BASH PATCH REPORT
			     =================

Bash-Release:	5.3
Patch-ID:	bash53-007

Bug-Reported-by:	jdhedden@gmail.com
Bug-Reference-ID:	<689ac876.050a0220.334a3f.30fb@mx.google.com>
Bug-Reference-URL:	

Bug-Description:

No-fork command substitutions can perform redirections that act on the
enclosing command as well.

Patch (apply with `patch -p0'):

*** ../bash-5.3-patched/subst.c	Fri Jul 25 08:53:25 2025
--- subst.c	Tue Aug 12 15:41:01 2025
***************
*** 207,210 ****
--- 207,212 ----
  extern int extended_quote;
  
+ extern REDIRECT *exec_redirection_undo_list, *redirection_undo_list;
+ 
  #if !defined (HAVE_WCSDUP) && defined (HANDLE_MULTIBYTE)
  extern wchar_t *wcsdup (const wchar_t *);
***************
*** 7001,7004 ****
--- 7003,7011 ----
      }
  #endif
+ 
+   unwind_protect_pointer (redirection_undo_list);
+   redirection_undo_list = NULL;
+   unwind_protect_pointer (exec_redirection_undo_list);
+   exec_redirection_undo_list = NULL;
    
    subst_assign_varlist = 0;

*** ../bash-5.3/patchlevel.h	2020-06-22 14:51:03.000000000 -0400
--- patchlevel.h	2020-10-01 11:01:28.000000000 -0400
***************
*** 26,30 ****
     looks for to find the patch level (for the sccs version string). */
  
! #define PATCHLEVEL 6
  
  #endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
     looks for to find the patch level (for the sccs version string). */
  
! #define PATCHLEVEL 7
  
  #endif /* _PATCHLEVEL_H_ */