See https://discourse.phabricator-community.org/t/unable-to-use-current-mercurial-on-debian-stretch/391.

The Mercurial commit is helpful in particular: https://www.mercurial-scm.org/repo/hg/rev/77eaf9539499

We weren't vulnerable to the security issue (users can not control any part of the command) but pass the working directory explicitly to get past the new safety check.

I left setCWD() in place (a few lines below) just because it can't hurt, and in some other contexts it sometimes matter (for example, if commit hooks execute, they might inherit the parent CWD here or in other VCSes).

• Cloned from a Mercurial repo locally over HTTP.
• Verified that SSH cloning already uses -R (it does, see DiffusionMercurialServeSSHWorkflow).
• Did not actually upgrade to Mercurial 4.0/4.1.3 to completely verify this, but a user in the Discourse thread asserted that a substantially similar fix worked correctly.