diff --git a/SOURCES/openscap-1.2.18-gzip-compression-PR1576.patch b/SOURCES/openscap-1.2.18-gzip-compression-PR1576.patch
new file mode 100644
index 0000000..9456fc4
--- /dev/null
+++ b/SOURCES/openscap-1.2.18-gzip-compression-PR1576.patch
@@ -0,0 +1,263 @@
+diff --git a/configure.ac b/configure.ac
+index 91fba1390..bbc525454 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -311,6 +311,21 @@ AC_SUBST([PTHREAD_LIBS])
+ PKG_CHECK_MODULES([curl], [libcurl >= 7.12.0],[],
+                           AC_MSG_FAILURE([libcurl devel support is missing]))
+ 
++AC_MSG_CHECKING([whether libcurl supports CURLOPT_ACCEPT_ENCODING and CURLOPT_TRANSFER_ENCODING])
++AC_COMPILE_IFELSE(
++	[AC_LANG_PROGRAM(
++		[[#include <curl/curl.h>
++		#include <curl/easy.h>]],
++		[[CURL *curl; curl_easy_setopt(curl, CURLOPT_ACCEPT_ENCODING, ""); curl_easy_setopt(curl, CURLOPT_TRANSFER_ENCODING, 0);]])],
++	[AC_DEFINE([HAVE_CURL_WITH_COMPRESSION], 1, [libcurl is new enough to have support for data compression])
++	AC_MSG_RESULT([yes])]
++	curl_accepts_encoding=yes,
++	[AC_MSG_RESULT([no])
++	AC_MSG_NOTICE([libcurl doesnt support any compression with CURLOPT_ACCEPT_ENCODING])
++	curl_accepts_encoding=no]
++)
++AM_CONDITIONAL([CURLOPT_ACCEPT_ENCODING], [test "$curl_accepts_encoding" = yes])
++
+ PKG_CHECK_MODULES([xml2], [libxml-2.0 >= 2.0],[],
+ 			  AC_MSG_FAILURE([libxml-2.0 devel support is missing]))
+ 
+@@ -1576,6 +1591,7 @@ AC_CONFIG_FILES([Makefile
+ 		tests/nist/Makefile
+ 		tests/offline_mode/Makefile
+ 
++		tests/curl/Makefile
+                  src/SCE/Makefile
+                  tests/sce/Makefile])
+ 
+diff --git a/src/common/oscap_acquire.c b/src/common/oscap_acquire.c
+index 70dbbea7c..997e69117 100644
+--- a/src/common/oscap_acquire.c
++++ b/src/common/oscap_acquire.c
+@@ -39,6 +39,7 @@
+ #include "common/oscap_buffer.h"
+ #include "common/_error.h"
+ #include "oscap_string.h"
++#include "debug_priv.h"
+ 
+ #ifndef OSCAP_TEMP_DIR
+ #define OSCAP_TEMP_DIR "/tmp"
+@@ -142,6 +143,34 @@ oscap_acquire_url_to_filename(const char *url)
+ 	return filename;
+ }
+ 
++static int _curl_trace(CURL *handle, curl_infotype type, char *data, size_t size, void *userp)
++{
++	const char *title;
++
++	switch (type) {
++	case CURLINFO_TEXT:
++		title = "== cURL info";
++		break;
++	case CURLINFO_HEADER_OUT:
++		title = "=> cURL header (out)";
++		break;
++	case CURLINFO_HEADER_IN:
++		title = "<= cURL header (in)";
++		break;
++	case CURLINFO_DATA_OUT:
++	case CURLINFO_SSL_DATA_OUT:
++	case CURLINFO_DATA_IN:
++	case CURLINFO_SSL_DATA_IN:
++	default:
++		return 0;
++		break;
++	}
++
++	dD("%s: %s", title, data);
++
++	return 0;
++}
++
+ char* oscap_acquire_url_download(const char *url, size_t* memory_size)
+ {
+ 	CURL *curl;
+@@ -156,7 +185,13 @@ char* oscap_acquire_url_download(const char *url, size_t* memory_size)
+ 	curl_easy_setopt(curl, CURLOPT_URL, url);
+ 	curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_to_memory_callback);
+ 	curl_easy_setopt(curl, CURLOPT_WRITEDATA, buffer);
++#ifdef HAVE_CURL_WITH_COMPRESSION
++	curl_easy_setopt(curl, CURLOPT_ACCEPT_ENCODING, "");
++	curl_easy_setopt(curl, CURLOPT_TRANSFER_ENCODING, true);
++#endif
+ 	curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, true);
++	curl_easy_setopt(curl, CURLOPT_VERBOSE, true);
++	curl_easy_setopt(curl, CURLOPT_DEBUGFUNCTION, _curl_trace);
+ 
+ 	CURLcode res = curl_easy_perform(curl);
+ 	curl_easy_cleanup(curl);
+diff --git a/tests/Makefile.am b/tests/Makefile.am
+index f15c45702..1d10cc7d7 100644
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -22,6 +22,7 @@ SUBDIRS = \
+ 	bz2 \
+ 	codestyle \
+ 	CPE \
++	curl \
+ 	DS \
+ 	sources \
+ 	schemas \
+diff --git a/tests/curl/Makefile.am b/tests/curl/Makefile.am
+new file mode 100644
+index 000000000..118c53ea1
+--- /dev/null
++++ b/tests/curl/Makefile.am
+@@ -0,0 +1,16 @@
++DISTCLEANFILES = *.log *.results oscap_debug.log.*
++CLEANFILES = *.log *.results oscap_debug.log.*
++
++TESTS_ENVIRONMENT = \
++		builddir=$(top_builddir) \
++		OSCAP_FULL_VALIDATION=1 \
++		$(top_builddir)/run
++
++TESTS =
++
++if CURLOPT_ACCEPT_ENCODING
++TESTS += test_curl_encoding.sh
++endif
++
++EXTRA_DIST =	test_curl_encoding.sh \
++		ds.xml
+diff --git a/tests/curl/ds.xml b/tests/curl/ds.xml
+new file mode 100644
+index 000000000..f33cb475d
+--- /dev/null
++++ b/tests/curl/ds.xml
+@@ -0,0 +1,99 @@
++<?xml version="1.0" encoding="utf-8"?>
++<ds:data-stream-collection xmlns:ds="http://scap.nist.gov/schema/scap/source/1.2" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:cat="urn:oasis:names:tc:entity:xmlns:xml:catalog" id="scap_org.open-scap_collection_from_xccdf_test_single_rule.xccdf.xml" schematron-version="1.3">
++<ds:data-stream id="scap_org.open-scap_datastream_from_xccdf_test_single_rule.xccdf.xml" scap-version="1.3" use-case="OTHER">
++  <ds:checklists>
++    <ds:component-ref id="scap_org.open-scap_cref_test_single_rule.xccdf.xml" xlink:href="#scap_org.open-scap_comp_test_single_rule.xccdf.xml">
++      <cat:catalog>
++        <cat:uri name="test_single_rule.oval.xml" uri="#scap_org.open-scap_cref_test_single_rule.oval.xml"/>
++        <cat:uri name="security-data-oval.xml.bz2" uri="#scap_org.open-scap_cref_security-data-oval.xml.bz2"/>
++      </cat:catalog>
++    </ds:component-ref>
++  </ds:checklists>
++  <ds:checks>
++    <ds:component-ref id="scap_org.open-scap_cref_test_single_rule.oval.xml" xlink:href="#scap_org.open-scap_comp_test_single_rule.oval.xml"/>
++<!--
++    <ds:component-ref id="scap_org.open-scap_cref_security-data-oval.xml.bz2" xlink:href="https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL7.xml"/>
++-->
++    <ds:component-ref id="scap_org.open-scap_cref_security-data-oval.xml.bz2" xlink:href="https://github.com/"/>
++  </ds:checks>
++</ds:data-stream>
++
++<ds:component id="scap_org.open-scap_comp_test_single_rule.oval.xml" timestamp="2017-06-09T07:07:38">
++<oval_definitions xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:ind-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:win-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd    http://oval.mitre.org/XMLSchema/oval-definitions-5#independent independent-definitions-schema.xsd   http://oval.mitre.org/XMLSchema/oval-definitions-5#windows windows-definitions-schema.xsd">
++  <generator>
++    <oval:schema_version>5.11</oval:schema_version>
++    <oval:timestamp>2009-01-12T10:41:00-05:00</oval:timestamp>
++  </generator>
++
++  <definitions>
++    <definition class="compliance" id="oval:test-pass:def:1" version="1">
++      <metadata>
++        <title>PASS</title>
++        <description>pass</description>
++      </metadata>
++      <criteria>
++        <criterion comment="PASS test" test_ref="oval:x:tst:1"/>
++      </criteria>
++    </definition>
++  </definitions>
++
++    <tests>
++    <variable_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:x:tst:1" check="all" comment="always pass" version="1">
++      <object object_ref="oval:x:obj:1"/>
++    </variable_test>
++    </tests>
++
++    <objects>
++    <variable_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:x:obj:1" version="1" comment="x">
++      <var_ref>oval:x:var:1</var_ref>
++    </variable_object>
++    </objects>
++
++    <variables>
++      <constant_variable id="oval:x:var:1" version="1" comment="x" datatype="int">
++        <value>100</value>
++      </constant_variable>
++    </variables>
++
++</oval_definitions>
++</ds:component>
++
++<ds:component id="scap_org.open-scap_comp_test_single_rule.xccdf.xml" timestamp="2017-06-09T09:15:45">
++<Benchmark xmlns="http://checklists.nist.gov/xccdf/1.2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="xccdf_com.example.www_benchmark_dummy" xml:lang="en-US">
++  <status>accepted</status>
++  <version>1.0</version>
++
++  <Profile id="xccdf_com.example.www_profile_test_remote_res">
++    <title>xccdf_test_profile</title>
++    <description>This profile is for testing.</description>
++    <select idref="xccdf_com.example.www_rule_test-pass" selected="true"/>
++    <select idref="xccdf_com.example.www_rule_test-remote_res" selected="true"/>
++  </Profile>
++
++  <Value id="xccdf_com.example.www_value_val1" type="number" operator="equals" interactive="0">
++    <title>test value</title>
++    <description>foo</description>
++    <value selector="bar_1">50</value>
++    <value selector="bar_2">100</value>
++  </Value>
++  <Rule selected="true" id="xccdf_com.example.www_rule_test-pass">
++    <title>This rule always pass</title>
++    <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
++      <check-content-ref href="test_single_rule.oval.xml" name="oval:test-pass:def:1"/>
++    </check>
++  </Rule>
++  <Rule selected="true" id="xccdf_com.example.www_rule_test-remote_res">
++    <title>This rule checks remote resource</title>
++    <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" multi-check="true">
++      <check-content-ref href="security-data-oval.xml.bz2"/>
++    </check>
++  </Rule>
++  <Rule selected="true" id="xccdf_com.example.www_rule_test-pass2">
++    <title>This rule always pass</title>
++    <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
++      <check-content-ref href="test_single_rule.oval.xml" name="oval:test-pass:def:1"/>
++    </check>
++  </Rule>
++</Benchmark>
++</ds:component>
++</ds:data-stream-collection>
+diff --git a/tests/curl/test_curl_encoding.sh b/tests/curl/test_curl_encoding.sh
+new file mode 100755
+index 000000000..674abf691
+--- /dev/null
++++ b/tests/curl/test_curl_encoding.sh
+@@ -0,0 +1,23 @@
++#!/bin/bash
++
++set -e -o pipefail
++
++. $builddir/tests/test_common.sh
++
++function curl_accept_encoding {
++	local DF="${srcdir}/ds.xml"
++	local RF="results.xml"
++	local LOG="verbose.log"
++
++	$OSCAP xccdf eval --verbose=DEVEL --fetch-remote-resources --results $RF $DF 2>$LOG || echo "OK"
++
++	grep -P "Accept-Encoding.*gzip" $LOG
++
++	return 0
++}
++
++test_init
++
++test_run "cURL: Accept-Encoding" curl_accept_encoding
++
++test_exit
diff --git a/SOURCES/openscap-1.3.4-rpmverifyfile_leak-PR_1565.patch b/SOURCES/openscap-1.3.4-rpmverifyfile_leak-PR_1565.patch
new file mode 100644
index 0000000..4528a9e
--- /dev/null
+++ b/SOURCES/openscap-1.3.4-rpmverifyfile_leak-PR_1565.patch
@@ -0,0 +1,103 @@
+From a0d5ed656f09ab5da547058366cd5f45584ba7b6 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
+Date: Fri, 31 Jul 2020 10:38:17 +0200
+Subject: [PATCH] Plug a memory leak
+
+==12029==    at 0x483A809: malloc (vg_replace_malloc.c:307)
+==12029==    by 0x51F1386: realpath@@GLIBC_2.3 (in /usr/lib64/libc-2.31.so)
+==12029==    by 0x489F8CA: oscap_realpath (util.c:251)
+==12029==    by 0x495E6EF: rpmverify_collect (rpmverifyfile_probe.c:248)
+==12029==    by 0x495F461: rpmverifyfile_probe_main (rpmverifyfile_probe.c:543)
+==12029==    by 0x4935598: probe_worker (worker.c:1090)
+==12029==    by 0x4932F10: probe_worker_runfn (worker.c:81)
+==12029==    by 0x4CDA431: start_thread (in /usr/lib64/libpthread-2.31.so)
+==12029==    by 0x52A8912: clone (in /usr/lib64/libc-2.31.so)
+
+==12029==    at 0x483CCE8: realloc (vg_replace_malloc.c:834)
+==12029==    by 0x4D9DCD8: rrealloc (in /usr/lib64/librpmio.so.9.0.1)
+==12029==    by 0x4D25B88: headerFormat (in /usr/lib64/librpm.so.9.0.1)
+==12029==    by 0x495E467: rpmverify_collect (rpmverifyfile_probe.c:230)
+==12029==    by 0x495F461: rpmverifyfile_probe_main
+(rpmverifyfile_probe.c:543)
+==12029==    by 0x4935598: probe_worker (worker.c:1090)
+==12029==    by 0x4932F10: probe_worker_runfn (worker.c:81)
+==12029==    by 0x4CDA431: start_thread (in
+/usr/lib64/libpthread-2.31.so)
+==12029==    by 0x52A8912: clone (in /usr/lib64/libc-2.31.so)
+
+Resolves: RHBZ#1861301
+---
+ src/OVAL/probes/unix/linux/rpmverifyfile.c | 24 ++++++++++++++++------
+ 1 file changed, 18 insertions(+), 6 deletions(-)
+
+diff --git a/src/OVAL/probes/unix/linux/rpmverifyfile.c b/src/OVAL/probes/unix/linux/rpmverifyfile.c
+index e17f1612b..781d071ab 100644
+--- a/src/OVAL/probes/unix/linux/rpmverifyfile.c
++++ b/src/OVAL/probes/unix/linux/rpmverifyfile.c
+@@ -61,10 +61,10 @@
+ 
+ struct rpmverify_res {
+ 	char *name;  /**< package name */
+-	const char *epoch;
+-	const char *version;
+-	const char *release;
+-	const char *arch;
++	char *epoch;
++	char *version;
++	char *release;
++	char *arch;
+ 	char *file;  /**< filepath */
+ 	char extended_name[1024];
+ 	rpmVerifyAttrs vflags; /**< rpm verify flags */
+@@ -273,14 +273,14 @@ static int rpmverify_collect(probe_ctx *ctx,
+ 						free(current_file_realpath);
+ 						continue;
+ 					}
+-					res.file = current_file_realpath ? current_file_realpath : strdup(current_file);
++					res.file = current_file_realpath ? oscap_strdup(current_file_realpath) : oscap_strdup(current_file);
+ 		      break;
+ 		    case OVAL_OPERATION_PATTERN_MATCH:
+ 					ret = pcre_exec(re, NULL, current_file, strlen(current_file), 0, 0, NULL, 0);
+ 
+ 		      switch(ret) {
+ 		      case 0: /* match */
+-						res.file = strdup(current_file);
++						res.file = oscap_strdup(current_file);
+ 			break;
+ 		      case -1:
+ 			/* mismatch */
+@@ -300,12 +300,18 @@ static int rpmverify_collect(probe_ctx *ctx,
+ 						free(current_file_realpath);
+ 		      goto ret;
+ 		    }
++		    free(current_file_realpath);
+ 
+ 		    if (rpmVerifyFile(g_rpm.rpmts, fi, &res.vflags, omit) != 0)
+ 		      res.vflags = RPMVERIFY_FAILURES;
+ 
+ 		    if (callback(ctx, &res) != 0) {
+ 			    ret = 0;
++					free(res.name);
++					free(res.epoch);
++					free(res.version);
++					free(res.release);
++					free(res.arch);
+ 					free(res.file);
+ 			    goto ret;
+ 		    }
+@@ -314,6 +320,12 @@ static int rpmverify_collect(probe_ctx *ctx,
+ 
+ 		  rpmfiFree(fi);
+ 		}
++
++		free(res.name);
++		free(res.epoch);
++		free(res.version);
++		free(res.release);
++		free(res.arch);
+ 	}
+ 
+ 	match = rpmdbFreeIterator (match);
+-- 
+2.26.2
+
diff --git a/SPECS/openscap.spec b/SPECS/openscap.spec
index 4cade78..672d82f 100644
--- a/SPECS/openscap.spec
+++ b/SPECS/openscap.spec
@@ -6,7 +6,7 @@ restorecon -R /usr/bin/oscap /usr/libexec/openscap; \
 
 Name:           openscap
 Version:        1.2.17
-Release:        11%{?dist}
+Release:        13%{?dist}
 Summary:        Set of open source libraries enabling integration of the SCAP line of standards
 Group:          System Environment/Libraries
 License:        LGPLv2+
@@ -37,6 +37,8 @@ Patch22:        openscap-1.2.18-oscap-ssh-sudo.patch
 Patch23:        openscap-1.2.18-selinuxsecuritycontext-verbose.patch
 Patch24:        openscap-1.2.18-cvrf-segfault.patch
 Patch25:        openscap-1.3.2-red-hat-errata-url-pr1388.patch
+Patch26:        openscap-1.3.4-rpmverifyfile_leak-PR_1565.patch
+Patch27:        openscap-1.2.18-gzip-compression-PR1576.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:  swig libxml2-devel libxslt-devel perl-XML-Parser
 BuildRequires:  rpm-devel
@@ -177,6 +179,8 @@ Tool for scanning Atomic containers.
 %patch23 -p1
 %patch24 -p1
 %patch25 -p1
+%patch26 -p1
+%patch27 -p1
 
 %build
 %ifarch sparc64
@@ -332,6 +336,12 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
+* Mon Sep 21 2020 Jan Černý <jcerny@redhat.com> - 1.2.17-13
+- Enable gzip compression when downloading remote content (RHBZ#1870147)
+
+* Fri Aug 07 2020 Jan Černý <jcerny@redhat.com> - 1.2.17-12
+- Fix memory leaks in rpmverifyfile probe (RHBZ#1861300)
+
 * Tue Apr 28 2020 Jan Černý <jcerny@redhat.com> - 1.2.17-11
 - Fix URL for Red Hat Errata (RHBZ#1828779)