diff --git a/0001-Fix-possible-unterminated-string.patch b/0001-Fix-possible-unterminated-string.patch
new file mode 100644
index 0000000..8048f88
--- /dev/null
+++ b/0001-Fix-possible-unterminated-string.patch
@@ -0,0 +1,30 @@
+From a06689c14dbff46107aa9b1933ed3d9268cfc9c9 Mon Sep 17 00:00:00 2001
+From: Zdenek Dohnal <zdohnal@redhat.com>
+Date: Mon, 16 Dec 2024 14:38:08 +0100
+Subject: [PATCH] Fix possible unterminated string
+
+Although we terminate buf2 in libcupsfilters and make_model can't be
+1024 bytes long, using snprintf() fixes the coverity report and makes
+sure the buffer is terminated.
+---
+ pappl-retrofit/pappl-retrofit.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/pappl-retrofit/pappl-retrofit.c b/pappl-retrofit/pappl-retrofit.c
+index 7627164..b187bde 100644
+--- a/pappl-retrofit/pappl-retrofit.c
++++ b/pappl-retrofit/pappl-retrofit.c
+@@ -4054,9 +4054,7 @@ _prSetupDriverList(pr_printer_app_global_data_t *global_data)
+ 	      // word (cleaned manufacturer name or part of it) is the
+ 	      // same, we accept the data of the device ID as display
+ 	      // string.
+-	      strncpy(buf1,
+-		      (buf2[0] ? buf2 : ppd->record.make_and_model),
+-		      sizeof(buf1));
++	      snprintf(buf1, sizeof(buf1), "%s", buf2[0] ? buf2 : ppd->record.make_and_model);
+ 	      if ((ptr = strchr(buf1, ' ')) != NULL)
+ 		*ptr = '\0';
+ 	      // Convert device ID to make/model string, so that we can add
+-- 
+2.48.1
+
diff --git a/0001-Fix-potential-memory-leaks.patch b/0001-Fix-potential-memory-leaks.patch
new file mode 100644
index 0000000..6dc3435
--- /dev/null
+++ b/0001-Fix-potential-memory-leaks.patch
@@ -0,0 +1,107 @@
+From 1477124fd2b94229fb3580dd74abaecf72095a5c Mon Sep 17 00:00:00 2001
+From: Zdenek Dohnal <zdohnal@redhat.com>
+Date: Tue, 28 Jan 2025 16:41:28 +0100
+Subject: [PATCH] Fix potential memory leaks
+
+---
+ pappl-retrofit/pappl-retrofit.c | 10 +++++++---
+ pappl-retrofit/print-job.c      |  4 ++++
+ pappl-retrofit/web-interface.c  |  3 +++
+ 3 files changed, 14 insertions(+), 3 deletions(-)
+
+diff --git a/pappl-retrofit/pappl-retrofit.c b/pappl-retrofit/pappl-retrofit.c
+index b187bde..98b8b56 100644
+--- a/pappl-retrofit/pappl-retrofit.c
++++ b/pappl-retrofit/pappl-retrofit.c
+@@ -157,7 +157,7 @@ prBestMatchingPPD(const char *device_id,	// I - IEEE-1284 device ID
+         {
+ 	  if (regcomp(re, regex, REG_ICASE | REG_EXTENDED | REG_NOSUB))
+ 	  {
+-	    regfree(re);
++	    free(re);
+ 	    papplLog(global_data->system, PAPPL_LOGLEVEL_ERROR,
+ 		     "Invalid regular expression: %s", regex);
+ 	    continue;
+@@ -334,7 +334,7 @@ prRegExMatchDevIDField(const char *device_id,     // I - Device ID to search in
+     // Compile the regular expression
+     if (regcomp(re, value_regex, REG_ICASE | REG_EXTENDED | REG_NOSUB))
+     {
+-      regfree(re);
++      free(re);
+       ret = -3;
+       goto out;
+     }
+@@ -365,6 +365,7 @@ prRegExMatchDevIDField(const char *device_id,     // I - Device ID to search in
+     }
+ 
+     regfree(re);
++    free(re);
+   }
+   else
+     ret = -5;
+@@ -3930,7 +3931,7 @@ _prSetupDriverList(pr_printer_app_global_data_t *global_data)
+ 	if (regcomp(driver_re, global_data->config->driver_display_regex,
+ 		    REG_ICASE | REG_EXTENDED))
+ 	{
+-	  regfree(driver_re);
++	  free(driver_re);
+ 	  driver_re = NULL;
+ 	  papplLog(system, PAPPL_LOGLEVEL_ERROR,
+ 		   "Invalid regular expression: %s",
+@@ -4230,7 +4231,10 @@ _prSetupDriverList(pr_printer_app_global_data_t *global_data)
+ 
+     // Free the compiled regular expression
+     if (driver_re)
++    {
+       regfree(driver_re);
++      free(driver_re);
++    }
+ 
+     cupsArrayDelete(ppds);
+ 
+diff --git a/pappl-retrofit/print-job.c b/pappl-retrofit/print-job.c
+index 1fbd16f..3138590 100644
+--- a/pappl-retrofit/print-job.c
++++ b/pappl-retrofit/print-job.c
+@@ -996,6 +996,7 @@ _prFilter(
+   {
+     papplLogJob(job, PAPPL_LOGLEVEL_ERROR, "Unable to open input file '%s' for printing: %s",
+ 		filename, strerror(errno));
++    _prFreeJobData(job_data);
+     return (false);
+   }
+ 
+@@ -1033,6 +1034,8 @@ _prFilter(
+     papplLogJob(job, PAPPL_LOGLEVEL_ERROR,
+ 		"No pre-filter found for input format %s",
+ 		informat);
++    _prFreeJobData(job_data);
++    close(fd);
+     return (false);
+   }
+ 
+@@ -1655,6 +1658,7 @@ _prRasterPrepareJob(
+ 		"Unable to create pipe for filtering and sending off the job");
+     if (strlen(job_data->stream_filter) > 1)
+       free(ppd_filter_params);
++    _prFreeJobData(job_data);
+     return (NULL);
+   }
+ 
+diff --git a/pappl-retrofit/web-interface.c b/pappl-retrofit/web-interface.c
+index 6935aa0..5afc99c 100644
+--- a/pappl-retrofit/web-interface.c
++++ b/pappl-retrofit/web-interface.c
+@@ -1294,6 +1294,9 @@ _prSystemWebAddPPD(
+       // Flush remaining data...
+       if (httpGetState(http) == initial_state)
+ 	httpFlush(http);
++
++      if (fp)
++	fclose(fp);
+     }
+ 
+     strbuf[0] = '\0';
+-- 
+2.48.1
+
diff --git a/0001-Protect-_prASCII-from-negative-lengths.patch b/0001-Protect-_prASCII-from-negative-lengths.patch
new file mode 100644
index 0000000..ba58068
--- /dev/null
+++ b/0001-Protect-_prASCII-from-negative-lengths.patch
@@ -0,0 +1,41 @@
+From 63b2c618cf770de3338fe94fd910656cc3c6ec38 Mon Sep 17 00:00:00 2001
+From: Zdenek Dohnal <zdohnal@redhat.com>
+Date: Mon, 27 Jan 2025 15:46:19 +0100
+Subject: [PATCH] Protect `_prASCII()` from negative lengths
+
+---
+ pappl-retrofit/cups-backends.c | 2 +-
+ pappl-retrofit/print-job.c     | 4 ++++
+ 2 files changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/pappl-retrofit/cups-backends.c b/pappl-retrofit/cups-backends.c
+index 5cfd78c..4639449 100644
+--- a/pappl-retrofit/cups-backends.c
++++ b/pappl-retrofit/cups-backends.c
+@@ -470,7 +470,7 @@ _prCUPSDevList(pappl_device_cb_t cb,
+ 	      //
+ 
+ 	      backends[i].bytes += bytes;
+-              backends[i].buf[4095] = '\0';
++	      backends[i].buf[4095] = '\0';
+ 	      while ((newline = strchr(backends[i].buf, '\n')) != NULL)
+ 	      {
+ 		// We have read at least one line
+diff --git a/pappl-retrofit/print-job.c b/pappl-retrofit/print-job.c
+index 115dd4b..1fbd16f 100644
+--- a/pappl-retrofit/print-job.c
++++ b/pappl-retrofit/print-job.c
+@@ -55,6 +55,10 @@ _prASCII85(FILE                *outputfp,
+   static unsigned int   num_remaining = 0;
+ 
+ 
++  // Prevent possible negative lengths...
++  if (length < 0)
++    return;
++
+   while (num_remaining + length > 0)
+   {
+     if (num_remaining > 0 || length < 4)
+-- 
+2.48.1
+
diff --git a/0001-cups-backends.c-Ensure-read-string-is-NULL-terminate.patch b/0001-cups-backends.c-Ensure-read-string-is-NULL-terminate.patch
new file mode 100644
index 0000000..cf3e011
--- /dev/null
+++ b/0001-cups-backends.c-Ensure-read-string-is-NULL-terminate.patch
@@ -0,0 +1,25 @@
+From 1780a78ed0b40b7eef769346958b1148fa598be0 Mon Sep 17 00:00:00 2001
+From: Zdenek Dohnal <zdohnal@redhat.com>
+Date: Mon, 16 Dec 2024 14:48:15 +0100
+Subject: [PATCH] cups-backends.c: Ensure read string is NULL-terminated
+
+We read from external program output, make sure we use NULL terminator.
+---
+ pappl-retrofit/cups-backends.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/pappl-retrofit/cups-backends.c b/pappl-retrofit/cups-backends.c
+index 9ef3f4d..5cfd78c 100644
+--- a/pappl-retrofit/cups-backends.c
++++ b/pappl-retrofit/cups-backends.c
+@@ -470,6 +470,7 @@ _prCUPSDevList(pappl_device_cb_t cb,
+ 	      //
+ 
+ 	      backends[i].bytes += bytes;
++              backends[i].buf[4095] = '\0';
+ 	      while ((newline = strchr(backends[i].buf, '\n')) != NULL)
+ 	      {
+ 		// We have read at least one line
+-- 
+2.48.1
+
diff --git a/pappl-retrofit.spec b/pappl-retrofit.spec
index cd7d87b..e96a6c3 100644
--- a/pappl-retrofit.spec
+++ b/pappl-retrofit.spec
@@ -11,7 +11,7 @@
 
 Name: pappl-retrofit
 Version: 1.0b2
-Release: 5%{?dist}
+Release: 6%{?dist}
 # the CUPS exception text is the same as LLVM exception, so using that name with
 # agreement from legal team
 # https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org/message/A7GFSD6M3GYGSI32L2FC5KB22DUAEQI3/
@@ -33,6 +33,15 @@ Patch002: 0001-Added-man-page-for-the-Legacy-Printer-Application.patch
 Patch003: pappl-retrofit-use-after-free.patch
 # https://github.com/OpenPrinting/pappl-retrofit/pull/27
 Patch004: 0001-Use-PAPPL-configuration-options-from-file.patch
+# https://github.com/OpenPrinting/pappl-retrofit/pull/28
+# 0001-Fix-possible-unterminated-string.patch
+# 0001-cups-backends.c-Ensure-read-string-is-NULL-terminate.patch
+# 0001-Protect-_prASCII-from-negative-lengths.patch
+# 0001-Fix-potential-memory-leaks.patch
+Patch005: 0001-Fix-possible-unterminated-string.patch
+Patch006: 0001-cups-backends.c-Ensure-read-string-is-NULL-terminate.patch
+Patch007: 0001-Protect-_prASCII-from-negative-lengths.patch
+Patch008: 0001-Fix-potential-memory-leaks.patch
 
 
 # for autogen.sh - generating configure scripts
@@ -181,6 +190,9 @@ make check
 %{_mandir}/man1/legacy-printer-app.1.gz
 
 %changelog
+* Tue Jan 28 2025 Zdenek Dohnal <zdohnal@redhat.com> - 1.0b2-6
+- Fix Openscanhub issues (Resolves: RHEL-71659)
+
 * Wed Dec 04 2024 Zdenek Dohnal <zdohnal@redhat.com> - 1.0b2-5
 - Initial commit on c10s
   Resolves: RHEL-25298