diff --git a/getaddrinfo-eai-memory.patch b/getaddrinfo-eai-memory.patch
new file mode 100644
index 0000000..8d1f789
--- /dev/null
+++ b/getaddrinfo-eai-memory.patch
@@ -0,0 +1,36 @@
+From ae1e5217021e43e1f2de443d26e87ea3adfb221c Mon Sep 17 00:00:00 2001
+From: Andreas Schwab <schwab@suse.de>
+Date: Wed, 6 Dec 2023 14:48:22 +0100
+Subject: [PATCH] getaddrinfo: translate ENOMEM to EAI_MEMORY (bug 31163)
+
+When __resolv_context_get returns NULL due to out of memory, translate it
+to a return value of EAI_MEMORY.
+
+(cherry picked from commit 5eabdb6a6ac1599d23dd5966a37417215950245f)
+---
+ sysdeps/posix/getaddrinfo.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c
+index 13082305d3..da573bea24 100644
+--- a/sysdeps/posix/getaddrinfo.c
++++ b/sysdeps/posix/getaddrinfo.c
+@@ -616,7 +616,14 @@ get_nss_addresses (const char *name, const struct addrinfo *req,
+ function variant. */
+ res_ctx = __resolv_context_get ();
+ if (res_ctx == NULL)
+- no_more = 1;
++ {
++ if (errno == ENOMEM)
++ {
++ result = -EAI_MEMORY;
++ goto out;
++ }
++ no_more = 1;
++ }
+
+ while (!no_more)
+ {
+--
+2.43.0
+
diff --git a/glibc.changes b/glibc.changes
index 65b41e0..501771b 100644
--- a/glibc.changes
+++ b/glibc.changes
@@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Tue Jan 2 11:30:46 UTC 2024 - Andreas Schwab <schwab@suse.de>
+
+- sem-open-o-creat.patch: sem_open: Clear O_CREAT when semaphore file is
+ expected to exist (BZ #30789)
+- ldconfig-process-elf-file.patch: elf: Fix wrong break removal from
+ 8ee878592c
+- tls-modid-reuse.patch: elf: Fix TLS modid reuse generation assignment
+ (BZ #29039)
+- getaddrinfo-eai-memory.patch: getaddrinfo: translate ENOMEM to
+ EAI_MEMORY (bsc#1217589, BZ #31163)
+- libio-wdo-write.patch: libio: Check remaining buffer size in
+ _IO_wdo_write (BZ #31183)
+
-------------------------------------------------------------------
Tue Dec 5 11:52:03 UTC 2023 - Andreas Schwab <schwab@suse.de>
diff --git a/glibc.spec b/glibc.spec
index 0c712fd..0ea278d 100644
--- a/glibc.spec
+++ b/glibc.spec
@@ -1,7 +1,7 @@
#
# spec file
#
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -333,6 +333,16 @@ Patch1013: tunables-string-parsing.patch
Patch1014: gb18030-2022.patch
# PATCH-FIX-UPSTREAM aarch64: correct CFI in rawmemchr (BZ #31113)
Patch1015: aarch64-rawmemchr-unwind.patch
+# PATCH-FIX-UPSTREAM sysdeps: sem_open: Clear O_CREAT when semaphore file is expected to exist (BZ #30789)
+Patch1016: sem-open-o-creat.patch
+# PATCH-FIX-UPSTREAM elf: Fix wrong break removal from 8ee878592c
+Patch1017: ldconfig-process-elf-file.patch
+# PATCH-FIX-UPSTREAM elf: Fix TLS modid reuse generation assignment (BZ #29039)
+Patch1018: tls-modid-reuse.patch
+# PATCH-FIX-UPSTREAM getaddrinfo: translate ENOMEM to EAI_MEMORY (BZ #31163)
+Patch1019: getaddrinfo-eai-memory.patch
+# PATCH-FIX-UPSTREAM libio: Check remaining buffer size in _IO_wdo_write (BZ #31183)
+Patch1020: libio-wdo-write.patch
###
# Patches awaiting upstream approval
@@ -571,6 +581,11 @@ library in a cross compilation setting.
%patch1013 -p1
%patch1014 -p1
%patch1015 -p1
+%patch1016 -p1
+%patch1017 -p1
+%patch1018 -p1
+%patch1019 -p1
+%patch1020 -p1
%endif
%patch2000 -p1
diff --git a/ldconfig-process-elf-file.patch b/ldconfig-process-elf-file.patch
new file mode 100644
index 0000000..92fc7fe
--- /dev/null
+++ b/ldconfig-process-elf-file.patch
@@ -0,0 +1,26 @@
+From bf5aa419cbf545d2cd09dc097e518033d6e4df5e Mon Sep 17 00:00:00 2001
+From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
+Date: Thu, 7 Dec 2023 11:17:35 -0300
+Subject: [PATCH] elf: Fix wrong break removal from 8ee878592c
+
+Reported-by: Alexander Monakov <amonakov@ispras.ru>
+(cherry picked from commit 546a1ba664626603660b595662249d524e429013)
+---
+ elf/readelflib.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/elf/readelflib.c b/elf/readelflib.c
+index f5b8c80e38..64f1d662a9 100644
+--- a/elf/readelflib.c
++++ b/elf/readelflib.c
+@@ -107,6 +107,7 @@ process_elf_file (const char *file_name, const char *lib, int *flag,
+ case PT_INTERP:
+ program_interpreter = (char *) (file_contents + segment->p_offset);
+ check_ptr (program_interpreter);
++ break;
+
+ case PT_GNU_PROPERTY:
+ /* The NT_GNU_PROPERTY_TYPE_0 note must be aligned to 4 bytes
+--
+2.43.0
+
diff --git a/libio-wdo-write.patch b/libio-wdo-write.patch
new file mode 100644
index 0000000..cbf638d
--- /dev/null
+++ b/libio-wdo-write.patch
@@ -0,0 +1,36 @@
+From cfe121910013a46e2477562282c56ae8062089aa Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Tue, 2 Jan 2024 14:36:17 +0100
+Subject: [PATCH] libio: Check remaining buffer size in _IO_wdo_write (bug
+ 31183)
+
+The multibyte character needs to fit into the remaining buffer space,
+not the already-written buffer space. Without the fix, we were never
+moving the write pointer from the start of the buffer, always using
+the single-character fallback buffer.
+
+Fixes commit 04b76b5aa8b2d1d19066e42dd1 ("Don't error out writing
+a multibyte character to an unbuffered stream (bug 17522)").
+
+(cherry picked from commit ecc7c3deb9f347649c2078fcc0f94d4cedf92d60)
+---
+ NEWS | 1 +
+ libio/wfileops.c | 2 +-
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/libio/wfileops.c b/libio/wfileops.c
+index f16f6db1c3..9ab8f2e7f3 100644
+--- a/libio/wfileops.c
++++ b/libio/wfileops.c
+@@ -55,7 +55,7 @@ _IO_wdo_write (FILE *fp, const wchar_t *data, size_t to_do)
+ char mb_buf[MB_LEN_MAX];
+ char *write_base, *write_ptr, *buf_end;
+
+- if (fp->_IO_write_ptr - fp->_IO_write_base < sizeof (mb_buf))
++ if (fp->_IO_buf_end - fp->_IO_write_ptr < sizeof (mb_buf))
+ {
+ /* Make sure we have room for at least one multibyte
+ character. */
+--
+2.43.0
+
diff --git a/sem-open-o-creat.patch b/sem-open-o-creat.patch
new file mode 100644
index 0000000..d457ad0
--- /dev/null
+++ b/sem-open-o-creat.patch
@@ -0,0 +1,92 @@
+From 63dbbc5c52f9823f86270f32fce20d1e91cdf484 Mon Sep 17 00:00:00 2001
+From: Sergio Durigan Junior <sergiodj@sergiodj.net>
+Date: Wed, 1 Nov 2023 18:15:23 -0400
+Subject: [PATCH] sysdeps: sem_open: Clear O_CREAT when semaphore file is
+ expected to exist [BZ #30789]
+
+When invoking sem_open with O_CREAT as one of its flags, we'll end up
+in the second part of sem_open's "if ((oflag & O_CREAT) == 0 || (oflag
+& O_EXCL) == 0)", which means that we don't expect the semaphore file
+to exist.
+
+In that part, open_flags is initialized as "O_RDWR | O_CREAT | O_EXCL
+| O_CLOEXEC" and there's an attempt to open(2) the file, which will
+likely fail because it won't exist. After that first (expected)
+failure, some cleanup is done and we go back to the label "try_again",
+which lives in the first part of the aforementioned "if".
+
+The problem is that, in that part of the code, we expect the semaphore
+file to exist, and as such O_CREAT (this time the flag we pass to
+open(2)) needs to be cleaned from open_flags, otherwise we'll see
+another failure (this time unexpected) when trying to open the file,
+which will lead the call to sem_open to fail as well.
+
+This can cause very strange bugs, especially with OpenMPI, which makes
+extensive use of semaphores.
+
+Fix the bug by simplifying the logic when choosing open(2) flags and
+making sure O_CREAT is not set when the semaphore file is expected to
+exist.
+
+A regression test for this issue would require a complex and cpu time
+consuming logic, since to trigger the wrong code path is not
+straightforward due the racy condition. There is a somewhat reliable
+reproducer in the bug, but it requires using OpenMPI.
+
+This resolves BZ #30789.
+
+See also: https://bugs.launchpad.net/ubuntu/+source/h5py/+bug/2031912
+
+Signed-off-by: Sergio Durigan Junior <sergiodj@sergiodj.net>
+Co-Authored-By: Simon Chopin <simon.chopin@canonical.com>
+Co-Authored-By: Adhemerval Zanella Netto <adhemerval.zanella@linaro.org>
+Fixes: 533deafbdf189f5fbb280c28562dd43ace2f4b0f ("Use O_CLOEXEC in more places (BZ #15722)")
+(cherry picked from commit f957f47df75b9fab995754011491edebc6feb147)
+---
+ NEWS | 2 ++
+ sysdeps/pthread/sem_open.c | 10 ++++------
+ 2 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/sysdeps/pthread/sem_open.c b/sysdeps/pthread/sem_open.c
+index e5db929d20..0e331a7445 100644
+--- a/sysdeps/pthread/sem_open.c
++++ b/sysdeps/pthread/sem_open.c
+@@ -32,11 +32,12 @@
+ # define __unlink unlink
+ #endif
+
++#define SEM_OPEN_FLAGS (O_RDWR | O_NOFOLLOW | O_CLOEXEC)
++
+ sem_t *
+ __sem_open (const char *name, int oflag, ...)
+ {
+ int fd;
+- int open_flags;
+ sem_t *result;
+
+ /* Check that shared futexes are supported. */
+@@ -65,10 +66,8 @@ __sem_open (const char *name, int oflag, ...)
+ /* If the semaphore object has to exist simply open it. */
+ if ((oflag & O_CREAT) == 0 || (oflag & O_EXCL) == 0)
+ {
+- open_flags = O_RDWR | O_NOFOLLOW | O_CLOEXEC;
+- open_flags |= (oflag & ~(O_CREAT|O_ACCMODE));
+ try_again:
+- fd = __open (dirname.name, open_flags);
++ fd = __open (dirname.name, (oflag & O_EXCL) | SEM_OPEN_FLAGS);
+
+ if (fd == -1)
+ {
+@@ -135,8 +134,7 @@ __sem_open (const char *name, int oflag, ...)
+ }
+
+ /* Open the file. Make sure we do not overwrite anything. */
+- open_flags = O_RDWR | O_CREAT | O_EXCL | O_CLOEXEC;
+- fd = __open (tmpfname, open_flags, mode);
++ fd = __open (tmpfname, O_CREAT | O_EXCL | SEM_OPEN_FLAGS, mode);
+ if (fd == -1)
+ {
+ if (errno == EEXIST)
+--
+2.43.0
+
diff --git a/tls-modid-reuse.patch b/tls-modid-reuse.patch
new file mode 100644
index 0000000..e6aeff3
--- /dev/null
+++ b/tls-modid-reuse.patch
@@ -0,0 +1,53 @@
+From ccdc4cba07684fe1397e1f5f134a0a827af98c04 Mon Sep 17 00:00:00 2001
+From: Hector Martin <marcan@marcan.st>
+Date: Tue, 28 Nov 2023 15:23:07 +0900
+Subject: [PATCH] elf: Fix TLS modid reuse generation assignment (BZ 29039)
+
+_dl_assign_tls_modid() assigns a slotinfo entry for a new module, but
+does *not* do anything to the generation counter. The first time this
+happens, the generation is zero and map_generation() returns the current
+generation to be used during relocation processing. However, if
+a slotinfo entry is later reused, it will already have a generation
+assigned. If this generation has fallen behind the current global max
+generation, then this causes an obsolete generation to be assigned
+during relocation processing, as map_generation() returns this
+generation if nonzero. _dl_add_to_slotinfo() eventually resets the
+generation, but by then it is too late. This causes DTV updates to be
+skipped, leading to NULL or broken TLS slot pointers and segfaults.
+
+Fix this by resetting the generation to zero in _dl_assign_tls_modid(),
+so it behaves the same as the first time a slot is assigned.
+_dl_add_to_slotinfo() will still assign the correct static generation
+later during module load, but relocation processing will no longer use
+an obsolete generation.
+
+Note that slotinfo entry (aka modid) reuse typically happens after a
+dlclose and only TLS access via dynamic tlsdesc is affected. Because
+tlsdesc is optimized to use the optional part of static TLS, dynamic
+tlsdesc can be avoided by increasing the glibc.rtld.optional_static_tls
+tunable to a large enough value, or by LD_PRELOAD-ing the affected
+modules.
+
+Fixes bug 29039.
+
+Reviewed-by: Szabolcs Nagy <szabolcs.nagy@arm.com>
+(cherry picked from commit 3921c5b40f293c57cb326f58713c924b0662ef59)
+---
+ elf/dl-tls.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/elf/dl-tls.c b/elf/dl-tls.c
+index 99b83ca696..1f6f820819 100644
+--- a/elf/dl-tls.c
++++ b/elf/dl-tls.c
+@@ -154,6 +154,7 @@ _dl_assign_tls_modid (struct link_map *l)
+ {
+ /* Mark the entry as used, so any dependency see it. */
+ atomic_store_relaxed (&runp->slotinfo[result - disp].map, l);
++ atomic_store_relaxed (&runp->slotinfo[result - disp].gen, 0);
+ break;
+ }
+
+--
+2.43.0
+