From b16dd80c50deaa4753045d93ed281d348509293f Mon Sep 17 00:00:00 2001
From: Pradyun Gedam <pradyunsg@users.noreply.github.com>
Date: Sun, 1 Oct 2023 14:10:25 +0100
Subject: [PATCH] Use `-r=...` instead of `-r ...` for hg

This ensures that the resulting revision can not be misinterpreted as an
option.

Upstream-Status: Backport
[https://github.com/pypa/pip/pull/12306/commits/389cb799d0da9a840749fcd14878928467ed49b4]

CVE: CVE-2023-5752

Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
---
 src/pip/_internal/vcs/mercurial.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/pip/_internal/vcs/mercurial.py b/src/pip/_internal/vcs/mercurial.py
index 2a005e0..e440c12 100644
--- a/src/pip/_internal/vcs/mercurial.py
+++ b/src/pip/_internal/vcs/mercurial.py
@@ -31,7 +31,7 @@ class Mercurial(VersionControl):
 
     @staticmethod
     def get_base_rev_args(rev: str) -> List[str]:
-        return [rev]
+        return [f"-r={rev}"]
 
     def fetch_new(
         self, dest: str, url: HiddenText, rev_options: RevOptions, verbosity: int
-- 
2.25.1