diff --git a/SOURCES/glibc-rh2118667.patch b/SOURCES/glibc-rh2118667.patch
new file mode 100644
index 0000000..64f2bcc
--- /dev/null
+++ b/SOURCES/glibc-rh2118667.patch
@@ -0,0 +1,96 @@
+commit dd2315a866a4ac2b838ea1cb10c5ea1c35d51a2f
+Author: Florian Weimer <fweimer@redhat.com>
+Date:   Tue Aug 16 08:27:50 2022 +0200
+
+    elf: Run tst-audit-tlsdesc, tst-audit-tlsdesc-dlopen everywhere
+    
+    The test is valid for all TLS models, but we want to make a reasonable
+    effort to test the GNU2 model specifically.  For example, aarch64
+    defaults to GNU2, but does not have -mtls-dialect=gnu2, and the test
+    was not run there.
+    
+    Suggested-by: Martin Coufal <mcoufal@redhat.com>
+
+Conflicts:
+	elf/Makefile
+	  (missing tst-align3 backport, missing libdl integration)
+
+diff --git a/elf/Makefile b/elf/Makefile
+index 9e721d5d4e0a1cd9..1dd36ba0486e56a0 100644
+--- a/elf/Makefile
++++ b/elf/Makefile
+@@ -331,6 +331,8 @@ tests += \
+   tst-addr1 \
+   tst-align \
+   tst-align2 \
++  tst-audit-tlsdesc \
++  tst-audit-tlsdesc-dlopen \
+   tst-audit1 \
+   tst-audit11 \
+   tst-audit12 \
+@@ -607,6 +609,8 @@ modules-names = \
+   tst-alignmod2 \
+   tst-array2dep \
+   tst-array5dep \
++  tst-audit-tlsdesc-mod1 \
++  tst-audit-tlsdesc-mod2 \
+   tst-audit11mod1 \
+   tst-audit11mod2 \
+   tst-audit12mod1 \
+@@ -640,6 +644,7 @@ modules-names = \
+   tst-auditmanymod7 \
+   tst-auditmanymod8 \
+   tst-auditmanymod9 \
++  tst-auditmod-tlsdesc  \
+   tst-auditmod1 \
+   tst-auditmod9a \
+   tst-auditmod9b \
+@@ -809,23 +814,8 @@ modules-names += tst-gnu2-tls1mod
+ $(objpfx)tst-gnu2-tls1: $(objpfx)tst-gnu2-tls1mod.so
+ tst-gnu2-tls1mod.so-no-z-defs = yes
+ CFLAGS-tst-gnu2-tls1mod.c += -mtls-dialect=gnu2
++endif # $(have-mtls-dialect-gnu2)
+ 
+-tests += tst-audit-tlsdesc tst-audit-tlsdesc-dlopen
+-modules-names += tst-audit-tlsdesc-mod1 tst-audit-tlsdesc-mod2 tst-auditmod-tlsdesc
+-$(objpfx)tst-audit-tlsdesc: $(objpfx)tst-audit-tlsdesc-mod1.so \
+-			    $(objpfx)tst-audit-tlsdesc-mod2.so \
+-			    $(shared-thread-library)
+-CFLAGS-tst-audit-tlsdesc-mod1.c += -mtls-dialect=gnu2
+-CFLAGS-tst-audit-tlsdesc-mod2.c += -mtls-dialect=gnu2
+-$(objpfx)tst-audit-tlsdesc-dlopen: $(shared-thread-library) $(libdl)
+-$(objpfx)tst-audit-tlsdesc-dlopen.out: $(objpfx)tst-audit-tlsdesc-mod1.so \
+-				       $(objpfx)tst-audit-tlsdesc-mod2.so
+-$(objpfx)tst-audit-tlsdesc-mod1.so: $(objpfx)tst-audit-tlsdesc-mod2.so
+-$(objpfx)tst-audit-tlsdesc.out: $(objpfx)tst-auditmod-tlsdesc.so
+-tst-audit-tlsdesc-ENV = LD_AUDIT=$(objpfx)tst-auditmod-tlsdesc.so
+-$(objpfx)tst-audit-tlsdesc-dlopen.out: $(objpfx)tst-auditmod-tlsdesc.so
+-tst-audit-tlsdesc-dlopen-ENV = LD_AUDIT=$(objpfx)tst-auditmod-tlsdesc.so
+-endif
+ ifeq (yes,$(have-protected-data))
+ modules-names += tst-protected1moda tst-protected1modb
+ tests += tst-protected1a tst-protected1b
+@@ -2559,5 +2549,23 @@ $(objpfx)tst-tls21.out: $(objpfx)tst-tls21mod.so
+ $(objpfx)tst-tls21mod.so: $(tst-tls-many-dynamic-modules:%=$(objpfx)%.so)
+ 
+ $(objpfx)tst-rtld-run-static.out: $(objpfx)/ldconfig
++
+ $(objpfx)tst-dlmopen-gethostbyname: $(libdl)
+ $(objpfx)tst-dlmopen-gethostbyname.out: $(objpfx)tst-dlmopen-gethostbyname-mod.so
++$(objpfx)tst-audit-tlsdesc: $(objpfx)tst-audit-tlsdesc-mod1.so \
++			    $(objpfx)tst-audit-tlsdesc-mod2.so \
++			    $(shared-thread-library)
++ifeq (yes,$(have-mtls-dialect-gnu2))
++# The test is valid for all TLS types, but we want to exercise GNU2
++# TLS if possible.
++CFLAGS-tst-audit-tlsdesc-mod1.c += -mtls-dialect=gnu2
++CFLAGS-tst-audit-tlsdesc-mod2.c += -mtls-dialect=gnu2
++endif
++$(objpfx)tst-audit-tlsdesc-dlopen: $(shared-thread-library) $(libdl)
++$(objpfx)tst-audit-tlsdesc-dlopen.out: $(objpfx)tst-audit-tlsdesc-mod1.so \
++				       $(objpfx)tst-audit-tlsdesc-mod2.so
++$(objpfx)tst-audit-tlsdesc-mod1.so: $(objpfx)tst-audit-tlsdesc-mod2.so
++$(objpfx)tst-audit-tlsdesc.out: $(objpfx)tst-auditmod-tlsdesc.so
++tst-audit-tlsdesc-ENV = LD_AUDIT=$(objpfx)tst-auditmod-tlsdesc.so
++$(objpfx)tst-audit-tlsdesc-dlopen.out: $(objpfx)tst-auditmod-tlsdesc.so
++tst-audit-tlsdesc-dlopen-ENV = LD_AUDIT=$(objpfx)tst-auditmod-tlsdesc.so
diff --git a/SOURCES/glibc-rh2122498.patch b/SOURCES/glibc-rh2122498.patch
new file mode 100644
index 0000000..1699abf
--- /dev/null
+++ b/SOURCES/glibc-rh2122498.patch
@@ -0,0 +1,39 @@
+commit 02ca25fef2785974011e9c5beecc99b900b69fd7
+Author: Fabian Vogt <fvogt@suse.de>
+Date:   Wed Jul 27 11:44:07 2022 +0200
+
+    nscd: Fix netlink cache invalidation if epoll is used [BZ #29415]
+    
+    Processes cache network interface information such as whether IPv4 or IPv6
+    are enabled. This is only checked again if the "netlink timestamp" provided
+    by nscd changed, which is triggered by netlink socket activity.
+    
+    However, in the epoll handler for the netlink socket, it was missed to
+    assign the new timestamp to the nscd database. The handler for plain poll
+    did that properly, copy that over.
+    
+    This bug caused that e.g. processes which started before network
+    configuration got unusuable addresses from getaddrinfo, like IPv6 only even
+    though only IPv4 is available:
+    https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1041
+    
+    It's a bit hard to reproduce, so I verified this by checking the timestamp
+    on calls to __check_pf manually. Without this patch it's stuck at 1, now
+    it's increasing on network changes as expected.
+    
+    Signed-off-by: Fabian Vogt <fvogt@suse.de>
+
+diff --git a/nscd/connections.c b/nscd/connections.c
+index 98182007646a33d5..19039bdbb210466a 100644
+--- a/nscd/connections.c
++++ b/nscd/connections.c
+@@ -2286,7 +2286,8 @@ main_loop_epoll (int efd)
+ 					     sizeof (buf))) != -1)
+ 	      ;
+ 
+-	    __bump_nl_timestamp ();
++	    dbs[hstdb].head->extra_data[NSCD_HST_IDX_CONF_TIMESTAMP]
++	      = __bump_nl_timestamp ();
+ 	  }
+ # endif
+ 	else
diff --git a/SOURCES/glibc-rh2125222.patch b/SOURCES/glibc-rh2125222.patch
new file mode 100644
index 0000000..7ee14f4
--- /dev/null
+++ b/SOURCES/glibc-rh2125222.patch
@@ -0,0 +1,54 @@
+commit a23820f6052a740246fdc7dcd9c43ce8eed0c45a
+Author: Javier Pello <devel@otheo.eu>
+Date:   Mon Sep 5 20:09:01 2022 +0200
+
+    elf: Fix hwcaps string size overestimation
+    
+    Commit dad90d528259b669342757c37dedefa8577e2636 added glibc-hwcaps
+    support for LD_LIBRARY_PATH and, for this, it adjusted the total
+    string size required in _dl_important_hwcaps. However, in doing so
+    it inadvertently altered the calculation of the size required for
+    the power set strings, as the computation of the power set string
+    size depended on the first value assigned to the total variable,
+    which is later shifted, resulting in overallocation of string
+    space. Fix this now by using a different variable to hold the
+    string size required for glibc-hwcaps.
+    
+    Signed-off-by: Javier Pello <devel@otheo.eu>
+
+diff --git a/elf/dl-hwcaps.c b/elf/dl-hwcaps.c
+index 2fc4ae67a0f5d051..7ac27fd689187edc 100644
+--- a/elf/dl-hwcaps.c
++++ b/elf/dl-hwcaps.c
+@@ -193,7 +193,7 @@ _dl_important_hwcaps (const char *glibc_hwcaps_prepend,
+   /* Each hwcaps subdirectory has a GLIBC_HWCAPS_PREFIX string prefix
+      and a "/" suffix once stored in the result.  */
+   hwcaps_counts.maximum_length += strlen (GLIBC_HWCAPS_PREFIX) + 1;
+-  size_t total = (hwcaps_counts.count * (strlen (GLIBC_HWCAPS_PREFIX) + 1)
++  size_t hwcaps_sz = (hwcaps_counts.count * (strlen (GLIBC_HWCAPS_PREFIX) + 1)
+ 		  + hwcaps_counts.total_length);
+ 
+   /* Count the number of bits set in the masked value.  */
+@@ -229,11 +229,12 @@ _dl_important_hwcaps (const char *glibc_hwcaps_prepend,
+   assert (m == cnt);
+ 
+   /* Determine the total size of all strings together.  */
++  size_t total;
+   if (cnt == 1)
+-    total += temp[0].len + 1;
++    total = temp[0].len + 1;
+   else
+     {
+-      total += temp[0].len + temp[cnt - 1].len + 2;
++      total = temp[0].len + temp[cnt - 1].len + 2;
+       if (cnt > 2)
+ 	{
+ 	  total <<= 1;
+@@ -255,6 +256,7 @@ _dl_important_hwcaps (const char *glibc_hwcaps_prepend,
+   /* This is the overall result, including both glibc-hwcaps
+      subdirectories and the legacy hwcaps subdirectories using the
+      power set construction.  */
++  total += hwcaps_sz;
+   struct r_strlenpair *overall_result
+     = malloc (*sz * sizeof (*result) + total);
+   if (overall_result == NULL)
diff --git a/SPECS/glibc.spec b/SPECS/glibc.spec
index 1c2397e..66cb31b 100644
--- a/SPECS/glibc.spec
+++ b/SPECS/glibc.spec
@@ -1,6 +1,6 @@
 %define glibcsrcdir glibc-2.28
 %define glibcversion 2.28
-%define glibcrelease 213%{?dist}
+%define glibcrelease 216%{?dist}
 # Pre-release tarballs are pulled in from git using a command that is
 # effectively:
 #
@@ -968,6 +968,9 @@ Patch775: glibc-rh2104907.patch
 Patch776: glibc-rh2119304-1.patch
 Patch777: glibc-rh2119304-2.patch
 Patch778: glibc-rh2119304-3.patch 
+Patch779: glibc-rh2118667.patch
+Patch780: glibc-rh2122498.patch
+Patch781: glibc-rh2125222.patch 
 
 # Intel Optimizations
 Patch10001: glibc-sw24097-1.patch
@@ -2913,6 +2916,15 @@ fi
 %files -f compat-libpthread-nonshared.filelist -n compat-libpthread-nonshared
 
 %changelog
+* Tue Sep 20 2022 Florian Weimer <fweimer@redhat.com> - 2.28-216
+- Fix hwcaps search path size computation (#2125222)
+
+* Tue Sep 20 2022 Florian Weimer <fweimer@redhat.com> - 2.28-215
+- Fix nscd netlink cache invalidation if epoll is used (#2122498)
+
+* Tue Sep 20 2022 Florian Weimer <fweimer@redhat.com> - 2.28-214
+- Run tst-audit-tlsdesc, tst-audit-tlsdesc-dlopen everywhere (#2118667) 
+
 * Thu Aug 25 2022 Florian Weimer <fweimer@redhat.com> - 2.28-213
 - Preserve GLRO (dl_naudit) internal ABI (#2119304)
 - Avoid s390x ABI change due to z16 recognition on s390x (#2119304)