4.14.3-19