File php-composer2-CVE-2024-35242.patch of Package php-composer2.34331

--- a/src/Composer/Package/Version/VersionGuesser.php
+++ b/src/Composer/Package/Version/VersionGuesser.php
@@ -176,7 +176,7 @@ $featureVersion = $version;
 $featurePrettyVersion = $prettyVersion;
 
 
-$result = $this->guessFeatureVersion($packageConfig, $version, $branches, 'git rev-list %candidate%..%branch%', $path);
+$result = $this->guessFeatureVersion($packageConfig, $version, $branches, 'git rev-list -- %candidate%..%branch%', $path, '%candidate%..%branch%', $path);
 $version = $result['version'];
 $prettyVersion = $result['pretty_version'];
 }
@@ -254,7 +254,7 @@ $driver = new HgDriver(array('url' => $p
 $branches = array_keys($driver->getBranches());
 
 
-$result = $this->guessFeatureVersion($packageConfig, $version, $branches, 'hg log -r "not ancestors(\'%candidate%\') and ancestors(\'%branch%\')" --template "{node}\\n"', $path);
+$result = $this->guessFeatureVersion($packageConfig, $version, $branches, 'hg log -r "not ancestors(\'%candidate%\') and ancestors(\'%branch%\')" --template "{node}\\n"', $path, '"not ancestors(\'%candidate%\') and ancestors(\'%branch%\')"', $path);
 $result['commit'] = '';
 $result['feature_version'] = $version;
 $result['feature_pretty_version'] = $version;
@@ -276,7 +276,7 @@ return null;
 
 
 
-private function guessFeatureVersion(array $packageConfig, $version, array $branches, $scmCmdline, $path)
+private function guessFeatureVersion(array $packageConfig, $version, array $branches, $scmCmdline, $path, $arg)
 {
 $prettyVersion = $version;
 
@@ -315,7 +315,7 @@ if ($candidate === $branch || $this->isF
 continue;
 }
 
-$cmdLine = str_replace(array('%candidate%', '%branch%'), array($candidate, $branch), $scmCmdline);
+$cmdLine = str_replace($arg, str_replace(array('%candidate%', '%branch%'), array($candidate, $branch), $arg), $scmCmdline);
 if (0 !== $this->process->execute($cmdLine, $output, $path)) {
 continue;
 }