diff --git a/SOURCES/glibc-rh1685400.patch b/SOURCES/glibc-rh1685400.patch
deleted file mode 100644
index 688a60c..0000000
--- a/SOURCES/glibc-rh1685400.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-commit 583dd860d5b833037175247230a328f0050dbfe9
-Author: Paul Eggert <eggert@cs.ucla.edu>
-Date:   Mon Jan 21 11:08:13 2019 -0800
-
-    regex: fix read overrun [BZ #24114]
-    
-    Problem found by AddressSanitizer, reported by Hongxu Chen in:
-    https://debbugs.gnu.org/34140
-    * posix/regexec.c (proceed_next_node):
-    Do not read past end of input buffer.
-
-diff --git a/posix/regexec.c b/posix/regexec.c
-index 73644c2341336e66..06b8487c3e3eab0e 100644
---- a/posix/regexec.c
-+++ b/posix/regexec.c
-@@ -1289,8 +1289,10 @@ proceed_next_node (const re_match_context_t *mctx, Idx nregs, regmatch_t *regs,
- 	      else if (naccepted)
- 		{
- 		  char *buf = (char *) re_string_get_buffer (&mctx->input);
--		  if (memcmp (buf + regs[subexp_idx].rm_so, buf + *pidx,
--			      naccepted) != 0)
-+		  if (mctx->input.valid_len - *pidx < naccepted
-+		      || (memcmp (buf + regs[subexp_idx].rm_so, buf + *pidx,
-+				  naccepted)
-+			  != 0))
- 		    return -1;
- 		}
- 	    }
diff --git a/SOURCES/glibc-rh1871386-1.patch b/SOURCES/glibc-rh1871386-1.patch
new file mode 100644
index 0000000..5cd3074
--- /dev/null
+++ b/SOURCES/glibc-rh1871386-1.patch
@@ -0,0 +1,20 @@
+commit 0798b8ecc8da8667362496c1217d18635106c609
+Author: Vineet Gupta <Vineet.Gupta1@synopsys.com>
+Date:   Wed Apr 8 19:56:12 2020 -0700
+
+    ARC: Update syscall-names.list for ARC specific syscalls
+
+diff --git a/sysdeps/unix/sysv/linux/syscall-names.list b/sysdeps/unix/sysv/linux/syscall-names.list
+index 314a653938..21a62a06f4 100644
+--- a/sysdeps/unix/sysv/linux/syscall-names.list
++++ b/sysdeps/unix/sysv/linux/syscall-names.list
+@@ -41,6 +41,9 @@ adjtimex
+ afs_syscall
+ alarm
+ alloc_hugepages
++arc_gettls
++arc_settls
++arc_usr_cmpxchg
+ arch_prctl
+ arm_fadvise64_64
+ arm_sync_file_range
diff --git a/SOURCES/glibc-rh1871386-2.patch b/SOURCES/glibc-rh1871386-2.patch
new file mode 100644
index 0000000..d89c08d
--- /dev/null
+++ b/SOURCES/glibc-rh1871386-2.patch
@@ -0,0 +1,26 @@
+commit b67339d0bbc07911859ca8c488e1923441cd3c33
+Author: Joseph Myers <joseph@codesourcery.com>
+Date:   Mon Jun 15 22:58:22 2020 +0000
+
+    Update syscall-names.list for Linux 5.7.
+    
+    Linux 5.7 has no new syscalls.  Update the version number in
+    syscall-names.list to reflect that it is still current for 5.7.
+    
+    Tested with build-many-glibcs.py.
+
+diff --git a/sysdeps/unix/sysv/linux/syscall-names.list b/sysdeps/unix/sysv/linux/syscall-names.list
+index 21a62a06f4..15dec5b98f 100644
+--- a/sysdeps/unix/sysv/linux/syscall-names.list
++++ b/sysdeps/unix/sysv/linux/syscall-names.list
+@@ -21,8 +21,8 @@
+ # This file can list all potential system calls.  The names are only
+ # used if the installed kernel headers also provide them.
+ 
+-# The list of system calls is current as of Linux 5.6.
+-kernel 5.6
++# The list of system calls is current as of Linux 5.7.
++kernel 5.7
+ 
+ FAST_atomic_update
+ FAST_cmpxchg
diff --git a/SOURCES/glibc-rh1871386-3.patch b/SOURCES/glibc-rh1871386-3.patch
new file mode 100644
index 0000000..09bd048
--- /dev/null
+++ b/SOURCES/glibc-rh1871386-3.patch
@@ -0,0 +1,37 @@
+commit 1cfb4715288845ebc55ad664421b48b32de9599c
+Author: Joseph Myers <joseph@codesourcery.com>
+Date:   Fri Aug 7 14:38:43 2020 +0000
+
+    Update syscall lists for Linux 5.8.
+    
+    Linux 5.8 has one new syscall, faccessat2.  Update syscall-names.list
+    and regenerate the arch-syscall.h headers with build-many-glibcs.py
+    update-syscalls.
+    
+    Tested with build-many-glibcs.py.
+
+Modified to only update syscall-names.list for RHEL 8.5.0.
+
+diff --git a/sysdeps/unix/sysv/linux/syscall-names.list b/sysdeps/unix/sysv/linux/syscall-names.list
+index 15dec5b98f..a462318ecf 100644
+--- a/sysdeps/unix/sysv/linux/syscall-names.list
++++ b/sysdeps/unix/sysv/linux/syscall-names.list
+@@ -21,8 +21,8 @@
+ # This file can list all potential system calls.  The names are only
+ # used if the installed kernel headers also provide them.
+ 
+-# The list of system calls is current as of Linux 5.7.
+-kernel 5.7
++# The list of system calls is current as of Linux 5.8.
++kernel 5.8
+ 
+ FAST_atomic_update
+ FAST_cmpxchg
+@@ -105,6 +105,7 @@ execveat
+ exit
+ exit_group
+ faccessat
++faccessat2
+ fadvise64
+ fadvise64_64
+ fallocate
diff --git a/SOURCES/glibc-rh1871386-4.patch b/SOURCES/glibc-rh1871386-4.patch
new file mode 100644
index 0000000..72bb49d
--- /dev/null
+++ b/SOURCES/glibc-rh1871386-4.patch
@@ -0,0 +1,37 @@
+commit dac8713629c8736a60aebec2f01657e46baa4c73
+Author: Joseph Myers <joseph@codesourcery.com>
+Date:   Fri Oct 23 16:31:11 2020 +0000
+
+    Update syscall lists for Linux 5.9.
+    
+    Linux 5.9 has one new syscall, close_range.  Update syscall-names.list
+    and regenerate the arch-syscall.h headers with build-many-glibcs.py
+    update-syscalls.
+    
+    Tested with build-many-glibcs.py.
+
+Modified to only update syscall-names.list for RHEL 8.5.0.
+
+diff --git a/sysdeps/unix/sysv/linux/syscall-names.list b/sysdeps/unix/sysv/linux/syscall-names.list
+index a462318ecf..2d42aaf803 100644
+--- a/sysdeps/unix/sysv/linux/syscall-names.list
++++ b/sysdeps/unix/sysv/linux/syscall-names.list
+@@ -21,8 +21,8 @@
+ # This file can list all potential system calls.  The names are only
+ # used if the installed kernel headers also provide them.
+ 
+-# The list of system calls is current as of Linux 5.8.
+-kernel 5.8
++# The list of system calls is current as of Linux 5.9.
++kernel 5.9
+ 
+ FAST_atomic_update
+ FAST_cmpxchg
+@@ -79,6 +79,7 @@ clone
+ clone2
+ clone3
+ close
++close_range
+ cmpxchg_badaddr
+ connect
+ copy_file_range
diff --git a/SOURCES/glibc-rh1871386-5.patch b/SOURCES/glibc-rh1871386-5.patch
new file mode 100644
index 0000000..a2e2b7d
--- /dev/null
+++ b/SOURCES/glibc-rh1871386-5.patch
@@ -0,0 +1,37 @@
+commit bcf47eb0fba4c6278aadd6a377d6b7b3f673e17c
+Author: Joseph Myers <joseph@codesourcery.com>
+Date:   Wed Dec 16 02:08:52 2020 +0000
+
+    Update syscall lists for Linux 5.10.
+    
+    Linux 5.10 has one new syscall, process_madvise.  Update
+    syscall-names.list and regenerate the arch-syscall.h headers with
+    build-many-glibcs.py update-syscalls.
+    
+    Tested with build-many-glibcs.py.
+
+Modified to only update syscall-names.list for RHEL 8.5.0.
+
+diff --git a/sysdeps/unix/sysv/linux/syscall-names.list b/sysdeps/unix/sysv/linux/syscall-names.list
+index 2d42aaf803..4bd42be2b9 100644
+--- a/sysdeps/unix/sysv/linux/syscall-names.list
++++ b/sysdeps/unix/sysv/linux/syscall-names.list
+@@ -21,8 +21,8 @@
+ # This file can list all potential system calls.  The names are only
+ # used if the installed kernel headers also provide them.
+ 
+-# The list of system calls is current as of Linux 5.9.
+-kernel 5.9
++# The list of system calls is current as of Linux 5.10.
++kernel 5.10
+ 
+ FAST_atomic_update
+ FAST_cmpxchg
+@@ -433,6 +433,7 @@ pread64
+ preadv
+ preadv2
+ prlimit64
++process_madvise
+ process_vm_readv
+ process_vm_writev
+ prof
diff --git a/SOURCES/glibc-rh1871386-6.patch b/SOURCES/glibc-rh1871386-6.patch
new file mode 100644
index 0000000..36a47e8
--- /dev/null
+++ b/SOURCES/glibc-rh1871386-6.patch
@@ -0,0 +1,42 @@
+commit 2b778ceb4010c28d70de9b8eab20e8d88eed586b
+Author: Paul Eggert <eggert@cs.ucla.edu>
+Date:   Sat Jan 2 11:32:25 2021 -0800
+
+    Update copyright dates with scripts/update-copyrights
+
+    I used these shell commands:
+
+    ../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
+    (cd ../glibc && git commit -am"[this commit message]")
+
+    and then ignored the output, which consisted lines saying "FOO: warning:
+    copyright statement not found" for each of 6694 files FOO.
+    I then removed trailing white space from benchtests/bench-pthread-locks.c
+    and iconvdata/tst-iconv-big5-hkscs-to-2ucs4.c, to work around this
+    diagnostic from Savannah:
+    remote: *** pre-commit check failed ...
+    remote: *** error: lines with trailing whitespace found
+    remote: error: hook declined to update refs/heads/master
+
+Modified to only update copyright for syscall-names.list for RHEL 8.5.0. Also
+update licenses link to use https.
+
+diff -Nrup a/sysdeps/unix/sysv/linux/syscall-names.list b/sysdeps/unix/sysv/linux/syscall-names.list
+--- a/sysdeps/unix/sysv/linux/syscall-names.list	2021-03-16 14:12:27.828571456 -0400
++++ b/sysdeps/unix/sysv/linux/syscall-names.list	2021-03-16 14:13:23.950145631 -0400
+@@ -1,5 +1,5 @@
+ # List of all known Linux system calls.
+-# Copyright (C) 2017-2018 Free Software Foundation, Inc.
++# Copyright (C) 2017-2021 Free Software Foundation, Inc.
+ # This file is part of the GNU C Library.
+ #
+ # The GNU C Library is free software; you can redistribute it and/or
+@@ -14,7 +14,7 @@
+ #
+ # You should have received a copy of the GNU Lesser General Public
+ # License along with the GNU C Library; if not, see
+-# <http://www.gnu.org/licenses/>.
++# <https://www.gnu.org/licenses/>.
+ 
+ # This file contains the list of system call names.  It has to remain in
+ # alphabetical order.  Lines which start with # are treated as comments.
diff --git a/SOURCES/glibc-rh1871386-7.patch b/SOURCES/glibc-rh1871386-7.patch
new file mode 100644
index 0000000..79774e7
--- /dev/null
+++ b/SOURCES/glibc-rh1871386-7.patch
@@ -0,0 +1,37 @@
+commit 83908b3a1ea51e3aa7ff422275940e56dbba989f
+Author: Joseph Myers <joseph@codesourcery.com>
+Date:   Fri Feb 19 21:16:27 2021 +0000
+
+    Update syscall lists for Linux 5.11.
+    
+    Linux 5.11 has one new syscall, epoll_pwait2.  Update
+    syscall-names.list and regenerate the arch-syscall.h headers with
+    build-many-glibcs.py update-syscalls.
+    
+    Tested with build-many-glibcs.py.
+
+Modified to only update syscall-names.list for RHEL 8.5.0.
+
+diff --git a/sysdeps/unix/sysv/linux/syscall-names.list b/sysdeps/unix/sysv/linux/syscall-names.list
+index 4df7eeab96..f6cb34089d 100644
+--- a/sysdeps/unix/sysv/linux/syscall-names.list
++++ b/sysdeps/unix/sysv/linux/syscall-names.list
+@@ -21,8 +21,8 @@
+ # This file can list all potential system calls.  The names are only
+ # used if the installed kernel headers also provide them.
+ 
+-# The list of system calls is current as of Linux 5.10.
+-kernel 5.10
++# The list of system calls is current as of Linux 5.11.
++kernel 5.11
+ 
+ FAST_atomic_update
+ FAST_cmpxchg
+@@ -95,6 +95,7 @@ epoll_create1
+ epoll_ctl
+ epoll_ctl_old
+ epoll_pwait
++epoll_pwait2
+ epoll_wait
+ epoll_wait_old
+ eventfd
diff --git a/SOURCES/glibc-rh1927040.patch b/SOURCES/glibc-rh1927040.patch
deleted file mode 100644
index 4960631..0000000
--- a/SOURCES/glibc-rh1927040.patch
+++ /dev/null
@@ -1,177 +0,0 @@
-This is a custom downstream RHEL 8 patch which rebuilds three
-GLIBC_PRIVATE interfaces locally for use by libnss_files.so.2
-and libnss_compat.so.2.
-
-The shared objects needs the following 3 functions:
-__nss_readline
-__nss_parse_line_result
-__nss_files_fopen (only requirement for libnss_compat.so.2)
-
-They are implemented in:
-nss/nss_parse_line_result.c
-nss/nss_readline.c
-nss/nss_files_fopen.c
-
-We create wrappers for those functions, recompile, and link directly
-into the shared objects:
-nss/nss_parse_line_result_int.c
-nss/nss_readline_int.c
-nss/nss_files_fopen_int.c
-
-After building the new shared objects there are no longer any undefined
-global function references to __nss_readline@GLIBC_PRIVATE,
-__nss_parse_line_result@GLIBC_PRIVATE or
-__nss_files_fopen@GLIBC_PRIVATE.
-
-Instead we see local function definitions in the shared object e.g.
-Symbol table '.symtab' contains 628 entries:
-...
-   486: 0000000000008ce0    92 FUNC    LOCAL  DEFAULT   15 __nss_parse_line_result
-...
-   494: 0000000000008b70    72 FUNC    LOCAL  DEFAULT   15 __nss_readline_seek
-...
-   497: 0000000000008bc0   279 FUNC    LOCAL  DEFAULT   15 __nss_readline
-...
-   510: 0000000000008ce0    82 FUNC    LOCAL  DEFAULT   15 __nss_files_fopen
-
-The remaining GLIBC_PRIVATE references in the shared objects are all
-pre-existing and do not impact upgrade scenarios.
-
-For reference the existing and present GLIBC_PRIVATE interfaces are:
-__libc_alloc_buffer_alloc_array@@GLIBC_PRIVATE
-__libc_alloc_buffer_copy_string@@GLIBC_PRIVATE
-__libc_alloc_buffer_create_failure@@GLIBC_PRIVATE
-__libc_dynarray_emplace_enlarge@@GLIBC_PRIVATE
-__libc_scratch_buffer_grow@@GLIBC_PRIVATE
-__resp@@GLIBC_PRIVATE
-_nss_files_parse_grent@@GLIBC_PRIVATE
-_nss_files_parse_pwent@@GLIBC_PRIVATE
-_nss_files_parse_sgent@@GLIBC_PRIVATE
-_nss_files_parse_spent@@GLIBC_PRIVATE
-errno@@GLIBC_PRIVATE
-__nss_database_lookup2@GLIBC_PRIVATE
-__nss_lookup_function@GLIBC_PRIVATE
-
-Each was checked for existence in libc.so.6.
-
-A small reproducer was used in testing this patch, included here:
-cat >> tst-rhbz1927040.c <<EOF
-#include <stdio.h>
-#include <stdlib.h>
-#include <sys/types.h>
-#include <errno.h>
-#include <pwd.h>
-#include <string.h>
-
-int
-main (void)
-{
-  struct passwd *res;
-
-  /* Only lookup via files.  */
-  printf ("INFO: Upgrade glibc, then press ENTER to see if libnss_files.so.2 loads.");
-  getchar ();
-
-  /* Try to get one entry.  */
-  printf ("INFO: Looking up first password entry.\n");
-  setpwent ();
-  errno = 0;
-  res = getpwent ();
-  if (res == NULL && errno != 0)
-    {
-      printf ("FAIL: Could not get entry (%s).\n", strerror(errno));
-      exit (1);
-    }
-  printf ("INFO: First entry passwd.pw_name = \"%s\"\n", res->pw_name);
-  printf ("PASS: Call to getpwent succeeded.\n");
-  endpwent ();
-  exit (0);
-}
-EOF
-
-Testing RHEL upgrade
-from: glibc-2.28-127.el8_3.2
-to: glibc-2.28-148.el8
-
-./tst-rhbz1927040
-INFO: Upgrade glibc, then press ENTER to see if libnss_files.so.2 loads.
-INFO: Looking up first password entry.
-INFO: Result was NULL.
-PASS: Call to getpwent succeeded.
-
-With LD_DEBUG=all you can observe:
-     22697:     /lib64/libnss_files.so.2: error: symbol lookup error: undefined symbol: __nss_files_fopen, version GLIBC_PRIVATE (fatal)
-
-Which is the indication that the upgrade caused the transient IdM lookup failure.
-
-Running again succeeds:
-INFO: Upgrade glibc, then press ENTER to see if libnss_files.so.2 loads.
-INFO: Looking up first password entry.
-INFO: First entry passwd.pw_name = "root"
-PASS: Call to getpwent succeeded.
-
-diff --git a/nss/Makefile b/nss/Makefile
-index 7359da38feb65618..d5c28a6b5ed3661c 100644
---- a/nss/Makefile
-+++ b/nss/Makefile
-@@ -92,9 +92,19 @@ extra-libs-others	= $(extra-libs)
- subdir-dirs = $(services:%=nss_%)
- vpath %.c $(subdir-dirs) ../locale/programs ../intl
- 
--
-+# In RHEL we add nss_readline, nss_parse_line_result, and
-+# nss_files_fopen to the libnss_files-routines in order to avoid the
-+# case where a long running process (having never used NSS) attemps to
-+# load an NSS module for the first time and that NSS module needs a
-+# newer GLIBC_PRIVATE interface.  In effect we must make the NSS modules
-+# self-sufficient and not rely on a GLIBC_PRIVATE interface.
-+# See: https://bugzilla.redhat.com/show_bug.cgi?id=1927040
-+# Note: We must recompile the objects to get the correct global symbol
-+#       references, which is why we have the *_int.c wrappers.
- libnss_files-routines	:= $(addprefix files-,$(databases)) \
--			   files-initgroups files-init
-+			   files-initgroups files-init \
-+			   nss_readline_int nss_parse_line_result_int \
-+			   nss_files_fopen_int
- 
- libnss_db-dbs		:= $(addprefix db-,\
- 				       $(filter-out hosts network key alias,\
-@@ -104,8 +114,10 @@ libnss_db-routines	:= $(libnss_db-dbs) db-open db-init hash-string
- generated		+= $(filter-out db-alias.c db-netgrp.c, \
- 					$(addsuffix .c,$(libnss_db-dbs)))
- 
-+# See note above regarding nss_files_fopen.
- libnss_compat-routines	:= $(addprefix compat-,grp pwd spwd initgroups) \
--			   nisdomain
-+			   nisdomain \
-+			   nss_files_fopen_int
- 
- install-others		+= $(inst_vardbdir)/Makefile
- 
-diff --git a/nss/nss_files_fopen_int.c b/nss/nss_files_fopen_int.c
-new file mode 100644
-index 0000000000000000..fa518084fd609b52
---- /dev/null
-+++ b/nss/nss_files_fopen_int.c
-@@ -0,0 +1,3 @@
-+/* Include a local internal copy of __nss_files_fopen to make the NSS
-+   module self-contained.  */
-+#include <nss_files_fopen.c>
-diff --git a/nss/nss_parse_line_result_int.c b/nss/nss_parse_line_result_int.c
-new file mode 100644
-index 0000000000000000..bc0ee7a251743c9a
---- /dev/null
-+++ b/nss/nss_parse_line_result_int.c
-@@ -0,0 +1,3 @@
-+/* Include a local internal copy of __nss_parse_line_result to make the
-+   NSS module self-contained.  */
-+#include <nss_parse_line_result.c>
-diff --git a/nss/nss_readline_int.c b/nss/nss_readline_int.c
-new file mode 100644
-index 0000000000000000..0e7bd259733673c9
---- /dev/null
-+++ b/nss/nss_readline_int.c
-@@ -0,0 +1,3 @@
-+/* Include a local internal copy of __nss_readline and
-+   __nss_readline_seek to make the NSS module self-contained.  */
-+#include <nss_readline.c>
diff --git a/SOURCES/glibc-rh1932770.patch b/SOURCES/glibc-rh1932770.patch
new file mode 100644
index 0000000..4960631
--- /dev/null
+++ b/SOURCES/glibc-rh1932770.patch
@@ -0,0 +1,177 @@
+This is a custom downstream RHEL 8 patch which rebuilds three
+GLIBC_PRIVATE interfaces locally for use by libnss_files.so.2
+and libnss_compat.so.2.
+
+The shared objects needs the following 3 functions:
+__nss_readline
+__nss_parse_line_result
+__nss_files_fopen (only requirement for libnss_compat.so.2)
+
+They are implemented in:
+nss/nss_parse_line_result.c
+nss/nss_readline.c
+nss/nss_files_fopen.c
+
+We create wrappers for those functions, recompile, and link directly
+into the shared objects:
+nss/nss_parse_line_result_int.c
+nss/nss_readline_int.c
+nss/nss_files_fopen_int.c
+
+After building the new shared objects there are no longer any undefined
+global function references to __nss_readline@GLIBC_PRIVATE,
+__nss_parse_line_result@GLIBC_PRIVATE or
+__nss_files_fopen@GLIBC_PRIVATE.
+
+Instead we see local function definitions in the shared object e.g.
+Symbol table '.symtab' contains 628 entries:
+...
+   486: 0000000000008ce0    92 FUNC    LOCAL  DEFAULT   15 __nss_parse_line_result
+...
+   494: 0000000000008b70    72 FUNC    LOCAL  DEFAULT   15 __nss_readline_seek
+...
+   497: 0000000000008bc0   279 FUNC    LOCAL  DEFAULT   15 __nss_readline
+...
+   510: 0000000000008ce0    82 FUNC    LOCAL  DEFAULT   15 __nss_files_fopen
+
+The remaining GLIBC_PRIVATE references in the shared objects are all
+pre-existing and do not impact upgrade scenarios.
+
+For reference the existing and present GLIBC_PRIVATE interfaces are:
+__libc_alloc_buffer_alloc_array@@GLIBC_PRIVATE
+__libc_alloc_buffer_copy_string@@GLIBC_PRIVATE
+__libc_alloc_buffer_create_failure@@GLIBC_PRIVATE
+__libc_dynarray_emplace_enlarge@@GLIBC_PRIVATE
+__libc_scratch_buffer_grow@@GLIBC_PRIVATE
+__resp@@GLIBC_PRIVATE
+_nss_files_parse_grent@@GLIBC_PRIVATE
+_nss_files_parse_pwent@@GLIBC_PRIVATE
+_nss_files_parse_sgent@@GLIBC_PRIVATE
+_nss_files_parse_spent@@GLIBC_PRIVATE
+errno@@GLIBC_PRIVATE
+__nss_database_lookup2@GLIBC_PRIVATE
+__nss_lookup_function@GLIBC_PRIVATE
+
+Each was checked for existence in libc.so.6.
+
+A small reproducer was used in testing this patch, included here:
+cat >> tst-rhbz1927040.c <<EOF
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <errno.h>
+#include <pwd.h>
+#include <string.h>
+
+int
+main (void)
+{
+  struct passwd *res;
+
+  /* Only lookup via files.  */
+  printf ("INFO: Upgrade glibc, then press ENTER to see if libnss_files.so.2 loads.");
+  getchar ();
+
+  /* Try to get one entry.  */
+  printf ("INFO: Looking up first password entry.\n");
+  setpwent ();
+  errno = 0;
+  res = getpwent ();
+  if (res == NULL && errno != 0)
+    {
+      printf ("FAIL: Could not get entry (%s).\n", strerror(errno));
+      exit (1);
+    }
+  printf ("INFO: First entry passwd.pw_name = \"%s\"\n", res->pw_name);
+  printf ("PASS: Call to getpwent succeeded.\n");
+  endpwent ();
+  exit (0);
+}
+EOF
+
+Testing RHEL upgrade
+from: glibc-2.28-127.el8_3.2
+to: glibc-2.28-148.el8
+
+./tst-rhbz1927040
+INFO: Upgrade glibc, then press ENTER to see if libnss_files.so.2 loads.
+INFO: Looking up first password entry.
+INFO: Result was NULL.
+PASS: Call to getpwent succeeded.
+
+With LD_DEBUG=all you can observe:
+     22697:     /lib64/libnss_files.so.2: error: symbol lookup error: undefined symbol: __nss_files_fopen, version GLIBC_PRIVATE (fatal)
+
+Which is the indication that the upgrade caused the transient IdM lookup failure.
+
+Running again succeeds:
+INFO: Upgrade glibc, then press ENTER to see if libnss_files.so.2 loads.
+INFO: Looking up first password entry.
+INFO: First entry passwd.pw_name = "root"
+PASS: Call to getpwent succeeded.
+
+diff --git a/nss/Makefile b/nss/Makefile
+index 7359da38feb65618..d5c28a6b5ed3661c 100644
+--- a/nss/Makefile
++++ b/nss/Makefile
+@@ -92,9 +92,19 @@ extra-libs-others	= $(extra-libs)
+ subdir-dirs = $(services:%=nss_%)
+ vpath %.c $(subdir-dirs) ../locale/programs ../intl
+ 
+-
++# In RHEL we add nss_readline, nss_parse_line_result, and
++# nss_files_fopen to the libnss_files-routines in order to avoid the
++# case where a long running process (having never used NSS) attemps to
++# load an NSS module for the first time and that NSS module needs a
++# newer GLIBC_PRIVATE interface.  In effect we must make the NSS modules
++# self-sufficient and not rely on a GLIBC_PRIVATE interface.
++# See: https://bugzilla.redhat.com/show_bug.cgi?id=1927040
++# Note: We must recompile the objects to get the correct global symbol
++#       references, which is why we have the *_int.c wrappers.
+ libnss_files-routines	:= $(addprefix files-,$(databases)) \
+-			   files-initgroups files-init
++			   files-initgroups files-init \
++			   nss_readline_int nss_parse_line_result_int \
++			   nss_files_fopen_int
+ 
+ libnss_db-dbs		:= $(addprefix db-,\
+ 				       $(filter-out hosts network key alias,\
+@@ -104,8 +114,10 @@ libnss_db-routines	:= $(libnss_db-dbs) db-open db-init hash-string
+ generated		+= $(filter-out db-alias.c db-netgrp.c, \
+ 					$(addsuffix .c,$(libnss_db-dbs)))
+ 
++# See note above regarding nss_files_fopen.
+ libnss_compat-routines	:= $(addprefix compat-,grp pwd spwd initgroups) \
+-			   nisdomain
++			   nisdomain \
++			   nss_files_fopen_int
+ 
+ install-others		+= $(inst_vardbdir)/Makefile
+ 
+diff --git a/nss/nss_files_fopen_int.c b/nss/nss_files_fopen_int.c
+new file mode 100644
+index 0000000000000000..fa518084fd609b52
+--- /dev/null
++++ b/nss/nss_files_fopen_int.c
+@@ -0,0 +1,3 @@
++/* Include a local internal copy of __nss_files_fopen to make the NSS
++   module self-contained.  */
++#include <nss_files_fopen.c>
+diff --git a/nss/nss_parse_line_result_int.c b/nss/nss_parse_line_result_int.c
+new file mode 100644
+index 0000000000000000..bc0ee7a251743c9a
+--- /dev/null
++++ b/nss/nss_parse_line_result_int.c
+@@ -0,0 +1,3 @@
++/* Include a local internal copy of __nss_parse_line_result to make the
++   NSS module self-contained.  */
++#include <nss_parse_line_result.c>
+diff --git a/nss/nss_readline_int.c b/nss/nss_readline_int.c
+new file mode 100644
+index 0000000000000000..0e7bd259733673c9
+--- /dev/null
++++ b/nss/nss_readline_int.c
+@@ -0,0 +1,3 @@
++/* Include a local internal copy of __nss_readline and
++   __nss_readline_seek to make the NSS module self-contained.  */
++#include <nss_readline.c>
diff --git a/SOURCES/glibc-rh1936864.patch b/SOURCES/glibc-rh1936864.patch
new file mode 100644
index 0000000..688a60c
--- /dev/null
+++ b/SOURCES/glibc-rh1936864.patch
@@ -0,0 +1,28 @@
+commit 583dd860d5b833037175247230a328f0050dbfe9
+Author: Paul Eggert <eggert@cs.ucla.edu>
+Date:   Mon Jan 21 11:08:13 2019 -0800
+
+    regex: fix read overrun [BZ #24114]
+    
+    Problem found by AddressSanitizer, reported by Hongxu Chen in:
+    https://debbugs.gnu.org/34140
+    * posix/regexec.c (proceed_next_node):
+    Do not read past end of input buffer.
+
+diff --git a/posix/regexec.c b/posix/regexec.c
+index 73644c2341336e66..06b8487c3e3eab0e 100644
+--- a/posix/regexec.c
++++ b/posix/regexec.c
+@@ -1289,8 +1289,10 @@ proceed_next_node (const re_match_context_t *mctx, Idx nregs, regmatch_t *regs,
+ 	      else if (naccepted)
+ 		{
+ 		  char *buf = (char *) re_string_get_buffer (&mctx->input);
+-		  if (memcmp (buf + regs[subexp_idx].rm_so, buf + *pidx,
+-			      naccepted) != 0)
++		  if (mctx->input.valid_len - *pidx < naccepted
++		      || (memcmp (buf + regs[subexp_idx].rm_so, buf + *pidx,
++				  naccepted)
++			  != 0))
+ 		    return -1;
+ 		}
+ 	    }
diff --git a/SPECS/glibc.spec b/SPECS/glibc.spec
index b592f17..d4b0ff3 100644
--- a/SPECS/glibc.spec
+++ b/SPECS/glibc.spec
@@ -1,6 +1,6 @@
 %define glibcsrcdir glibc-2.28
 %define glibcversion 2.28
-%define glibcrelease 151%{?dist}
+%define glibcrelease 152%{?dist}
 # Pre-release tarballs are pulled in from git using a command that is
 # effectively:
 #
@@ -680,8 +680,15 @@ Patch543: glibc-rh1817513-133.patch
 Patch544: glibc-rh1912544.patch
 Patch545: glibc-rh1918115.patch
 Patch546: glibc-rh1924919.patch
-Patch547: glibc-rh1927040.patch
-Patch548: glibc-rh1685400.patch
+Patch547: glibc-rh1932770.patch
+Patch548: glibc-rh1936864.patch
+Patch549: glibc-rh1871386-1.patch
+Patch550: glibc-rh1871386-2.patch
+Patch551: glibc-rh1871386-3.patch
+Patch552: glibc-rh1871386-4.patch
+Patch553: glibc-rh1871386-5.patch
+Patch554: glibc-rh1871386-6.patch
+Patch555: glibc-rh1871386-7.patch
 
 ##############################################################################
 # Continued list of core "glibc" package information:
@@ -2593,14 +2600,17 @@ fi
 %files -f compat-libpthread-nonshared.filelist -n compat-libpthread-nonshared
 
 %changelog
-* Fri Mar  5 2021 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.28-151
-- CVE-2019-9169: Fix buffer overread in regexec.c (#1685400).
+* Tue Mar 16 2021 Patsy Griffin <patsy@redhat.com> - 2.28-152
+- Update syscall-names.list to 5.7, 5.8, 5.9, 5.10 and 5.11. (#1871386)
 
-* Fri Mar 05 2021 Carlos O'Donell <carlos@redhat.com> - 2.28-150
-- Rebuild glibc to update security markup metadata (#1931305)
+* Mon Mar 15 2021 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.28-151
+- CVE-2019-9169: Fix buffer overread in regexec.c (#1936864).
 
-* Wed Feb 24 2021 Carlos O'Donell <carlos@redhat.com> - 2.28-149
-- Fix NSS files and compat service upgrade defect (#1927040).
+* Mon Mar 15 2021 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.28-150
+- Rebuild glibc to update security markup metadata (#1935128)
+
+* Mon Mar 15 2021 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.28-149
+- Fix NSS files and compat service upgrade defect (#1932770).
 
 * Fri Feb  5 2021 Florian Weimer <fweimer@redhat.com> - 2.28-148
 - CVE-2021-3326: iconv assertion failure in ISO-2022-JP-3 decoding (#1924919)