Overview

File CVE-2023-5752-r-param-hg.patch of Package python312-pip.35511

From 389cb799d0da9a840749fcd14878928467ed49b4 Mon Sep 17 00:00:00 2001
From: Pradyun Gedam <pradyunsg@users.noreply.github.com>
Date: Sun, 1 Oct 2023 14:10:25 +0100
Subject: [PATCH 1/2] Use `-r=...` instead of `-r ...` for hg

This ensures that the resulting revision can not be misinterpreted as an
option.
---
 news/12306.bugfix.rst              |    1 +
 src/pip/_internal/vcs/mercurial.py |    2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

Index: pip-23.2.1/news/12306.bugfix.rst
===================================================================
--- /dev/null
+++ pip-23.2.1/news/12306.bugfix.rst
@@ -0,0 +1 @@
+Use ``-r=...`` instead of ``-r ...`` to specify references with Mercurial.
Index: pip-23.2.1/src/pip/_internal/vcs/mercurial.py
===================================================================
--- pip-23.2.1.orig/src/pip/_internal/vcs/mercurial.py
+++ pip-23.2.1/src/pip/_internal/vcs/mercurial.py
@@ -31,7 +31,7 @@ class Mercurial(VersionControl):
 
     @staticmethod
     def get_base_rev_args(rev: str) -> List[str]:
-        return ["-r", rev]
+        return ["-r={}".format(rev)]
 
     def fetch_new(
         self, dest: str, url: HiddenText, rev_options: RevOptions, verbosity: int
Index: pip-23.2.1/tests/unit/test_vcs.py
===================================================================
--- pip-23.2.1.orig/tests/unit/test_vcs.py
+++ pip-23.2.1/tests/unit/test_vcs.py
@@ -66,7 +66,7 @@ def test_rev_options_repr() -> None:
         # First check VCS-specific RevOptions behavior.
         (Bazaar, [], ["-r", "123"], {}),
         (Git, ["HEAD"], ["123"], {}),
-        (Mercurial, [], ["-r", "123"], {}),
+        (Mercurial, [], ["-r=123"], {}),
         (Subversion, [], ["-r", "123"], {}),
         # Test extra_args.  For this, test using a single VersionControl class.
         (
openSUSE Build Service is sponsored by
Places