diff --git a/SOURCES/nfs-utils-1.3.0-gssd-memleak.patch b/SOURCES/nfs-utils-1.3.0-gssd-memleak.patch
new file mode 100644
index 0000000..03a3ac5
--- /dev/null
+++ b/SOURCES/nfs-utils-1.3.0-gssd-memleak.patch
@@ -0,0 +1,87 @@
+diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
+index c1e4d2b..3fb11e1 100644
+--- a/utils/gssd/krb5_util.c
++++ b/utils/gssd/krb5_util.c
+@@ -702,6 +702,8 @@ gssd_search_krb5_keytab(krb5_context context, krb5_keytab kt,
+ "we failed to unparse principal name: %s\n",
+ k5err);
+ k5_free_kt_entry(context, kte);
++ free(k5err);
++ k5err = NULL;
+ continue;
+ }
+ printerr(4, "Processing keytab entry for principal '%s'\n",
+@@ -775,7 +777,7 @@ find_keytab_entry(krb5_context context, krb5_keytab kt, const char *tgtname,
+ int tried_all = 0, tried_default = 0, tried_upper = 0;
+ krb5_principal princ;
+ const char *notsetstr = "not set";
+- char *adhostoverride;
++ char *adhostoverride = NULL;
+
+
+ /* Get full target hostname */
+@@ -801,7 +803,6 @@ find_keytab_entry(krb5_context context, krb5_keytab kt, const char *tgtname,
+ adhostoverride);
+ /* No overflow: Windows cannot handle strings longer than 19 chars */
+ strcpy(myhostad, adhostoverride);
+- free(adhostoverride);
+ } else {
+ strcpy(myhostad, myhostname);
+ for (i = 0; myhostad[i] != 0; ++i) {
+@@ -810,7 +811,9 @@ find_keytab_entry(krb5_context context, krb5_keytab kt, const char *tgtname,
+ myhostad[i] = '$';
+ myhostad[i+1] = 0;
+ }
+-
++ if (adhostoverride)
++ free(adhostoverride);
++
+ retval = get_full_hostname(myhostname, myhostname, sizeof(myhostname));
+ if (retval) {
+ /* Don't use myhostname */
+@@ -898,6 +901,8 @@ find_keytab_entry(krb5_context context, krb5_keytab kt, const char *tgtname,
+ k5err = gssd_k5_err_msg(context, code);
+ printerr(1, "%s while building principal for '%s'\n",
+ k5err, spn);
++ free(k5err);
++ k5err = NULL;
+ continue;
+ }
+ code = krb5_kt_get_entry(context, kt, princ, 0, 0, kte);
+@@ -906,6 +911,8 @@ find_keytab_entry(krb5_context context, krb5_keytab kt, const char *tgtname,
+ k5err = gssd_k5_err_msg(context, code);
+ printerr(3, "%s while getting keytab entry for '%s'\n",
+ k5err, spn);
++ free(k5err);
++ k5err = NULL;
+ /*
+ * We tried the active directory machine account
+ * with the hostname part as-is and failed...
+@@ -1167,7 +1174,8 @@ gssd_get_krb5_machine_cred_list(char ***list)
+ *list = l;
+ retval = 0;
+ goto out;
+- }
++ } else
++ free((void *)l);
+ out:
+ return retval;
+ }
+@@ -1215,6 +1223,8 @@ gssd_destroy_krb5_machine_creds(void)
+ printerr(0, "WARNING: %s while resolving credential "
+ "cache '%s' for destruction\n", k5err,
+ ple->ccname);
++ free(k5err);
++ k5err = NULL;
+ continue;
+ }
+
+@@ -1222,6 +1232,8 @@ gssd_destroy_krb5_machine_creds(void)
+ k5err = gssd_k5_err_msg(context, code);
+ printerr(0, "WARNING: %s while destroying credential "
+ "cache '%s'\n", k5err, ple->ccname);
++ free(k5err);
++ k5err = NULL;
+ }
+ }
+ krb5_free_context(context);
diff --git a/SPECS/nfs-utils.spec b/SPECS/nfs-utils.spec
index 5093291..d669e81 100644
--- a/SPECS/nfs-utils.spec
+++ b/SPECS/nfs-utils.spec
@@ -161,6 +161,10 @@ Patch121: nfs-utils-1.3.0-nfsconf-manage-gids.patch
Patch122: nfs-utils-1.3.0-smnotify-f-flag.patch
Patch123: nfs-utils-1.3.0-statd-no-notify.patch
Patch124: nfs-utils-1.3.0-mountd-memleak.patch
+#
+# RHEL7.8-z
+#
+Patch125: nfs-utils-1.3.0-gssd-memleak.patch
Patch1000: nfs-utils-1.2.1-statdpath-man.patch
Patch1001: nfs-utils-1.2.1-exp-subtree-warn-off.patch
@@ -466,6 +470,8 @@ This package also contains the mount.nfs and umount.nfs program.
%patch123 -p1
# 1711210 - rpc.mountd leaks memory
%patch124 -p1
+# 1828185 - rpc.gssd uses a lot of memory with krb5 mounts [rhel-7.8.z]
+%patch125 -p1
%patch1000 -p1
%patch1001 -p1
@@ -718,6 +724,9 @@ fi
/sbin/umount.nfs4
%changelog
+* Mon Jun 15 2020 Steve Dickson <steved@redhat.com> 1.3.0-0.66_8
+- rpc.gssd: removed a number memory leaks (bz 1828185)
+
* Mon Aug 5 2019 Steve Dickson <steved@redhat.com> 1.3.0-0.66
- nfs-utils_env.sh: Removed the hard coded number of nfsds (bz 1736801)