diff --git a/SOURCES/0001-httpAddrConnect2-Check-for-error-if-POLLHUP-is-in-va.patch b/SOURCES/0001-httpAddrConnect2-Check-for-error-if-POLLHUP-is-in-va.patch
new file mode 100644
index 0000000..a280b4f
--- /dev/null
+++ b/SOURCES/0001-httpAddrConnect2-Check-for-error-if-POLLHUP-is-in-va.patch
@@ -0,0 +1,43 @@
+diff -up cups-2.2.6/cups/http-addrlist.c.cupsgetjobs-pollhup cups-2.2.6/cups/http-addrlist.c
+--- cups-2.2.6/cups/http-addrlist.c.cupsgetjobs-pollhup	2023-12-19 18:25:15.484637450 +0100
++++ cups-2.2.6/cups/http-addrlist.c	2023-12-19 18:28:57.129163387 +0100
+@@ -313,6 +313,39 @@ httpAddrConnect2(
+       {
+ #  ifdef HAVE_POLL
+ 	DEBUG_printf(("pfds[%d].revents=%x\n", i, pfds[i].revents));
++
++#    ifdef _WIN32
++	if (((WSAGetLastError() == WSAEINPROGRESS) && (pfds[i].revents & POLLIN) && (pfds[i].revents & POLLOUT)) ||
++	    ((pfds[i].revents & POLLHUP) && (pfds[i].revents & (POLLIN|POLLOUT))))
++#    else
++	if (((errno == EINPROGRESS) && (pfds[i].revents & POLLIN) && (pfds[i].revents & POLLOUT)) ||
++	    ((pfds[i].revents & POLLHUP) && (pfds[i].revents & (POLLIN|POLLOUT))))
++#    endif /* _WIN32 */
++	{
++	  // Some systems generate POLLIN or POLLOUT together with POLLHUP when doing
++	  // asynchronous connections. The solution seems to be to use getsockopt to
++	  // check the SO_ERROR value and ignore the POLLHUP if there is no error or
++	  // the error is EINPROGRESS.
++
++	  int	    sres,		 /* Return value from getsockopt() - 0, or -1 if error */
++		    serr;		 /* Option SO_ERROR value */
++	  socklen_t slen = sizeof(serr); /* Option value size */
++
++	  sres = getsockopt(fds[i], SOL_SOCKET, SO_ERROR, &serr, &slen);
++
++	  if (sres || serr)
++	  {
++	    pfds[i].revents |= POLLERR;
++#    ifdef DEBUG
++	    DEBUG_printf(("1httpAddrConnect2: getsockopt returned: %d with error: %s", sres, strerror(serr)));
++#    endif
++	  }
++	  else if (pfds[i].revents && (pfds[i].revents & POLLHUP) && (pfds[i].revents & (POLLIN | POLLOUT)))
++	  {
++	    pfds[i].revents &= ~POLLHUP;
++	  }
++	}
++
+ 	if (pfds[i].revents && !(pfds[i].revents & (POLLERR | POLLHUP)))
+ #  else
+ 	if (FD_ISSET(fds[i], &input_set) && !FD_ISSET(fds[i], &error_set))
diff --git a/SOURCES/0001-scheduler-conf.c-Print-to-stderr-if-we-don-t-open-cu.patch b/SOURCES/0001-scheduler-conf.c-Print-to-stderr-if-we-don-t-open-cu.patch
new file mode 100644
index 0000000..0c7f8c3
--- /dev/null
+++ b/SOURCES/0001-scheduler-conf.c-Print-to-stderr-if-we-don-t-open-cu.patch
@@ -0,0 +1,36 @@
+From db9cecdd932e58c51d2d659f63415ad47d151717 Mon Sep 17 00:00:00 2001
+From: Zdenek Dohnal <zdohnal@redhat.com>
+Date: Fri, 1 Sep 2023 17:11:54 +0200
+Subject: [PATCH] scheduler/conf.c: Print to stderr if we don't open
+ cups-files.conf
+
+In case cupsd can't open the cups-files.conf, the error message is lost
+if journal and syslog don't exist or work on system (usually in
+containers).
+
+Log the error into stderr at this place to get the error message if
+needed.
+---
+ scheduler/conf.c | 6 +-----
+ 1 file changed, 1 insertion(+), 5 deletions(-)
+
+diff --git a/scheduler/conf.c b/scheduler/conf.c
+index b18535162..4fa7eb1df 100644
+--- a/scheduler/conf.c
++++ b/scheduler/conf.c
+@@ -811,11 +811,7 @@ cupsdReadConfiguration(void)
+     cupsdLogMessage(CUPSD_LOG_INFO, "No %s, using defaults.", CupsFilesFile);
+   else
+   {
+-#ifdef HAVE_SYSTEMD_SD_JOURNAL_H
+-    sd_journal_print(LOG_ERR, "Unable to open \"%s\" - %s", CupsFilesFile, strerror(errno));
+-#else
+-    syslog(LOG_LPR, "Unable to open \"%s\" - %s", CupsFilesFile, strerror(errno));
+-#endif /* HAVE_SYSTEMD_SD_JOURNAL_H */
++    fprintf(stderr, "Unable to read \"%s\" - %s\n", CupsFilesFile, strerror(errno));
+ 
+     return (0);
+   }
+-- 
+2.41.0
+
diff --git a/SOURCES/cups-preservejobfiles-leak.patch b/SOURCES/cups-preservejobfiles-leak.patch
new file mode 100644
index 0000000..c1c132d
--- /dev/null
+++ b/SOURCES/cups-preservejobfiles-leak.patch
@@ -0,0 +1,31 @@
+diff --git a/scheduler/colorman.c b/scheduler/colorman.c
+index 8af4e5c..9bfdb0c 100644
+--- a/scheduler/colorman.c
++++ b/scheduler/colorman.c
+@@ -1083,7 +1083,7 @@ colord_create_profile(
+ 
+   dbus_message_iter_get_basic(&args, &profile_path);
+   cupsdLogMessage(CUPSD_LOG_DEBUG, "Created profile \"%s\".", profile_path);
+-  cupsArrayAdd(profiles, strdup(profile_path));
++  cupsArrayAdd(profiles, profile_path);
+ 
+ out:
+ 
+diff --git a/scheduler/job.c b/scheduler/job.c
+index 0223bee..47d4c72 100644
+--- a/scheduler/job.c
++++ b/scheduler/job.c
+@@ -1496,11 +1496,11 @@ cupsdDeleteJob(cupsd_job_t       *job,	/* I - Job */
+     job->num_files = 0;
+   }
+ 
++  unload_job(job);
++
+   if (job->history)
+     free_job_history(job);
+ 
+-  unload_job(job);
+-
+   cupsArrayRemove(Jobs, job);
+   cupsArrayRemove(ActiveJobs, job);
+   cupsArrayRemove(PrintingJobs, job);
diff --git a/SPECS/cups.spec b/SPECS/cups.spec
index 6f9d1ce..7b7eb9c 100644
--- a/SPECS/cups.spec
+++ b/SPECS/cups.spec
@@ -24,7 +24,7 @@ Summary: CUPS printing system
 Name: cups
 Epoch: 1
 Version: 2.3.3%{OP_VER}
-Release: 21%{?dist}
+Release: 24%{?dist}
 License: ASL 2.0
 Url: http://www.cups.org/
 # Apple stopped uploading the new versions into github, use OpenPrinting fork
@@ -126,6 +126,12 @@ Patch34: 0001-Log-result-of-httpGetHostname-BEFORE-closing-the-con.patch
 Patch35: 0001-cups-strlcpy-handle-zero-size.patch
 # CVE-2023-32360 cups:  Information leak through Cups-Get-Document operation
 Patch36: 0001-Require-authentication-for-CUPS-Get-Document.patch
+# RHEL-14931 cupsd memory leak in cupsdDeleteJob() with "PreserveJobHistory Off"
+Patch37: cups-preservejobfiles-leak.patch
+# RHEL-15308 cupsd fails to open cups-files.conf and the resulting error message is lost
+Patch38: 0001-scheduler-conf.c-Print-to-stderr-if-we-don-t-open-cu.patch
+# RHEL-19495 cupsGetJobs fails to connect if poll() gets POLLOUT|POLLHUP in revents
+Patch39: 0001-httpAddrConnect2-Check-for-error-if-POLLHUP-is-in-va.patch
 
 
 ##### Patches removed because IMHO they aren't no longer needed
@@ -381,6 +387,12 @@ to CUPS daemon. This solution will substitute printer drivers and raw queues in
 %patch35 -p1 -b .cve32324
 # CVE-2023-32360 cups: Information leak through Cups-Get-Document operation
 %patch36 -p1 -b .get-document-auth
+# RHEL-14931 cupsd memory leak in cupsdDeleteJob() with "PreserveJobHistory Off"
+%patch37 -p1 -b .preservejobfiles-leak
+# RHEL-15308 cupsd fails to open cups-files.conf and the resulting error message is lost
+%patch38 -p1 -b .log-stderr
+# RHEL-19495 cupsGetJobs fails to connect if poll() gets POLLOUT|POLLHUP in revents
+%patch39 -p1 -b .cupsgetjobs-pollhup
 
 %if %{lspp}
 # LSPP support.
@@ -815,6 +827,17 @@ rm -f %{cups_serverbin}/backend/smb
 %{_mandir}/man7/ippeveps.7.gz
 
 %changelog
+* Mon Feb 26 2024 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-24
+- revert RHEL-19205 - new packages are not needed
+
+* Wed Dec 20 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-23
+- RHEL-19205 Recommend new cups-filters subpackages with weak dep for better upgrade exp
+- RHEL-19495 cupsGetJobs fails to connect if poll() gets POLLOUT|POLLHUP in revents
+
+* Thu Nov 02 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-22
+- RHEL-14931 cupsd memory leak in cupsdDeleteJob() with "PreserveJobHistory Off"
+- RHEL-15308 cupsd fails to open cups-files.conf and the resulting error message is lost
+
 * Tue Aug 29 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-21
 - bump the spec because the previous build was made with buildroot 9.2