Merging various security fixes from Branch_1-24-Server.
Related to RequestXfer exploit:
* DEV-21706 (SEC-188): llParticleSystem can be used to obtain asset id.
* DEV-21767: Migrate RequestXfer to TCP-only
* DEV-21765: Fix RequestXfer traversal exploit
* DEV-21775: LLXferManager::processFileRequest() still has file vulnerabilities
Various fixes:
* fix for VFS memory corruption in llvfs.
* Bump server version to 1.24.9.
Landstore fixes:
* Passing locale to fulfill-order-item from region reservation fulfillment.
* featurettes-4 89061:89589 (which is all of featurettes-1, -2, and -3, and part of -4)
* gteam-showstoppers-3 91950:91951 (which is all of gteam-showstoppers-1, -2, and -3)
* featurettes-5 92149:92150 (patch for last line of chat text not visible in chat history, DEV-17771)
* snapshot-3 91988:91991 (which is all of snapshot-1, -2, and -3)
Merging revisions 92190-92387 of svn+ssh://svn.lindenlab.com/svn/linden/branches/support-featurettes-snapshot-merge-2 into release, respecting ancestry
* QAR-590 Merge Lock Request for Support Sprint
* QAR-627 Merge snapshot improvements
* QAR-686 Merge Lock request for Featurettes
Backport fixes made in the production branch to the trunk now that it is live on the grid:
* DEV-14443 Launcher not producing colo prefix when looking up sim class
* DEV-10840 "/etc/init.d/backbone stop" returns before all child backbones exited; "backbone restart" results in defunct children
* DEV-12558: Able to make anyone's object shout error messages
* QAR-483 user start location migration prelude
* QAR-490 havok4-6
* Revert havok4-5/4-6 code changes causing parcel access check issues
* Revert QAR-277 sqlite-backbone
* DEV-12357 SEC-53: Script that crashes regions
* QAR-486 New proc and query for Web Classifieds Fix
HAVOK4 IN TEH HOUSE!!11!!ONE!!
If it is broken blame Joel for not fixing the loginassetdatabaseinventorygroupIM server instead of working on this.
QAR-448
Kyle Ambroff