import bash-4.4.19-12.el8

SOURCES/bash-5.0-cve-2019-18276.patch

@@ -0,0 +1,61 @@
+diff --git a/config.h.in b/config.h.in
+index 1a89e85..2df4786 100644
+--- a/config.h.in
++++ b/config.h.in
+@@ -801,6 +801,14 @@
+ #undef HAVE_SETREGID
+ #undef HAVE_DECL_SETREGID
+ 
++/* Define if you have the setregid function.  */
++#undef HAVE_SETRESGID
++#undef HAVE_DECL_SETRESGID
++
++/* Define if you have the setresuid function.  */
++#undef HAVE_SETRESUID
++#undef HAVE_DECL_SETRESUID
++
+ /* Define if you have the setvbuf function.  */
+ #undef HAVE_SETVBUF
+ 
+diff --git a/configure.ac b/configure.ac
+index a3f6d8f..e5162c4 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -799,6 +799,7 @@ AC_CHECK_DECLS([confstr])
+ AC_CHECK_DECLS([printf])
+ AC_CHECK_DECLS([sbrk])
+ AC_CHECK_DECLS([setregid])
++AC_CHECK_DECLS[(setresuid, setresgid])
+ AC_CHECK_DECLS([strcpy])
+ AC_CHECK_DECLS([strsignal])
+ 
+diff --git a/shell.c b/shell.c
+index 4aae182..484d8a9 100644
+--- a/shell.c
++++ b/shell.c
+@@ -1286,7 +1286,11 @@ disable_priv_mode ()
+ {
+   int e;
+ 
++#if HAVE_DECL_SETRESUID
++  if (setresuid (current_user.uid, current_user.uid, current_user.uid) < 0)
++#else
+   if (setuid (current_user.uid) < 0)
++#endif
+     {
+       e = errno;
+       sys_error (_("cannot set uid to %d: effective uid %d"), current_user.uid, current_user.euid);
+@@ -1295,7 +1299,11 @@ disable_priv_mode ()
+ 	exit (e);
+ #endif
+     }
++#if HAVE_DECL_SETRESGID
++  if (setresgid (current_user.gid, current_user.gid, current_user.gid) < 0)
++#else
+   if (setgid (current_user.gid) < 0)
++#endif
+     sys_error (_("cannot set gid to %d: effective gid %d"), current_user.gid, current_user.egid);
+ 
+   current_user.euid = current_user.uid;
+-- 
+2.25.4

SOURCES/dot-bashrc

@@ -6,7 +6,10 @@ if [ -f /etc/bashrc ]; then
 fi
 
 # User specific environment
-PATH="$HOME/.local/bin:$HOME/bin:$PATH"
+if ! [[ "$PATH" =~ "$HOME/.local/bin:$HOME/bin:" ]]
+then
+    PATH="$HOME/.local/bin:$HOME/bin:$PATH"
+fi
 export PATH
 
 # Uncomment the following line if you don't like systemctl's auto-paging feature:

SPECS/bash.spec

@@ -7,7 +7,7 @@
 Version: %{baseversion}%{patchleveltag}
 Name: bash
 Summary: The GNU Bourne Again shell
-Release: 10%{?dist}
+Release: 12%{?dist}
 License: GPLv3+
 Url: https://www.gnu.org/software/bash
 Source0: https://ftp.gnu.org/gnu/bash/bash-%{baseversion}.tar.gz
@@ -103,6 +103,10 @@ Patch133: bash-5.0-syslog-history.patch
 # https://lists.gnu.org/archive/html/bug-bash/2017-01/msg00065.html
 Patch134: bash-5.0-shellpid-subshell.patch
 
+# 1793943 - CVE-2019-18276: when effective UID is not equal to its real UID the saved UID is
+# not dropped
+Patch135: bash-5.0-cve-2019-18276.patch
+
 BuildRequires: texinfo bison
 BuildRequires: ncurses-devel
 BuildRequires: autoconf, gettext
@@ -326,6 +330,14 @@ end
 %{_libdir}/pkgconfig/%{name}.pc
 
 %changelog
+* Mon Jun 22 2020 Siteshwar Vashisht <svashisht@redhat.com> - 4.4.19-12
+- Avoid duplicating user path entries
+  Resolves: #1667008
+
+* Mon Jun 22 2020 Siteshwar Vashisht <svashisht@redhat.com> - 4.4.19-11
+- Drop saved UID when effective UID is not equal to its real UID
+  Resolves: #1793943
+
 * Thu Aug 22 2019 Siteshwar Vashisht <svashisht@redhat.com> - 4.4.19-10
 - Fix runtime option to enable history logging to syslog
   Related: #1687835