diff --git a/SOURCES/netcf-Fix-memory-leak-in-aug_match_mac.patch b/SOURCES/netcf-Fix-memory-leak-in-aug_match_mac.patch
new file mode 100644
index 0000000..c015518
--- /dev/null
+++ b/SOURCES/netcf-Fix-memory-leak-in-aug_match_mac.patch
@@ -0,0 +1,32 @@
+From 26866552d648bded38e9c97112f97c5ab114887c Mon Sep 17 00:00:00 2001
+From: Laine Stump <laine@laine.org>
+Date: Mon, 17 Sep 2018 10:00:50 -0400
+Subject: [PATCH 1/7] Fix memory leak in aug_match_mac()
+
+mac_lower has memory allocated to it, but it was only freed in case of
+an error.
+
+Signed-off-by: Laine Stump <laine@laine.org>
+(cherry picked from commit 478da0f8f31252be2e9e96430a8e56d9b28642ed)
+
+Resolves: https://bugzilla.redhat.com/1602628
+Signed-off-by: Laine Stump <laine@laine.org>
+---
+ src/dutil_linux.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/dutil_linux.c b/src/dutil_linux.c
+index 022eed0..3a75f16 100644
+--- a/src/dutil_linux.c
++++ b/src/dutil_linux.c
+@@ -424,6 +424,7 @@ int aug_match_mac(struct netcf *ncf, const char *mac, char ***matches) {
+         (*matches)[i] = n;
+     }
+ 
++    FREE(mac_lower);
+     return nmatches;
+ 
+  error:
+-- 
+2.18.1
+
diff --git a/SOURCES/netcf-Make-the-empty-body-of-for-loops-more-obvious.patch b/SOURCES/netcf-Make-the-empty-body-of-for-loops-more-obvious.patch
new file mode 100644
index 0000000..f0b1c7a
--- /dev/null
+++ b/SOURCES/netcf-Make-the-empty-body-of-for-loops-more-obvious.patch
@@ -0,0 +1,43 @@
+From 531f40824a76754962285f1996894e9e6db2f410 Mon Sep 17 00:00:00 2001
+From: Laine Stump <laine@laine.org>
+Date: Mon, 17 Sep 2018 10:05:15 -0400
+Subject: [PATCH 3/7] Make the empty body of for loops more obvious
+
+parseline() was skipping over non-option commandline args with 3 for
+loops that had empty bodies signified by semicolons at the end of the
+for() line (twice) or with a body comprised completely of a nested
+for() that had an empty body. Coverity didn't like this. Put braces
+around all three loop bodies to make the intent more clear.
+
+Signed-off-by: Laine Stump <laine@laine.org>
+(cherry picked from commit ef9971b64d8224d1626177978227c7009812f275)
+
+Resolves: https://bugzilla.redhat.com/1602628
+Signed-off-by: Laine Stump <laine@laine.org>
+---
+ src/ncftool.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/src/ncftool.c b/src/ncftool.c
+index 7a1db5b..7baf06a 100644
+--- a/src/ncftool.c
++++ b/src/ncftool.c
+@@ -653,9 +653,12 @@ static int parseline(struct command *cmd, char *line) {
+             }
+             for (def = cmd->def->opts;
+                  def->name != NULL && !opt_def_is_arg(def);
+-                 def++);
+-            for (int i=0; i < curarg; i++)
+-                for (; def->name != NULL && !opt_def_is_arg(def); def++);
++                 def++) {
++            }
++            for (int i=0; i < curarg; i++) {
++                for (; def->name != NULL && !opt_def_is_arg(def); def++) {
++                }
++            }
+             struct command_opt *opt =
+                 make_command_opt(cmd, def);
+             opt->string = tok;
+-- 
+2.18.1
+
diff --git a/SOURCES/netcf-remove-unused-variable-in-aug_match_mac.patch b/SOURCES/netcf-remove-unused-variable-in-aug_match_mac.patch
new file mode 100644
index 0000000..f11f0f4
--- /dev/null
+++ b/SOURCES/netcf-remove-unused-variable-in-aug_match_mac.patch
@@ -0,0 +1,41 @@
+From 5a8c5768779a220d29eaeb31ca433cd8913ed876 Mon Sep 17 00:00:00 2001
+From: Laine Stump <laine@laine.org>
+Date: Mon, 17 Sep 2018 10:01:22 -0400
+Subject: [PATCH 2/7] remove unused variable in aug_match_mac()
+
+Apparently this wasn't caught by the compiler because it was
+initialized, and that counted as a "use".
+
+Signed-off-by: Laine Stump <laine@laine.org>
+(cherry picked from commit e81812e770d4e837015d92cd7d570c3df81bda9f)
+
+Resolves: https://bugzilla.redhat.com/1602628
+Signed-off-by: Laine Stump <laine@laine.org>
+---
+ src/dutil_linux.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/src/dutil_linux.c b/src/dutil_linux.c
+index 3a75f16..ab1dd6c 100644
+--- a/src/dutil_linux.c
++++ b/src/dutil_linux.c
+@@ -400,7 +400,7 @@ void free_matches(int nint, char ***intf) {
+ /* Returns a list of all interfaces with MAC address MAC */
+ int aug_match_mac(struct netcf *ncf, const char *mac, char ***matches) {
+     int nmatches;
+-    char *path = NULL, *mac_lower = NULL;
++    char *mac_lower = NULL;
+ 
+     mac_lower = strdup(mac);
+     ERR_NOMEM(mac_lower == NULL, ncf);
+@@ -429,7 +429,6 @@ int aug_match_mac(struct netcf *ncf, const char *mac, char ***matches) {
+ 
+  error:
+     FREE(mac_lower);
+-    FREE(path);
+     return -1;
+ }
+ 
+-- 
+2.18.1
+
diff --git a/SOURCES/netcf-slience-a-false-Coverity-report.patch b/SOURCES/netcf-slience-a-false-Coverity-report.patch
new file mode 100644
index 0000000..1cee1a3
--- /dev/null
+++ b/SOURCES/netcf-slience-a-false-Coverity-report.patch
@@ -0,0 +1,39 @@
+From 2305151c1ebae09566302fd8097ef6757a02fbcf Mon Sep 17 00:00:00 2001
+From: Laine Stump <laine@laine.org>
+Date: Tue, 18 Sep 2018 12:36:45 -0400
+Subject: [PATCH 4/7] slience a false Coverity report
+
+Coverity complains that
+
+   unref(nif, netcf_if);
+
+sets nif to NULL without free'ing the memory it points to. But unref()
+is a macro (defined in src/ref.h) that uses a refcount in the object
+to automatically free it when there are no more pointers to it.
+
+Since the code is correct, we add a comment that silences the Coverity warning
+
+Signed-off-by: Laine Stump <laine@laine.org>
+(cherry picked from commit 3c4ea18fe7e1279e5c7d033978eb45d86d759de3)
+
+Resolves: https://bugzilla.redhat.com/1602628
+Signed-off-by: Laine Stump <laine@laine.org>
+---
+ src/drv_redhat.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/drv_redhat.c b/src/drv_redhat.c
+index 092ef5c..c073af8 100644
+--- a/src/drv_redhat.c
++++ b/src/drv_redhat.c
+@@ -504,6 +504,7 @@ struct netcf_if *drv_lookup_by_name(struct netcf *ncf, const char *name) {
+     goto done;
+ 
+  error:
++    /* coverity[overwrite_var] */
+     unref(nif, netcf_if);
+     FREE(name_dup);
+  done:
+-- 
+2.18.1
+
diff --git a/SPECS/netcf.spec b/SPECS/netcf.spec
index 935d364..febc2e9 100644
--- a/SPECS/netcf.spec
+++ b/SPECS/netcf.spec
@@ -1,6 +1,6 @@
 Name:           netcf
 Version:        0.2.8
-Release:        11%{?dist}%{?extra_release}
+Release:        12%{?dist}%{?extra_release}
 Summary:        Cross-platform network configuration library
 
 Group:          System Environment/Libraries
@@ -22,6 +22,10 @@ Patch001: netcf-call-aug_load-at-most-once-per-second.patch
 Patch002: netcf-optimize-aug_match-query-for-all-ifcfg-files-related.patch
 Patch003: netcf-linux-include-bond-element-for-bonds-with-no-slaves.patch 
 Patch004: netcf-Properly-classify-bond-devices-with-no-slaves.patch 
+Patch005: netcf-Fix-memory-leak-in-aug_match_mac.patch
+Patch006: netcf-remove-unused-variable-in-aug_match_mac.patch
+Patch007: netcf-Make-the-empty-body-of-for-loops-more-obvious.patch
+Patch008: netcf-slience-a-false-Coverity-report.patch
 
 # Default to skipping autoreconf.  Distros can change just this one
 # line (or provide a command-line override) if they backport any
@@ -211,10 +215,13 @@ fi
 %{_libdir}/pkgconfig/netcf.pc
 
 %changelog
-* Sun Jun 30 2019 Danilo de Paula <ddepaula@redhat.com> - 0.2.8-11
+* Fri Aug 09 2019 Laine Stump <laine@redhat.com> - 0.2.8-12
+- Resolves: rhbz#1602628
+
+* Fri Jun 28 2019 Danilo de Paula <ddepaula@redhat.com> - 0.2.8-11
 - Rebuild all virt packages to fix RHEL's upgrade path
-- Resolves: rhbz#1696354
-  (Ensure modular RPM upgrade path [ZStream Clone] [rhel-8.0.0.z])
+- Resolves: rhbz#1695587
+  (Ensure modular RPM upgrade path)
 
 * Mon Jul 30 2018 Eric Garver <egarver@redhat.com> - 0.2.8-10
 - Remove artificial dependency on bridge-utils. rhbz #1605333