diff --git a/SOURCES/glibc-rh1685400.patch b/SOURCES/glibc-rh1685400.patch
deleted file mode 100644
index 688a60c..0000000
--- a/SOURCES/glibc-rh1685400.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-commit 583dd860d5b833037175247230a328f0050dbfe9
-Author: Paul Eggert <eggert@cs.ucla.edu>
-Date: Mon Jan 21 11:08:13 2019 -0800
-
- regex: fix read overrun [BZ #24114]
-
- Problem found by AddressSanitizer, reported by Hongxu Chen in:
- https://debbugs.gnu.org/34140
- * posix/regexec.c (proceed_next_node):
- Do not read past end of input buffer.
-
-diff --git a/posix/regexec.c b/posix/regexec.c
-index 73644c2341336e66..06b8487c3e3eab0e 100644
---- a/posix/regexec.c
-+++ b/posix/regexec.c
-@@ -1289,8 +1289,10 @@ proceed_next_node (const re_match_context_t *mctx, Idx nregs, regmatch_t *regs,
- else if (naccepted)
- {
- char *buf = (char *) re_string_get_buffer (&mctx->input);
-- if (memcmp (buf + regs[subexp_idx].rm_so, buf + *pidx,
-- naccepted) != 0)
-+ if (mctx->input.valid_len - *pidx < naccepted
-+ || (memcmp (buf + regs[subexp_idx].rm_so, buf + *pidx,
-+ naccepted)
-+ != 0))
- return -1;
- }
- }
diff --git a/SOURCES/glibc-rh1871386-1.patch b/SOURCES/glibc-rh1871386-1.patch
new file mode 100644
index 0000000..5cd3074
--- /dev/null
+++ b/SOURCES/glibc-rh1871386-1.patch
@@ -0,0 +1,20 @@
+commit 0798b8ecc8da8667362496c1217d18635106c609
+Author: Vineet Gupta <Vineet.Gupta1@synopsys.com>
+Date: Wed Apr 8 19:56:12 2020 -0700
+
+ ARC: Update syscall-names.list for ARC specific syscalls
+
+diff --git a/sysdeps/unix/sysv/linux/syscall-names.list b/sysdeps/unix/sysv/linux/syscall-names.list
+index 314a653938..21a62a06f4 100644
+--- a/sysdeps/unix/sysv/linux/syscall-names.list
++++ b/sysdeps/unix/sysv/linux/syscall-names.list
+@@ -41,6 +41,9 @@ adjtimex
+ afs_syscall
+ alarm
+ alloc_hugepages
++arc_gettls
++arc_settls
++arc_usr_cmpxchg
+ arch_prctl
+ arm_fadvise64_64
+ arm_sync_file_range
diff --git a/SOURCES/glibc-rh1871386-2.patch b/SOURCES/glibc-rh1871386-2.patch
new file mode 100644
index 0000000..d89c08d
--- /dev/null
+++ b/SOURCES/glibc-rh1871386-2.patch
@@ -0,0 +1,26 @@
+commit b67339d0bbc07911859ca8c488e1923441cd3c33
+Author: Joseph Myers <joseph@codesourcery.com>
+Date: Mon Jun 15 22:58:22 2020 +0000
+
+ Update syscall-names.list for Linux 5.7.
+
+ Linux 5.7 has no new syscalls. Update the version number in
+ syscall-names.list to reflect that it is still current for 5.7.
+
+ Tested with build-many-glibcs.py.
+
+diff --git a/sysdeps/unix/sysv/linux/syscall-names.list b/sysdeps/unix/sysv/linux/syscall-names.list
+index 21a62a06f4..15dec5b98f 100644
+--- a/sysdeps/unix/sysv/linux/syscall-names.list
++++ b/sysdeps/unix/sysv/linux/syscall-names.list
+@@ -21,8 +21,8 @@
+ # This file can list all potential system calls. The names are only
+ # used if the installed kernel headers also provide them.
+
+-# The list of system calls is current as of Linux 5.6.
+-kernel 5.6
++# The list of system calls is current as of Linux 5.7.
++kernel 5.7
+
+ FAST_atomic_update
+ FAST_cmpxchg
diff --git a/SOURCES/glibc-rh1871386-3.patch b/SOURCES/glibc-rh1871386-3.patch
new file mode 100644
index 0000000..09bd048
--- /dev/null
+++ b/SOURCES/glibc-rh1871386-3.patch
@@ -0,0 +1,37 @@
+commit 1cfb4715288845ebc55ad664421b48b32de9599c
+Author: Joseph Myers <joseph@codesourcery.com>
+Date: Fri Aug 7 14:38:43 2020 +0000
+
+ Update syscall lists for Linux 5.8.
+
+ Linux 5.8 has one new syscall, faccessat2. Update syscall-names.list
+ and regenerate the arch-syscall.h headers with build-many-glibcs.py
+ update-syscalls.
+
+ Tested with build-many-glibcs.py.
+
+Modified to only update syscall-names.list for RHEL 8.5.0.
+
+diff --git a/sysdeps/unix/sysv/linux/syscall-names.list b/sysdeps/unix/sysv/linux/syscall-names.list
+index 15dec5b98f..a462318ecf 100644
+--- a/sysdeps/unix/sysv/linux/syscall-names.list
++++ b/sysdeps/unix/sysv/linux/syscall-names.list
+@@ -21,8 +21,8 @@
+ # This file can list all potential system calls. The names are only
+ # used if the installed kernel headers also provide them.
+
+-# The list of system calls is current as of Linux 5.7.
+-kernel 5.7
++# The list of system calls is current as of Linux 5.8.
++kernel 5.8
+
+ FAST_atomic_update
+ FAST_cmpxchg
+@@ -105,6 +105,7 @@ execveat
+ exit
+ exit_group
+ faccessat
++faccessat2
+ fadvise64
+ fadvise64_64
+ fallocate
diff --git a/SOURCES/glibc-rh1871386-4.patch b/SOURCES/glibc-rh1871386-4.patch
new file mode 100644
index 0000000..72bb49d
--- /dev/null
+++ b/SOURCES/glibc-rh1871386-4.patch
@@ -0,0 +1,37 @@
+commit dac8713629c8736a60aebec2f01657e46baa4c73
+Author: Joseph Myers <joseph@codesourcery.com>
+Date: Fri Oct 23 16:31:11 2020 +0000
+
+ Update syscall lists for Linux 5.9.
+
+ Linux 5.9 has one new syscall, close_range. Update syscall-names.list
+ and regenerate the arch-syscall.h headers with build-many-glibcs.py
+ update-syscalls.
+
+ Tested with build-many-glibcs.py.
+
+Modified to only update syscall-names.list for RHEL 8.5.0.
+
+diff --git a/sysdeps/unix/sysv/linux/syscall-names.list b/sysdeps/unix/sysv/linux/syscall-names.list
+index a462318ecf..2d42aaf803 100644
+--- a/sysdeps/unix/sysv/linux/syscall-names.list
++++ b/sysdeps/unix/sysv/linux/syscall-names.list
+@@ -21,8 +21,8 @@
+ # This file can list all potential system calls. The names are only
+ # used if the installed kernel headers also provide them.
+
+-# The list of system calls is current as of Linux 5.8.
+-kernel 5.8
++# The list of system calls is current as of Linux 5.9.
++kernel 5.9
+
+ FAST_atomic_update
+ FAST_cmpxchg
+@@ -79,6 +79,7 @@ clone
+ clone2
+ clone3
+ close
++close_range
+ cmpxchg_badaddr
+ connect
+ copy_file_range
diff --git a/SOURCES/glibc-rh1871386-5.patch b/SOURCES/glibc-rh1871386-5.patch
new file mode 100644
index 0000000..a2e2b7d
--- /dev/null
+++ b/SOURCES/glibc-rh1871386-5.patch
@@ -0,0 +1,37 @@
+commit bcf47eb0fba4c6278aadd6a377d6b7b3f673e17c
+Author: Joseph Myers <joseph@codesourcery.com>
+Date: Wed Dec 16 02:08:52 2020 +0000
+
+ Update syscall lists for Linux 5.10.
+
+ Linux 5.10 has one new syscall, process_madvise. Update
+ syscall-names.list and regenerate the arch-syscall.h headers with
+ build-many-glibcs.py update-syscalls.
+
+ Tested with build-many-glibcs.py.
+
+Modified to only update syscall-names.list for RHEL 8.5.0.
+
+diff --git a/sysdeps/unix/sysv/linux/syscall-names.list b/sysdeps/unix/sysv/linux/syscall-names.list
+index 2d42aaf803..4bd42be2b9 100644
+--- a/sysdeps/unix/sysv/linux/syscall-names.list
++++ b/sysdeps/unix/sysv/linux/syscall-names.list
+@@ -21,8 +21,8 @@
+ # This file can list all potential system calls. The names are only
+ # used if the installed kernel headers also provide them.
+
+-# The list of system calls is current as of Linux 5.9.
+-kernel 5.9
++# The list of system calls is current as of Linux 5.10.
++kernel 5.10
+
+ FAST_atomic_update
+ FAST_cmpxchg
+@@ -433,6 +433,7 @@ pread64
+ preadv
+ preadv2
+ prlimit64
++process_madvise
+ process_vm_readv
+ process_vm_writev
+ prof
diff --git a/SOURCES/glibc-rh1871386-6.patch b/SOURCES/glibc-rh1871386-6.patch
new file mode 100644
index 0000000..36a47e8
--- /dev/null
+++ b/SOURCES/glibc-rh1871386-6.patch
@@ -0,0 +1,42 @@
+commit 2b778ceb4010c28d70de9b8eab20e8d88eed586b
+Author: Paul Eggert <eggert@cs.ucla.edu>
+Date: Sat Jan 2 11:32:25 2021 -0800
+
+ Update copyright dates with scripts/update-copyrights
+
+ I used these shell commands:
+
+ ../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
+ (cd ../glibc && git commit -am"[this commit message]")
+
+ and then ignored the output, which consisted lines saying "FOO: warning:
+ copyright statement not found" for each of 6694 files FOO.
+ I then removed trailing white space from benchtests/bench-pthread-locks.c
+ and iconvdata/tst-iconv-big5-hkscs-to-2ucs4.c, to work around this
+ diagnostic from Savannah:
+ remote: *** pre-commit check failed ...
+ remote: *** error: lines with trailing whitespace found
+ remote: error: hook declined to update refs/heads/master
+
+Modified to only update copyright for syscall-names.list for RHEL 8.5.0. Also
+update licenses link to use https.
+
+diff -Nrup a/sysdeps/unix/sysv/linux/syscall-names.list b/sysdeps/unix/sysv/linux/syscall-names.list
+--- a/sysdeps/unix/sysv/linux/syscall-names.list 2021-03-16 14:12:27.828571456 -0400
++++ b/sysdeps/unix/sysv/linux/syscall-names.list 2021-03-16 14:13:23.950145631 -0400
+@@ -1,5 +1,5 @@
+ # List of all known Linux system calls.
+-# Copyright (C) 2017-2018 Free Software Foundation, Inc.
++# Copyright (C) 2017-2021 Free Software Foundation, Inc.
+ # This file is part of the GNU C Library.
+ #
+ # The GNU C Library is free software; you can redistribute it and/or
+@@ -14,7 +14,7 @@
+ #
+ # You should have received a copy of the GNU Lesser General Public
+ # License along with the GNU C Library; if not, see
+-# <http://www.gnu.org/licenses/>.
++# <https://www.gnu.org/licenses/>.
+
+ # This file contains the list of system call names. It has to remain in
+ # alphabetical order. Lines which start with # are treated as comments.
diff --git a/SOURCES/glibc-rh1871386-7.patch b/SOURCES/glibc-rh1871386-7.patch
new file mode 100644
index 0000000..79774e7
--- /dev/null
+++ b/SOURCES/glibc-rh1871386-7.patch
@@ -0,0 +1,37 @@
+commit 83908b3a1ea51e3aa7ff422275940e56dbba989f
+Author: Joseph Myers <joseph@codesourcery.com>
+Date: Fri Feb 19 21:16:27 2021 +0000
+
+ Update syscall lists for Linux 5.11.
+
+ Linux 5.11 has one new syscall, epoll_pwait2. Update
+ syscall-names.list and regenerate the arch-syscall.h headers with
+ build-many-glibcs.py update-syscalls.
+
+ Tested with build-many-glibcs.py.
+
+Modified to only update syscall-names.list for RHEL 8.5.0.
+
+diff --git a/sysdeps/unix/sysv/linux/syscall-names.list b/sysdeps/unix/sysv/linux/syscall-names.list
+index 4df7eeab96..f6cb34089d 100644
+--- a/sysdeps/unix/sysv/linux/syscall-names.list
++++ b/sysdeps/unix/sysv/linux/syscall-names.list
+@@ -21,8 +21,8 @@
+ # This file can list all potential system calls. The names are only
+ # used if the installed kernel headers also provide them.
+
+-# The list of system calls is current as of Linux 5.10.
+-kernel 5.10
++# The list of system calls is current as of Linux 5.11.
++kernel 5.11
+
+ FAST_atomic_update
+ FAST_cmpxchg
+@@ -95,6 +95,7 @@ epoll_create1
+ epoll_ctl
+ epoll_ctl_old
+ epoll_pwait
++epoll_pwait2
+ epoll_wait
+ epoll_wait_old
+ eventfd
diff --git a/SOURCES/glibc-rh1927040.patch b/SOURCES/glibc-rh1927040.patch
deleted file mode 100644
index 4960631..0000000
--- a/SOURCES/glibc-rh1927040.patch
+++ /dev/null
@@ -1,177 +0,0 @@
-This is a custom downstream RHEL 8 patch which rebuilds three
-GLIBC_PRIVATE interfaces locally for use by libnss_files.so.2
-and libnss_compat.so.2.
-
-The shared objects needs the following 3 functions:
-__nss_readline
-__nss_parse_line_result
-__nss_files_fopen (only requirement for libnss_compat.so.2)
-
-They are implemented in:
-nss/nss_parse_line_result.c
-nss/nss_readline.c
-nss/nss_files_fopen.c
-
-We create wrappers for those functions, recompile, and link directly
-into the shared objects:
-nss/nss_parse_line_result_int.c
-nss/nss_readline_int.c
-nss/nss_files_fopen_int.c
-
-After building the new shared objects there are no longer any undefined
-global function references to __nss_readline@GLIBC_PRIVATE,
-__nss_parse_line_result@GLIBC_PRIVATE or
-__nss_files_fopen@GLIBC_PRIVATE.
-
-Instead we see local function definitions in the shared object e.g.
-Symbol table '.symtab' contains 628 entries:
-...
- 486: 0000000000008ce0 92 FUNC LOCAL DEFAULT 15 __nss_parse_line_result
-...
- 494: 0000000000008b70 72 FUNC LOCAL DEFAULT 15 __nss_readline_seek
-...
- 497: 0000000000008bc0 279 FUNC LOCAL DEFAULT 15 __nss_readline
-...
- 510: 0000000000008ce0 82 FUNC LOCAL DEFAULT 15 __nss_files_fopen
-
-The remaining GLIBC_PRIVATE references in the shared objects are all
-pre-existing and do not impact upgrade scenarios.
-
-For reference the existing and present GLIBC_PRIVATE interfaces are:
-__libc_alloc_buffer_alloc_array@@GLIBC_PRIVATE
-__libc_alloc_buffer_copy_string@@GLIBC_PRIVATE
-__libc_alloc_buffer_create_failure@@GLIBC_PRIVATE
-__libc_dynarray_emplace_enlarge@@GLIBC_PRIVATE
-__libc_scratch_buffer_grow@@GLIBC_PRIVATE
-__resp@@GLIBC_PRIVATE
-_nss_files_parse_grent@@GLIBC_PRIVATE
-_nss_files_parse_pwent@@GLIBC_PRIVATE
-_nss_files_parse_sgent@@GLIBC_PRIVATE
-_nss_files_parse_spent@@GLIBC_PRIVATE
-errno@@GLIBC_PRIVATE
-__nss_database_lookup2@GLIBC_PRIVATE
-__nss_lookup_function@GLIBC_PRIVATE
-
-Each was checked for existence in libc.so.6.
-
-A small reproducer was used in testing this patch, included here:
-cat >> tst-rhbz1927040.c <<EOF
-#include <stdio.h>
-#include <stdlib.h>
-#include <sys/types.h>
-#include <errno.h>
-#include <pwd.h>
-#include <string.h>
-
-int
-main (void)
-{
- struct passwd *res;
-
- /* Only lookup via files. */
- printf ("INFO: Upgrade glibc, then press ENTER to see if libnss_files.so.2 loads.");
- getchar ();
-
- /* Try to get one entry. */
- printf ("INFO: Looking up first password entry.\n");
- setpwent ();
- errno = 0;
- res = getpwent ();
- if (res == NULL && errno != 0)
- {
- printf ("FAIL: Could not get entry (%s).\n", strerror(errno));
- exit (1);
- }
- printf ("INFO: First entry passwd.pw_name = \"%s\"\n", res->pw_name);
- printf ("PASS: Call to getpwent succeeded.\n");
- endpwent ();
- exit (0);
-}
-EOF
-
-Testing RHEL upgrade
-from: glibc-2.28-127.el8_3.2
-to: glibc-2.28-148.el8
-
-./tst-rhbz1927040
-INFO: Upgrade glibc, then press ENTER to see if libnss_files.so.2 loads.
-INFO: Looking up first password entry.
-INFO: Result was NULL.
-PASS: Call to getpwent succeeded.
-
-With LD_DEBUG=all you can observe:
- 22697: /lib64/libnss_files.so.2: error: symbol lookup error: undefined symbol: __nss_files_fopen, version GLIBC_PRIVATE (fatal)
-
-Which is the indication that the upgrade caused the transient IdM lookup failure.
-
-Running again succeeds:
-INFO: Upgrade glibc, then press ENTER to see if libnss_files.so.2 loads.
-INFO: Looking up first password entry.
-INFO: First entry passwd.pw_name = "root"
-PASS: Call to getpwent succeeded.
-
-diff --git a/nss/Makefile b/nss/Makefile
-index 7359da38feb65618..d5c28a6b5ed3661c 100644
---- a/nss/Makefile
-+++ b/nss/Makefile
-@@ -92,9 +92,19 @@ extra-libs-others = $(extra-libs)
- subdir-dirs = $(services:%=nss_%)
- vpath %.c $(subdir-dirs) ../locale/programs ../intl
-
--
-+# In RHEL we add nss_readline, nss_parse_line_result, and
-+# nss_files_fopen to the libnss_files-routines in order to avoid the
-+# case where a long running process (having never used NSS) attemps to
-+# load an NSS module for the first time and that NSS module needs a
-+# newer GLIBC_PRIVATE interface. In effect we must make the NSS modules
-+# self-sufficient and not rely on a GLIBC_PRIVATE interface.
-+# See: https://bugzilla.redhat.com/show_bug.cgi?id=1927040
-+# Note: We must recompile the objects to get the correct global symbol
-+# references, which is why we have the *_int.c wrappers.
- libnss_files-routines := $(addprefix files-,$(databases)) \
-- files-initgroups files-init
-+ files-initgroups files-init \
-+ nss_readline_int nss_parse_line_result_int \
-+ nss_files_fopen_int
-
- libnss_db-dbs := $(addprefix db-,\
- $(filter-out hosts network key alias,\
-@@ -104,8 +114,10 @@ libnss_db-routines := $(libnss_db-dbs) db-open db-init hash-string
- generated += $(filter-out db-alias.c db-netgrp.c, \
- $(addsuffix .c,$(libnss_db-dbs)))
-
-+# See note above regarding nss_files_fopen.
- libnss_compat-routines := $(addprefix compat-,grp pwd spwd initgroups) \
-- nisdomain
-+ nisdomain \
-+ nss_files_fopen_int
-
- install-others += $(inst_vardbdir)/Makefile
-
-diff --git a/nss/nss_files_fopen_int.c b/nss/nss_files_fopen_int.c
-new file mode 100644
-index 0000000000000000..fa518084fd609b52
---- /dev/null
-+++ b/nss/nss_files_fopen_int.c
-@@ -0,0 +1,3 @@
-+/* Include a local internal copy of __nss_files_fopen to make the NSS
-+ module self-contained. */
-+#include <nss_files_fopen.c>
-diff --git a/nss/nss_parse_line_result_int.c b/nss/nss_parse_line_result_int.c
-new file mode 100644
-index 0000000000000000..bc0ee7a251743c9a
---- /dev/null
-+++ b/nss/nss_parse_line_result_int.c
-@@ -0,0 +1,3 @@
-+/* Include a local internal copy of __nss_parse_line_result to make the
-+ NSS module self-contained. */
-+#include <nss_parse_line_result.c>
-diff --git a/nss/nss_readline_int.c b/nss/nss_readline_int.c
-new file mode 100644
-index 0000000000000000..0e7bd259733673c9
---- /dev/null
-+++ b/nss/nss_readline_int.c
-@@ -0,0 +1,3 @@
-+/* Include a local internal copy of __nss_readline and
-+ __nss_readline_seek to make the NSS module self-contained. */
-+#include <nss_readline.c>
diff --git a/SOURCES/glibc-rh1932770.patch b/SOURCES/glibc-rh1932770.patch
new file mode 100644
index 0000000..4960631
--- /dev/null
+++ b/SOURCES/glibc-rh1932770.patch
@@ -0,0 +1,177 @@
+This is a custom downstream RHEL 8 patch which rebuilds three
+GLIBC_PRIVATE interfaces locally for use by libnss_files.so.2
+and libnss_compat.so.2.
+
+The shared objects needs the following 3 functions:
+__nss_readline
+__nss_parse_line_result
+__nss_files_fopen (only requirement for libnss_compat.so.2)
+
+They are implemented in:
+nss/nss_parse_line_result.c
+nss/nss_readline.c
+nss/nss_files_fopen.c
+
+We create wrappers for those functions, recompile, and link directly
+into the shared objects:
+nss/nss_parse_line_result_int.c
+nss/nss_readline_int.c
+nss/nss_files_fopen_int.c
+
+After building the new shared objects there are no longer any undefined
+global function references to __nss_readline@GLIBC_PRIVATE,
+__nss_parse_line_result@GLIBC_PRIVATE or
+__nss_files_fopen@GLIBC_PRIVATE.
+
+Instead we see local function definitions in the shared object e.g.
+Symbol table '.symtab' contains 628 entries:
+...
+ 486: 0000000000008ce0 92 FUNC LOCAL DEFAULT 15 __nss_parse_line_result
+...
+ 494: 0000000000008b70 72 FUNC LOCAL DEFAULT 15 __nss_readline_seek
+...
+ 497: 0000000000008bc0 279 FUNC LOCAL DEFAULT 15 __nss_readline
+...
+ 510: 0000000000008ce0 82 FUNC LOCAL DEFAULT 15 __nss_files_fopen
+
+The remaining GLIBC_PRIVATE references in the shared objects are all
+pre-existing and do not impact upgrade scenarios.
+
+For reference the existing and present GLIBC_PRIVATE interfaces are:
+__libc_alloc_buffer_alloc_array@@GLIBC_PRIVATE
+__libc_alloc_buffer_copy_string@@GLIBC_PRIVATE
+__libc_alloc_buffer_create_failure@@GLIBC_PRIVATE
+__libc_dynarray_emplace_enlarge@@GLIBC_PRIVATE
+__libc_scratch_buffer_grow@@GLIBC_PRIVATE
+__resp@@GLIBC_PRIVATE
+_nss_files_parse_grent@@GLIBC_PRIVATE
+_nss_files_parse_pwent@@GLIBC_PRIVATE
+_nss_files_parse_sgent@@GLIBC_PRIVATE
+_nss_files_parse_spent@@GLIBC_PRIVATE
+errno@@GLIBC_PRIVATE
+__nss_database_lookup2@GLIBC_PRIVATE
+__nss_lookup_function@GLIBC_PRIVATE
+
+Each was checked for existence in libc.so.6.
+
+A small reproducer was used in testing this patch, included here:
+cat >> tst-rhbz1927040.c <<EOF
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <errno.h>
+#include <pwd.h>
+#include <string.h>
+
+int
+main (void)
+{
+ struct passwd *res;
+
+ /* Only lookup via files. */
+ printf ("INFO: Upgrade glibc, then press ENTER to see if libnss_files.so.2 loads.");
+ getchar ();
+
+ /* Try to get one entry. */
+ printf ("INFO: Looking up first password entry.\n");
+ setpwent ();
+ errno = 0;
+ res = getpwent ();
+ if (res == NULL && errno != 0)
+ {
+ printf ("FAIL: Could not get entry (%s).\n", strerror(errno));
+ exit (1);
+ }
+ printf ("INFO: First entry passwd.pw_name = \"%s\"\n", res->pw_name);
+ printf ("PASS: Call to getpwent succeeded.\n");
+ endpwent ();
+ exit (0);
+}
+EOF
+
+Testing RHEL upgrade
+from: glibc-2.28-127.el8_3.2
+to: glibc-2.28-148.el8
+
+./tst-rhbz1927040
+INFO: Upgrade glibc, then press ENTER to see if libnss_files.so.2 loads.
+INFO: Looking up first password entry.
+INFO: Result was NULL.
+PASS: Call to getpwent succeeded.
+
+With LD_DEBUG=all you can observe:
+ 22697: /lib64/libnss_files.so.2: error: symbol lookup error: undefined symbol: __nss_files_fopen, version GLIBC_PRIVATE (fatal)
+
+Which is the indication that the upgrade caused the transient IdM lookup failure.
+
+Running again succeeds:
+INFO: Upgrade glibc, then press ENTER to see if libnss_files.so.2 loads.
+INFO: Looking up first password entry.
+INFO: First entry passwd.pw_name = "root"
+PASS: Call to getpwent succeeded.
+
+diff --git a/nss/Makefile b/nss/Makefile
+index 7359da38feb65618..d5c28a6b5ed3661c 100644
+--- a/nss/Makefile
++++ b/nss/Makefile
+@@ -92,9 +92,19 @@ extra-libs-others = $(extra-libs)
+ subdir-dirs = $(services:%=nss_%)
+ vpath %.c $(subdir-dirs) ../locale/programs ../intl
+
+-
++# In RHEL we add nss_readline, nss_parse_line_result, and
++# nss_files_fopen to the libnss_files-routines in order to avoid the
++# case where a long running process (having never used NSS) attemps to
++# load an NSS module for the first time and that NSS module needs a
++# newer GLIBC_PRIVATE interface. In effect we must make the NSS modules
++# self-sufficient and not rely on a GLIBC_PRIVATE interface.
++# See: https://bugzilla.redhat.com/show_bug.cgi?id=1927040
++# Note: We must recompile the objects to get the correct global symbol
++# references, which is why we have the *_int.c wrappers.
+ libnss_files-routines := $(addprefix files-,$(databases)) \
+- files-initgroups files-init
++ files-initgroups files-init \
++ nss_readline_int nss_parse_line_result_int \
++ nss_files_fopen_int
+
+ libnss_db-dbs := $(addprefix db-,\
+ $(filter-out hosts network key alias,\
+@@ -104,8 +114,10 @@ libnss_db-routines := $(libnss_db-dbs) db-open db-init hash-string
+ generated += $(filter-out db-alias.c db-netgrp.c, \
+ $(addsuffix .c,$(libnss_db-dbs)))
+
++# See note above regarding nss_files_fopen.
+ libnss_compat-routines := $(addprefix compat-,grp pwd spwd initgroups) \
+- nisdomain
++ nisdomain \
++ nss_files_fopen_int
+
+ install-others += $(inst_vardbdir)/Makefile
+
+diff --git a/nss/nss_files_fopen_int.c b/nss/nss_files_fopen_int.c
+new file mode 100644
+index 0000000000000000..fa518084fd609b52
+--- /dev/null
++++ b/nss/nss_files_fopen_int.c
+@@ -0,0 +1,3 @@
++/* Include a local internal copy of __nss_files_fopen to make the NSS
++ module self-contained. */
++#include <nss_files_fopen.c>
+diff --git a/nss/nss_parse_line_result_int.c b/nss/nss_parse_line_result_int.c
+new file mode 100644
+index 0000000000000000..bc0ee7a251743c9a
+--- /dev/null
++++ b/nss/nss_parse_line_result_int.c
+@@ -0,0 +1,3 @@
++/* Include a local internal copy of __nss_parse_line_result to make the
++ NSS module self-contained. */
++#include <nss_parse_line_result.c>
+diff --git a/nss/nss_readline_int.c b/nss/nss_readline_int.c
+new file mode 100644
+index 0000000000000000..0e7bd259733673c9
+--- /dev/null
++++ b/nss/nss_readline_int.c
+@@ -0,0 +1,3 @@
++/* Include a local internal copy of __nss_readline and
++ __nss_readline_seek to make the NSS module self-contained. */
++#include <nss_readline.c>
diff --git a/SOURCES/glibc-rh1936864.patch b/SOURCES/glibc-rh1936864.patch
new file mode 100644
index 0000000..688a60c
--- /dev/null
+++ b/SOURCES/glibc-rh1936864.patch
@@ -0,0 +1,28 @@
+commit 583dd860d5b833037175247230a328f0050dbfe9
+Author: Paul Eggert <eggert@cs.ucla.edu>
+Date: Mon Jan 21 11:08:13 2019 -0800
+
+ regex: fix read overrun [BZ #24114]
+
+ Problem found by AddressSanitizer, reported by Hongxu Chen in:
+ https://debbugs.gnu.org/34140
+ * posix/regexec.c (proceed_next_node):
+ Do not read past end of input buffer.
+
+diff --git a/posix/regexec.c b/posix/regexec.c
+index 73644c2341336e66..06b8487c3e3eab0e 100644
+--- a/posix/regexec.c
++++ b/posix/regexec.c
+@@ -1289,8 +1289,10 @@ proceed_next_node (const re_match_context_t *mctx, Idx nregs, regmatch_t *regs,
+ else if (naccepted)
+ {
+ char *buf = (char *) re_string_get_buffer (&mctx->input);
+- if (memcmp (buf + regs[subexp_idx].rm_so, buf + *pidx,
+- naccepted) != 0)
++ if (mctx->input.valid_len - *pidx < naccepted
++ || (memcmp (buf + regs[subexp_idx].rm_so, buf + *pidx,
++ naccepted)
++ != 0))
+ return -1;
+ }
+ }
diff --git a/SPECS/glibc.spec b/SPECS/glibc.spec
index b592f17..d4b0ff3 100644
--- a/SPECS/glibc.spec
+++ b/SPECS/glibc.spec
@@ -1,6 +1,6 @@
%define glibcsrcdir glibc-2.28
%define glibcversion 2.28
-%define glibcrelease 151%{?dist}
+%define glibcrelease 152%{?dist}
# Pre-release tarballs are pulled in from git using a command that is
# effectively:
#
@@ -680,8 +680,15 @@ Patch543: glibc-rh1817513-133.patch
Patch544: glibc-rh1912544.patch
Patch545: glibc-rh1918115.patch
Patch546: glibc-rh1924919.patch
-Patch547: glibc-rh1927040.patch
-Patch548: glibc-rh1685400.patch
+Patch547: glibc-rh1932770.patch
+Patch548: glibc-rh1936864.patch
+Patch549: glibc-rh1871386-1.patch
+Patch550: glibc-rh1871386-2.patch
+Patch551: glibc-rh1871386-3.patch
+Patch552: glibc-rh1871386-4.patch
+Patch553: glibc-rh1871386-5.patch
+Patch554: glibc-rh1871386-6.patch
+Patch555: glibc-rh1871386-7.patch
##############################################################################
# Continued list of core "glibc" package information:
@@ -2593,14 +2600,17 @@ fi
%files -f compat-libpthread-nonshared.filelist -n compat-libpthread-nonshared
%changelog
-* Fri Mar 5 2021 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.28-151
-- CVE-2019-9169: Fix buffer overread in regexec.c (#1685400).
+* Tue Mar 16 2021 Patsy Griffin <patsy@redhat.com> - 2.28-152
+- Update syscall-names.list to 5.7, 5.8, 5.9, 5.10 and 5.11. (#1871386)
-* Fri Mar 05 2021 Carlos O'Donell <carlos@redhat.com> - 2.28-150
-- Rebuild glibc to update security markup metadata (#1931305)
+* Mon Mar 15 2021 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.28-151
+- CVE-2019-9169: Fix buffer overread in regexec.c (#1936864).
-* Wed Feb 24 2021 Carlos O'Donell <carlos@redhat.com> - 2.28-149
-- Fix NSS files and compat service upgrade defect (#1927040).
+* Mon Mar 15 2021 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.28-150
+- Rebuild glibc to update security markup metadata (#1935128)
+
+* Mon Mar 15 2021 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.28-149
+- Fix NSS files and compat service upgrade defect (#1932770).
* Fri Feb 5 2021 Florian Weimer <fweimer@redhat.com> - 2.28-148
- CVE-2021-3326: iconv assertion failure in ISO-2022-JP-3 decoding (#1924919)