Various things that need to go into new sites' databases, but don't really fit
into database-fill.sql, which is auto-generated. Also, unlike the contents of
database-fill.sql, inserting these is not idempotent, since a site may have
changed them for some reason.

for key upload). Also fix parsing code for version 7 SFS keys.

* Use superglobals for page/form arguments.

* Add regex functions for email and phone number.

* Remove stripslashes calls; not needed and actually incorrect for
  data returned from the DB.

Leigh's recent security enhancements.

with SWIG, and update the README explaining how to use it.

to logout any random user on the testbed; only logged in admin users
can do that now!

* Add TBvalid_uid() function to regex uid's. To be used throughout the
  system. Eventually add routines for checking other things like pids
  and eids, etc.

* Regex the uid value we get from the cookie, and switch to $_COOKIE
  superglobal.

* Strict regex checking in DOLOGIN() of uid.

* Change login.php to use superglobals, and general tightening of
  parameter checking.

coding practices. Comments welcome; the page certainly did not need
this much added goo, but it looks nice!

so that it only allows [word].html files (and .txt files for the
doc/ version.)

The previous version allowed users to get the source of our php
scripts - probably not too bad, since there should not be big secrets
in them, but it could help an attacker look for exploitable bugs.

jails.

playing with coding practices for comment.

the wrong file. Also bump PORTREVISION.

Also, remove some modles we don't actualy use, so that it can be
more easily compiled into a binary.

security.

Kirk, you should chime in since you now the resident expert after the
tutorial.

one is verified for argument handling correctness.

that capture connect on a reserved port. To do this, capture binds a
dynamic reserved port to connect to capserver, which verifies the
integrity of the sender by looking at the portnumber that accept
returns.

Note that this has the potential problem of burning a lot of reserved
ports on ops (128 tiplines) since the kernel keeps the client side in
TIME_WAIT for a minute or two after it is closed (the socket is in
actual use for just a moment before being closed). If we try to
restart capture too many times within a span of a minute or two, we
might have problems. Will have to switch to a fancier protocol then.
Yuck.

* If a reboot stuck node fails, move the node to hwdown, send email,
  and log an entry in the nodelog. Then continue on.

* If os_load fails, record the nodes that failed, and try again if the
  nodes fail to reload at the retry interval. Do not exit. I was going
  to call os_load again immediately, but decided not to since these
  changes were quite easy.

  The above change not really tested ... waiting for os_load to fail!

but they do work, so I put them into the repository.

contain the latest image suitable for running nse as opposed to being
tied to an old FBSD 4.5 image.

but since it is not integrated in the backend and we are giving the
source to others, I'm backing out to 1.10

Fix the directory for SWIG, it seems to have moved. For now, we'll
stay with version 1.1, since we haven't tested the new version (1.3)
yet.

Bump revision.

Also, add more interfaces to be re-numbered for Rayford from aero.

is correct.

* Download the eventkey with new tmcd call.

* Pass -k option to various agents so that they can verify the HMACs
  in the incoming notifications.

* Change program agent; The list of agents from tmcd now includes the
  command, which is written to a config file for the program-agent to
  read in. The command string in the event is now ignored.

* Build the local proxy for linux, and add the goo to start the local
  elvind and use the proxy. It has been this way on FreeBSD for a
  while, but I never got it installed for Linux before now.