diff --git a/SOURCES/bash-5.0-bgp-resize.patch b/SOURCES/bash-5.0-bgp-resize.patch
new file mode 100644
index 0000000..1a3f288
--- /dev/null
+++ b/SOURCES/bash-5.0-bgp-resize.patch
@@ -0,0 +1,95 @@
+diff --git a/include/typemax.h b/include/typemax.h
+--- a/include/typemax.h
++++ b/include/typemax.h
+@@ -35,14 +35,23 @@
+ #  define TYPE_SIGNED(t)	(! ((t) 0 < (t) -1))
+ #endif
+ 
++#ifndef TYPE_SIGNED_MAGNITUDE
++#  define TYPE_SIGNED_MAGNITUDE(t) ((t) ~ (t) 0 < (t) -1)
++#endif
++
++#ifndef TYPE_WIDTH
++#  define TYPE_WIDTH(t) (sizeof (t) * CHAR_BIT)
++#endif
++
+ #ifndef TYPE_MINIMUM
+-#  define TYPE_MINIMUM(t) ((t) (TYPE_SIGNED (t) \
+-				? ~ (t) 0 << (sizeof (t) * CHAR_BIT - 1) \
+-				: (t) 0))
++#  define TYPE_MINIMUM(t) ((t) ~ TYPE_MAXIMUM (t))
+ #endif
+ 
+ #ifndef TYPE_MAXIMUM
+-#  define TYPE_MAXIMUM(t) ((t) (~ (t) 0 - TYPE_MINIMUM (t)))
++#  define TYPE_MAXIMUM(t)  \
++  ((t) (! TYPE_SIGNED (t) \
++        ? (t) -1 \
++        : ((((t) 1 << (TYPE_WIDTH (t) - 2)) - 1) * 2 + 1)))
+ #endif
+ 
+ #ifdef HAVE_LONG_LONG
+diff --git a/jobs.c b/jobs.c
+--- a/jobs.c
++++ b/jobs.c
+@@ -72,6 +72,8 @@
+ #include "execute_cmd.h"
+ #include "flags.h"
+ 
++#include "typemax.h"
++
+ #include "builtins/builtext.h"
+ #include "builtins/common.h"
+ 
+@@ -92,7 +94,7 @@ extern int killpg __P((pid_t, int));
+ #endif
+ 
+ #if !MAX_CHILD_MAX
+-#  define MAX_CHILD_MAX 8192
++#  define MAX_CHILD_MAX 32768
+ #endif
+ 
+ #if !defined (DEBUG)
+@@ -751,7 +753,7 @@ stop_pipeline (async, deferred)
+ static void
+ bgp_resize ()
+ {
+-  ps_index_t nsize;
++  ps_index_t nsize, nsize_cur, nsize_max;
+   ps_index_t psi;
+ 
+   if (bgpids.nalloc == 0)
+@@ -765,11 +767,20 @@ bgp_resize ()
+   else
+     nsize = bgpids.nalloc;
+ 
+-  while (nsize < js.c_childmax)
+-    nsize *= 2;
++  nsize_max = TYPE_MAXIMUM (ps_index_t);
++  nsize_cur = (ps_index_t)js.c_childmax;
++  if (nsize_cur < 0)				/* overflow */
++    nsize_cur = MAX_CHILD_MAX;
+ 
+-  if (bgpids.nalloc < js.c_childmax)
+-    {
++  while (nsize > 0 && nsize < nsize_cur)	/* > 0 should catch overflow */
++    nsize <<= 1;
++  if (nsize > nsize_max || nsize <= 0)		/* overflow? */
++    nsize = nsize_max;
++  if (nsize > MAX_CHILD_MAX)
++    nsize = nsize_max = MAX_CHILD_MAX;		/* hard cap */
++
++  if (bgpids.nalloc < nsize_cur && bgpids.nalloc < nsize_max)
++  {
+       bgpids.storage = (struct pidstat *)xrealloc (bgpids.storage, nsize * sizeof (struct pidstat));
+ 
+       for (psi = bgpids.nalloc; psi < nsize; psi++)
+@@ -787,7 +798,7 @@ bgp_getindex ()
+ {
+   ps_index_t psi;
+ 
+-  if (bgpids.nalloc < js.c_childmax || bgpids.head >= bgpids.nalloc)
++  if (bgpids.nalloc < (ps_index_t)js.c_childmax || bgpids.head >= bgpids.nalloc)
+     bgp_resize ();
+ 
+   pshash_delindex (bgpids.head);		/* XXX - clear before reusing */
diff --git a/SOURCES/bash-5.0-cve-2019-18276-2.patch b/SOURCES/bash-5.0-cve-2019-18276-2.patch
new file mode 100644
index 0000000..ff911e3
--- /dev/null
+++ b/SOURCES/bash-5.0-cve-2019-18276-2.patch
@@ -0,0 +1,41 @@
+diff --git a/configure.ac b/configure.ac
+index e5162c4..b82a33b 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -799,10 +799,13 @@ AC_CHECK_DECLS([confstr])
+ AC_CHECK_DECLS([printf])
+ AC_CHECK_DECLS([sbrk])
+ AC_CHECK_DECLS([setregid])
+-AC_CHECK_DECLS[(setresuid, setresgid])
++dnl AC_CHECK_DECLS[(setresuid])
++dnl AC_CHECK_DECLS[(setresgid])
+ AC_CHECK_DECLS([strcpy])
+ AC_CHECK_DECLS([strsignal])
+ 
++AC_CHECK_FUNCS(setresuid setresgid)
++
+ dnl Extra test to detect the horribly broken HP/UX 11.00 strtold(3)
+ AC_CHECK_DECLS([strtold], [
+     AC_MSG_CHECKING([for broken strtold])
+diff --git a/shell.c b/shell.c
+index 484d8a9..5c24922 100644
+--- a/shell.c
++++ b/shell.c
+@@ -1286,7 +1286,7 @@ disable_priv_mode ()
+ {
+   int e;
+ 
+-#if HAVE_DECL_SETRESUID
++#if HAVE_SETRESUID
+   if (setresuid (current_user.uid, current_user.uid, current_user.uid) < 0)
+ #else
+   if (setuid (current_user.uid) < 0)
+@@ -1299,7 +1299,7 @@ disable_priv_mode ()
+ 	exit (e);
+ #endif
+     }
+-#if HAVE_DECL_SETRESGID
++#if HAVE_SETRESGID
+   if (setresgid (current_user.gid, current_user.gid, current_user.gid) < 0)
+ #else
+   if (setgid (current_user.gid) < 0)
diff --git a/SPECS/bash.spec b/SPECS/bash.spec
index cac1224..5f7e672 100644
--- a/SPECS/bash.spec
+++ b/SPECS/bash.spec
@@ -7,7 +7,7 @@
 Version: %{baseversion}%{patchleveltag}
 Name: bash
 Summary: The GNU Bourne Again shell
-Release: 12%{?dist}
+Release: 14%{?dist}
 License: GPLv3+
 Url: https://www.gnu.org/software/bash
 Source0: https://ftp.gnu.org/gnu/bash/bash-%{baseversion}.tar.gz
@@ -106,6 +106,11 @@ Patch134: bash-5.0-shellpid-subshell.patch
 # 1793943 - CVE-2019-18276: when effective UID is not equal to its real UID the saved UID is
 # not dropped
 Patch135: bash-5.0-cve-2019-18276.patch
+Patch136: bash-5.0-cve-2019-18276-2.patch
+
+# 1890888 - Took long time to return when bash -c 'exit 2 & wait $!' run in the big size LimitNPROC
+# values
+Patch137: bash-5.0-bgp-resize.patch
 
 BuildRequires: texinfo bison
 BuildRequires: ncurses-devel
@@ -330,6 +335,14 @@ end
 %{_libdir}/pkgconfig/%{name}.pc
 
 %changelog
+* Wed Nov 04 2020 Siteshwar Vashisht <svashisht@redhat.com> - 4.4.19-14
+- Fix hang when limit for nproc is very high
+  Resolves: #1890888
+
+* Fri Oct 09 2020 Siteshwar Vashisht <svashisht@redhat.com> - 4.4.19-13
+- Correctly drop saved UID when effective UID is not equal to its real UID
+  Resolves: #1793943
+
 * Mon Jun 22 2020 Siteshwar Vashisht <svashisht@redhat.com> - 4.4.19-12
 - Avoid duplicating user path entries
   Resolves: #1667008