util: add utility method to check for bad ssh urls (SEC) Our use of SSH has an exploit that will parse the first part of an url blindly as a hostname. Prior to this set of security patches, a url with '-oProxyCommand' could run arbitrary code on a user's machine. In addition, at least on Windows, a pipe '|' can be abused to execute arbitrary commands in a similar fashion. We defend against this by checking ssh:// URLs and looking for a hostname that starts with a - or contains a |. When this happens, let's throw a big abort into the user's face so that they can inspect what's going on.

Mercurial
=========

Mercurial is a fast, easy to use, distributed revision control tool
for software developers.

Basic install::

 $ make            # see install targets
 $ make install    # do a system-wide install
 $ hg debuginstall # sanity-check setup
 $ hg              # see help

Running without installing::

 $ make local      # build for inplace usage
 $ ./hg --version  # should show the latest version

See https://mercurial-scm.org/ for detailed installation
instructions, platform-specific notes, and Mercurial user information.