diff --git a/bash-5.0-cve-2019-18276-2.patch b/bash-5.0-cve-2019-18276-2.patch
new file mode 100644
index 0000000000000000000000000000000000000000..ff911e3f29fd30c16214f1908734b715ee642e72
--- /dev/null
+++ b/bash-5.0-cve-2019-18276-2.patch
@@ -0,0 +1,41 @@
+diff --git a/configure.ac b/configure.ac
+index e5162c4..b82a33b 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -799,10 +799,13 @@ AC_CHECK_DECLS([confstr])
+ AC_CHECK_DECLS([printf])
+ AC_CHECK_DECLS([sbrk])
+ AC_CHECK_DECLS([setregid])
+-AC_CHECK_DECLS[(setresuid, setresgid])
++dnl AC_CHECK_DECLS[(setresuid])
++dnl AC_CHECK_DECLS[(setresgid])
+ AC_CHECK_DECLS([strcpy])
+ AC_CHECK_DECLS([strsignal])
+ 
++AC_CHECK_FUNCS(setresuid setresgid)
++
+ dnl Extra test to detect the horribly broken HP/UX 11.00 strtold(3)
+ AC_CHECK_DECLS([strtold], [
+     AC_MSG_CHECKING([for broken strtold])
+diff --git a/shell.c b/shell.c
+index 484d8a9..5c24922 100644
+--- a/shell.c
++++ b/shell.c
+@@ -1286,7 +1286,7 @@ disable_priv_mode ()
+ {
+   int e;
+ 
+-#if HAVE_DECL_SETRESUID
++#if HAVE_SETRESUID
+   if (setresuid (current_user.uid, current_user.uid, current_user.uid) < 0)
+ #else
+   if (setuid (current_user.uid) < 0)
+@@ -1299,7 +1299,7 @@ disable_priv_mode ()
+ 	exit (e);
+ #endif
+     }
+-#if HAVE_DECL_SETRESGID
++#if HAVE_SETRESGID
+   if (setresgid (current_user.gid, current_user.gid, current_user.gid) < 0)
+ #else
+   if (setgid (current_user.gid) < 0)
diff --git a/bash-5.0-cve-2019-18276.patch b/bash-5.0-cve-2019-18276.patch
new file mode 100644
index 0000000000000000000000000000000000000000..4ff057498e470fcd687edcefee5d7d211db51d35
--- /dev/null
+++ b/bash-5.0-cve-2019-18276.patch
@@ -0,0 +1,61 @@
+diff --git a/config.h.in b/config.h.in
+index 1a89e85..2df4786 100644
+--- a/config.h.in
++++ b/config.h.in
+@@ -801,6 +801,14 @@
+ #undef HAVE_SETREGID
+ #undef HAVE_DECL_SETREGID
+ 
++/* Define if you have the setregid function.  */
++#undef HAVE_SETRESGID
++#undef HAVE_DECL_SETRESGID
++
++/* Define if you have the setresuid function.  */
++#undef HAVE_SETRESUID
++#undef HAVE_DECL_SETRESUID
++
+ /* Define if you have the setvbuf function.  */
+ #undef HAVE_SETVBUF
+ 
+diff --git a/configure.ac b/configure.ac
+index a3f6d8f..e5162c4 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -799,6 +799,7 @@ AC_CHECK_DECLS([confstr])
+ AC_CHECK_DECLS([printf])
+ AC_CHECK_DECLS([sbrk])
+ AC_CHECK_DECLS([setregid])
++AC_CHECK_DECLS[(setresuid, setresgid])
+ AC_CHECK_DECLS([strcpy])
+ AC_CHECK_DECLS([strsignal])
+ 
+diff --git a/shell.c b/shell.c
+index 4aae182..484d8a9 100644
+--- a/shell.c
++++ b/shell.c
+@@ -1286,7 +1286,11 @@ disable_priv_mode ()
+ {
+   int e;
+ 
++#if HAVE_DECL_SETRESUID
++  if (setresuid (current_user.uid, current_user.uid, current_user.uid) < 0)
++#else
+   if (setuid (current_user.uid) < 0)
++#endif
+     {
+       e = errno;
+       sys_error (_("cannot set uid to %d: effective uid %d"), current_user.uid, current_user.euid);
+@@ -1295,7 +1299,11 @@ disable_priv_mode ()
+ 	exit (e);
+ #endif
+     }
++#if HAVE_DECL_SETRESGID
++  if (setresgid (current_user.gid, current_user.gid, current_user.gid) < 0)
++#else
+   if (setgid (current_user.gid) < 0)
++#endif
+     sys_error (_("cannot set gid to %d: effective gid %d"), current_user.gid, current_user.egid);
+ 
+   current_user.euid = current_user.uid;
+-- 
+2.25.4
diff --git a/bash-5.0-histtimeformat-segfault.patch b/bash-5.0-histtimeformat-segfault.patch
new file mode 100644
index 0000000000000000000000000000000000000000..0d7efa8058715cc5a6a0a857618807ea3d74e606
--- /dev/null
+++ b/bash-5.0-histtimeformat-segfault.patch
@@ -0,0 +1,19 @@
+diff --git a/builtins/history.def b/builtins/history.def
+--- a/builtins/history.def
++++ b/builtins/history.def
+@@ -256,10 +256,13 @@ histtime (hlist, histtimefmt)
+ {
+   static char timestr[128];
+   time_t t;
++  struct tm *tm;
+ 
+   t = history_get_time (hlist);
+-  if (t)
+-    strftime (timestr, sizeof (timestr), histtimefmt, localtime (&t));
++
++  tm = t ? localtime (&t) : 0;
++  if (t && tm)
++    strftime (timestr, sizeof (timestr), histtimefmt, tm);
+   else if (hlist->timestamp && hlist->timestamp[0])
+     snprintf (timestr, sizeof (timestr), _("%s: invalid timestamp"),
+ 	(hlist->timestamp[0] == '#') ? hlist->timestamp + 1: hlist->timestamp);
diff --git a/bash.spec b/bash.spec
index e626ce80f683677a49f7076267d07fa3d382fc86..45bfe1435610555998f71bbfb65fc1fe9341fbfb 100644
--- a/bash.spec
+++ b/bash.spec
@@ -1,13 +1,13 @@
 #% define beta_tag rc2
 %global _hardened_build 1
-%define patchleveltag .19
+%define patchleveltag .20
 %define baseversion 4.4
 %bcond_without tests
 
 Version: %{baseversion}%{patchleveltag}
 Name: bash
 Summary: The GNU Bourne Again shell
-Release: 12%{?dist}
+Release: 2%{?dist}
 License: GPLv3+
 Url: https://www.gnu.org/software/bash
 Source0: https://ftp.gnu.org/gnu/bash/bash-%{baseversion}.tar.gz
@@ -103,10 +103,18 @@ Patch133: bash-5.0-syslog-history.patch
 # https://lists.gnu.org/archive/html/bug-bash/2017-01/msg00065.html
 Patch134: bash-5.0-shellpid-subshell.patch
 
+# 1793943 - CVE-2019-18276: when effective UID is not equal to its real UID the saved UID is
+# not dropped
+Patch135: bash-5.0-cve-2019-18276.patch
+Patch136: bash-5.0-cve-2019-18276-2.patch
+
 # 1890888 - Took long time to return when bash -c 'exit 2 & wait $!' run in the big size LimitNPROC
 # values
 Patch137: bash-5.0-bgp-resize.patch
 
+# 1794884 - HISTTIMEFORMAT causes Segmentation fault under certain conditions
+Patch138: bash-5.0-histtimeformat-segfault.patch
+
 BuildRequires: texinfo bison
 BuildRequires: ncurses-devel
 BuildRequires: autoconf, gettext
@@ -330,14 +338,30 @@ end
 %{_libdir}/pkgconfig/%{name}.pc
 
 %changelog
-* Fri Mar 26 2021 Siteshwar Vashisht <svashisht@redhat.com> - 4.4.19-12
+* Mon Jul 26 2021 Siteshwar Vashisht <svashisht@redhat.com> - 4.4.20-2
+- Fix crash if a timestamp in a history file overflowed a time_t
+  Resolves: #1794884
+
+* Fri Mar 26 2021 Siteshwar Vashisht <svashisht@redhat.com> - 4.4.20-1
 - Fix infinite loop in long running scripts
   Resolves: #1943495
 
-* Wed Nov 04 2020 Siteshwar Vashisht <svashisht@redhat.com> - 4.4.19-11
+* Wed Nov 04 2020 Siteshwar Vashisht <svashisht@redhat.com> - 4.4.19-14
 - Fix hang when limit for nproc is very high
   Resolves: #1890888
 
+* Fri Oct 09 2020 Siteshwar Vashisht <svashisht@redhat.com> - 4.4.19-13
+- Correctly drop saved UID when effective UID is not equal to its real UID
+  Resolves: #1793943
+
+* Mon Jun 22 2020 Siteshwar Vashisht <svashisht@redhat.com> - 4.4.19-12
+- Avoid duplicating user path entries
+  Resolves: #1667008
+
+* Mon Jun 22 2020 Siteshwar Vashisht <svashisht@redhat.com> - 4.4.19-11
+- Drop saved UID when effective UID is not equal to its real UID
+  Resolves: #1793943
+
 * Thu Aug 22 2019 Siteshwar Vashisht <svashisht@redhat.com> - 4.4.19-10
 - Fix runtime option to enable history logging to syslog
   Related: #1687835
diff --git a/dot-bashrc b/dot-bashrc
index 68854a1bbe80c11b286fb0291e336d17c74d6d3c..d81e0b5e2a212fcfced93031a0fbb4481d7c033d 100644
--- a/dot-bashrc
+++ b/dot-bashrc
@@ -6,7 +6,10 @@ if [ -f /etc/bashrc ]; then
 fi
 
 # User specific environment
-PATH="$HOME/.local/bin:$HOME/bin:$PATH"
+if ! [[ "$PATH" =~ "$HOME/.local/bin:$HOME/bin:" ]]
+then
+    PATH="$HOME/.local/bin:$HOME/bin:$PATH"
+fi
 export PATH
 
 # Uncomment the following line if you don't like systemctl's auto-paging feature: