diff --git a/samba-bz14675-fix.patch b/samba-bz14675-fix.patch
new file mode 100644
index 0000000..f625a95
--- /dev/null
+++ b/samba-bz14675-fix.patch
@@ -0,0 +1,157 @@
+From 75a66ce1da41c5b081771b2db55c2994d378d882 Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Tue, 23 Mar 2021 11:40:21 +0100
+Subject: [PATCH 1/3] pidl: set the per-request memory context in the pidl
+ generator
+
+The talloc memory context referenced by the pipe_struct mem_ctx member is used
+as talloc parent for RPC response data by the RPC service implementations.
+
+In Samba versions up to 4.10 all talloc children of p->mem_ctx were freed after
+a RPC response was delivered by calling talloc_free_children(p->mem_ctx). Commit
+60fa8e255254d38e9443bf96f2c0f31430be6ab8 removed this call which resulted in all
+memory allocations on this context not getting released, which can consume
+significant memory in long running RPC connections.
+
+Instead of putting the talloc_free_children(p->mem_ctx) back, just use the
+mem_ctx argument of the ${pipename}_op_dispatch_internal() function which is a
+dcesrv_call_state object created by dcesrv_process_ncacn_packet() and released
+by the RPC server when the RPC request processing is finished.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=14675
+CI: https://gitlab.com/samba-team/samba/-/merge_requests/1861
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+Reviewed-by: Volker Lendecke <vl@samba.org>
+(cherry picked from commit 4c3fb2a5912966a61e7ebdb05eb3231a0e1d6033)
+---
+ pidl/lib/Parse/Pidl/Samba4/NDR/ServerCompat.pm | 2 ++
+ source3/rpc_server/rpc_handles.c               | 6 ------
+ 2 files changed, 2 insertions(+), 6 deletions(-)
+
+diff --git a/pidl/lib/Parse/Pidl/Samba4/NDR/ServerCompat.pm b/pidl/lib/Parse/Pidl/Samba4/NDR/ServerCompat.pm
+index 54feea0a9ef..d1368c3dbca 100644
+--- a/pidl/lib/Parse/Pidl/Samba4/NDR/ServerCompat.pm
++++ b/pidl/lib/Parse/Pidl/Samba4/NDR/ServerCompat.pm
+@@ -299,6 +299,7 @@ sub boilerplate_iface($)
+ 	$self->pidl("/* Update pipes struct opnum */");
+ 	$self->pidl("p->opnum = opnum;");
+ 	$self->pidl("p->dce_call = dce_call;");
++	$self->pidl("p->mem_ctx = mem_ctx;");
+ 	$self->pidl("/* Update pipes struct session info */");
+ 	$self->pidl("pipe_session_info = p->session_info;");
+ 	$self->pidl("p->session_info = dce_call->auth_state->session_info;");
+@@ -344,6 +345,7 @@ sub boilerplate_iface($)
+ 	$self->pidl("");
+ 
+ 	$self->pidl("p->dce_call = NULL;");
++	$self->pidl("p->mem_ctx = NULL;");
+ 	$self->pidl("/* Restore session info */");
+ 	$self->pidl("p->session_info = pipe_session_info;");
+ 	$self->pidl("p->auth.auth_type = 0;");
+diff --git a/source3/rpc_server/rpc_handles.c b/source3/rpc_server/rpc_handles.c
+index 45968746440..9ef93231466 100644
+--- a/source3/rpc_server/rpc_handles.c
++++ b/source3/rpc_server/rpc_handles.c
+@@ -60,12 +60,6 @@ int make_base_pipes_struct(TALLOC_CTX *mem_ctx,
+ 		return ENOMEM;
+ 	}
+ 
+-	p->mem_ctx = talloc_named(p, 0, "pipe %s %p", pipe_name, p);
+-	if (!p->mem_ctx) {
+-		talloc_free(p);
+-		return ENOMEM;
+-	}
+-
+ 	p->msg_ctx = msg_ctx;
+ 	p->transport = transport;
+ 
+-- 
+2.30.2
+
+
+From 33a7749f7fc5c58752815789d086d696a20878e7 Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Mon, 22 Mar 2021 12:06:39 +0100
+Subject: [PATCH 2/3] spools: avoid leaking memory into the callers mem_ctx
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=14675
+CI: https://gitlab.com/samba-team/samba/-/merge_requests/1861
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+Reviewed-by: Volker Lendecke <vl@samba.org>
+(cherry picked from commit 481176ec745c14b78fca68e01a61c83405a4b97b)
+---
+ source3/rpc_server/spoolss/srv_spoolss_nt.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c
+index d20c19d5271..24ea7367ec8 100644
+--- a/source3/rpc_server/spoolss/srv_spoolss_nt.c
++++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c
+@@ -5731,7 +5731,8 @@ static WERROR construct_printer_driver_info_level(TALLOC_CTX *mem_ctx,
+ 	}
+ 
+ 	if (pinfo2->drivername == NULL || pinfo2->drivername[0] == '\0') {
+-		return WERR_UNKNOWN_PRINTER_DRIVER;
++		result = WERR_UNKNOWN_PRINTER_DRIVER;
++		goto done;
+ 	}
+ 
+ 	DBG_INFO("Construct printer driver [%s] for [%s]\n",
+@@ -7023,7 +7024,8 @@ static WERROR update_printer(struct pipes_struct *p,
+ 		raddr = tsocket_address_inet_addr_string(p->remote_address,
+ 							 p->mem_ctx);
+ 		if (raddr == NULL) {
+-			return WERR_NOT_ENOUGH_MEMORY;
++			result = WERR_NOT_ENOUGH_MEMORY;
++			goto done;
+ 		}
+ 
+ 		/* add_printer_hook() will call reload_services() */
+-- 
+2.30.2
+
+
+From 602290d48d3bc49acca64a089822f26da293ee1e Mon Sep 17 00:00:00 2001
+From: Volker Lendecke <vl@samba.org>
+Date: Tue, 23 Mar 2021 17:06:15 +0100
+Subject: [PATCH 3/3] rpc_server3: Fix a memleak for internal pipes
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+state->call should not be talloc'ed off a long-lived context
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=14675
+CI: https://gitlab.com/samba-team/samba/-/merge_requests/1861
+RN: Memory leak in the RPC server
+
+Signed-off-by: Volker Lendecke <vl@samba.org>
+Reviewed-by: Samuel Cabrero <scabrero@samba.org>
+Reviewed-by: Ralph Boehme <slow@samba.org>
+
+Autobuild-User(master): Ralph Böhme <slow@samba.org>
+Autobuild-Date(master): Wed Mar 31 12:14:01 UTC 2021 on sn-devel-184
+
+(cherry picked from commit 12f516e4680753460e7fe8811e6c6ff70057580c)
+---
+ source3/rpc_server/rpc_ncacn_np.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/source3/rpc_server/rpc_ncacn_np.c b/source3/rpc_server/rpc_ncacn_np.c
+index 9ba271c2479..494b002e714 100644
+--- a/source3/rpc_server/rpc_ncacn_np.c
++++ b/source3/rpc_server/rpc_ncacn_np.c
+@@ -476,7 +476,7 @@ static struct tevent_req *rpcint_bh_raw_call_send(TALLOC_CTX *mem_ctx,
+ 		return tevent_req_post(req, ev);
+ 	}
+ 
+-	state->call = talloc_zero(hs->conn, struct dcesrv_call_state);
++	state->call = talloc_zero(state, struct dcesrv_call_state);
+ 	if (tevent_req_nomem(state->call, req)) {
+ 		return tevent_req_post(req, ev);
+ 	}
+-- 
+2.30.2
+
diff --git a/samba.spec b/samba.spec
index 1cd7a05..acc4c01 100644
--- a/samba.spec
+++ b/samba.spec
@@ -108,7 +108,7 @@
 
 %define samba_requires_eq()  %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} = %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not")
 
-%global main_release 0
+%global main_release 1
 
 %global samba_version 4.14.2
 %global talloc_version 2.3.2
@@ -177,6 +177,7 @@ Source14:       samba.pamd
 
 Source201:      README.downgrade
 Patch1:         samba-s4u.patch
+Patch2:         samba-bz14675-fix.patch
 
 Requires(pre): /usr/sbin/groupadd
 Requires(post): systemd
@@ -3839,6 +3840,10 @@ fi
 %endif
 
 %changelog
+* Wed Apr 07 2021 Alexander Bokovoy <abokovoy@redhat.com> - 4.14.2-1
+- Fix memory leaks in RPC server
+- resolves: #1946950
+
 * Thu Mar 25 2021 Guenther Deschner <gdeschner@redhat.com> - 4.14.2-0
 - Update to Samba 4.14.2
 - related: #1941400, #1942496 - Security fixes for CVE-2020-27840