diff --git a/SOURCES/centos-arm32-NO_LONG_DOUBLE_MATH.patch b/SOURCES/centos-arm32-NO_LONG_DOUBLE_MATH.patch
deleted file mode 100644
index 790c74a..0000000
--- a/SOURCES/centos-arm32-NO_LONG_DOUBLE_MATH.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-diff -Naurp a/stdio-common/printf_fp.c b/stdio-common/printf_fp.c
---- a/stdio-common/printf_fp.c	2021-02-03 16:46:26.887807279 +0000
-+++ b/stdio-common/printf_fp.c	2021-02-03 16:50:16.604469900 +0000
-@@ -151,6 +151,7 @@ static wchar_t *group_number (wchar_t *b
- 			      wchar_t thousands_sep, int ngroups)
-      internal_function;
- 
-+#ifndef __NO_LONG_DOUBLE_MATH
- static __always_inline int
- isnanl_or_pseudo (long double in)
- {
-@@ -172,6 +173,7 @@ isnanl_or_pseudo (long double in)
-   return __isnanl (in);
- #endif
- }
-+#endif
- 
- 
- int
diff --git a/SOURCES/glibc-armhfp-ELF_MACHINE_NO_REL-undefined.patch b/SOURCES/glibc-armhfp-ELF_MACHINE_NO_REL-undefined.patch
deleted file mode 100644
index 78d7c4b..0000000
--- a/SOURCES/glibc-armhfp-ELF_MACHINE_NO_REL-undefined.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From patchwork Thu Jul  3 13:26:40 2014
-Content-Type: text/plain; charset="utf-8"
-MIME-Version: 1.0
-Content-Transfer-Encoding: 7bit
-Subject: ARM: Define ELF_MACHINE_NO_REL
-X-Patchwork-Submitter: Will Newton <will.newton@linaro.org>
-X-Patchwork-Id: 366862
-Message-Id: <1404394000-13429-1-git-send-email-will.newton@linaro.org>
-To: libc-alpha@sourceware.org
-Date: Thu,  3 Jul 2014 14:26:40 +0100
-From: Will Newton <will.newton@linaro.org>
-List-Id: <libc-alpha.sourceware.org>
-
-Fix a -Wundef warning on ARM.
-
-ChangeLog:
-
-2014-07-03  Will Newton  <will.newton@linaro.org>
-
-	* sysdeps/arm/dl-machine.h (ELF_MACHINE_NO_REL): Define.
----
- sysdeps/arm/dl-machine.h | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/sysdeps/arm/dl-machine.h b/sysdeps/arm/dl-machine.h
-index c5ffc93..d6b0c52 100644
---- a/sysdeps/arm/dl-machine.h
-+++ b/sysdeps/arm/dl-machine.h
-@@ -296,6 +296,7 @@ elf_machine_plt_value (struct link_map *map, const Elf32_Rel *reloc,
- /* ARM never uses Elf32_Rela relocations for the dynamic linker.
-    Prelinked libraries may use Elf32_Rela though.  */
- #define ELF_MACHINE_NO_RELA defined RTLD_BOOTSTRAP
-+#define ELF_MACHINE_NO_REL 0
- 
- /* Names of the architecture-specific auditing callback functions.  */
- #define ARCH_LA_PLTENTER arm_gnu_pltenter
diff --git a/SOURCES/glibc-rh1256317-armhfp-build-issue.patch b/SOURCES/glibc-rh1256317-armhfp-build-issue.patch
deleted file mode 100644
index aa6e7fe..0000000
--- a/SOURCES/glibc-rh1256317-armhfp-build-issue.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- a/sysdeps/unix/arm/sysdep.S	2016-11-05 11:44:45.561945344 +0100
-+++ b/sysdeps/unix/arm/sysdep.S	2016-11-05 11:44:19.542069815 +0100
-@@ -37,7 +37,7 @@
- 	moveq r0, $EAGAIN	/* Yes; translate it to EAGAIN.  */
- #endif
- 
--#ifndef IS_IN_rtld
-+#if !IS_IN (rtld)
- 	mov ip, lr
- 	cfi_register (lr, ip)
- 	mov r1, r0
diff --git a/SOURCES/glibc-rh2065058-1.patch b/SOURCES/glibc-rh2065058-1.patch
new file mode 100644
index 0000000..46a82c6
--- /dev/null
+++ b/SOURCES/glibc-rh2065058-1.patch
@@ -0,0 +1,62 @@
+Partial backport of:
+
+commit 333221862ecbebde60dd16e7ca17d26444e62f50
+Author: Florian Weimer <fweimer@redhat.com>
+Date:   Mon Apr 8 11:19:38 2019 +0200
+
+    resolv: Remove RES_INSECURE1, RES_INSECURE2
+    
+    Always perform the associated security checks.
+
+The constants and their debug output handling are preserved in this
+backport.
+
+diff --git a/resolv/res_send.c b/resolv/res_send.c
+index 705ecb7189d215c2..c9b02cca130bc20d 100644
+--- a/resolv/res_send.c
++++ b/resolv/res_send.c
+@@ -1324,31 +1324,25 @@ send_dg(res_state statp,
+ 			 */
+ 			goto wait;
+ 		}
+-		if (!(statp->options & RES_INSECURE1) &&
+-		    !res_ourserver_p(statp, &from)) {
+-			/*
+-			 * response from wrong server? ignore it.
+-			 * XXX - potential security hazard could
+-			 *	 be detected here.
+-			 */
+-			goto wait;
+-		}
+-		if (!(statp->options & RES_INSECURE2)
+-		    && (recvresp1 || !res_queriesmatch(buf, buf + buflen,
++
++		/* Paranoia check.  Due to the connected UDP socket,
++		   the kernel has already filtered invalid addresses
++		   for us.  */
++		if (!res_ourserver_p(statp, &from))
++		  goto wait;
++
++		/* Check for the correct header layout and a matching
++		   question.  */
++		if ((recvresp1 || !res_queriesmatch(buf, buf + buflen,
+ 						       *thisansp,
+ 						       *thisansp
+ 						       + *thisanssizp))
+ 		    && (recvresp2 || !res_queriesmatch(buf2, buf2 + buflen2,
+ 						       *thisansp,
+ 						       *thisansp
+-						       + *thisanssizp))) {
+-			/*
+-			 * response contains wrong query? ignore it.
+-			 * XXX - potential security hazard could
+-			 *	 be detected here.
+-			 */
+-			goto wait;
+-		}
++						       + *thisanssizp)))
++		  goto wait;
++
+ 		if (anhp->rcode == SERVFAIL ||
+ 		    anhp->rcode == NOTIMP ||
+ 		    anhp->rcode == REFUSED) {
diff --git a/SOURCES/glibc-rh2065058-2.patch b/SOURCES/glibc-rh2065058-2.patch
new file mode 100644
index 0000000..ecc5aa2
--- /dev/null
+++ b/SOURCES/glibc-rh2065058-2.patch
@@ -0,0 +1,84 @@
+commit f1f00c072138af90ae6da180f260111f09afe7a3
+Author: Florian Weimer <fweimer@redhat.com>
+Date:   Wed Oct 14 10:54:39 2020 +0200
+
+    resolv: Handle transaction ID collisions in parallel queries (bug 26600)
+    
+    If the transaction IDs are equal, the old check attributed both
+    responses to the first query, not recognizing the second response.
+    This fixes bug 26600.
+
+[dj: stripped out testsuite parts]
+
+diff --git a/resolv/res_send.c b/resolv/res_send.c
+index c9b02cca130bc20d..ac19627634281c2f 100644
+--- a/resolv/res_send.c
++++ b/resolv/res_send.c
+@@ -1315,15 +1315,6 @@ send_dg(res_state statp,
+ 			*terrno = EMSGSIZE;
+ 			return close_and_return_error (statp, resplen2);
+ 		}
+-		if ((recvresp1 || hp->id != anhp->id)
+-		    && (recvresp2 || hp2->id != anhp->id)) {
+-			/*
+-			 * response from old query, ignore it.
+-			 * XXX - potential security hazard could
+-			 *	 be detected here.
+-			 */
+-			goto wait;
+-		}
+ 
+ 		/* Paranoia check.  Due to the connected UDP socket,
+ 		   the kernel has already filtered invalid addresses
+@@ -1333,15 +1324,24 @@ send_dg(res_state statp,
+ 
+ 		/* Check for the correct header layout and a matching
+ 		   question.  */
+-		if ((recvresp1 || !res_queriesmatch(buf, buf + buflen,
+-						       *thisansp,
+-						       *thisansp
+-						       + *thisanssizp))
+-		    && (recvresp2 || !res_queriesmatch(buf2, buf2 + buflen2,
+-						       *thisansp,
+-						       *thisansp
+-						       + *thisanssizp)))
+-		  goto wait;
++		int matching_query = 0; /* Default to no matching query.  */
++		if (!recvresp1
++		    && anhp->id == hp->id
++		    && res_queriesmatch (buf, buf + buflen,
++					 *thisansp, *thisansp + *thisanssizp))
++		  matching_query = 1;
++		if (!recvresp2
++		    && anhp->id == hp2->id
++		    && res_queriesmatch (buf2, buf2 + buflen2,
++					 *thisansp, *thisansp + *thisanssizp))
++		  matching_query = 2;
++		if (matching_query == 0)
++		  /* Spurious UDP packet.  Drop it and continue
++		     waiting.  */
++		  {
++		    need_recompute = 1;
++		    goto wait;
++		  }
+ 
+ 		if (anhp->rcode == SERVFAIL ||
+ 		    anhp->rcode == NOTIMP ||
+@@ -1356,7 +1356,7 @@ send_dg(res_state statp,
+ 			    /* No data from the first reply.  */
+ 			    resplen = 0;
+ 			    /* We are waiting for a possible second reply.  */
+-			    if (hp->id == anhp->id)
++			    if (matching_query == 1)
+ 			      recvresp1 = 1;
+ 			    else
+ 			      recvresp2 = 1;
+@@ -1387,7 +1387,7 @@ send_dg(res_state statp,
+ 			return (1);
+ 		}
+ 		/* Mark which reply we received.  */
+-		if (recvresp1 == 0 && hp->id == anhp->id)
++		if (matching_query == 1)
+ 			recvresp1 = 1;
+ 		else
+ 			recvresp2 = 1;
diff --git a/SPECS/glibc.spec b/SPECS/glibc.spec
index 8594015..8c6128d 100644
--- a/SPECS/glibc.spec
+++ b/SPECS/glibc.spec
@@ -1,6 +1,6 @@
 %define glibcsrcdir glibc-2.17-c758a686
 %define glibcversion 2.17
-%define glibcrelease 325%{?dist}
+%define glibcrelease 326%{?dist}
 ##############################################################################
 # We support the following options:
 # --with/--without,
@@ -1642,10 +1642,8 @@ Patch2859: glibc-rh1925204-1.patch
 Patch2860: glibc-rh1925204-2.patch
 Patch2861: glibc-rh1927536.patch
 Patch2862: glibc-rh1993930.patch
-# Armhfp build issue
-Patch9997: centos-arm32-NO_LONG_DOUBLE_MATH.patch
-Patch9998: glibc-armhfp-ELF_MACHINE_NO_REL-undefined.patch
-Patch9999: glibc-rh1256317-armhfp-build-issue.patch
+Patch2863: glibc-rh2065058-1.patch
+Patch2864: glibc-rh2065058-2.patch
 
 ##############################################################################
 # End of glibc patches.
@@ -3018,12 +3016,8 @@ package or when debugging this package.
 %patch2860 -p1
 %patch2861 -p1
 %patch2862 -p1
-
-%ifarch %{arm}
-%patch9998 -p1
-%patch9999 -p1
-%patch9997 -p1
-%endif
+%patch2863 -p1
+%patch2864 -p1
 
 ##############################################################################
 # %%prep - Additional prep required...
@@ -4211,6 +4205,9 @@ rm -f *.filelist*
 %endif
 
 %changelog
+* Fri Mar 18 2022 DJ Delorie <dj@redhat.com> - 2.17-326
+- resolv: Handle DNS transaction ID collisions (#2065058)
+
 * Thu Aug 19 2021 Florian Weimer <fweimer@redhat.com> - 2.17-325
 - Support /etc/sysconfig/strcasecmp-nonascii for enabling non-ASCII case
   conversion in strcasecmp, strncasecmp (#1993930)