diff --git a/0100-coverity.patch b/0100-coverity.patch
new file mode 100644
index 0000000..d81d531
--- /dev/null
+++ b/0100-coverity.patch
@@ -0,0 +1,12 @@
+diff -up openssl-3.0.0/apps/s_client.c.coverity openssl-3.0.0/apps/s_client.c
+--- openssl-3.0.0/apps/s_client.c.coverity	2021-10-07 16:59:37.938432118 +0200
++++ openssl-3.0.0/apps/s_client.c	2021-10-07 17:00:52.994075755 +0200
+@@ -3040,6 +3040,8 @@ int s_client_main(int argc, char **argv)
+ #endif
+     OPENSSL_free(connectstr);
+     OPENSSL_free(bindstr);
++    OPENSSL_free(bindhost);
++    OPENSSL_free(bindport);
+     OPENSSL_free(host);
+     OPENSSL_free(port);
+     OPENSSL_free(thost);
diff --git a/openssl.spec b/openssl.spec
index 34bc1c9..cac882d 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -15,7 +15,7 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 3.0.0
-Release: 2%{?dist}
+Release: 3%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@@ -58,6 +58,8 @@ Patch24: 0024-load-legacy-prov.patch
 Patch30: 0030-tmp-Fix-rng-seed-double-free.patch
 # Tmp: test name change
 Patch31: 0031-tmp-Fix-test-names.patch
+# Tmp: coverity
+Patch100: 0100-coverity.patch
 
 License: ASL 2.0
 URL: http://www.openssl.org/
@@ -380,6 +382,10 @@ install -m644 %{SOURCE9} \
 %ldconfig_scriptlets libs
 
 %changelog
+* Thu Oct 07 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.0-3
+- Fix memory leak in s_client
+- Related: rhbz#1996092
+
 * Mon Sep 20 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.0-2
 - Avoid double-free on error seeding the RNG.
 - KTLS and FIPS may interfere, so tests need to be tuned