Update release notes header to conform to style

1) Warn when >= July 1, 2022 that we only do security fixes (but continue the report)
2) Error when >= July 1, 2023 that all support ceased (do not send a report)
3) Handle HTTP 403 condition

.gitignore

@@ -6,9 +6,7 @@ conftest.*
 config.settings
 extras/pcre2*
 extras/c-ares*
-extras/regexp*
 config.status
-extras/tre*
 extras/ircdcron/ircd.cron
 extras/ircdcron/ircdchk
 src/modules/snomasks/Makefile
@@ -33,7 +31,7 @@ tags
 server.cert.pem
 server.key.pem
 server.req.pem
-ssl.rnd
+tls.rnd
 
 # Ignores for platform stuff
 .DS_Store
@@ -72,3 +70,6 @@ xcuserdata
 src/macosx/build/
 DerivedData
 src/macosx/pods/
+
+# Doxygen generated files
+doc/doxygen/

.gitmodules

@@ -1,6 +0,0 @@
-[submodule "extras/tests/ircfly"]
-	path = extras/tests/ircfly
-	url = https://github.com/unrealircd/ircfly.git
-[submodule "extras/tests/functional-tests"]
-	path = extras/tests/functional-tests
-	url = https://github.com/unrealircd/unrealircd-tests.git

.travis.yml

@@ -1,28 +0,0 @@
-language: c
-os:
-- linux
-compiler:
-  - clang
-  - gcc
-script: extras/build-tests/nix/build $BUILDCONFIG
-env:
-  - BUILDCONFIG=""
-  - BUILDCONFIG="system-cares"
-  - BUILDCONFIG="system-cares system-curl"
-  - BUILDCONFIG="local-curl"
-matrix:
-  include:
-  - os: osx
-    env: BUILDCONFIG=""
-  - os: osx
-    env: BUILDCONFIG="system-cares"
-  - os: osx
-    env: BUILDCONFIG="system-cares system-curl"
-  - os: osx
-    env: BUILDCONFIG="local-curl"
-  - env: BUILDCONFIG="libressl-25"
-  - env: BUILDCONFIG="libressl-26"
-  - env: BUILDCONFIG="libressl-27"
-  - env: BUILDCONFIG="openssl-102"
-  - env: BUILDCONFIG="openssl-110"
-  - env: BUILDCONFIG="openssl-111"

CONTRIBUTING.md

@@ -0,0 +1,5 @@
+Help out and make UnrealIRCd a better product!
+
+You can do so by reporting issues, testing, programming, documenting,
+translating, helping others, and more.
+See https://www.unrealircd.org/docs/Contributing

Makefile.in

@@ -34,11 +34,11 @@ FROMDOS=/home/cmunk/bin/4dos
 #
 
 #XCFLAGS=-O -g -export-dynamic
-IRCDLIBS=@IRCDLIBS@ @TRE_LIBS@ @PCRE2_LIBS@ @CARES_LIBS@ @PTHREAD_LIBS@
+IRCDLIBS=@IRCDLIBS@ @PCRE2_LIBS@ @ARGON2_LIBS@ @CARES_LIBS@ @SODIUM_LIBS@ @PTHREAD_LIBS@
 CRYPTOLIB=@CRYPTOLIB@
 OPENSSLINCLUDES=
 
-XCFLAGS=@PTHREAD_CFLAGS@ @TRE_CFLAGS@ @PCRE2_CFLAGS@ @CARES_CFLAGS@ @CFLAGS@ @HARDEN_CFLAGS@ @CPPFLAGS@
+XCFLAGS=@PTHREAD_CFLAGS@ @PCRE2_CFLAGS@ @ARGON2_CFLAGS@ @CARES_CFLAGS@ @SODIUM_CFLAGS@ @CFLAGS@ @HARDEN_CFLAGS@ @CPPFLAGS@
 #
 # use the following on MIPS:
 #CFLAGS= -systype bsd43 -DSYSTYPE_BSD43 -I$(INCLUDEDIR)
@@ -91,25 +91,12 @@ IRCDMODE = 711
 
 URL=@URL@
 
-# [CHANGEME]
-# If you get a link-time error dealing with strtoul, comment out
-# this line.
-# STRTOUL=	strtoul.o
-STRTOUL=@STRTOUL@
-
-# [CHANGEME]
-# If you get crashes around a specific number of clients, and that
-# client load comes close or a little over the system-defined value of
-# FD_SETSIZE, override it here and see what happens. You may override
-# the system FD_SETSIZE by setting the FD_SETSIZE Makefile variable to
-# -DFD_SETSIZE=<some number>.
-FD_SETSIZE=@FD_SETSIZE@
-
 # Where is your openssl binary
 OPENSSLPATH=@OPENSSLPATH@
 
-CFLAGS=-I$(INCLUDEDIR) $(XCFLAGS) $(FD_SETSIZE)
-LDFLAGS=@LDFLAGS_PRIVATELIBS@ @HARDEN_LDFLAGS@
+CFLAGS=-I$(INCLUDEDIR) $(XCFLAGS)
+XLDFLAGS=@LDFLAGS_PRIVATELIBS@ @HARDEN_LDFLAGS@ @LDFLAGS@
+LDFLAGS=$(XLDFLAGS)
 
 SHELL=/bin/sh
 SUBDIRS=src
@@ -126,7 +113,7 @@ MAKEARGS =	'CFLAGS=${CFLAGS}' 'CC=${CC}' 'IRCDLIBS=${IRCDLIBS}' \
 		'RES=${RES}' 'BINDIR=${BINDIR}' 'INSTALL=${INSTALL}' \
 		'INCLUDEDIR=${INCLUDEDIR}' \
 		'RM=${RM}' 'CP=${CP}' 'TOUCH=${TOUCH}' \
-		'SHELL=${SHELL}' 'STRTOUL=${STRTOUL}' \
+		'SHELL=${SHELL}' \
 		'CRYPTOLIB=${CRYPTOLIB}' \
 		'CRYPTOINCLUDES=${CRYPTOINCLUDES}' \
 		'URL=${URL}'
@@ -165,7 +152,7 @@ cleandir: clean
 	rm -rf include/setup.h Makefile Settings
 
 distclean: cleandir
-	rm -rf extras/*.bak extras/regexp extras/*.tar extras/c-ares 
+	rm -rf extras/*.bak extras/*.tar extras/c-ares
 	rm -rf extras/c-ares-* extras/tre-*
 	rm -rf config.log config.settings *.pem ircd.* unrealircd
 	rm -rf Makefile config.status
@@ -177,57 +164,75 @@ depend:
 	done
 
 install: all
-	$(INSTALL) -m 0700 -d @BINDIR@
-	$(INSTALL) -m 0700 src/ircd @BINDIR@/unrealircd
-	$(INSTALL) -m 0700 -d @DOCDIR@
-	$(INSTALL) -m 0600 doc/Authors doc/coding-guidelines doc/tao.of.irc @DOCDIR@
-	$(INSTALL) -m 0700 -d @CONFDIR@
-	$(INSTALL) -m 0600 doc/conf/*.default.conf @CONFDIR@
-	$(INSTALL) -m 0600 doc/conf/*.optional.conf @CONFDIR@
-	-@if [ ! -f "@CONFDIR@/spamfilter.conf" ] ; then \
-		$(INSTALL) -m 0600 doc/conf/spamfilter.conf @CONFDIR@ ; \
+	$(INSTALL) -m 0700 -d $(DESTDIR)@BINDIR@
+	$(INSTALL) -m 0700 src/ircd $(DESTDIR)@BINDIR@/unrealircd
+	$(INSTALL) -m 0700 extras/unrealircd-upgrade-script $(DESTDIR)@BINDIR@/unrealircd-upgrade-script
+	$(INSTALL) -m 0700 -d $(DESTDIR)@DOCDIR@
+	$(INSTALL) -m 0600 doc/Authors doc/coding-guidelines doc/tao.of.irc doc/KEYS doc/RELEASE-NOTES.md $(DESTDIR)@DOCDIR@
+	$(INSTALL) -m 0700 -d $(DESTDIR)@CONFDIR@
+	$(INSTALL) -m 0600 doc/conf/*.default.conf $(DESTDIR)@CONFDIR@
+	$(INSTALL) -m 0600 doc/conf/*.optional.conf $(DESTDIR)@CONFDIR@
+	-@if [ ! -f "$(DESTDIR)@CONFDIR@/modules.sources.list" ] ; then \
+		$(INSTALL) -m 0600 doc/conf/modules.sources.list $(DESTDIR)@CONFDIR@ ; \
 	fi
-	-@if [ ! -f "@CONFDIR@/badwords.conf" ] ; then \
-		$(INSTALL) -m 0600 doc/conf/badwords.conf @CONFDIR@ ; \
+	-@if [ ! -f "$(DESTDIR)@CONFDIR@/spamfilter.conf" ] ; then \
+		$(INSTALL) -m 0600 doc/conf/spamfilter.conf $(DESTDIR)@CONFDIR@ ; \
 	fi
-	-@if [ ! -f "@CONFDIR@/dccallow.conf" ] ; then \
-		$(INSTALL) -m 0600 doc/conf/dccallow.conf @CONFDIR@ ; \
+	-@extras/patches/patch_spamfilter_conf "$(DESTDIR)@CONFDIR@"
+	-@if [ ! -f "$(DESTDIR)@CONFDIR@/badwords.conf" ] ; then \
+		$(INSTALL) -m 0600 doc/conf/badwords.conf $(DESTDIR)@CONFDIR@ ; \
 	fi
-	$(INSTALL) -m 0700 -d @CONFDIR@/aliases
-	$(INSTALL) -m 0600 doc/conf/aliases/*.conf @CONFDIR@/aliases
-	$(INSTALL) -m 0700 -d @CONFDIR@/help
-	$(INSTALL) -m 0600 doc/conf/help/*.conf @CONFDIR@/help
-	$(INSTALL) -m 0700 -d @CONFDIR@/examples
-	$(INSTALL) -m 0600 doc/conf/examples/*.conf @CONFDIR@/examples
-	$(INSTALL) -m 0700 -d @CONFDIR@/ssl
-	$(INSTALL) -m 0600 doc/conf/ssl/curl-ca-bundle.crt @CONFDIR@/ssl
-	$(INSTALL) -m 0700 unrealircd @SCRIPTDIR@
-	$(INSTALL) -m 0700 -d @MODULESDIR@
-	$(INSTALL) -m 0700 src/modules/*.so @MODULESDIR@
-	$(INSTALL) -m 0700 -d @MODULESDIR@/usermodes
-	$(INSTALL) -m 0700 src/modules/usermodes/*.so @MODULESDIR@/usermodes
-	$(INSTALL) -m 0700 -d @MODULESDIR@/chanmodes
-	$(INSTALL) -m 0700 src/modules/chanmodes/*.so @MODULESDIR@/chanmodes
-	$(INSTALL) -m 0700 -d @MODULESDIR@/snomasks
-	$(INSTALL) -m 0700 src/modules/snomasks/*.so @MODULESDIR@/snomasks
-	$(INSTALL) -m 0700 -d @MODULESDIR@/extbans
-	$(INSTALL) -m 0700 src/modules/extbans/*.so @MODULESDIR@/extbans
-	$(INSTALL) -m 0700 -d @MODULESDIR@/cap
-	$(INSTALL) -m 0700 src/modules/cap/*.so @MODULESDIR@/cap
-	$(INSTALL) -m 0700 -d @MODULESDIR@/third
-	@#Ugly stuff to detect 0 files in this directory:
-	@+for f in src/modules/third/*.so; do \
-		[ -e $f ] && $(INSTALL) -m 0700 src/modules/third/*.so @MODULESDIR@/third || echo; \
-	done
-	$(INSTALL) -m 0700 -d @TMPDIR@
-	$(INSTALL) -m 0700 -d @CACHEDIR@
-	$(INSTALL) -m 0700 -d @PERMDATADIR@
-	$(INSTALL) -m 0700 -d @LOGDIR@
-	-@if [ ! -f "@CONFDIR@/ssl/server.cert.pem" ] ; then \
-		$(INSTALL) -m 0600 server.req.pem @CONFDIR@/ssl ; \
-		$(INSTALL) -m 0600 server.key.pem @CONFDIR@/ssl ; \
-		$(INSTALL) -m 0600 server.cert.pem @CONFDIR@/ssl ; \
+	-@if [ ! -f "$(DESTDIR)@CONFDIR@/dccallow.conf" ] ; then \
+		$(INSTALL) -m 0600 doc/conf/dccallow.conf $(DESTDIR)@CONFDIR@ ; \
 	fi
+	$(INSTALL) -m 0700 -d $(DESTDIR)@CONFDIR@/aliases
+	$(INSTALL) -m 0600 doc/conf/aliases/*.conf $(DESTDIR)@CONFDIR@/aliases
+	$(INSTALL) -m 0700 -d $(DESTDIR)@CONFDIR@/help
+	$(INSTALL) -m 0600 doc/conf/help/*.conf $(DESTDIR)@CONFDIR@/help
+	$(INSTALL) -m 0700 -d $(DESTDIR)@CONFDIR@/examples
+	$(INSTALL) -m 0600 doc/conf/examples/*.conf $(DESTDIR)@CONFDIR@/examples
+	$(INSTALL) -m 0700 unrealircd $(DESTDIR)@SCRIPTDIR@
+	$(INSTALL) -m 0700 -d $(DESTDIR)@MODULESDIR@
+	@rm -f $(DESTDIR)@MODULESDIR@/*.so 1>/dev/null 2>&1
+	$(INSTALL) -m 0700 src/modules/*.so $(DESTDIR)@MODULESDIR@
+	$(INSTALL) -m 0700 -d $(DESTDIR)@MODULESDIR@/usermodes
+	@rm -f $(DESTDIR)@MODULESDIR@/usermodes/*.so 1>/dev/null 2>&1
+	$(INSTALL) -m 0700 src/modules/usermodes/*.so $(DESTDIR)@MODULESDIR@/usermodes
+	$(INSTALL) -m 0700 -d $(DESTDIR)@MODULESDIR@/chanmodes
+	@rm -f $(DESTDIR)@MODULESDIR@/chanmodes/*.so 1>/dev/null 2>&1
+	$(INSTALL) -m 0700 src/modules/chanmodes/*.so $(DESTDIR)@MODULESDIR@/chanmodes
+	$(INSTALL) -m 0700 -d $(DESTDIR)@MODULESDIR@/snomasks
+	@rm -f $(DESTDIR)@MODULESDIR@/snomasks/*.so 1>/dev/null 2>&1
+	$(INSTALL) -m 0700 src/modules/snomasks/*.so $(DESTDIR)@MODULESDIR@/snomasks
+	$(INSTALL) -m 0700 -d $(DESTDIR)@MODULESDIR@/extbans
+	@rm -f $(DESTDIR)@MODULESDIR@/extbans/*.so 1>/dev/null 2>&1
+	$(INSTALL) -m 0700 src/modules/extbans/*.so $(DESTDIR)@MODULESDIR@/extbans
+	@#If the conf/ssl directory exists then rename it here to conf/tls
+	@#and add a symlink for backwards compatibility (so that f.e. certbot
+	@#doesn't randomly fail after an upgrade to U5).
+	-@if [ -d "$(DESTDIR)@CONFDIR@/ssl" ] ; then \
+		mv "$(DESTDIR)@CONFDIR@/ssl" "$(DESTDIR)@CONFDIR@/tls" ; \
+		ln -s "$(DESTDIR)@CONFDIR@/tls" "$(DESTDIR)@CONFDIR@/ssl" ; \
+	fi
+	$(INSTALL) -m 0700 -d $(DESTDIR)@CONFDIR@/tls
+	$(INSTALL) -m 0600 doc/conf/tls/curl-ca-bundle.crt $(DESTDIR)@CONFDIR@/tls
+	@# delete modules/cap directory, to avoid confusing with U4 to U5 upgrades:
+	rm -rf $(DESTDIR)@MODULESDIR@/cap
+	$(INSTALL) -m 0700 -d $(DESTDIR)@MODULESDIR@/third
+	@rm -f $(DESTDIR)@MODULESDIR@/third/*.so 1>/dev/null 2>&1
+	@#This step can fail with zero files, so we ignore exit status:
+	-$(INSTALL) -m 0700 src/modules/third/*.so $(DESTDIR)@MODULESDIR@/third
+	$(INSTALL) -m 0700 -d $(DESTDIR)@TMPDIR@
+	$(INSTALL) -m 0700 -d $(DESTDIR)@CACHEDIR@
+	$(INSTALL) -m 0700 -d $(DESTDIR)@PERMDATADIR@
+	$(INSTALL) -m 0700 -d $(DESTDIR)@LOGDIR@
+	-@if [ ! -f "$(DESTDIR)@CONFDIR@/tls/server.cert.pem" ] ; then \
+		$(INSTALL) -m 0600 server.req.pem $(DESTDIR)@CONFDIR@/tls ; \
+		$(INSTALL) -m 0600 server.key.pem $(DESTDIR)@CONFDIR@/tls ; \
+		$(INSTALL) -m 0600 server.cert.pem $(DESTDIR)@CONFDIR@/tls ; \
+	fi
+	@rm -f $(DESTDIR)@SCRIPTDIR@/source
+	ln -s @BUILDDIR@ $(DESTDIR)@SCRIPTDIR@/source
 	@echo ''
 	@echo '* UnrealIRCd is now installed.'
 	
@@ -244,7 +249,7 @@ install: all
 	@echo '* To start/stop UnrealIRCd run: @SCRIPTDIR@/unrealircd"'
 	@echo ''
 	@echo '* Consult the documentation online at:'
-	@echo '  * https://www.unrealircd.org/docs/UnrealIRCd_4_documentation'
+	@echo '  * https://www.unrealircd.org/docs/'
 	@echo '  * https://www.unrealircd.org/docs/FAQ'
 	@echo '* You may also wish to install a cron job to ensure UnrealIRCd is always running:'
 	@echo '  * https://www.unrealircd.org/docs/Cron_job'
@@ -253,32 +258,19 @@ install: all
 		echo 'Again, be sure to change to the @SCRIPTDIR@ directory!' ; \
 	fi
 
-### TODO: all the stuff below ;) ###
-pem:	src/ssl.cnf
-	@echo "Generating certificate request .. "
+pem:	extras/tls.cnf
+	@echo "Generating server key..."
+	$(OPENSSLPATH) ecparam -out server.key.pem -name secp384r1 -genkey
+	@echo "Generating certificate request..."
 	$(OPENSSLPATH) req -new \
-              -config src/ssl.cnf -sha256 -out server.req.pem \
-              -keyout server.key.pem -nodes
-	@echo "Generating self-signed certificate .. "
-	$(OPENSSLPATH) req -x509 -days 3650 -sha256 -in server.req.pem \
+              -config extras/tls.cnf -sha256 -out server.req.pem \
+              -key server.key.pem -nodes
+	@echo "Generating self-signed certificate..."
+	$(OPENSSLPATH) req -x509 -days 3650 -sha256 -nodes -in server.req.pem \
                -key server.key.pem -out server.cert.pem
-	@echo "Generating fingerprint .."
-	$(OPENSSLPATH) x509 -subject -dates -sha256 -fingerprint -noout \
-		-in server.cert.pem
-	@echo "Setting o-rwx & g-rwx for files... "
+	@echo "Setting permissions on server.*.pem files..."
 	chmod o-rwx server.req.pem server.key.pem server.cert.pem
 	chmod g-rwx server.req.pem server.key.pem server.cert.pem
-	@echo "Done!. If you want to encrypt the private key, run"
-	@echo "make encpem"
-
-encpem: server.key.pem
-	@echo "Encrypting server key .."
-	$(OPENSSLPATH) rsa -in server.key.pem -out server.key.c.pem -des3
-	-@if [ -f server.key.c.pem ] ; then \
-		echo "Replacing unencrypted with encrypted .." ; \
-		cp server.key.c.pem server.key.pem ; \
-		rm -f server.key.c.pem ; \
-	fi
 
 Makefile: config.status Makefile.in
 	./config.status

README.md

@@ -1,13 +1,11 @@
-[![Build Status - *NIX](https://travis-ci.org/unrealircd/unrealircd.svg?branch=unreal40)](https://travis-ci.org/unrealircd/unrealircd)
-[![Build Status - Windows](https://ci.appveyor.com/api/projects/status/9kgectl2mfyia0s5/branch/unreal40?svg=true)](https://ci.appveyor.com/project/syzop/unrealircd/branch/unreal40)
 [![Twitter Follow](https://img.shields.io/twitter/follow/Unreal_IRCd.svg?style=social&label=Follow)](https://twitter.com/Unreal_IRCd)
 
 ## About UnrealIRCd
 UnrealIRCd is an Open Source IRC Server, serving thousands of networks since 1999. 
 It runs on Linux, OS X and Windows and is currently the most widely deployed IRCd
-with a market share of over 50%. UnrealIRCd is a highly advanced IRCd with a strong
+with a market share of 42%. UnrealIRCd is a highly advanced IRCd with a strong
 focus on modularity, an advanced and highly configurable configuration file.
-Key features include SSL, cloaking, its advanced anti-flood and anti-spam systems,
+Key features include SSL/TLS, cloaking, its advanced anti-flood and anti-spam systems,
 swear filtering and module support. We are also particularly proud on our extensive
 online documentation. 
 
@@ -22,7 +20,10 @@ Simply download the UnrealIRCd Windows version from www.unrealircd.org
 Alternatively you can compile UnrealIRCd for Windows yourself. However this is not straightforward and thus not recommended.
 
 #### *BSD/Linux/macOS
-First you must compile the IRCd:
+Do the following steps under a separate account for running UnrealIRCd,
+[do NOT compile or run as root](https://www.unrealircd.org/docs/Do_not_run_as_root).
+
+### Step 1: Compile the IRCd
 
 * Run `./Config`
 * Run `make`

SECURITY.md

@@ -0,0 +1,22 @@
+# Security Policy
+
+## Supported Versions
+* The latest *stable* release of the 5.x branch (until 2023-07-01)
+* The latest *stable* release of the 6.x branch
+
+See [UnrealIRCd releases](https://www.unrealircd.org/docs/UnrealIRCd_releases) for information on older versions and End Of Life dates.
+
+## Reporting a Vulnerability
+
+Please report issues on the [bug tracker](https://bugs.unrealircd.org) and in the bug submit form **set the 'View Status' to 'private'**.
+
+Do not report security issues on the forums or in a public IRC channel such as #unreal-support.
+If you insist on e-mail then you can use syzop@unrealircd.org or security@unrealircd.org. Again, the bug tracker is preferred.
+
+If you are *unsure* if something is a security issue, then report it at the bug tracker as a 'private' bug anyway. Better safe than sorry.
+Do not ask around in public channels or forums.
+
+You should get a response or at least an acknowledgement soon. If you don't hear back within 24 hours, then please try to contact us again.
+
+## Full policy
+See https://www.unrealircd.org/docs/Policy:_Handling_of_security_issues for full information.

appveyor.yml

@@ -1,10 +0,0 @@
-version: 4.0.x-devbuild-{build}
-environment:
-  matrix:
-  - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2017"
-    TARGET: "Visual Studio 2017"
-    SHORTNAME: "vs2017"
-init:
-  - cmd: git config --global core.autocrlf true
-build_script:
-  - cmd: call extras\\build-tests\\windows\\build.bat

autoconf/m4/unreal.m4

@@ -145,7 +145,7 @@ AC_ARG_ENABLE(ssl,
 	[enable_ssl=no])
 AS_IF([test $enable_ssl != "no"],
 	[ 
-	AC_MSG_CHECKING([for openssl])
+	AC_MSG_CHECKING([for OpenSSL])
 	for dir in $enable_ssl /usr/local/opt/openssl /usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/sfw /usr/local /usr; do
 		ssldir="$dir"
 		if test -f "$dir/include/openssl/ssl.h"; then
@@ -169,15 +169,46 @@ AS_IF([test $enable_ssl != "no"],
 		AC_MSG_RESULT(not found)
 		echo ""
 		echo "Apparently you do not have both the openssl binary and openssl development libraries installed."
-		echo "Please install the needed binaries and libraries."
-		echo "The package is often called 'openssl-dev', 'openssl-devel' or 'libssl-dev'"
-		echo "After doing so re-run ./Config"
+		echo "The following packages are required:"
+		echo "1) The library package is often called 'openssl-dev', 'openssl-devel' or 'libssl-dev'"
+		echo "2) The binary package is usually called 'openssl'."
+		echo "NOTE: you or your system administrator needs to install the library AND the binary package."
+		echo "After doing so, simply re-run ./Config"
 		exit 1
 	else
 		CRYPTOLIB="-lssl -lcrypto";
 		if test ! "$ssldir" = "/usr" ; then
 			LDFLAGS="$LDFLAGS -L$ssldir/lib";
+			dnl check if binary path exists
+			if test -f "$ssldir/bin/openssl"; then
+			    OPENSSLPATH="$ssldir/bin/openssl";
+			fi
 		fi
+		dnl linking require -ldl?
+		AC_MSG_CHECKING([OpenSSL linking with -ldl])
+		SAVE_LIBS="$LIBS"
+		LIBS="$LIBS $CRYPTOLIB -ldl"
+		AC_TRY_LINK([#include <openssl/err.h>], [ERR_clear_error();],
+		[
+			AC_MSG_RESULT(yes)
+			CRYPTOLIB="$CRYPTOLIB -ldl"
+		],
+		[
+			AC_MSG_RESULT(no)
+
+			dnl linking require both -ldl and -lpthread?
+			AC_MSG_CHECKING([OpenSSL linking with -ldl and -lpthread])
+			LIBS="$SAVE_LIBS $CRYPTOLIB -ldl -lpthread"
+			AC_TRY_LINK([#include <openssl/err.h>], [ERR_clear_error();],
+			[
+				AC_MSG_RESULT(yes)
+				CRYPTOLIB="$CRYPTOLIB -ldl -lpthread"
+			],
+			[
+				AC_MSG_RESULT(no)
+			])
+		])
+		LIBS="$SAVE_LIBS"
 	fi
 	])
 ])
@@ -190,14 +221,94 @@ SAVE_LIBS="$LIBS"
 LIBS="$LIBS $CRYPTOLIB"
 AC_TRY_LINK([#include <openssl/ssl.h>],
 	[SSL_CTX *ctx = NULL; SSL_CTX_set1_curves_list(ctx, "test");],
-	has_curves=1,
-	has_curves=0)
+	has_function=1,
+	has_function=0)
 LIBS="$SAVE_LIBS"
 AC_LANG_POP(C)
-if test $has_curves = 1; then
+if test $has_function = 1; then
 	AC_MSG_RESULT([yes])
 	AC_DEFINE([HAS_SSL_CTX_SET1_CURVES_LIST], [], [Define if ssl library has SSL_CTX_set1_curves_list])
 else
 	AC_MSG_RESULT([no])
 fi
 ])
+
+AC_DEFUN([CHECK_SSL_CTX_SET_MIN_PROTO_VERSION],
+[
+AC_MSG_CHECKING([for SSL_CTX_set_min_proto_version in SSL library])
+AC_LANG_PUSH(C)
+SAVE_LIBS="$LIBS"
+LIBS="$LIBS $CRYPTOLIB"
+AC_TRY_LINK([#include <openssl/ssl.h>],
+	[SSL_CTX *ctx = NULL; SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);],
+	has_function=1,
+	has_function=0)
+LIBS="$SAVE_LIBS"
+AC_LANG_POP(C)
+if test $has_function = 1; then
+	AC_MSG_RESULT([yes])
+	AC_DEFINE([HAS_SSL_CTX_SET_MIN_PROTO_VERSION], [], [Define if ssl library has SSL_CTX_set_min_proto_version])
+else
+	AC_MSG_RESULT([no])
+fi
+])
+
+AC_DEFUN([CHECK_SSL_CTX_SET_SECURITY_LEVEL],
+[
+AC_MSG_CHECKING([for SSL_CTX_set_security_level in SSL library])
+AC_LANG_PUSH(C)
+SAVE_LIBS="$LIBS"
+LIBS="$LIBS $CRYPTOLIB"
+AC_TRY_LINK([#include <openssl/ssl.h>],
+	[SSL_CTX *ctx = NULL; SSL_CTX_set_security_level(ctx, 1);],
+	has_function=1,
+	has_function=0)
+LIBS="$SAVE_LIBS"
+AC_LANG_POP(C)
+if test $has_function = 1; then
+	AC_MSG_RESULT([yes])
+	AC_DEFINE([HAS_SSL_CTX_SET_SECURITY_LEVEL], [], [Define if ssl library has SSL_CTX_set_security_level])
+else
+	AC_MSG_RESULT([no])
+fi
+])
+
+AC_DEFUN([CHECK_ASN1_TIME_diff],
+[
+AC_MSG_CHECKING([for ASN1_TIME_diff in SSL library])
+AC_LANG_PUSH(C)
+SAVE_LIBS="$LIBS"
+LIBS="$LIBS $CRYPTOLIB"
+AC_TRY_LINK([#include <openssl/ssl.h>],
+	[int one, two; ASN1_TIME_diff(&one, &two, NULL, NULL);],
+	has_function=1,
+	has_function=0)
+LIBS="$SAVE_LIBS"
+AC_LANG_POP(C)
+if test $has_function = 1; then
+	AC_MSG_RESULT([yes])
+	AC_DEFINE([HAS_ASN1_TIME_diff], [], [Define if ssl library has ASN1_TIME_diff])
+else
+	AC_MSG_RESULT([no])
+fi
+])
+
+AC_DEFUN([CHECK_X509_get0_notAfter],
+[
+AC_MSG_CHECKING([for X509_get0_notAfter in SSL library])
+AC_LANG_PUSH(C)
+SAVE_LIBS="$LIBS"
+LIBS="$LIBS $CRYPTOLIB"
+AC_TRY_LINK([#include <openssl/ssl.h>],
+	[X509_get0_notAfter(NULL);],
+	has_function=1,
+	has_function=0)
+LIBS="$SAVE_LIBS"
+AC_LANG_POP(C)
+if test $has_function = 1; then
+	AC_MSG_RESULT([yes])
+	AC_DEFINE([HAS_X509_get0_notAfter], [], [Define if ssl library has X509_get0_notAfter])
+else
+	AC_MSG_RESULT([no])
+fi
+])

autogen.sh

@@ -1,4 +1,6 @@
 #!/bin/bash
+echo "Regenerating 'configure' and headers..."
+echo "NOTE: Normally only UnrealIRCd developers run this command!!"
 
 cd "$(dirname "${0}")"
 

configure.ac

@@ -2,13 +2,12 @@ dnl Process this file with autoconf to produce a configure script.
 
 dnl When updating the version, remember to update the following files
 dnl appropriately:
-dnl
-dnl include/win32/setup.h
-dnl src/win32/unrealinst.iss
-dnl .CHANGES.NEW
+dnl include/windows/setup.h
+dnl src/windows/unrealinst.iss
+dnl doc/Config.header
 dnl src/version.c.SH
 
-AC_INIT([unrealircd], [4.0.19-rc2], [http://bugs.unrealircd.org/], [], [http://unrealircd.org/])
+AC_INIT([unrealircd], [5.2.4], [https://bugs.unrealircd.org/], [], [https://unrealircd.org/])
 AC_CONFIG_SRCDIR([src/ircd.c])
 AC_CONFIG_HEADER([include/setup.h])
 AC_CONFIG_AUX_DIR([autoconf])
@@ -23,131 +22,78 @@ dnl Save CFLAGS, use this when building the libraries like c-ares
 orig_cflags="$CFLAGS"
 
 dnl Save build directory early on (used in our m4 macros too)
-BUILDDIR="`pwd`"
-AC_SUBST(BUILDDIR)
+BUILDDIR_NOW="`pwd`"
 
 dnl Calculate the versions. Perhaps the use of expr is a little too extravagant
 # Generation version number (e.g.: X in X.Y.Z)
-UNREAL_VERSION_GENERATION=["4"]
+UNREAL_VERSION_GENERATION=["5"]
 AC_DEFINE_UNQUOTED([UNREAL_VERSION_GENERATION], [$UNREAL_VERSION_GENERATION], [Generation version number (e.g.: X for X.Y.Z)])
 
 # Major version number (e.g.: Y in X.Y.Z)
-UNREAL_VERSION_MAJOR=["0"]
+UNREAL_VERSION_MAJOR=["2"]
 AC_DEFINE_UNQUOTED([UNREAL_VERSION_MAJOR], [$UNREAL_VERSION_MAJOR], [Major version number (e.g.: Y for X.Y.Z)])
 
 # Minor version number (e.g.: Z in X.Y.Z)
-UNREAL_VERSION_MINOR=["19"]
+UNREAL_VERSION_MINOR=["4"]
 AC_DEFINE_UNQUOTED([UNREAL_VERSION_MINOR], [$UNREAL_VERSION_MINOR], [Minor version number (e.g.: Z for X.Y.Z)])
 
 # The version suffix such as a beta marker or release candidate
 # marker. (e.g.: -rcX for unrealircd-3.2.9-rcX). This macro is a
 # string instead of an integer because it contains arbitrary data.
-UNREAL_VERSION_SUFFIX=["-rc2"]
+UNREAL_VERSION_SUFFIX=[""]
 AC_DEFINE_UNQUOTED([UNREAL_VERSION_SUFFIX], ["$UNREAL_VERSION_SUFFIX"], [Version suffix such as a beta marker or release candidate marker. (e.g.: -rcX for unrealircd-3.2.9-rcX)])
 
-AC_PROG_CC
-if test "$ac_cv_prog_gcc" = "yes"; then
-CFLAGS="$CFLAGS -funsigned-char"
-AC_CACHE_CHECK(if gcc has a working -pipe, ac_cv_pipe, [
-	save_cflags="$CFLAGS"
-	CFLAGS="$CFLAGS -pipe"
-	AC_TRY_COMPILE(,, ac_cv_pipe="yes", ac_cv_pipe="no")
-	CFLAGS="$save_cflags"
-])
-if test "$ac_cv_pipe" = "yes"; then
-CFLAGS="-pipe $CFLAGS"
-fi
-fi
-
-dnl UnrealIRCd might not be strict-aliasing safe at this time
-AC_CACHE_CHECK(if the compiler has a working -fno-strict-aliasing, ac_cv_nsa, [
-	save_cflags="$CFLAGS"
-	CFLAGS="$CFLAGS -fno-strict-aliasing"
-	AC_TRY_COMPILE(,, ac_cv_nsa="yes", ac_cv_nsa="no")
-	CFLAGS="$save_cflags"
-])
-if test "$ac_cv_nsa" = "yes"; then
-CFLAGS="$CFLAGS -fno-strict-aliasing"
-fi
-
-dnl Pointer signedness warnings are really a pain and 99.9% of the time
-dnl they are of absolutely no use whatsoever. IMO the person who decided
-dnl to enable this without -Wall should be shot on sight.
-AC_CACHE_CHECK(if the compiler has a working -Wno-pointer-sign, ac_cv_nps, [
-	save_cflags="$CFLAGS"
-	CFLAGS="$CFLAGS -Wno-pointer-sign"
-	AC_TRY_COMPILE(,, ac_cv_nps="yes", ac_cv_nps="no")
-	CFLAGS="$save_cflags"
-])
-if test "$ac_cv_nps" = "yes"; then
-CFLAGS="$CFLAGS -Wno-pointer-sign"
-fi
-
-dnl This is purely for charsys.c... I like it so we can easily read
-dnl this for non-utf8. We can remove it once we ditch non-utf8 some day
-dnl of course, or decide to ignore me and encode them.
-AC_CACHE_CHECK(if the compiler has a working -Wno-invalid-source-encoding, ac_cv_nise, [
-	save_cflags="$CFLAGS"
-	CFLAGS="$CFLAGS -Wno-invalid-source-encoding"
-	AC_TRY_COMPILE(,, ac_cv_nise="yes", ac_cv_nise="no")
-	CFLAGS="$save_cflags"
-])
-if test "$ac_cv_nise" = "yes"; then
-CFLAGS="$CFLAGS -Wno-invalid-source-encoding"
-fi
-
-dnl Pffff..
-AC_CACHE_CHECK(if the compiler has a working -Wno-format-zero-length, ac_cv_nfzl, [
-	save_cflags="$CFLAGS"
-	CFLAGS="$CFLAGS -Wno-format-zero-length"
-	AC_TRY_COMPILE(,, ac_cv_nfzl="yes", ac_cv_nfzl="no")
-	CFLAGS="$save_cflags"
-])
-if test "$ac_cv_nfzl" = "yes"; then
-CFLAGS="$CFLAGS -Wno-format-zero-length"
-fi
-
-dnl More and more and more....
-AC_CACHE_CHECK(if the compiler has a working -Wno-format-truncation, ac_cv_nft, [
-	save_cflags="$CFLAGS"
-	CFLAGS="$CFLAGS -Wno-format-truncation -Werror"
-	AC_TRY_COMPILE(,, ac_cv_nft="yes", ac_cv_nft="no")
-	CFLAGS="$save_cflags"
-])
-if test "$ac_cv_nft" = "yes"; then
-CFLAGS="$CFLAGS -Wno-format-truncation"
-fi
-
 AC_PATH_PROG(RM,rm)
 AC_PATH_PROG(CP,cp)
 AC_PATH_PROG(TOUCH,touch)
 AC_PATH_PROG(OPENSSLPATH,openssl)
+AS_IF([test x"$OPENSSLPATH" = "x"],
+[
+echo ""
+echo "Apparently you do not have both the openssl binary and openssl development libraries installed."
+echo "The following packages are required:"
+echo "1) The library package is often called 'openssl-dev', 'openssl-devel' or 'libssl-dev'"
+echo "2) The binary package is usually called 'openssl'."
+echo "NOTE: you or your system administrator needs to install the library AND the binary package."
+echo "After doing so, simply re-run ./Config"
+exit 1
+])
+
 AC_PATH_PROG(INSTALL,install)
-AC_CHECK_PROG(MAKER, gmake, gmake, make)
-AC_PATH_PROG(GMAKE,gmake)
 AC_PATH_PROG(GUNZIP, gunzip)
 AC_PATH_PROG(PKGCONFIG, pkg-config)
 
+dnl Check for compiler
+AC_PROG_CC_C99
+AS_IF([test "$ac_cv_prog_cc_c99" = "no"],
+	[AC_MSG_ERROR([No C99 compiler was found. Please install gcc or clang and other build tools. Eg, on Debian/Ubuntu you probably want to run the following as root: apt-get install build-essential ])])
+
+dnl Check for make moved down, so the above compiler check takes precedence.
+AC_CHECK_PROG(MAKER, gmake, gmake, make)
+AC_PATH_PROG(GMAKE,gmake)
+AS_IF([$MAKER --version | grep -q "GNU Make"],
+        [GNUMAKE="0"],
+        [AC_MSG_ERROR([It seems your system does not have make/gmake installed. If you are on Linux then install make, otherwise install gmake.])])
+
 dnl Checks for libraries.
 AC_CHECK_LIB(descrypt, crypt,
 	[AC_DEFINE([HAVE_CRYPT], [], [Define if you have crypt])
-		IRCDLIBS="$IRCDLIBS-ldescrypt "
-		MKPASSWDLIBS="-ldescrypt"],
+		IRCDLIBS="$IRCDLIBS-ldescrypt "],
 	[AC_CHECK_LIB(crypt, crypt,
 		[AC_DEFINE([HAVE_CRYPT], [], [Define if you have crypt])
-			IRCDLIBS="$IRCDLIBS-lcrypt "
-			MKPASSWDLIBS="-lcrypt"])])
-AC_CHECK_LIB(socket, socket,
-	[IRCDLIBS="$IRCDLIBS-lsocket "
-		SOCKLIB="-lsocket"])
-AC_CHECK_LIB(nsl, inet_ntoa,
-	[IRCDLIBS="$IRCDLIBS-lnsl "
-		INETLIB="-lnsl"])
-AC_CHECK_LIB(crypto, RAND_egd,
-		AC_DEFINE(HAVE_RAND_EGD, 1, [Define if the libcrypto has RAND_egd]))
+			IRCDLIBS="$IRCDLIBS-lcrypt "])])
 
-AC_SUBST(IRCDLIBS)
-AC_SUBST(MKPASSWDLIBS)
+dnl Check for big-endian system, even though these hardly exist anymore...
+AS_CASE([$host_cpu],
+  [i?86|amd64|x86_64],
+    [ac_cv_c_bigendian=no]
+)
+AC_C_BIGENDIAN(
+  AC_DEFINE(NATIVE_BIG_ENDIAN, 1, [machine is bigendian]),
+  AC_DEFINE(NATIVE_LITTLE_ENDIAN, 1, [machine is littleendian]),
+  AC_MSG_ERROR([unknown endianness]),
+  AC_MSG_ERROR([universal endianness is not supported - compile separately and use lipo(1)])
+)
 
 dnl HARDENING START
 dnl This is taken from https://github.com/kmcallister/autoharden
@@ -165,13 +111,9 @@ LD="$flag_wrap $LD"
 
 # We use the same hardening flags for C and C++.  We must check that each flag
 # is supported by both compilers.
-AC_DEFUN([check_cc_cxx_flag],
+AC_DEFUN([check_cc_flag],
  [AC_LANG_PUSH(C)
-  AX_CHECK_COMPILE_FLAG([$1],
-   [AC_LANG_PUSH(C)
-    AX_CHECK_COMPILE_FLAG([$1], [$2], [$3], [-Werror $4])
-    AC_LANG_POP(C)],
-   [$3], [-Werror $4])
+  AX_CHECK_COMPILE_FLAG([$1], [$2], [$3], [-Werror $4])
   AC_LANG_POP(C)])
 
 AC_DEFUN([check_link_flag],
@@ -186,23 +128,29 @@ AC_ARG_ENABLE([hardening],
 HARDEN_CFLAGS=""
 HARDEN_LDFLAGS=""
 AS_IF([test x"$hardening" != x"no"], [
-  check_cc_cxx_flag([-fno-strict-overflow], [HARDEN_CFLAGS="$HARDEN_CFLAGS -fno-strict-overflow"])
+  check_cc_flag([-fno-strict-overflow], [HARDEN_CFLAGS="$HARDEN_CFLAGS -fno-strict-overflow"])
 
   # This one will likely succeed, even on platforms where it does nothing.
-  check_cc_cxx_flag([-D_FORTIFY_SOURCE=2], [HARDEN_CFLAGS="$HARDEN_CFLAGS -D_FORTIFY_SOURCE=2"])
+  check_cc_flag([-D_FORTIFY_SOURCE=2], [HARDEN_CFLAGS="$HARDEN_CFLAGS -D_FORTIFY_SOURCE=2"])
 
-  check_cc_cxx_flag([-fstack-protector-all],
+  check_cc_flag([-fstack-protector-all],
    [check_link_flag([-fstack-protector-all],
      [HARDEN_CFLAGS="$HARDEN_CFLAGS -fstack-protector-all"
-      check_cc_cxx_flag([-Wstack-protector], [HARDEN_CFLAGS="$HARDEN_CFLAGS -Wstack-protector"],
+      check_cc_flag([-Wstack-protector], [HARDEN_CFLAGS="$HARDEN_CFLAGS -Wstack-protector"],
         [], [-fstack-protector-all])
-      check_cc_cxx_flag([--param ssp-buffer-size=1], [HARDEN_CFLAGS="$HARDEN_CFLAGS --param ssp-buffer-size=1"],
+      check_cc_flag([--param ssp-buffer-size=1], [HARDEN_CFLAGS="$HARDEN_CFLAGS --param ssp-buffer-size=1"],
         [], [-fstack-protector-all])])])
 
+  # Added in UnrealIRCd 5.0.5 (default on Ubuntu 19.10)
+  check_cc_flag([-fstack-clash-protection], [HARDEN_CFLAGS="$HARDEN_CFLAGS -fstack-clash-protection"])
+
+  # Control Flow Enforcement (ROP hardening) - requires CPU hardware support
+  check_cc_flag([-fcf-protection], [HARDEN_CFLAGS="$HARDEN_CFLAGS -fcf-protection"])
+
   # At the link step, we might want -pie (GCC) or -Wl,-pie (Clang on OS X)
   #
   # The linker checks also compile code, so we need to include -fPIE as well.
-  check_cc_cxx_flag([-fPIE],
+  check_cc_flag([-fPIE],
    [check_link_flag([-fPIE -pie],
      [HARDEN_BINCFLAGS="-fPIE"
       HARDEN_BINLDFLAGS="-pie"],
@@ -224,6 +172,94 @@ CXX="$saved_CXX"
 LD="$saved_LD"
 dnl HARDENING END
 
+dnl UnrealIRCd might not be strict-aliasing safe at this time
+check_cc_flag([-fno-strict-aliasing], [CFLAGS="$CFLAGS -fno-strict-aliasing"])
+
+dnl UnrealIRCd should be able to compile with -fno-common
+dnl This also makes ASan (if it is in use) able to instrument these variables.
+check_cc_flag([-fno-common], [CFLAGS="$CFLAGS -fno-common"])
+
+dnl Previously -funsigned-char was in a config check. It would always
+dnl be enabled with gcc and clang. We now unconditionally enable it,
+dnl skipping the check. This will cause an error if someone uses a
+dnl non-gcc/non-clang compiler that does not support -funsigned-char
+dnl which is good. After all, we really depend on it.
+dnl UnrealIRCd should never be compiled without char being unsigned.
+CFLAGS="$CFLAGS -funsigned-char"
+
+dnl Compiler -W checks...
+
+dnl We should be able to turn this on unconditionally:
+CFLAGS="$CFLAGS -Wall"
+
+dnl More warnings (if the compiler supports it):
+check_cc_flag([-Wextra], [CFLAGS="$CFLAGS -Wextra"])
+check_cc_flag([-Waggregate-return], [CFLAGS="$CFLAGS -Waggregate-return"])
+dnl The following few are more experimental, if they have false positives we'll have
+dnl to disable them:
+dnl Can't use this, too bad: check_cc_flag([-Wlogical-op], [CFLAGS="$CFLAGS -Wlogical-op"])
+check_cc_flag([-Wduplicated-cond], [CFLAGS="$CFLAGS -Wduplicated-cond"])
+check_cc_flag([-Wduplicated-branches], [CFLAGS="$CFLAGS -Wduplicated-branches"])
+
+dnl And now to filter out certain warnings:
+dnl [!] NOTE REGARDING THE check_cc_flag used by these:
+dnl We check for the -Woption even though we are going to use -Wno-option.
+dnl This is due to the following (odd) gcc behavior:
+dnl "When an unrecognized warning option is requested (e.g.,
+dnl  -Wunknown-warning), GCC emits a diagnostic stating that the option is not
+dnl  recognized.  However, if the -Wno- form is used, the behavior is slightly
+dnl  different: no diagnostic is produced for -Wno-unknown-warning unless
+dnl  other diagnostics are being produced.  This allows the use of new -Wno-
+dnl  options with old compilers, but if something goes wrong, the compiler
+dnl  warns that an unrecognized option is present."
+dnl Since we don't want to use any unrecognized -Wno-option, we test for
+dnl -Woption instead.
+
+dnl Pointer signedness warnings are really a pain and 99.9% of the time
+dnl they are of absolutely no use whatsoever. IMO the person who decided
+dnl to enable this without -Wall should be shot on sight.
+check_cc_flag([-Wpointer-sign], [CFLAGS="$CFLAGS -Wno-pointer-sign"])
+
+dnl This is purely for charsys.c... I like it so we can easily read
+dnl this for non-utf8. We can remove it once we ditch non-utf8 some day
+dnl of course, or decide to ignore me and encode them.
+check_cc_flag([-Winvalid-source-encoding], [CFLAGS="$CFLAGS -Wno-invalid-source-encoding"])
+
+check_cc_flag([-Wformat-zero-length], [CFLAGS="$CFLAGS -Wno-format-zero-length"])
+
+check_cc_flag([-Wformat-truncation], [CFLAGS="$CFLAGS -Wno-format-truncation"])
+
+dnl While it can be useful to occasionally to compile with warnings about
+dnl unused variables and parameters, we often 'think ahead' when coding things
+dnl so they may be useless now but not later. Similarly, for variables, we
+dnl don't always care about a variable that may still be present in a build
+dnl without DEBUGMODE. Unused variables are optimized out anyway.
+check_cc_flag([-Wunused], [CFLAGS="$CFLAGS -Wno-unused"])
+check_cc_flag([-Wunused-parameter], [CFLAGS="$CFLAGS -Wno-unused-parameter"])
+check_cc_flag([-Wunused-but-set-parameter], [CFLAGS="$CFLAGS -Wno-unused-but-set-parameter"])
+
+dnl We use this and this warning is meaningless since 'char' is always unsigned
+dnl in UnrealIRCd compiles (-funsigned-char).
+check_cc_flag([-Wchar-subscripts], [CFLAGS="$CFLAGS -Wno-char-subscripts"])
+
+check_cc_flag([-Wsign-compare], [CFLAGS="$CFLAGS -Wno-sign-compare"])
+
+dnl Don't warn about empty body, we use this, eg via Debug(()) or in if's.
+check_cc_flag([-Wempty-body], [CFLAGS="$CFLAGS -Wno-empty-body"])
+
+dnl This one fails with ircstrdup(var, staticstring)
+dnl Shame we have to turn it off completely...
+check_cc_flag([-Waddress], [CFLAGS="$CFLAGS -Wno-address"])
+
+dnl This one breaks our TO_INTFUNC() that is used in m_tkl for tkl_typetochar
+check_cc_flag([-Wcast-function-type], [CFLAGS="$CFLAGS -Wno-cast-function-type"])
+
+AS_IF([$CC --version | grep -q "clang version 3."],
+        [CFLAGS="$CFLAGS -Wno-tautological-compare"])
+
+dnl End of -W... compiler checks.
+
+
 dnl module checking based on Hyb7's module checking code
 AC_DEFUN([AC_ENABLE_DYN],
 [
@@ -289,8 +325,6 @@ dnl AC_DEFINE([DYNAMIC_LINKING], [], [Link dynamically as opposed to statically.
 ])
 
 AC_CACHE_CHECK([if your system has IPv6 support], [ac_cv_ip6], [
-save_libs="$LIBS"
-LIBS="$LIBS $SOCKLIB"
 AC_TRY_RUN([
 #include <sys/types.h>
 #include <sys/socket.h>
@@ -305,189 +339,23 @@ exit(0); /* We only check if the code compiles, that's enough. We can deal with
 if test "$ac_cv_ip6" = "no"; then
 	AC_MSG_ERROR([Your system does not support IPv6])
 fi
-LIBS="$save_libs"
 
-AC_CHECK_HEADER(sys/param.h,
-	AC_DEFINE([PARAMH], [], [Define if you have the <sys/param.h> header file.]))
-AC_CHECK_HEADER(stdlib.h,
-	AC_DEFINE([STDLIBH], [], [Define if you have the <stdlib.h> header file.]))
-AC_CHECK_HEADER(stddef.h,
-	AC_DEFINE([STDDEFH], [], [Define if you have the <stddef.h> header file.]))
 AC_CHECK_HEADER(sys/syslog.h,
 	AC_DEFINE([SYSSYSLOGH], [], [Define if you have the <sys/syslog.h> header file.]))
-AC_CHECK_HEADER(unistd.h,
-	AC_DEFINE([UNISTDH], [], [Define if you have the <unistd.h> header file.]))
-AC_CHECK_HEADER(string.h,
-	AC_DEFINE([STRINGH], [], [Define if you have the <string.h> header file.]))
-AC_CHECK_HEADER(strings.h,
-	AC_DEFINE([STRINGSH], [], [Define if you have the <strings.h> header file.]))
-AC_CHECK_HEADER(malloc.h,
-	AC_DEFINE([MALLOCH], [<malloc.h>], [Define to <malloc.h> you need malloc.h.]))
 AC_CHECK_HEADER(sys/rusage.h,
 	AC_DEFINE([RUSAGEH], [], [Define if you have the <sys/rusage.h> header file.]))
 AC_CHECK_HEADER(glob.h,
 	AC_DEFINE([GLOBH], [], [Define if you have the <glob.h> header file.]))
 AC_CHECK_HEADERS([stdint.h inttypes.h])
-dnl Checks for typedefs, structures, and compiler characteristics.
-AC_C_CONST
-AC_C_INLINE
 
-AC_TYPE_MODE_T
-AC_TYPE_SIZE_T
-AC_TYPE_INTPTR_T
-
-AC_HEADER_TIME
-AC_HEADER_SYS_WAIT
-AC_STRUCT_TM
-AC_TYPE_UID_T
-unreal_CHECK_TYPE_SIZES
-
-dnl in the future, it would be nice to avoid AC_TRY_RUN to allow
-dnl better support for crosscompiling.
-AC_CACHE_CHECK([what kind of nonblocking sockets you have], [ac_cv_nonblocking],[
-save_libs="$LIBS"
-LIBS="$LIBS $SOCKLIB"
-AC_TRY_RUN([
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <fcntl.h>
-#include <sys/ioctl.h>
-#include <sys/file.h>
-#include <signal.h>
-alarmed() {
-exit(1);
-}
-int main() {
-#ifdef O_NONBLOCK
-char b[12], x[32];
-int f, l = sizeof(x);
-f = socket(AF_INET, SOCK_DGRAM, 0);
-if (f >= 0 && !(fcntl(f, F_SETFL, O_NONBLOCK))) {
-signal(SIGALRM, alarmed);
-alarm(3);
-recvfrom(f, b, 12, 0, (struct sockaddr *)x, &l);
-alarm(0);
-exit(0);
-}
-#endif
-exit(1);
-}
-],ac_cv_nonblocking=O_NONBLOCK,[
-AC_TRY_RUN([
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <fcntl.h>
-#include <sys/ioctl.h>
-#include <sys/file.h>
-#include <signal.h>
-alarmed() {
-exit(0);
-}
-int main() {
-#ifdef O_NDELAY
-char b[12], x[32];
-int f, l = sizeof(x);
-f = socket(AF_INET, SOCK_DGRAM, 0);
-if (f >= 0 && !(fcntl(f, F_SETFL, O_NDELAY))) {
-signal(SIGALRM, alarmed);
-alarm(3);
-recvfrom(f, b, 12, 0, (struct sockaddr *)x, &l);
-alarm(0);
-exit(0);
-}
-#endif
-exit(1);
-}],ac_cv_nonblocking=O_NDELAY,[
-AC_TRY_RUN([
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <fcntl.h>
-#include <sys/ioctl.h>
-#include <sys/file.h>
-#include <signal.h>
-alarmed() {
-exit(1);
-}
-int main() {
-#ifdef FIONBIO
-char b[12], x[32];
-int f, l = sizeof(x);
-f = socket(AF_INET, SOCK_DGRAM, 0);
-if (f >= 0 && !(fcntl(f, F_SETFL, FIONBIO))) {
-signal(SIGALRM, alarmed);
-alarm(3);
-recvfrom(f, b, 12, 0, (struct sockaddr *)x, &l);
-alarm(0);
-exit(0);
-}
-#endif
-exit(1);
-], ac_cv_nonblocking=FIONBIO,ac_cv_nonblocking=none)])])])
-if test "$ac_cv_nonblocking" = "O_NONBLOCK"; then
-	AC_DEFINE([NBLOCK_POSIX], [], [Define if you have O_NONBLOCK])
-elif test "$ac_cv_nonblocking" = "O_NDELAY"; then
-	AC_DEFINE([NBLOCK_BSD], [], [Define if you have O_NDELAY])
-elif test "$ac_cv_nonblocking" = "FIONBIO"; then
-	AC_DEFINE([NBLOCK_SYSV], [], [Define if you have FIONBIO])
-fi
-LIBS="$save_libs"
 dnl Checks for library functions.
-AC_PROG_GCC_TRADITIONAL
-AC_FUNC_SETPGRP
-AC_FUNC_SETVBUF_REVERSED
-AC_CHECK_FUNCS(snprintf,
-	AC_DEFINE([HAVE_SNPRINTF], [], [Define if you have snprintf]))
-AC_CHECK_FUNCS(vsnprintf,
-	AC_DEFINE([HAVE_VSNPRINTF], [], [Define if you have vsnprintf]))
 AC_CHECK_FUNCS(strlcpy,
 	AC_DEFINE([HAVE_STRLCPY], [], [Define if you have strlcpy. Otherwise, an internal implementation will be used!]))
 AC_CHECK_FUNCS(strlcat,
 	AC_DEFINE([HAVE_STRLCAT], [], [Define if you have strlcat]))
 AC_CHECK_FUNCS(strlncat,
 	AC_DEFINE([HAVE_STRLNCAT], [], [Define if you have strlncat]))
-AC_CHECK_FUNCS(inet_pton,
-	AC_DEFINE([HAVE_INET_PTON], [], [Define if you have inet_pton]))
-AC_CHECK_FUNCS(inet_ntop,
-	AC_DEFINE([HAVE_INET_NTOP], [], [Define if you have inet_ntop]))
-dnl Check if it supports C99 style variable length arrays
-AC_CACHE_CHECK([if C99 variable length arrays are supported], [ac_cv_varlen_arrays], [
-AC_TRY_COMPILE(,[
-int main() {
-int i = 5;
-int a[i];
-a[0] = 1;
-return 0;
-}], ac_cv_varlen_arrays=yes, ac_cv_varlen_arrays=no)
-])
-if test "$ac_cv_varlen_arrays" = "yes" ; then
-	AC_DEFINE([HAVE_C99_VARLEN_ARRAY], [], [Define if you have a compiler with C99 variable length array support])
-fi
 
-dnl This check doesn't need to be in ./configure, we can
-dnl write the sourcecode to actually handle the return value
-dnl of setrlimit if necessary... -- ohnobinki
-AC_CACHE_CHECK([if we can set the core size to unlimited], [ac_cv_force_core], [
-AC_TRY_RUN([
-#include <sys/time.h>
-#include <sys/resource.h>
-#include <unistd.h>
-int main() {
-struct rlimit corelim;
-corelim.rlim_cur = corelim.rlim_max = RLIM_INFINITY;
-if (setrlimit(RLIMIT_CORE, &corelim))
-exit(1);
-exit(0);
-}
-],ac_cv_force_core=yes,ac_cv_force_core=no)
-])
-if test "$ac_cv_force_core" = "yes"; then
-	AC_DEFINE([FORCE_CORE], [], [Define if you can set the core size to unlimited])
-fi
-AC_FUNC_VPRINTF
-AC_CHECK_FUNCS([gettimeofday],
-	[AC_DEFINE([GETTIMEOFDAY], [], [Define if you have gettimeofday])],
-	[AC_CHECK_FUNCS([lrand48],
-		[AC_DEFINE([LRADN48], [], [Define if you have lrand48])])])
 AC_CHECK_FUNCS([getrusage],
 	[AC_DEFINE([GETRUSAGE_2], [], [Define if you have getrusage])],
 	[AC_CHECK_FUNCS([times],
@@ -507,65 +375,14 @@ AC_CHECK_FUNCS([setproctitle],
 	]
 )
 
-
-AC_CACHE_CHECK([what type of signals you have], [ac_cv_sigtype], [
-AC_TRY_RUN([
-#include <signal.h>
-int main() {
-sigaction(SIGTERM, (struct sigaction *)0L, (struct sigaction *)0L);
-}
-], ac_cv_sigtype=POSIX, [
-AC_TRY_RUN([
-#include <signal.h>
-int	calls = 0;
-void	handler()
-{
-if (calls)
-return;
-calls++;
-kill(getpid(), SIGTERM);
-sleep(1);
-}
-
-int main() {
-signal(SIGTERM, handler);
-kill(getpid(), SIGTERM);
-exit(0);
-}
-], ac_cv_sigtype=BSD,ac_cv_sigtype=SYSV)])])
-
-if test "$ac_cv_sigtype" = "POSIX"; then
-	AC_DEFINE([POSIX_SIGNALS], [], [Define if you have POSIX signals])
-elif test "$ac_cv_sigtype" = "BSD"; then
-	AC_DEFINE([BSD_RELIABLE_SIGNALS], [], [Define if you have BSD signals])
-else
-	AC_DEFINE([SYSV_UNRELIABLE_SIGNALS], [], [Define if you have SYSV signals])
-fi 
-AC_CHECK_FUNCS(strtoken,,AC_DEFINE([NEED_STRTOKEN], [], [Define if you need the strtoken function.]))
-AC_CHECK_FUNCS(strtok,,AC_DEFINE([NEED_STRTOK], [], [Define if you need the strtok function.]))
-AC_CHECK_FUNCS(strerror,,AC_DEFINE([NEED_STRERROR], [], [Define if you need the strerror function.]))
-AC_CHECK_FUNCS(index,,AC_DEFINE([NOINDEX], [], [Define if you do not have the index function.]))
-AC_CHECK_FUNCS(strtoul,,STRTOUL="strtoul.o")
-AC_CHECK_FUNCS(bcopy,,AC_DEFINE([NEED_BCOPY], [], [Define if you don't have bcopy]))
-AC_CHECK_FUNCS(bcmp,,AC_DEFINE([NEED_BCMP], [], [Define if you don't have bcmp]))
-AC_CHECK_FUNCS(bzero,,AC_DEFINE([NEED_BZERO], [], [Define if you need bzero]))
-AC_CHECK_FUNCS(strcasecmp,AC_DEFINE([GOT_STRCASECMP], [], [Define if you have strcasecmp]))
-save_libs="$LIBS"
-LIBS="$LIBS $SOCKLIB $INETLIB"
-AC_CHECK_FUNCS(inet_addr,,AC_DEFINE([NEED_INET_ADDR], [], [Define if you need inet_addr]))
-AC_CHECK_FUNCS(inet_ntoa,,AC_DEFINE([NEED_INET_NTOA], [], [Define if you need inet_ntoa]))
-LIBS="$save_libs"
+AC_CHECK_FUNCS(explicit_bzero,AC_DEFINE([HAVE_EXPLICIT_BZERO], [], [Define if you have explicit_bzero]))
 AC_CHECK_FUNCS(syslog,AC_DEFINE([HAVE_SYSLOG], [], [Define if you have syslog]))
-AC_SUBST(STRTOUL)
 AC_SUBST(CRYPTOLIB)
 AC_SUBST(MODULEFLAGS)
 AC_SUBST(DYNAMIC_LDFLAGS)
 AC_ARG_WITH(nick-history, [AS_HELP_STRING([--with-nick-history=length],[Specify the length of the nickname history])],
 	[AC_DEFINE_UNQUOTED([NICKNAMEHISTORYLENGTH], [$withval], [Set to the nickname history length you want])],
 	[AC_DEFINE([NICKNAMEHISTORYLENGTH], [2000], [Set to the nickname history length you want])])
-AC_ARG_WITH([sendq], [AS_HELP_STRING([--with-sendq=maxsendq],[Specify the max sendq for the server])],
-	[AC_DEFINE_UNQUOTED([MAXSENDQLENGTH], [$withval], [Set to the max sendq you want])],
-	[AC_DEFINE([MAXSENDQLENGTH], [3000000], [Set to the max sendq you want])])
 AC_ARG_WITH(permissions, [AS_HELP_STRING([--with-permissions=permissions], [Specify the default permissions for
 configuration files])],
 	dnl We have an apparently out-of-place 0 here because of a MacOSX bug and because
@@ -592,6 +409,13 @@ AC_ARG_WITH(confdir, [AS_HELP_STRING([--with-confdir=path],[Specify the director
 	[AC_DEFINE_UNQUOTED([CONFDIR], ["$HOME/unrealircd/conf"], [Define the location of the configuration files])
 		CONFDIR="$HOME/unrealircd/conf"])
 
+dnl We have to pass the builddir as well, for the module manager
+AC_ARG_WITH(builddir, [AS_HELP_STRING([--with-builddir=path],[Specify the build directory])],
+	[AC_DEFINE_UNQUOTED([BUILDDIR], ["$withval"], [Define the build directory])
+		BUILDDIR="$withval"],
+	[AC_DEFINE_UNQUOTED([BUILDDIR], ["$BUILDDIR_NOW"], [Specify the build directory])
+		BUILDDIR="$BUILDDIR_NOW"])
+
 AC_ARG_WITH(modulesdir, [AS_HELP_STRING([--with-modulesdir=path],[Specify the directory for loadable modules])],
 	[AC_DEFINE_UNQUOTED([MODULESDIR], ["$withval"], [Define the location of the modules])
 		MODULESDIR="$withval"],
@@ -651,6 +475,7 @@ AS_IF([test "x$PRIVATELIBDIR" = "x"],
 		LDFLAGS="$LDFLAGS $LDFLAGS_PRIVATELIBS"
 		export LDFLAGS])
 
+AC_SUBST(BUILDDIR)
 AC_SUBST(BINDIR)
 AC_SUBST(SCRIPTDIR)
 AC_SUBST(CONFDIR)
@@ -665,10 +490,10 @@ AC_SUBST(DOCDIR)
 AC_SUBST(PIDFILE)
 AC_SUBST(LDFLAGS_PRIVATELIBS)
 
-AC_ARG_WITH(fd-setsize, [AS_HELP_STRING([--with-fd-setsize=size], [Specify the max file descriptors to use])],
+AC_ARG_WITH(maxconnections, [AS_HELP_STRING([--with-maxconnections=size], [Specify the max file descriptors to use])],
 	[ac_fd=$withval],
-	[ac_fd=1024])
-AC_DEFINE_UNQUOTED([MAXCONNECTIONS], [$ac_fd], [Set to the max connections you want])
+	[ac_fd=0])
+AC_DEFINE_UNQUOTED([MAXCONNECTIONS_REQUEST], [$ac_fd], [Set to the maximum number of connections you want])
 
 AC_ARG_ENABLE([prefixaq],
 	[AS_HELP_STRING([--disable-prefixaq],[Disable chanadmin (+a) and chanowner (+q) prefixes])],
@@ -681,29 +506,22 @@ AC_ARG_WITH(showlistmodes,
 	[AS_HELP_STRING([--with-showlistmodes], [Specify whether modes are shown in /list])],
 	[AS_IF([test $withval = "yes"],
 		[AC_DEFINE([LIST_SHOW_MODES], [], [Define if you want modes shown in /list])])])
-AC_ARG_WITH(topicisnuhost, [AS_HELP_STRING([--with-topicisnuhost], [Display nick!user@host as the topic setter])],
-	[AS_IF([test $withval = "yes"],
-		[AC_DEFINE([TOPIC_NICK_IS_NUHOST], [], [Define if you want nick!user@host shown for the topic setter])])])
-AC_ARG_WITH(shunnotices, [AS_HELP_STRING([--with-shunnotices], [Notify a user when he/she is no longer shunned])],
-	[AS_IF([test $withval = "yes"],
-		[AC_DEFINE([SHUN_NOTICES], [], [Define if you want users to be notified when their shun is removed])])])
 AC_ARG_WITH(no-operoverride, [AS_HELP_STRING([--with-no-operoverride], [Disable OperOverride])],
 	[AS_IF([test $withval = "yes"],
 		[AC_DEFINE([NO_OPEROVERRIDE], [], [Define if you want OperOverride disabled])])])
-AC_ARG_WITH(disableusermod, [AS_HELP_STRING([--with-disableusermod], [Disable /set* and /chg*])],
-	[AS_IF([test $withval = "yes"],
-		[AC_DEFINE([DISABLE_USERMOD], [], [Define if you want to disable /set* and /chg*])])])
 AC_ARG_WITH(operoverride-verify, [AS_HELP_STRING([--with-operoverride-verify], [Require opers to invite themselves to +s/+p channels])],
 	[AS_IF([test $withval = "yes"],
 		[AC_DEFINE([OPEROVERRIDE_VERIFY], [], [Define if you want opers to have to use /invite to join +s/+p channels])])])
-AC_ARG_WITH(disable-extendedban-stacking, [AS_HELP_STRING([--with-disable-extendedban-stacking], [Disable extended ban stacking])],
-       [AS_IF([test $withval = "yes"],
-       		[AC_DEFINE([DISABLE_STACKED_EXTBANS], [], [Define to disable extended ban stacking (~q:~c:\#chan, etc)])])])
-AC_ARG_WITH(system-tre, [AS_HELP_STRING([--with-system-tre], [Use the system tre package instead of bundled, discovered using pkg-config])], [], [with_system_tre=no])
-AC_ARG_WITH(system-pcre2, [AS_HELP_STRING([--with-system-pcre2], [Use the system pcre2 package instead of bundled, discovered using pkg-config])], [], [with_system_pcre2=no])
+AC_ARG_WITH(system-pcre2, [AS_HELP_STRING([--without-system-pcre2], [Use the system pcre2 package instead of bundled, discovered using pkg-config])], [], [with_system_pcre2=yes])
+AC_ARG_WITH(system-argon2, [AS_HELP_STRING([--without-system-argon2], [Use bundled version instead of system argon2 library. Normally autodetected via pkg-config])], [], [with_system_argon2=yes])
+AC_ARG_WITH(system-sodium, [AS_HELP_STRING([--without-system-sodium], [Use bundled version instead of system sodium library. Normally autodetected via pkg-config])], [], [with_system_sodium=yes])
 AC_ARG_WITH(system-cares, [AS_HELP_STRING([--without-system-cares], [Use bundled version instead of system c-ares. Normally autodetected via pkg-config.])], [], [with_system_cares=yes])
 CHECK_SSL
 CHECK_SSL_CTX_SET1_CURVES_LIST
+CHECK_SSL_CTX_SET_MIN_PROTO_VERSION
+CHECK_SSL_CTX_SET_SECURITY_LEVEL
+CHECK_ASN1_TIME_diff
+CHECK_X509_get0_notAfter
 AC_ARG_ENABLE(dynamic-linking, [AS_HELP_STRING([--disable-dynamic-linking], [Make the IRCd statically link with shared objects rather than dynamically (noone knows if disabling dynamic linking actually does anything or not)])],
 	[enable_dynamic_linking=$enableval], [enable_dynamic_linking="yes"])
 AS_IF([test $enable_dynamic_linking = "yes"],
@@ -716,29 +534,11 @@ AC_ARG_ENABLE([werror],
   [ac_cv_werror="$enableval"],
   [ac_cv_werror="no"])
 
-AC_MSG_CHECKING([if FD_SETSIZE is large enough to allow $ac_fd file descriptors])
-AC_COMPILE_IFELSE([
-#include <sys/types.h>
-#include <sys/time.h>
-int main() {
-#if FD_SETSIZE < $ac_fd
-#error FD_SETSIZE is smaller than $ac_fd
-#endif
-exit(0);
-}
-], AC_MSG_RESULT([yes]), [
-# must be passed on the commandline to avoid a ``warning, you redefined something''
-FD_SETSIZE="-DFD_SETSIZE=$ac_fd"
-AC_MSG_RESULT(no)
-])
-AC_SUBST([FD_SETSIZE])
-
-case `uname -s` in
-	*SunOS*|*solaris*)
-		AC_DEFINE([_SOLARIS], [], [Define if you are compiling unrealircd on Sun's (or Oracle's?) Solaris])
-		IRCDLIBS="$IRCDLIBS -lresolv "
-		;;
-esac
+AC_ARG_ENABLE([asan],
+  [AS_HELP_STRING([--enable-asan],
+    [Enable address sanitizer and other debugging options, not recommended for production servers!])],
+  [ac_cv_asan="$enableval"],
+  [ac_cv_asan="no"])
 
 AC_CHECK_FUNCS([poll],
 	AC_DEFINE([HAVE_POLL], [], [Define if you have poll]))
@@ -752,50 +552,15 @@ dnl fail on certain solaris boxes. We might as
 dnl well set it here.
 export PATH_SEPARATOR
 
-AS_IF([test "x$with_system_tre" = "xno"],[
-dnl REMEMBER TO CHANGE WITH A NEW TRE RELEASE!
-tre_version="0.8.0-git"
-AC_MSG_RESULT(extracting TRE regex library)
-cur_dir=`pwd`
-cd extras
-dnl remove old tre directory to force a recompile...
-dnl and remove its installation prefix just to clean things up.
-rm -rf tre-$tre_version rege[]xp
-if test "x$ac_cv_path_GUNZIP" = "x" ; then
-	tar xfz tre.tar.gz
-else
-	cp tre.tar.gz tre.tar.gz.bak
-	gunzip -f tre.tar.gz
-	cp tre.tar.gz.bak tre.tar.gz
-	tar xf tre.tar
-fi
-AC_MSG_RESULT(configuring TRE regex library)
-cd tre-$tre_version
-./configure --disable-agrep --enable-shared --disable-system-abi --disable-wchar --disable-multibyte --prefix=$cur_dir/extras/regexp --libdir=$PRIVATELIBDIR || exit 1
-AC_MSG_RESULT(compiling TRE regex library)
-$ac_cv_prog_MAKER || exit 1
-AC_MSG_RESULT(installing TRE regex library)
-$ac_cv_prog_MAKER install || exit 1
-TRE_CFLAGS="-I$cur_dir/extras/regexp/include"
-AC_SUBST(TRE_CFLAGS)
+dnl Use system pcre2 when available, unless --without-system-pcre2.
+has_system_pcre2="no"
+AS_IF([test "x$with_system_pcre2" = "xyes"],[
+PKG_CHECK_MODULES([PCRE2], libpcre2-8 >= 10.00,[has_system_pcre2=yes
+AS_IF([test "x$PRIVATELIBDIR" != "x"], [rm -f "$PRIVATELIBDIR/"libpcre2*])],[has_system_pcre2=no])])
 
-TRE_LIBS=
-AS_IF([test -n "$ac_cv_path_PKGCONFIG"],
-       [TRE_LIBS="`$ac_cv_path_PKGCONFIG --libs tre.pc`"])
-dnl For when pkg-config isn't available -- or for when pkg-config
-dnl doesn't see the tre.pc file somehow... (#3982)
-AS_IF([test -z "$TRE_LIBS"],
-       [TRE_LIBS="$PRIVATELIBDIR/libtre.so"])
-AC_SUBST(TRE_LIBS)
-cd $cur_dir
-],[
-dnl use pkgconfig for tre:
-PKG_CHECK_MODULES([TRE], tre >= 0.7.5)
-])
-
-AS_IF([test "x$with_system_pcre2" = "xno"],[
+AS_IF([test "$has_system_pcre2" = "no"], [
 dnl REMEMBER TO CHANGE WITH A NEW PCRE2 RELEASE!
-pcre2_version="10.30"
+pcre2_version="10.36"
 AC_MSG_RESULT(extracting PCRE2 regex library)
 cur_dir=`pwd`
 cd extras
@@ -819,7 +584,6 @@ AC_MSG_RESULT(installing PCRE2 regex library)
 $ac_cv_prog_MAKER install || exit 1
 PCRE2_CFLAGS="-I$cur_dir/extras/pcre2/include"
 AC_SUBST(PCRE2_CFLAGS)
-
 PCRE2_LIBS=
 dnl See c-ares's compilation section for more info on this hack.
 dnl ensure that we're linking against the bundled version of pcre2
@@ -832,9 +596,98 @@ AS_IF([test -z "$PCRE2_LIBS"],
        [PCRE2_LIBS="$PRIVATELIBDIR/libpcre2-8.so"])
 AC_SUBST(PCRE2_LIBS)
 cd $cur_dir
-],[
-dnl use pkgconfig for pcre2:
-PKG_CHECK_MODULES([PCRE2], libpcre2-8 >= 10.00)
+])
+
+dnl Use system argon2 when available, unless --without-system-argon2
+has_system_argon2="no"
+AS_IF([test "x$with_system_argon2" = "xyes"],[
+PKG_CHECK_MODULES([ARGON2], [libargon2 >= 0~20161029],[has_system_argon2=yes
+AS_IF([test "x$PRIVATELIBDIR" != "x"], [rm -f "$PRIVATELIBDIR/"libargon2*])],[has_system_argon2=no])])
+
+AS_IF([test "$has_system_argon2" = "no"],[
+dnl REMEMBER TO CHANGE WITH A NEW ARGON2 RELEASE!
+argon2_version="20181209"
+AC_MSG_RESULT(extracting Argon2 library)
+cur_dir=`pwd`
+cd extras
+dnl remove old argon2 directory to force a recompile...
+dnl and remove its installation prefix just to clean things up.
+rm -rf argon2-$argon2_version argon2
+if test "x$ac_cv_path_GUNZIP" = "x" ; then
+	tar xfz argon2-$argon2_version.tar.gz
+else
+	cp argon2-$argon2_version.tar.gz argon2-$argon2_version.tar.gz.bak
+	gunzip -f argon2-$argon2_version.tar.gz
+	cp argon2-$argon2_version.tar.gz.bak argon2-$argon2_version.tar.gz
+	tar xf argon2-$argon2_version.tar
+fi
+AC_MSG_RESULT(compiling Argon2 library)
+cd argon2-$argon2_version
+$ac_cv_prog_MAKER || exit 1
+AC_MSG_RESULT(installing Argon2 library)
+$ac_cv_prog_MAKER install PREFIX=$cur_dir/extras/argon2 || exit 1
+# We need to manually copy the libs to PRIVATELIBDIR because
+# there is no way to tell make install in libargon2 to do so.
+# BUT FIRST, delete the old library so it becomes an unlink+create
+# operation rather than overwriting the existing file which would
+# lead to a crash of the currently running IRCd.
+rm -f "$PRIVATELIBDIR/"libargon2*
+# Now copy the new library files:
+cp -av $cur_dir/extras/argon2/lib/* $PRIVATELIBDIR/
+ARGON2_CFLAGS="-I$cur_dir/extras/argon2/include"
+AC_SUBST(ARGON2_CFLAGS)
+ARGON2_LIBS="-L$PRIVATELIBDIR -largon2"
+AC_SUBST(ARGON2_LIBS)
+cd $cur_dir
+])
+
+dnl Use system sodium when available, unless --without-system-sodium
+has_system_sodium="no"
+AS_IF([test "x$with_system_sodium" = "xyes"],[
+PKG_CHECK_MODULES([SODIUM], [libsodium >= 1.0.16],[has_system_sodium=yes
+AS_IF([test "x$PRIVATELIBDIR" != "x"], [rm -f "$PRIVATELIBDIR/"libsodium*])],[has_system_sodium=no])])
+
+AS_IF([test "$has_system_sodium" = "no"],[
+dnl REMEMBER TO CHANGE WITH A NEW SODIUM RELEASE!
+sodium_version="1.0.18"
+AC_MSG_RESULT(extracting sodium library)
+cur_dir=`pwd`
+cd extras
+dnl remove old sodium directory to force a recompile...
+dnl and remove its installation prefix just to clean things up.
+rm -rf sodium-$sodium_version sodium
+if test "x$ac_cv_path_GUNZIP" = "x" ; then
+	tar xfz libsodium.tar.gz
+else
+	cp libsodium.tar.gz libsodium.tar.gz.bak
+	gunzip -f libsodium.tar.gz
+	cp libsodium.tar.gz.bak libsodium.tar.gz
+	tar xf libsodium.tar
+fi
+AC_MSG_RESULT(compiling sodium library)
+cd libsodium-$sodium_version
+save_cflags="$CFLAGS"
+CFLAGS="$orig_cflags"
+export CFLAGS
+./configure --prefix=$cur_dir/extras/sodium --libdir=$PRIVATELIBDIR --enable-shared --disable-static --enable-opt || exit 1
+CFLAGS="$save_cflags"
+AC_MSG_RESULT(compiling sodium resolver library)
+$ac_cv_prog_MAKER || exit 1
+AC_MSG_RESULT(installing sodium resolver library)
+$ac_cv_prog_MAKER install || exit 1
+SODIUM_CFLAGS="-I$cur_dir/extras/sodium/include"
+AC_SUBST(SODIUM_CFLAGS)
+SODIUM_LIBS=
+dnl See c-ares's compilation section for more info on this hack.
+dnl ensure that we're linking against the bundled version
+dnl (we only reach this code if linking against the bundled version is desired).
+AS_IF([test -n "$ac_cv_path_PKGCONFIG"],
+       [SODIUM_LIBS="`$ac_cv_path_PKGCONFIG --libs libsodium.pc`"])
+dnl For when pkg-config isn't available
+AS_IF([test -z "$SODIUM_LIBS"],
+       [SODIUM_LIBS="-L$PRIVATELIBDIR -lsodium"])
+AC_SUBST(SODIUM_LIBS)
+cd $cur_dir
 ])
 
 dnl Use system c-ares when available, unless --without-system-cares.
@@ -847,7 +700,7 @@ AS_IF([test "$has_system_cares" = "no"], [
 dnl REMEMBER TO CHANGE WITH A NEW C-ARES RELEASE!
 dnl NOTE: when changing this here, ALSO change it in extras/curlinstall
 dnl       and in the comment in this file around line 400!
-cares_version="1.13.0"
+cares_version="1.17.2"
 AC_MSG_RESULT(extracting c-ares resolver library)
 cur_dir=`pwd`
 cd extras
@@ -866,7 +719,7 @@ cd c-ares-$cares_version
 save_cflags="$CFLAGS"
 CFLAGS="$orig_cflags"
 export CFLAGS
-./configure --prefix=$cur_dir/extras/c-ares --libdir=$PRIVATELIBDIR --enable-shared || exit 1
+./configure --prefix=$cur_dir/extras/c-ares --libdir=$PRIVATELIBDIR --enable-shared --disable-tests || exit 1
 CFLAGS="$save_cflags"
 AC_MSG_RESULT(compiling c-ares resolver library)
 $ac_cv_prog_MAKER || exit 1
@@ -924,6 +777,14 @@ if test "$ac_cv_werror" = "yes" ; then
 	CFLAGS="$CFLAGS -Werror"
 fi
 
+dnl Address sanitizer build
+if test "$ac_cv_asan" = "yes" ; then
+	CFLAGS="$CFLAGS -O1 -fno-inline -fsanitize=address -fno-omit-frame-pointer -DNOCLOSEFD"
+	IRCDLIBS="-fsanitize=address $IRCDLIBS"
+fi
+
+AC_SUBST(IRCDLIBS)
+
 AC_SUBST(UNRLINCDIR)
 
 AC_CONFIG_FILES([Makefile
@@ -933,8 +794,8 @@ AC_CONFIG_FILES([Makefile
 	src/modules/usermodes/Makefile
 	src/modules/snomasks/Makefile
 	src/modules/extbans/Makefile
-	src/modules/cap/Makefile
 	src/modules/third/Makefile
+	extras/unrealircd-upgrade-script
 	unrealircd])
 AC_OUTPUT
 chmod 0700 unrealircd

doc/Config.header

@@ -7,14 +7,25 @@
  \___/|_| |_|_|  \___|\__,_|_|\___/\_| \_| \____/\__,_|
 
                                Configuration Program
-                                for UnrealIRCd 4.0.19-rc2
+                                for UnrealIRCd 5.2.4
                                     
 This program will help you to compile your IRC server, and ask you
 questions regarding the compile-time settings of it during the process. 
-regarding the setup of it, during the process.
 
 A short installation guide is available online at:
 https://www.unrealircd.org/docs/Installing_from_source
 
 Full documentation is available at:
-https://www.unrealircd.org/docs/UnrealIRCd_4_documentation
+https://www.unrealircd.org/docs/UnrealIRCd_5_documentation
+
+--------------------------------------------------------------------------------------
+
+The full release notes are available in doc/RELEASE-NOTES.md
+For easier viewing, check out the latest online release notes at:
+https://github.com/unrealircd/unrealircd/blob/unreal52/doc/RELEASE-NOTES.md
+
+UnrealIRCd 5 is compatible with the following services:
+* anope with the "unreal4" protocol module - version 2.0.7 or higher required!
+* atheme with the "unreal4" protocol module - tested with version 7.2.9
+
+--------------------------------------------------------------------------------------

doc/KEYS

@@ -0,0 +1,47 @@
+pub   rsa4096 2015-07-02 [SC] [expires: 2025-06-29]
+      1D2D2B03A0B68ED11D68A24BA7A21B0A108FF4A9
+uid           UnrealIRCd releases (for verification of software downloads only!) <releases@unrealircd.org>
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBFWVOFYBEACsWFWM25VDaGXq22GSTJo1O53bgAMCZsqj9VKDriUmj7uvozlp
+BGHgYFVM4ZT1FUAsWedeIP2aLLkYGmH4odVaAk7IeUa7HfpE45/F6+End6bCpYGe
+1UdVQM/Bu3VHoUtVvtIFg788JwbplroapA/D0pi/EAN8WYnN9etgLM2lvzwbjBz9
+xTOefwvgRsKbCH63VW7NCyquEcdEJxnMHB7JZUEuzrOUvhAiIkwKw8wbcn36zX0i
+wcAFtVO5uVTA/Tdu6nWsZvqVc6R1E3usJzWSwbmoUtPUM5Mk9I9gL73EsqEbgs5N
+trT00r75RcfiThNEP8NtDtB8AFum6OCSg/+8bdJmKcWVKpuB+lUvP0d4UAqm5vmH
+/KQh/nyHXKvAvhWqHizozP1WGevpxLFHMjm/+1T167Iil/3UcUyn9qd0CuYSszJw
+y5Vp6iJHkVo8qxI89rkzSDRi+ppLCBTwuN01ducftDxvIQMVrphdKZLPGzQrltkh
+lIN4XNS6cOOsrbbk5+Kc2xih6qt+DyiRHaNFQnoMdRVeIrmf4u4ClMcHlzELV8gF
+D+s0BbVqhVwAhbKMfKaVmvVlj8bSET0z2s0vhZODwlgANpDBLNsIU6leiYRAzub5
+WY5Hz1m7P8ZXSMPh4/vGh1kg3E9IRKLZDZ65gEYr8nNCzbAYmDQ3IkplIwARAQAB
+tFxVbnJlYWxJUkNkIHJlbGVhc2VzIChmb3IgdmVyaWZpY2F0aW9uIG9mIHNvZnR3
+YXJlIGRvd25sb2FkcyBvbmx5ISkgPHJlbGVhc2VzQHVucmVhbGlyY2Qub3JnPokC
+PgQTAQIAKAUCVZU4VgIbAwUJEswDAAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AA
+CgkQp6IbChCP9KlFzQ/+ObuBgCtXvLcbpq7C2usHxgtEB1rV9khLGugJXevjMaf3
++vo4d5cd5go665po8oqDnSUfq+8LPDj/nnroKQcS5Kb4KdHz6rn+53rHWtw6PPGN
+KswFS05Vy2AkYg4nVXvrGm0oV173qOms2REoStP0mEm7F7ZTJ6k1qgmZ8tcFgfMm
+fqEl94O5zDWycaJx7K0h3n+xUyhh+lT9Zl3duzVzCc+YI+dD6UOIXBF9TF9fIb8m
+300MBLwTTHq64nGsZbhfzCHNHAO6hTy5XmE+d1g4R87rKim6lP0V1LTbvhOhYhZg
+0JrVOr9dhHY4tw1xglz++nMM24t2O9zoRoZjDMHBzzBm3gJq3G160kxVZKKcVaQd
+nfYvPOBNtyEyaIIJD8vs2Z9jiJLjpoz0LhnE2TmE4M6YqBsSWfFuPrHE+PJQyEQg
+2zEoTRCSFSLaq+5kl3vKM/cblwkQeKkNe8u6bDNk7bEPUCQstyOqcvoTWE2gs3f2
+n7wI7BzW3uX5YUp1CcdPig1XxveI4XaKKrhRacvGvvNHdXw1scj1K0SCXvy4EPpf
+dLthTC6BHwO2P56wlxK0MRL/GD72ttBCcsyLWYdL9OIT6Lx4bZVhvEjKDapWAL04
+X1mXMHUK1iO4lunbqP3lu6F8qsuI/B2sIiJK7aSjv4bjVRw/jcESrhmCvnN3B3mI
+RgQQEQIABgUCVZU9NQAKCRBpsoj7n/A5N4E2AJ4i5z98+mA8Ug9utdslGvHFRq+s
+PgCeILJ7/dJFYZFz1YpaNTbRCHIesaWIXgQQEQgABgUCVZU9ZwAKCRBuZ21Ff+GZ
+pueXAP9bJ1hPWa3ITIoapW9eTT1eNv+17KqcclwZzxCopbUkFAD+NptTuXpeivM+
+USWsQJFpFlLdDckcv8QzLQwgzZ8TXtKJAhwEEAEIAAYFAlg796cACgkQ3pO4tH50
+XrMyWQ/+NJyhO5yibAhN4RgCJ+qFdp9Llm+SQGFjVtw8L7nv3M0Us8xspmVlX7TZ
+/OK6AhUyaqAmg3ZXruaetrBVIAlP675cXJ1NIPfyT+PvMUbupvqBhyPZKqdnh2WT
+ZMYdQrvw503h+BlyjGeAWd34tLhtiM1A69tntFu2A7bKhkoxE7KoyCjKmLgUb30M
+r5guxb6DCUXK8m5ooHl58kLtJrTpW9l3YYXpKe/POYPIK6ULZN7TChtFOTJ+ebx1
+2LaQGGdRKaCSM1OX7mfvBG8GtljQcGoP+f5TmvRbCGGfiR9r6MdgG6LYTuYf7pR7
+NBwxveqwJV4iOmd9b+doIra5tRX0TqEKdEqpVHhm4UTZlHVyIpg97Lc/7WiWS1Z5
+UIhT4YxlztPUvWmCXlleNEqBYK86OsVFqryHDVKtPbH65k/xKfu8w/hHkv7TQ23r
+eoMs1uBlaUWe3orgUOr0tnFLXz809SAwC9sxQq9TWTm50NqiaQvBVInSUssFYPkG
+qBljIXtdUzFGBn3sTpFRY6p2yzIo54EQmQAvMQPEJkQ8JQJ47au82DxFUBZYKci5
+lsJfRueGnn5A36eUZdkhZ6Dm61M3YldYcpRa4Xfi0AWbg5yW/uUipc36Ey+vwWyl
+x+1IZgjnIIMsyDLuq2tm5p1tiJK2N9L0rxQb/DIK7j8+ZvmlFZQ=
+=foLZ
+-----END PGP PUBLIC KEY BLOCK-----

doc/RELEASE-NOTES

@@ -1,121 +0,0 @@
-UnrealIRCd 4.0.19-rc2 Release Notes
-====================================
-
-This is the second release candidate for UnrealIRCd 4.0.19. Please help
-test this release and report all bugs to https://bugs.unrealircd.org/
-
-Enhancements:
-* New option to disable a module: blacklist-module "modulename";
-  This will cause any 'loadmodule' lines for that module to be ignored.
-  This is especially useful if you only want to disable a few modules
-  that are (normally) automatically loaded by conf/modules.default.conf.
-  https://www.unrealircd.org/docs/Blacklist-module_directive
-* Next three new features have to do with SASL. More information on SASL
-  in general can be found at https://www.unrealircd.org/docs/SASL
-* A new require sasl { } block which allows you to force users on the
-  specified hostmask to use SASL. Any unauthenticated users matching
-  the specified hostmask are are rejected.
-  See https://www.unrealircd.org/docs/Require_sasl_block
-* New "soft kline" and "soft gline". These will not be applied to users
-  that are authenticated to services using SASL.
-  These are just GLINE/KLINE's but prefixed with a percent sign:
-  Example: /GLINE %*@10.* 0 Only SASL allowed from here
-* New "soft" ban actions for spamfilter, blacklist, antirandom, etc.
-  Actions such as "soft-kline" and "soft-kill" will only be applied to
-  unauthenticated users. Users who are authenticated to services (SASL)
-  are exempt from the corresponding spamfilter/blacklist/antirandom/..
-  See https://www.unrealircd.org/docs/Actions for the full action list.
-* WARNING: If your network also contains UnrealIRCd servers below v4.0.19
-  then it is not recommended to use global soft bans (such as soft gline
-  or any spamfilter with soft-xx actions). There won't be havoc, but the
-  bans won't be effective on parts of the network.
-* The following extban modules are not new but are now enabled by default:
-  extbans/textban, extbans/timedban and extbans/msgbypass.
-  In case you don't like them, use blacklist-module as mentioned earlier.
-  Just as a reminder, they provide the following functionality:
-  * TextBan: +b ~T:block:*badword* to block sentences with 'badword'
-  * Timed bans: ~t:duration:mask
-    These are bans that are automatically removed by the server.
-    The duration is in minutes and the mask can be any ban mask.
-    Some examples:
-    * A 5 minute ban on a host:
-      +b ~t:5:*!*@host
-    * A 5 minute quiet ban on a host (unable to speak):
-      +b ~t:5:~q:*!*@host
-    * An invite exception for 24 hours (1440 minutes):
-      +I ~t:1440:*!*@host
-    * A temporary exempt ban for a services account:
-      +e ~t:1440:~a:Account
-    * Allows someone to speak through +m for the next 24hrs:
-      +e ~t:1440:~m:moderated:*!*@host
-    * And any other crazy ideas you can come up with...
-  * Ban exception ~m:type:mask to allow bypassing of message restrictions.
-    Valid types are: 'external' (bypass +n), moderated (bypass +m/+M),
-    'censor' (bypass +G), 'color' (bypass +S/+c) and 'notice' (bypass +T).
-    Some examples:
-    * Let LAN users bypass +m: +e ~m:moderated:*!*@192.168.*
-    * Let ops in #otherchan bypass +m: +e ~m:moderated:~c:@#otherchan
-    * Make GitHub commit bot bypass +n: +e ~m:external:*!*@ipmask
-    * Allow a services account to use color: +e ~m:color:~a:ColorBot
-  * Timedban support in +f [5t#b2]:10 (set 2 minute ban on text flood).
-* AntiRandom: The module will now (by default) exempt WEBIRC gateways
-  from antirandom checking because they frequently cause false positives.
-  This new behavior can be disabled via:
-  set { antirandom { except-webirc no; }; };
-* Server linking attempts and errors are now also put in the log file.
-* A new module that provides WHOX support, an enhanced and more standard
-  version of WHO (NOTE: the command is still "WHO").
-  This allows, among other things, the client to request additional
-  information, such as which services account each channel member is using.
-  The module is currently experimental. To use it, add this to your conf:
-  loadmodule "m_whox";
-
-Major issues fixed:
-* Blacklist: Potential crash issue when concurrently checking DNSBL
-  for the WEBIRC gateway and the spoofed host.
-* Blacklist: In case of multiple blacklists the 2nd/3rd/.. blacklists
-  were not always checked properly.
-
-Minor issues fixed:
-* Remote includes: ./Config didn't properly detect libcurl on Ubuntu 18
-  (and possibly other Linux distributions as well)
-* Timeouts during server linking attempts were not displayed.
-* Delayjoin: Halfops did not see JOIN's when channel mode +D was set.
-* IRCOps with minimal privileges lost their user modes on MODE change.
-* IRCOps could not override channel mode +z (when not using SSL/TLS)
-* Channel names sometimes truncated if using accents or special chars.
-* TLSv1.3 ciphersuite setting was changed to reflect OpenSSL's behavior.
-  There is now set::ssl::ciphersuites, specifically for TLSv1.3.
-  Note that the default is perfectly fine so at this point in time it
-  shouldn't need any adjustment (but the option is there...).
-
-Removed:
-* allow::options::sasl has been removed. Use the new and more flexible
-  require sasl { } block instead.
-
-Other changes:
-* Windows users may be prompted to install the Visual C++ redistributable
-  package for Visual Studio 2017. This is because we now build on VS 2017
-  instead of VS 2012.
-* We now use standard formatted messages for all K-Lines, G-Lines and
-  any other bans that will cause the user to be disconnected.
-  For technical details see the banned_client() function.
-* The except throttle { } block now also overrides any limitations from
-  set::max-unknown-connection-per-ip. Useful for WEBIRC/cgiirc gateways.
-* Localhost connections are considered secure, so these can be used even
-  if you have a plaintext-policy of 'deny' or 'warn'. (This was already
-  the case for servers, but now also for users and opers)
-* Allow slashes in vhost/chghost/sethost/.. (but not through DNS)
-
-Module coders:
-* Windows: Be aware that we now build with Visual Studio 2017. This means
-  3rd party modules should be compiled with VS 2017 (or VS 2015) as well.
-
-Future versions:
-* We intend to change the default plaintext oper policy from 'warn' to 'deny'
-  later this year. This will deny /OPER when used from a non-SSL connection.
-  For security, IRC Operators should really use SSL/TLS!
-
-==[ CHANGES IN OLDER RELEASES ]==
-For changes in previous UnrealIRCd releases see doc/RELEASE-NOTES.old or
-https://raw.githubusercontent.com/unrealircd/unrealircd/unreal40/doc/RELEASE-NOTES.old

doc/RELEASE-NOTES.old

@@ -1,979 +0,0 @@
-See doc/RELEASE-NOTES for the latest release notes.
-
-This file (doc/RELEASE-NOTES.old) contains the release notes
-of OLDER releases for historical purposes.
-
-==[ CHANGES BETWEEN 4.0.17 AND 4.0.18 ]==
-
-Enhancements:
-* Support for checking IPv6 addresses in DNS blacklists
-* For SSL/TLS we now set the default ECDH(E) curves to be
-  X25519:secp521r1:secp384r1:prime256v1 if using a recent version of
-  OpenSSL/LibreSSL. This can be overridden via set::ssl::ecdh-curve.
-* The blacklist module now checks WEBIRC users as well.
-* You can now require SASL for all clients via the allow block via:
-  allow { ip *; class clients; maxperip 2; options { sasl; }; };
-  This can be useful for a special sasl-only server which, for example,
-  only permits proxies and tor clients. In a future release the feature
-  will be made more flexible so it can be used for other purposes
-  as well.
-
-Major issues fixed:
-* A number of (potential) security issues were fixed:
-  * Memory leaks: this could allow an attacker to slowly consume all
-    available memory and ultimately cause UnrealIRCd to crash.
-  * Out of bounds read: in practice this does not seem to be
-    exploitable due to the many restrictions that are imposed.
-* Compile issues on macOS
-* Bug in blacklist module which could have caused false negatives,
-  allowing bad guys in which should have been denied.
-* The new optional feature 'set::cloak-method ip' caused identical cloaks
-
-Minor issues fixed:
-* When using '/REHASH -ssl' or './unrealircd reloadtls' it did not reload
-  the SSL certificate/key if you were using ssl-options in listen, sni or
-  link blocks. In short: it only reloaded the ones from set::ssl until now.
-* m_ircops sent a conflicting numeric, confusing some clients.
-* Starting UnrealIRCd through a non-interactive(!) ssh session could cause
-  the ssh session to hang.
-* An upgrade issue with non-system cURL causing compile problems.
-
-Other changes:
-* The built-in time synchronization feature is now disabled by default.
-  TimeSynch was added back in 2006 when lots of operating systems did not
-  ship with time synchronization turned on by default. Since incorrect time
-  severely breaks IRC networks this was a major problem. Nowadays this is
-  completely different with most Linux distro's, OS X, Windows, etc. doing
-  time synchronization out of the box. Since UnrealIRCd's implementation is
-  less precise and lacks authentication it's best left over to the system.
-  You can still re-enable timesynch via:
-  set { timesynch { enabled yes; }; };
-  .. but you should really use NTP or similar for system-wide time
-  synchronization instead.
-* For developers there's now the --with-werror compile option which will
-  add -Werror.
-* Added a lot more Travis-CI tests: various LibreSSL/OpenSSL versions
-  and also test macOS. This to prevent us from releasing broken stuff.
-* Various code cleanups to get rid of lots of needless casts and to
-  eliminate compiler warnings.
-* Just as a reminder (this change was already in version 4.0.17):
-  UnrealIRCd will no longer give user mode +z to users on WEBIRC
-  gateways using SSL/TLS IRC, unless the WEBIRC gateway gives us
-  some assurance that the client<->webirc gateway connection is
-  also secure (eg: https).
-  This is the regular WEBIRC format:
-  WEBIRC password gateway hostname ip
-  This indicates a secure client connection (NEW):
-  WEBIRC password gateway hostname ip :secure
-  Naturally, WEBIRC gateways MUST NOT send the "secure" option if
-  the client is using http or some other insecure protocol.
-
-Module coders:
-* HOOKTYPE_CHANNEL_SYNCED prototype changed, the 'merge' and 'removetheirs'
-  is now no longer an 'unsigned short' but an 'int' instead.
-* HOOKTYPE_MODE_DEOP prototype changed, the 'modechar' is now no longer
-  a 'char' but an 'int' instead.
-* In addition to safestrdup() there's now also safestrldup() which allows
-  you to specify a maximum allocated length (so including the nul byte).
-  This is used in m_pass.c and m_topic.c.
-* New hook HOOKTYPE_CAN_BYPASS_CHANNEL_MESSAGE_RESTRICTION
-  https://www.unrealircd.org/docs/Dev:Hook_API#HOOKTYPE_CAN_BYPASS_CHANNEL_MESSAGE_RESTRICTION
-
-Future versions:
-* We intend to change the default plaintext oper policy from 'warn' to 'deny'
-  later this year. This will deny /OPER when used from a non-SSL connection.
-  For security, IRC Operators should really use SSL/TLS!
-
-==[ CHANGES BETWEEN 4.0.16.1 AND 4.0.17 ]==
-
-Enhancements:
-* Two optional modules. These are not loaded by default. To use them,
-  include modules.optional.conf, or add these loadmodule lines:
-  loadmodule "extbans/timedban";
-  loadmodule "extbans/msgbypass";
-  * Timed bans: ~t:duration:mask
-    These are bans that are automatically removed by the server.
-    The duration is in minutes and the mask can be any ban mask.
-    Some examples:
-    * A 5 minute ban on a host:
-      +b ~t:5:*!*@host
-    * A 5 minute quiet ban on a host (unable to speak):
-      +b ~t:5:~q:*!*@host
-    * An invite exception for 1440m/24hrs
-      +I ~t:1440:*!*@host
-    * A temporary exempt ban for a services account
-      +e ~t:1440:~a:Account
-    * Allows someone to speak through +m for the next 24hrs:
-      +e ~t:1440:~m:moderated:*!*@host
-    * And any other crazy ideas you can come up with...
-  * New ban exception ~m:type:mask which allows bypassing of message
-    restrictions. Valid types are: 'external' (bypass +n),
-    moderated (bypass +m/+M), 'censor' (bypass +G),
-    'color' (bypass +S/+c) and 'notice' (bypass +T).
-    Some examples:
-    * Let LAN users bypass +m: +e ~m:moderated:*!*@192.168.*
-    * Let ops in #otherchan bypass +m: +e ~m:moderated:~c:@#otherchan
-    * Make GitHub commit bot bypass +n: +e ~m:external:*!*@ipmask
-    * Allow a services account to use color: +e ~m:color:~a:ColorBot
-* Timedban support in +f [5t#b2]:10 (set 2 minute ban on text flood).
-  This is only available if the previously mentioned extbans/timedban
-  module is loaded.
-* Added experimental UTF8 support in set::allowed-nickchars
-  See https://www.unrealircd.org/docs/Nick_Character_Sets
-  Example: set { allowed-nickchars { latin-utf8; }; };
-  Important remarks:
-  * All your servers must be on UnrealIRCd 4.0.17 (or later)
-  * Most(?) services do not support this, so users using UTF8 nicknames
-    won't be able to register at NickServ.
-  * In set::allowed-nickchars you must either choose an utf8 language
-    or a non-utf8 character set. You cannot combine the two.
-  * You also cannot combine multiple scripts/alphabets, such as:
-    latin, greek, cyrillic and hebrew. You must choose one.
-  * If you are already using set::allowed-nickchars on your network
-    (eg: 'latin1') then be careful when migrating (to eg: 'latin-utf8'):
-    * Your clients may still assume non-UTF8
-    * If users registered nicks with accents or other special characters
-      at NickServ then they may not be able to access their account
-      after the migration to UTF8.
-  * There is no CASEMAPPING or "visually identical character"-checking.
-    Just like in the old (non-utf8) charsys this means there is no
-    lower/uppercase checking for allowed-nickchars nicks. So a nick with
-    "O with accent" can be online at the same time as "o with accent".
-    They are treated as two different users.
-    The identical character looking issue is particular noticeable in
-    cyrillic script where for example cyrillic "A" looks identical to
-    latin "A" and thus can be used to impersonate a user.
-    Improved CASEMAPPING and "visually similar character"-checking is
-    part of ongoing research at the IRCv3 working group.
-* Ability to customize the reject connection messages:
-  set {
-     reject-message {
-          password-mismatch "Password mismatch";
-          too-many-connections "Too many connections from your IP";
-          server-full "This server is full.";
-          unauthorized "You are not authorized to connect to this server";
-      };
-  };
-* Added optional AppArmor profile in extras/security/apparmor/unrealircd
-  See https://www.unrealircd.org/docs/Using_AppArmor_with_UnrealIRCd
-
-Major issues fixed:
-* Crash when using OperOverride (*NIX only)
-* Crash if linking anope with the 'unreal' module from a non-localhost
-  SSL connection. This is rarely done but also acts as a reminder that
-  people should really use the 'unreal4' module in anope (2.0.3+).
-
-Minor issues fixed:
-* set::restrict-extendedbans was not effective for stacked bans
-* linking if only using link::outgoing caused a 'server name mismatch'
-
-Other:
-* UnrealIRCd will no longer give user mode +z to users on WEBIRC
-  gateways using SSL/TLS IRC, unless the WEBIRC gateway gives us
-  some assurance that the client<->webirc gateway connection is
-  also secure (eg: https).
-  This is the regular WEBIRC format:
-  WEBIRC password gateway hostname ip
-  This indicates a secure client connection (NEW):
-  WEBIRC password gateway hostname ip :secure
-  Naturally, WEBIRC gateways MUST NOT send the "secure" option if
-  the client is using http or some other insecure protocol.
-
-Module coders:
-* New hook HOOKTYPE_CAN_BYPASS_CHANNEL_MESSAGE_RESTRICTION
-  https://www.unrealircd.org/docs/Dev:Hook_API#HOOKTYPE_CAN_BYPASS_CHANNEL_MESSAGE_RESTRICTION
-
-==[ CHANGES BETWEEN 4.0.16 AND 4.0.16.1 ]==
-An interim release with a couple of backported fixes:
-* Fix hang in (outgoing) server linking
-* Fix crash when linking anope over SSL from non-localhost
-* '/SPAMFILTER del <id>' did not remove the spamfilter on other servers
-* set::restrict-extendedbans was not always applied (when stacked)
-* Update automated build scripts
-
-==[ CHANGES BETWEEN 4.0.15 AND 4.0.16 ]==
-
-This is a major release with lots of new features and changes.
-
-Enhancements:
-* There's now an easy method to remove spamfilters:
-  '/SPAMFILTER del' will show a list of spamfilters along
-  with the appropriate command to remove them (by id).
-* CAP v3.2 support.
-* CAP 'cap-notify': notify users of any CAP changes.
-* CAP 'extended-join': show account and gecos in JOIN.
-* CAP 'chghost': notify on user/host changes.
-  Note that if you use set::allow-userhost-change force-rejoin
-  then clients which support CAP 'chghost' will not see the
-  PART+JOIN+MODE sequence as it is unnecessary. They already receive
-  a "CHGHOST" message as part of CAP 'chghost' instead.
-* Updated CAP 'sasl' to specification 3.2 (includes mechlist).
-* Automatically discover SASL server if saslmechlist is sent by services
-  and set::sasl-server is not set by the administrator. This should
-  help to get more networks to support SASL automatically (if you
-  run up to date services, of course)
-* We send "CAP DEL sasl" if set::sasl-server squits and a "CAP NEW"
-  message when the server returns (to cap-notify and CAPv3.2 clients).
-* Added password::type 'spkifp'. It's similar to 'sslclientcertfp' but
-  is a hash based on the public TLS key rather than the certificate.
-  The benefit of this is that the 'spkifp' can stay the same even if
-  you get a new certificate from Let's Encrypt. Note that 'certbot'
-  does not re-use keys by default so you will still get a different
-  spkifp every 60-90 days. Consider using another (3rd party) client
-  or tell the certbot guys to finally implement --reuse-key at
-  https://github.com/certbot/certbot/issues/3788
-* The command './unrealircd spkifp' will output the SPKI fingerprint
-* New option set::handshake-delay will delay the handshake (when a
-  user is connecting) up to this amount of time.
-* If you have any blacklist { } block then UnrealIRCd will set an
-  set::handshake-delay of 2 seconds by default. This will allow (most)
-  DNSBL checking to be finished before the user comes online, while
-  still allowing a smooth user experience.
-  If your DNS(BL) is slow then you could raise this setting slightly.
-* You can now have multiple webirc { } blocks with the same mask.
-  This permits multiple blocks like..
-  webirc {
-      mask *;
-      password "....." { sslclientcertfp; };
-  };
-  ..should you need it.
-  In other words: we don't stop matching upon an authentication failure.
-* Move CONNECTTIMEOUT to set::handshake-timeout and document it at
-  https://www.unrealircd.org/docs/Set_block#set::handshake-timeout
-* Move MAXUNKNOWNCONNECTIONSPERIP to set::max-unknown-connections-per-ip
-  https://www.unrealircd.org/docs/Set_block#set::max-unknown-connections-per-ip
-* Add set { cloak-method ip; }; which will make cloaking only be done
-  on the IP and thus result in an XX.YY.ZZ.IP cloaked host.
-  This so you can have "IP cloaking" without disabling DNS lookups.
-  GLINES on hosts still work and IRCOps (and yourself) can still see
-  the host in /WHOIS.
-* New option set { ban-include-username yes; }; which will make bans
-  placed by spamfilters (and some other systems) to be placed not on *@ip
-  but on user@ip. Note that this won't work for ZLINE/GZLINE since no
-  no ident/username lookups are done in such cases.
-
-Major issues fixed:
-* None
-
-Minor issues fixed:
-* Gracefully handle incorrect server-to-server messages. These no longer
-  cause UnrealIRCd to crash. Note that this does not mean you can now
-  go send random RAW messages from a trusted server connection. Doing so
-  can cause desynchs, KILLs and SQUITs. We just try not to crash anymore.
-* A small memory leak upon 'DNS i' (IRCOp only command)
-
-Removed:
-* Various old config.h settings that didn't have any effect.
-* A few config.h settings that should never be turned off have been
-  removed altogether (eg: NO_FLOOD_AWAY is now always on).
-* The deprecated and unused commands "CAP CLEAR" and "CAP ACK".
-
-Other changes:
-* When linking servers and not having any certificate validation,
-  UnrealIRCd will give you specific instructions on how to use
-  password::spkifp or verify-certificate. This to fix a possible
-  Man-in-the-Middle attack. Note that you'll only see this message
-  when linking two servers that are 4.0.16+.
-* When a user does a nick change from a registered nick you will
-  now see the user mode -r. Previously this happened invisibly.
-* The default oper snomask now includes 'S' (spamfilter notices).
-* The shipped PCRE2 library has been upgraded to 10.30
-
-Module coders:
-* API change for HOOKTYPE_PRE_INVITE:
-  (aClient *sptr, aClient *target, aChannel *chptr, int *override)
-  Modules must now send the error message instead of only returning
-  HOOK_DENY. Also check for operoverride and set *override=1.
-* Please use the following procedure in case of an user/host change:
-  userhost_save_current(acptr);
-  /* now do what you need to do: like change username or hostname */
-  userhost_changed(acptr);
-  This function will take care of notifying other clients about
-  the userhost change, such as doing PART+JOIN+MODE if force-rejoin
-  is enabled, and sending :xx CHGHOST user host messages to
-  "CAP chghost" capable clients.
-
-Services coders:
-* If you provide SASL then please send the mechlist like this:
-  MD client your.services.server saslmechlist :EXTERNAL,PLAIN
-* Don't forget to send an EOS (End Of Synch) as part of the handshake,
-  if you are not doing so already. It's important:
-  :your.services.server EOS
-
-==[ CHANGES BETWEEN 4.0.14 AND 4.0.15 ]==
-Major issues fixed:
-* Fix remotely triggerable crash issue in handshake. This allows a user
-  to crash an UnrealIRCd server, even those with restrictions such as
-  password protected hubs.
-* Fix another remotely triggerable crash issue. This one requires the
-  user to connect, join a channel and have channel operator privileges.
-
-==[ CHANGES BETWEEN 4.0.13 AND 4.0.14 ]==
-Enhancements:
-* New set::plaintext-policy configuration settings. This defines what
-  happens to users/ircops/servers that are not using SSL/TLS.
-  The default settings are:
-  set {
-    plaintext-policy {
-      user allow; /* allow any user to connect */
-      oper warn; /* warn on /OPER if not using SSL/TLS */
-      server deny; /* deny servers without SSL/TLS, except localhost */
-    };
-  };
-  You can change each of the three classes to 'allow', 'warn' or 'deny'.
-  See: https://www.unrealircd.org/docs/Set_block#set::plaintext-policy
-  If your services do not run on localhost and link without SSL/TLS
-  then you may get an error during linking. In such a case check out:
-  https://www.unrealircd.org/docs/FAQ#ERROR:_Servers_need_to_use_SSL.2FTLS
-* You can now ask UnrealIRCd to verify certificates of server links by:
-  link irc1.test.net {
-      [..]
-      verify-certificate yes;
-  };
-  This will verify the certificate of the link, making sure it is valid,
-  issued for the specified name (irc1.test.net) and given out by a
-  trusted Certificate Authority (like Let's Encrypt).
-  Obviously, if you use self-signed certificates then you can't use this.
-* Introduce a concept called "link security level". This will rate the
-  security of your network from 0 to 2. Whenever security is degraded
-  due to a new server link UnrealIRCd will print a warning about it.
-  See https://www.unrealircd.org/docs/Link_security
-  This also adds a new command /LINKSECURITY (IRCop-only).
-* The plaintext-policy and link-security is shown in "CAP LS".
-
-Major issues fixed:
-* None
-
-Minor issues fixed:
-* If you had a link block named irc1.example.net and did an outgoing
-  connect to that server, then the server could introduce himself under
-  a different name, such as irc1.other.net. Not a security issue, since
-  all authentication has to be passed, but this could cause confusing
-  autoconnect attempts.
-* password::sslclientcert did not accept relative paths
-* Compile problem with LibreSSL (regarding SSL_CTX_get0_param)
-* set::modes-on-connect: was refusing certain (old) modes like +N
-
-Other changes:
-* The ssl options 'verify-certificate' and 'no-self-signed' have been
-  removed. Use link::verify-certificate instead. It makes no sense to
-  verify certificates or prevent self signed certificates elsewhere
-  such as in vhost or oper, since there is no hostname to match against.
-* Weak cipher suites such as 3DES and RC4 are disabled by default but
-  previously you could still enable them through set::ssl::ciphers.
-  Now you can no longer, since there is no legitimate reason to do so.
-* Update cipher suite to work with TLS 1.3. This ensures you can use
-  TLS 1.3 in UnrealIRCd 4.0.14+ when OpenSSL supports it (in the future).
-* Bump MODDATA_MAX_CLIENT from 8 to 12: needed if you have a lot of
-  3rd party modules loaded. Also moved MODDATA_MAX_* to include/config.h
-
-Module coders:
-* You can now attach ModData to server objects as well (including &me).
-* Please do not use UmodeDel, CmdoverrideDel and any other *Del()
-  functions from MOD_UNLOAD. These undocumented functions are unnecessary
-  since 2008 or so. UnrealIRCd takes care of unloading all module objects.
-  It can cause a crash if someone unloads the module in UnrealIRCd 4
-  (more specifically: double free if unloading modules which use ModData).
-  Attempts to use these functions in future UnrealIRCd versions may result
-  in a compile error.
-
-==[ CHANGES BETWEEN 4.0.12 AND 4.0.13 ]==
-Enhancements:
-* Support for Strict Transport Security (draft/sts).
-  See: https://www.unrealircd.org/docs/SSL/TLS#Strict_Transport_Security
-* Support for Server Name Indication (SNI):
-  See: https://www.unrealircd.org/docs/Sni_block
-* Add conf/modules.optional.conf. This loads all additional modules
-  that are not in modules.default.conf (m_ircops, m_staff, nocodes,
-  textban, hideserver, antirandom and websocket)
-
-Major issues fixed:
-* 'simple' spamfilters ended up being 'posix' after server linking.
-* User mode +Z (secureonly) not working properly across server links.
-* REHASH from WebSocket connection would cause a crash (requires IRCOp
-  privileges)
-
-Minor issues fixed:
-* We now prevent /OPER for oper blocks with a non-existant operclass
-* Bump MAXCONNECTIONS for Windows, allowing you to hold more clients.
-* The 'ban too broad' checking was broken. This permitted glines such
-  as 192.168.0.0/1 being set. Now it rejects CIDR of /15 and lower.
-  To disable this safety measure you can (still) use:
-  set { options { allow-insane-bans; }; };
-
-Other changes:
-* The websocket module now no longer sends \r\n in the websocket
-  data and no longer requires it on incoming messages (but you
-  can still send it if you like). Also version bumped to 1.0.0.
-* Mark all shipped modules as official (non-3rd-party)
-* Verify certificate when submitting crash reports
-* Support --without-privatelibdir for packagers
-* CACERT has been removed from curl-ca-bundle
-
-Module coders:
-* CAP API changes:
-  * The cap->visible(void) callback is now cap->visible(aClient *)
-  * There is a new cap->parameter(aClient *) callback function,
-    see the cap/sts module for how it can be used.
-  * Various updates to subfunctions to pass 'sptr' (due to the above),
-    including clicap_find(sptr, ...)
-  * New CLICAP_FLAGS_ADVERTISE_ONLY flag (CAP cannot be REQ'd)
-
-==[ CHANGES BETWEEN 4.0.11 AND 4.0.12 ]==
-Enhancements:
-* New user mode +Z: Only allow SSL/TLS users to private message you.
-* Ability to hide all channels in /LIST that you cannot join due to
-  deny channel blocks: set { hide-list { deny-channel }; };
-* The optional 'nocodes' module which you can load will make +S/+c
-  also block/strip bold, underline and italic text. (The latter is new)
-* Add support for 'mask' in allow channel { } and deny channel { }
-  and add some support for negative 'mask'. Probably not very useful
-  on most networks with services since bans/AKICK do the same, but:
-  deny channel { channel "#help*"; };
-  allow channel { channel "#help-nolan"; mask !192.168.*; };
-  allow channel { channel "#help-lan"; mask 192.168.*; };
-
-Major issues fixed:
-* Crash issue if a module using ModData was unloading (not reloading)
-* Vhosts were not always correctly synched across servers.
-* The maximum number of clients that a server could accept was decreased
-  by one on every linking attempt if it was both: 1) an outgoing
-  SSL/TLS linking attempt; AND 2) the error was "Connection refused".
-
-Minor issues fixed:
-* Adjustments to channel mode +f were not always effective.
-* If you have a vhost set and wish to remove it and change to a cloaked
-  host you can now safely use '/MODE yournick -t'. This feature was
-  rarely used so far and it previously had a bug which caused it to
-  still expose the real host/IP to others. This has been resolved.
-* Channel mode +D (delayjoin): when people are de-oped we now part
-  'hidden' users to avoid a client desynch.
-* Bump lag for remote MOTD requests to avoid flooding.
-
-Other changes:
-* More than 95% of the crashes reported to us are due to 3rd party
-  modules (and thus not bugs in our code). We now ask users to unload
-  any recently installed 3rd party modules first, see if the crash
-  issue persists, and only then submit a crash report to us.
-* UnrealIRCd will now refuse to run as root
-  https://www.unrealircd.org/docs/Do_not_run_as_root
-
-Module coders:
-* Added two functions to search for user modes:
-  has_user_mode(acptr, 'i') // returns 1 / 0
-  find_user_mode('i') // returns the user mode (as 'long')
-
-==[ UNREALIRCD 4 INTRODUCTION ]==
-
-UnrealIRCd 4 is here!
-
-We have been working hard over the past few years to replace the successful
-3.2.x series with a more modern code base. At the same time we have been
-incorporating requests from our bug tracker, ideas from ourselves and
-many suggestions that came up during the UnrealIRCd survey from Q4 2013.
-
-UnrealIRCd is far more modular and configurable than before. For a brief
-overview of what's new in UnrealIRCd 4 have a look at:
-https://www.unrealircd.org/docs/What's_new_in_UnrealIRCd_4
-
-==[ DOCUMENTATION ]==
-All documentation has been moved to our wiki:
-* Documentation: https://www.unrealircd.org/docs/
-* FAQ: https://www.unrealircd.org/docs/FAQ
-
-Be sure not to use any other (older) documentation as it isn't fully
-compatible with UnrealIRCd 4. In particular, do NOT use unreal32docs*html.
-
-==[ UPGRADING FROM 3.2.x ]==
-If you are upgrading from 3.2.x then there are three important things to know:
-
-1) NEW FILE LOCATIONS
-In UnrealIRCd 4 the location of the configuration files and other files have
-been changed. On *NIX the directory where you compile the IRCd from
-(previously 'Unreal3.2.X', now 'unrealircd-4.0.X') is no longer the same as
-the directory where the IRCd will be running from.
-By default the IRCd is installed to /home/yourusername/unrealircd on *NIX
-On Windows UnrealIRCd will install to C:\Program Files (x86\UnrealIRCd 4
-
-The new directory structure is as follows (both on Windows and *NIX):
-conf/      contains all configuration files
-logs/      for log files
-modules/   all modules (.so files on *NIX, .dll files on Windows)
-
-2) CONFIGURATION FILE CHANGES
-There have also been changes in various configuration blocks and settings.
-Don't worry, UnrealIRCd can convert your existing 3.2.x configuration files
-to UnrealIRCd 4 format. There's no need to start from scratch.
-
-Please read https://www.unrealircd.org/docs/Upgrading_from_3.2.x !!
-
-3) THIRD PARTY MODULES
-If you are using 3rd party modules then they will need an update to run on
-UnrealIRCd 4. Due to the many core changes in UnrealIRCd 4 it was simply
-impossible to make 3.2.x modules work out-of-the-box on 4.x.
-Contact your developer for a new version or ask on our Modules forum where
-someone may be kind enough to convert the module for you if you ask nicely:
-https://forums.unrealircd.org/viewforum.php?f=52
-
-==[ END OF THE 3.2.X SERIES ]==
-UnrealIRCd 3.2.x is no longer supported after December 31, 2016.
-See https://www.unrealircd.org/docs/UnrealIRCd_3.2.x_deprecated
-
-==[ SUPPORT ]==
-Before you seek support, please check our documentation and FAQ:
-* https://www.unrealircd.org/docs/Main_Page
-* https://www.unrealircd.org/docs/FAQ
-
-For support you have two choices:
-* Forums: https://forums.unrealircd.org/
-* IRC: irc.unrealircd.org / #unreal-support
-
-==[ CHANGES BETWEEN 4.0.10 AND 4.0.11 ]==
-Major issues fixed:
-* Fix crash issue that can be triggered by regular users
-* Fix crash if TOPIC_NICK_IS_NUHOST is enabled (rarely enabled)
-* Fix crash if services send an incorrect raw command
-
-Minor issues fixed:
-* Now properly support 'z' when used in set::modes-on-join
-
-Other changes:
-* Show a warning if you don't have any SSL listeners
-
-==[ CHANGES BETWEEN 4.0.9 AND 4.0.10 ]==
-Improvements:
-* Added "websocket" module. This provides support for WebSocket (RFC6455),
-  allowing JavaScript (internet browsers) to connect directly to IRC
-  without the need of a "gateway". This module is experimental and not
-  loaded by default. See https://www.unrealircd.org/docs/WebSocket_support
-  for more information on the module. For a very crude client example check
-  https://www.unrealircd.org/files/dev/ws/websocket_unrealircd.html
-  This module was sponsored by Aberrant Software Inc.
-
-* UnrealIRCd already has the ability to configure SSL settings via the
-  set::ssl block. Now you can also override these settings for a link block
-  and listen block. One possible use for this would be having a long-lived
-  self-signed certificate for server linking on a serversonly port, and 
-  a short-lived certificate for your users on the other ports (such as
-  a certificate from Let's Encrypt).
-  Another example would be to force TLSv1.2 for server linking but not
-  for users. Etc. Etc.
-  General settings (already existed) are in the set::ssl block:
-  https://www.unrealircd.org/docs/Set_block#set::ssl::certificate
-  Per-port settings go via listen::ssl-options:
-  https://www.unrealircd.org/docs/Listen_block
-  Per-link block settings go via link::outgoing::ssl-options:
-  https://www.unrealircd.org/docs/Link_block
-
-* You can now exempt IP's from (DNSBL) blacklist checking via:
-  except blacklist { mask 1.2.3.4; };
-
-* All free modules from vulnscan.org (by Syzop) are now included in
-  UnrealIRCd itself. Note that only the "privdeaf" and "jumpserver" modules
-  are loaded by default. The others you will need to load explicitly.
-  The new modules are:
-  * extbans/textban - Channel specific word filter (+b ~T:censor:*badword*)
-                      https://www.unrealircd.org/docs/Extended_Bans
-  * usermodes/privdeaf - Do not permit PM's from others (User Mode +D)
-  * jumpserver - Redirect users to another server during maintenance
-                 www.unrealircd.org/docs/User_%26_Oper_commands#JUMPSERVER
-  * antirandom - Detect drones with random nicks / ident / etc.
-                 https://www.unrealircd.org/docs/Set_block#set::antirandom
-  * hideserver - Hide servers in /MAP and /LINKS
-                 (Note that this does not truly enhance security)
-  * m_ircops - Show which ircops are online (/IRCOPS command)
-  * m_staff - Show custom file (/STAFF command)
-  * nocodes - Makes chanmode +S/+c also strip/block bold and underline
-
-Major issues fixed:
-* Incorrect bans being added during server linking
-* Compile fixes for Ubuntu 16 LTS / gcc 5.4.x
-* Crash if you had an invalid crypt password in your unrealircd.conf
-* Crash if you did not load the chanmodes/nocolor module or changed
-  the order in which modules were loaded
-
-Minor issues fixed:
-* Delayjoin (channel mode +D) sending QUITs for hidden users, double JOIN, ..
-* You no longer need to place 'class' blocks before 'allow' blocks
-* Some error messages were not throttled
-* WHO now supports multi-prefix
-* Date in Windows log file for the first few messages was always 1970.
-
-For services and module coders:
-* Services coders: "SVSMODE Nick +d" will now mark a client as deaf.
-  Don't confuse this with "SVSMODE Nick +d <svid>". The parameter
-  makes all the difference.
-* Module coders: changed return value handling of HOOKTYPE_RAWPACKET_IN
-  -1 indicates to stop parsing (return) and 0 indicates don't parse but
-  proceed to next packet. If you kill a client in this hook then be
-  sure to return -1.
-
-==[ CHANGES BETWEEN 4.0.8.4 AND 4.0.9 ]==
-* Fix "ghost" bug which could cause annoyed users and a memory leak
-  in UnrealIRCd. For more information see
-  https://forums.unrealircd.org/viewtopic.php?f=1&t=8625
-
-==[ CHANGES BETWEEN 4.0.8 AND 4.0.8.4 ]==
-* Fix build on FreeBSD with clang / without gcc
-* If using remote includes and system curl not available then
-  install it during ./Config and no longer use /home/xyz/curl.
-* More fixes for self-compiled remote includes
-* Fix build if --with-system-cares is specified explicitly (which
-  is unnecessary anyway, as system c-ares this is auto-detected).
-* More build fixes for older GCC compilers
-
-==[ CHANGES BETWEEN 4.0.7 AND 4.0.8 ]==
-Improvements:
-* *NIX: As part of defense-in-depth UnrealIRCd now compiles with
-  several hardening options by default. This makes several type of
-  exploits more difficult and in some cases even impossible.
-  Tech: this enables full RELRO (GOT and PLT being read-only),
-  everything compiled as PIE making ASLR possible, stack protector
-  canaries are added, etc.
-* Windows: releases are now signed. If you download the UnrealIRCd
-  installer you will no longer see "Unknown publisher" but rather
-  "Open Source Developer, Bram Matthys". Similarly all the EXE and
-  DLL module files have been signed which should make it easy for
-  anti virus software to see if something is an official UnrealIRCd
-  release file or not.
-
-Major issues fixed:
-* Possible crash if you have several blacklist blocks
-
-Minor issues fixed:
-* User mode +d (deaf) did not work
-
-Other changes:
-* We've always printed big warnings when running UnrealIRCd as root.
-  In this version we still do, but in future versions we will simply
-  refuse to boot. https://www.unrealircd.org/docs/Do_not_run_as_root
-* System c-ares is preferred over our own shipped c-ares
-* System cURL is preferred over ~/curl (if it has AsynchDNS)
-* Our shipped libraries are no longer built as static
-* Now that shipped libraries are dynamic they need to be installed
-  somewhere (if used). The default location is ~/unrealircd/lib and
-  can be changed via --with-privatelibdir. (Although, if you are a
-  package builder then you will probably use --with-system-xxx and
-  then private libraries are not used at all)
-
-==[ CHANGES BETWEEN 4.0.6 AND 4.0.7 ]==
-Improvements:
-* UnrealIRCd now ships with a default ciphersuite list to have more
-  secure SSL/TLS defaults (rather than relying on your OS/Distro).
-  You can still customize ciphersuites through set::ssl::ciphers.
-  Details: https://www.unrealircd.org/docs/SSL_Ciphers_and_protocols
-* set::ssl::protocols allows you to specify which SSL/TLS protocols
-  are permitted. The default is (still): TLSv1,TLSv1.1,TLSv1.2.
-* Windows: remote includes now support IPv6
-
-Major issues fixed:
-* FreeBSD: unstable SSL links to other servers
-
-Minor issues fixed:
-* It was impossible to set both +b ~r:xyz and +b ~R:xyz
-
-Removed the following rarely used build-time options:
-* CHROOTDIR: Never worked in 4.0.x anyway. You can use AppArmor,
-  SELinux, FreeBSD jails, etc. as an alternative.
-* IRC_USER/IRC_GROUP: Since this only applies to users installing
-  UnrealIRCd system-wide you should use your system services to do
-  this as well, such as: systemd's User=xx or start-stop-daemon.
-
-Other changes:
-* PCRE2 and c-ares libraries updated to latest versions
-
-==[ CHANGES BETWEEN 4.0.5 AND 4.0.6 ]==
-Major issues fixed:
-* Fix SASL security issue with AUTHENTICATE
-
-==[ CHANGES BETWEEN 4.0.4 AND 4.0.5 ]==
-Major issues fixed:
-* Crash issue (read-after-free)
-* Bans on IPv6 cloaked hosts had no effect
-* Prevent flood from unknown connection (with bugfix)
-
-==[ CHANGES BETWEEN 4.0.4 AND 4.0.3(.1) ]==
-New:
-* Italian /HELPOP translation (help.it.conf)
-* set::options::no-connect-ssl-info to hide SSL-related connect info
-
-Major issues fixed:
-* GLINE/KLINE on usermask@ did not have any effect
-* Crash if you have a listen block with port 0
-* Infinite loop on invalid operclass::parent reference
-
-Minor issues fixed:
-* files { } block only worked with absolute paths
-* delayjoin: hidden users were not always joined on +vhoaq
-* Fix small memory leak
-* Duplicate replies on /VERSION
-* When doing /VERSION on IRC as an IRCOp it showed the compile-time
-  rather than runtime OpenSSL/LibreSSL version
-
-Other changes:
-* Documentation updates
-* Prevent installation in the same directory as the source
-
-==[ CHANGES BETWEEN 4.0.3 AND 4.0.3.1 ]==
-* Fix compile problem on FreeBSD & OpenBSD
-Note: there is no 4.0.3.1 release for Windows since there were no
-      changes for the Windows version.
-
-==[ CHANGES BETWEEN 4.0.2 AND 4.0.3 ]==
-Major issues fixed:
-* Crash on RPING command (IRCOp-only!)
-* Crash on Windows on failed outgoing server connect
-* Crash if you had a link { } block with invalid syntax
-
-Minor issues fixed:
-* Windows: Remote includes did not support https
-
-Other:
-* Windows version compiled with Visual Studio 2012 rather than a mix
-* Windows version now using LibreSSL
-* Crash reporter produces more useful reports (important for us)
-
-==[ CHANGES BETWEEN 4.0.1 AND 4.0.2 ]==
-The 4.0.2 release comes with the following new features:
-* Ability to hide quit messages from *LINEd users (set::hide-ban-reason)
-* Blacklist hits are now sent to new snomask +b rather than all ircops
-
-Major issues fixed:
-* None
-
-Minor issues fixed:
-* prefix-quit was not working
-* FreeBSD: fix kevent bug flood in error log
-* Incorrect server description in /LINKS
-* Logging to syslog was broken
-* OS X: Update ./Config to use Homebrew OpenSSL by default
-* Don't show UID to client in case of a SVSMODE
-
-==[ CHANGES BETWEEN 4.0.0 AND 4.0.1 ]==
-The 4.0.1 release comes with the following minor improvements:
-* The blacklist module now supports %ip (=banned IP) in blacklist::reason.
-* *NIX: You can use cron again, see https://www.unrealircd.org/docs/Cron_job
-* /MODULE now lists only 3rd party modules by default so you don't get flooded.
-* *NIX: Added './unrealircd reloadtls' to reload TLS certificate and keys.
-
-Major issue fixed:
-* Crash if you removed a listen { } block with active clients on that port
-* MODEs set by a server (not by a user) were not always propagated
-  correctly accross the network. In practice this only affected /SAMODE
-  and possibly some services that don't send MODEs from ChanServ/BotServ.
-
-Minor issues fixed:
-* When doing /LIST under mIRC it would hide empty +P channels.
-* Servers wouldn't link if link::outgoing::hostname was a CNAME.
-* SSL Certificate fingerprint not communicated properly to servers/services.
-* *NIX: ./unrealircd [stop|rehash] failed if not installed to ~/unrealircd.
-* Windows: IRCd could crash after showing the config error screen on startup.
-
-==[ CHANGES BETWEEN 3.2.X AND 4.X ]==
-Below is a summary of the changes between UnrealIRCd 3.2.x and UnrealIRCd 4.
-For a complete list of all 1100+ changes you can use 'git log' or have a
-look at: https://github.com/unrealircd/unrealircd/commits/unreal40
-
-==[ NEW ]==
-* We moved a lot of functionality, including most channel modes, user
-  modes and all extended bans into 138 separate modules.
-  This makes it...
-  A) possible to fully customize what exact functionality you want to load.
-     You could even strip down UnrealIRCd to get something close to the
-     basic RFC1459 features from the 1990s. (No idea why you would want
-     that, but it's possible)
-  B) easier for coders to see all source code related to a specific feature
-  C) possible to fix bugs and just reload rather than restart the IRCd.
-
-  Have a look at modules.default.conf which contains the "default" set of
-  modules that you can load if you just want to load all functionality.
-  If you want to customize the list of modules to load then simply make
-  a copy of that file, give it a different name, and include that one
-  instead. Since the file is fully documented, you can just comment out
-  or delete the loadmodule lines of things you don't want to load.
-* Oper permissions have changed completely: [A4+]
-  * All previous oper levels/ranks no longer exist (Netadmin, Admin, ..)
-  * oper::flags has been removed. Instead you must specify an operclass
-    in oper::operclass (for example, 'operclass netadmin').
-  * In operclass block(s) you define the privileges. You can now control
-    exactly what an IRCOp can and cannot do.
-    Have a look at operclass.default.conf which ships with UnrealIRCd,
-    it contains a number of default operclass blocks suitable for the
-    most common situations. See also the operclass block documentation:
-    https://www.unrealircd.org/docs/Operclass_block
-  * If you ask UnrealIRCd to convert your 3.2.x configuration file then
-    it will try to select a suitable operclass for the oper. This will
-    not always 100% match your current oper block rights, though.
-  * Channel Mode +A (Admin Only) has been removed. You can use the new
-    extended ban ~O:<operclass>. This allows you to, for example, create
-    an operclass 'netadmin' only channel: /MODE #chan +iI ~O:netadmin*
-  * set::hosts has been removed, use oper::vhost instead.
-  * Since oper levels have been removed you no longer see things like
-    "OperX is a Network Administrator" in /WHOIS by default.
-    If you want that, then you can set oper::swhois to
-    "is a Network Administrator" (or any other text).
-* Entirely rewritten I/O and event loop. This allows the IRCd to scale
-  more easily to tens of thousands of clients by using kernel-evented I/O
-  mechanisms such as epoll and kqueue.
-* Memory pooling has been added to improve memory allocation efficiency
-  and performance.
-* On-connect DNSBL/RBL checking via the new blacklist block. [B1]
-* The Windows version now has IPv6 support too. [B3]
-* On all OS's we compile with IPv6 support enabled. You can still
-  disable IPv6 at runtime by setting set::options::disable-ipv6. [B3]
-* The local nickname length can be modified without recompiling the IRCd
-* Channel Mode +d: This will hide joins/parts for users who don't say
-  anything in a channel. Whenever a user speaks for the first time they
-  will appear to join. Chanops will still see everyone joining normally
-  as if there was no +d set.
-* If you connect with SSL/TLS with a client certificate then your SSL
-  Fingerprint (SHA256 hash) can be seen by yourself and others through
-  /WHOIS. The fingerprint is also shared with all servers on the network.
-* ExtBan ~S:<certificate fingerprint> for ban exceptions / invex. This
-  can be used like +iI ~S:000000000etc.
-* bcrypt has been added as a password hashing algorithm and is now the
-  preferred algorithm [A3]
-* './unreal mkpasswd' will now prompt you for the password to hash [A3]
-* Protection against SSL renegotiation attacks [A3]
-* When you link two servers the current timestamp is exchanged. If the
-  time differs more than 60 seconds then servers won't link and it will
-  show a message that you should fix your clock(s). This requires
-  version alpha3 (or later) on both ends of the link [A3]
-* Configuration file converter that will upgrade your 3.2.x conf to 4.x.
-  On *NIX run './unreal upgrade-conf'. On Windows simply try to boot and
-  after the config errors screen UnrealIRCd offers the conversion. [A3]
-* The IRCd can now better handle unknown channel modes which expect a
-  parameter. This can be useful in a scenario where you are slowly
-  upgrading all your servers.
-* If you want to unset a vhost but keep cloaked then use /MODE yournick -t
-* A "crash reporter" was added. When UnrealIRCd is started it will check
-  if a previous UnrealIRCd instance crashed and (after booting a new
-  instance) it will spit out a report and ask if you want to submit it
-  to the UnrealIRCd developers. Doing so will help us a lot as many bugs
-  are often not reported. Note that UnrealIRCd will always ask before
-  sending any information and never do so automatically. [B3]
-* SSL: Support for ECDHE has been added to provide "forward secrecy". [B4]
-
-==[ CHANGED ]==
-* Numerics have been removed. Instead we now use SIDs (Server ID's) and
-  UIDs (User ID's). SIDs work very similar to server numerics and UIDs 
-  help us to fix a number of lag-related race conditions / bugs.
-* The module commands.so / commands.dll has been removed. All commands
-  (those that are modular) are now in their own module.
-* Self-signed certificates are now generated using 4096 bits, a SHA256
-  hash and validity of 10 years. [A2]
-* Building with SSL (OpenSSL) is now mandatory [A2]
-* The link { } block has been restructured, see
-  https://www.unrealircd.org/docs/Upgrading_from_3.2.x#Link_block [A3]
-* Better yet, check out our secure server linking tutorial:
-  https://www.unrealircd.org/docs/Tutorial:_Linking_servers
-* If you have no set::throttle block you now get a default of 3:60 [A3]
-* password entries in the conf no longer require specifying an auth-type
-  like password "..." { md5; };. UnrealIRCd will now auto-detect. [A3]
-* You will now see a warning when you link to a non-SSL server. [A3]
-* Previously we used POSIX Regular expressions in spamfilters and at
-  some other places. We have now moved to PCRE Regular expressions.
-  They look very similar, but PCRE is a lot faster.
-  For backwards-compatibility we still compile with both regex engines. [A3]
-* Spamfilter command syntax has been changed, it now has an extra option
-  to indicate the matching method:
-  /SPAMFILTER [add|del|remove|+|-] [method] [type] ....
-  Where 'method' can be one of:
-  * -regex: this is the new fast PCRE2 regex engine
-  * -simple: supports just strings and ? and * wildcards (super fast)
-  * -posix: the old regex engine for compatibility with 3.2.x.  [A3]
-* If you have both 3.2.x and 4.x servers on your network then the
-  4.x server will only send spamfilters of type 'posix' to the 3.2.x
-  servers because 3.2.x servers don't support the other two types.
-  So in a mixed network you probably want to keep using 'posix' for
-  a while until all your servers are running UnrealIRCd 4. [A3]
-* set::oper-only-stats now defaults to "*"
-* oper::from::userhost and vhost::from::userhost are now called
-  oper::mask and vhost::mask. The usermask@ part is now optional and
-  it supports two syntaxes. For one entry you can use: mask 1.2.3.*;
-  For multiple entries the syntax is: mask { 192.168.*; 10.*; };
-* Because having both allow::ip and allow::hostname in the same allow
-  block was highly confusing (it was an OR-match) you must now choose
-  between either allow::ip OR allow::hostname. [A3]
-* cgiirc block is renamed to webirc and the syntax has changed [A4]
-* set::pingpong-warning is removed, warning always off now [A4]
-* More helpful configuration file parse error messages [A4]
-* You can use '/OPER username' without password if you use SSL
-  certificate (fingerprint) authentication. The same is true for
-  '/VHOST username'. [A4]
-* You must now always use 'make install' on *NIX [A4]
-* Changed (default) directory structure entirely, see the section
-  titled 'CONFIGURATION CHANGES' about 100 lines up. [A4]
-* badword quit { } is removed, we use badword channel for it. [A4]
-* badwords.*.conf is now just one badwords.conf
-* To load all default modules you now include modules.default.conf.
-  This file was called modules.conf in earlier alpha's.
-  The file has been split up in sections and a lot of comments have
-  been added to aid the user in deciding whether to load or not to
-  load each module. [A4]
-* Snomask +s is now (always) IRCOp-only. [A4]
-* Previously there was little logic behind what modes halfops could
-  set. Now the idea is as follows: halfops should be able to help out
-  in case of a flood but not be able to change any 'policy decission
-  modes' such as +G, +S, +c, +s. Due to this change halfops can now
-  set modes +beiklmntIMKNCR (was: +beikmntI). [A4]
-* If no link::hub or link::leaf is specified then assume hub "*". [B1]
-* SWHOIS (Special whois title) has been extended in a number of ways:
-  * We now "track" who or what set an swhois. This allows us to
-    remove the swhois received via oper/vhost on de-oper/de-vhost.
-  * You can now have multiple swhois lines
-  * Multiple oper::swhois and vhost::swhois items are supported. [B1]
-* When trying to link two servers without link::outgoing::options::ssl
-  (which is not recommended) we try to use STARTTLS in order to
-  'upgrade' the connection to use SSL/TLS anyway. This can be disabled
-  via link::outgoing::options::insecure. [B2]
-* SSLv3 has now been disabled for security. This also means you can only
-  link UnrealIRCd 4 with 3.2.10.3 and later because earlier versions
-  used SSLv3 instead of TLS due to an OpenSSL API mistake. [B4]
-
-==[ MODULE CODERS / DEVELOPERS ]==
-* A lot of technical documentation for module coders has been added
-  at https://www.unrealircd.org/docs/ describing things like how to
-  write a module from scratch, the User & Channel Mode System, Commands,
-  Command Overrides, Hooks, attaching custom-data to users/channels,
-  and more. [A2+]
-* For commands: do not read from parv[0] anymore, doing so will lead
-  to a crash. Use sptr->name instead. This change is necessary as
-  the "name" in parv[0] could possibly point to a UID/SID rather than
-  a nick name. Thus, if you would send parv[0] to a non-UID or non-SID
-  capable server this would lead to serious issues (not found errors).
-* Added MOD_OPT_PERM_RELOADABLE which permits reloading (eg: upgrades)
-  but disallows unloading of a module [A3]
-* There have been *a lot* of source code cleanups (ALL)
-* We now use the information from PROTOCTL CHANMODES= for parameter
-  skipping if the channel mode is unknown. Also, when channel modes
-  are loaded or unloaded we re-broadcast PROTOCTL CHANMODES=. [B1]
-* The server protocol docs have been removed. The protocol is now
-  documented at https://www.unrealircd.org/docs/Server_protocol
-  See also https://www.unrealircd.org/docs/Server_protocol:Changes
-  for a list of changes between the 3.2 and 4.0 server protocol.
-* GCC typechecking has been added to make sure your HookAdd... calls
-  are adding hook functions with the correct parameter (types).
-
-==[ REMOVED / DROPPED ]==
-* Numeric server IDs, see above. [A1]
-* PROTOCTL TOKEN and SJB64 are no longer implemented. [A1]
-* Ziplinks have been removed. [A1]
-* WebTV support. [A3]
-* Channel Mode +j was removed and replaced by the configuration setting
-  set::anti-flood::join-flood (default: 3 per 90 seconds). [B1]
-* /CHATOPS: use /GLOBOPS instead which does the same
-  /ADCHAT & /NACHAT: gone as we don't have such oper levels anymore
-  Your opers should actually be in an #opers channel. If you also want
-  special classes of oper channels like #admins then use +iI ~O:*admin*
-* User modes:
-  * +N (Network Administrator): see 'Oper permissions' under NEW as for why
-  * +a (Services Administrator): same
-  * +A (Server Administrator: same
-  * +C (Co Administrator): same
-  * +O (Local IRC Operator): same
-  * +h (HelpOp): all this did was add a line "is available for help" in
-    WHOIS. You can use a vhost block with vhost::swhois as a replacement
-    or for opers just add an oper::swhois item.
-  * +g (failops): we already have snomasks and the +o usermode for this
-  * +v (receive infected DCC SEND rejection notices): moved to snomask +D

doc/coding-guidelines

@@ -1,143 +1,123 @@
-Rules about patches & modifications to UnrealIRCd
-
-1. When making a change, always add a small description in the commit log.
-   Don't forget to mention the bug# and credit the reporter (if any).
-
-2. If new files are made, it must contain proper copyright headers.
-
-3. If you want to submit patches (f.e. if you don't have write access to
-   the repository), then submit them to https://bugs.unrealircd.org/
-   using "hg export" or "hg diff". Naturally include a clear description
-   of what the change does.
-
-4. Each bug or feature should have a bug# so people can have a discussion
-   about it. This has a few implications (read!!):
-   * People must report bugs/feature requests to bugs.unrealircd.org and
-     not on IRC, e-mail, etc.
-   * That means other people can see the bug# and comment on it. This means
-     discussion is easy to read back for each issue and not spread between
-     several IRC logs.
-     Furthermore, by using the bugtracker instead of directly committing,
-     people could point out that there might be a better way to do things
-     than you originally thought, or it might be that other devs don't like
-     it at all.
-   * If a head coder has 'acknowledged' or 'confirmed' the bug or stated in
-     a comment that it's OK to implement, then a dev may take the issue.
-     The dev should change the status to 'assigned' and work on it, then
-     commit and change it to 'resolved', set 'fixed in version' to next
-     release, and add a comment pasting the relevant Changelog item and the
-     releaseid (.XYZ).
-     Of course other guidelines, like #7 and #8 still apply.
-
-5. Do not commit changes that do not have an associated bug# and have not
-   had any discussion.
-   3.2.x: Small/tiny bugfixes that do not change any functionality, are
-   very unlikely to break anything and definitely don't require any prior
-   discussion may be exempted.
-   3.4.x: During the alpha & beta stage it is permitted to commit fixes
-   and code cleanups / restructuring without any discussion.
-   However in general, and in particular for new features, it is appreciated
-   if there has been prior discussion on bugs.unrealircd.org (or by mail).
-
-6. Regarding reidenting, restructuring or other major code cleanups: please
-   discuss before doing so. The other devs might not agree with you on the
-   particular cleanup you have in mind which would result in another
-   clean-up-the-cleanup commit.
-   You may, however reindent and clean up individual sections when you are
-   working on fixing a particular bug# or implementing a new feature. In fact
-   you're encouraged to do so if the code is confusing without it. However,
-   obey the style of Unreal's code (mostly outlined in this document)
-   and do not introduce yet another (new) style. Also, be careful with doing
-   any cleanup: if you're unsure in any way about the use of something,
-   or something that looks redundant on first sight, then look more
-   carefully... it might indeed be useless and/or redundant, but it might
-   also be a subtle thing that can create great bugs when 'cleaned up'.
-
-7. Prior to a 3.2.x release: be very careful with any restructuring of a
-   subsystem or doing any major commits that may break things. Stuff like
-   this can be perfectly fine if there are many months to go, but are not
-   good to do a month before release. The head coder may impose additional
-   restrictions during such a period.
-
-8. During the Release Candidate stage (from RC1 until the final release)
-   only the head coder may commit directly, all others should ask and
-   present their patch before committing. Yes, even if you are changing
-   only 1 line of code or text.
-
-9. UnrealIRCd should compile on all supported operating systems and
-   platforms, using GCC 3 or higher on *NIX, and Visual Studio 2008 or
-   higher on Windows. This means you cannot blindly use all C99 extensions.
-
-10. Coders must test their code before committing.
-
-11. /*  
-     * These kind of comments
-     */
- 
-   NOT
- 
-   // These kind of comments
-
-12. 	if (something == 1) 
-   	{
-		moo; /* comment */
-		/* This does what what what */
-		cow(go(moo));
-	}
-	
-	NOT 
-	
-	if (something == 1) {
-	}
-	
-13. Do not touch version.c.SH or version.h, unless you are a head coder
-    if you need a credit in, contact us
-   
-14. Protocol changes must be discussed before making patches for it.
-
-15. We do NOT rip people off. If we use other people's code, it MUST be
-    properly credited.
-
-16. We generally use tabsize 4 and 8. In any case, use tabs and NOT spaces.
-    Some code is old and horrible and has a mix of tabs and spaces used for
-    spacing, that's something we do not want to have ;)
-
-17. Be careful about overflows. Do not do any unchecked string copies.
-    Instead of strcpy, strcat and sprintf/ircsprintf, use the following
-    functions: strlcpy, strlcat, snprintf/ircnsprintf.
-    If you are copying/writing character-by-character or word-by-word in a
-    loop, be very sure about your size counting. Sometimes it's possible
-    to avoid such code alltogether by just calling strlcat each time.
-
-18. Speed.  When optimizing or writing code, keep in mind that readability and
-    stability comes FIRST, and after that comes speed. So we'd rather prefer some
-    readable code (even if difficult) over some odd highly optimized routine which
-    nobody understands, is difficult to extend, and might have several bugs.
-    As mentioned earlier: use ircsnprintf, not snprintf (this is because
-    ircsnprintf is optimized for simple strings like the ones we use).
-    ircsnprintf calls snprintf when it finds a (non-simple) format specifier it
-    can't handle.  Simple format specifiers do not have prefixes other than
-    h and l.
-
-19. Initialize your structs and use the proper memory calls.
-    In UnrealIRCd we use MyMalloc, MyMallocEx and MyFree (so not malloc/free).
-    MyMalloc usually maps to malloc, and MyMallocEx is a malloc plus filling
-    the memory area (eg: the struct) with zero's (a la calloc).
-    Use of MyMallocEx is suggested. In general you should not be using MyMalloc.
-    "But MyMalloc is faster!" you might say. This is true, but using MyMallocEx
-    has very little speed impact and enormous benefits: people tend to forget
-    to set certain fields in the struct to NULL, or much more common: when
-    someone later on (eg: 1 year later) adds a field to a struct, there could
-    be several places he/she needs to update to make sure x->something is NULL
-    after allocating a new struct. Bad idea.
-    Little speed impact, huge stability benefits, easy decision ;).
-
-20. Comment your code! This should speak for itself...
-    Put comments wherever you think they are needed, to aid any further coders
-    with reading your code.. and, in fact, it will aid yourself as well if you
-    would look back at your code 2 years later.
-    If there's some obscure pitfall, DO mention it! Don't just "hope" a next
-    author will see it like you did.
-
-21. Use enums whenever possible, rather than #define constants. Besides making
-    things more clean, it also aids debugging.
+Rules about patches & modifications to UnrealIRCd
+
+1. When making a change, always add a small description in the commit log.
+   Don't forget to mention the bug# and credit the reporter (if any).
+
+2. If new files are made, they must contain proper copyright headers.
+
+3. Each bug or feature should have a bug# so people can have a discussion
+   about it. This has a few implications (read!!):
+   * People must report bugs/feature requests to bugs.unrealircd.org and
+     not on IRC, e-mail, etc.
+   * That means other people can see the bug# and comment on it. This means
+     discussion is easy to read back for each issue and not spread between
+     several IRC logs.
+     Furthermore, by using the bugtracker instead of directly committing,
+     people could point out that there might be a better way to do things
+     than you originally thought, or it might be that other devs don't like
+     it at all.
+   * If a head coder has 'acknowledged' or 'confirmed' the issue or stated
+     in a comment that it's OK to implement, then any dev may take the issue.
+     The dev should change the status to 'assigned' and work on it, then
+     commit and change it to 'resolved', set 'fixed in version' to the
+     correct release, and add a comment pasting the relevant commit log.
+     Of course other guidelines, in particular rule #7, still applies.
+
+4. If you don't have direct write access to the repository then you can
+   submit changes as as PR on github. It is very much preferred to also
+   have a bugs.unrealircd.org entry for it as well (see previous item).
+
+5. For the stable branch, in general, only commit changes that have an
+   associated bugid# and/or were discussed.
+   For branches currently in development (alpha/beta) there's more freedom
+   and if you think the change will be small and is fine without a
+   discussion then feel free to commit.
+
+6. Regarding reidenting, restructuring or other major code cleanups: please
+   discuss before doing so. The other devs might not agree with you on the
+   particular cleanup you have in mind which would result in another
+   clean-up-the-cleanup commit.
+   You may, however reindent and clean up individual sections when you are
+   working on fixing a particular bug# or implementing a new feature. In fact
+   you're encouraged to do so if the code is confusing without it. However,
+   obey the style of Unreal's code (mostly outlined in this document)
+   and do not introduce yet another (new) style. Also, be careful with doing
+   any cleanup: if you're unsure in any way about the use of something,
+   or something that looks redundant on first sight, then look more
+   carefully... it might indeed be useless and/or redundant, but it might
+   also be a subtle thing that can create great bugs when 'cleaned up'.
+
+7. During the Release Candidate stage (from RC1 until the final release)
+   only the head coder may commit directly, all others should ask and
+   present their patch before committing. Yes, even if you are changing
+   only 1 line of code or text.
+
+9. UnrealIRCd should compile on all supported operating systems and
+   platforms, using GCC 3 or higher on *NIX, and Visual Studio 2008 or
+   higher on Windows. This means you cannot blindly use all C99 extensions.
+
+10. Coders must test their code before committing.
+
+11. /*  
+     * These kind of comments
+     */
+ 
+   NOT
+ 
+   // These kind of comments
+
+12. 	if (something == 1) 
+   	{
+		moo; /* comment */
+		/* This does what what what */
+		cow(go(moo));
+	}
+	
+	NOT 
+	
+	if (something == 1) {
+	}
+	
+13. Do not touch version.c.SH or version.h, unless you are a head coder.
+    If you need a credit in, contact us
+   
+14. Protocol changes must be discussed before making patches for it.
+
+15. We do NOT rip people off. If we use other people's code, it MUST be
+    properly credited.
+
+16. We use tabsize 8 and we use tabs AND NOT SPACES.
+    Some code is old and horrible and has a mix of tabs and spaces used for
+    spacing, that's something we do not want to have ;)
+
+17. Be careful about overflows. Do not do any unchecked string copies.
+    Instead of strcpy, strcat and sprintf/ircsprintf, use the following
+    functions: strlcpy, strlcat, snprintf/ircnsprintf.
+    If you are copying/writing character-by-character or word-by-word in a
+    loop, eg using *p++ = x; then be very sure about your size counting.
+    Often it's better to avoid such code altogether, by simply using
+    strlcat for everything.
+
+18. Speed.  When optimizing or writing code, keep in mind that readability and
+    stability comes FIRST, and after that comes speed. So we'd rather prefer some
+    readable code (even if difficult) over some odd highly optimized routine which
+    nobody understands, is difficult to extend, and might have several bugs.
+    As mentioned earlier: use ircsnprintf, not snprintf (this is because
+    ircsnprintf is optimized for simple strings like the ones we use).
+    ircsnprintf calls snprintf when it finds a (non-simple) format specifier it
+    can't handle.  Simple format specifiers do not have prefixes other than
+    h and l.
+
+19. Initialize your structs and use the proper memory calls.
+    In UnrealIRCd we use safe_alloc, safe_free, safe_strdup and safe_strldup.
+    Do NOT use malloc, calloc or strdup.
+
+20. Comment your code! This should speak for itself...
+    Put comments wherever you think they are needed, to aid any further coders
+    with reading your code.. and, in fact, it will aid yourself as well if you
+    would look back at your code 2 years later.
+    If there's some obscure pitfall, DO mention it! Don't just "hope" a next
+    author will see it like you did.
+
+21. Use enums whenever possible, rather than #define constants. Besides making
+    things more clean, it also aids debugging.

doc/conf/aliases/aliases.conf

@@ -5,39 +5,39 @@ alias identify {
 		target chanserv;
 		type services;
 		parameters "IDENTIFY %1-";
-	};
+	}
 	format "^[^#]" {
 		target nickserv;
 		type services;
 		parameters "IDENTIFY %1-";
-	};
+	}
 	type command;
-};
+}
 
 alias services {
 	format "^#" {
 		target chanserv;
 		type services;
 		parameters "%1-";
-	};
+	}
 	format "^[^#]" {
 		target nickserv;
 		type services;
 		parameters "%1-";
-	};
+	}
 	type command;
-};
+}
 
 alias register {
 	format "^#" {
 		target chanserv;
 		type services;
 		parameters "REGISTER %1-";
-	};
+	}
 	format "^[^#]" {
 		target nickserv;
 		type services;
 		parameters "REGISTER %1-";
-	};
+	}
 	type command;
-};
+}

doc/conf/aliases/anope.conf

@@ -1,18 +1,17 @@
 /* Anope Aliases */
 
-alias nickserv { type services; };
-alias ns { target nickserv; type services; };
-alias chanserv { type services; };
-alias cs { target chanserv; type services; };
-alias memoserv { type services; spamfilter yes; };
-alias ms { target memoserv; type services; spamfilter yes; };
-alias operserv { type services; };
-alias os { target operserv; type services; };
-alias helpserv { type services; };
-alias botserv { type services; };
-alias bs { target botserv; type services; };
-alias hostserv { type services; };
-alias hs { target hostserv; type services; };
+alias nickserv { type services; }
+alias ns { target nickserv; type services; }
+alias chanserv { type services; }
+alias cs { target chanserv; type services; }
+alias memoserv { type services; spamfilter yes; }
+alias ms { target memoserv; type services; spamfilter yes; }
+alias operserv { type services; }
+alias os { target operserv; type services; }
+alias botserv { type services; }
+alias bs { target botserv; type services; }
+alias hostserv { type services; }
+alias hs { target hostserv; type services; }
 
 include "aliases/aliases.conf";
 

doc/conf/aliases/atheme.conf

@@ -1,26 +1,26 @@
 /* Atheme Aliases */
 
-alias nickserv { type services; };
-alias ns { target nickserv; type services; };
-alias chanserv { type services; };
-alias cs { target chanserv; type services; };
-alias memoserv { type services; spamfilter yes; };
-alias ms { target memoserv; type services; spamfilter yes; };
-alias operserv { type services; };
-alias os { target operserv; type services; };
-alias helpserv { type services; };
-alias botserv { type services; };
-alias bs { target botserv; type services; };
-alias hostserv { type services; };
-alias hs { target hostserv; type services; };
-alias saslserv { type services; };
-alias sss { target saslserv; type services; };
-alias gameserv { type services; };
-alias gms { target gameserv; type services; };
-alias groupserv { type services; };
-alias grs { target groupserv; type services; };
-alias alis { type services; };
-alias ls { target alis; type services; };
+alias nickserv { type services; }
+alias ns { target nickserv; type services; }
+alias chanserv { type services; }
+alias cs { target chanserv; type services; }
+alias memoserv { type services; spamfilter yes; }
+alias ms { target memoserv; type services; spamfilter yes; }
+alias operserv { type services; }
+alias os { target operserv; type services; }
+alias helpserv { type services; }
+alias botserv { type services; }
+alias bs { target botserv; type services; }
+alias hostserv { type services; }
+alias hs { target hostserv; type services; }
+alias saslserv { type services; }
+alias sss { target saslserv; type services; }
+alias gameserv { type services; }
+alias gms { target gameserv; type services; }
+alias groupserv { type services; }
+alias grs { target groupserv; type services; }
+alias alis { type services; }
+alias ls { target alis; type services; }
 
 include "aliases/aliases.conf";
 

doc/conf/aliases/auspice.conf

@@ -1,33 +1,33 @@
 /* Auspice Aliases */
 
 /* Uncomment this, if you have enabled "MassServ, W and X" in auspice */
-# alias massserv { type services; };
-# alias ma { target massserv; type services; };
-# alias W { type services; };
-# alias X { type services; };
+# alias massserv { type services; }
+# alias ma { target massserv; type services; }
+# alias W { type services; }
+# alias X { type services; }
 
 /* Uncomment this, if you have enabled "WebServ" in auspice */
-# alias webserv { type services; };
-# alias ws { target webserv; type services; };
+# alias webserv { type services; }
+# alias ws { target webserv; type services; }
 
-alias agent { type services; };
-alias adminserv { type services; };
-alias as { target adminserv; type services; };
-alias botserv { type services; };
-alias bs { target botserv; type services; };
-alias chanserv { type services; };
-alias cs { target chanserv; type services; };
-alias helpserv { type services; };
-alias hs { target helpserv; type services; };
-alias hostserv { type services; };
-alias ho { target hostserv; type services; };
-alias memoserv { type services; spamfilter yes; };
-alias ms { target memoserv; type services; spamfilter yes; };
-alias nickserv { type services; };
-alias ns { target nickserv; type services; };
-alias operserv { type services; };
-alias os { target operserv; type services; };
-alias rootserv { type services; };
-alias rs { target rootserv; type services; };
+alias agent { type services; }
+alias adminserv { type services; }
+alias as { target adminserv; type services; }
+alias botserv { type services; }
+alias bs { target botserv; type services; }
+alias chanserv { type services; }
+alias cs { target chanserv; type services; }
+alias helpserv { type services; }
+alias hs { target helpserv; type services; }
+alias hostserv { type services; }
+alias ho { target hostserv; type services; }
+alias memoserv { type services; spamfilter yes; }
+alias ms { target memoserv; type services; spamfilter yes; }
+alias nickserv { type services; }
+alias ns { target nickserv; type services; }
+alias operserv { type services; }
+alias os { target operserv; type services; }
+alias rootserv { type services; }
+alias rs { target rootserv; type services; }
 
 include "aliases/aliases.conf";

doc/conf/aliases/cygnus.conf

@@ -1,12 +1,12 @@
 /* Cygnus Aliases */
 
-alias nickserv { type services; };
-alias ns { target nickserv; type services; };
-alias chanserv { type services; };
-alias cs { target chanserv; type services; };
-alias memoserv { type services; spamfilter yes; };
-alias ms { target memoserv; type services; spamfilter yes; };
-alias rootserv { type services; };
-alias rs { target rootserv; type services; };
+alias nickserv { type services; }
+alias ns { target nickserv; type services; }
+alias chanserv { type services; }
+alias cs { target chanserv; type services; }
+alias memoserv { type services; spamfilter yes; }
+alias ms { target memoserv; type services; spamfilter yes; }
+alias rootserv { type services; }
+alias rs { target rootserv; type services; }
 
 include "aliases/aliases.conf";

doc/conf/aliases/epona.conf

@@ -1,16 +1,16 @@
 /* Epona Aliases */
 
-alias nickserv { type services; };
-alias ns { target nickserv; type services; };
-alias chanserv { type services; };
-alias cs { target chanserv; type services; };
-alias memoserv { type services; spamfilter yes; };
-alias ms { target memoserv; type services; spamfilter yes; };
-alias operserv { type services; };
-alias os { target operserv; type services; };
-alias helpserv { type services; };
-alias hs { target helpserv; type services; };
-alias botserv { type services; };
-alias bs { target botserv; type services; };
+alias nickserv { type services; }
+alias ns { target nickserv; type services; }
+alias chanserv { type services; }
+alias cs { target chanserv; type services; }
+alias memoserv { type services; spamfilter yes; }
+alias ms { target memoserv; type services; spamfilter yes; }
+alias operserv { type services; }
+alias os { target operserv; type services; }
+alias helpserv { type services; }
+alias hs { target helpserv; type services; }
+alias botserv { type services; }
+alias bs { target botserv; type services; }
 
 include "aliases/aliases.conf";

doc/conf/aliases/generic.conf

@@ -1,14 +1,14 @@
 /* Generic Aliases */
 
-alias nickserv { type services; };
-alias ns { target nickserv; type services; };
-alias chanserv { type services; };
-alias cs { target chanserv; type services; };
-alias memoserv { type services; spamfilter yes; };
-alias ms { target memoserv; type services; spamfilter yes; };
-alias operserv { type services; };
-alias os { target operserv; type services; };
-alias helpserv { type services; };
-alias hs { target helpserv; type services; };
+alias nickserv { type services; }
+alias ns { target nickserv; type services; }
+alias chanserv { type services; }
+alias cs { target chanserv; type services; }
+alias memoserv { type services; spamfilter yes; }
+alias ms { target memoserv; type services; spamfilter yes; }
+alias operserv { type services; }
+alias os { target operserv; type services; }
+alias helpserv { type services; }
+alias hs { target helpserv; type services; }
 
 include "aliases/aliases.conf";

doc/conf/aliases/genericstats.conf

@@ -1,4 +1,4 @@
 /* Generic StatServ Aliases */
 
-alias statserv { type stats; };
-alias ss { target statserv; type stats; };
+alias statserv { type stats; }
+alias ss { target statserv; type stats; }

doc/conf/aliases/ircservices.conf

@@ -1,17 +1,17 @@
 /* IRCServices Aliases */
 
-alias nickserv { type services; };
-alias ns { target nickserv; type services; };
-alias chanserv { type services; };
-alias cs { target chanserv; type services; };
-alias memoserv { type services; spamfilter yes; };
-alias ms { target memoserv; type services; spamfilter yes; };
-alias operserv { type services; };
-alias os { target operserv; type services; };
-alias helpserv { type services; };
-alias hs { target helpserv; type services; };
-alias irciihelp { type services; };
-alias statserv { type services; };
-alias ss { target statserv; type services; };
+alias nickserv { type services; }
+alias ns { target nickserv; type services; }
+alias chanserv { type services; }
+alias cs { target chanserv; type services; }
+alias memoserv { type services; spamfilter yes; }
+alias ms { target memoserv; type services; spamfilter yes; }
+alias operserv { type services; }
+alias os { target operserv; type services; }
+alias helpserv { type services; }
+alias hs { target helpserv; type services; }
+alias irciihelp { type services; }
+alias statserv { type services; }
+alias ss { target statserv; type services; }
 
 include "aliases/aliases.conf";

doc/conf/aliases/operstats.conf

@@ -1,6 +1,6 @@
 /* OperStats Aliases */
 
-alias operserv { type stats; };
-alias os { target operserv; type stats; };
-alias statserv { type stats; };
-alias ss { target statserv; type stats; };
+alias operserv { type stats; }
+alias os { target operserv; type stats; }
+alias statserv { type stats; }
+alias ss { target statserv; type stats; }

doc/conf/badwords.conf

@@ -30,22 +30,22 @@
 
 
 */
-badword all { word "pussy"; };
-badword all { word "fuck"; };
-badword all { word "whore"; };
-badword all { word "slut"; };
-badword all { word "shit"; };
-badword all { word "asshole"; };
-badword all { word "bitch"; };
-badword all { word "cunt"; };
-badword all { word "vagina"; };
-badword all { word "penis"; };
-badword all { word "jackass"; };
-badword all { word "*fucker*"; };
-badword all { word "faggot"; };
-badword all { word "fag"; };
-badword all { word "horny"; };
-badword all { word "dickhead"; };
-badword all { word "sonuvabitch"; };
-badword all { word "*fuck*"; };
-badword all { word "tits"; };
+badword all { word "pussy"; }
+badword all { word "fuck"; }
+badword all { word "whore"; }
+badword all { word "slut"; }
+badword all { word "shit"; }
+badword all { word "asshole"; }
+badword all { word "bitch"; }
+badword all { word "cunt"; }
+badword all { word "vagina"; }
+badword all { word "penis"; }
+badword all { word "jackass"; }
+badword all { word "*fucker*"; }
+badword all { word "faggot"; }
+badword all { word "fag"; }
+badword all { word "horny"; }
+badword all { word "dickhead"; }
+badword all { word "sonuvabitch"; }
+badword all { word "*fuck*"; }
+badword all { word "tits"; }

doc/conf/dccallow.conf

@@ -17,26 +17,26 @@
  */
 
 /* first.. deny everything, then allow known-good stuff... */
-deny dcc { filename "*"; reason "Possible executable content"; soft yes; };
+deny dcc { filename "*"; reason "Possible executable content"; soft yes; }
 /* common image formats */
-allow dcc { filename "*.jpg"; soft yes; };
-allow dcc { filename "*.jpeg"; soft yes; };
-allow dcc { filename "*.gif"; soft yes; };
-allow dcc { filename "*.png"; soft yes; };
-allow dcc { filename "*.bmp"; soft yes; };
+allow dcc { filename "*.jpg"; soft yes; }
+allow dcc { filename "*.jpeg"; soft yes; }
+allow dcc { filename "*.gif"; soft yes; }
+allow dcc { filename "*.png"; soft yes; }
+allow dcc { filename "*.bmp"; soft yes; }
 /* audio / video (but not scripted/playlists!) */
-allow dcc { filename "*.mp1"; soft yes; };
-allow dcc { filename "*.mp2"; soft yes; };
-allow dcc { filename "*.mp3"; soft yes; };
-allow dcc { filename "*.mpg"; soft yes; };
-allow dcc { filename "*.mpeg"; soft yes; };
-allow dcc { filename "*.m1v"; soft yes; };
-allow dcc { filename "*.m2v"; soft yes; };
-allow dcc { filename "*.vob"; soft yes; };
-allow dcc { filename "*.wav"; soft yes; };
+allow dcc { filename "*.mp1"; soft yes; }
+allow dcc { filename "*.mp2"; soft yes; }
+allow dcc { filename "*.mp3"; soft yes; }
+allow dcc { filename "*.mpg"; soft yes; }
+allow dcc { filename "*.mpeg"; soft yes; }
+allow dcc { filename "*.m1v"; soft yes; }
+allow dcc { filename "*.m2v"; soft yes; }
+allow dcc { filename "*.vob"; soft yes; }
+allow dcc { filename "*.wav"; soft yes; }
 /* text / misc */
-allow dcc { filename "*.txt"; soft yes; };
-allow dcc { filename "*.log"; soft yes; };
-allow dcc { filename "*.pdf"; soft yes; };
-allow dcc { filename "*.c"; soft yes; };
-allow dcc { filename "*.cpp"; soft yes; };
+allow dcc { filename "*.txt"; soft yes; }
+allow dcc { filename "*.log"; soft yes; }
+allow dcc { filename "*.pdf"; soft yes; }
+allow dcc { filename "*.c"; soft yes; }
+allow dcc { filename "*.cpp"; soft yes; }

doc/conf/examples/example.conf

@@ -1,19 +1,19 @@
-/* Configuration file for UnrealIRCd 4.0
+/* Configuration file for UnrealIRCd 5
  *
  * Simply copy this file to your conf/ directory, call it
  * 'unrealircd.conf' and walk through it line by line (edit it!)
  *
- * Important: All lines, except the opening { line, end with an ;
- * including };. This is very important, if you miss a ; somewhere then
- * the configuration file parser will complain and your file will not
+ * Important: All lines, except { and } end with an ;
+ * This is very important, if you miss a ; somewhere then the
+ * configuration file parser will complain and the file will not
  * be processed correctly!
  * If this is your first experience with an UnrealIRCd configuration
  * file then we really recommend you to read a little about the syntax,
  * this only takes a few minutes and will help you a lot:
  * https://www.unrealircd.org/docs/Configuration#Configuration_file_syntax
  *
- * UnrealIRCd 4 documentation (very extensive!):
- * https://www.unrealircd.org/docs/UnrealIRCd_4_documentation
+ * UnrealIRCd 5 documentation (very extensive!):
+ * https://www.unrealircd.org/docs/UnrealIRCd_5_documentation
  *
  * Frequently Asked Questions:
  * https://www.unrealircd.org/docs/FAQ
@@ -42,12 +42,13 @@ include "modules.default.conf";
  * - help/help.conf for our on-IRC /HELPOP system
  * - badwords.conf for channel and user mode +G
  * - spamfilter.conf as an example for spamfilter usage
+ *   (commented out)
  * - operclass.default.conf contains some good operclasses which
  *   you can use in your oper blocks.
  */
 include "help/help.conf";
 include "badwords.conf";
-include "spamfilter.conf";
+//include "spamfilter.conf";
 include "operclass.default.conf";
 
 /* This is the me { } block which basically says who we are.
@@ -57,10 +58,10 @@ include "operclass.default.conf";
  * have it's own sid).
  */
 me {
-	name "irc.foonet.com";
-	info "FooNet Server";
+	name "irc.example.org";
+	info "ExampleNET Server";
 	sid "001";
-};
+}
 
 /* The admin { } block defines what users will see if they type /ADMIN.
  * It normally contains information on how to contact the administrator.
@@ -68,8 +69,8 @@ me {
 admin {
 	"Bob Smith";
 	"bob";
-	"widely@used.name";
-};
+	"email@example.org";
+}
 
 /* Clients and servers are put in class { } blocks, we define them here.
  * Class blocks consist of the following items:
@@ -86,7 +87,7 @@ class clients
 	maxclients 1000;
 	sendq 200k;
 	recvq 8000;
-};
+}
 
 /* Special class for IRCOps with higher limits */
 class opers
@@ -95,7 +96,7 @@ class opers
 	maxclients 50;
 	sendq 1M;
 	recvq 8000;
-};
+}
 
 /* Server class with good defaults */
 class servers
@@ -103,8 +104,8 @@ class servers
 	pingfreq 60;
 	connfreq 15; /* try to connect every 15 seconds */
 	maxclients 10; /* max servers */
-	sendq 5M;
-};
+	sendq 20M;
+}
 
 /* Allow blocks define which clients may connect to this server.
  * This allows you to add a server password or restrict the server to
@@ -115,21 +116,21 @@ class servers
 
 /* Allow everyone in, but only 3 connections per IP */
 allow {
-	ip *@*;
+	mask *;
 	class clients;
 	maxperip 3;
-};
+}
 
 /* Example of a special allow block on a specific IP:
  * Requires users on that IP to connect with a password. If the password
  * is correct then it permits 20 connections on that IP.
  */
 allow {
-	ip *@192.0.2.1;
+	mask 192.0.2.1;
 	class clients;
 	password "somesecretpasswd";
 	maxperip 20;
-};
+}
 
 /* Oper blocks define your IRC Operators.
  * IRC Operators are people who have "extra rights" compared to others,
@@ -157,8 +158,8 @@ oper bobsmith {
 	 */
 	operclass netadmin;
 	swhois "is a Network Administrator";
-	vhost netadmin.mynet.org;
-};
+	vhost netadmin.example.org;
+}
 
 /* Listen blocks define the ports where the server should listen on.
  * In other words: the ports that clients and servers may use to
@@ -171,35 +172,35 @@ oper bobsmith {
  *   port <port>;
  *   options {
  *     <options....>;
- *   };
- * };
+ *   }
+ * }
  */
 
 /* Standard IRC port 6667 */
 listen {
 	ip *;
 	port 6667;
-};
+}
 
 /* Standard IRC SSL/TLS port 6697 */
 listen {
 	ip *;
 	port 6697;
-	options { ssl; };
-};
+	options { tls; }
+}
 
 /* Special SSL/TLS servers-only port for linking */
 listen {
 	ip *;
 	port 6900;
-	options { ssl; serversonly; };
-};
+	options { tls; serversonly; }
+}
 
 /* NOTE: If you are on an IRCd shell with multiple IP's and you use
  *       the above listen { } blocks then you will likely get an
  *       'Address already in use' error and the ircd won't start.
  *       This means you MUST bind to a specific IP instead of '*' like:
- *       listen { ip 1.2.3.4; port 6667; };
+ *       listen { ip 1.2.3.4; port 6667; }
  *       Of course, replace the IP with the IP that was assigned to you.
  */
 
@@ -207,50 +208,49 @@ listen {
  * Link blocks allow you to link multiple servers together to form a network.
  * See https://www.unrealircd.org/docs/Tutorial:_Linking_servers
  */
-link hub.mynet.org
+link hub.example.org
 {
 	incoming {
 		mask *@something;
-	};
+	}
 
 	outgoing {
 		bind-ip *; /* or explicitly an IP */
-		hostname hub.mynet.org;
+		hostname hub.example.org;
 		port 6900;
-		options { ssl; };
-	};
+		options { tls; }
+	}
 
 	/* We use the SPKI fingerprint of the other server for authentication.
 	 * Run './unrealircd spkifp' on the other side to get it.
-	 * NOTE: requires UnrealIRCd 4.0.16 or later.
 	 */
-	password "AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUV=" { spkifp; };
+	password "AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUV=" { spkifp; }
 
 	class servers;
-};
+}
 
 /* The link block for services is usually much simpler.
  * For more information about what Services are,
  * see https://www.unrealircd.org/docs/Services
  */
-link services.mynet.org
+link services.example.org
 {
 	incoming {
 		mask 127.0.0.1;
-	};
+	}
 
 	password "changemeplease";
 
 	class servers;
-};
+}
 
 /* U-lines give other servers (even) more power/commands.
  * If you use services you must add them here.
  * NEVER put the name of an UnrealIRCd server here!!!
  */
 ulines {
-	services.mynet.org;
-};
+	services.example.org;
+}
 
 /* Here you can add a password for the IRCOp-only /DIE and /RESTART commands.
  * This is mainly meant to provide a little protection against accidental
@@ -259,13 +259,13 @@ ulines {
 drpass {
 	restart "restart";
 	die "die";
-};
+}
 
 /* The log block defines what should be logged and to what file.
  * See also https://www.unrealircd.org/docs/Log_block
  */
 
-/* This is a good default, it logs almost everything */
+/* This is a good default, it logs everything */
 log "ircd.log" {
 	flags {
 		oper;
@@ -273,13 +273,14 @@ log "ircd.log" {
 		server-connects;
 		kills;
 		errors;
+		flood;
 		sadmin-commands;
 		chg-commands;
 		oper-override;
 		tkl;
 		spamfilter;
-	};
-};
+	}
+}
 
 /* With "aliases" you can create an alias like /SOMETHING to send a message to
  * some user or bot. They are usually used for services.
@@ -293,7 +294,7 @@ include "aliases/anope.conf";
 ban nick {
 	mask "*C*h*a*n*S*e*r*v*";
 	reason "Reserved for Services";
-};
+}
 
 /* Ban ip.
  * Note that you normally use /KLINE, /GLINE and /ZLINE for this.
@@ -301,19 +302,19 @@ ban nick {
 ban ip {
 	mask 195.86.232.81;
 	reason "Hate you";
-};
+}
 
 /* Ban server - if we see this server linked to someone then we delink */
 ban server {
 	mask eris.berkeley.edu;
 	reason "Get out of here.";
-};
+}
 
 /* Ban user - just as an example, you normally use /KLINE or /GLINE for this */
 ban user {
 	mask *tirc@*.saturn.bbn.com;
 	reason "Idiot";
-};
+}
 
 /* Ban realname allows you to ban clients based on their 'real name'
  * or 'gecos' field.
@@ -321,12 +322,12 @@ ban user {
 ban realname {
 	mask "Swat Team";
 	reason "mIRKFORCE";
-};
+}
 
 ban realname {
 	mask "sub7server";
 	reason "sub7";
-};
+}
 
 /* Ban and TKL exceptions. Allows you to exempt users / machines from
  * KLINE, GLINE, etc.
@@ -339,26 +340,26 @@ ban realname {
 except ban {
 	mask *@192.0.2.1;
 	// you may add more mask entries here..
-};
+}
 
-/* except tkl with type 'all' protects you from GLINE, GZLINE, QLINE, SHUN */
-except tkl {
+/* except ban with type 'all' protects you from GLINE, GZLINE, QLINE, SHUN */
+except ban {
 	mask *@192.0.2.1;
 	type all;
-};
+}
 
 /* With deny dcc blocks you can ban filenames for DCC */
 deny dcc {
 	filename "*sub7*";
 	reason "Possible Sub7 Virus";
-};
+}
 
 /* deny channel allows you to ban a channel (mask) entirely */
 deny channel {
 	channel "*warez*";
 	reason "Warez is illegal";
 	class "clients";
-};
+}
 
 /* VHosts (Virtual Hosts) allow users to acquire a different host.
  * See https://www.unrealircd.org/docs/Vhost_block
@@ -373,17 +374,62 @@ vhost {
 	mask *@unrealircd.com;
 	login "test";
 	password "test";
-};
+}
+
+/* Blacklist blocks will query an external DNS Blacklist service
+ * whenever a user connects, to see if the IP address is known
+ * to cause drone attacks, is a known hacked machine, etc.
+ * Documentation: https://www.unrealircd.org/docs/Blacklist_block
+ * Or just have a look at the blocks below.
+ */
+
+/* DroneBL, probably the most popular blacklist used by IRC Servers.
+ * See https://dronebl.org/ for their documentation and the
+ * meaning of the reply types. At time of writing we use types:
+ * 3: IRC Drone, 5: Bottler, 6: Unknown spambot or drone,
+ * 7: DDoS Drone, 8: SOCKS Proxy, 9: HTTP Proxy, 10: ProxyChain,
+ * 11: Web Page Proxy, 12: Open DNS Resolver, 13: Brute force attackers,
+ * 14: Open Wingate Proxy, 15: Compromised router / gateway,
+ * 16: Autorooting worms.
+ */
+blacklist dronebl {
+        dns {
+                name dnsbl.dronebl.org;
+                type record;
+                reply { 3; 5; 6; 7; 8; 9; 10; 11; 12; 13; 14; 15; 16; }
+        }
+        action gline;
+        ban-time 24h;
+        reason "Proxy/Drone detected. Check https://dronebl.org/lookup?ip=$ip for details.";
+}
+
+/* EFnetRBL, see https://rbl.efnetrbl.org/ for documentation
+ * and the meaning of the reply types.
+ * At time of writing: 1 is open proxy, 4 is TOR, 5 is drones/flooding.
+ *
+ * NOTE: If you want to permit TOR proxies on your server, then
+ *       you need to remove the '4;' below in the reply section.
+ */
+blacklist efnetrbl {
+        dns {
+                name rbl.efnetrbl.org;
+                type record;
+                reply { 1; 4; 5; }
+        }
+        action gline;
+        ban-time 24h;
+        reason "Proxy/Drone/TOR detected. Check https://rbl.efnetrbl.org/?i=$ip for details.";
+}
 
 /* You can include other configuration files */
 /* include "klines.conf"; */
 
 /* Network configuration */
 set {
-	network-name 		"MYNet";
-	default-server 		"irc.mynet.org";
-	services-server 	"services.mynet.org";
-	stats-server 		"stats.mynet.org";
+	network-name 		"ExampleNET";
+	default-server 		"irc.example.org";
+	services-server 	"services.example.org";
+	stats-server 		"stats.example.org";
 	help-channel 		"#Help";
 	hiddenhost-prefix	"Clk";
 	prefix-quit 		"Quit";
@@ -399,20 +445,21 @@ set {
 		"aoAr1HnR6gl3sJ7hVz4Zb7x4YwpW";
 		"and another one";
 		"and another one";
-	};
-};
+	}
+}
 
 /* Server specific configuration */
 
 set {
 	kline-address "set.this.to.email.address"; /* e-mail or URL shown when a user is banned */
 	modes-on-connect "+ixw"; /* when users connect, they will get these user modes */
-	modes-on-oper	 "+xwgs"; /* when someone becomes IRCOp they'll get these modes */
+	modes-on-oper "+xws"; /* when someone becomes IRCOp they'll get these modes */
+	modes-on-join "+nt"; /* default channel modes when a new channel is created */
 	oper-auto-join "#opers"; /* IRCOps are auto-joined to this channel */
 	options {
 		hide-ulines; /* hide U-lines in /MAP and /LINKS */
 		show-connect-info; /* show "looking up your hostname" messages on connect */
-	};
+	}
 
 	maxchannelsperuser 10; /* maximum number of channels a user may /JOIN */
 
@@ -427,15 +474,12 @@ set {
 	/* static-part does the same for /PART */
 	/* static-part yes; */
 
-	/* Which /STATS to restrict to opers only. We suggest to leave it to * (ALL) */
-	oper-only-stats "*";
-
-	/* Anti flood protection */
+	/* Flood protection:
+	 * There are lots of settings for this and most have good defaults.
+	 * See https://www.unrealircd.org/docs/Set_block#set::anti-flood
+	 */
 	anti-flood {
-		nick-flood 3:60;	/* 3 nick changes per 60 seconds (the default) */
-		connect-flood 3:60; /* 3 connection attempts per 60 seconds (the default) */
-		away-flood 4:120;	/* 4 times per 2 minutes you may use /AWAY (default) */
-	};
+	}
 
 	/* Settings for spam filter */
 	spamfilter {
@@ -443,8 +487,93 @@ set {
 		ban-reason "Spam/Advertising"; /* default reason */
 		virus-help-channel "#help"; /* channel to use for 'viruschan' action */
 		/* except "#help"; channel to exempt from Spamfilter */
-	};
-};
+	}
+
+	/* Restrict certain commands.
+	 * See https://www.unrealircd.org/docs/Set_block#set::restrict-commands
+	 */
+	restrict-commands {
+		list {
+			connect-delay 60;
+			exempt-identified yes;
+			exempt-reputation-score 24;
+		}
+		invite {
+			connect-delay 120;
+			exempt-identified yes;
+			exempt-reputation-score 24;
+		}
+		/* In addition to the ability to restrict any command,
+		 * such as shown above. There are also 4 special types
+		 * that you can restrict. These are "private-message",
+		 * "private-notice", "channel-message" and "channel-notice".
+		 * They are commented out (disabled) in this example:
+		 */
+		//private-message {
+		//	connect-delay 10;
+		//}
+		//private-notice {
+		//	connect-delay 10;
+		//}
+	}
+}
+
+/*
+ * The following will configure connection throttling of "unknown users".
+ *
+ * When UnrealIRCd detects a high number of users connecting from IP addresses
+ * that have not been seen before, then connections from new IP's are rejected
+ * above the set rate. For example at 10:60 only 10 users per minute can connect
+ * that have not been seen before. Known IP addresses can always get in,
+ * regardless of the set rate. Same for users who login using SASL.
+ *
+ * See also https://www.unrealircd.org/docs/Connthrottle for details.
+ * Or just keep reading the default configuration settings below:
+ */
+
+set {
+	connthrottle {
+		/* First we must configure what we call "known users".
+		 * By default these are users on IP addresses that have
+		 * a score of 24 or higher. A score of 24 means that the
+		 * IP was connected to this network for at least 2 hours
+		 * in the past month (or minimum 1 hour if registered).
+		 * The sasl-bypass option is another setting. It means
+		 * that users who authenticate to services via SASL
+		 * are considered known users as well.
+		 * Users in the "known-users" group (either by reputation
+		 * or by SASL) are always allowed in by this module.
+		 */
+		known-users {
+			minimum-reputation-score 24;
+			sasl-bypass yes;
+		}
+
+		/* New users are all users that do not belong in the
+		 * known-users group. They are considered "new" and in
+		 * case of a high number of such new users connecting
+		 * they are subject to connection rate limiting.
+		 * By default the rate is 20 new local users per minute
+		 * and 30 new global users per minute.
+		 */
+		new-users {
+			local-throttle 20:60;
+			global-throttle 30:60;
+		}
+
+		/* This configures when this module will NOT be active.
+		 * The default settings will disable the module when:
+		 * - The reputation module has been running for less than
+		 *   a week. If running less than 1 week then there is
+		 *   insufficient data to consider who is a "known user".
+		 * - The server has just been booted up (first 3 minutes).
+		 */
+		disabled-when {
+			reputation-gathering 1w;
+			start-delay 3m;
+		}
+	}
+}
 
 /* Finally, you may wish to have a MOTD (Message of the Day), this can be
  * done by creating an 'ircd.motd' text file in your conf/ directory.

doc/conf/examples/example.es.conf

@@ -0,0 +1,610 @@
+/* Archivo de configuración para UnrealIRCd 5
+ *
+ * Simplemente copie este archivo a su directorio conf /, llámelo
+ * 'unrealircd.conf' y recorrerlo línea por línea (¡edítalo!)
+ *
+ * Importante: Todas las líneas, excepto { y } terminan con un;
+ * Esto es muy importante, si pierde un; en algún lugar entonces el
+ * el analizador de archivos de configuración se quejará y el archivo no
+ * ¡será procesado correctamente!
+ * Si esta es su primera experiencia con una configuración de UnrealIRCd
+ * entonces realmente le recomendamos que lea un poco sobre la sintaxis,
+ * esto solo toma unos minutos y te ayudará mucho:
+ * https://www.unrealircd.org/docs/Configuration#Configuration_file_syntax
+ *
+ * Documentación de UnrealIRCd 5 (¡muy extensa!):
+ * https://www.unrealircd.org/docs/Main_Page/es
+ *
+ * Preguntas frecuentes:
+ * https://www.unrealircd.org/docs/FAQ
+ *
+ */
+
+/* Esto es un comentario, todo el texto aquí se ignora (tipo de comentario #1) */
+// Esto también es un comentario, esta línea se ignora (tipo de comentario #2)
+#Esto también es un comentario, nuevamente esta línea se ignora (tipo de comentario # 3)
+
+/* UnrealIRCd hace un uso intensivo de módulos. Los módulos le permiten
+ * personalizar el conjunto de funciones que desea habilitar en UnrealIRCd.
+ * Vea más: https://www.unrealircd.org/docs/Modules
+ *
+ * Al usar la inclusión a continuación, le indicamos al IRCd que lea el archivo
+ * 'modules.default.conf' este cargará más de 150 módulos
+ * cargados con UnrealIRCd. En otras palabras: esto simplemente cargará
+ * todas las funciones disponibles en UnrealIRCd.
+ * Si está configurando UnrealIRCd por primera vez, le sugerimos
+ * utilizar este. Entonces, cuando todo esté en funcionamiento, puedes venir
+ * volver más tarde para personalizar la lista (si así lo desea).
+ */
+include "modules.default.conf";
+
+/* Ahora incluyamos algunos otros archivos:
+ * - help / help.conf para nuestro sistema on-IRC /HELPOP
+ * - badwords.conf para canal y modo de usuario +G
+ * - spamfilter.conf como ejemplo de uso de filtro de texto.
+ *   (comentado)
+ * - operclass.default.conf contiene algunas buenas operclasses que
+ * puedes usarlo en tus bloques operativos.
+ */
+include "help/help.conf";
+include "badwords.conf";
+//include "spamfilter.conf";
+include "operclass.default.conf";
+
+/* Este es el bloque me {} que básicamente dice quiénes somos.
+ * Define el nombre de nuestro servidor, alguna línea de información y un "sid" único.
+ * La identificación del servidor (sid) debe comenzar con un dígito seguido de dos dígitos o
+ * letras. El sid debe ser único para su red IRC (cada servidor debe
+ * tiene su propio sid).
+ */
+me {
+	name "irc.ejemplo.org";
+	info "Servidor EjemploNET";
+	sid "001";
+}
+
+/* El bloque admin {} define lo que los usuarios verán si escriben /ADMIN.
+ * Normalmente contiene información sobre cómo contactar al administrador.
+ */
+admin {
+	"Bob Smith";
+	"bob";
+	"correo-electrónico@ejemplo.org";
+}
+
+/* Los clientes y servidores se colocan en bloques de clase {}, los definimos aquí.
+ * Los bloques de clase constan de los siguientes elementos:
+ * - pingfreq: con qué frecuencia hacer ping a un usuario /servidor (en segundos)
+ * - connfreq: con qué frecuencia intentamos conectarnos a este servidor (en segundos)
+ * - sendq: el tamaño máximo de cola para una conexión
+ * - recvq: cola de recepción máxima de una conexión (control de inundaciones)
+ */
+
+/* Clase de cliente con buenos valores predeterminados */
+class clients
+{
+	pingfreq 90;
+	maxclients 1000;
+	sendq 200k;
+	recvq 8000;
+}
+
+/* Clase especial para IRCOps con límites superiores */
+class opers
+{
+	pingfreq 90;
+	maxclients 50;
+	sendq 1M;
+	recvq 8000;
+}
+
+/* Clase de servidor con buenos valores predeterminados */
+class servers
+{
+	pingfreq 60;
+	connfreq 15; /* intenta conectarte cada 15 segundos */
+	maxclients 10; /* máximo de servidores */
+	sendq 20M;
+}
+
+/* Bloques de permitir definen qué clientes pueden conectarse a este servidor.
+ * Esto le permite agregar una contraseña de servidor o restringir el servidor a
+ * IP específicas únicamente. También configuras las conexiones máximas
+ * permitido por IP aquí.
+ * Ver también: https://www.unrealircd.org/docs/Allow_block
+ */
+
+/* Permitir que todos entren, pero solo 3 conexiones por IP */
+allow {
+	mask *;
+	class clients;
+	maxperip 3;
+}
+
+/* Ejemplo de un bloque de permiso especial en una IP específica:
+ * Requiere que los usuarios de esa IP se conecten con una contraseña. Si la contraseña
+ * es correcto, entonces permite 20 conexiones en esa IP.
+ */
+
+allow {
+	mask 192.0.2.1;
+	class clients;
+	password "algunacontraseña";
+	maxperip 20;
+}
+
+/* Los bloques de operaciones definen sus operadores de IRC.
+ * Los operadores de IRC son personas que tienen "derechos adicionales" en comparación con otros,
+ * por ejemplo, pueden /KILL a otras personas, iniciar la vinculación del servidor,
+ * /JOIN a canales aunque estén prohibidos, etc.
+ *
+ * Para obtener más información sobre cómo convertirse en un IRCOp y cómo administrar
+ * tareas, consulte: https://www.unrealircd.org/docs/IRCOp_guide
+ *
+ * Para obtener detalles sobre el bloque oper {} en sí, consulte
+ * https://www.unrealircd.org/docs/Oper_block
+ */
+
+/* Aquí hay un ejemplo de bloque de operador para 'bobsmith' con contraseña 'test'.
+ * ¡¡DEBES cambiar esto !!
+ */
+
+oper bobsmith {
+	class opers;
+	mask *@*;
+	password "test";
+	/* Los permisos de operador se definen en un bloque 'operclass'.
+     * Ver https://www.unrealircd.org/docs/Operclass_block
+     * UnrealIRCd viene con una serie de bloques predeterminados, consulte
+     * el artículo para una lista completa. Elegimos 'netadmin' aquí.
+     */
+	operclass netadmin;
+	swhois "es un Administrador de Red";
+	vhost netadmin.ejemplo.org;
+}
+
+/* Los bloques de escucha definen los puertos donde el servidor debe escuchar.
+ * En otras palabras: los puertos que los clientes y servidores pueden usar para
+ * conectarse a este servidor.
+ * 
+ * Sintaxis:
+ * listen {
+ * { 
+ *   ip <ip>;
+ *   port <puerto>;
+ *   options {
+ *     <opciones....>;
+ *   }
+ * }
+ */
+
+/* Puerto estándar para IRC 6667 */
+listen {
+	ip *;
+	port 6667;
+}
+
+/* Puerto estándar para IRC SSL/TLS 6697 */
+listen {
+	ip *;
+	port 6697;
+	options { tls; }
+}
+
+/* Puerto especial SSL/TLS servers-only/(Solo servidores) para enlaces */
+listen {
+	ip *;
+	port 6900;
+	options { tls; serversonly; }
+}
+
+/* NOTA: Si está en una shell IRCd con varias IP y usa
+ * los bloques listen {} anteriores, es probable que obtenga un
+ * Error "address is already in use" y el ircd no se inicia.
+ * Esto significa que DEBE vincularse a una IP específica en lugar de '*' como:
+ * escuchar { ip 1.2.3.4; puerto 6667; }
+ * Por supuesto, reemplace la IP con la IP que se le asignó.
+ */
+
+/*
+ * Los bloques de enlaces le permiten enlazar varios servidores para formar una red.
+ * Ver https://www.unrealircd.org/docs/Tutorial:_Linking_servers
+ */
+
+link hub.ejemplo.org
+{
+	incoming {
+		mask *@algo;
+	}
+
+	outgoing {
+		bind-ip *; /* o explícitamente una IP */
+		hostname hub.ejemplo.org;
+		port 6900;
+		options { tls; }
+	}
+
+    /* Usamos la huella digital SPKI del otro servidor para la autenticación.
+     * Ejecute './unrealircd spkifp' en el otro lado para obtenerlo.
+     */
+
+	password "AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUV=" { spkifp; }
+
+	class servers;
+}
+
+/* El bloqueo de enlaces para servicios suele ser mucho más sencillo.
+ * Para obtener más información sobre qué son los Servicios,
+ * ver https://www.unrealircd.org/docs/Services
+ */
+
+link servicios.ejemplo.org
+{
+	incoming {
+		mask 127.0.0.1;
+	}
+
+	password "cambiameporfavor";
+
+	class servers;
+}
+
+/* Las líneas U dan a otros servidores (incluso) más poder/comandos.
+ * Si utiliza servicios debe agregarlos aquí.
+ * ¡¡¡NUNCA ponga aquí el nombre de un servidor UnrealIRCd !!!
+ */
+
+ulines {
+	servicios.ejemplo.org;
+}
+
+/* Aquí puede agregar una contraseña para los comandos solo IRCOp /DIE y /RESTART.
+ * Esto está destinado principalmente a proporcionar una pequeña protección contra accidentes
+ * se reinicia y el servidor se mata.
+ */
+ 
+drpass {
+	restart "reiniciar";
+	die "muere";
+}
+
+/* El bloque de registros define qué se debe registrar y en qué archivo.
+ * Ver también https://www.unrealircd.org/docs/Log_block
+ */
+
+/* Este es un buen valor predeterminado, registra todo */
+log "ircd.log" {
+	flags {
+		oper;
+		connects;
+		server-connects;
+		kills;
+		errors;
+		flood;
+		sadmin-commands;
+		chg-commands;
+		oper-override;
+		tkl;
+		spamfilter;
+	}
+}
+
+/ * Con "aliases" puedes crear un alias como /ALGO para enviar un mensaje
+  * algún usuario o bot. Suelen utilizarse para servicios.
+  *
+  * Tenemos varios archivos de alias preestablecidos, consulte el directorio alias /.
+  * Como ejemplo, aquí incluimos todos los alias utilizados para los servicios de anope.
+  * /
+
+include "aliases/anope.conf";
+
+/* Prohibir los apodos para que no puedan ser utilizados por usuarios habituales. */
+ban nick {
+	mask "*C*h*a*n*S*e*r*v*";
+	reason "Reservado para Servicios";
+}
+
+/* Prohibir ip.
+ * Tenga en cuenta que normalmente se usa /KLINE, /GLINE y /ZLINE para esto.
+ */
+
+ban ip {
+	mask 195.86.232.81;
+	reason "Te odio";
+}
+
+/* Ban server - if we see this server linked to someone then we delink */
+ban server {
+	mask eris.berkeley.edu;
+	reason "Sal de aquí.";
+}
+
+/* Banear un user - solo como ejemplo, normalmente usa /KLINE or /GLINE para esto */
+
+ban user {
+	mask *tirc@*.saturn.bbn.com;
+	reason "Idiota";
+}
+
+/* Banear realname te permite prohibir clientes en función de su 'nombre real'
+ * o campo 'gecos'.
+ */
+
+ban realname {
+	mask "Equipo Swat";
+	reason "mIRKFORCE";
+}
+
+ban realname {
+	mask "sub7server";
+	reason "sub7";
+}
+
+/* Excepciones de prohibición y TKL. Le permite eximir a los usuarios/máquinas de
+ * KLINE, GLINE, etc.
+ * Si es un IRCOp con una IP estática (y no hay personas que no sean de confianza en esa IP)
+ * entonces le sugerimos que se agregue aquí. De esa manera siempre puedes entrar
+ * incluso si accidentalmente te aplicas una prohibición de * LINE.
+ */
+
+/* Excepciones, te protege de KLINE and ZLINE */
+
+except ban {
+	mask *@192.0.2.1;
+	//      puede agregar más entradas de máscara aquí..
+}
+
+/* excepto prohibir con tipo 'all' te protege de GLINE, GZLINE, QLINE, SHUN */
+
+except ban {
+	mask *@192.0.2.1;
+	type all;
+}
+
+/* Con deny dcc puedes prohibir nombres de archivo para DCC */
+
+deny dcc {
+	filename "*sub7*";
+	reason "Posible Sub7 Virus";
+}
+
+/* deny channel te perimte banear un canal entero (mascará) */
+
+deny channel {
+	channel "*warez*";
+	reason "Warez es ilegal";
+	class "clients";
+}
+
+/* VHosts (Virtual Hosts) permite a los usuarios adquirir un host diferente.
+ * Ver https://www.unrealircd.org/docs/Vhost_block
+ */
+
+/* Ejemplo de vhost que puede usar. En el tipo de IRC: /VHOST test test
+ * NOTA: solo las personas con un host 'unrealircd.com' pueden usarlo así
+ * asegúrese de cambiar vhost :: mask antes de realizar la prueba.
+ */
+
+vhost {
+	vhost odio.microsefrs.com;
+	mask *@unrealircd.com;
+	login "testeo";
+	password "testeo";
+}
+
+/* Los bloques de lista negra consultarán un servicio de lista negra de DNS externo
+ * cada vez que un usuario se conecta, para ver si se conoce la dirección IP
+ * por causar ataques con drones, es una máquina pirateada conocida, etc.
+ * Documentación: https://www.unrealircd.org/docs/Blacklist_block
+ * O simplemente eche un vistazo a los bloques a continuación.
+ */
+
+/* DroneBL, probablemente la lista negra más popular utilizada por los servidores IRC.
+ * Consulte https://dronebl.org/ para obtener su documentación y el
+ * significado de los tipos de respuesta. En el momento de escribir este artículo utilizamos tipos:
+ * 3: IRC Drone, 5: Embotellador, 6: Spambot o drone desconocido,
+ * 7: DDoS Drone, 8: Proxy SOCKS, 9: Proxy HTTP, 10: ProxyChain,
+ * 11: Proxy de página web, 12: Open DNS Resolver, 13: Atacantes de fuerza bruta,
+ * 14: Proxy Wingate abierto, 15: Enrutador / puerta de enlace comprometido,
+ * 16: Gusanos de autorooting.
+ */
+
+blacklist dronebl {
+        dns {
+                name dnsbl.dronebl.org;
+                type record;
+                reply { 3; 5; 6; 7; 8; 9; 10; 11; 12; 13; 14; 15; 16; }
+        }
+        action gline;
+        ban-time 24h;
+        reason "Proxy/Drone detectado. Consulte https://dronebl.org/lookup?ip=$ip para más detalles.";
+}
+
+/* EFnetRBL, consulte https://rbl.efnetrbl.org/ para obtener documentación
+ * y el significado de los tipos de respuesta.
+ * Al momento de escribir este artículo: 1 es proxy abierto, 4 es TOR, 5 es drones/flooding.
+ *
+ * NOTA: Si desea permitir proxies TOR en su servidor, entonces
+ * necesita eliminar el '4;' a continuación en la sección de respuesta.
+ */
+
+blacklist efnetrbl {
+        dns {
+                name rbl.efnetrbl.org;
+                type record;
+                reply { 1; 4; 5; }
+        }
+        action gline;
+        ban-time 24h;
+        reason "Proxy/Drone detectado. Consulte https://rbl.efnetrbl.org/?i=$ip para más detalles.";
+}
+
+/* Puede incluir otros archivos de configuración */
+/* include "klines.conf"; */
+
+/* Configuración de la red */
+set {
+	network-name 		"EjemploNET";
+	default-server 		"irc.ejemplo.org";
+	services-server 	"services.ejemplo.org";
+	stats-server 		"stats.ejemplo.org";
+	help-channel 		"#Ayuda";
+	hiddenhost-prefix	"Clk";
+	prefix-quit 		"Quit";
+
+	/* Las claves de ocultación deben ser las mismas en todos los servidores de la red.
+     * Se utilizan para generar hosts enmascarados y deben mantenerse en secreto.
+     * Las claves deben ser 3 cadenas aleatorias de 50-100 caracteres
+     * y debe constar de minúsculas (a-z), mayúsculas (A-Z) y dígitos (0-9).
+     * SUGERENCIA: en * NIX, puede ejecutar './unrealircd gencloak' en su shell/Vps para 
+     * que UnrealIRCd genere 3 cadenas aleatorias para ti.
+     */
+	cloak-keys {
+		"aoAr1HnR6gl3sJ7hVz4Zb7x4YwpW";
+		"uno más";
+		"y otro más";
+	}
+}
+
+/* Configuración específica del servidor */
+
+set {
+	kline-address "setea.un.correo.electrónico"; /* Correo electrónico o URL que se muestra cuando un usuario está baneado */
+	modes-on-connect "+ixw"; /* cuando los usuarios se conectan, obtendrán estos modos de usuario */
+	modes-on-oper "+xws"; /* cuando alguien se convierte en IRCOp obtendrá estos modos */
+	modes-on-join "+nt"; /* modos de canal predeterminados cuando se crea un nuevo canal */
+	oper-auto-join "#opers"; /* Las IRCOps se unen automáticamente a este canal. */
+	options {
+		hide-ulines; /* ocultar las líneas U en /MAP and /LINKS */
+		show-connect-info; /* muestra "looking up your hostname" cuando conectas */
+	}
+
+	maxchannelsperuser 10; /* Número máximo de canales que un usuario puede /JOIN */
+
+	/* El tiempo mínimo que un usuario debe estar conectado antes de que se le permita
+     * usar un mensaje QUIT. Con suerte, esto ayudará a detener el spam.
+     */
+	anti-spam-quit-message-time 10s;
+
+	/* O simplemente setea un quit estático, significa que cualquier /QUIT es ignorado */
+	/* static-quit "Client quit";	*/
+
+	/* static-part hace lo mismo para /PART */
+	/* static-part yes; */
+
+	/* Protección contra flood:
+     * Hay muchas configuraciones para esto y la mayoría tienen buenos valores predeterminados.
+     * Ver https://www.unrealircd.org/docs/Set_block#set::anti-flood
+     */
+	anti-flood {
+	}
+
+	/* Opciones de Filtro de texto */
+	spamfilter {
+		ban-time 1d; /* la duracion por defecto de un *LINE seteado por el filtro de texto */
+		ban-reason "Spam/Publicidad"; /* razón por defecto */
+		virus-help-channel "#ayuda"; /* canal de uso para 'viruschan' */
+		/* except "#ayuda"; inmunidad para el canal Ayuda del filtro de texto */
+	}
+
+	/* Restringir ciertos comandos.
+	 * Ver https://www.unrealircd.org/docs/Set_block#set::restrict-commands
+	 */
+	restrict-commands {
+		list {
+			connect-delay 60;
+			exempt-identified yes;
+			exempt-reputation-score 24;
+		}
+		invite {
+			connect-delay 120;
+			exempt-identified yes;
+			exempt-reputation-score 24;
+		}
+		/* Además de la capacidad de restringir cualquier comando,
+         * como se muestra arriba. También hay 4 tipos especiales
+         * que puede restringir. Estos son "private-message",
+         * "private-notice", "channel-message" y "channel-notice".
+         * Están comentados (desactivados) en este ejemplo:
+         */
+		//private-message {
+		//	connect-delay 10;
+		//}
+		//private-notice {
+		//	connect-delay 10;
+		//}
+	}
+}
+
+/*
+ * Lo siguiente configurará la limitación de la conexión de "unknown users".
+ *
+ * Cuando UnrealIRCd detecta una gran cantidad de usuarios que se conectan desde direcciones IP
+ * que no se han visto antes, se rechazan las conexiones de las nuevas IP
+ * por encima de la configuración establecida. Por ejemplo, 10:60 solo pueden conectarse 10 usuarios por minuto
+ * que no se hayan visto antes. Las direcciones IP conocidas siempre pueden ingresar,
+ * independientemente de la configuración establecida. Lo mismo para los usuarios que inician sesión con SASL.
+ *
+ * Consulte también https://www.unrealircd.org/docs/Connthrottle para obtener más detalles.
+ * O simplemente siga leyendo los ajustes de configuración predeterminados a continuación:
+ */
+
+set {
+	connthrottle {
+		/* Primero debemos configurar lo que llamamos "known users".
+         * De forma predeterminada, estos son usuarios en direcciones IP que tienen
+         * una puntuación de 24 o más. Una puntuación de 24 significa que
+         * La IP estuvo conectada a esta red durante al menos 2 horas
+         * en el último mes (o mínimo 1 hora si está registrado).
+         * La opción sasl-bypass es otra configuración. Significa
+         * que los usuarios que se autentican en los servicios a través de SASL
+         * también se consideran usuarios conocidos.
+         * Usuarios del grupo "known users" (ya sea por reputación
+         * o por SASL) siempre están permitidos por este módulo.
+         */
+		known-users {
+			minimum-reputation-score 24;
+			sasl-bypass yes;
+		}
+
+		/* Los nuevos usuarios son todos los usuarios que no pertenecen al
+         * grupo de usuarios conocidos. Se consideran "nuevos" y en
+         * caso de un gran número de nuevos usuarios que se conectan
+         * están sujetos a limitación de velocidad de conexión.
+         * Por defecto, la configuración es de 20 nuevos usuarios locales por minuto.
+         * y 30 nuevos usuarios globales por minuto.
+         */
+		new-users {
+			local-throttle 20:60;
+			global-throttle 30:60;
+		}
+
+		/* Esta configuración es para cuando este módulo NO este activo.
+         * La configuración predeterminada deshabilitará el módulo cuando:
+         * - El módulo de reputación se ha estado ejecutando durante menos de
+         *   una semana. Si se ejecuta menos de 1 semana, entonces hay
+         * Datos insuficientes para considerar quién es un "known users".
+         * - El servidor acaba de iniciarse (primeros 3 minutos).
+         */
+		disabled-when {
+			reputation-gathering 1w;
+			start-delay 3m;
+		}
+	}
+}
+
+/* Finalmente, es posible que desee tener un MOTD (Mensaje del día), esto puede ser
+ * hecho creando un archivo de texto 'ircd.motd' en su directorio conf /.
+ * Este archivo se mostrará a sus usuarios al conectarse.
+ * Para obtener más información, consulte https://www.unrealircd.org/docs/MOTD_and_Rules
+ */
+
+/*
+ * ¿Problemas o necesita más ayuda?
+ * 1) https://www.unrealircd.org/docs/Main_Page/es
+ * 2) https://www.unrealircd.org/docs/FAQ <- ¡responde el 80% de sus preguntas!
+ * 3) Si aún tiene problemas, puede obtener asistencia:
+ * - Foros: https://forums.unrealircd.org/
+ * - IRC: irc.unrealircd.org (SSL en el puerto 6697) / #unreal-support
+ * Tenga en cuenta que primero le pedimos que lea la documentación y las preguntas frecuentes.
+ */

doc/conf/examples/example.fr.conf

@@ -1,4 +1,4 @@
-/* Fichier de configuration pour UnrealIRCd 4.0
+/* Fichier de configuration pour UnrealIRCd 5
  *
  * Copiez ce fichier dans le répertoire conf/, renommez le
  * 'unrealircd.conf' et parcourez-le ligne par ligne (modifiez le !)
@@ -13,8 +13,8 @@
  * beaucoup :
  * https://www.unrealircd.org/docs/Configuration#Configuration_file_syntax
  *
- * Documentation pour UnrealIRCd 4 (très complète !) :
- * https://www.unrealircd.org/docs/UnrealIRCd_4_documentation/fr
+ * Documentation pour UnrealIRCd 5 (très complète !) :
+ * https://www.unrealircd.org/docs/UnrealIRCd_5_documentation/fr
  *
  * Foire Aux Questions :
  * https://www.unrealircd.org/docs/FAQ
@@ -49,7 +49,7 @@ include "modules.default.conf";
  */
 include "help/help.conf";
 include "badwords.conf";
-include "spamfilter.conf";
+//include "spamfilter.conf";
 include "operclass.default.conf";
 
 /* Le bloc me { } indique qui est le serveur.
@@ -59,10 +59,10 @@ include "operclass.default.conf";
  * (chaque serveur doit avoir un sid différent).
  */
 me {
-	name "irc.foonet.com";
-	info "Serveur FooNet";
+	name "irc.example.org";
+	info "Serveur ExampleNET";
 	sid "001";
-};
+}
 
 /* Le bloc admin { } définit ce que les utilisateurs verront en faisant
  * /ADMIN. C'est généralement des infos de contact de l'administrateur.
@@ -70,8 +70,8 @@ me {
 admin {
 	"Bob Smith";
 	"bob";
-	"adresse.email@foonet.com";
-};
+	"adresse.email@example.org";
+}
 
 /* Les clients et serveurs sont placés dans des classes, que nous
  * définissons dans ces blocs class { }.
@@ -92,7 +92,7 @@ class clients
 	maxclients 1000;
 	sendq 200k;
 	recvq 8000;
-};
+}
 
 /* Classe spéciale pour des IRCOps avec des limites plus hautes */
 class opers
@@ -101,7 +101,7 @@ class opers
 	maxclients 50;
 	sendq 1M;
 	recvq 8000;
-};
+}
 
 /* Classe pour des serveurs */
 class servers
@@ -110,7 +110,7 @@ class servers
 	connfreq 15; /* essayer de se connecter toutes les 15 sec */
 	maxclients 10; /* nombre max de serveurs */
 	sendq 5M;
-};
+}
 
 /* Les blocs allow définissent quels clients peuvent se connecter au
  * serveur. Ils vous permettent d'ajouter un mot de passe ou de restreindre
@@ -121,21 +121,21 @@ class servers
 
 /* Accepter tout le monde, mais seulement 5 connexions par IP */
 allow {
-	ip *@*;
+	mask *;
 	class clients;
 	maxperip 5;
-};
+}
 
 /* Exemple de bloc allow spécial pour une IP donnée :
  * Les utilisateurs sur cette IP doivent se connecter avec un mot de passe.
  * S'il est correct, alors autoriser 20 connexions sur cette IP.
  */
 allow {
-	ip *@192.0.2.1;
+	mask 192.0.2.1;
 	class clients;
 	password "unmotdepassesecret";
 	maxperip 20;
-};
+}
 
 /* Les blocs oper définissent vos Opérateurs IRC.
  * Les Opérateurs IRC sont des utilisateurs avec des "droits en plus"
@@ -160,8 +160,8 @@ oper bobsmith {
 	 */
 	operclass netadmin;
 	swhois "est un Administrateur du Réseau";
-	vhost netadmin.mynet.org;
-};
+	vhost netadmin.example.org;
+}
 
 /* Les blocs listen définissent les ports sur lesquels le serveur écoute.
  * C'est-à-dire les ports que les clients et les serveurs utilisent pour
@@ -174,29 +174,29 @@ oper bobsmith {
  *   port <numéro de port>;
  *   options {
  *     <options....>;
- *   };
- * };
+ *   }
+ * }
  */
 
 /* Port standard pour IRC 6667 */
 listen {
 	ip *;
 	port 6667;
-};
+}
 
 /* Port standard pour IRC sur SSL/TLS 6697 */
 listen {
 	ip *;
 	port 6697;
-	options { ssl; };
-};
+	options { tls; }
+}
 
 /* Port SSL/TLS spécial pour la connexion entre serveurs */
 listen {
 	ip *;
 	port 6900;
-	options { ssl; serversonly; };
-};
+	options { tls; serversonly; }
+}
 
 /* NOTE : Si vous utilisez un serveur IRC avec plusieurs IP et que vous
  *        utilisez les blocs listen ci-dessus, vous aurez peut-être une
@@ -212,23 +212,23 @@ listen {
  * pour former un réseau IRC.
  * Voir https://www.unrealircd.org/docs/Tutorial:_Linking_servers
  */
-link hub.mynet.org
+link hub.example.org
 {
 	incoming {
 		mask *@something;
-	};
+	}
 
 	outgoing {
 		bind-ip *; /* ou une IP précise */
-		hostname hub.mynet.org;
+		hostname hub.example.org;
 		port 6900;
-		options { ssl; };
-	};
+		options { tls; }
+	}
 
 	password "00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF"; /* Empreinte SSL de l'autre serveur */
 
 	class servers;
-};
+}
 
 /* Les U-lines donnent encore plus de pouvoir à certains serveurs.
  * Si vous utilisez des Services, vous devez les indiquer ici.
@@ -237,8 +237,8 @@ link hub.mynet.org
  *   https://www.unrealircd.org/docs/Services )
  */
 ulines {
-	services.mynet.org;
-};
+	services.example.org;
+}
 
 /* Ici vous pouvez indiquer un mot de passe pour les commandes /DIE et
  * /RESTART, qui sont restreintes aux IRCops.
@@ -248,7 +248,7 @@ ulines {
 drpass {
 	restart "restart";
 	die "die";
-};
+}
 
 /* Le bloc log indique ce qui doit être journalisé et dans quel fichier.
  * Voir aussi https://www.unrealircd.org/docs/Log_block
@@ -267,8 +267,8 @@ log "ircd.log" {
 		oper-override;
 		tkl;
 		spamfilter;
-	};
-};
+	}
+}
 
 /* Avec des "alias", vous pouvez créer un alias comme /UNTRUC pour envoyer
  * un message à un utilisateur ou à un bot. Ils sont souvent utilisés pour
@@ -286,7 +286,7 @@ include "aliases/anope.conf";
 ban nick {
 	mask "*C*h*a*n*S*e*r*v*";
 	reason "Réservé aux Services";
-};
+}
 
 /* Bannir une IP.
  * NB : vous pouvez aussi utiliser /KLINE, /GLINE et /ZLINE pour ça.
@@ -294,7 +294,7 @@ ban nick {
 ban ip {
 	mask 195.86.232.81;
 	reason "Je vous hais !";
-};
+}
 
 /* Bannir un serveur - si ce serveur est connecté au réseau, nous nous
  * déconnecterons
@@ -302,7 +302,7 @@ ban ip {
 ban server {
 	mask eris.berkeley.edu;
 	reason "Va-t-en d'ici.";
-};
+}
 
 /* Bannir un utilisateur - juste pour l'exemple, on utilise normalement
  * /KLINE or /GLINE pour ça
@@ -310,18 +310,18 @@ ban server {
 ban user {
 	mask *tirc@*.saturn.bbn.com;
 	reason "Idiot";
-};
+}
 
 /* Bannir un realname (ou 'gecos') */
 ban realname {
 	mask "Swat Team";
 	reason "mIRKFORCE";
-};
+}
 
 ban realname {
 	mask "sub7server";
 	reason "sub7";
-};
+}
 
 /* Exceptions de ban et TKL. Vous permet d'exempter des utilisateurs des 
  * KLINE, GLINE, etc ...
@@ -335,13 +335,13 @@ ban realname {
 except ban {
 	mask *@192.0.2.1;
 	// vous pouvez ajouter d'autres lignes mask à la suite
-};
+}
 
-/* except tkl avec le type 'all' vous protège des GLINE, GZLINE, QLINE, SHUN */
-except tkl {
+/* except ban avec le type 'all' vous protège des GLINE, GZLINE, QLINE, SHUN */
+except ban {
 	mask *@192.0.2.1;
 	type all;
-};
+}
 
 /* Avec un bloc deny dcc vous pouvez interdire des noms de fichiers dans
  * les échanges DCC
@@ -349,14 +349,14 @@ except tkl {
 deny dcc {
 	filename "*sub7*";
 	reason "Possible virus Sub7";
-};
+}
 
 /* deny channel vous permet d'interdire des masques de noms de salons */
 deny channel {
 	channel "*warez*";
 	reason "Le warez est illegal";
 	class "clients";
-};
+}
 
 /* Les VHosts (Virtual Hosts - Hôtes Virtuels) permettent aux utilisateurs
  * d'avoir un nom d'hôte différent.
@@ -372,17 +372,17 @@ vhost {
 	mask *@unrealircd.com;
 	login "test";
 	password "test";
-};
+}
 
 /* Vous pouvez inclure d'autres fichiers de configuration */
 /* include "klines.conf"; */
 
 /* Configuration du réseau */
 set {
-	network-name        "MYNet";
-	default-server      "irc.mynet.org";
-	services-server     "services.mynet.org";
-	stats-server        "stats.mynet.org";
+	network-name        "ExampleNET";
+	default-server      "irc.example.org";
+	services-server     "services.example.org";
+	stats-server        "stats.example.org";
 	help-channel        "#Help";
 	hiddenhost-prefix   "Clk";
 	prefix-quit         "Quit";
@@ -400,20 +400,20 @@ set {
 		"aoAr1HnR6gl3sJ7hVz4Zb7x4YwpW";
 		"et une autre";
 		"et une troisième";
-	};
-};
+	}
+}
 
 /* Configuration spécifique au serveur */
 
 set {
 	kline-address "indiquez.une.adresse.email"; /* e-mail ou URL indiquée lorsqu'un utilisateur est banni */
 	modes-on-connect "+ixw"; /* modes utilisateur ajoutés lorsqu'un utilisateur se connecte */
-	modes-on-oper    "+xwgs"; /* modes utilisateur ajoutés lorsqu'un utilisateur devient IRCOp */
+	modes-on-oper    "+xws"; /* modes utilisateur ajoutés lorsqu'un utilisateur devient IRCOp */
 	oper-auto-join "#opers"; /* salon que les IRCOps joignent automatiquement */
 	options {
 		hide-ulines; /* cacher les U-lines de /MAP et /LINKS */
 		show-connect-info; /* afficher les messages "looking up your hostname" à la connexion */
-	};
+	}
 
 	maxchannelsperuser 10; /* nombre max de salons par utilisateur */
 
@@ -430,17 +430,11 @@ set {
 	/* static-part fait la même chose pour /PART */
 	/* static-part yes; */
 
-	/* Quelles /STATS sont restreintes aux Opérateurs. Nous vous
-	 * conseillons de laisser '*' (toutes)
+	/* Protections anti-flood.
+	 * Voir: https://www.unrealircd.org/docs/Set_block#set::anti-flood
 	 */
-	oper-only-stats "*";
-
-	/* Protections anti-flood */
 	anti-flood {
-		nick-flood 3:60;    /* 3 changements de nick par 60 secondes */
-		connect-flood 3:60; /* 3 tentatives de connexions par 60 seconds */
-		away-flood 4:120;   /* 4 utilisation de /AWAY par 2 minutes */
-	};
+	}
 
 	/* Paramètres de Spamfilter */
 	spamfilter {
@@ -448,8 +442,8 @@ set {
 		ban-reason "Spam/Publicité"; /* raison par defaut */
 		virus-help-channel "#help"; /* salon par défaut pour l'action 'viruschan' */
 		/* except "#help"; salon à exempter de Spamfilter */
-	};
-};
+	}
+}
 
 /*
  * Un problème ou besoin d'aide supplémentaire ?

doc/conf/examples/example.tr.conf

@@ -1,4 +1,4 @@
-/* UnrealIRCd 4.0 için yapılandırma dosyası
+/* UnrealIRCd 5 için yapılandırma dosyası
  * Türkçe Çeviri: Diablo - (Serkan Sepetçi)
  * İletişim: irc.trirc.com:6667 - diablo@unrealircd.org
  *
@@ -14,8 +14,8 @@
  * bu size bilgi edinmeniz açısından yardımcı olacaktır:
  * https://www.unrealircd.org/docs/Configuration#Configuration_file_syntax
  *
- * UnrealIRCd 4 belgeleme (çok geniş!):
- * https://www.unrealircd.org/docs/UnrealIRCd_4_documentation
+ * UnrealIRCd 5 belgeleme (çok geniş!):
+ * https://www.unrealircd.org/docs/UnrealIRCd_5_documentation
  *
  * Sıkça Sorulan Sorular:
  * https://www.unrealircd.org/docs/FAQ
@@ -49,7 +49,7 @@ include "modules.default.conf";
  */
 include "help/help.conf";
 include "badwords.conf";
-include "spamfilter.conf";
+//include "spamfilter.conf";
 include "operclass.default.conf";
 
 /* me { } bloğu genelde kim olduğumuzu belirtir.
@@ -59,10 +59,10 @@ include "operclass.default.conf";
  * kendi sid olmalıdır).
  */
 me {
-	name "irc.foonet.com";
-	info "FooNet Server";
+	name "irc.example.org";
+	info "ExampleNET Server";
 	sid "001";
-};
+}
 
 /* admin { } bloğu /ADMIN sorgusunda kullanıcılara görüntülenecek metni belirler.
  * Normalde yöneticiye ulaşma konusunda bilgi içerir.
@@ -70,8 +70,8 @@ me {
 admin {
 	"Bob Smith";
 	"bob";
-	"widely@used.name";
-};
+	"email@example.org";
+}
 
 /* Kullanıcılar ve sunucular için class { } bloğu belirtilir.
  * Class blokları aşağıdaki işlemlerden oluşur:
@@ -88,7 +88,7 @@ class clients
 	maxclients 1000;
 	sendq 200k;
 	recvq 8000;
-};
+}
 
 /* IRCOp'lar için varsaylan yüksek limitli özel class ayarları */
 class opers
@@ -97,7 +97,7 @@ class opers
 	maxclients 50;
 	sendq 1M;
 	recvq 8000;
-};
+}
 
 /* Sunucular için varsayılan class ayarları */
 class servers
@@ -106,7 +106,7 @@ class servers
 	connfreq 15; /* Her 15 saniyede bir bağlanmayı dener */
 	maxclients 10; /* maksimum kullanıcı */
 	sendq 5M;
-};
+}
 
 /* Allow blockları sunucunuza kimlerin bağlanabileceğini belirtir.
  * Bir sunucu şifresi eklenebilir veya belirlitilen bir IP adresi için
@@ -117,21 +117,21 @@ class servers
 
 /* IP başına sadece 5 bağlantı izini verir */
 allow {
-	ip *@*;
+	mask *;
 	class clients;
 	maxperip 3;
-};
+}
 
 /* Örnek olarak özel bir IP bloğu izini:
  * Bu IP bir şifre ile bağlantı yapması olduğunu gerektirir.
  * Şifre doğru ise o zaman bu IP 20 bağlantıya izin verecektir.
  */
 allow {
-	ip *@192.0.2.1;
+	mask 192.0.2.1;
 	class clients;
 	password "somesecretpasswd";
 	maxperip 20;
-};
+}
 
 /* Oper bloğu, IRC Operatorleri tanımlar.
  * IRC Operatörler, diğer kullanıcılara göre "ekstra haklara" sahip kullanıcılardır.
@@ -159,8 +159,8 @@ oper bobsmith {
 	 */
 	operclass netadmin;
 	swhois "is a Network Administrator";
-	vhost netadmin.mynet.org;
-};
+	vhost netadmin.example.org;
+}
 
 /* Listen blokları sunucu portu için gereken bağlantı noktalarını tanımlar.
  * Diğer bir deyişle: Bu portlar kullanıcılar ve serverlar için
@@ -173,29 +173,29 @@ oper bobsmith {
  *   port <port numarası>;
  *   options {
  *     <seçenekler....>;
- *   };
- * };
+ *   }
+ * }
  */
 
 /* Standard IRC port 6667 */
 listen {
 	ip *;
 	port 6667;
-};
+}
 
 /* Standard IRC SSL/TLS port 6697 */
 listen {
 	ip *;
 	port 6697;
-	options { ssl; };
-};
+	options { tls; }
+}
 
 /* Özel SSL/TLS sadece sunucuları bağlamak için port */
 listen {
 	ip *;
 	port 6900;
-	options { ssl; serversonly; };
-};
+	options { tls; serversonly; }
+}
 
 /* DiKKAT: Eğer bir çok IP barındıran bir IRCd Shell kullanıyorsanız
  *       logunuzda olası 'Address already in use' hatasını alacaksınız
@@ -209,50 +209,49 @@ listen {
  * Link blockları bir ağ oluşturmak için birden fazla sunucu bağlamaya izin verir.
  * Görmek için: https://www.unrealircd.org/docs/Tutorial:_Linking_servers
  */
-link hub.mynet.org
+link hub.example.org
 {
 	incoming {
 		mask *@something;
-	};
+	}
 
 	outgoing {
 		bind-ip *; /* veya açıkça bir IP */
-		hostname hub.mynet.org;
+		hostname hub.example.org;
 		port 6900;
-		options { ssl; };
-	};
+		options { tls; }
+	}
 
 	/* Kimlik doğrulaması için diğer sunucunun SPKI parmak izini kullanıyoruz.
 	 * Kullanmamız için diğer tarafda './unrealircd spkifp' uygulayıp çalıştırıyoruz.
-	 * NOT: UnrealIRCd 4.0.16 veya üzeri versiyonları gerektirir.
 	 */
-	password "AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUV=" { spkifp; };
+	password "AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUV=" { spkifp; }
 
 	class servers;
-};
+}
 
 /* Servis'ler için bağlantı bloğu genellikle çok daha basittir.
  * Servis'lerin ne olduğu hakkında daha fazla bilgi için,
  * https://www.unrealircd.org/docs/Services
  */
-link services.mynet.org
+link services.example.org
 {
 	incoming {
 		mask 127.0.0.1;
-	};
+	}
 
 	password "changemeplease";
 
 	class servers;
-};
+}
 
 /* U-lines satırları sunuculara daha güç/komut kazandırır.
  * Eğer hizmetlerini kullanmak istiyorsanız onları buraya eklemeniz gerekir.
  * ASLA buraya (normal) UnrealIRCd sunucunun adını yazmayınız!!!
  */
 ulines {
-	services.mynet.org;
-};
+	services.example.org;
+}
 
 /* Bu blok /DIE ve /RESTART için şifre tanımlamanızı sağlar. Sadece IRCOp'lar içindir.
  * Bu genelde kazara sunucuyu yeniden başlatma ve kapanmasına karşı biraz
@@ -261,7 +260,7 @@ ulines {
 drpass {
 	restart "restart";
 	die "die";
-};
+}
 
 /* Bu log bloğu hangi dosyaya ve nelerin olması gerektiğini tanımlar.
  * Görmeniz için: https://www.unrealircd.org/docs/Log_block
@@ -280,8 +279,8 @@ log "ircd.log" {
 		oper-override;
 		tkl;
 		spamfilter;
-	};
-};
+	}
+}
 
 /* Bazı kullanıcılara veya botlara bir mesaj göndermek için "aliases"
  * takma ad oluşturmanızı sağlar. Genellikle servisler için kullanılır.
@@ -295,7 +294,7 @@ include "aliases/anope.conf";
 ban nick {
 	mask "*C*h*a*n*S*e*r*v*";
 	reason "Servisler için ayrılmış";
-};
+}
 
 /* Ban ip.
  * Normalde bunun için /KLINE, /GLINE ve /ZLINE kullanıldığını unutmayınız.
@@ -303,19 +302,19 @@ ban nick {
 ban ip {
 	mask 195.86.232.81;
 	reason "Senden nefret ediyorum";
-};
+}
 
 /* Ban server - bir sunucunun bağlanmasını devredışı kılar */
 ban server {
 	mask eris.berkeley.edu;
 	reason "Defol git buradan.";
-};
+}
 
 /* Ban user - normalde /KLINE veya /GLINE kullanıldığını unutmayınız */
 ban user {
 	mask *tirc@*.saturn.bbn.com;
 	reason "Salak";
-};
+}
 
 /* Ban realname bloğu bir kullanıcıyı, GECOS kısmı esas alınarak 
  * banlamanıza olanak sağlar.
@@ -323,12 +322,12 @@ ban user {
 ban realname {
 	mask "Swat Team";
 	reason "mIRKFORCE";
-};
+}
 
 ban realname {
 	mask "sub7server";
 	reason "sub7";
-};
+}
 
 /* Ban ve TKL istisnaları. Kullanıcıları / makineleri gözetmeksizin
  * KLINE, GLINE, gibi banlardan muaf tutmanıza olanak sağlar.
@@ -341,26 +340,26 @@ ban realname {
 except ban {
 	mask *@192.0.2.1;
 	// burada daha fazla mask girdileri ekleyebilirsiniz..
-};
+}
 
-/* except tkl bloğu, sizi 'tüm' GLINE, GZLINE, QLINE, SHUN gibi banlardan koruyacaktır */
-except tkl {
+/* except ban bloğu, sizi 'tüm' GLINE, GZLINE, QLINE, SHUN gibi banlardan koruyacaktır */
+except ban {
 	mask *@192.0.2.1;
 	type all;
-};
+}
 
 /* Deny dcc bloğu, sunucu üzerinden DCC yoluyla dosya gönderilmesine izin vermeyecektir */
 deny dcc {
 	filename "*sub7*";
 	reason "Olası Sub7 Virüsü";
-};
+}
 
 /* Deny channel bloğu, kullanıcıların belirtilen kanallara girmesini engeller */
 deny channel {
 	channel "*warez*";
 	reason "Warez is illegal";
 	class "clients";
-};
+}
 
 /* VHosts (Virtual Hosts) bloğu, kullanıcının yeni bir host alabilmesine olanak sağlar.
  * Görmeniz için; https://www.unrealircd.org/docs/Vhost_block
@@ -375,17 +374,62 @@ vhost {
 	mask *@unrealircd.com;
 	login "test";
 	password "test";
-};
+}
+
+/* Blacklist blokları, bir kullanıcı bağlandığında IP adresinin drone saldırılarına
+ * neden olduğunu, bilinen bir saldırıya uğramış bir makine olup olmadığını görmek
+ * için harici bir DNS Kara Liste hizmetinden sorgulayacaktır.
+ * Belgeleme: https://www.unrealircd.org/docs/Blacklist_block
+ * veya aşağıdaki bloklar satırına bakınız.
+ */
+
+/* DroneBL, muhtemelen IRC Sunucuları tarafından kullanılan en popüler kara liste.
+ * Belgeler ve cevap (reply) tiplerin anlamlarını görmek için https://dronebl.org/
+ * adresine bakınız. Bu zamanda aşağıdaki cevap (reply) tiplerini kullanıyoruz:
+ * 3: IRC Drone, 5: Bottler, 6: Unknown spambot or drone,
+ * 7: DDoS Drone, 8: SOCKS Proxy, 9: HTTP Proxy, 10: ProxyChain,
+ * 11: Web Page Proxy, 12: Open DNS Resolver, 13: Brute force attackers,
+ * 14: Open Wingate Proxy, 15: Compromised router / gateway,
+ * 16: Autorooting worms.
+ */
+blacklist dronebl {
+        dns {
+                name dnsbl.dronebl.org;
+                type record;
+                reply { 3; 5; 6; 7; 8; 9; 10; 11; 12; 13; 14; 15; 16; }
+        }
+        action gline;
+        ban-time 24h;
+        reason "Proxy/Drone belirlendi. Ayrıntılar için https://dronebl.org/lookup?ip=$ip adresine bakınız.";
+}
+
+/* EFnetRBL, belgeler ve cevap (reply) tiplerini görmek için https://rbl.efnetrbl.org/
+ * adresine bakınız.
+ * Yazma sırasında: 1 is open proxy, 4 is TOR, 5 is drones/flooding.
+ *
+ * NOT: Sunucunuzda TOR proxy'lerine izin vermek istiyorsanız,
+ *       cevap (reply) tiplerinden '4;' öğesini kaldırmanız gerekiyor.
+ */
+blacklist efnetrbl {
+        dns {
+                name rbl.efnetrbl.org;
+                type record;
+                reply { 1; 4; 5; }
+        }
+        action gline;
+        ban-time 24h;
+        reason "Proxy/Drone/TOR belirlendi.  Ayrıntılar için https://rbl.efnetrbl.org/?i=$ip adresine bakınız.";
+}
 
 /* Diğer yapılandırma dosyalarını dahil edebilirsiniz */
 /* include "klines.conf"; */
 
 /* Ağ yapılandırması */
 set {
-	network-name 		"MYNet";
-	default-server 		"irc.mynet.org";
-	services-server 	"services.mynet.org";
-	stats-server 		"stats.mynet.org";
+	network-name 		"ExampleNET";
+	default-server 		"irc.example.org";
+	services-server 	"services.example.org";
+	stats-server 		"stats.example.org";
 	help-channel 		"#Help";
 	hiddenhost-prefix	"Clk";
 	prefix-quit 		"Quit";
@@ -401,20 +445,20 @@ set {
 		"aoAr1HnR6gl3sJ7hVz4Zb7x4YwpW";
 		"ve diğeri";
 		"ve diğeri";
-	};
-};
+	}
+}
 
 /* Sunucunun kendine özgü yapılandırması */
 
 set {
 	kline-address "set.this.to.email.address"; /* bir kullanıcı banlandığında e-mail yada URL satırı gösterir */
 	modes-on-connect "+ixw"; /* kullanıcılar bağlandığında, bu modları alacaktır */
-	modes-on-oper	 "+xwgs"; /* Birisi IRC Operatör olduğunda bu modları alacaktır */
+	modes-on-oper	 "+xws"; /* Birisi IRC Operatör olduğunda bu modları alacaktır */
 	oper-auto-join "#opers"; /* IRCoplar bu kanala otomatik olarak giriş yapacaktır */
 	options {
 		hide-ulines; /* U-lines satırları /MAP ve /LINKS komutunda gözükmez */
 		show-connect-info; /* sunucuya bağlanırken "looking up your hostname" mesajı görüntülenecektir */
-	};
+	}
 
 	maxchannelsperuser 10; /* bir kullanıcının maksimum girebileceği kanal sayısı */
 
@@ -429,15 +473,11 @@ set {
 	/* static-part /PART komutu ile aynı işi görür */
 	/* static-part yes; */
 
-	/* /STATS komutunu operler için kısıtlar. Önerilen * (TÜMÜ) */
-	oper-only-stats "*";
-
-	/* Anti flood Koruması */
+	/* Anti flood Koruması
+	 * Görmeniz için: https://www.unrealircd.org/docs/Set_block#set::anti-flood
+	 */
 	anti-flood {
-		nick-flood 3:60;	/* Her 60 saniyede 3 nick değişikliği (varsayılan) */
-		connect-flood 3:60;     /* Her 60 saniyede 3 bağlantı girişi izni (varsayılan) */
-		away-flood 4:120;	/* Her 2 dakikada 4 kez /AWAY kullanımı izni (varsayılan) */
-	};
+	}
 
 	/* Spam filter Ayarları */
 	spamfilter {
@@ -445,8 +485,8 @@ set {
 		ban-reason "Spam/Advertising"; /* varsayılan sebep */
 		virus-help-channel "#help"; /* 'viruschan' eylemi için kullanılacak kanal */
 		/* except "#help"; Spamfilter'den muaf tutulacak kanal */
-	};
-};
+	}
+}
 /* Son olarak, bir MOTD (Günün Mesajı) oluşturabilirsiniz, bu
  * conf/ dizininde 'ircd.motd' metin dosyası oluşturarak yapabilirsiniz.
  * Bu dosyanın içeriği bağlantı kuran kullanıcılara gösterilecektir.

doc/conf/help/help.de.conf

@@ -1,4 +1,4 @@
-/* UnrealIRCd 4.0 Help Configuration
+/* UnrealIRCd 5 Help Configuration
  * Based on the original help text written by hAtbLaDe
  * Revised by CC (07/2002) and many others
  *
@@ -28,7 +28,7 @@ help {
 	" /HELPOP OFLAGS   - liefert eine Liste aller O:Line Flags";
 	" -";
 	" ==-------------------------oOo--------------------------==";
-};
+}
 
 help Usercmds {
 	" Zur Zeit sind folgende User-Befehle verfügbar.";
@@ -48,7 +48,7 @@ help Usercmds {
 	" KICK            NICK            TIME";
 	" KNOCK           NOTICE          TOPIC";
 	" ==-------------------------oOo-------------------------==";
-};
+}
 
 help Opercmds {
 	" Dieser Abschnitt führt alle Befehle auf, die nur";
@@ -69,7 +69,7 @@ help Opercmds {
 	" DCCDENY         MKPASSWD        SDESC           ZLINE";
 	" DIE             MODULE          SETHOST";
 	" ==-------------------------oOo-------------------------==";
-};
+}
 
 help Svscmds {
 	" Dieser Abschnitt gibt alle Befehle aus die nur";
@@ -85,7 +85,7 @@ help Svscmds {
       " SVSFLINE        SVSMOTD         SVSO        SWHOIS";
       " SVSJOIN         SVSNICK         SVSPART     UNSQLINE";
 	" ==-------------------------oOo-------------------------==";
-};
+}
 
 help Umodes {
 	" Hier eine Liste aller User Modi, die benutzt werden können.";
@@ -120,7 +120,7 @@ help Umodes {
 	" V = Markiert den Client als einen WebTV-User";
 	" W = User erhält eine NOTICE, wenn und von wem er /WHOISed wird (nur für IRCOPS)";
 	" ==---------------------------oOo---------------------------==";
-};
+}
 
 help Snomasks {
 	" Snomask seht für 'Service NOtice MASK'. Hiermit wird (hauptsächlich)";
@@ -150,7 +150,7 @@ help Snomasks {
 	" S = Sieht Spamfilter Treffer";
 	" v = Sieht wenn sich jemand für einen VHOST einloggt.";
 	" ==-------------------------oOo------------------------==";
-};
+}
 
 help Chmodes {
 	" Hier sind alle verfügbaren ChannelModes aufgelistet die man mit /MODE setzen kann.";
@@ -197,7 +197,7 @@ help Chmodes {
 	" [h] erfordert mindestens HalfOp Staus, [o] erfordert mindestens Op Staus,";
 	" [q] erfordert Owner Status";
 	" ==------------------------------oOo----------------------------==";
-};
+}
 
 help ExtBans {
 	" Erweiterte Banntypen: ";
@@ -228,7 +228,7 @@ help ExtBans {
 	"         |               | Dieser Bann würde auch auf 'Stupid bot script v1.4'.    ";
       "         |               | passen.                                                 ";
 	" ==------------------------------------------------------------------------------==";
-};
+}
 
 help Chmodef {
 	" Der +f Channel Mode ermöglicht eienn umfangreichen Flood Schutz für einen";
@@ -254,7 +254,7 @@ help Chmodef {
 	" -";
 	" Wird eine aktion für einen Modus gewählt, kann eine Zeit (in Minuten)";
 	" angegeben werden, nach der die gewählte aktion aufgehoben wird.";
-};
+}
 
 
 help Oflags {
@@ -292,7 +292,7 @@ help Oflags {
 	" X (can_addline)      Kann /ADDLINE ausführen";
 	" d (can_dccdeny)      Kann /DCCDENY ausführen";
 	" ==----------------------oOo--------------------==";
-};
+}
 
 
 help Nick {
@@ -302,7 +302,7 @@ help Nick {
 	" -";
 	" Syntax:  NICK <neuer Nickname>";
 	" Beispiel: NICK hAtbLaDe";
-};
+}
 
 help Whois {
 	" Zeigt Informationen über den angegebenen User";
@@ -323,7 +323,7 @@ help Whois {
 	" + - User ist Voiced (+v)";
 	" ! - User hat Channels, die für whois verborgen sind (+p) und man selbst ist IRCOp";
 	" ? - Der Channel ist geheim (+s) und man selbst ist IRCOp";
-};
+}
 
 help Who {
 	" Liefert Informationen über User";
@@ -367,7 +367,7 @@ help Who {
 	" + - User ist Voiced (+v)";
 	" ! - User ist +H und man selbst ein IRC Operator";
 	" ? - User ist nur sichtbar, weil man selbst IRC Operator ist";
-};
+}
 
 help Whowas {
 	" Liefert Informationen über User, die nicht mehr zum";
@@ -376,7 +376,7 @@ help Whowas {
 	" Syntax:  WHOWAS <nickname>";
 	"  WHOWAS <nickname> <max number of replies>";
 	" Beispiel: WHOWAS hAtbLaDe";
-};
+}
 
 help Cycle {
 	" Der/die angegebene(n) Channel(s)werden verlassen und";
@@ -386,7 +386,7 @@ help Cycle {
 	" Syntax:  CYCLE <chan1>,<chan2>,<chan3>";
 	" Example: CYCLE #help";
 	" Example: CYCLE #main,#chat";
-};
+}
 
 help Dns {
 	" Liefert Informationen über den DNS Cache des IRC Servers.";
@@ -397,14 +397,14 @@ help Dns {
 	" 'DNS i' liefert Details über die Nameserver Konfiguration";
 	" -";
 	"Syntax: DNS [option]";
-};
+}
 
 help Names {
 	" Liefert eine Liste aller User im angegeben Channel.";
 	" -";
 	"Syntax:  NAMES <channel>";
 	"Beispiel: NAMES #Support";
-};
+}
 
 help Ison { 
 	" Überprüfung, ob bestimmte User mit angegebenem Nicknamen";
@@ -412,7 +412,7 @@ help Ison {
 	" -";
 	" Syntax:  ISON <user> <user2> <user3> <user4>";
 	" Beispiel: ISON hAtbLaDe Stskeeps OperServ AOLBot";
-};
+}
 
 help Join { 
 	" Wird verwendet, um einen oder mehrere Channels auf einem";
@@ -427,7 +427,7 @@ help Join {
 	" Beispiel: JOIN #Support";
 	"          JOIN #Lobby,#IRCd";
 	"          JOIN #IRCd,#Support,#main letmein,somepass,anotherpass";
-};
+}
 
 help Part {
 	" Befehl, um einen Channel zu verlassen, in dem man sich momentan";
@@ -438,7 +438,7 @@ help Part {
 	" Syntax:  PART <chan>,<chan2>,<chan3>,<chan4> <reason>";
 	" Beispiel: PART #Support";
 	"          PART #Lobby,#IRCd See ya later!";
-};
+}
 
 help Motd {
 	" Zeigt die Message Of The Day des IRC Servers an, auf dem man ";
@@ -447,21 +447,21 @@ help Motd {
 	" -";
 	" Syntax: MOTD";
 	"         MOTD <server>";
-};
+}
 
 help Rules {
 	" Zeigt die Regeln des Netzwerkes an, mit dem man verbunden ist.";
 	" -";
 	" Syntax: RULES";
 	"         RULES <server>";
-};
+}
 
 help Lusers {
 	" Liefert Informationen über die Anzahl lokaler und ";
 	" globaler User und die maximal erreichte Userzahl..";
 	" -";
 	" Syntax: LUSERS [server]";
-};
+}
 
 help Map {
 	" Zeigt eine pseude-grafische Netzwerks Karte an, aus der die";
@@ -469,7 +469,7 @@ help Map {
 	" zu Routing Zwecken benötigt.";
 	" -";
 	" Syntax: MAP";
-};
+}
 
 help Quit {
 	" Beendet die Verbindung zum IRC Server. Die verbleibenden User in";
@@ -478,7 +478,7 @@ help Quit {
 	" -";
 	" Syntax:  QUIT <reason>";
 	" Beispiel: QUIT Leaving!";
-};
+}
 
 help Ping {
 	" Der Ping Befehl dient dazu, die Anwesenheit eines Users oder Servers";
@@ -490,10 +490,10 @@ help Ping {
 	" Zu beachten ist, dass dies unterschiedlich zum  CTCP PING Befehl ist.";
 	" -";
 	" Syntax:   PING <server> <server2>";
-	" Beispiel: PING irc.fyremoon.net";
+	" Beispiel: PING irc.example.org";
 	"           PING hAtbLaDe";
 	"           PING hAtbLaDe irc2.dynam.ac";
-};
+}
 
 help Pong {
 	" Die PONG Nachricht ist die Antwort auf die PING Nachricht.  Wird der";
@@ -502,16 +502,16 @@ help Pong {
 	" Nachricht geantwortet hat und diese Nachricht erzeugt hat.";
 	" -";
 	" Syntax:  PONG <server> <server2>";
-	" Beispiel: PONG irc.fyremoon.net irc2.dynam.ac";
-	"          (PONG Nachricht von irc.fyremoon.net to irc2.dynam.ac)";
-};
+	" Beispiel: PONG irc.example.org irc2.dynam.ac";
+	"          (PONG Nachricht von irc.example.org to irc2.dynam.ac)";
+}
 
 help Version {
 	" Liefert versions Informationen über den benutzten IRCd.";
 	" -";
 	" Syntax: VERSION";
 	"         VERSION <server>";
-};
+}
 
 help Stats {
 	" Liefert verschiedene statistische Informationen über den Server.";
@@ -521,21 +521,21 @@ help Stats {
 	" -";
 	" Gibt man nur /stats ohne Parameter ein, erhält man eine Liste der";
 	" möglichen Flags.";
-};
+}
 
 help Links {
 	" Listet sämtliche Server auf, die momentan zum Netzwerk verbunden";
 	" sind. Nur IRCops können gelinkte U-lined Servers /Services) sehen.";
 	" -";
 	" Syntax: LINKS";
-};
+}
 
 help Admin {
 	" Liefert Informationen über die Administration des Servers.";
 	" -";
 	" Syntax: ADMIN";
 	"         ADMIN <server>";
-};
+}
 
 help Userhost {
 	" Zeigt den userhost des angegebenen Nicknamen an. Wird ";
@@ -543,7 +543,7 @@ help Userhost {
 	" -";
 	" Syntax:  USERHOST <nickname>";
 	" Beispiel: USERHOST hAtbLaDe";
-};
+}
 
 help Userip {
 	" Liefert die IP des Users zurück, nach dem gefragt wurde.";
@@ -551,7 +551,7 @@ help Userip {
 	" -";
 	" Syntax: USERIP <nickname>";
 	" Beispiel: USERIP codemastr";
-};
+}
 
 help Topic {
 	" Setzt oder ändert das Topic des angegebenen Channels";
@@ -561,7 +561,7 @@ help Topic {
 	"           TOPIC <channel> <topic> (Ändert Topic)";
 	" Beispiel: TOPIC #Operhelp";
 	"           TOPIC #Lobby Welcome to #Lobby!!";
-};
+}
 
 help Invite {
 	" Sendet einem User eine Einladung, einen bestimmten Channel zu betreten.";
@@ -572,7 +572,7 @@ help Invite {
 	" Syntax:   INVITE <user> <channel>";
 	" Beispiel: INVITE hAtbLaDe #Support";
 	" Beispiel: INVITE";
-};
+}
 
 help Kick {
 	" Entfernt einen User aus einem Channel. Kann nur von Operators oder ";
@@ -582,7 +582,7 @@ help Kick {
 	" Syntax:  KICK <channel>[,<channel2>..] <user>[,<user2>..] <reason>";
 	" Beispiel: KICK #Lobby foobar Lamer..";
 	"          KICK #Lobby,#OperHelp Lamer23,Luser12 Lamers!";
-};
+}
 
 help Away {
 	" Stellt den eigenen  Online Status auf \"Away\" ein.";
@@ -590,7 +590,7 @@ help Away {
 	" Syntax:  AWAY <Grund> (Setzt eigenen Nick auf Away und zeigt angegebenen Grund an)";
 	"          AWAY (Hebt den Away Status auf)";
 	" Beispiel: AWAY Essenszeit!";
-};
+}
 
 help Watch {
 	" Watch ist ein Benachrichtigungssystem welches schneller und ressourcenschonender";
@@ -604,7 +604,7 @@ help Watch {
 	" Syntax: WATCH +nick1 +nick2 +nick3 (Fügt Nickname hinzu)";
 	"         WATCH -nick (Löscht Nickname)";
 	"         WATCH (Zeigt die Watch Liste an)";
-};
+}
 
 help List {
 	" Liefert eine vollständige Liste sämtlicher Channels im Netzwerk.";
@@ -621,7 +621,7 @@ help List {
 	" !*mask*  Zeigt Channels an, die NICHT zur Maske *mask* passen";
 	" -";
 	" Sämtliche Flags können statt einer Standard Maske verwendet werden.";
-};
+}
 
 help Privmsg {
       " Eröffnet eine private Unterhaltung, ein sogenanntes 'Query'";
@@ -638,7 +638,7 @@ help Privmsg {
 	" Beispiel: PRIVMSG hAtbLaDe :Hello";
 	"           PRIVMSG hAtbLaDe,Somefella,Lamer :Hallo allerseits!";
 	"           PRIVMSG @#hottub Am Samstag haben wir Team Besprechung.";
-};
+}
 
 help Notice {
 	" Sendet Nachrichten an bestimmte Empfänger, die nur von diesen gelesen";
@@ -656,7 +656,7 @@ help Notice {
 	" Beispiel: NOTICE hAtbLaDe :Hello";
 	"           NOTICE hAtbLaDe,Somefella,Lamer :Hallo Leute!";
 	"           NOTICE @#hottub Achtet mal auf diesen Lamer.";
-};
+}
 
 help Knock {
 	" In Channels, die auf invite only eingestellt sind, kann man";
@@ -664,14 +664,14 @@ help Knock {
 	" -";
 	" Syntax:  KNOCK <channel> <message>";
 	" Beispiel: KNOCK #secret_chan Ich bin Op hier, holt mich mal rein!";
-};
+}
 
 help Setname {
 	" Ermöglicht es, dass User ihren \"Real name\" (GECOS) direkt online";
 	" im IRC, ohne neu zu connecten, ändern können.";
 	" -";
 	" Syntax: SETNAME <New Real Name>";
-};
+}
 
 help Vhost {
 	" Verbirgt den realen Hostnamen durch Überschreiben mit einem virtuellen,";
@@ -680,7 +680,7 @@ help Vhost {
 	" -";
 	" Synatx:  VHOST <login> <password>";
 	" Beispiel: VHOST openbsd ilovecypto";
-};
+}
 
 help Mode {
 	" Setzt einen Modus für einen Channel oder einen User. Eine Liste der";
@@ -689,34 +689,34 @@ help Mode {
 	" Syntax:  MODE <channel/user> <mode>";
 	" Beispiel: MODE #Support +tn";
 	"           MODE #Support +ootn hAtbLaDe XYZ";
-};
+}
 
 help Credits {
 	" Zeigt eine Liste aller, die an der Entwicklung von UnrealIRCd mitgewirkt haben.";
 	" -";
 	" Syntax: CREDITS";
 	"         CREDITS <server>";
-};
+}
 
 help Dalinfo {
 	" Diser Befehl liefert historische Danksagungen (von ircu, etc..)";
 	" -";
 	" Syntax: DALINFO";
 	" Syntax: DALINFO <server>";
-};
+}
 
 help License {
 	" Dieser Befehl zeigt die Lizenzinformationen für UnrealIRCd an.";
 	" Syntax: LICENSE";
 	"         LICENSE <server>";
-};
+}
 
 help Time {
 	" Zeigt das aktuelle Datum und die Zeit des Servers an.";
 	" -";
 	" Syntax : TIME";
 	"          TIME <server>";
-};
+}
 
 help Silence {
 	" Nachrichten von einem User oder einer Liste von Usern werden ignoriert.";
@@ -724,7 +724,7 @@ help Silence {
 	" Syntax: SILENCE +nickname (Schreibt einen Nicknamen in die SILENCE Liste)";
 	"         SILENCE -nickname (Löscht einen Nicknamen aus der SILENCE Liste)";
 	"         SILENCE           (Zeigt die aktuelle SILENCE Liste an)";
-};
+}
 
 help Oper {
 	" Bewirkt, dass ein User den IRC Operator Status erhält.";
@@ -734,7 +734,7 @@ help Oper {
 	" Achtung: Sowohl uid als auch Passwort sind case sensitive ";
 	"          (Groß- und Kleinschreibung beachten!)";
 	" Beispiel: OPER hAtbLaDe foobar234";
-};
+}
 
 help Wallops {
 	" Sendet eine \"Nachricht\" an alle, die den Usermodus +w haben.";
@@ -742,7 +742,7 @@ help Wallops {
 	" können sie lesen.";
 	" -";
 	" Syntax: WALLOPS <nachricht>";
-};
+}
 
 help Globops {
 	" Sendet eine globale \"Nachricht\" an alle IRCops. Die Nachricht";
@@ -751,7 +751,7 @@ help Globops {
 	" -";
 	" Syntax:  GLOBOPS <message>";
 	" Beispiel: GLOBOPS Lets get em clones ..";
-};
+}
 
 help Locops {
 	" Ähnlich, wie GLOBOPS, allerdings empfangen nur IRCops,";
@@ -759,28 +759,28 @@ help Locops {
 	" -";
 	" Syntax:  LOCOPS <message>";
 	" Beispiel: LOCOPS Gib dem User mal ne k:line ...";
-};
+}
 
 help Chatops {
 	" Sendet eine Nachricht an alle IrcOps (global).";
 	" -";
 	" Syntax:  CHATOPS <message>";
 	" Example: CHATOPS Gonna k:line that user ...";
-};
+}
 
 help Adchat {
 	" Sendet eine Nachricht an alle Admins, die online sind.";
 	" -";
 	" Syntax:  ADCHAT <text>";
 	" Beispiel: ADCHAT Hey guys! I'm finally here.";
-};
+}
 
 help Nachat {
 	" Sendet eine Nachricht an alle NetAdmins, die online sind.";
 	" -";
 	" Syntax:  NACHAT <text>";
 	" Beispiel: NACHAT Hey guys! How is everything?";
-};
+}
 
 help Kill {
 	" Dieser Befehl entfernt User vom Server (anders als KICK";
@@ -790,7 +790,7 @@ help Kill {
 	" -";
 	" Syntax:  KILL <user1>, <user2>, <user3>,... <reason>";
 	" Beispiel: KILL Jack16 Werbung für Dialer hier nicht erlaubt";
-};
+}
 
 help Kline {
 	" Dieser Befehl erzeugt zeitabhängige K:Line bezogen auf eine"; 
@@ -806,7 +806,7 @@ help Kline {
 	" Beispiel: KLINE *@*.aol.com Abuse (setzt eine permanente K:line)";
 	"          KLINE *@*.someisp.com 2d Abuse (setzt eine K:line für 2 Tage)";
 	"          KLINE -*@*.aol.com";
-};
+}
 
 help Zline {
 	" Dieser Befehl erzeugt zeitabhängige Z:Line bezogen auf eine"; 
@@ -824,7 +824,7 @@ help Zline {
 	"          ZLINE -*@127.0.0.1";
 	" Anmerkung: Gibt man bei zline statt einer IP einen Host an, so wirkt sie wie eine kline.";
 	" ACHTUNG: Der IrcOp benötigt hierfür das can_gkline oper Flag";
-};
+}
 
 help Gline {
 	" Dieser Befehl erzeugt zeitabhängige G:Line bezogen auf eine"; 
@@ -842,7 +842,7 @@ help Gline {
 	"          GLINE *@*.idiot.net 1d5h :Spammers (Setzt eine 29 std G:line)";
 	"          GLINE -*@*.idiot.net";
 	" ACHTUNG: Der IrcOp benötigt hierfür das can_gkline oper Flag";
-};
+}
 
 help Shun {
 	" Verhindert, dass der User IRGENDEINEN Befehl ausführen kann, ausser";
@@ -860,7 +860,7 @@ help Shun {
 	"  (Shunt foobar@aol.com für 10 Minuten wegen Spamming)";
 	"          SHUN +foobar@aol.com 1d6h :Spamming (Bewirkt einen 30 stündigen SHUN)";
 	" ACHTUNG: Der IrcOp benötigt hierfür das can_gkline oper Flag";
-};
+}
 
 help Gzline {
 	" Dieser Befehl erzeugt zeitabhängige globale Z:Line. Wer eine IP Adresse";
@@ -877,7 +877,7 @@ help Gzline {
 	"          GZLINE *@4.16.200.* 1d5h Spammers (Setzt eine 29 std Globale Z:line)";
 	"          GZLINE -*@4.16.200.* ";
 	" Anmerkung: Gibt man bei gzline statt einer IP einen Host an, so wirkt sie wie eine gline.";
-};
+}
 
 help Akill {
 	" Setzt einen Autokill für die angegebene Host Maske. Das verhindert, ";
@@ -887,14 +887,14 @@ help Akill {
 	" -";
 	" Syntax:  AKILL <user@host> :<Grund>";
 	" Beispiel: AKILL foo@aol.com :Spammers!";
-};
+}
 
 help Rakill {
 	" Löscht einen durch Service Administrator gesetzten AKILL.";
 	" DIESER BEFEHL IST NUR SERVERN ERLAUBT";
 	" -";
 	" Syntax: RAKILL <user@host>";
-};
+}
 
 help Rehash {
 	" Veranlasst den Server, seine Konfigurationsdatei neu einzulesen.";
@@ -922,7 +922,7 @@ help Rehash {
       " zur regelmäßigen automatischen Wiederverfügbarmachung von nicht mehr";
       " benötigtem Speicherplatz, indem nicht mehr erreichbare Objekte im";
       " Speicher automatisch freigegeben werden.";
-};
+}
 
 help Restart {
 	" Killt den IRC Prozess und startet ihn neu. Dabei werden alle momentan";
@@ -932,7 +932,7 @@ help Restart {
 	" Syntax: RESTART";
 	"         RESTART <password>";
 	"         RESTART <password> <reason>";
-};
+}
 
 help Die {
 	" Beendet den IRC Prozess. Dabei werden alle momentan zum Server";
@@ -941,17 +941,17 @@ help Die {
 	" -";
 	" Syntax: DIE";
 	"         DIE <password>";
-};
+}
 
 help Lag {
 	" Dieser Befehl ist ähnlich einem Traceroute für IRC Server.";
-	" Man gibt beispielsweise /LAG irc.fyremoon.net ein und es";
+	" Man gibt beispielsweise /LAG irc.example.org ein und es";
 	" erfolgen Antworten von jedem Server über den der Befehl geleitet wird";
 	" mit Zeit u.s.w.";
 	" Hilfreich, um nachzuschauen, wo ein Lag ist.";
 	" -";
 	" Syntax: LAG <server>";
-};
+}
 
 help Sethost {
 	" Mit diesem Befehl kann man den Virtual host (Vhost) in jeden gewünschten";
@@ -960,7 +960,7 @@ help Sethost {
 	" -";
 	" Syntax:  SETHOST <new hostname>";
 	" Beispiel: SETHOST hier.kommt.der.chef";
-};
+}
 
 help Setident {
 	" Mit diesem Befehl kann man den Ident (Username) ändern.";
@@ -968,7 +968,7 @@ help Setident {
 	" -";
 	" Syntax:  SETIDENT <new ident>";
 	" Beispiel: SETIDENT l33t";
-};
+}
 
 help Chghost {
 	" Mit diesem Befehl kann man den Host eines Users, der aktuell";
@@ -977,7 +977,7 @@ help Chghost {
 	" -";
 	" Syntax:  CHGHOST <nick> <host>";
 	" Beispiel: CHGHOST hAtbLaDe root.me.com";
-};
+}
 
 help Chgident {
 	" Ändert den Ident eines Users im IRC Netzwerk.";
@@ -985,7 +985,7 @@ help Chgident {
 	" -";
 	" Syntax:  CHGIDENT <nick> <ident>";
 	" Beispiel: CHGIDENT hAtbLaDe sheep";
-};
+}
 
 help Chgname {
 	" Ändert den \"IRC Name\" (oder \"Real Name\") eines Users im IRC Netzwerk.";
@@ -993,7 +993,7 @@ help Chgname {
 	" -";
 	" Syntax:  CHGNAME <nick> <name>";
 	" Beispiel: CHGNAME hAtbLaDe Gotta new name :)";
-};
+}
 
 help Squit {
 	" Trennt einen IRC Server vom Netzwerk.";
@@ -1002,7 +1002,7 @@ help Squit {
 	" -";
 	" Syntax:  SQUIT <server>";
 	" Beispiel: SQUIT leaf.*";
-};
+}
 
 help Connect {
 	" Linkt einen anderen IRC Server zu dem, auf dem der Befehl gegeben wird.";
@@ -1013,7 +1013,7 @@ help Connect {
 	"          CONNECT <hub> <port> <leaf>";
 	" Beispiel: CONNECT leaf.*";
 	"          CONNECT hub.* 6667 leaf.*";
-};
+}
 
 help Dccdeny {
 	" Legt ein DCC Verbot für diese Dateimaske fest. Das bedeutet, dass alle";
@@ -1021,7 +1021,7 @@ help Dccdeny {
 	" Befehl nur für IrcOps.";
 	" -";
 	" Syntax: DCCDENY <filename mask> <reason>";
-};
+}
 
 help Undccdeny {
 	" Wird EXAKT die angegeben Datei gefunden, wird sie gelöscht, andernfalls";
@@ -1029,7 +1029,7 @@ help Undccdeny {
 	" Befehl nur für IrcOps.";
 	" -";
 	" Syntax: UNDCCDENY <filename mask>";
-};
+}
 
 help Sajoin {
 	" Zwingt einen User, einen Channel zu joinen.";
@@ -1038,7 +1038,7 @@ help Sajoin {
 	" Syntax:  SAJOIN <nick> <channel>,[<channel2>..]";
 	" Beispiel: SAJOIN hAtbLaDe #OperHelp";
 	"          SAJOIN hAtbLaDe #Support,#IRCHelp";
-};
+}
 
 help Sapart {
 	" Zwingt einen User, einen Channel zu verlassen.";
@@ -1047,7 +1047,7 @@ help Sapart {
 	" Syntax:  SAPART <nick> <channel>,[<channel2>..]";
 	" Beispiel: SAPART hAtbLaDe #OperHelp";
 	"          SAPART hAtbLaDe #Support,#IRCHelp";
-};
+}
 
 help Samode {
 	" Erlaubt es einem Services Administrator die Modi eines Channels zu ändern,";
@@ -1056,7 +1056,7 @@ help Samode {
 	" -";
 	" Syntax:  SAMODE <channel> <mode>";
 	" Beispiel: SAMODE #Support +m";
-};
+}
 
 help Trace {
 	" Man kann TRACE auf Server und User anwenden.";
@@ -1067,15 +1067,15 @@ help Trace {
 	" Befehl nur für IrcOps.";
 	" -";
 	" Syntax:  TRACE <servername|nickname>";
-	" Beispiel: TRACE irc.fyremoon.net";
-};
+	" Beispiel: TRACE irc.example.org";
+}
 
 help Opermotd {
 	" Zeigt die Operator MOTD des IRCd an.";
 	" Befehl nur für IrcOps.";
 	" -";
 	" Syntax: OPERMOTD";
-};
+}
 
 help Sdesc {
 	" Mit diesem Befehl kann man die Infozeile des Servers ändern,";
@@ -1084,20 +1084,18 @@ help Sdesc {
 	" -";
 	" Syntax:  SDESC <New description>";
 	" Beispiel: SDESC Fly High, Fly Free";
-};
+}
 
 help Mkpasswd {
 	" Dieser Befehl verschlüsselt den übergebenen String und liefert einen 'hash' zurück.";
 	" Diesen 'hash' kann man für jegliche verschlüsselten Passworte in die conf Datei einbauen";
 	" wie z.B. bei oper::passwort, vhost::passwort etc.";
-	" Mögliche Typen (in der Reihenfolge ihrer Sicherheit) sind:";
-	"    *NIX: crypt, md5, sha1 [*], ripemd160 [*]";
-	" Windows: crypt [*], md5, sha1, ripemd160 [*]";
-	" [*: nur verfügbar, wenn mit SSL Unterstützung compiliert wurde]";
+	" Weitere Informationen und mögliche Typen:";
+	" https://www.unrealircd.org/docs/Authentication_types";
 	" -";
 	" Syntax:  MKPASSWD <method> <password>";
-	" Beispiel: MKPASSWD md5 IamTeh1337";
-};
+	" Beispiel: MKPASSWD argon2 IamTeh1337";
+}
 
 help Module {
 	" Dieser Befehl liefert eine Liste aller geladenen Module.";
@@ -1118,24 +1116,21 @@ help Module {
 	" [OLD?] Fehlende Modul Version, vergessen, ein altes Beta* Modul neu zu kompilieren?";
 	" Zusätzlich sieht man eine Liste, welche 'hooks' und Befehlüberschreitungen";
 	" vorhanden sind (die Nummer der 'hook's' kann in include/modules.h nachgesehen werden.";
-};
+}
 
 help Close {
 	" Dieser Befehl schliesst alle unbekannten Verbindungen zum IRC Server";
 	" IRC server.";
 	" -";
 	" Syntax:  CLOSE";
-};
+}
 
 help Tsctl {
-	" Dies ist ein erweiterter Befehl, um die interne IRC Uhrzeit anzupassen.";
+	" Uhrzeit aller Server anzeigen.";
 	" Befehl nur für IrcOps.";
 	" -";
-	" Syntax: TSCTL OFFSET +|- <time> (Stellt interne IRC Uhrzeit)";
-	"         TSCTL TIME (Erzeugt einen Zeitstatus Bericht)";
-	"         TSCTL ALLTIME (Zeigt den Zeitstatus aller Server)";
-	"         TSCTL SVSTIME <timestamp> (Stellt die Uhrzeit auf allen Servern ein)";
-};
+	" Syntax: TSCTL ALLTIME (Zeigt den Zeitstatus aller Server)";
+}
 
 help Svsnick {
 	" Ändert den Nicknamen des Users, der angegeben wird.";
@@ -1143,7 +1138,7 @@ help Svsnick {
 	" -";
 	" Syntax:  SVSNICK <nickname> <new nickname> <timestamp>";
 	" Beispiel: SVSNICK hAtbLaDe Foobar 963086432";
-};
+}
 
 help Svsmode {
 	" Ändert Modi des Users, der angegeben wird.";
@@ -1151,7 +1146,7 @@ help Svsmode {
 	" -";
 	" Syntax:  SVSMODE <nickname> <usermode>";
 	" Beispiel: SVSMODE hAtbLaDe +i";
-};
+}
 
 help Svskill {
 	" Disconnected einen User vom Netzwerk.";
@@ -1159,7 +1154,7 @@ help Svskill {
 	" -";
 	" Syntax:  SVSKILL <user> :<reason>";
 	" Beispiel: SVSKILL Lamer21 :Goodbye";
-};
+}
 
 help Svsnoop {
 	" Dieser Befehl aktiviert oder deaktiviert die Möglichkeit";
@@ -1168,7 +1163,7 @@ help Svsnoop {
 	" -";
 	" Syntax:  SVSNOOP <server> <+/->";
 	" Beispiel: SVSNOOP leaf.* -";
-};
+}
 
 help Svsjoin {
 	" Zwingt einen User, einen Channel zu joinen.";
@@ -1177,7 +1172,7 @@ help Svsjoin {
 	" Syntax:  SVSJOIN <nick> <channel>[,<channel2>..]";
 	" Beispiel: SVSJOIN hAtbLaDe #jail";
 	"          SVSJOIN hAtbLaDe #jail,#zoo";
-};
+}
 
 help Svspart {
 	" Zwingt einen User einen Channel zu verlassen.";
@@ -1187,7 +1182,7 @@ help Svspart {
 	" Beispiel: SVSPART hAtbLaDe #Hanson";
 	"          SVSPART hAtbLaDe #Hanson,#AOL";
 	"          SVSPART hAtbLaDe #Hanson,#AOL Und weg auch....";
-};
+}
 
 help Svso {
 	" Gibt dem Nick Operflags wie die in den O:lines.";
@@ -1197,7 +1192,7 @@ help Svso {
 	" Syntax:  SVSO <nick> <+operflags> (Setzt die Operflags)";
 	"          SVSO <nick> - (Löscht alle O:Line Flags)";
 	" Beispiel: SVSO SomeNick +bBkK";
-};
+}
 
 help Swhois {
 	" Ändert die WHOIS Meldung des Nicknamen.";
@@ -1206,7 +1201,7 @@ help Swhois {
 	" Syntax:  SWHOIS <nick> :<message> (Stellt SWHOIS ein)";
 	"          SWHOIS <nick> :  (Reset des SWHOIS)";
 	" Beispiel: SWHOIS SomeNick :is a lamer";
-};
+}
 
 help Sqline {
 	" Bannt den Nicknamen oder ähnliche Namen vom Server.";
@@ -1214,7 +1209,7 @@ help Sqline {
 	" -";
 	" Syntax:  SQLINE <nickmask> :<Reason>";
 	" Beispiel: SQLINE *Bot* :No bots";
-};
+}
 
 help Unsqline {
 	" Entfernt Bann auf Nickname oder Nickname Maske.";
@@ -1222,7 +1217,7 @@ help Unsqline {
 	" -";
 	" Synax:  UNSQLINE <nickmask>";
 	" Beispiel: UNSQLINE *Bot*";
-};
+}
 
 help Svs2mode {
 	" Ändert die Usermodi eines Nicknamens.";
@@ -1230,7 +1225,7 @@ help Svs2mode {
 	" -";
 	" Syntax:  :services.somenet.com SVS2MODE <nickname> +<mode>";
 	" Beispiel: :services.roxnet.org SVS2MODE hAtbLaDe +h";
-};
+}
 
 help Svsfline {
 	" Setzt gegebene Dateimaske auf DCCDENY";
@@ -1239,7 +1234,7 @@ help Svsfline {
 	" Syntax: :server SVSFLINE + file :grund (Fügt Dateinamen hinzu)";
 	"         :server SVSFLINE - file (löscht den Dateinamen)";
 	"         :server SVSFLINE *      (Löscht die DCCDENY Liste)";
-};
+}
 
 help Svsmotd {
 	"Ändert die Service Message Of The Day";
@@ -1248,7 +1243,7 @@ help Svsmotd {
 	"         SVSMOTD !         (Löscht die MOTD)";
 	"         SVSMOTD ! :<text> (Löscht Text und fügt neuen hinzu)";
 	"Beispiel: SVSMOTD # :Services MOTD";
-};
+}
 
 help Svsnline {
 	" Setzt einen globalen Bann auf den Realnamen.";
@@ -1261,7 +1256,7 @@ help Svsnline {
 	"          SVSNLINE - (um einen Bann zu löschen)";
 	"          SVSNLINE * (um alle Banns zu löschen)";
 	" Beispiel: SVSNLINE sub7_drone :*sub7*";
-};
+}
 
 help Svslusers {
 	" Ändert die globale und/oder lokale maximalen Userzahl";
@@ -1270,15 +1265,15 @@ help Svslusers {
 	" Muss durch einen U:Lined Server gesendet werden.";
 	" -";
 	" Syntax:  SVSLUSERS <server> <globalmax|-1> <localmax|-1>";
-	" Beispiel: SVSLUSERS irc.test.com -1 200";
-};
+	" Beispiel: SVSLUSERS irc.example.org -1 200";
+}
 
 help Svswatch {
 	" Ändert die WATCH Liste eines Users.";
 	" Muss durch einen U:Lined Server gesendet werden.";
 	" Syntax: SVSWATCH <nick> :<watch parameters>";
 	" Beispiel: SVSWATCH Blah :+Blih!*@* +Bluh!*@* +Bleh!*@*.com";
-};
+}
 
 help Svssilence {
 	" Ändert die SILENCE Liste eines Users.";
@@ -1287,7 +1282,7 @@ help Svssilence {
 	" zum Setzen/Löschen in einer Zeile stehen.";
 	" Syntax: SVSSILENCE <nick> :<silence parameters>";
 	" Beispiel: SILENCE Blah :+*!*@*.com +*!*@*.bla.co.uk";
-};
+}
 
 help Svssno {
 	" Ändert die snomask des angegebenen Users.";
@@ -1295,7 +1290,7 @@ help Svssno {
 	" -";
 	" Syntax:  SVSSNO <nickname> <snomasks>";
 	" Beispiel: SVSSNO joe +Gc";
-};
+}
 
 help Svs2sno {
 	" Ändert die snomask eines Nicknamen und zeigt dem";
@@ -1304,7 +1299,7 @@ help Svs2sno {
 	" -";
 	" Syntax:  SVS2SNO <nickname> <snomasks>";
 	" Beispiel: SVS2SNO joe +Gc";
-};
+}
 
 help Svsnolag {
       " Aktiviert ein 'kein fake lag' für einen User.";
@@ -1312,7 +1307,7 @@ help Svsnolag {
       " -";
       " Syntax:  SVSNOLAG [+|-] <nickname>";
       " Example: SVSNOLAG + joe";
-};
+}
   	 
 help Svs2nolag {
       " Aktiviert ein 'kein fake lag' für einen User.";
@@ -1320,7 +1315,7 @@ help Svs2nolag {
       " -";
       " Syntax:  SVS2NOLAG [+|-] <nickname>";
       " Example: SVS2NOLAG + joe";
-};
+}
 
 help Spamfilter {
 	" Diese Befehle setzten oder löschen globale Spam Filter.";
@@ -1337,14 +1332,14 @@ help Spamfilter {
 	"           'kline', 'gline', 'zline', 'gzline', 'block' (blockiert Nachricht),";
 	"           'dccblock' (kann keine DCC mehr senden), 'viruschan' (verlässt alle Channels";
 	"           und joint zwangsweise im Virus Help Channel), warn (Warnung für IrcOps).";
-	" [regex]   hier handelt es sich um den Ausdruck in der Nachricht, auf den hin Reaktionen";
-	"           erfolgen sollen.";
 	" [tkltime] die Zeitdauer, wie lange *LINEs, die durch [action] gesetzt wurden, gelten sollen";
 	"           (ein '-' angeben, um den Default aus set::spamfilter::ban-time zu verwenden,";
-      "           dieser Wert wird für 'block/tempshun' ignoriert).";
+	"           dieser Wert wird für 'block/tempshun' ignoriert).";
 	" [reason]  der Grund für die *LINE oder blocknachricht, DARF KEINE LEERZEICHEN ENTHALTEN,";
 	"           '_' wird in Leerzeichen übersetzt. Auch hier gilt, dass bei Angabe von '-' der";
 	"           Default (set::spamfilter::ban-reason) benutzt wird.";
+	" [regex]   hier handelt es sich um den Ausdruck in der Nachricht, auf den hin Reaktionen";
+	"           erfolgen sollen.";
 	" - ";
 	" Einige Beispiele (die möglicherweise länger als eine Zeile sind):";
 	" /spamfilter add p block - - Come watch me on my webcam";
@@ -1355,7 +1350,7 @@ help Spamfilter {
 	" /spamfilter add p kill - Please_go_to_www.viruscan.xx/nicepage/virus=blah Come watch me on my webcam";
 	" /spamfilter del p block - - Come watch me on my webcam*";
 	" /spamfilter add cN gzline 1d No_advertising_please come to irc\..+\..+";
-};
+}
 
 help Tempshun {
 	" Setzt oder löscht 'temoräre Shuns'.";
@@ -1366,25 +1361,25 @@ help Tempshun {
 	" Syntax:  TEMPSHUN [+|-]<nickname> [reason]";
 	" Example: TEMPSHUN evilguy vermutlich Infektion";
 	"          TEMPSHUN -niceguy";
-};
+}
 
 help DccAllow {
 	" Für Hilfe zum DCCALLOW System, gib ein: '/DCCALLOW HELP'";
 	/* It would be useless and bad to include it here since that
 	 * stuff quickly gets out-of-synch.
 	 */
-};
+}
 
 help Addmotd {
   	         " Fügt eine Zeile ans Ende der MOTD an.";
   	         " -";
   	         " Syntax:  ADDMOTD <text>";
   	         " Beispiel: ADDMOTD Spielt fair!";
-  	 };
+  	 }
   	 
   	 help Addomotd {
   	         " Fügt eine Zeile ans Ende der OPERMOTD an. ";
   	         " -";
   	         " Syntax:  ADDOMOTD <text>";
   	         " Beispiel: ADDOMOTD Abuse it and lose it!";
-  	 };
+  	 }

doc/conf/help/help.it.conf

@@ -1,4 +1,4 @@
-/* UnrealIRCd 4.0 Help Configuration
+/* UnrealIRCd 5 Help Configuration
  * Based on the original help text written by hAtbLaDe
  * Revised by CC (07/2002) and many others
  *
@@ -23,7 +23,7 @@ help {
 	" /HELPOP CHMODES  - Per la lista delle mode per i canali.";
 	" -";
 	" ==-------------------------oOo--------------------------==";
-};
+}
 
 /* note: indexes were generated by cat somecmds|sort|column -c 70
  *       along with tab->space conversion (tabwidth 8).
@@ -48,7 +48,7 @@ help Usercmds {
 	" KICK            NICK            TIME";
 	" KNOCK           NOTICE          TOPIC";
 	" ==-------------------------oOo-------------------------==";
-};
+}
 
 help Opercmds {
 	" In questa sezione trovi i comandi disponibili solamente agli Oper.";
@@ -68,7 +68,7 @@ help Opercmds {
 	" DCCDENY         MKPASSWD        SDESC           ZLINE";
 	" DIE             MODULE          SETHOST";
 	" ==-------------------------oOo-------------------------==";
-};
+}
 
 help Svscmds {
 	" In questa sezione sono elencati i comandi che possono essere";
@@ -85,7 +85,7 @@ help Svscmds {
 	" SVSFLINE        SVSMOTD         SVSO        SWHOIS";
 	" SVSJOIN         SVSNICK         SVSPART     UNSQLINE";
 	" ==-------------------------oOo-------------------------==";
-};
+}
 
 help Umodes {
 	" Questa è una lista di tutte le mode utente disponibili.";
@@ -112,7 +112,7 @@ help Umodes {
 	" T = Blocca la ricezione di CTCP.";
 	" W = Segnala quando qualcuno fa un /WHOIS su di te (disponibile solo allo Staff).";
 	" ==---------------------------oOo---------------------------==";
-};
+}
 
 help Snomasks {
 	" Snomask sta per 'Service NOtice MASK', principalmente controlla quali";
@@ -140,7 +140,7 @@ help Snomasks {
 	" S = Mostra blocchi dovuti allo Spamfilter.";
 	" v = Mostra l'utilizzo del comando /VHOST.";
 	" ==-------------------------oOo------------------------==";
-};
+}
 
 help Chmodes {
 	" Questa è una lista di tutte le mode canale disponibili.";
@@ -186,7 +186,7 @@ help Chmodes {
 	" Z = Indica che tutti gli utenti in canale stanno utilizzando una connessione sicura";
 	"     (Questa mode è modificabile solo dal server e solo se il canale è già +z).";
 	" ==------------------------------oOo----------------------------==";
-};
+}
 
 help ExtBans {
 	" Questi ban di permettono di bannare im naniera diversa dal tradizionale nick!user@host.";
@@ -213,11 +213,7 @@ help ExtBans {
 	" Questi tipi di ban introducono nuovi criteri per bannare un utente:";
 	" ==-Type--------Name---------------------------Explanation-----------------------==";
 	"         |               | Se un utente è identificato ai services con questo      ";
-	"         |               | account, rientrerà nel ban.                             ";
-	"         |               | Questo è leggermente differente da ~R perché un  ";
-	"    ~a   |   account     | utente con nick ABC potrebbe essere identificato con    ";
-	"         |               | l'account XYZ. Non tutti i services supportano questo   ";
-	"         |               | comando, in tal caso dovrai usare ~R.                   ";
+	"    ~a   |   account     | account, rientrerà nel ban.                             ";
 	"         |               | Esempio: +e ~a:Name                                     ";
 	"-----------------------------------------------------------------------------------";
 	"         |               | Se l'utente è nel canale specificato nel ban, non sarà  ";
@@ -239,14 +235,6 @@ help ExtBans {
 	"         |               | (' ') che il trattino basso ('_'), quindi rientrerebbe  ";
 	"         |               | in questo ban anche 'Stupid bot script'.                ";
 	"-----------------------------------------------------------------------------------";
-	"         |               | Se un utente è identificato ai services (solitamente    ";
-	"         |               | NickServ) e il suo nickname è quello indicato, rientrerà";
-	"         |               | nel ban. Ciò significa che questo ban è realmente utile ";
-	"    ~R   |   registered  | solo per le eccezioni (+e), ad esempio +e ~R:Nick.      ";
-	"         |               | Permetterà a <Nick> di stare in canale, a meno che non  ";
-	"         |               | ci siano altri ban ad impedirlo, se è identificato a    ";
-	"         |               | NickServ e sta usando il nickname <Nick>.               ";
-	"-----------------------------------------------------------------------------------";
 	"         |               | Quando un utente sta usando SSL/TLS con un certificato  ";
 	"         |               | client puoi far corrispondere all'utente la sua firma   ";
 	"    ~S   |    certfp     | digitale (che trovi con /WHOIS). Molto utile per le     ";
@@ -258,7 +246,7 @@ help ExtBans {
 	"ad esempio +b ~q:~c:#lamers impedirà di scrivere a tutti gli utenti che frequentano #lamers.";
 	"I ban del secondo gruppo possono essere usati anche per le eccezioni agli inviti (+I),";
 	"come +I ~c:#trusted e +I ~a:accountname.";
-};
+}
 
 help Chmodef {
 	" La mode di canale +f fornisce una protezione completa dal flood per il canale.";
@@ -283,7 +271,7 @@ help Chmodef {
 	" -";
 	" Se scegli di specificare un'azione per una mode, puoi anche specificare";
 	" un tempo (in minuti) dopo il quale quell'azione sarà annullata.";
-};
+}
 
 help Nick {
 	" Cambia la tua 'identità online' sul server.";
@@ -292,7 +280,7 @@ help Nick {
 	" -";
 	" Sintassi:  NICK <nuovonick>";
 	" Esempio: NICK Ugo";
-};
+}
 
 help Whois {
 	" Mostra tutte le informazioni possibili sull'utente in questione,";
@@ -312,7 +300,7 @@ help Whois {
 	" + - L'utente è voice nel canale (+v).";
 	" ! - L'utente ha nascosto i suoi canali nel whois (+p) e tu lo vedi perché sei un Oper.";
 	" ? - Il canale è segreto (+s) e tu lo vedi perché sei un Oper.";
-};
+}
 
 help Who {
 	" Fornisce informazioni sugli utenti.";
@@ -354,7 +342,7 @@ help Who {
 	" + - L'utente è voice del canale (+v).";
 	" ! - L'utente ha nascosto il suo stato di Oper, ma tu puoi vederlo perché sei Oper.";
 	" ? - L'utente è visibile solamente agli Oper.";
-};
+}
 
 help Whowas {
 	" Fornisce informazioni simili al whois (vedi /HELPOP WHOIS)";
@@ -363,7 +351,7 @@ help Whowas {
 	" Sintassi:  WHOWAS <nickname>";
 	"  WHOWAS <nickname> <numero massimo di risultati>";
 	" Esempio: WHOWAS Ugo";
-};
+}
 
 help Cycle {
 	" 'Cicla' dal canale indicato. Questo comando corrisponde";
@@ -372,7 +360,7 @@ help Cycle {
 	" Sintassi:  CYCLE <chan1>,<chan2>,<chan3>";
 	" Esempio: CYCLE #help";
 	" Esempio: CYCLE #main,#chat";
-};
+}
 
 help Dns {
 	" Restituisce informzioni relative alla cache DNS del server IRC.";
@@ -383,14 +371,14 @@ help Dns {
 	" 'DNS i' mostrerà informazioni dettagliate sulla configurazione dei nameservers";
 	" -";
 	" Sintassi: DNS [opzione]";
-};
+}
 
 help Names {
 	" Restituisce la lista degli utenti sul canale indicato.";
 	" -";
 	" Sintassi:  NAMES <canale>";
 	" Esempio: NAMES #irchelp";
-};
+}
 
 help Ison { 
 	" Usato per determinare se un dato utente è";
@@ -398,7 +386,7 @@ help Ison {
 	" -";
 	" Sintassi:  ISON <utente1> <utente2> <utente3>";
 	" Esempio: ISON hAtbLaDe Stskeeps AOLBot";
-};
+}
 
 help Join { 
 	" Usato per accedere ad uno o più canali sul server IRC.";
@@ -411,7 +399,7 @@ help Join {
 	" Esempio: JOIN #irchelp";
 	"          JOIN #Lobby,#IRCd";
 	"          JOIN #IRCd,#irchelp,#main letmein,somepass,anotherpass";
-};
+}
 
 help Part {
 	" Usato per uscire da uno o più canali del server IRC.";
@@ -421,34 +409,34 @@ help Part {
 	" Sintassi:  PART <canale1>,<canale2>,<canale3> <motivo>";
 	" Example: PART #irchelp";
 	"          PART #Lobby,#IRCd A più tardi!";
-};
+}
 
 help Motd {
 	" Mostra il 'Message Of The Day' del server IRC a cui sei connesso.";
 	" -";
 	" Sintassi: MOTD";
 	"         MOTD <server>";
-};
+}
 
 help Rules {
 	" Mostra il regolamento del server IRC a cui sei connesso.";
 	" -";
 	" Sintassi: RULES";
 	"         RULES <server>";
-};
+}
 
 help Lusers {
 	" Fornisce informazioni relative agli utenti locali e globali,";
 	" come numero di utenti massimo e attuale.";
 	" -";
 	" Sintassi: LUSERS [server]";
-};
+}
 
 help Map {
 	" Restituisce una 'Mappa' grafica della net IRC.";
 	" -";
 	" Sintassi: MAP";
-};
+}
 
 help Quit {
 	" Ti disconnette dal server IRC.";
@@ -457,7 +445,7 @@ help Quit {
 	" -";
 	" Sintassi:  QUIT <motivo>";
 	" Esempio: QUIT Sto uscendo!";
-};
+}
 
 help Ping {
 	" Questo comando è utilizzato per verificare la presenza di un client o un";
@@ -469,10 +457,10 @@ help Ping {
 	" Nota che questo comando è differente dal /CTCP PING.";
 	" -";
 	" Sintassi:  PING <server> <server2>";
-	" Esempio: PING irc.mynet.it";
+	" Esempio: PING irc.example.org";
 	"          PING Ugo";
-	"          PING Ugo irc.mynet.it";
-};
+	"          PING Ugo irc.example.org";
+}
 
 help Pong {
 	" Il PONG è una risposta ad un messaggio PING. Se il parametro <server2> è definito,";
@@ -481,16 +469,16 @@ help Pong {
 	" questo messaggio.";
 	" -";
 	" Sintassi:  PONG <server> <server2>";
-	" Esempio: PONG irc.mynet.it irc.othernet.it";
-	"          (corrisponde a un messaggio PONG da irc.mynet.it a irc.othernet.it)";
-};
+	" Esempio: PONG irc.example.org irc.othernet.it";
+	"          (corrisponde a un messaggio PONG da irc.example.org a irc.othernet.it)";
+}
 
 help Version {
 	" Fornisce informazioni relative alla versione del software IRCd in uso.";
 	" -";
 	" Sintassi: VERSION";
 	"         VERSION <server>";
-};
+}
 
 help Stats {
 	" Fornisce informazioni statistiche relative al server.";
@@ -499,21 +487,21 @@ help Stats {
 	" Esempio: STATS u";
 	" -";
 	" Digita /STATS senza parametri per un elenco delle flag disponibili.";
-};
+}
 
 help Links {
 	" Elenca tutti i server attualmente linkati nella net IRC.";
 	" Solo gli Oper possono vedere i server U:Lined";
 	" -";
 	" Sintassi: LINKS";
-};
+}
 
 help Admin {
 	" Fornisce informazioni relative agli amministratori del server.";
 	" -";
 	" Sintassi: ADMIN";
 	"         ADMIN <server>";
-};
+}
 
 help Userhost {
 	" Restituisce la mask user@host dell'utente indicato.";
@@ -521,7 +509,7 @@ help Userhost {
 	" -";
 	" Sintassi:  USERHOST <nickname>";
 	" Esempio: USERHOST Ugo";
-};
+}
 
 help Userip {
 	" Restituisce l'IP dell'utente indicato";
@@ -529,7 +517,7 @@ help Userip {
 	" -";
 	" Sintassi: USERIP <nickname>";
 	" Esempio: USERIP Ugo";
-};
+}
 
 help Topic {
 	" Imposta o cambia il topic del canale indicato.";
@@ -539,7 +527,7 @@ help Topic {
 	"          TOPIC <canale> <messaggio> (Cambia il topic attuale con <messaggio>)";
 	" Example: TOPIC #Operhelp";
 	"          TOPIC #Lobby Benvenuti su #Lobby!";
-};
+}
 
 help Invite {
 	" Manda all'utente indicato un invito per accedere ad un dato canale.";
@@ -551,7 +539,7 @@ help Invite {
 	" Sintassi:  INVITE <utente> <canale>";
 	" Esempio: INVITE Ugo #irchelp";
 	" Esempio: INVITE";
-};
+}
 
 help Kick {
 	" Espelle un utente da un canale. Può essere utilizzato solo da halfop e superiori.";
@@ -559,7 +547,7 @@ help Kick {
 	" -";
 	" Sintassi:  KICK <canale> <utente> [motivo]";
 	" Esempio: KICK #Lobby foobar Lamer";
-};
+}
 
 help Away {
 	" Imposta il tuo stato come 'Away' (non al computer).";
@@ -569,7 +557,7 @@ help Away {
 	" Sintassi:  AWAY <motivo> (Ti imposta away con la motivazione fornita)";
 	"          AWAY (Annulla il tuo stato di away)";
 	" Esempio: AWAY Ora di pranzo!";
-};
+}
 
 help Watch {
 	" 'Watch' è un sistema di notifica sul server più veloce e che utilizza";
@@ -583,7 +571,7 @@ help Watch {
 	" Sintassi: WATCH +nick1 +nick2 +nick3 (Aggiunge i nick indicati alla lista)";
 	"         WATCH -nick (Rimuove i nick indicati dalla lista)";
 	"         WATCH (Controlla quali utenti sono online)";
-};
+}
 
 help List {
 	" Fornisce un elenco completo di tutti i canali presenti sulla net IRC.";
@@ -600,7 +588,7 @@ help List {
 	" !*mask*  Elenca i canali che NON corrispondono al parametro indicato";
 	" -";
 	" Ciascuno di questi può essere usato al posto dei valori standard.";
-};
+}
 
 help Privmsg {
 	" Invia un messaggio ad un utente, canale o server.";
@@ -619,7 +607,7 @@ help Privmsg {
 	" /PRIVMSG $<mask> <testo>";
 	"  Invia un messaggio a tutti gli utenti sui server che corrispondono a <mask>. Solo per Oper.";
 	"  I client mostrano generalmente questo tipo di messaggi nella finestra di status.";
-	"  Esempio: /PRIVMSG $*.mynet.it Nelle prossime ore il server subirà un aggiornamento";
+	"  Esempio: /PRIVMSG $*.example.org Nelle prossime ore il server subirà un aggiornamento";
 	"  Nota che in molti casi è preferibile utilizzare i services (ad esempio /OS GLOBAL).";
 	" -";
 	" Sono supportati anche più destinatari, ad esempio /PRIVMSG <nick1>,<nick2>,<nick3>.";
@@ -627,7 +615,7 @@ help Privmsg {
 	" Nota: In alcuni vecchi client (ad esempio ircII) non puoi utilizzare /msg o /privmsg";
 	" per utilizzare le 'funzioni avanzate'. Dovrai invece usare";
 	" '/QUOTE PRIVMSG @#canale ciao' o un comando simile.";
-};
+}
 
 help Notice {
 	" Invia un notice ad un utente, canale o server.";
@@ -646,7 +634,7 @@ help Notice {
 	" /NOTICE $<mask> <testo>";
 	"  Invia un messaggio a tutti gli utenti sui server che corrispondono a <mask>. Solo per Oper.";
 	"  I client mostrano generalmente questo tipo di messaggi nella finestra di status.";
-	"  Esempio: /NOTICE $*.mynet.it Nelle prossime ore il server subirà un aggiornamento";
+	"  Esempio: /NOTICE $*.example.org Nelle prossime ore il server subirà un aggiornamento";
 	"  Nota che in molti casi è preferibile utilizzare i services (ad esempio /OS GLOBAL).";
 	" -";
 	" Sono supportati anche più destinatari, ad esempio /NOTICE <nick1>,<nick2>,<nick3>.";
@@ -654,7 +642,7 @@ help Notice {
 	" Nota: In alcuni vecchi client (ad esempio ircII) non puoi utilizzare /notice";
 	" per utilizzare le 'funzioni avanzate'. Dovrai invece usare";
 	" '/QUOTE NOTICE @#canale ciao' o un comando simile.";
-};
+}
 
 help Knock {
 	" Per i canali ad invito, puoi utilizzare questo comando per 'bussare'";
@@ -662,14 +650,14 @@ help Knock {
 	" -";
 	" Syntax:  KNOCK <canale> <messaggio>";
 	" Example: KNOCK #canale Fatemi entrare!";
-};
+}
 
 help Setname {
 	" Permette agli utenti di cambiare il loro 'Real name' (GECOS)";
 	" direttamente sul server IRC, senza riconnettersi.";
 	" -";
 	" Sintassi: SETNAME <Nuovo Realname>";
-};
+}
 
 help Vhost {
 	" Nasconde il tuo hostname reale con uno virtuale";
@@ -677,7 +665,7 @@ help Vhost {
 	" -";
 	" Sintassi:  VHOST <login> <password>";
 	" Esempio: VHOST mylogin mypassword";
-};
+}
 
 help Mode {
 	" Imposta una mode su un canale o un utente.";
@@ -686,7 +674,7 @@ help Mode {
 	" Sintassi:  MODE <canale/utente> <mode> <parametri>";
 	" Example: MODE #irchelp +tn";
 	"          MODE #irchelp +ootn hAtbLaDe XYZ";
-};
+}
 
 help Credits {
 	" Con questo comando verrà mostrata una lista di utenti";
@@ -694,27 +682,27 @@ help Credits {
 	" -";
 	" Sintassi: CREDITS";
 	"         CREDITS <server>";
-};
+}
 
 help Dalinfo {
 	" Questo comando mostrerà i crediti storici (da ircu, ecc.).";
 	" -";
 	" Sintassi: DALINFO";
 	" Sintassi: DALINFO <server>";
-};
+}
 
 help License {
 	" Questo comando mostra i dettagli relativi alla licenza con cui è rilasciato UnrealIRCd.";
 	" Sintassi: LICENSE";
 	"         LICENSE <server>";
-};
+}
 
 help Time {
 	" Mostra la data e l'ora corrente del server.";
 	" -";
 	" Sintassi : TIME";
 	"          TIME <server>";
-};
+}
 
 help Silence {
 	" Ignora i messaggi di un utente o di una lista di utenti a livello server.";
@@ -722,7 +710,7 @@ help Silence {
 	" Sintassi: SILENCE +nickname (Aggiunge un nick alla lista)";
 	"         SILENCE -nickname (Rimuove un nick dalla lista)";
 	"         SILENCE           (Elenca i nick attualmente in lista SILENCE)";
-};
+}
 
 help Oper {
 	" Utilizzato dagli utenti per ottenere i privilegi di Oper";
@@ -731,28 +719,28 @@ help Oper {
 	" Sintassi:  OPER <utente> <password>";
 	" Nota: sia <utente> che <password> sono case sensitive.";
 	" Esempio: OPER Ugo foobar234";
-};
+}
 
 help Wallops {
 	" Invia un particolare messaggio a tutti gli utenti con la mode +w impostata.";
 	" Solo gli Oper possono inviare wallops, mentre chiunque può visualizzarli.";
 	" -";
 	" Sintassi: WALLOPS <messaggio>";
-};
+}
 
 help Locops {
 	" Invia un messaggio a tutti gli Oper sullo stesso server di chi invia.";
 	" -";
 	" Sintassi:  LOCOPS <messaggio>";
 	" Esempio: LOCOPS Dobbiamo bannare quell'utente...";
-};
+}
 
 help Globops {
 	" Invia un messaggio a tutti gli Oper.";
 	" -";
 	" Sintassi:  GLOBOPS <messaggio>";
 	" Esempio: GLOBOPS Dobbiamo bannare quell'utente...";
-};
+}
 
 help Kill {
 	" Disconnette forzatamente un utente dal server IRC.";
@@ -760,7 +748,7 @@ help Kill {
 	" -";
 	" Sintassi:  KILL <nick1>,<nick2>,<nick3> <motivo>";
 	" Example: KILL Ugo Non sono ammessi cloni";
-};
+}
 
 help Kline {
 	" Questo comando aggiunge una kline a tempo.";
@@ -775,7 +763,7 @@ help Kline {
 	"          KLINE *@*.isp.com 2d Violazione del regolamento (aggiunge una kline di due giorni)";
 	"          KLINE Idiot 1d Utente non gradito";
 	"          KLINE -*@*.aol.com";
-};
+}
 
 help Zline {
 	" Questo comando aggiunge una zline a tempo.";
@@ -790,7 +778,7 @@ help Zline {
 	"          ZLINE *@1.2.3.4 2d Violazione del regolamento (aggiunge una kline di due giorni)";
 	"          ZLINE -*@1.2.3.4";
 	" Nota: questo comando richiede il permesso can_zline nel blocco oper";
-};
+}
 
 help Gline {
 	" Questo comando aggiunge una gline a tempo.";
@@ -806,7 +794,7 @@ help Gline {
 	"          GLINE Idiot 1d Violazione del regolamento";
 	"          GLINE -*@*.idiot.net";
 	" Nota: questo comando richiede il permesso can_gkline nel blocco oper";
-};
+}
 
 help Shun {
 	" Impedisce all'utente di eseguire ogni comando ad eccezione di /ADMIN";
@@ -824,7 +812,7 @@ help Shun {
 	"  ('shunna' foobar@aol.com per 10 minuti per Spam)";
 	"          SHUN +foobar@aol.com 1d6h :Spam (Aggiunge uno shun di 30 ore)";
 	" Nota: questo comando richiede il permesso can_gkline nel blocco oper";
-};
+}
 
 help Gzline {
 	" Questo comando aggiunge una zline globale a tempo.";
@@ -838,7 +826,7 @@ help Gzline {
 	" Esempio: GZLINE *@1.2.3.4 900 Spam (Aggiunge una gzline di 15 minuti)";
 	"          GZLINE *@1.2.3.4 1d5h Spam (Aggiunge una gzline di 29 ore)";
 	" Nota: questo comando richiede il permesso can_gzline nel blocco oper";
-};
+}
 
 help Rehash {
 	" Ricarica i file di configurazione del server.";
@@ -858,8 +846,8 @@ help Rehash {
 	"  -dns      - Inizializza e ricarica il risolutore DNS";
 	"  -garbage  - Forza la pulizia dei file inutili";
 	"  -motd     - Ricarica i file MOTD, BOTMOTD, OPERMOTD e RULES, inclusi quelli nei blocchi tld";
-	"  -ssl      - Ricarica i certificati SSL";
-};
+	"  -tls      - Ricarica i certificati SSL/TLS";
+}
 
 help Restart {
 	" Termina e riavvia il processo IRC, disconnettendo tutti gli utenti attualmente connessi.";
@@ -868,7 +856,7 @@ help Restart {
 	" Sintassi: RESTART";
 	"         RESTART <password>";
 	"         RESTART <password> <motivo>";
-};
+}
 
 help Die {
 	" Termina il processo IRC, disconnettendo tutti gli utenti attualmente connessi.";
@@ -876,16 +864,16 @@ help Die {
 	" -";
 	" Sintassi: DIE";
 	"         DIE <password>";
-};
+}
 
 help Lag {
 	" Questo comando è come un 'traceroute' per i server IRC.";
-	" Digitando /LAG irc.mynet-it otterrai una risposta con l'elenco";
+	" Digitando /LAG irc.example.org otterrai una risposta con l'elenco";
 	" di tutti i server dai quali è passata la richiesta.";
 	" Utile per identificare in quale punto si verifica il lag.";
 	" -";
 	" Sintassi: LAG <server>";
-};
+}
 
 help Sethost {
 	" Permette agli utenti di cambiare il proprio host con un virtualhost";
@@ -894,7 +882,7 @@ help Sethost {
 	" -";
 	" Sintassi:  SETHOST <nuovo-host>";
 	" Esempio: SETHOST il.mio.vhost";
-};
+}
 
 help Setident {
 	" Permette agli utenti di cambiare la propria ident.";
@@ -902,7 +890,7 @@ help Setident {
 	" -";
 	" Sintassi:  SETIDENT <nuova-ident>";
 	" Esempio: SETIDENT l33t";
-};
+}
 
 help Chghost {
 	" Cambia l'hostname di un utente attualmente connesso.";
@@ -910,7 +898,7 @@ help Chghost {
 	" -";
 	" Sintassi:  CHGHOST <nick> <nuovo-host>";
 	" Esempio: CHGHOST Ugo my.new.host";
-};
+}
 
 help Chgident {
 	" Cambia l'ident di un utente attualmente connesso.";
@@ -918,7 +906,7 @@ help Chgident {
 	" -";
 	" Sintassi:  CHGIDENT <nick> <nuova-ident>";
 	" Esempio: CHGIDENT Ugo user";
-};
+}
 
 help Chgname {
 	" Cambia il 'Realname' di un utente attualmente connesso.";
@@ -926,15 +914,15 @@ help Chgname {
 	" -";
 	" Sintassi:  CHGNAME <nick> <nuovo-realname>";
 	" Esempio: CHGNAME Ugo Il mio nuovo nome :)";
-};
+}
 
 help Squit {
 	" Disconnette un determinato server IRC dalla net.";
 	" Questa funzione è utilizzabile solo dagli Oper.";
 	" -";
 	" Sintassi:  SQUIT <server>";
-	" Esempio: SQUIT server2.mynet.it";
-};
+	" Esempio: SQUIT server2.example.org";
+}
 
 help Connect {
 	" Connette un determinato server IRC a quello attualmente utilizzato";
@@ -945,7 +933,7 @@ help Connect {
 	"          CONNECT <server1> <porta> <server2>";
 	" Esempio: CONNECT leaf.server.net";
 	"          CONNECT leaf.server.net 6667 hub.server.net";
-};
+}
 
 help Dccdeny {
 	" Aggiunge un blocco DCC per un determinato file.";
@@ -953,14 +941,14 @@ help Dccdeny {
 	" Questa funzione è utilizzabile solo dagli Oper.";
 	" -";
 	" Sintassi: DCCDENY <file> <motivo>";
-};
+}
 
 help Undccdeny {
 	" Rimuove il blocco DCC dal file esatto indicato, se esistente. Se non esistente esegue una ricerca.";
 	" Questa funzione è utilizzabile solo dagli Oper.";
 	" -";
 	" Sintassi: UNDCCDENY <file>";
-};
+}
 
 help Sajoin {
 	" Forza un utente ad accedere ad un canale.";
@@ -969,7 +957,7 @@ help Sajoin {
 	" Sintassi:  SAJOIN <nick> <canale>,[<canale2>,ecc.]";
 	" Esempio: SAJOIN Ugo #OperHelp";
 	"          SAJOIN Ugo #OperHelp,#IRCHelp";
-};
+}
 
 help Sapart {
 	" Forza un utente a lasciare un canale.";
@@ -979,7 +967,7 @@ help Sapart {
 	" Esempio: SAPART Ugo #OperHelp";
 	"          SAPART Ugo #OperHelp,#IRCHelp";
 	"          SAPART Ugo #OperHelp,#IRCHelp Utente assente";
-};
+}
 
 help Samode {
 	" Permette di modificare le mode di un canale pur non essendone op o superiore.";
@@ -987,7 +975,7 @@ help Samode {
 	" -";
 	" Sintassi:  SAMODE <canale> <mode>";
 	" Esempio: SAMODE #irchelp +m";
-};
+}
 
 help Trace {
 	" Permette di tracciare un server o un utente.";
@@ -995,15 +983,15 @@ help Trace {
 	" Se utilizzato su un server ne restituisce classe, versione e informazioni sul collegamento.";
 	" -";
 	" Sintassi:  TRACE <server/nick>";
-	" Esempio: TRACE irc.mynet.it";
-};
+	" Esempio: TRACE irc.example.org";
+}
 
 help Opermotd {
 	" Mostra il MOTD per gli Oper";
 	" Questa funzione è utilizzabile solo dagli Oper.";
 	" -";
 	" Sintassi: OPERMOTD";
-};
+}
 
 help Sdesc {
 	" Permette di modificare la descrizione del server";
@@ -1012,20 +1000,18 @@ help Sdesc {
 	" -";
 	" Sintassi:  SDESC <nuova descrizione>";
 	" Esempio: SDESC Il mio server IRC";
-};
+}
 
 help Mkpasswd {
 	" Restituisce un 'hash' della stringa specificata.";
 	" Può essere utilizzato per ogni password criptata da inserire nel file di configurazione,";
 	" ad esempio come password per gli oper o per i vhost.";
-	" Metodi disponibili (in ordine di sicurezza):";
-	"    *NIX: crypt, md5, sha1 [*], ripemd160 [*]";
-	" Windows: crypt [*], md5, sha1, ripemd160 [*]";
-	" [*: disponibile solo se compilato con supporto SSL]";
+	" Per ulteriori informazioni e metodi disponibili, consultare:";
+	" https://www.unrealircd.org/docs/Authentication_types";
 	" -";
 	" Sintassi:  MKPASSWD <metodo> <password>";
-	" Esempio: MKPASSWD md5 LaMiaPassword";
-};
+	" Esempio: MKPASSWD argon2 LaMiaPassword";
+}
 
 help Module {
 	" Restituisce un elenco di tutti i moduli caricati sul server.";
@@ -1047,23 +1033,19 @@ help Module {
 	" [3RD] Il modulo è di terze parti, ovvero non parte del core di UnrealIRCd.";
 	" In aggiunta vedrai un elenco degli hook e dei comandi di ovverride presenti";
 	" (il numero di hook può essere visto anche in include/modules.h).";
-};
+}
 
 help Close {
 	" Questo comando termina tutte le connessioni sconosciute al server IRC.";
 	" -";
 	" Sintassi:  CLOSE";
-};
+}
 
 help Tsctl {
-	" Questo è un comando avanzato utilizzato per correggere l'orologio interno di IRC.";
 	" Questa funzione è utilizzabile solo dagli Oper.";
 	" -";
-	" Sintassi: TSCTL OFFSET +|- <orario> (Modifica l'orologio interno di IRC)";
-	"         TSCTL TIME (Restituisce il report TS)";
-	"         TSCTL ALLTIME (Mostra il report TS di tutti i server)";
-	"         TSCTL SVSTIME <timestamp> (Imposta l'orario di tutti i server)";
-};
+	" Sintassi: TSCTL ALLTIME (Mostra il report TS di tutti i server)";
+}
 
 help Htm {
 	" Attiva o disattiva la modalità 'High Traffic'.";
@@ -1081,7 +1063,7 @@ help Htm {
 	" NOISY - Abilita un avviso quando la modalità HTM viene attivata/disattivata";
 	" QUIET - Disabilita l'avviso quando la modalità HTM viene attivata/disattivata";
 	" TO <valore> - Imposta il valore oltre il quale attivare HTM";
-};
+}
 
 help Svsnick {
 	" Cambia il nickname dell'utente indicato.";
@@ -1089,7 +1071,7 @@ help Svsnick {
 	" -";
 	" Sintassi:  SVSNICK <nickname> <nuovo-nick> <timestamp>";
 	" Esempio: SVSNICK Ugo Foobar 963086432";
-};
+}
 
 help Svsmode {
 	" Cambia le mode dell'utente indicato.";
@@ -1097,7 +1079,7 @@ help Svsmode {
 	" -";
 	" Sintassi:  SVSMODE <nickname> <usermode>";
 	" Esempio: SVSMODE Ugo +i";
-};
+}
 
 help Svskill {
 	" Disconnette forzatamente un utente dal server.";
@@ -1105,7 +1087,7 @@ help Svskill {
 	" -";
 	" Sintassi:  SVSKILL <nickname> :<motivo>";
 	" Esempio: SVSKILL Lamer21 :Arrivederci";
-};
+}
 
 help Svsnoop {
 	" Attiva o disattiva le funzionalità per gli Oper sul server indicato.";
@@ -1113,7 +1095,7 @@ help Svsnoop {
 	" -";
 	" Sintassi:  SVSNOOP <server> <+/->";
 	" Esempio: SVSNOOP leaf.server.net -";
-};
+}
 
 help Svsjoin {
 	" Forza un utente ad accedere ad un canale.";
@@ -1122,7 +1104,7 @@ help Svsjoin {
 	" Sintassi:  SVSJOIN <nick> <canale1>[,<canale2>,ecc.] [password1[,password2,ecc.]]";
 	" Esempio: SVSJOIN Ugo #jail";
 	"          SVSJOIN Ugo #jail,#zoo";
-};
+}
 
 help Svspart {
 	" Forza un utente a lasciare un canale.";
@@ -1132,7 +1114,7 @@ help Svspart {
 	" Esempio: SVSPART Ugo #Hanson";
 	"          SVSPART Ugo #Hanson,#AOL";
 	"          SVSPART Ugo #Hanson,#AOL Accesso non ammesso";
-};
+}
 
 help Svso {
 	" Assegna all'utente delle operflag come quelle nelle operclass.";
@@ -1142,7 +1124,7 @@ help Svso {
 	" Sintassi:  SVSO <nick> <+operflags> (aggiunge le operflag)";
 	"          SVSO <nick> - (rimuove tutte le operflag)";
 	" Esempio: SVSO Ugo +bBkK";
-};
+}
 
 help Swhois {
 	" Cambia il messaggio di whois dell'utente indicato.";
@@ -1151,7 +1133,7 @@ help Swhois {
 	" Sintassi:  SWHOIS <nick> :<messaggio> (imposta il messaggio di SWHOIS)";
 	"          SWHOIS <nick> :  (Resetta il messaggio di SWHOIS)";
 	" Esempio: SWHOIS Ugo :sono un lamer";
-};
+}
 
 help Sqline {
 	" Blocca l'uso di un determinato nick sul server.";
@@ -1159,7 +1141,7 @@ help Sqline {
 	" -";
 	" Sintassi:  SQLINE <nick> :<motivo>";
 	" Esempio: SQLINE *Bot* :Bot non ammessi";
-};
+}
 
 help Unsqline {
 	" Rimuove il blocco di un nick dal server.";
@@ -1167,7 +1149,7 @@ help Unsqline {
 	" -";
 	" Sintassi:  UNSQLINE <nick>";
 	" Esempio: UNSQLINE *Bot*";
-};
+}
 
 help Svs2mode {
 	" Cambia le mode di un utente e gli mostra un messaggio di notifica.";
@@ -1175,7 +1157,7 @@ help Svs2mode {
 	" -";
 	" Sintassi:  SVS2MODE <nickname> <mode>";
 	" Esempio: SVS2MODE Ugo +h";
-};
+}
 
 help Svsfline {
 	" Aggiunge il file indicato alla lista DCCDENY.";
@@ -1184,7 +1166,7 @@ help Svsfline {
 	" Sintassi: :server SVSFLINE + file :motivo (aggiunge il file alla lista)";
 	"         :server SVSFLINE - file (rimuove il file dalla lista)";
 	"         :server SVSFLINE *      (svuota la lista)";
-};
+}
 
 help Svsmotd {
 	" Cambia il MOTD dei services.";
@@ -1193,7 +1175,7 @@ help Svsmotd {
 	"         SVSMOTD !         (Cancella il MOTD)";
 	"         SVSMOTD ! :<testo> (Cancella il MOTD attuale e aggiunge il testo)";
 	" Esempio: SVSMOTD # :Services MOTD";
-};
+}
 
 help Svsnline {
 	" Aggiunge un ban sul realname.";
@@ -1205,7 +1187,7 @@ help Svsnline {
 	"          SVSNLINE - :<realname> (rimuove un ban)";
 	"          SVSNLINE * (Rimuove tutti i ban)";
 	" Esempio: SVSNLINE + sub7_drone :*sub7*";
-};
+}
 
 help Svslusers {
 	" Modifica il conteggio degli utenti locali o globali di un server.";
@@ -1213,15 +1195,15 @@ help Svslusers {
 	" Deve essere inviato tramite un server U:Lined.";
 	" -";
 	" Sintassi:  SVSLUSERS <server> <globalmax|-1> <localmax|-1>";
-	" Esempio: SVSLUSERS irc.mynet.it -1 200";
-};
+	" Esempio: SVSLUSERS irc.example.org -1 200";
+}
 
 help Svswatch {
 	" Cambia la lista WATCH di un utente.";
 	" Deve essere inviato tramite un server U:Lined.";
 	" Sintassi: SVSWATCH <nick> :<parametri>";
 	" Esempio: SVSWATCH Ugo :+Blih!*@* +Bluh!*@* +Bleh!*@*.com";
-};
+}
 
 help Svssilence {
 	" Cambia la lista SILENCE di un utente.";
@@ -1230,7 +1212,7 @@ help Svssilence {
 	" più valori in una stessa linea.";
 	" Sintassi: SVSSILENCE <nick> :<parametri>";
 	" Esempio: SVSSILENCE Ugo :+*!*@*.com +*!*@*.bla.com";
-};
+}
 
 help Svssno {
 	" Cambia le snomask di un utente.";
@@ -1238,7 +1220,7 @@ help Svssno {
 	" -";
 	" Sintassi:  SVSSNO <nickname> <snomasks>";
 	" Esempio: SVSSNO Ugo +Gc";
-};
+}
 
 help Svs2sno {
 	" Cambia le snomask di un utente e gli mostra un messaggio di notifica";
@@ -1246,7 +1228,7 @@ help Svs2sno {
 	" -";
 	" Sintassi:  SVS2SNO <nickname> <snomasks>";
 	" Esempio: SVS2SNO Ugo +Gc";
-};
+}
 
 help Svsnolag {
         " Abilita il 'no fake lag' per un utente";
@@ -1254,7 +1236,7 @@ help Svsnolag {
         " -";
         " Sintassi:  SVSNOLAG [+|-] <nickname>";
         " Esempio: SVSNOLAG + Ugo";
-};
+}
 
 help Svs2nolag {
         " Abilita il 'no fake lag' per un utente";
@@ -1262,7 +1244,7 @@ help Svs2nolag {
         " -";
         " Syntax:  SVS2NOLAG [+|-] <nickname>";
         " Example: SVS2NOLAG + Ugo";
-};
+}
 
 help Spamfilter {
 	" Questo comando aggiunge o rimuove filtri di spamfilter globali.";
@@ -1282,11 +1264,11 @@ help Spamfilter {
 	"           'kline', 'gline', 'zline', 'gzline', 'block' (blocca il messaggio),";
 	"           'dccblock' (blocca l'invio di DCC), 'viruschan' (esce da tutti i canali ed entra";
 	"           automaticamente sul 'virus chan' definito nel file di configurazione), 'warn' (avvisa gli Oper).";
-	" [stringa] La stringa che deve essere bloccata (come espressione regolare o testo semplice)";
 	" [durata]  La durata del ban in caso sia impostata una *line come azione. Usa '-' per utilizzare";
 	"           la durata di default definita nel file di configurazione";
 	" [motivo]  Il motivo da visualizzare nella *line, utilizzando i trattini bassi come spazi.";
 	"           Usa '-' per utilizzare il motivo di default definito nel file di configurazione";
+	" [stringa] La stringa che deve essere bloccata (come espressione regolare o testo semplice)";
 	" - ";
 	" Alcuni esempi:";
 	" /spamfilter add -simple p block - - Come watch me on my webcam";
@@ -1296,8 +1278,8 @@ help Spamfilter {
 	" /spamfilter add -simple p gline 3h Please_go_to_www.viruscan.xx/nicepage/virus=blah Come watch me on my webcam";
 	" /spamfilter add -simple p kill - Please_go_to_www.viruscan.xx/nicepage/virus=blah Come watch me on my webcam";
 	" /spamfilter del -simple p block - - Come watch me on my webcam*";
-	" /spamfilter add -regex cN gzline 1d No_advertising_please /come to irc\..+\..+/";
-};
+	" /spamfilter add -regex cN gzline 1d No_advertising_please come to irc\..+\..+";
+}
 
 help Tempshun {
 	" Aggiunge o rimuove shun temporanei'.";
@@ -1307,23 +1289,23 @@ help Tempshun {
 	" Sintassi:  TEMPSHUN [+|-]<nickname> [motivo]";
 	" Example: TEMPSHUN Ugo possibile virus";
 	"          TEMPSHUN -Ugo";
-};
+}
 
 help DccAllow {
 	" Per informazioni sul sistema DCCALLOW digita '/DCCALLOW HELP'";
 	/* Sarebbe inutile inserire qui le informazioni che si possono già trovare altrove */
-};
+}
 
 help Addmotd {
 	" Aggiunge una linea alla fine del MOTD ";
 	" -";
 	" Sintassi:  ADDMOTD <testo>";
 	" Esempio: ADDMOTD Divertiti!";
-};
+}
 
 help Addomotd {
 	" Aggiunge una linea alla fine dell'OperMOTD ";
 	" -";
 	" Sintassi:  ADDOMOTD <testo>";
 	" Esempio: ADDOMOTD Fatti non foste a moderare come bruti...";
-};
+}

doc/conf/help/help.ru.conf

@@ -1,4 +1,4 @@
-/* UnrealIRCd 4.0 Help Configuration
+/* UnrealIRCd 5 Help Configuration
  * Based on the original help text written by hAtbLaDe
  * Revised by CC (07/2002)
  *
@@ -24,7 +24,7 @@ help {
 	" /HELPOP OFLAGS   - Просмотреть флаги в O:line";
 	" -";
 	" ==-------------------------oOo--------------------------==";
-};
+}
 
 help Usercmds {
 	" Список команд, доступных пользователям на данный момент.";
@@ -44,7 +44,7 @@ help Usercmds {
 	" KICK            NICK            TIME";
 	" KNOCK           NOTICE          TOPIC";
 	" ==-------------------------oOo---------------------------==";
-};
+}
 
 help Opercmds {
 	" Список команд, доступных только IRC операторам.";
@@ -64,7 +64,7 @@ help Opercmds {
 	" DCCDENY         MKPASSWD        SDESC           ZLINE";
 	" DIE             MODULE          SETHOST";
 	" ==-------------------------oOo---------------------------==";
-};
+}
 
 help Svscmds {
 	" Список команд, которые могут быть посланы";
@@ -81,7 +81,7 @@ help Svscmds {
 	" SVSFLINE        SVSMOTD         SVSO        SWHOIS";
 	" SVSJOIN         SVSNICK         SVSPART     UNSQLINE";
 	" ==-------------------------oOo---------------------------==";
-};
+}
 
 help Umodes {
 	" Список режимов пользователя.";
@@ -125,7 +125,7 @@ help Umodes {
 	" W = Позволяет видеть, когда кто-то делает /WHOIS на Ваш";
 	"     ник (только для IRC операторов)";
 	" ==---------------------------oOo---------------------------==";
-};
+}
 
 help Snomasks {
 	" Snomask - это сокращение от 'Service NOtice MASK'.";
@@ -157,7 +157,7 @@ help Snomasks {
 	" S = Видны сообщения спам фильтра";
 	" v = Видны попытки использования команды /VHOST";
 	" ==-------------------------oOo------------------------==";
-};
+}
 
 help Chmodes {
 	" В этой секции приведён список режимов, которые могут быть наложены";
@@ -230,7 +230,7 @@ help Chmodes {
 	" [h] - минимум требуются права halfop, [o] - минимум требуются права";
 	"       chanop, [q] - требуются права владельца";
 	" ==------------------------------oOo----------------------------==";
-};
+}
 
 help ExtBans {
 	" Данные типы банов позволяют вам банить не только по традиционной маске nick!user@host.";
@@ -272,19 +272,12 @@ help ExtBans {
 	"    ~r   | настоящее имя | он не сможет зайти. Пример: +b ~r:*Stupid_bot_script*   ";
 	"         |               | Дополнение: Подчёркивание ('_') обозначает и            ";
 	"         |               | пробел (' '), и подчёркивание ('_').                    ";
-	"-----------------------------------------------------------------------------------";
-	"         |               | Бан срабатывает, если пользователь идентифицирован      ";
-	"    ~R   |               | на сервисах (обычно Nickserv) и имя совпадает. В        ";
-	"         |зарегестрирован| реальности необходим для исключений на канале.          ";
-	"         |               | Пример: +e ~R:Nick                                      ";
-	"         |               | Позволяет Nick находится на канале, независимо от банов,";
-	"         |               | если он идентифицирован на сервисах, использует ник Nick";
 	" ==------------------------------------------------------------------------------==";
 	" -";
 	" Вы можете стекировать расширенные типы банов первой и второй группы друг с другом.";
 	" Пример: +b ~q:~c:#lamers";
 	" Действием данной команды будет молчание всех пользователей, кто сидит в #lamers";
-};
+}
 
 help Chmodef {
 	" Режим канала +f предоставляет гибкий механизм защиты канала от флуда.";
@@ -310,7 +303,7 @@ help Chmodef {
 	" -";
 	" Если вы задаёте некое действие в ответ на флуд, вы можете так же указать,";
 	" как долго (в минутах) будет действовать наказание.";
-};
+}
 
 help Oflags {
 	" Описание флагов, помещаемых в O:lines конфигурационного файла сервера";
@@ -347,7 +340,7 @@ help Oflags {
 	" X (can_addline)	Может использовать /ADDLINE";
 	" d (can_dccdeny)	Может использовать /DCCDENY";
 	" ==----------------------oOo--------------------==";
-};
+}
 
 help Nick {
 	" Изменяет виртуальное имя (Ник).";
@@ -356,7 +349,7 @@ help Nick {
 	" -";
 	" Синтаксис:  NICK <новое имя>";
 	" Пример:     NICK hAtbLaDe";
-};
+}
 
 help Whois {
 	" Показывает различную информацию о пользователе:";
@@ -379,7 +372,7 @@ help Whois {
 	"         видите, потому что имеете права оператора IRC";
 	" 	? - Канал является \"Секретным\" (+s), но вы его видите, потому";
 	"         что имеете права оператора IRC";
-};
+}
 
 help Who {
 	" Возвращает информацию о пользователях";
@@ -435,7 +428,7 @@ help Who {
 	"   ! - У пользователя установлен флаг +H";
 	"   ? - Вы видите пользователя только потому, что являетесь IRC";
 	"       оператором";
-};
+}
 
 help Whowas {
 	" Показывает информацию WHOIS о пользователях";
@@ -444,7 +437,7 @@ help Whowas {
 	" Синтаксис:  WHOWAS <имя пользователя>";
 	"             WHOWAS <имя пользователя> <количество записей>";
 	" Пример:     WHOWAS hAtbLaDe";
-};
+}
 
 help Cycle {
 	" Выполнить цикл \"выйти/войти\" в указанном канале. Команда";
@@ -453,7 +446,7 @@ help Cycle {
 	" Синтаксис:  CYCLE <канал1>,<канал2>,<канал3>";
 	" Пример:     CYCLE #help";
 	"             CYCLE #main,#chat";
-};
+}
 
 help Dns {
 	" Возвращает информацию из DNS кэша IRC сервера.";
@@ -465,14 +458,14 @@ help Dns {
 	" 'DNS i' вернёт подробную информацию о конфигурации сервера имён";
 	" -";
 	"Синтаксис: DNS [опция]";
-};
+}
 
 help Names {
 	" Возвращает список пользователей указанного канала.";
 	" -";
 	" Синтаксис:  NAMES <канал>";
 	" Пример:     NAMES #Support";
-};
+}
 
 help Ison { 
 	" Служит для определения состояния Пользователя - в";
@@ -480,7 +473,7 @@ help Ison {
 	" -";
 	" Синтаксис:  ISON <имя> <имя2> <имя3> <имя4>";
 	" Пример:     ISON hAtbLaDe Stskeeps OperServ AOLBot";
-};
+}
 
 help Join { 
 	" Используется для входа на канал(ы) IRC сервера.";
@@ -494,7 +487,7 @@ help Join {
 	" Пример:     JOIN #Support";
 	"             JOIN #Lobby,#IRCd";
 	"             JOIN #IRCd,#Support,#main letmein,somepass,anotherpass";
-};
+}
 
 help Part {
 	" Используется для того, чтобы покинуть текущий канал.";
@@ -506,7 +499,7 @@ help Part {
 	" Синтаксис:  PART <канал>,<канал2>,<канал3>,<канал4> <причина>";
 	" Пример:     PART #Support";
 	"             PART #Lobby,#IRCd See ya later!";
-};
+}
 
 help Motd {
 	" Показывают информационное сообщение IRC сервера, к которому";
@@ -514,28 +507,28 @@ help Motd {
 	" -";
 	" Синтаксис: MOTD";
 	"            MOTD <сервер>";
-};
+}
 
 help Rules {
 	" Показывает правила пользования сетью.";
 	" -";
 	" Синтаксис: RULES";
 	"            RULES <сервер>";
-};
+}
 
 help Lusers {
 	" Предоставляет информацию о количестве локальных и глобальных";
 	" пользователей (текущее и максимальное количество пользователей сети).";
 	" -";
 	" Синтаксис: LUSERS [сервер]";
-};
+}
 
 help Map {
 	" Предоставляет \"Карту Сети\" список серверов и связи между ними.";
 	" В основном используется для визуализации маршрутизации в сети.";
 	" -";
 	" Синтаксис: MAP";
-};
+}
 
 help Quit {
 	" Отключает от IRC сервера. Пользователи каналов, в которых вы";
@@ -545,7 +538,7 @@ help Quit {
 	" -";
 	" Синтаксис:  QUIT <причина>";
 	" Пример:     QUIT Leaving!";
-};
+}
 
 help Ping {
 	" Команда PING используется для определения присутствия клиента или";
@@ -558,10 +551,10 @@ help Ping {
 	" CTCP PING";
 	" -";
 	" Синтаксис:  PING <сервер> <сервер2>";
-	" Пример:     PING irc.fyremoon.net";
+	" Пример:     PING irc.example.org";
 	"             PING hAtbLaDe";
 	"             PING hAtbLaDe irc2.dynam.ac";
-};
+}
 
 help Pong {
 	" Сообщение PONG - это ответ на запрос PING. Если указан параметр";
@@ -570,16 +563,16 @@ help Pong {
 	" идёт ответ на запрос PING.";
 	" -";
 	" Синтаксис:  PONG <сервер> <сервер2>";
-	" Пример:     PONG irc.fyremoon.net irc2.dynam.ac";
-	"             (PONG от irc.fyremoon.net на irc2.dynam.ac)";
-};
+	" Пример:     PONG irc.example.org irc2.dynam.ac";
+	"             (PONG от irc.example.org на irc2.dynam.ac)";
+}
 
 help Version {
 	" Возавращает версию ПО на IRC сервере.";
 	" -";
 	" Синтаксис: VERSION";
 	"            VERSION <сервер>";
-};
+}
 
 help Stats {
 	" Возвращает немного статистической информации с сервера";
@@ -589,7 +582,7 @@ help Stats {
 	" -";
 	" Дайте команду /stats без параметров для получения списка доступных";
 	" флагов.";
-};
+}
 
 help Links {
 	" Возвращает список серверов, слинкованных с сетью на данный момент.";
@@ -597,14 +590,14 @@ help Links {
 	" IRC операторы.";
 	" -";
 	" Синтаксис: LINKS";
-};
+}
 
 help Admin {
 	" Возвращает административную информацию с указанного сервера.";
 	" -";
 	" Синтаксис: ADMIN";
 	"            ADMIN <сервер>";
-};
+}
 
 help Userhost {
 	" Возвращает имя хоста для указанного пользователя.";
@@ -612,7 +605,7 @@ help Userhost {
 	" -";
 	" Синтаксис:  USERHOST <имя>";
 	" Пример:     USERHOST hAtbLaDe";
-};
+}
 
 help Userip {
 	" Возвращает IP адрес указанного пользователя.";
@@ -620,7 +613,7 @@ help Userip {
 	" -";
 	" Синтаксис: USERIP <имя>";
 	" Пример:    USERIP codemastr";
-};
+}
 
 help Topic {
 	" Устанавливает/изменяет тему указанного канала, или просто показывает";
@@ -630,7 +623,7 @@ help Topic {
 	"             TOPIC <канал> <тема> (Изменит тему)";
 	" Пример:     TOPIC #Operhelp";
 	"             TOPIC #Lobby Welcome to #Lobby!!";
-};
+}
 
 help Invite {
 	" Посылает указанному пользователю приглашение войти на указанный канал.";
@@ -642,7 +635,7 @@ help Invite {
 	" -";
 	" Синтаксис:  INVITE [<имя> <канал>]";
 	" Пример:     INVITE";
-};
+}
 
 help Kick {
 	" Удаляет пользователя из канала. Может быть использована только";
@@ -651,7 +644,7 @@ help Kick {
 	" -";
 	" Синтаксис:  KICK <канал> <пользователь> [причина]";
 	" Пример:     KICK #Lobby foobar Lamer..";
-};
+}
 
 help Away {
 	" Помечает вас как отсутствующего - \"Away\".";
@@ -660,7 +653,7 @@ help Away {
 	"                             указанной причине)";
 	"             AWAY (Снимет статус отсутствующего)";
 	" Пример:     AWAY Lunch time!";
-};
+}
 
 help Watch {
 	" Watch - это система уведомлений, более быстрая и использующая меньше";
@@ -675,7 +668,7 @@ help Watch {
 	"                                     уведомлений)";
 	"            WATCH -имя (Удаление имени из списка)";
 	"            WATCH (Покажет весь список уведомлений)";
-};
+}
 
 help List {
 	" Возвращает полный список каналов, доступных в сети IRC на данный";
@@ -695,7 +688,7 @@ help List {
 	" -";
 	" Все эти параметры могут быть использованы вместо стандартной";
 	" строки поиска.";
-};
+}
 
 help Privmsg {
 	" Позволяет послать сообщение пользователю, всему каналу или целому";
@@ -719,7 +712,7 @@ help Privmsg {
 	"  [Только для Операторов IRC]";
 	"  Сообщение показывается в окне статуса большинством современных IRC";
 	"  клиентов.";
-	"  Пример: /PRIVMSG $*.mynet.net We will be upgrading our net in the";
+	"  Пример: /PRIVMSG $*.example.org We will be upgrading our net in the";
 	"  next hour";
 	"  Однако, следует заметить, что в большинстве случаев лучше использовать";
 	"  сервисы (/OS GLOBAL).";
@@ -732,7 +725,7 @@ help Privmsg {
 	" нельзя использовать дополнительные возможности команд /msg или";
 	" /privmsg, нужно пользоваться ими следующим образом:";
 	"  '/QUOTE PRIVMSG @#channel blah'.";
-};
+}
 
 help Notice {
 	" Посылает \"notice\" пользователю, каналу или всем, кто подключен к";
@@ -755,7 +748,7 @@ help Notice {
 	"  Посылает \"notice\" всем пользователям сервера, попадающим под";
         "  <маска> [Доступно только операторам]";
 	"  Сообщения видны в окне статуса большинства современных клиентов.";
-	"  Пример: /NOTICE $*.mynet.net We will be upgrading our net in the";
+	"  Пример: /NOTICE $*.example.org We will be upgrading our net in the";
 	"          next hour";
 	"  В большинстве случаев сервисы (/OS GLOBAL) будут лучшей";
 	"  альтернативой.";
@@ -766,7 +759,7 @@ help Notice {
 	" ВАЖНО: В случае использования старых клиентов (ircII, к примеру),";
 	" чтобы использовать дополнительные возможности, необходимо применять";
         " следующий способ: '/QUOTE NOTICE @#channel blah'.";
-};
+}
 
 help Knock {
 	" Для каналов с ограничением доступа \"только по приглашению\" вы можете";
@@ -774,14 +767,14 @@ help Knock {
 	" -";
 	" Синтаксис:  KNOCK <#канал> <сообщение>";
 	" Пример:     KNOCK #secret_chan I'm an op, let me in!";
-};
+}
 
 help Setname {
 	" Позволяет пользователю изменить реальное имя (\"Real name\") (GECOS)";
 	" без отключения от IRC";
 	" -";
 	" Синтаксис: SETNAME <новое \"реальное имя\">";
-};
+}
 
 help Vhost {
 	" Скрывает реальный hostname пользователя, заменяя его виртуальным";
@@ -789,7 +782,7 @@ help Vhost {
 	" -";
 	" Синтаксис:  VHOST <логин> <пароль>";
 	" Пример:     VHOST openbsd ilovecypto";
-};
+}
 
 help Mode {
 	" Устанавливает режим для пользователя или канала.";
@@ -799,7 +792,7 @@ help Mode {
 	" Синтаксис:  MODE <канал/пользователь> <режим>";
 	" Пример: MODE #Support +tn";
 	"         MODE #Support +ootn hAtbLaDe XYZ";
-};
+}
 
 help Credits {
 	" Эта команда возвращает список людей, так или иначе помогавших в";
@@ -807,28 +800,28 @@ help Credits {
 	" -";
 	" Синтаксис: CREDITS";
 	"            CREDITS <сервер>";
-};
+}
 
 help Dalinfo {
 	" Историческая справка о создателях сервера (от ircu, и далее...)";
 	" -";
 	" Синтаксис: DALINFO";
 	"            DALINFO <сервер>";
-};
+}
 
 help License {
 	" Возвращает информацию о лицензии, под которой распространяется";
 	" UnrealIRCd.";
 	" Синтаксис: LICENSE";
 	"            LICENSE <сервер>";
-};
+}
 
 help Time {
 	" Отображает текущую дату и время на сервере.";
 	" -";
 	" Синтаксис: TIME";
 	"            TIME <сервер>";
-};
+}
 
 help Silence {
 	" Игнорирует сообщения от пользователя или группы пользователей сервера.";
@@ -836,7 +829,7 @@ help Silence {
 	" Синтаксис: SILENCE +nickname (Добавляет ник в SILENCE список)";
 	"            SILENCE -nickname (Удаляет ник из SILENCE списка)";
 	"            SILENCE           (Отображает текущий SILENCE список)";
-};
+}
 
 help Oper {
 	" Позволяет пользователю получить статус IRC оператора.";
@@ -844,7 +837,7 @@ help Oper {
 	" Синтаксис:  OPER <идентификатор> <пароль>";
 	" ВАЖНО: идентификатор и пароль чувствительны к регистру";
 	" Пример: OPER hAtbLaDe foobar234";
-};
+}
 
 help Wallops {
 	" Посылает сообщение всем пользователям с установленным флагом +w.";
@@ -852,7 +845,7 @@ help Wallops {
 	" сообщения может любой пользователь с установленным флагом +w";
 	" -";
 	" Синтаксис: WALLOPS <сообщение>";
-};
+}
 
 help Globops {
 	" Посылает общесетевое сообщение для IRC операторов. Видеть его могут";
@@ -860,35 +853,35 @@ help Globops {
 	" -";
 	" Синтаксис:  GLOBOPS <сообщение>";
 	" Пример:     GLOBOPS Lets get em clones ..";
-};
+}
 
 help Locops {
 	" Посылает сообщение IRC операторам, подключенным к серверу (local).";
 	" -";
 	" Синтаксис:  LOCOPS <сообщение>";
 	" Пример:     LOCOPS Gonna k:line that user ...";
-};
+}
 
 help Chatops {
 	" Посылает сообщение всем IRC операторам (global).";
 	" -";
 	" Синтаксис:  CHATOPS <message>";
 	" Пример:     CHATOPS Gonna k:line that user ...";
-};
+}
 
 help Adchat {
 	" Посылает сообщение всем подключенным администраторам";
 	" -";
 	" Синтаксис:  ADCHAT <текст>";
 	" Пример:     ADCHAT Hey guys! I'm finally here.";
-};
+}
 
 help Nachat {
 	" Посылает сообщение всем подключенным администраторам сети";
 	" -";
 	" Синтаксис:  NACHAT <текст>";
 	" Пример: NACHAT Hey guys! How is everything?";
-};
+}
 
 help Kill {
 	" Отключает пользователей от сервера IRC.";
@@ -896,7 +889,7 @@ help Kill {
 	" -";
 	" Синтаксис:  KILL <ник1>,<ник2>,<ник3>,... <причина>";
 	" Пример:     KILL Jack16 Cloning is not allowed";
-};
+}
 
 help Kline {
 	" Команда временно добавляет пользователя или хост в K:Lines. ";
@@ -913,7 +906,7 @@ help Kline {
 	"            KLINE *@*.someisp.com 2d Abuse (добавляет K:line на 2 дня)";
 	"            KLINE Idiot 1d Please go away";
 	"            KLINE -*@*.aol.com";
-};
+}
 
 help Zline {
 	" Команда временно добавляет пользователя или хост в Z:Lines. ";
@@ -929,7 +922,7 @@ help Zline {
 	"             ZLINE *@127.0.0.1 2d Abuse (Добавляет Z:line на 2 дня)";
 	"             ZLINE -*@127.0.0.1";
 	" ВАЖНО: для использования требуется флаг, разрешающий zline";
-};
+}
 
 help Gline {
 	" Команда временно добавляет пользователя или хост в G:Lines. ";
@@ -946,7 +939,7 @@ help Gline {
 	"             GLINE *@*.idiot.net 1d Spammer (Добавляет G:line на 24 часа)";
 	"             GLINE -*@*.idiot.net";
 	" ВАЖНО: для использования требуется флаг, разрешающий gline";
-};
+}
 
 help Shun {
 	" Запрещает использование любой команды, кроме ADMIN и ответов на";
@@ -966,7 +959,7 @@ help Shun {
 	"  (Shun foobar@aol.com на 10 минут по причине Spamming)";
 	"             SHUN +foobar@aol.com 1d6h :Spamming (SHUN на 30 часов)";
 	" ВАЖНО: для использования требуется флаг, разрешающий gkline";
-};
+}
 
 help Gzline {
 	" Команда накладывает временный глобальный Z:line. Если вы попадаете под";
@@ -984,7 +977,7 @@ help Gzline {
 	"          GZLINE *@4.16.200.* 1d5h Spammers (Действующий 29 часов";
 	"                                             общесетевой Z:line)";
 	" ВАЖНО: требует установленного can_gzline флага";
-};
+}
 
 help Akill {
 	" Применяет Autokill на указанную маску. Запрещает подключение к сети";
@@ -993,14 +986,14 @@ help Akill {
 	" -";
 	" Синтаксис:  AKILL <user@host> :<причина>";
 	" Пример:     AKILL foo@aol.com :Spammers!";
-};
+}
 
 help Rakill {
 	" Снимает ранее установленный AKILL.";
 	" ЭТА КОМАНДА МОЖЕТ БЫТЬ ИСПОЛЬЗОВАНА ТОЛЬКО СЕРВЕРАМИ";
 	" -";
 	" Синтаксис: RAKILL <user@host>";
-};
+}
 
 help Rehash {
 	" Заставляет сервер перечитать файл конфигурации.";
@@ -1021,9 +1014,9 @@ help Rehash {
 	"  -dns      - Переинециализация и перезагрузка преобразования адресов";
 	"  -garbage  - Активирует \"сборщик мусора\"";
 	"  -motd     - Перечитает все файлы MOTD, BOTMOTD, OPERMOTD и RULES (включая tld{})";
-	"  -ssl      - Перезагрузка сертификатов SSL";
+	"  -tls      - Перезагрузка сертификатов SSL/TLS";
 
-};
+}
 
 help Restart {
 	" Перезапускает IRC демона, с отключением всех пользователей,";
@@ -1033,7 +1026,7 @@ help Restart {
 	" Синтаксис: RESTART";
 	"            RESTART <пароль>";
 	"            RESTART <пароль> <причина>";
-};
+}
 
 help Die {
 	" Убивает IRC демон, отключает от него всех пользователей.";
@@ -1041,16 +1034,16 @@ help Die {
 	" -";
 	" Синтаксис: DIE";
 	"            DIE <пароль>";
-};
+}
 
 help Lag {
 	" Команда - аналог Traceroute для IRC серверов";
-	" Вы вводите /LAG irc.fyremoon.net и получаете ответ от каждого";
+	" Вы вводите /LAG irc.example.org и получаете ответ от каждого";
 	" сервера, через который она проходит, с указанием времени задержки.";
 	" Используется для поиска лагов и серверов с нестыковкой по времени";
 	" -";
 	" Синтаксис: LAG <server>";
-};
+}
 
 help Sethost {
 	" Пользуясь этой командой вы можете сменить свой виртуальный хост";
@@ -1059,7 +1052,7 @@ help Sethost {
 	" -";
 	" Синтаксис:  SETHOST <новое имя>";
 	" Пример:     SETHOST i.have.hairy.armpits";
-};
+}
 
 help Setident {
 	" Этой командой вы можете сменить себе ваш идент (Username).";
@@ -1067,7 +1060,7 @@ help Setident {
 	" -";
 	" Синтаксис:  SETIDENT <новый ident>";
 	" Пример:     SETIDENT l33t";
-};
+}
 
 help Chghost {
 	" Сменяет имя хоста пользователя IRC сети на указанное.";
@@ -1075,7 +1068,7 @@ help Chghost {
 	" -";
 	" Синтаксис:  CHGHOST <ник> <хост>";
 	" Пример:     CHGHOST hAtbLaDe root.me.com";
-};
+}
 
 help Chgident {
 	" Изменяет идентификационную информацию (Ident) о пользователе сети.";
@@ -1083,7 +1076,7 @@ help Chgident {
 	" -";
 	" Синтаксис:  CHGIDENT <ник> <ident>";
 	" Пример:     CHGIDENT hAtbLaDe sheep";
-};
+}
 
 help Chgname {
 	" Изменяет \"IRC Name\" (или \"Real Name\") пользователя сети";
@@ -1091,7 +1084,7 @@ help Chgname {
 	" -";
 	" Синтаксис:  CHGNAME <ник> <имя>";
 	" Пример:     CHGNAME hAtbLaDe Gotta new name :)";
-};
+}
 
 help Squit {
 	" Отключает IRC сервер (или все сервера, попадающие под маску) от сети.";
@@ -1100,7 +1093,7 @@ help Squit {
 	" -";
 	" Синтаксис:  SQUIT <сервер>";
 	" Пример:     SQUIT leaf.*";
-};
+}
 
 help Connect {
 	" Подключает указанный IRC сервер к тому, на котором вы находитесь.";
@@ -1111,21 +1104,21 @@ help Connect {
 	"             CONNECT <leaf> <port> <hub>";
 	" Пример:     CONNECT leaf.*";
 	"             CONNECT leaf.* 6667 hub.*";
-};
+}
 
 help Dccdeny {
 	" Запрещает передачу файлов, попадающих под указанную маску, по DCC.";
 	" Команда доступна только IRC операторам.";
 	" -";
 	" Синтаксис: DCCDENY <маска> <причина>";
-};
+}
 
 help Undccdeny {
 	" Отменить запрет на передачу файлов по указанной маске.";
 	" Команда доступна только IRC операторам.";
 	" -";
 	" Синтаксис: UNDCCDENY <filename mask>";
-};
+}
 
 help Sajoin {
 	" Заставляет пользователя войти в канал.";
@@ -1134,7 +1127,7 @@ help Sajoin {
 	" Синтаксис:  SAJOIN <ник> <канал>,[<канал2>..]";
 	" Пример:     SAJOIN hAtbLaDe #OperHelp";
 	"             SAJOIN hAtbLaDe #Support,#IRCHelp";
-};
+}
 
 help Sapart {
 	" Заставляет пользователя покинуть канал.";
@@ -1144,7 +1137,7 @@ help Sapart {
 	" Пример:     SAPART hAtbLaDe #OperHelp";
 	"             SAPART hAtbLaDe #Support,#IRCHelp";
 	"             SAPART hAtbLaDe #Support,#IRCHelp Go away";
-};
+}
 
 help Samode {
 	" Позволяет администратору сервисов изменить режимы на указанном канале";
@@ -1153,7 +1146,7 @@ help Samode {
 	" -";
 	" Синтаксис:  SAMODE <канал> <режим>";
 	" Пример:     SAMODE #Support +m";
-};
+}
 
 help Trace {
 	" Команду TRACE можно использовать на сервере или пользователе.";
@@ -1164,15 +1157,15 @@ help Trace {
         " используете его в первый раз.";
 	" -";
 	" Синтаксис:  TRACE <сервер|ник>";
-	" Пример:     TRACE irc.fyremoon.net";
-};
+	" Пример:     TRACE irc.example.org";
+}
 
 help Opermotd {
 	" Показывает MOTD сервера для IRC операторов";
 	" Команда доступна только IRC операторам.";
 	" -";
 	" Синтаксис: OPERMOTD";
-};
+}
 
 help Sdesc {
 	" Этой командой можно изменить описание сервера без применения squit";
@@ -1181,20 +1174,18 @@ help Sdesc {
 	" -";
 	" Синтаксис:  SDESC <новое описание>";
 	" Пример:     SDESC Fly High, Fly Free";
-};
+}
 
 help Mkpasswd {
 	" Команда возвратит 'hash' указанной строки, который можно";
 	" в последствии использовать в конфигурационном файле в качестве пароля:";
 	" в oper::password, vhost::password, и т.д.";
-	" Доступные типы хешей (по возрастанию уровня безопасности):";
-	"    *NIX: crypt, md5, sha1 [*], ripemd160 [*]";
-	" Windows: crypt [*], md5, sha1, ripemd160 [*]";
-	" [*: доступно в случае, если сервер имеет поддержку SSL]";
+	" Дополнительную информацию и типы хешей:";
+	" https://www.unrealircd.org/docs/Authentication_types";
 	" -";
 	" Синтаксис:  MKPASSWD <метод> <пароль>";
-	" Пример:     MKPASSWD md5 IamTeh1337";
-};
+	" Пример:     MKPASSWD argon2 IamTeh1337";
+}
 
 help Module {
 	" Покажет список загруженных сервером модулей.";
@@ -1214,24 +1205,20 @@ help Module {
 	" [OLD?] Отсутствует Mod_Version, забыли перекомпилировать старый";
 	" модуль";
 	" Так же будут видны присутствующие hooks и command overrides.";
-};
+}
 
 help Close {
 	" Команда позволяет отключить все неизвестные соединения к IRC серверу.";
 	" -";
 	" Синтаксис: CLOSE";
-};
+}
 
 help Tsctl {
 	" Команда позволяет управлять временем в IRC сети";
 	" Может использоваться только IRC операторами.";
 	" -";
-	" Синтаксис: TSCTL OFFSET +|- <time> (Настройка времени IRC)";
-	"            TSCTL TIME (Покажет время)";
-	"            TSCTL ALLTIME (Покажет время на всех серверах)";
-	"            TSCTL SVSTIME <timestamp> (Установит время на всех";
-	"                                       серверах)";
-};
+	" Синтаксис: TSCTL ALLTIME (Покажет время на всех серверах)";
+}
 
 help Svsnick {
 	" Меняет ник указанному пользователю.";
@@ -1239,7 +1226,7 @@ help Svsnick {
 	" -";
 	" Синтаксис:  SVSNICK <старый ник> <новый ник> <timestamp>";
 	" Пример:     SVSNICK hAtbLaDe Foobar 963086432";
-};
+}
 
 help Svsmode {
 	" Изменяет режимы указанного пользователя.";
@@ -1247,7 +1234,7 @@ help Svsmode {
 	" -";
 	" Синтаксис:  SVSMODE <ник> <режим>";
 	" Пример:     SVSMODE hAtbLaDe +i";
-};
+}
 
 help Svskill {
 	" Отключает пользователя от сети.";
@@ -1255,7 +1242,7 @@ help Svskill {
 	" -";
 	" Синтаксис:  SVSKILL <пользователь> :<причина>";
 	" Пример:     SVSKILL Lamer21 :Goodbye";
-};
+}
 
 help Svsnoop {
 	" Включает или отключает режим IRC оператора";
@@ -1265,7 +1252,7 @@ help Svsnoop {
 	" -";
 	" Синтаксис:  SVSNOOP <сервер> <+/->";
 	" Пример:     SVSNOOP leaf.* -";
-};
+}
 
 help Svsjoin {
 	" Заставляет пользователя войти в указанный канал.";
@@ -1274,7 +1261,7 @@ help Svsjoin {
 	" Синтаксис:  SVSJOIN <ник> <канал>[,<канал2>..] [ключ1[,ключ2[..]]]";
 	" Пример:     SVSJOIN hAtbLaDe #jail";
 	"             SVSJOIN hAtbLaDe #jail,#zoo";
-};
+}
 
 help Svspart {
 	" Заставляет пользователя покинуть канал.";
@@ -1284,7 +1271,7 @@ help Svspart {
 	" Пример:     SVSPART hAtbLaDe #Hanson";
 	"             SVSPART hAtbLaDe #Hanson,#AOL";
 	"             SVSPART hAtbLaDe #Hanson,#AOL You must leave";
-};
+}
 
 help Svso {
 	" Даёт пользователю Operflags как описано в O:lines.";
@@ -1294,7 +1281,7 @@ help Svso {
 	" Синтаксис:  SVSO <nick> <+operflags> (Добавляет Operflags)";
 	"             SVSO <nick> - (Снимает все O:Line флаги)";
 	" Пример:     SVSO SomeNick +bBkK";
-};
+}
 
 help Swhois {
 	" Изменяет сообщение WHOIS для указанного ника.";
@@ -1303,7 +1290,7 @@ help Swhois {
 	" Синтаксис:  SWHOIS <ник> :<сообщение> (Устанавливает SWHOIS)";
 	"             SWHOIS <ник> :  (Сбрасывает SWHOIS)";
 	" Пример:     SWHOIS SomeNick :is a lamer";
-};
+}
 
 help Sqline {
 	" Накладывает бан на указанный ник или маску.";
@@ -1311,7 +1298,7 @@ help Sqline {
 	" -";
 	" Синтаксис:  SQLINE <маска> :<причина>";
 	" Пример:     SQLINE *Bot* :No bots";
-};
+}
 
 help Unsqline {
 	" Снимает бан с указанного ника или маски";
@@ -1319,7 +1306,7 @@ help Unsqline {
 	" -";
 	" Синтаксис:  UNSQLINE <маска>";
 	" Пример:     UNSQLINE *Bot*";
-};
+}
 
 help Svs2mode {
 	" Изменяет режимы указанного пользователя и уведомляет его";
@@ -1328,7 +1315,7 @@ help Svs2mode {
 	" -";
 	" Синтаксис:  SVS2MODE <ник> <режимы>";
 	" Пример:     SVS2MODE hAtbLaDe +h";
-};
+}
 
 help Svsfline {
 	" Добавляет маску файла к DCCDENY";
@@ -1337,7 +1324,7 @@ help Svsfline {
 	" Синтаксис: :server SVSFLINE + file :reason (Добавляет имя файла)";
 	"            :server SVSFLINE - file (Удаляет имя файла)";
 	"            :server SVSFLINE *      (Очищает список DCCDENY)";
-};
+}
 
 help Svsmotd {
 	" Изменяет MOTD у сервисов.";
@@ -1346,7 +1333,7 @@ help Svsmotd {
 	"             SVSMOTD !          (Удаляет текущий MOTD)";
 	"             SVSMOTD ! :<текст> (Замещает текущий новым MOTD)";
 	" Пример:     SVSMOTD # :Services MOTD";
-};
+}
 
 help Svsnline {
 	" Создаёт глобальный бан на основе реального имени.";
@@ -1358,7 +1345,7 @@ help Svsnline {
 	"	      SVSNLINE - :<имя> (чтобы удалить бан)";
 	"	      SVSNLINE * (очистить все баны)";
 	" Пример:     SVSNLINE + sub7_drone :*sub7*";
-};
+}
 
 help Svslusers {
 	" Изменяет общее и/или локальное максимальное количество";
@@ -1367,15 +1354,15 @@ help Svslusers {
 	" Должно использоваться через сервер, описанный в U:Lines.";
 	" -";
 	" Синтаксис:  SVSLUSERS <сервер> <globalmax|-1> <localmax|-1>";
-	" Пример:     SVSLUSERS irc.test.com -1 200";
-};
+	" Пример:     SVSLUSERS irc.example.org -1 200";
+}
 
 help Svswatch {
 	" Изменяет список WATCH у указанного пользователя.";
 	" Должно использоваться через сервер, описанный в U:Lines.";
 	" Синтаксис: SVSWATCH <имя> :<параметры>";
 	" Пример:    SVSWATCH Blah :+Blih!*@* +Bluh!*@* +Bleh!*@*.com";
-};
+}
 
 help Svssilence {
 	" Изменяет список SILENCE у указанного пользователя.";
@@ -1384,7 +1371,7 @@ help Svssilence {
 	" несколько записей одной командой.";
 	" Синтаксис: SVSSILENCE <имя> :<параметры>";
 	" Пример:    SVSSILENCE Blah :+*!*@*.com +*!*@*.bla.co.uk";
-};
+}
 
 help Svssno {
 	" Изменяет snomask для указанного ника.";
@@ -1392,7 +1379,7 @@ help Svssno {
 	" -";
 	" Синтаксис:  SVSSNO <ник> <snomasks>";
 	" Пример:     SVSSNO joe +Gc";
-};
+}
 
 help Svs2sno {
 	" Изменяет snomask для указанного ника и уведомляет пользователя";
@@ -1401,7 +1388,7 @@ help Svs2sno {
 	" -";
 	" Синтаксис:  SVS2SNO <ник> <snomasks>";
 	" Пример:     SVS2SNO joe +Gc";
-};
+}
 
 help Svsnolag {
 	" Включает 'no fake lag' для указанного пользователя.";
@@ -1409,7 +1396,7 @@ help Svsnolag {
 	" -";
 	" Синтаксис:  SVSNOLAG [+|-] <ник>";
 	" Пример:     SVSNOLAG + joe";
-};
+}
 
 help Svs2nolag {
 	" Включает 'no fake lag' для указанного пользователя.";
@@ -1417,7 +1404,7 @@ help Svs2nolag {
 	" -";
 	" Синтаксис:  SVS2NOLAG [+|-] <ник>";
 	" Пример:     SVS2NOLAG + joe";
-};
+}
 
 
 help Spamfilter {
@@ -1439,7 +1426,6 @@ help Spamfilter {
 	"           сообщение), 'dccblock' (блокирует любой dccs), 'viruschan'";
 	"           (покинуть все каналы и войти в канал помощи),";
 	"           'warn' (уведомляет операторов).";
-	" [regex]   регулярное выражение, блокируемое фильтром";
 	" [tkltime] длительность применяемого фильтром действия (указание '-'";
 	"           включает значение из set::spamfilter::ban-time, но для";
         "           block/tempshun этот параметр игнорируется.);";
@@ -1447,6 +1433,7 @@ help Spamfilter {
         "           ПРОБЕЛОВ, '_' будут преобразованы в пробелы. Если в качестве";
         "           причины указать '-', будет использовано значение";
         "           по-умолчанию из set::spamfilter::ban-reason.";
+	" [regex]   регулярное выражение, блокируемое фильтром";
 	" - ";
 	" Примеры:";
 	" /spamfilter add p block - - Come watch me on my webcam";
@@ -1457,7 +1444,7 @@ help Spamfilter {
 	" /spamfilter add p kill - Please_go_to_www.viruscan.xx/nicepage/virus=blah Come watch me on my webcam";
 	" /spamfilter del p block - - Come watch me on my webcam*";
 	" /spamfilter add cN gzline 1d No_advertising_please come to irc\..+\..+";
-};
+}
 
 help Tempshun {
 	" Добавляет/удаляет 'временный shun'.";
@@ -1468,23 +1455,23 @@ help Tempshun {
 	" Синтаксис:  TEMPSHUN [+|-]<ник> [причина]";
 	" Пример:     TEMPSHUN evilguy suspected infection";
 	"             TEMPSHUN -niceguy";
-};
+}
 
 help DccAllow {
 	" Для получения помощи по системе DCCALLOW, введите '/DCCALLOW HELP'";
-};
+}
 
 help Addmotd {
 	" Добавляет линию в конец MOTD (сообщение дня)";
 	" -";
 	" Синтаксис:  ADDMOTD <текст>";
 	" Пример:     ADDMOTD Удачного общения!";
-};
+}
  	 
 help Addomotd {
 	" Добавляет линию в конец OPERMOTD (сообщение дня для операторов)";
 	" -";
 	" Синтаксис:  ADDOMOTD <текст>";
 	" Пример:     ADDOMOTD Согрешите и потеряйте операторство!";
-};
+}
 

doc/conf/modules.default.conf

@@ -29,115 +29,116 @@ loadmodule "cloak";
 // User commands (MINIMAL)
 // These provide just the minimal set of IRC commands that are
 // required by RFC1459 along with WATCH and MAP.
-loadmodule "m_admin";
-loadmodule "m_away";
-loadmodule "m_invite";
-loadmodule "m_ison";
-loadmodule "m_join";
-loadmodule "m_kick";
-loadmodule "m_links";
-loadmodule "m_list";
-loadmodule "m_lusers";
-loadmodule "m_map";
-loadmodule "m_message";
-loadmodule "m_mode";
-loadmodule "m_motd";
-loadmodule "m_names";
-loadmodule "m_nick";
-loadmodule "m_part";
-loadmodule "m_pass";
-loadmodule "m_pingpong";
-loadmodule "m_protoctl";
-loadmodule "m_quit";
-loadmodule "m_rules";
-loadmodule "m_topic";
-loadmodule "m_user";
-loadmodule "m_userhost";
-loadmodule "m_watch";
-loadmodule "m_who";
-loadmodule "m_whois";
-loadmodule "m_whowas";
+loadmodule "admin";
+loadmodule "away";
+loadmodule "invite";
+loadmodule "ison";
+loadmodule "join";
+loadmodule "kick";
+loadmodule "links";
+loadmodule "list";
+loadmodule "lusers";
+loadmodule "map";
+loadmodule "message";
+loadmodule "mode";
+loadmodule "motd";
+loadmodule "names";
+loadmodule "nick";
+loadmodule "part";
+loadmodule "pass";
+loadmodule "pingpong";
+loadmodule "protoctl";
+loadmodule "quit";
+loadmodule "rules";
+loadmodule "topic";
+loadmodule "user";
+loadmodule "userhost";
+loadmodule "watch";
+loadmodule "whox";
+loadmodule "whois";
+loadmodule "whowas";
 
 // User commands (EXTENDED)
 // These are commands that provide extended functionality.
-loadmodule "m_botmotd";
-loadmodule "m_cap";
-loadmodule "m_cycle";
-loadmodule "m_dccallow";
-loadmodule "m_help";
-loadmodule "m_knock";
-loadmodule "m_lag";
-loadmodule "m_sasl";
-loadmodule "m_setname";
-loadmodule "m_silence";
-loadmodule "m_starttls";
-loadmodule "m_time";
-loadmodule "m_userip";
-loadmodule "m_vhost";
+loadmodule "botmotd";
+loadmodule "cap";
+loadmodule "cycle";
+loadmodule "dccallow";
+loadmodule "help";
+loadmodule "knock";
+loadmodule "lag";
+loadmodule "sasl";
+loadmodule "setname";
+loadmodule "silence";
+loadmodule "starttls";
+loadmodule "time";
+loadmodule "userip";
+loadmodule "vhost";
+loadmodule "history";
 
 // IRC Operator commands
-// Note: several of these like m_kill are also server-to-server commands
+// Note: several of these like kill are also server-to-server commands
 // which are required if you link to other servers.
-loadmodule "m_addmotd";
-loadmodule "m_addomotd";
-loadmodule "m_chghost";
-loadmodule "m_chgident";
-loadmodule "m_chgname";
-loadmodule "m_close";
-loadmodule "m_connect";
-loadmodule "m_squit";
-loadmodule "m_dccdeny";
-loadmodule "m_globops";
-loadmodule "m_kill"; /* also server-to-server */
-loadmodule "m_locops";
-loadmodule "m_mkpasswd";
-loadmodule "m_oper";
-loadmodule "m_opermotd";
-loadmodule "m_sajoin";
-loadmodule "m_samode";
-loadmodule "m_sapart";
-loadmodule "m_sdesc";
-loadmodule "m_sethost";
-loadmodule "m_setident";
-loadmodule "m_stats";
-loadmodule "m_tkl"; /* also server-to-server */
-loadmodule "m_trace";
-loadmodule "m_tsctl";
-loadmodule "m_undccdeny";
-loadmodule "m_unsqline";
-loadmodule "m_wallops";
+loadmodule "addmotd";
+loadmodule "addomotd";
+loadmodule "chghost";
+loadmodule "chgident";
+loadmodule "chgname";
+loadmodule "close";
+loadmodule "connect";
+loadmodule "squit";
+loadmodule "dccdeny";
+loadmodule "globops";
+loadmodule "kill"; /* also server-to-server */
+loadmodule "locops";
+loadmodule "mkpasswd";
+loadmodule "oper";
+loadmodule "opermotd";
+loadmodule "sajoin";
+loadmodule "samode";
+loadmodule "sapart";
+loadmodule "sdesc";
+loadmodule "sethost";
+loadmodule "setident";
+loadmodule "stats";
+loadmodule "tkl"; /* also server-to-server */
+loadmodule "trace";
+loadmodule "tsctl";
+loadmodule "unsqline";
+loadmodule "wallops";
 loadmodule "jumpserver";
 
 // Server-to-server commands
 // Don't remove these, unless you never link to other servers.
-loadmodule "m_eos";
-loadmodule "m_md";
-loadmodule "m_netinfo";
-loadmodule "m_server";
-loadmodule "m_sjoin";
-loadmodule "m_sqline";
-loadmodule "m_swhois";
-loadmodule "m_umode2";
+loadmodule "eos";
+loadmodule "md";
+loadmodule "netinfo";
+loadmodule "server";
+loadmodule "sjoin";
+loadmodule "sqline";
+loadmodule "swhois";
+loadmodule "umode2";
+loadmodule "sinfo";
+loadmodule "require-module";
 
 // Services commands
 // You could disable these if you don't use Services
 // https://www.unrealircd.org/docs/Services
-loadmodule "m_sendsno";
-loadmodule "m_sendumode";
-loadmodule "m_svsfline";
-loadmodule "m_svsjoin";
-loadmodule "m_svskill";
-loadmodule "m_svslusers";
-loadmodule "m_svsmode";
-loadmodule "m_svsmotd";
-loadmodule "m_svsnick";
-loadmodule "m_svsnline";
-loadmodule "m_svsnolag";
-loadmodule "m_svsnoop";
-loadmodule "m_svspart";
-loadmodule "m_svssilence";
-loadmodule "m_svssno";
-loadmodule "m_svswatch";
+loadmodule "sendsno";
+loadmodule "sendumode";
+loadmodule "svsjoin";
+loadmodule "svskill";
+loadmodule "svslusers";
+loadmodule "svsmode";
+loadmodule "svsmotd";
+loadmodule "svsnick";
+loadmodule "svsnline";
+loadmodule "svsnolag";
+loadmodule "svsnoop";
+loadmodule "svspart";
+loadmodule "svssilence";
+loadmodule "svssno";
+loadmodule "svswatch";
 
 
 /*** Channel modes ***/
@@ -159,6 +160,7 @@ loadmodule "chanmodes/nonickchange"; /* +N */
 loadmodule "chanmodes/nokick"; /* +Q */
 loadmodule "chanmodes/regonlyspeak"; /* +M */
 loadmodule "chanmodes/secureonly"; /* +z */
+loadmodule "chanmodes/history"; /* +H */
 
 
 /*** User modes ***/
@@ -183,7 +185,6 @@ loadmodule "extbans/join"; /* +b ~j (prevent only joins) */
 loadmodule "extbans/quiet"; /* +b ~q (prevent only messaging) */
 loadmodule "extbans/nickchange"; /* +b ~n (prevent only nick changes) */
 loadmodule "extbans/realname"; /* +b ~r (ban by real name) */
-loadmodule "extbans/regnick"; /* +b ~R (ban/exempt if using registered nick) */
 loadmodule "extbans/account"; /* +b ~a (ban/exempt if logged in with services account) */
 loadmodule "extbans/inchannel"; /* +b ~c (ban/exempt if in channel) */
 loadmodule "extbans/operclass"; /* +b ~O (ban/exempt by operclass) */
@@ -191,20 +192,46 @@ loadmodule "extbans/certfp"; /* +b ~S (ban/exempt by certfp) */
 loadmodule "extbans/textban"; /* +b ~T (censor or block text) */
 loadmodule "extbans/msgbypass"; /* +e ~m (bypass message restrictions) */
 loadmodule "extbans/timedban"; /* +b ~t (timed bans / temporary bans) */
+loadmodule "extbans/partmsg"; /* +b ~p (hide part/quit message) */
+loadmodule "extbans/securitygroup"; /* +b ~G (security group) */
 
 
-/*** CAP modules ***/
-loadmodule "cap/sts"; /* strict transport policy (set::ssl::sts-policy) */
-loadmodule "cap/plaintext-policy"; /* plaintext-policy announce */
-loadmodule "cap/link-security"; /* link-security announce */
+/** IRCv3 extensions */
+loadmodule "account-notify"; /* send ACCOUNT message upon services account login */
+loadmodule "message-tags"; /* add tags to messages, required for various IRCv3 features */
+loadmodule "batch"; /* also required for several IRCv3 features */
+loadmodule "server-time"; /* adds server timestamp to various messages */
+loadmodule "message-ids"; /* adds unique msgid to various messages */
+loadmodule "account-tag"; /* adds services account information to messages */
+loadmodule "echo-message"; /* shows clients if their messages are altered/filtered */
+loadmodule "labeled-response"; /* correlate requests and responses easily */
+loadmodule "bot-tag"; /* indicate the message comes from a bot (draft/bot) */
+loadmodule "typing-indicator"; /* typing indicator in PM and channels (+typing) */
+loadmodule "reply-tag"; /* indicate to which message you are responding (+draft/reply) */
+loadmodule "clienttagdeny"; /* informs clients about supported client-only message tags */
+loadmodule "sts"; /* strict transport policy (set::tls::sts-policy) */
+loadmodule "link-security"; /* link-security announce */
+loadmodule "plaintext-policy"; /* plaintext-policy announce */
+loadmodule "chathistory"; /* CHATHISTORY client command, 005 and a CAP (draft) */
+
 
 /*** Other ***/
 // These are modules that don't fit in any of the previous sections
-
-loadmodule "certfp"; /* SSL certificate fingerprint in /WHOIS (& more) */
-loadmodule "ssl_antidos"; /* prevent SSL DoS (renegotiate floods) */
-loadmodule "m_nopost"; /* Block POST commands (Firefox XPS IRC Attack) */
+loadmodule "ident_lookup"; /* Ident lookups if set::options::identd-check is set*/
+loadmodule "certfp"; /* SSL/TLS certificate fingerprint in /WHOIS (& more) */
+loadmodule "tls_antidos"; /* prevent TLS DoS (renegotiate floods) */
 loadmodule "webirc"; /* WEBIRC command. See webirc block. */
 loadmodule "blacklist"; /* Blacklist support (DNSBL). See blacklist block. */
 loadmodule "jointhrottle"; /* set::anti-flood::join-flood (previously chanmode +j) */
 loadmodule "charsys"; /* Provides set::allowed-nickchars (must always be loaded!) */
+loadmodule "authprompt"; /* Authentication prompt, see set::authentication-prompt */
+loadmodule "history_backend_mem"; /* History storage backend (used by chanmodes/history) */
+loadmodule "tkldb"; /* Write TKLines to .db file */
+loadmodule "channeldb"; /* Write channel settings to .db file (+P channels only) */
+loadmodule "rmtkl"; /* Easily remove *-Lines in bulk with /RMTKL */
+loadmodule "restrict-commands"; /* Provides set::restrict-commands settings */
+loadmodule "reputation"; /* used by Connthrottle and others, see next */
+loadmodule "connthrottle"; /* see https://www.unrealircd.org/docs/Connthrottle */
+loadmodule "userip-tag"; /* unrealircd.org/userip tag for ircops */
+loadmodule "userhost-tag"; /* unrealircd.org/userhost tag for ircops */
+loadmodule "targetfloodprot"; /* set::anti-flood::target-flood protection */

doc/conf/modules.optional.conf

@@ -15,12 +15,12 @@
 
 // This add the /IRCOPS command: A more visual way for users
 // to see which IRCOps are online.
-loadmodule "m_ircops";
+loadmodule "ircops";
 
 // This adds the /STAFF command: This command simply displays
 // a text file that you can configure here:
-loadmodule "m_staff";
-set { staff-file "network.staff"; };
+loadmodule "staff";
+set { staff-file "network.staff"; }
 
 
 /*** Channel modes ***/
@@ -36,7 +36,8 @@ loadmodule "nocodes";
 // The hideserver module will hide /MAP and /LINKS to regular users.
 // It does not truly enhance security as server names can still be
 // seen at other places.
-loadmodule "hideserver";
+// Comment out the following line to enable this:
+// loadmodule "hideserver";
 
 // The antirandom module will kill or *line users that have a nick,
 // ident and/or realname that is considered "random".
@@ -124,9 +125,9 @@ set {
 		 * NOTE: Use the REAL host or IP here, not any cloaked hosts!
 		 */
 		except-hosts {
-			mask 192.168.*;
-			mask 127.*;
-		};
+			mask 192.168.0.0/16;
+			mask 127.0.0.0/8;
+		}
 
 		/* EXCEPT-WEBIRC:
 		 * This will make antirandom not check connections from WEBIRC gateways.
@@ -135,13 +136,48 @@ set {
 		 * default is 'yes'.
 		 */
 		except-webirc yes;
-	};
-};
+	}
+}
+
+// This module will send a HTTP 301 redirect to any client which sends
+// a HTTP request to us. This is commented out by default:
+//loadmodule "webredir";
+//set {
+//	webredir {
+//		url "https://...";
+//	}
+//}
 
 // This adds websocket support. For more information, see:
 // https://www.unrealircd.org/docs/WebSocket_support
 loadmodule "websocket";
 
-// This adds support for WHOX
-// This is currently experimental!
-loadmodule "m_whox";
+// This module will detect and stop spam containing of characters of
+// mixed "scripts", where (for example) some characters are in
+// Latin script and other characters are in Cyrillic script.
+loadmodule "antimixedutf8";
+set {
+	antimixedutf8 {
+		/* Take action at this 'score' (lower = more sensitive)
+		 *
+		 * A score of 2 or 3 will catch a lot but also
+		 * catch innocent users who are not using a pure
+		 * Latin script, such as Russian people who
+		 * commonly use a mix of Latin and Cyrillic.
+		 *
+		 * A score of 8 is a safe default.
+		 */
+		score 8;
+
+		/* Action to take, see:
+		 * https://www.unrealircd.org/docs/Actions
+		 */
+		ban-action block;
+
+		/* Block/kill/ban reason (sent to user) */
+		ban-reason "Mixed character spam";
+
+		/* Duration of ban (does not apply to block/kill) */
+		ban-time 4h; // For other types
+	}
+}

doc/conf/modules.sources.list

@@ -0,0 +1,21 @@
+#
+# This file contains the list of repositories that are used
+# by the './unrealircd module' command.
+# Note that 3rd party modules are NOT written by the UnrealIRCd team.
+# Use such modules at your own risk. In case of problems, contact
+# the module author. For more information, see:
+# https://www.unrealircd.org/docs/Module_manager
+#
+
+#
+# This is the unrealircd-contrib repository which is added by default in
+# UnrealIRCd 5 to make it easy for users to install 3rd party modules.
+# If you are a module coder and want to add your module to this repository
+# as well, then read the rules and procedure at:
+# https://www.unrealircd.org/docs/Rules_for_3rd_party_modules_in_unrealircd-contrib
+#
+https://modules.unrealircd.org/modules.list
+
+# You can add more repositories here. However, do note that all
+# URLs MUST start with https://
+

doc/conf/operclass.default.conf

@@ -6,9 +6,11 @@
  *
  * The operclass block is extensively documented at:
  * https://www.unrealircd.org/docs/Operclass_block
+ * And the permissions itself (operclass::permissions) at:
+ * https://www.unrealircd.org/docs/Operclass_permissions
  *
  * DO NOT EDIT THIS FILE! IT WILL BE OVERWRITTEN DURING NEXT UPGRADE!!
- * Instead, if you want to change the privileges in an operclass block,
+ * Instead, if you want to change the permissions in an operclass block,
  * you should copy the definition, or this entire file, to either your
  * unrealircd.conf or some other file (eg: operclass.conf) that you
  * you will include from your unrealircd.conf.
@@ -18,147 +20,125 @@
 
 /* Local IRC Operator */
 operclass locop {
-	privileges {
-		privacy;
+	permissions {
 		chat;
-		channel;
-		client;
+		channel { operonly; override { flood; } }
+		client { see; }
 		immune;
-		self;
-		notice { local; };
-		server { opermotd; info; close; module; dns; rehash; };
-		route { local; };
-		kill { local; };
-		tkl {
+		self { getbaddcc; opermodes; set; }
+		server { opermotd; info; close; module; dns; rehash; }
+		route { local; }
+		kill { local; }
+		server-ban {
 			kline;
-			zline { local; };
-		};
-		trace { local; invisible-users; };
-		map;
-	};
-};
+			zline { local; }
+		}
+	}
+}
 
 /* Global IRC Operator */
 operclass globop {
-	privileges {
-		privacy;
+	permissions {
 		chat;
-		channel;
+		channel { operonly; see; override { flood; } }
 		client;
 		immune;
-		notice;
-		self;
-		server { opermotd; info; close; remote; module; dns; rehash; };
+		self { getbaddcc; opermodes; set; }
+		server { opermotd; info; close; module; dns; rehash;
+		         remote; tsctl { view; } }
 		route;
 		kill;
-		tkl { shun; zline; kline; gline; };
-		trace;
-		who;
-		override { see; };
-		map;
-	};
-};
+		server-ban { dccdeny; shun; zline; kline; gline; }
+	}
+}
 
 /* Server administrator */
 operclass admin {
-	privileges {
-		privacy;
+	permissions {
 		chat;
-		channel;
+		channel { operonly; see; override { flood; } }
 		client;
 		immune;
-		notice;
-		self;
-		server { opermotd; info; close; remote; module; dns; addline; rehash; description; addmotd; addomotd; tsctl; };
+		self { getbaddcc; opermodes; set; }
+		server { opermotd; info; close; module; dns; rehash;
+		         remote; description; addmotd;
+		         addomotd; tsctl { view; } }
 		route;
 		kill;
-		tkl { shun; zline; kline; gline; };
-		spamfilter;
-		trace;
-		who;
-		override { see; };
-		map;
-	};
-};
+		server-ban;
+	}
+}
 
 /* Services Admin */
 operclass services-admin {
-	privileges {
-		privacy;
+	permissions {
 		chat;
-		channel;
+		channel { operonly; see; override { flood; } }
 		client;
 		immune;
-		notice;
-		self;
-		server { opermotd; info; close; remote; module; dns; addline; rehash; description; addmotd; addomotd; tsctl; };
+		self { getbaddcc; opermodes; set; }
+		server { opermotd; info; close; module; dns; rehash;
+		         remote; description; addmotd;
+		         addomotd; tsctl { view; } }
 		route;
 		kill;
-		tkl { shun; zline; kline; gline; };
-		spamfilter;
-		trace;
-		who;
-		sajoin;
-		sapart;
-		samode;
-		override { see; };
-	};
-};
+		server-ban;
+		sacmd;
+		services;
+	}
+}
 
 /* Network Administrator */
 operclass netadmin {
-	privileges {
-		privacy;
+	permissions {
 		chat;
-		channel;
+		channel { operonly; see; override { flood; } }
 		client;
 		immune;
-		notice;
-		self;
-		server { opermotd; info; close; remote; module; dns; addline; rehash; description; addmotd; addomotd; tsctl; };
-		kill;
-		tkl { shun; zline; kline; gline; };
+		self { getbaddcc; opermodes; set; }
+		server { opermotd; info; close; module; dns; rehash;
+		         remote; description; addmotd;
+		         addomotd; tsctl; }
 		route;
-		spamfilter;
-		trace;
-		who;
-		sajoin;
-		sapart;
-		samode;
-		servicebot { deop; kill; };
-		override { see; };
-		map;
-	};
-};
+		kill;
+		server-ban;
+		sacmd;
+		services;
+	}
+}
 
 /* Same as 'globop' operclass, but with OperOverride capabilities added */
 operclass globop-with-override {
 	parent globop;
-	privileges {
-		override;
-	};
-};
+	permissions {
+		channel { operonly; see; override; }
+		self { getbaddcc; opermodes; set; unkickablemode; }
+	}
+}
 
 /* Same as 'admin' operclass, but with OperOverride capabilities added */
 operclass admin-with-override {
 	parent admin;
-	privileges {
-		override;
-	};
-};
+	permissions {
+		channel { operonly; see; override; }
+		self { getbaddcc; opermodes; set; unkickablemode; }
+	}
+}
 
 /* Same as 'services-admin' operclass, but with OperOverride capabilities added */
 operclass services-admin-with-override {
 	parent services-admin;
-	privileges {
-		override;
-	};
-};
+	permissions {
+		channel { operonly; see; override; }
+		self { getbaddcc; opermodes; set; unkickablemode; }
+	}
+}
 
 /* Same as 'netadmin' operclass, but with OperOverride capabilities added */
 operclass netadmin-with-override {
 	parent netadmin;
-	privileges {
-		override;
-	};
-};
+	permissions {
+		channel { operonly; see; override; }
+		self { getbaddcc; opermodes; set; unkickablemode; }
+	}
+}

doc/conf/spamfilter.conf

@@ -1,232 +1,154 @@
 /*
- * This an example spamfilter file, it contains several
- * real and useful spamfilters. This should give you an
- * idea of how powerful spamfilter can be in real-life
- * situations.
+ * This configuration file contains example spamfilter rules.
+ * They are real rules that were useful a long time ago.
+ * Since 2005 these rules are no longer maintained.
+ * The main purpose nowadays is to serve as an example
+ * to give you an idea of how powerful spamfilters can
+ * be in real-life situations.
  *
- * $Id$
+ * Documentation on spamfilter is available at:
+ * https://www.unrealircd.org/docs/Spamfilter
  */
 
-/* Guidelines on the 'action' field:
- * As a general rule we use 'action block' for any newly added
- * spamfilters at first, later on (after knowing about false
- * positives) we might change some to viruschan/kill/gline/etc..
+/* General note:
+ * If you want to use a \ in a spamfilter, or in fact
+ * anywhere in the configuration file, then you need
+ * to escape this to \\ instead.
+ */
+
+
+/* First some spamfilters with match-type 'simple'.
+ * The only matchers available are * and ?
+ * PRO's: very fast, easy matching: everyone can do this.
+ * CON's: limited ability to fine-tune spamfilters
  */
 
 spamfilter {
-	match-type posix;
-	match "\x01DCC (SEND|RESUME)[ ]+\"(.+ ){20}";
-	target { private; channel; };
-	action kill;
-	reason "mIRC 6.0-6.11 exploit attempt";
-};
-
-spamfilter {
-	match-type posix;
-	match "\x01DCC (SEND|RESUME).{225}";
-	target { private; channel; };
-	action kill;
-	reason "Possible mIRC 6.12 exploit attempt";
-};
-
-spamfilter {
-	match-type posix;
-	match "Come watch me on my webcam and chat /w me :-\) http://.+:\d+/me\.mpg";
+	match-type simple;
+	match "Come watch me on my webcam and chat /w me :-) http://*:*/me.mpg";
 	target private;
 	action gline;
 	reason "Infected by fyle trojan: see http://www.sophos.com/virusinfo/analyses/trojfylexa.html";
-};
+}
 
+/* This signature uses a \ which has to escaped to \\ in the configuration file */
 spamfilter {
-	match-type posix;
-	match "Speed up your mIRC DCC Transfer by up to 75%.*www\.freewebs\.com/mircupdate/mircspeedup\.exe";
-	target private;
-	action gline;
-	reason "Infected by mirseed trojan: see http://www.sophos.com/virusinfo/analyses/trojmirseeda.html";
-};
-
-spamfilter {
-	match-type posix;
-	match "^http://www\.angelfire\.com/[a-z0-9]+/[a-z0-9]+/[a-z_]+\.jpg <- .*!";
-	target private;
-	action block;
-	reason "Infected by fagot worm: see http://www.f-secure.com/v-descs/fagot.shtml";
-};
-
-spamfilter {
-	match-type posix;
-	match "^FREE PORN: http://free:porn@([0-9]{1,3}\.){3}[0-9]{1,3}:8180$";
-	target private;
-	action gline;
-	reason "Infected by aplore worm: see http://www.f-secure.com/v-descs/aplore.shtml";
-};
-
-spamfilter {
-	match-type posix;
-	match "^!login Wasszup!$";
-	target channel;
-	action gline;
-	reason "Attempting to login to a GTBot";
-};
-
-spamfilter {
-	match-type posix;
-	match "^!login grrrr yeah baby!$";
-	target channel;
-	action gline;
-	reason "Attempting to login to a GTBot";
-};
-
-spamfilter {
-	match-type posix;
-	match "^!packet ([0-9]{1,3}\.){3}[0-9]{1,3} [0-9]{1,15}";
-	target channel;
-	action gline;
-	reason "Attempting to use a GTBot";
-};
-
-spamfilter {
-	match-type posix;
-	match "^!icqpagebomb ([0-9]{1,15} ){2}.+";
-	target channel;
-	action gline;
-	reason "Attempting to use a GTBot";
-};
-
-spamfilter {
-	match-type posix;
-	match "^!pfast [0-9]{1,15} ([0-9]{1,3}\.){3}[0-9]{1,3} [0-9]{1,5}$";
-	target channel;
-	action gline;
-	reason "Attempting to use a GTBot";
-};
-
-spamfilter {
-	match-type posix;
-	match "^!portscan ([0-9]{1,3}\.){3}[0-9]{1,3} [0-9]{1,5} [0-9]{1,5}$";
-	target channel;
-	action gline;
-	reason "Attempting to use a GTBot";
-};
-
-spamfilter {
-	match-type posix;
-	match "^.u(dp)? ([0-9]{1,3}\.){3}[0-9]{1,3} [0-9]{1,15} [0-9]{1,15} [0-9]{1,15}( [0-9])*$";
-	target channel;
-	action gline;
-	reason "Attempting to use an SDBot";
-};
-
-spamfilter {
-	match-type posix;
-	match "^.syn ((([0-9]{1,3}\.){3}[0-9]{1,3})|([a-zA-Z0-9_-]+\.[a-zA-Z0-9_-]+\.[a-zA-Z0-9_.-]+)) [0-9]{1,5} [0-9]{1,15} [0-9]{1,15}";
-	target { channel; private; };
-	action gline;
-	reason "Attempting to use a SpyBot";
-};
-
-spamfilter {
-	match-type posix;
-	match "^porn! porno! http://.+\/sexo\.exe";
-	target private;
-	action gline;
-	reason "Infected by soex trojan: see http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FSOEX.A";
-};
-
-spamfilter {
-	match-type posix;
-	match "(^wait a minute plz\. i am updating my site|.*my erotic video).*http://.+/erotic(a)?/myvideo\.exe$";
-	target private;
-	action gline;
-	reason "Infected by some trojan (erotica?)";
-};
-
-spamfilter {
-	match-type posix;
-	match "^STOP SPAM, USE THIS COMMAND: //write nospam \$decode\(.+\) \| \.load -rs nospam \| //mode \$me \+R$";
-	target private;
-	action gline;
-	reason "Infected by nkie worm: see http://www.trojaninfo.com/nkie/nkie.htm";
-};
-
-spamfilter {
-	match-type posix;
-	match "^FOR MATRIX 2 DOWNLOAD, USE THIS COMMAND: //write Matrix2 \$decode\(.+=,m\) \| \.load -rs Matrix2 \| //mode \$me \+R$";
-	target private;
-	action gline;
-	reason "Infected by nkie worm: see http://www.trojaninfo.com/nkie/nkie.htm";
-};
-
-spamfilter {
-	match-type posix;
-	match "^hey .* to get OPs use this hack in the chan but SHH! //\$decode\(.*,m\) \| \$decode\(.*,m\)$";
-	target private;
-	action gline;
-	reason "Infected by nkie worm: see http://www.trojaninfo.com/nkie/nkie.htm";
-};
-
-spamfilter {
-	match-type posix;
-	match ".*(http://jokes\.clubdepeche\.com|http://horny\.69sexy\.net|http://private\.a123sdsdssddddgfg\.com).*";
-	target private;
-	action gline;
-	reason "Infected by LOI trojan";
-};
-
-/* This is a 'general sig' which might have a tad more false positives, hence just 'block' is used */
-spamfilter {
-	match-type posix;
-	match "C:\\WINNT\\system32\\[][0-9a-z_-{|}`]+\.zip";
+	match-type simple;
+	match "C:\\WINNT\\system32\\*.zip";
 	target dcc;
 	action block;
 	reason "Infected by Gaggle worm?";
-};
+}
 
 spamfilter {
-	match-type posix;
-	match "C:\\WINNT\\system32\\(notes|videos|xxx|ManualSeduccion|postal|hechizos|images|sex|avril)\.zip";
-	target dcc;
-	action dccblock;
-	reason "Infected by Gaggle worm";
-};
-
-spamfilter {
-	match-type posix;
-	match "http://.+\.lycos\..+/[iy]server[0-9]/[a-z]{4,11}\.(gif|jpg|avi|txt)";
-	target { private; quit; };
-	action block;
-	reason "Infected by Gaggle worm";
-};
-
-spamfilter {
-	match-type posix;
-	match "^Free porn pic.? and movies (www\.sexymovies\.da\.ru|www\.girlporn\.org)";
+	match-type simple;
+	match "Speed up your mIRC DCC Transfer by up to 75%*www.freewebs.com/mircupdate/mircspeedup.exe";
 	target private;
-	action block;
-	reason "Unknown virus. Site causes Backdoor.Delf.lq infection";
-};
+	action gline;
+	reason "Infected by mirseed trojan: see http://www.sophos.com/virusinfo/analyses/trojmirseeda.html";
+}
 
 spamfilter {
-	match-type posix;
-	match "^LOL! //echo -a \$\(\$decode\(.+,m\),[0-9]\)$";
-	target channel;
-	action block;
-	reason "$decode exploit";
-};
+	match-type simple;
+	match "STOP SPAM, USE THIS COMMAND: //write nospam $decode(*) | .load -rs nospam | //mode $me +R";
+	target private;
+	action gline;
+	reason "Infected by nkie worm: see http://www.trojaninfo.com/nkie/nkie.htm";
+}
 
-/*
-spamfilter {
-	regex "//write \$decode\(.+\|.+load -rs";
-	target { private; channel; };
-	reason "Generic $decode exploit";
-	action block;
-};
-*/
 
+/* Now spamfilters of type 'regex'.
+ * These use powerful regular expressions (Perl/PCRE style)
+ * You may have to learn more about "regex" first before you
+ * can use them. For example the dot ('.') has special meaning.
+ */
+
+/* This regex shows a pattern which requires 20 paramaters,
+ * such as "x x x x x x x x x x x x x x x x x x x x"
+ */
 spamfilter {
-	match-type posix;
+	match-type regex;
+	match "\x01DCC (SEND|RESUME)[ ]+\"(.+ ){20}";
+	target { private; channel; }
+	action kill;
+	reason "mIRC 6.0-6.11 exploit attempt";
+}
+
+/* Similarly, this regex shows a pattern that matches
+ * against at least 225 characters in length.
+ */
+spamfilter {
+	match-type regex;
+	match "\x01DCC (SEND|RESUME).{225}";
+	target { private; channel; }
+	action kill;
+	reason "Possible mIRC 6.12 exploit attempt";
+}
+
+/* Earlier you saw an example of a $decode exploit which used
+ * match-type 'simple' and - indeed - the filter was quite simple.
+ * The following uses a regex with a similar example.
+ * Regular expressions are very powerful but here you can see
+ * that it actually complicates writing a filter quite a bit.
+ * With regex in this filter we need to escape the ( and all
+ * the dots, question marks, etc. if we want to match these
+ * characters in literal text.
+ */
+spamfilter {
+	match-type regex;
 	match "^Want To Be An IRCOp\? Try This New Bug Type: //write \$decode\(.+=.?,m\) \| \.load -rs \$decode\(.+=.?,m\)$";
 	target private;
 	action block;
 	reason "Spamming users with an mIRC trojan. Type '/unload -rs newb' to remove the trojan.";
-};
+}
+
+spamfilter {
+	match-type regex;
+	match "^http://www\.angelfire\.com/[a-z0-9]+/[a-z0-9]+/[a-z_]+\.jpg <- .*!";
+	target private;
+	action block;
+	reason "Infected by fagot worm: see http://www.f-secure.com/v-descs/fagot.shtml";
+}
+
+/* This shows a regex which specifically matches an entire line by 
+ * the use of ^ and $
+ */
+spamfilter {
+	match-type regex;
+	match "^!login Wasszup!$";
+	target channel;
+	action gline;
+	reason "Attempting to login to a GTBot";
+}
+
+/* An example of how to match against an IP address in text (IPv4 only) */
+spamfilter {
+	match-type regex;
+	match "^!packet ([0-9]{1,3}\.){3}[0-9]{1,3} [0-9]{1,15}";
+	target channel;
+	action gline;
+	reason "Attempting to use a GTBot";
+}
+
+/* A slightly more complex example with a partial OR matcher (|) */
+spamfilter {
+	match-type regex;
+	match "(^wait a minute plz\. i am updating my site|.*my erotic video).*http://.+/erotic(a)?/myvideo\.exe$";
+	target private;
+	action gline;
+	reason "Infected by some trojan (erotica?)";
+}
+
+/* In regex a \ is special and needs to be escaped to \\
+ * However in this configuration file, \ is also special and
+ * needs to be escaped to \\ as well.
+ * The result is that we need double escaping:
+ * To match a \ you need to write \\\\ in the configuration file.
+ */
+spamfilter {
+	match-type regex;
+	match "C:\\\\WINNT\\\\system32\\\\(notes|videos|xxx|ManualSeduccion|postal|hechizos|images|sex|avril)\.zip";
+	target dcc;
+	action dccblock;
+	reason "Infected by Gaggle worm";
+}

doc/translations.txt

@@ -1,6 +1,6 @@
 ==[ Translations ]===========================================================
 
-In UnrealIRCd 4 we support the following translations:
+In UnrealIRCd 5 we support the following translations:
 * on-line documentation at https://www.unrealircd.org/docs/ (wiki!)
 * help.conf
 * example.conf

extras/VStudioAnalyze.ruleset

@@ -0,0 +1,155 @@
+<?xml version="1.0" encoding="utf-8"?>
+<RuleSet Name="UnrealIRCd rules - based off Microsoft Native Minimum Rules" Description="These rules focus on the most critical problems in your native code, including potential security holes and application crashes. It is recommended to include this rule set in any custom rule set you create for your native projects." ToolsVersion="10.0">
+  <Localization ResourceAssembly="Microsoft.VisualStudio.CodeAnalysis.RuleSets.Strings.dll" ResourceBaseName="Microsoft.VisualStudio.CodeAnalysis.RuleSets.Strings.Localized">
+    <Name Resource="NativeMinimumRules_Name" />
+    <Description Resource="NativeMinimumRules_Description" />
+  </Localization>
+
+  <Rules AnalyzerId="Microsoft.Analyzers.NativeCodeAnalysis" RuleNamespace="Microsoft.Rules.Native">
+<!-- Many false positives    <Rule Id="C6001" Action="Warning" /> -->
+<!-- Many false positives    <Rule Id="C6011" Action="Warning" /> -->
+    <Rule Id="C6029" Action="Warning" />
+    <Rule Id="C6053" Action="Warning" />
+    <Rule Id="C6059" Action="Warning" />
+    <Rule Id="C6063" Action="Warning" />
+    <Rule Id="C6064" Action="Warning" />
+    <Rule Id="C6066" Action="Warning" />
+    <Rule Id="C6067" Action="Warning" />
+    <Rule Id="C6101" Action="Warning" />
+    <Rule Id="C6200" Action="Warning" />
+    <Rule Id="C6201" Action="Warning" />
+    <Rule Id="C6270" Action="Warning" />
+    <Rule Id="C6271" Action="Warning" />
+    <Rule Id="C6272" Action="Warning" />
+    <Rule Id="C6273" Action="Warning" />
+    <Rule Id="C6274" Action="Warning" />
+    <Rule Id="C6276" Action="Warning" />
+    <Rule Id="C6277" Action="Warning" />
+    <Rule Id="C6284" Action="Warning" />
+    <Rule Id="C6290" Action="Warning" />
+    <Rule Id="C6291" Action="Warning" />
+    <Rule Id="C6302" Action="Warning" />
+    <Rule Id="C6303" Action="Warning" />
+    <Rule Id="C6305" Action="Warning" />
+    <Rule Id="C6306" Action="Warning" />
+    <Rule Id="C6328" Action="Warning" />
+<!--    <Rule Id="C6385" Action="Warning" /> more false positives -->
+<!--    <Rule Id="C6386" Action="Warning" /> the analysis this one does - or lack thereof - is particularly dumb pffff -->
+<!--    <Rule Id="C6387" Action="Warning" /> more null/0 false positives -->
+    <Rule Id="C6500" Action="Warning" />
+    <Rule Id="C6501" Action="Warning" />
+    <Rule Id="C6503" Action="Warning" />
+    <Rule Id="C6504" Action="Warning" />
+    <Rule Id="C6505" Action="Warning" />
+    <Rule Id="C6506" Action="Warning" />
+    <Rule Id="C6508" Action="Warning" />
+    <Rule Id="C6509" Action="Warning" />
+    <Rule Id="C6510" Action="Warning" />
+    <Rule Id="C6511" Action="Warning" />
+    <Rule Id="C6513" Action="Warning" />
+    <Rule Id="C6514" Action="Warning" />
+    <Rule Id="C6515" Action="Warning" />
+    <Rule Id="C6516" Action="Warning" />
+    <Rule Id="C6517" Action="Warning" />
+    <Rule Id="C6518" Action="Warning" />
+    <Rule Id="C6522" Action="Warning" />
+    <Rule Id="C6525" Action="Warning" />
+    <Rule Id="C6527" Action="Warning" />
+    <Rule Id="C6530" Action="Warning" />
+    <Rule Id="C6540" Action="Warning" />
+    <Rule Id="C6551" Action="Warning" />
+    <Rule Id="C6552" Action="Warning" />
+    <Rule Id="C6701" Action="Warning" />
+    <Rule Id="C6702" Action="Warning" />
+    <Rule Id="C6703" Action="Warning" />
+    <Rule Id="C6704" Action="Warning" />
+    <Rule Id="C6705" Action="Warning" />
+    <Rule Id="C6706" Action="Warning" />
+
+    <!-- CppCoreCheck -->
+    <!-- Span/View over temporary -->
+    <Rule Id="C26449" Action="Warning" />
+    <!-- Arithmetic overflow -->
+    <Rule Id="C26450" Action="Warning" />
+    <Rule Id="C26451" Action="Warning" />
+    <Rule Id="C26452" Action="Warning" />
+    <Rule Id="C26453" Action="Warning" />
+    <Rule Id="C26454" Action="Warning" />
+    <!-- Unitialized Member -->
+    <Rule Id="C26495" Action="Warning" />
+
+    <Rule Id="C28021" Action="Warning" />
+<!--    <Rule Id="C28182" Action="Warning" /> false positives for dereferencing null ptr -->
+    <Rule Id="C28202" Action="Warning" />
+    <Rule Id="C28203" Action="Warning" />
+    <Rule Id="C28205" Action="Warning" />
+    <Rule Id="C28206" Action="Warning" />
+    <Rule Id="C28207" Action="Warning" />
+    <Rule Id="C28210" Action="Warning" />
+    <Rule Id="C28211" Action="Warning" />
+    <Rule Id="C28212" Action="Warning" />
+    <Rule Id="C28213" Action="Warning" />
+    <Rule Id="C28214" Action="Warning" />
+    <Rule Id="C28215" Action="Warning" />
+    <Rule Id="C28216" Action="Warning" />
+    <Rule Id="C28217" Action="Warning" />
+    <Rule Id="C28218" Action="Warning" />
+    <Rule Id="C28219" Action="Warning" />
+    <Rule Id="C28220" Action="Warning" />
+    <Rule Id="C28221" Action="Warning" />
+    <Rule Id="C28222" Action="Warning" />
+    <Rule Id="C28223" Action="Warning" />
+    <Rule Id="C28224" Action="Warning" />
+    <Rule Id="C28225" Action="Warning" />
+    <Rule Id="C28226" Action="Warning" />
+    <Rule Id="C28227" Action="Warning" />
+    <Rule Id="C28228" Action="Warning" />
+    <Rule Id="C28229" Action="Warning" />
+    <Rule Id="C28230" Action="Warning" />
+    <Rule Id="C28231" Action="Warning" />
+    <Rule Id="C28232" Action="Warning" />
+    <Rule Id="C28233" Action="Warning" />
+    <Rule Id="C28234" Action="Warning" />
+    <Rule Id="C28235" Action="Warning" />
+    <Rule Id="C28236" Action="Warning" />
+    <Rule Id="C28237" Action="Warning" />
+    <Rule Id="C28238" Action="Warning" />
+    <Rule Id="C28239" Action="Warning" />
+    <Rule Id="C28240" Action="Warning" />
+    <Rule Id="C28241" Action="Warning" />
+    <Rule Id="C28243" Action="Warning" />
+    <Rule Id="C28245" Action="Warning" />
+    <Rule Id="C28246" Action="Warning" />
+    <Rule Id="C28250" Action="Warning" />
+<!--    <Rule Id="C28251" Action="Warning" /> this may be real but it's damn annoying: inconsistent annotation for function -->
+    <Rule Id="C28252" Action="Warning" />
+    <Rule Id="C28253" Action="Warning" />
+    <Rule Id="C28254" Action="Warning" />
+    <Rule Id="C28262" Action="Warning" />
+    <Rule Id="C28263" Action="Warning" />
+    <Rule Id="C28267" Action="Warning" />
+    <Rule Id="C28272" Action="Warning" />
+    <Rule Id="C28273" Action="Warning" />
+    <Rule Id="C28275" Action="Warning" />
+    <Rule Id="C28279" Action="Warning" />
+    <Rule Id="C28280" Action="Warning" />
+    <Rule Id="C28282" Action="Warning" />
+    <Rule Id="C28285" Action="Warning" />
+    <Rule Id="C28286" Action="Warning" />
+    <Rule Id="C28287" Action="Warning" />
+    <Rule Id="C28288" Action="Warning" />
+    <Rule Id="C28289" Action="Warning" />
+    <Rule Id="C28290" Action="Warning" />
+    <Rule Id="C28291" Action="Warning" />
+    <Rule Id="C28300" Action="Warning" />
+    <Rule Id="C28301" Action="Warning" />
+    <Rule Id="C28302" Action="Warning" />
+    <Rule Id="C28303" Action="Warning" />
+    <Rule Id="C28304" Action="Warning" />
+    <Rule Id="C28305" Action="Warning" />
+    <Rule Id="C28308" Action="Warning" />
+    <Rule Id="C28309" Action="Warning" />
+    <Rule Id="C28350" Action="Warning" />
+    <Rule Id="C28351" Action="Warning" />
+  </Rules>
+</RuleSet>

extras/build-tests/nix/build

@@ -10,19 +10,45 @@ if [ "$1" != "" ]; then
 	BUILDCONFIG="$*"
 fi
 
-export MAKE="make -j3"
-export CPPFLAGS="-DFAKELAG_CONFIGURABLE"
+if [[ "$OSTYPE" == "freebsd"* ]]; then
+	export MAKE="gmake -j4"
+else
+	export MAKE="make -j4"
+fi
+
+export CPPFLAGS="-DFAKELAG_CONFIGURABLE -DNOREMOVETMP"
+
+# !! skipped for now: extras/build-tests/nix/select-config $BUILDCONFIG !!
+# !! temporary use this:
+cp extras/build-tests/nix/configs/default ./config.settings
+
+# Debian 8 workaround:
+if lsb_release -av 2>&1|egrep 'Debian.*jessie'; then
+	echo "Disabling ASan due to false positives on deb8"
+	echo 'EXTRAPARA="--enable-werror --disable-asan"' >>config.settings
+fi
+if uname -s|grep -i freebsd; then
+	echo "Disabling ASan on FreeBSD due to 100% CPU loop in OpenSSL initialization routine"
+	echo 'EXTRAPARA="--enable-werror --disable-asan"' >>config.settings
+fi
+
+# If SSLDIR is set the environment, this overrides config.settings
+# Used for example in the openssl3 build tests.
+if [ "$SSLDIR" != "" ]; then
+	echo 'SSLDIR="'"$SSLDIR"'"' >>config.settings
+fi
 
-extras/build-tests/nix/select-config $BUILDCONFIG
 # Read config.settings, this makes a couple of variables available to us.
 . ./config.settings
 if [ "$SSLDIR" != "" ]; then
 	# In case we build local openssl/libressl
 	export LD_LIBRARY_PATH="$SSLDIR/lib"
 fi
-./Config -quick || (tail -n 5000 config.log; echo '*** now tre:'; tail -n 5000 extras/tre-0.8.0-git/config.log; echo '** end of tre config.log **'; exit 1)
+./Config -quick || (tail -n 5000 config.log; exit 1)
 $MAKE
 yes ''|make pem
+make
+./unrealircd module install third/dumpcmds
 make install
 
 set +x
@@ -53,6 +79,6 @@ fi
 
 echo ""
 echo ""
-echo "Now running UnrealIRCd test framework..."
-set -x
-extras/build-tests/nix/run-tests
+#echo "Now running UnrealIRCd test framework..."
+#set -x
+#extras/build-tests/nix/run-tests

extras/build-tests/nix/configs/default

@@ -8,9 +8,8 @@ LOGDIR=$HOME/unrealircd/logs
 CACHEDIR=$HOME/unrealircd/cache
 DOCDIR=$HOME/unrealircd/doc
 TMPDIR=$HOME/unrealircd/tmp
-LIBDIR=$HOME/unrealircd/lib
+PRIVATELIBDIR=$HOME/unrealircd/lib
 PREFIXAQ="1"
-MAXSENDQLENGTH="3000000"
 MAXCONNECTIONS="1024"
 NICKNAMEHISTORYLENGTH="2000"
 DEFPERM="0600"
@@ -18,12 +17,8 @@ SSLDIR=""
 REMOTEINC=""
 CURLDIR=""
 SHOWLISTMODES="1"
-TOPICNICKISNUH=""
-SHUNNOTICES=""
 NOOPEROVERRIDE=""
-DISABLEUSERMOD=""
 OPEROVERRIDEVERIFY=""
-DISABLEEXTBANSTACKING=""
 GENCERTIFICATE="0"
-#EXTRAPARA="--enable-werror"
+EXTRAPARA="--enable-werror --enable-asan"
 ADVANCED=""

extras/build-tests/nix/run-tests

@@ -9,57 +9,52 @@ set -e
 # Verbose:
 set -x
 
-# Install packages
-if [[ "$OSTYPE" == "darwin"* ]]; then
-	brew install git || true
-	brew install python || true
-	gem install bundler || true
-	gem install rake || true
-	gem install rspec || true
-else
-	sudo apt-get install git python rake -y
-	sudo gem install bundler
-fi
+# Kill old instances
+killall -9 unrealircd || true
+# Remove old junk
+rm -rf cipherscan/ unrealircd-tests/
 
-# Install 'ircfly'
-git clone https://github.com/unrealircd/ircfly.git
-cd ircfly
-bundle install
-bundle exec rake build
-if [[ "$OSTYPE" == "darwin"* ]]; then
-	bundle exec rake install
-else
-	sudo rake install
+if [ ! -d ~/cipherscan ]; then
+	# Install 'cipherscan'
+	git clone -q https://github.com/mozilla/cipherscan
 fi
-cd ..
-
-# Install 'cipherscan'
-git clone https://github.com/mozilla/cipherscan
 
 # Install 'unrealircd-tests'
-git clone https://github.com/unrealircd/unrealircd-tests.git
+git clone -q https://github.com/unrealircd/unrealircd-tests.git
 cd unrealircd-tests
-bundle install
-mv config.yaml.example config.yaml
 
-# Start the IRC servers
-cp ircdconfig/* ~/unrealircd/conf/
-cd ~/unrealircd
-bin/unrealircd -f irc1.conf
-bin/unrealircd -f irc2.conf
-cd -
-
-# Do cipherscan test
-sleep 2
-cd ../cipherscan
-./cipherscan --no-colors 127.0.0.1:5900
-#./cipherscan --json 127.0.0.1:5900 >.........
-sleep 5
-cd -
-
-# Back in unrealircd-tests, run the tests!
-if [[ "$OSTYPE" == "darwin"* ]]; then
-	bundle exec rake
-else
-	rake
+# FreeBSD has various issues with the tests from us and others,
+# better set a flag to keep it simple:
+FREEBSD=0
+if uname -a|grep -q FreeBSD; then
+	FREEBSD=1
 fi
+
+# Run the test framework, testing both services:
+if [ "$FREEBSD" = 1 ]; then
+	# FreeBSD runs without services since they fail mysteriously:
+	./run -services none || exit 1
+else
+	# Linux tests both with anope and atheme services:
+	./run -services anope || exit 1
+	./run -services atheme || exit 1
+fi
+
+# Database writing/reading tests
+## unencrypted:
+./run -services none -boot tests/db/writing/* || exit 1
+./run -services none -keepdbs -boot tests/db/reading/* || exit 1
+## encrypted:
+./run -services none -include db_crypted.conf -boot tests/db/writing/* || exit 1
+./run -services none -include db_crypted.conf -keepdbs -boot tests/db/reading/* || exit 1
+
+# Do cipherscan test at the end
+# Has problems on non-Linux-64-bit, so we skip there:
+if [ "$FREEBSD" = 0 -a "$HOSTNAME" != "ub18-ia32" ]; then
+	sleep 2
+	cd ../extras/tests/tls
+	./tls-tests
+	cd -
+fi
+
+killall -15 unrealircd atheme-services services anope || true

extras/build-tests/nix/run-tests.bbwrapper

@@ -0,0 +1,14 @@
+#!/bin/bash
+#
+# This is a simple wrapper script that will run the tests
+# When finished, either due to succes or failure,
+# it will kill the ircd
+#
+# Also, it makes sure the job times out (is killed)
+# in case it misbehaves
+#
+set +ex
+timeout --kill-after=5 600 extras/build-tests/nix/run-tests
+EX="$?"
+killall -9 valgrind valgrind.bin memcheck memcheck-amd64-linux memcheck-x86-linux ircd unrealircd val 1>/dev/null 2>&1
+exit $EX

extras/build-tests/nix/select-config

@@ -4,22 +4,28 @@
 # It is not meant to be used by end-users
 #
 
+function fail()
+{
+	echo "select-config failed: $*"
+	exit 1
+}
+
 function build_ssl {
 	DIR="$2"
 	URL="$1/$2.tar.gz"
 	savewd="$PWD"
 	cd ~
 	wget "$URL" || exit 1
-	tar xzvf $DIR.tar.gz
+	tar xzf $DIR.tar.gz
 	cd "$DIR"
-	(./configure --prefix=$HOME/ssl || ./config --prefix=$HOME/ssl -fPIC) || exit 1
-	(make -j2 && make install) || exit 1
+	(./configure --prefix=$HOME/ssl 1>/dev/null 2>&1 || ./config --prefix=$HOME/ssl -fPIC 1>/dev/null 2>&1 ) || fail "build_ssl: configure/config failed"
+	(make -j2 1>/dev/null 2>&1 && make install 1>/dev/null 2>&1) || fail "build_ssl: make failed"
 	cd "$savewd"
 	echo "SSLDIR=$HOME/ssl" >>config.settings
 }
 
 if [ ! -d extras ]; then
-	echo "This tool is supposed to be run from the source root, so ~/unrealircd-4.0.x or similar"
+	echo "This tool is supposed to be run from the source root, so ~/unrealircd-5.0.x or similar"
 	exit 1
 fi
 
@@ -82,18 +88,18 @@ do
 		fi
 		echo 'REMOTEINC=1' >>config.settings
 		echo "CURLDIR=`pwd`/extras/curl" >>config.settings
-	elif [ "$1" = "libressl-25" ]; then
-		build_ssl https://ftp.openbsd.org/pub/OpenBSD/LibreSSL libressl-2.5.5
-	elif [ "$1" = "libressl-26" ]; then
-		build_ssl https://ftp.openbsd.org/pub/OpenBSD/LibreSSL libressl-2.6.4
 	elif [ "$1" = "libressl-27" ]; then
-		build_ssl https://ftp.openbsd.org/pub/OpenBSD/LibreSSL libressl-2.7.2
+		build_ssl https://ftp.openbsd.org/pub/OpenBSD/LibreSSL libressl-2.7.5
+	elif [ "$1" = "libressl-28" ]; then
+		build_ssl https://ftp.openbsd.org/pub/OpenBSD/LibreSSL libressl-2.8.3
+	elif [ "$1" = "libressl-29" ]; then
+		build_ssl https://ftp.openbsd.org/pub/OpenBSD/LibreSSL libressl-2.9.0
 	elif [ "$1" = "openssl-102" ]; then
-		build_ssl https://www.openssl.org/source openssl-1.0.2o
+		build_ssl https://www.openssl.org/source openssl-1.0.2q
 	elif [ "$1" = "openssl-110" ]; then
-		build_ssl https://www.openssl.org/source openssl-1.1.0h
+		build_ssl https://www.openssl.org/source openssl-1.1.0j
 	elif [ "$1" = "openssl-111" ]; then
-		build_ssl https://www.openssl.org/source openssl-1.1.1-pre7
+		build_ssl https://www.openssl.org/source openssl-1.1.1a
 	else
 		echo "Unknown option $1"
 		exit 1

extras/build-tests/windows/build.bat

@@ -1,24 +1,29 @@
-rem Build script for appveyor
+echo on
+
+rem Temporarily hardcoded:
+set TARGET=Visual Studio 2019
+set SHORTNAME=vs2019
 
 rem Initialize Visual Studio variables
-if "%TARGET%" == "Visual Studio 2017" call "C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Auxiliary\Build\vcvars32.bat"
+if "%TARGET%" == "Visual Studio 2017" call "C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Auxiliary\Build\vcvars64.bat"
+if "%TARGET%" == "Visual Studio 2019" call "C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Auxiliary\Build\vcvars64.bat"
 
 rem Installing tools
-cinst unrar -y
-cinst unzip -y
-cinst wget -y
-cinst innosetup -y
-wget https://www.unrealircd.org/files/dev/win/dlltool.exe
+rem only for appveyor:
+rem cinst unrar -y
+rem cinst unzip -y
+rem cinst innosetup -y
 
 rem Installing UnrealIRCd dependencies
 cd \projects
-mkdir unrealircd-deps
-cd unrealircd-deps
-wget https://www.unrealircd.org/files/dev/win/SetACL.exe
-wget https://www.unrealircd.org/files/dev/win/libs/unrealircd-libraries-devel.zip
-unzip unrealircd-libraries-devel.zip
+mkdir unrealircd-5-libs
+cd unrealircd-5-libs
+curl -fsS -o unrealircd-libraries-5-devel.zip https://www.unrealircd.org/files/dev/win/libs/unrealircd-libraries-5-devel.zip
+unzip unrealircd-libraries-5-devel.zip
+copy dlltool.exe \users\user\worker\unreal5-w10\build /y
 
-cd \projects\unrealircd
+rem for appveyor: cd \projects\unrealircd
+cd \users\user\worker\unreal5-w10\build
 
 rem Now the actual build
 call extras\build-tests\windows\compilecmd\%SHORTNAME%.bat
@@ -26,18 +31,23 @@ call extras\build-tests\windows\compilecmd\%SHORTNAME%.bat
 rem The above command will fail, due to missing symbol file
 rem However the symbol file can only be generated after the above command
 rem So... we create the symbolfile...
-nmake -f makefile.win32 SYMBOLFILE
+nmake -f makefile.windows SYMBOLFILE
 
 rem And we re-run the exact same command:
 call extras\build-tests\windows\compilecmd\%SHORTNAME%.bat
 if %ERRORLEVEL% NEQ 0 EXIT /B 1
 
-rem Convert c:\dev to c:\projects\unrealircd-deps
+rem Compile dependencies for unrealircd-tests -- this doesn't belong here though..
+curl -fsS -o src\modules\third\fakereputation.c https://raw.githubusercontent.com/unrealircd/unrealircd-tests/master/serverconfig/unrealircd/modules/fakereputation.c
+call extras\build-tests\windows\compilecmd\%SHORTNAME%.bat CUSTOMMODULE MODULEFILE=fakereputation
+if %ERRORLEVEL% NEQ 0 EXIT /B 1
+
+rem Convert c:\dev to c:\projects\unrealircd-5-libs
 rem TODO: should use environment variable in innosetup script?
-sed -i "s/c:\\\\dev/c:\\\\projects\\\\unrealircd-deps/gi" src\win32\unrealinst.iss
+sed -i "s/c:\\dev\\unrealircd-5-libs/c:\\projects\\unrealircd-5-libs/gi" src\windows\unrealinst.iss
 
 rem Build installer file
-"c:\Program Files (x86)\Inno Setup 5\iscc.exe" /Q- src\win32\unrealinst.iss
+"c:\Program Files (x86)\Inno Setup 5\iscc.exe" /Q- src\windows\unrealinst.iss
 if %ERRORLEVEL% NEQ 0 EXIT /B 1
 
 rem Show some proof
@@ -45,6 +55,52 @@ ren mysetup.exe unrealircd-dev-build.exe
 dir unrealircd-dev-build.exe
 sha256sum unrealircd-dev-build.exe
 
+rem Kill any old instances, just to be sure
+taskkill -im unrealircd.exe -f
+sleep 2
+rem Just a safety measure so we don't end up testing
+rem some old version...
+del "C:\Program Files\UnrealIRCd 5\bin\unrealircd.exe"
+
+echo Running installer...
+start /WAIT unrealircd-dev-build.exe /VERYSILENT /LOG=setup.log
+if %ERRORLEVEL% NEQ 0 goto installerfailed
+
 rem Upload artifact
-appveyor PushArtifact unrealircd-dev-build.exe
+rem appveyor PushArtifact unrealircd-dev-build.exe
+rem if %ERRORLEVEL% NEQ 0 EXIT /B 1
+
+rem Install 'unrealircd-tests'
+cd ..
+rd /q/s unrealircd-tests
+git clone https://github.com/unrealircd/unrealircd-tests.git
 if %ERRORLEVEL% NEQ 0 EXIT /B 1
+cd unrealircd-tests
+dir
+
+rem All tests except db:
+"C:\Program Files\Git\bin\bash.exe" ./runwin
+if %ERRORLEVEL% NEQ 0 EXIT /B 1
+
+rem Test unencrypted db's:
+"C:\Program Files\Git\bin\bash.exe" ./runwin -boot tests/db/writing/*
+if %ERRORLEVEL% NEQ 0 EXIT /B 1
+"C:\Program Files\Git\bin\bash.exe" ./runwin -keepdbs -boot tests/db/reading/*
+if %ERRORLEVEL% NEQ 0 EXIT /B 1
+
+rem Test encrypted db's:
+"C:\Program Files\Git\bin\bash.exe" ./runwin -include db_crypted.conf -boot tests/db/writing/*
+if %ERRORLEVEL% NEQ 0 EXIT /B 1
+"C:\Program Files\Git\bin\bash.exe" ./runwin -include db_crypted.conf -keepdbs -boot tests/db/reading/*
+if %ERRORLEVEL% NEQ 0 EXIT /B 1
+
+goto end
+
+
+
+:installerfailed
+type setup.log
+echo INSTALLATION FAILED
+EXIT /B 1
+
+:end

extras/build-tests/windows/compilecmd/vs2017.bat

@@ -1,18 +0,0 @@
-rem Build command for Visual Studio 2017
-
-nmake -f makefile.win32 ^
-LIBRESSL_INC_DIR="c:\projects\unrealircd-deps\libressl\include" ^
-LIBRESSL_LIB_DIR="c:\projects\unrealircd-deps\libressl\lib" ^
-SSLLIB="crypto-43.lib ssl-45.lib" ^
-USE_REMOTEINC=1 ^
-LIBCURL_INC_DIR="c:\projects\unrealircd-deps\curl-ssl\include" ^
-LIBCURL_LIB_DIR="c:\projects\unrealircd-deps\curl-ssl\builds\libcurl-vc-x86-release-dll-ssl-dll-ipv6-sspi-obj-lib" ^
-CARES_LIB_DIR="c:\projects\unrealircd-deps\c-ares\msvc\cares\dll-release" ^
-CARES_INC_DIR="c:\projects\unrealircd-deps\c-ares" ^
-CARESLIB="cares.lib" ^
-TRE_LIB_DIR="c:\projects\unrealircd-deps\tre\win32\release" ^
-TRE_INC_DIR="c:\projects\unrealircd-deps\tre" ^
-TRELIB="tre.lib" ^
-PCRE2_INC_DIR="c:\projects\unrealircd-deps\pcre2\include" ^
-PCRE2_LIB_DIR="c:\projects\unrealircd-deps\pcre2\lib" ^
-PCRE2LIB="pcre2-8.lib" %*

extras/build-tests/windows/compilecmd/vs2019.bat

@@ -0,0 +1,21 @@
+rem Build command for Visual Studio 2019
+
+nmake -f makefile.windows ^
+LIBRESSL_INC_DIR="c:\projects\unrealircd-5-libs\libressl\include" ^
+LIBRESSL_LIB_DIR="c:\projects\unrealircd-5-libs\libressl\lib" ^
+SSLLIB="crypto-46.lib ssl-48.lib" ^
+USE_REMOTEINC=1 ^
+LIBCURL_INC_DIR="c:\projects\unrealircd-5-libs\curl\include" ^
+LIBCURL_LIB_DIR="c:\projects\unrealircd-5-libs\curl\builds\libcurl-vc-x64-release-dll-ssl-dll-cares-dll-ipv6-obj-lib" ^
+CARES_LIB_DIR="c:\projects\unrealircd-5-libs\c-ares\msvc\cares\dll-release" ^
+CARES_INC_DIR="c:\projects\unrealircd-5-libs\c-ares\include" ^
+CARESLIB="cares.lib" ^
+PCRE2_INC_DIR="c:\projects\unrealircd-5-libs\pcre2\include" ^
+PCRE2_LIB_DIR="c:\projects\unrealircd-5-libs\pcre2\lib" ^
+PCRE2LIB="pcre2-8.lib" ^
+ARGON2_LIB_DIR="c:\projects\unrealircd-5-libs\argon2\vs2015\build" ^
+ARGON2_INC_DIR="c:\projects\unrealircd-5-libs\argon2\include" ^
+ARGON2LIB="Argon2RefDll.lib" ^
+SODIUM_LIB_DIR="c:\projects\unrealircd-5-libs\libsodium\bin\x64\Release\v142\dynamic" ^
+SODIUM_INC_DIR="c:\projects\unrealircd-5-libs\libsodium\src\libsodium\include" ^
+SODIUMLIB="libsodium.lib" %*

extras/curlinstall

@@ -4,7 +4,7 @@ OUTF="curl-latest.tar.gz"
 OUTD="curl-latest"
 ARESPATH="`pwd`/extras/c-ares"
 UNREALDIR="`pwd`"
-CARESVERSION="1.13.0"
+CARESVERSION="1.17.2"
 LIBDIR="$1"
 
 if [ "x$1" = "x" ]; then
@@ -18,7 +18,7 @@ if [ ! -f src/parse.c ]; then
 		cd ..
 	else
 		echo "Please run this program from your UnrealIRCd directory"
-		echo "(usually $HOME/unrealircd-4.0.X or something like that)"
+		echo "(usually $HOME/unrealircd-5.0.X or something like that)"
 		exit 1
 	fi
 fi
@@ -90,7 +90,7 @@ cd "$OUTD" || exit 1
 
 echo "Building and installing libcurl"
 CPPFLAGS="-I$ARESPATH/include" ./configure --prefix=$UNREALDIR/extras/curl --libdir=$LIBDIR --enable-shared \
- --disable-thread --enable-ares=$ARESPATH --disable-ipv6
+ --enable-ares=$ARESPATH --with-openssl
 cp -R $ARESPATH/lib ares
 make && make install
 

extras/doxygen/Developers.md

@@ -0,0 +1,17 @@
+Welcome to the doxygen-generated documentation for the UnrealIRCd 5.x API.
+This is intended **for developers only!**
+
+Note that UnrealIRCd 5 is the **old stable**, it is no longer receiving new
+features and is bug fix only. If you are developing a new 3rd party module
+then you are suggested to develop for UnrealIRCd 6 and go to the
+[UnrealIRCd 6 module api](https://www.unrealircd.org/api/6/) page instead.
+
+## Wiki documentation ##
+* Be sure to check the [Module API](https://www.unrealircd.org/docs/Dev:Module_API) article on the wiki
+  as well, which provides a better *overview* of the module API
+
+## Doxygen docs ##
+* [Functions and structs ordered by purpose](modules.html) - **this contains most of the module API!**
+* [The most common structs](group__CommonStructs.html) - like Client, User, Server, Channel, etc.
+* [All structs](classes.html) - in a simple alphabetical index
+* [Browse by source file](dir_68267d1309a1af8e8297ef4c3efbcdba.html) - see all src/*.c files and their (documented) functions.

extras/doxygen/doxygen_custom.css

@@ -0,0 +1,4 @@
+code {
+    border: 1px solid #C4CFE5;
+    background-color: #FBFCFD;
+}

extras/doxygen/header.html

@@ -0,0 +1,56 @@
+<!-- HTML header for doxygen 1.8.13-->
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
+<meta http-equiv="X-UA-Compatible" content="IE=9"/>
+<meta name="generator" content="Doxygen $doxygenversion"/>
+<meta name="viewport" content="width=device-width, initial-scale=1"/>
+<!--BEGIN PROJECT_NAME--><title>$projectname Module API: $title</title><!--END PROJECT_NAME-->
+<!--BEGIN !PROJECT_NAME--><title>$title</title><!--END !PROJECT_NAME-->
+<link href="$relpath^tabs.css" rel="stylesheet" type="text/css"/>
+<script type="text/javascript" src="$relpath^jquery.js"></script>
+<script type="text/javascript" src="$relpath^dynsections.js"></script>
+$treeview
+$search
+$mathjax
+<link href="$relpath^$stylesheet" rel="stylesheet" type="text/css" />
+$extrastylesheet
+</head>
+<body>
+<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
+
+<!--BEGIN TITLEAREA-->
+<div id="titlearea">
+<table cellspacing="0" cellpadding="0">
+ <tbody>
+ <tr style="height: 56px;">
+  <!--BEGIN PROJECT_LOGO-->
+  <td id="projectlogo"><img alt="Logo" src="$relpath^$projectlogo"/></td>
+  <!--END PROJECT_LOGO-->
+  <!--BEGIN PROJECT_NAME-->
+  <td id="projectalign" style="padding-left: 0.5em;">
+   <div id="projectname">$projectname
+   <!--BEGIN PROJECT_NUMBER-->&#160;<span id="projectnumber">Module API $projectnumber</span><!--END PROJECT_NUMBER-->
+   </div>
+   <!--BEGIN PROJECT_BRIEF--><div id="projectbrief">$projectbrief</div><!--END PROJECT_BRIEF-->
+  </td>
+  <!--END PROJECT_NAME-->
+  <!--BEGIN !PROJECT_NAME-->
+   <!--BEGIN PROJECT_BRIEF-->
+    <td style="padding-left: 0.5em;">
+    <div id="projectbrief">$projectbrief</div>
+    </td>
+   <!--END PROJECT_BRIEF-->
+  <!--END !PROJECT_NAME-->
+  <!--BEGIN DISABLE_INDEX-->
+   <!--BEGIN SEARCHENGINE-->
+   <td>$searchbox</td>
+   <!--END SEARCHENGINE-->
+  <!--END DISABLE_INDEX-->
+ </tr>
+ </tbody>
+</table>
+</div>
+<!--END TITLEAREA-->
+<!-- end header part -->

extras/patches/patch_spamfilter_conf

@@ -0,0 +1,40 @@
+#!/bin/sh
+#
+# This script tries to upgrade spamfilter.conf from an old
+# version that uses 'posix' spamfilters to a bit more recent
+# version with examples using 'regex' spamfilters.
+# This so fewer users end up with a headache when upgrading
+# to UnrealIRCd 4.2.3+.
+#
+
+if [ -f spamfilter.conf.patch ]; then
+	F="`pwd`/spamfilter.conf.patch"
+elif [ -f extras/patches/spamfilter.conf.patch ]; then
+	F="`pwd`/extras/patches/spamfilter.conf.patch"
+else
+	echo "WARNING: spamfilter.conf.patch not found"
+	exit 0
+fi
+
+if [ ! -f "$F" ]; then
+	echo "WARNING: spamfilter.conf.patch not found in round two"
+	exit 0
+fi
+
+if [ "$1" = "" ]; then
+	echo "ERROR: No target confdir specified."
+	exit 0
+fi
+
+if [ ! -f "$1/spamfilter.conf" ]; then
+	echo "WARNING: no spamfilter.conf found in $1 -- strange"
+	exit 0
+fi
+
+cd "$1" || exit 1
+cat "$F"|patch -p0 --dry-run -N 1>/dev/null 2>&1
+if [ "$?" = 0 ]; then
+	# Patch succeeded, patch now!
+	echo "Upgrading examples in your spamfilter.conf..."
+	cat "$F"|patch -p0 -N
+fi

extras/patches/spamfilter.conf.patch

@@ -0,0 +1,328 @@
+--- spamfilter.conf.old	2015-06-27 18:29:01.084559805 +0200
++++ spamfilter.conf	2019-04-04 18:29:38.390647262 +0200
+@@ -1,232 +1,154 @@
+ /*
+- * This an example spamfilter file, it contains several
+- * real and useful spamfilters. This should give you an
+- * idea of how powerful spamfilter can be in real-life
+- * situations.
++ * This configuration file contains example spamfilter rules.
++ * They are real rules that were useful a long time ago.
++ * Since 2005 these rules are no longer maintained.
++ * The main purpose nowadays is to serve as an example
++ * to give you an idea of how powerful spamfilters can
++ * be in real-life situations.
+  *
+- * $Id$
++ * Documentation on spamfilter is available at:
++ * https://www.unrealircd.org/docs/Spamfilter
+  */
+ 
+-/* Guidelines on the 'action' field:
+- * As a general rule we use 'action block' for any newly added
+- * spamfilters at first, later on (after knowing about false
+- * positives) we might change some to viruschan/kill/gline/etc..
++/* General note:
++ * If you want to use a \ in a spamfilter, or in fact
++ * anywhere in the configuration file, then you need
++ * to escape this to \\ instead.
+  */
+ 
+-spamfilter {
+-	match-type posix;
+-	match "\x01DCC (SEND|RESUME)[ ]+\"(.+ ){20}";
+-	target { private; channel; };
+-	action kill;
+-	reason "mIRC 6.0-6.11 exploit attempt";
+-};
+ 
+-spamfilter {
+-	match-type posix;
+-	match "\x01DCC (SEND|RESUME).{225}";
+-	target { private; channel; };
+-	action kill;
+-	reason "Possible mIRC 6.12 exploit attempt";
+-};
++/* First some spamfilters with match-type 'simple'.
++ * The only matchers available are * and ?
++ * PRO's: very fast, easy matching: everyone can do this.
++ * CON's: limited ability to fine-tune spamfilters
++ */
+ 
+ spamfilter {
+-	match-type posix;
+-	match "Come watch me on my webcam and chat /w me :-\) http://.+:\d+/me\.mpg";
++	match-type simple;
++	match "Come watch me on my webcam and chat /w me :-) http://*:*/me.mpg";
+ 	target private;
+ 	action gline;
+ 	reason "Infected by fyle trojan: see http://www.sophos.com/virusinfo/analyses/trojfylexa.html";
+ };
+ 
++/* This signature uses a \ which has to escaped to \\ in the configuration file */
+ spamfilter {
+-	match-type posix;
+-	match "Speed up your mIRC DCC Transfer by up to 75%.*www\.freewebs\.com/mircupdate/mircspeedup\.exe";
+-	target private;
+-	action gline;
+-	reason "Infected by mirseed trojan: see http://www.sophos.com/virusinfo/analyses/trojmirseeda.html";
+-};
+-
+-spamfilter {
+-	match-type posix;
+-	match "^http://www\.angelfire\.com/[a-z0-9]+/[a-z0-9]+/[a-z_]+\.jpg <- .*!";
+-	target private;
++	match-type simple;
++	match "C:\\WINNT\\system32\\*.zip";
++	target dcc;
+ 	action block;
+-	reason "Infected by fagot worm: see http://www.f-secure.com/v-descs/fagot.shtml";
++	reason "Infected by Gaggle worm?";
+ };
+ 
+ spamfilter {
+-	match-type posix;
+-	match "^FREE PORN: http://free:porn@([0-9]{1,3}\.){3}[0-9]{1,3}:8180$";
++	match-type simple;
++	match "Speed up your mIRC DCC Transfer by up to 75%*www.freewebs.com/mircupdate/mircspeedup.exe";
+ 	target private;
+ 	action gline;
+-	reason "Infected by aplore worm: see http://www.f-secure.com/v-descs/aplore.shtml";
+-};
+-
+-spamfilter {
+-	match-type posix;
+-	match "^!login Wasszup!$";
+-	target channel;
+-	action gline;
+-	reason "Attempting to login to a GTBot";
+-};
+-
+-spamfilter {
+-	match-type posix;
+-	match "^!login grrrr yeah baby!$";
+-	target channel;
+-	action gline;
+-	reason "Attempting to login to a GTBot";
+-};
+-
+-spamfilter {
+-	match-type posix;
+-	match "^!packet ([0-9]{1,3}\.){3}[0-9]{1,3} [0-9]{1,15}";
+-	target channel;
+-	action gline;
+-	reason "Attempting to use a GTBot";
+-};
+-
+-spamfilter {
+-	match-type posix;
+-	match "^!icqpagebomb ([0-9]{1,15} ){2}.+";
+-	target channel;
+-	action gline;
+-	reason "Attempting to use a GTBot";
++	reason "Infected by mirseed trojan: see http://www.sophos.com/virusinfo/analyses/trojmirseeda.html";
+ };
+ 
+ spamfilter {
+-	match-type posix;
+-	match "^!pfast [0-9]{1,15} ([0-9]{1,3}\.){3}[0-9]{1,3} [0-9]{1,5}$";
+-	target channel;
++	match-type simple;
++	match "STOP SPAM, USE THIS COMMAND: //write nospam $decode(*) | .load -rs nospam | //mode $me +R";
++	target private;
+ 	action gline;
+-	reason "Attempting to use a GTBot";
++	reason "Infected by nkie worm: see http://www.trojaninfo.com/nkie/nkie.htm";
+ };
+ 
+-spamfilter {
+-	match-type posix;
+-	match "^!portscan ([0-9]{1,3}\.){3}[0-9]{1,3} [0-9]{1,5} [0-9]{1,5}$";
+-	target channel;
+-	action gline;
+-	reason "Attempting to use a GTBot";
+-};
+ 
+-spamfilter {
+-	match-type posix;
+-	match "^.u(dp)? ([0-9]{1,3}\.){3}[0-9]{1,3} [0-9]{1,15} [0-9]{1,15} [0-9]{1,15}( [0-9])*$";
+-	target channel;
+-	action gline;
+-	reason "Attempting to use an SDBot";
+-};
++/* Now spamfilters of type 'regex'.
++ * These use powerful regular expressions (Perl/PCRE style)
++ * You may have to learn more about "regex" first before you
++ * can use them. For example the dot ('.') has special meaning.
++ */
+ 
++/* This regex shows a pattern which requires 20 paramaters,
++ * such as "x x x x x x x x x x x x x x x x x x x x"
++ */
+ spamfilter {
+-	match-type posix;
+-	match "^.syn ((([0-9]{1,3}\.){3}[0-9]{1,3})|([a-zA-Z0-9_-]+\.[a-zA-Z0-9_-]+\.[a-zA-Z0-9_.-]+)) [0-9]{1,5} [0-9]{1,15} [0-9]{1,15}";
+-	target { channel; private; };
+-	action gline;
+-	reason "Attempting to use a SpyBot";
++	match-type regex;
++	match "\x01DCC (SEND|RESUME)[ ]+\"(.+ ){20}";
++	target { private; channel; };
++	action kill;
++	reason "mIRC 6.0-6.11 exploit attempt";
+ };
+ 
++/* Similarly, this regex shows a pattern that matches
++ * against at least 225 characters in length.
++ */
+ spamfilter {
+-	match-type posix;
+-	match "^porn! porno! http://.+\/sexo\.exe";
+-	target private;
+-	action gline;
+-	reason "Infected by soex trojan: see http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FSOEX.A";
++	match-type regex;
++	match "\x01DCC (SEND|RESUME).{225}";
++	target { private; channel; };
++	action kill;
++	reason "Possible mIRC 6.12 exploit attempt";
+ };
+ 
++/* Earlier you saw an example of a $decode exploit which used
++ * match-type 'simple' and - indeed - the filter was quite simple.
++ * The following uses a regex with a similar example.
++ * Regular expressions are very powerful but here you can see
++ * that it actually complicates writing a filter quite a bit.
++ * With regex in this filter we need to escape the ( and all
++ * the dots, question marks, etc. if we want to match these
++ * characters in literal text.
++ */
+ spamfilter {
+-	match-type posix;
+-	match "(^wait a minute plz\. i am updating my site|.*my erotic video).*http://.+/erotic(a)?/myvideo\.exe$";
++	match-type regex;
++	match "^Want To Be An IRCOp\? Try This New Bug Type: //write \$decode\(.+=.?,m\) \| \.load -rs \$decode\(.+=.?,m\)$";
+ 	target private;
+-	action gline;
+-	reason "Infected by some trojan (erotica?)";
++	action block;
++	reason "Spamming users with an mIRC trojan. Type '/unload -rs newb' to remove the trojan.";
+ };
+ 
+ spamfilter {
+-	match-type posix;
+-	match "^STOP SPAM, USE THIS COMMAND: //write nospam \$decode\(.+\) \| \.load -rs nospam \| //mode \$me \+R$";
++	match-type regex;
++	match "^http://www\.angelfire\.com/[a-z0-9]+/[a-z0-9]+/[a-z_]+\.jpg <- .*!";
+ 	target private;
+-	action gline;
+-	reason "Infected by nkie worm: see http://www.trojaninfo.com/nkie/nkie.htm";
++	action block;
++	reason "Infected by fagot worm: see http://www.f-secure.com/v-descs/fagot.shtml";
+ };
+ 
++/* This shows a regex which specifically matches an entire line by 
++ * the use of ^ and $
++ */
+ spamfilter {
+-	match-type posix;
+-	match "^FOR MATRIX 2 DOWNLOAD, USE THIS COMMAND: //write Matrix2 \$decode\(.+=,m\) \| \.load -rs Matrix2 \| //mode \$me \+R$";
+-	target private;
++	match-type regex;
++	match "^!login Wasszup!$";
++	target channel;
+ 	action gline;
+-	reason "Infected by nkie worm: see http://www.trojaninfo.com/nkie/nkie.htm";
++	reason "Attempting to login to a GTBot";
+ };
+ 
++/* An example of how to match against an IP address in text (IPv4 only) */
+ spamfilter {
+-	match-type posix;
+-	match "^hey .* to get OPs use this hack in the chan but SHH! //\$decode\(.*,m\) \| \$decode\(.*,m\)$";
+-	target private;
++	match-type regex;
++	match "^!packet ([0-9]{1,3}\.){3}[0-9]{1,3} [0-9]{1,15}";
++	target channel;
+ 	action gline;
+-	reason "Infected by nkie worm: see http://www.trojaninfo.com/nkie/nkie.htm";
++	reason "Attempting to use a GTBot";
+ };
+ 
++/* A slightly more complex example with a partial OR matcher (|) */
+ spamfilter {
+-	match-type posix;
+-	match ".*(http://jokes\.clubdepeche\.com|http://horny\.69sexy\.net|http://private\.a123sdsdssddddgfg\.com).*";
++	match-type regex;
++	match "(^wait a minute plz\. i am updating my site|.*my erotic video).*http://.+/erotic(a)?/myvideo\.exe$";
+ 	target private;
+ 	action gline;
+-	reason "Infected by LOI trojan";
+-};
+-
+-/* This is a 'general sig' which might have a tad more false positives, hence just 'block' is used */
+-spamfilter {
+-	match-type posix;
+-	match "C:\\WINNT\\system32\\[][0-9a-z_-{|}`]+\.zip";
+-	target dcc;
+-	action block;
+-	reason "Infected by Gaggle worm?";
++	reason "Infected by some trojan (erotica?)";
+ };
+ 
++/* In regex a \ is special and needs to be escaped to \\
++ * However in this configuration file, \ is also special and
++ * needs to be escaped to \\ as well.
++ * The result is that we need double escaping:
++ * To match a \ you need to write \\\\ in the configuration file.
++ */
+ spamfilter {
+-	match-type posix;
+-	match "C:\\WINNT\\system32\\(notes|videos|xxx|ManualSeduccion|postal|hechizos|images|sex|avril)\.zip";
++	match-type regex;
++	match "C:\\\\WINNT\\\\system32\\\\(notes|videos|xxx|ManualSeduccion|postal|hechizos|images|sex|avril)\.zip";
+ 	target dcc;
+ 	action dccblock;
+ 	reason "Infected by Gaggle worm";
+ };
+-
+-spamfilter {
+-	match-type posix;
+-	match "http://.+\.lycos\..+/[iy]server[0-9]/[a-z]{4,11}\.(gif|jpg|avi|txt)";
+-	target { private; quit; };
+-	action block;
+-	reason "Infected by Gaggle worm";
+-};
+-
+-spamfilter {
+-	match-type posix;
+-	match "^Free porn pic.? and movies (www\.sexymovies\.da\.ru|www\.girlporn\.org)";
+-	target private;
+-	action block;
+-	reason "Unknown virus. Site causes Backdoor.Delf.lq infection";
+-};
+-
+-spamfilter {
+-	match-type posix;
+-	match "^LOL! //echo -a \$\(\$decode\(.+,m\),[0-9]\)$";
+-	target channel;
+-	action block;
+-	reason "$decode exploit";
+-};
+-
+-/*
+-spamfilter {
+-	regex "//write \$decode\(.+\|.+load -rs";
+-	target { private; channel; };
+-	reason "Generic $decode exploit";
+-	action block;
+-};
+-*/
+-
+-spamfilter {
+-	match-type posix;
+-	match "^Want To Be An IRCOp\? Try This New Bug Type: //write \$decode\(.+=.?,m\) \| \.load -rs \$decode\(.+=.?,m\)$";
+-	target private;
+-	action block;
+-	reason "Spamming users with an mIRC trojan. Type '/unload -rs newb' to remove the trojan.";
+-};

extras/regex/Makefile.in

@@ -1,98 +0,0 @@
-# Makefile for regex.
-# 
-# Copyright (C) 1992, 1993 Free Software Foundation, Inc.
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-
-version = 0.12
-
-# You can define CPPFLAGS on the command line.  Aside from system-specific
-# flags, you can define:
-#   -DREGEX_MALLOC to use malloc/realloc/free instead of alloca.
-#   -DDEBUG to enable the compiled pattern disassembler and execution
-#           tracing; code runs substantially slower.
-#   -DEXTRACT_MACROS to use the macros EXTRACT_* (as opposed to
-#           the corresponding C procedures).  If not -DDEBUG, the macros
-#           are used.
-CPPFLAGS = 
-
-# Likewise, you can override CFLAGS to optimize, use -Wall, etc.
-CFLAGS = -g
-
-# Ditto for LDFLAGS and LOADLIBES.
-LDFLAGS =
-LOADLIBES =
-
-srcdir = @srcdir@
-VPATH = @srcdir@
-
-CC = @CC@
-DEFS = @DEFS@
-
-SHELL = /bin/sh
-
-subdirs = moo
-
-default all:: regex.o
-.PHONY: default all
-
-regex.o: regex.c regex.h
-	$(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) -I. -I$(srcdir) -c $<
-
-clean mostlyclean::
-	rm -f *.o
-
-distclean:: clean
-	rm -f Makefile config.status
-
-extraclean:: distclean
-	rm -f patch* *~* *\#* *.orig *.rej *.bak core a.out
-
-configure: configure.in
-	autoconf
-
-config.status: configure
-	sh configure --no-create
-
-Makefile: Makefile.in config.status
-	sh config.status
-
-makeargs = $(MFLAGS) CPPFLAGS='$(CPPFLAGS)' CFLAGS='$(CFLAGS)' CC='$(CC)' \
-DEFS='$(DEFS)' LDFLAGS='$(LDFLAGS)' LOADLIBES='$(LOADLIBES)'
-
-default all install \
-mostlyclean clean distclean extraclean realclean \
-TAGS check::
-	for d in $(subdirs); do (cd $$d; $(MAKE) $(makeargs) $@); done
-.PHONY: install mostlyclean clean distclean extraclean realclean TAGS check
-
-# Prevent GNU make 3 from overflowing arg limit on system V.
-.NOEXPORT:
-
-distfiles = AUTHORS ChangeLog COPYING INSTALL NEWS README \
-            *.in configure regex.c regex.h 
-distdir = regex-$(version)
-distargs = version=$(version) distdir=../$(distdir)/$$d
-dist: TAGS configure
-	@echo "Version numbers in: Makefile.in, ChangeLog, NEWS,"
-	@echo "  regex.c, regex.h,"
-	@echo "  and doc/xregex.texi (if modified)."
-	rm -rf $(distdir)
-	mkdir $(distdir)
-	ln $(distfiles) $(distdir)
-	for d in $(subdirs); do (cd $$d; $(MAKE) $(distargs) dist); done
-	tar czhf $(distdir).tar.Z $(distdir)
-	rm -rf $(distdir)
-.PHONY: dist

extras/regex/README

@@ -1,60 +0,0 @@
-This directory contains the GNU regex library.  It is compliant with
-POSIX.2, except for internationalization features.
-
-See the file NEWS for a list of major changes in the current release.
-
-See the file INSTALL for compilation instructions.  (The only thing
-installed is the documentation; regex.c is compiled into regex.o, but
-not installed anywhere.)
-
-The subdirectory `doc' contains a (programmers') manual for the library.
-It's probably out-of-date.  Improvements are welcome.
-
-The subdirectory `test' contains the various tests we've written.
-
-We know this code is not as fast as it might be.  If you have specific
-suggestions, profiling results, or other such useful information to
-report, please do.
-
-Emacs 18 is not going use this revised regex (but Emacs 19 will).  If
-you want to try it with Emacs 18, apply the patch at the end of this
-file first.
-
-Mail bug reports to bug-gnu-utils@prep.ai.mit.edu.
-
-Please include an actual regular expression that fails (and the syntax
-used to compile it); without that, there's no way to reproduce the bug,
-so there's no way we can fix it.  Even if you include a patch, also
-include the regular expression in error; otherwise, we can't know for
-sure what you're trying to fix.
-
-Here is the patch to make this version of regex work with Emacs 18.
-
-*** ORIG/search.c	Tue Jan  8 13:04:55 1991
---- search.c	Sun Jan  5 10:57:00 1992
-***************
-*** 25,26 ****
---- 25,28 ----
-  #include "commands.h"
-+ 
-+ #include <sys/types.h>
-  #include "regex.h"
-***************
-*** 477,479 ****
-  				/* really needed. */
-!       && *(searchbuf.buffer) == (char) exactn /* first item is "exact match" */
-        && searchbuf.buffer[1] + 2 == searchbuf.used) /*first is ONLY item */
---- 479,482 ----
-  				/* really needed. */
-!          /* first item is "exact match" */
-!       && *(searchbuf.buffer) == (char) RE_EXACTN_VALUE
-        && searchbuf.buffer[1] + 2 == searchbuf.used) /*first is ONLY item */
-***************
-*** 1273,1275 ****
-    searchbuf.allocated = 100;
-!   searchbuf.buffer = (char *) malloc (searchbuf.allocated);
-    searchbuf.fastmap = search_fastmap;
---- 1276,1278 ----
-    searchbuf.allocated = 100;
-!   searchbuf.buffer = (unsigned char *) malloc (searchbuf.allocated);
-    searchbuf.fastmap = search_fastmap;

extras/regex/configure

@@ -1,462 +0,0 @@
-#!/bin/sh
-# Guess values for system-dependent variables and create Makefiles.
-# Generated automatically using autoconf.
-# Copyright (C) 1991, 1992, 1993 Free Software Foundation, Inc.
-
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-
-# Usage: configure [--srcdir=DIR] [--host=HOST] [--gas] [--nfp] [--no-create]
-#        [--prefix=PREFIX] [--exec-prefix=PREFIX] [--with-PACKAGE] [TARGET]
-# Ignores all args except --srcdir, --prefix, --exec-prefix, --no-create, and
-# --with-PACKAGE unless this script has special code to handle it.
-
-
-for arg
-do
-  # Handle --exec-prefix with a space before the argument.
-  if test x$next_exec_prefix = xyes; then exec_prefix=$arg; next_exec_prefix=
-  # Handle --host with a space before the argument.
-  elif test x$next_host = xyes; then next_host=
-  # Handle --prefix with a space before the argument.
-  elif test x$next_prefix = xyes; then prefix=$arg; next_prefix=
-  # Handle --srcdir with a space before the argument.
-  elif test x$next_srcdir = xyes; then srcdir=$arg; next_srcdir=
-  else
-    case $arg in
-     # For backward compatibility, also recognize exact --exec_prefix.
-     -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* | --exec=* | --exe=* | --ex=* | --e=*)
-	exec_prefix=`echo $arg | sed 's/[-a-z_]*=//'` ;;
-     -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- | --exec | --exe | --ex | --e)
-	next_exec_prefix=yes ;;
-
-     -gas | --gas | --ga | --g) ;;
-
-     -host=* | --host=* | --hos=* | --ho=* | --h=*) ;;
-     -host | --host | --hos | --ho | --h)
-	next_host=yes ;;
-
-     -nfp | --nfp | --nf) ;;
-
-     -no-create | --no-create | --no-creat | --no-crea | --no-cre | --no-cr | --no-c | --no- | --no)
-        no_create=1 ;;
-
-     -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
-	prefix=`echo $arg | sed 's/[-a-z_]*=//'` ;;
-     -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
-	next_prefix=yes ;;
-
-     -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=* | --s=*)
-	srcdir=`echo $arg | sed 's/[-a-z_]*=//'` ;;
-     -srcdir | --srcdir | --srcdi | --srcd | --src | --sr | --s)
-	next_srcdir=yes ;;
-
-     -with-* | --with-*)
-       package=`echo $arg|sed 's/-*with-//'`
-       # Delete all the valid chars; see if any are left.
-       if test -n "`echo $package|sed 's/[-a-zA-Z0-9_]*//g'`"; then
-         echo "configure: $package: invalid package name" >&2; exit 1
-       fi
-       eval "with_`echo $package|sed s/-/_/g`=1" ;;
-
-     *) ;;
-    esac
-  fi
-done
-
-trap 'rm -f conftest* core; exit 1' 1 3 15
-
-rm -f conftest*
-compile='${CC-cc} $CFLAGS $DEFS conftest.c -o conftest $LIBS >/dev/null 2>&1'
-
-# A filename unique to this package, relative to the directory that
-# configure is in, which we can look for to find out if srcdir is correct.
-unique_file=regex.c
-
-# Find the source files, if location was not specified.
-if test -z "$srcdir"; then
-  srcdirdefaulted=yes
-  # Try the directory containing this script, then `..'.
-  prog=$0
-  confdir=`echo $prog|sed 's%/[^/][^/]*$%%'`
-  test "X$confdir" = "X$prog" && confdir=.
-  srcdir=$confdir
-  if test ! -r $srcdir/$unique_file; then
-    srcdir=..
-  fi
-fi
-if test ! -r $srcdir/$unique_file; then
-  if test x$srcdirdefaulted = xyes; then
-    echo "configure: Can not find sources in \`${confdir}' or \`..'." 1>&2
-  else
-    echo "configure: Can not find sources in \`${srcdir}'." 1>&2
-  fi
-  exit 1
-fi
-# Preserve a srcdir of `.' to avoid automounter screwups with pwd.
-# But we can't avoid them for `..', to make subdirectories work.
-case $srcdir in
-  .|/*|~*) ;;
-  *) srcdir=`cd $srcdir; pwd` ;; # Make relative path absolute.
-esac
-
-
-if test -z "$CC"; then
-  echo checking for gcc
-  saveifs="$IFS"; IFS="${IFS}:"
-  for dir in $PATH; do
-    test -z "$dir" && dir=.
-    if test -f $dir/gcc; then
-      CC="gcc"
-      break
-    fi
-  done
-  IFS="$saveifs"
-fi
-test -z "$CC" && CC="cc"
-
-# Find out if we are using GNU C, under whatever name.
-cat > conftest.c <<EOF
-#ifdef __GNUC__
-  yes
-#endif
-EOF
-${CC-cc} -E conftest.c > conftest.out 2>&1
-if egrep yes conftest.out >/dev/null 2>&1; then
-  GCC=1 # For later tests.
-fi
-rm -f conftest*
-
-# Make sure to not get the incompatible SysV /etc/install and
-# /usr/sbin/install, which might be in PATH before a BSD-like install,
-# or the SunOS /usr/etc/install directory, or the AIX /bin/install,
-# or the AFS install, which mishandles nonexistent args.  (Sigh.)
-if test -z "$INSTALL"; then
-  echo checking for install
-  saveifs="$IFS"; IFS="${IFS}:"
-  for dir in $PATH; do
-    test -z "$dir" && dir=.
-    case $dir in
-    /etc|/usr/sbin|/usr/etc|/usr/afsws/bin) ;;
-    *)
-      if test -f $dir/install; then
-	if grep dspmsg $dir/install >/dev/null 2>&1; then
-	  : # AIX
-	else
-	  INSTALL="$dir/install -c"
-	  INSTALL_PROGRAM='$(INSTALL)'
-	  INSTALL_DATA='$(INSTALL) -m 644'
-	  break
-	fi
-      fi
-      ;;
-    esac
-  done
-  IFS="$saveifs"
-fi
-INSTALL=${INSTALL-cp}
-INSTALL_PROGRAM=${INSTALL_PROGRAM-'$(INSTALL)'}
-INSTALL_DATA=${INSTALL_DATA-'$(INSTALL)'}
-
-
-echo checking for AIX
-echo checking how to run the C preprocessor
-if test -z "$CPP"; then
-  CPP='${CC-cc} -E'
-  cat > conftest.c <<EOF
-#include <stdio.h>
-EOF
-err=`eval "$CPP $DEFS conftest.c 2>&1 >/dev/null"`
-if test -z "$err"; then
-  :
-else
-  CPP=/lib/cpp
-fi
-rm -f conftest*
-fi
-
-cat > conftest.c <<EOF
-#ifdef _AIX
-  yes
-#endif
-
-EOF
-eval "$CPP $DEFS conftest.c > conftest.out 2>&1"
-if egrep "yes" conftest.out >/dev/null 2>&1; then
-  DEFS="$DEFS -D_ALL_SOURCE=1"
-fi
-rm -f conftest*
-
-
-echo checking for DYNIX/ptx libseq
-cat > conftest.c <<EOF
-#if defined(_SEQUENT_)
-  yes
-#endif
-
-EOF
-eval "$CPP $DEFS conftest.c > conftest.out 2>&1"
-if egrep "yes" conftest.out >/dev/null 2>&1; then
-  SEQUENT=1
-fi
-rm -f conftest*
-
-test -n "$SEQUENT" && test -f /usr/lib/libseq.a &&
-  LIBS="$LIBS -lseq"
-
-echo checking for POSIXized ISC
-if test -d /etc/conf/kconfig.d &&
-  grep _POSIX_VERSION /usr/include/sys/unistd.h >/dev/null 2>&1
-then
-  ISC=1 # If later tests want to check for ISC.
-  DEFS="$DEFS -D_POSIX_SOURCE=1"
-  if test -n "$GCC"; then
-    CC="$CC -posix"
-  else
-    CC="$CC -Xp"
-  fi
-fi
-
-echo checking for minix/config.h
-cat > conftest.c <<EOF
-#include <minix/config.h>
-EOF
-err=`eval "$CPP $DEFS conftest.c 2>&1 >/dev/null"`
-if test -z "$err"; then
-  MINIX=1
-fi
-rm -f conftest*
-
-# The Minix shell can't assign to the same variable on the same line!
-if test -n "$MINIX"; then
-  DEFS="$DEFS -D_POSIX_SOURCE=1"
-  DEFS="$DEFS -D_POSIX_1_SOURCE=2"
-  DEFS="$DEFS -D_MINIX=1"
-fi
-
-
-echo checking for ANSI C header files
-cat > conftest.c <<EOF
-#include <stdlib.h>
-#include <stdarg.h>
-#include <string.h>
-#include <float.h>
-EOF
-err=`eval "$CPP $DEFS conftest.c 2>&1 >/dev/null"`
-if test -z "$err"; then
-  # SunOS string.h does not declare mem*, contrary to ANSI.
-echo '#include <string.h>' > conftest.c
-eval "$CPP $DEFS conftest.c > conftest.out 2>&1"
-if egrep "memchr" conftest.out >/dev/null 2>&1; then
-  # SGI's /bin/cc from Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
-cat > conftest.c <<EOF
-#include <ctype.h>
-#define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
-#define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
-#define XOR(e,f) (((e) && !(f)) || (!(e) && (f)))
-int main () { int i; for (i = 0; i < 256; i++)
-if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) exit(2);
-exit (0); }
-
-EOF
-eval $compile
-if test -s conftest && (./conftest; exit) 2>/dev/null; then
-  DEFS="$DEFS -DSTDC_HEADERS=1"
-fi
-rm -f conftest*
-fi
-rm -f conftest*
-
-fi
-rm -f conftest*
-
-for hdr in string.h
-do
-trhdr=HAVE_`echo $hdr | tr '[a-z]./' '[A-Z]__'`
-echo checking for ${hdr}
-cat > conftest.c <<EOF
-#include <${hdr}>
-EOF
-err=`eval "$CPP $DEFS conftest.c 2>&1 >/dev/null"`
-if test -z "$err"; then
-  DEFS="$DEFS -D${trhdr}=1"
-fi
-rm -f conftest*
-done
-
-
-# The Ultrix 4.2 mips builtin alloca declared by alloca.h only works
-# for constant arguments.  Useless!
-echo checking for working alloca.h
-cat > conftest.c <<EOF
-#include <alloca.h>
-main() { exit(0); } 
-t() { char *p = alloca(2 * sizeof(int)); }
-EOF
-if eval $compile; then
-  DEFS="$DEFS -DHAVE_ALLOCA_H=1"
-fi
-rm -f conftest*
-
-decl="#ifdef __GNUC__
-#define alloca __builtin_alloca
-#else
-#if HAVE_ALLOCA_H
-#include <alloca.h>
-#else
-#ifdef _AIX
- #pragma alloca
-#else
-char *alloca ();
-#endif
-#endif
-#endif
-"
-echo checking for alloca
-cat > conftest.c <<EOF
-$decl
-main() { exit(0); } 
-t() { char *p = (char *) alloca(1); }
-EOF
-if eval $compile; then
-  :
-else
-  alloca_missing=1
-fi
-rm -f conftest*
-
-if test -n "$alloca_missing"; then
-  # The SVR3 libPW and SVR4 libucb both contain incompatible functions
-  # that cause trouble.  Some versions do not even contain alloca or
-  # contain a buggy version.  If you still want to use their alloca,
-  # use ar to extract alloca.o from them instead of compiling alloca.c.
-  ALLOCA=alloca.o
-fi
-
-prog='/* Ultrix mips cc rejects this.  */
-typedef int charset[2]; const charset x;
-/* SunOS 4.1.1 cc rejects this. */
-char const *const *p;
-char **p2;
-/* HPUX 7.0 cc rejects these. */
-++p;
-p2 = (char const* const*) p;'
-echo checking for working const
-cat > conftest.c <<EOF
-
-main() { exit(0); } 
-t() { $prog }
-EOF
-if eval $compile; then
-  :
-else
-  DEFS="$DEFS -Dconst="
-fi
-rm -f conftest*
-
-
-if test -z "$prefix"
-then
-  echo checking for gcc to derive installation directory prefix
-  saveifs="$IFS"; IFS="$IFS:"
-  for dir in $PATH; do
-    test -z "$dir" && dir=.
-    if test $dir != . && test -f $dir/gcc; then
-      # Not all systems have dirname.
-      prefix=`echo $dir|sed 's%/[^/][^/]*$%%'`
-      break
-    fi
-  done
-  IFS="$saveifs"
-fi
-
-
-if test -n "$prefix"; then
-  test -z "$exec_prefix" && exec_prefix='${prefix}'
-  prsub="s%^prefix\\([ 	]*\\)=\\([ 	]*\\).*$%prefix\\1=\\2$prefix%"
-fi
-if test -n "$exec_prefix"; then
-  prsub="$prsub
-s%^exec_prefix\\([ 	]*\\)=\\([ 	]*\\).*$%\
-exec_prefix\\1=\\2$exec_prefix%"
-fi
-
-trap 'rm -f config.status; exit 1' 1 3 15
-echo creating config.status
-rm -f config.status
-cat > config.status <<EOF
-#!/bin/sh
-# Generated automatically by configure.
-# Run this file to recreate the current configuration.
-# This directory was configured as follows,
-# on host `(hostname || uname -n) 2>/dev/null`:
-#
-# $0 $*
-
-for arg
-do
-  case "\$arg" in
-    -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
-    exec /bin/sh $0 $* ;;
-    *) echo "Usage: config.status --recheck" 2>&1; exit 1 ;;
-  esac
-done
-
-trap 'rm -f Makefile; exit 1' 1 3 15
-CC='$CC'
-INSTALL='$INSTALL'
-INSTALL_PROGRAM='$INSTALL_PROGRAM'
-INSTALL_DATA='$INSTALL_DATA'
-CPP='$CPP'
-ALLOCA='$ALLOCA'
-LIBS='$LIBS'
-srcdir='$srcdir'
-DEFS='$DEFS'
-prefix='$prefix'
-exec_prefix='$exec_prefix'
-prsub='$prsub'
-EOF
-cat >> config.status <<\EOF
-
-top_srcdir=$srcdir
-for file in .. Makefile; do if [ "x$file" != "x.." ]; then
-  srcdir=$top_srcdir
-  # Remove last slash and all that follows it.  Not all systems have dirname.
-  dir=`echo $file|sed 's%/[^/][^/]*$%%'`
-  if test "$dir" != "$file"; then
-    test "$top_srcdir" != . && srcdir=$top_srcdir/$dir
-    test ! -d $dir && mkdir $dir
-  fi
-  echo creating $file
-  rm -f $file
-  echo "# Generated automatically from `echo $file|sed 's|.*/||'`.in by configure." > $file
-  sed -e "
-$prsub
-s%@CC@%$CC%g
-s%@INSTALL@%$INSTALL%g
-s%@INSTALL_PROGRAM@%$INSTALL_PROGRAM%g
-s%@INSTALL_DATA@%$INSTALL_DATA%g
-s%@CPP@%$CPP%g
-s%@ALLOCA@%$ALLOCA%g
-s%@LIBS@%$LIBS%g
-s%@srcdir@%$srcdir%g
-s%@DEFS@%$DEFS%
-" $top_srcdir/${file}.in >> $file
-fi; done
-
-exit 0
-EOF
-chmod +x config.status
-test -n "$no_create" || ./config.status
-

extras/regex/configure.in

@@ -1,23 +0,0 @@
-dnl Process this file with autoconf to produce a configure script.
-AC_INIT(regex.c)
-
-AC_PROG_CC
-AC_PROG_INSTALL
-
-dnl I'm not sure if AC_AIX and AC_DYNIX_SEQ are really necessary.  The
-dnl Autoconf documentation isn't specific about which BSD functions they
-dnl provide.
-AC_AIX
-AC_DYNIX_SEQ
-AC_ISC_POSIX
-AC_MINIX
-
-AC_STDC_HEADERS
-AC_HAVE_HEADERS(string.h)
-
-AC_ALLOCA
-AC_CONST
-
-AC_PREFIX(gcc)
-
-AC_OUTPUT(Makefile doc/Makefile test/Makefile)

extras/regex/moo/Makefile

@@ -1,4 +0,0 @@
-clean:
-default:
-all:
-	echo "."

extras/regex/regex.h

@@ -1,490 +0,0 @@
-/* Definitions for data structures and routines for the regular
-   expression library, version 0.12.
-
-   Copyright (C) 1985, 1989, 1990, 1991, 1992, 1993 Free Software Foundation, Inc.
-
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2, or (at your option)
-   any later version.
-
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.  */
-
-#ifndef __REGEXP_LIBRARY_H__
-#define __REGEXP_LIBRARY_H__
-
-/* POSIX says that <sys/types.h> must be included (by the caller) before
-   <regex.h>.  */
-
-#ifdef VMS
-/* VMS doesn't have `size_t' in <sys/types.h>, even though POSIX says it
-   should be there.  */
-#include <stddef.h>
-#endif
-
-
-/* The following bits are used to determine the regexp syntax we
-   recognize.  The set/not-set meanings are chosen so that Emacs syntax
-   remains the value 0.  The bits are given in alphabetical order, and
-   the definitions shifted by one from the previous bit; thus, when we
-   add or remove a bit, only one other definition need change.  */
-typedef unsigned reg_syntax_t;
-
-/* If this bit is not set, then \ inside a bracket expression is literal.
-   If set, then such a \ quotes the following character.  */
-#define RE_BACKSLASH_ESCAPE_IN_LISTS (1)
-
-/* If this bit is not set, then + and ? are operators, and \+ and \? are
-     literals. 
-   If set, then \+ and \? are operators and + and ? are literals.  */
-#define RE_BK_PLUS_QM (RE_BACKSLASH_ESCAPE_IN_LISTS << 1)
-
-/* If this bit is set, then character classes are supported.  They are:
-     [:alpha:], [:upper:], [:lower:],  [:digit:], [:alnum:], [:xdigit:],
-     [:space:], [:print:], [:punct:], [:graph:], and [:cntrl:].
-   If not set, then character classes are not supported.  */
-#define RE_CHAR_CLASSES (RE_BK_PLUS_QM << 1)
-
-/* If this bit is set, then ^ and $ are always anchors (outside bracket
-     expressions, of course).
-   If this bit is not set, then it depends:
-        ^  is an anchor if it is at the beginning of a regular
-           expression or after an open-group or an alternation operator;
-        $  is an anchor if it is at the end of a regular expression, or
-           before a close-group or an alternation operator.  
-
-   This bit could be (re)combined with RE_CONTEXT_INDEP_OPS, because
-   POSIX draft 11.2 says that * etc. in leading positions is undefined.
-   We already implemented a previous draft which made those constructs
-   invalid, though, so we haven't changed the code back.  */
-#define RE_CONTEXT_INDEP_ANCHORS (RE_CHAR_CLASSES << 1)
-
-/* If this bit is set, then special characters are always special
-     regardless of where they are in the pattern.
-   If this bit is not set, then special characters are special only in
-     some contexts; otherwise they are ordinary.  Specifically, 
-     * + ? and intervals are only special when not after the beginning,
-     open-group, or alternation operator.  */
-#define RE_CONTEXT_INDEP_OPS (RE_CONTEXT_INDEP_ANCHORS << 1)
-
-/* If this bit is set, then *, +, ?, and { cannot be first in an re or
-     immediately after an alternation or begin-group operator.  */
-#define RE_CONTEXT_INVALID_OPS (RE_CONTEXT_INDEP_OPS << 1)
-
-/* If this bit is set, then . matches newline.
-   If not set, then it doesn't.  */
-#define RE_DOT_NEWLINE (RE_CONTEXT_INVALID_OPS << 1)
-
-/* If this bit is set, then . doesn't match NUL.
-   If not set, then it does.  */
-#define RE_DOT_NOT_NULL (RE_DOT_NEWLINE << 1)
-
-/* If this bit is set, nonmatching lists [^...] do not match newline.
-   If not set, they do.  */
-#define RE_HAT_LISTS_NOT_NEWLINE (RE_DOT_NOT_NULL << 1)
-
-/* If this bit is set, either \{...\} or {...} defines an
-     interval, depending on RE_NO_BK_BRACES. 
-   If not set, \{, \}, {, and } are literals.  */
-#define RE_INTERVALS (RE_HAT_LISTS_NOT_NEWLINE << 1)
-
-/* If this bit is set, +, ? and | aren't recognized as operators.
-   If not set, they are.  */
-#define RE_LIMITED_OPS (RE_INTERVALS << 1)
-
-/* If this bit is set, newline is an alternation operator.
-   If not set, newline is literal.  */
-#define RE_NEWLINE_ALT (RE_LIMITED_OPS << 1)
-
-/* If this bit is set, then `{...}' defines an interval, and \{ and \}
-     are literals.
-  If not set, then `\{...\}' defines an interval.  */
-#define RE_NO_BK_BRACES (RE_NEWLINE_ALT << 1)
-
-/* If this bit is set, (...) defines a group, and \( and \) are literals.
-   If not set, \(...\) defines a group, and ( and ) are literals.  */
-#define RE_NO_BK_PARENS (RE_NO_BK_BRACES << 1)
-
-/* If this bit is set, then \<digit> matches <digit>.
-   If not set, then \<digit> is a back-reference.  */
-#define RE_NO_BK_REFS (RE_NO_BK_PARENS << 1)
-
-/* If this bit is set, then | is an alternation operator, and \| is literal. 
-   If not set, then \| is an alternation operator, and | is literal.  */
-#define RE_NO_BK_VBAR (RE_NO_BK_REFS << 1)
-
-/* If this bit is set, then an ending range point collating higher
-     than the starting range point, as in [z-a], is invalid.
-   If not set, then when ending range point collates higher than the
-     starting range point, the range is ignored.  */
-#define RE_NO_EMPTY_RANGES (RE_NO_BK_VBAR << 1)
-
-/* If this bit is set, then an unmatched ) is ordinary.
-   If not set, then an unmatched ) is invalid.  */
-#define RE_UNMATCHED_RIGHT_PAREN_ORD (RE_NO_EMPTY_RANGES << 1)
-
-/* This global variable defines the particular regexp syntax to use (for
-   some interfaces).  When a regexp is compiled, the syntax used is
-   stored in the pattern buffer, so changing this does not affect
-   already-compiled regexps.  */
-extern reg_syntax_t re_syntax_options;
-
-/* Define combinations of the above bits for the standard possibilities.
-   (The [[[ comments delimit what gets put into the Texinfo file, so
-   don't delete them!)  */ 
-/* [[[begin syntaxes]]] */
-#define RE_SYNTAX_EMACS 0
-
-#define RE_SYNTAX_AWK							\
-  (RE_BACKSLASH_ESCAPE_IN_LISTS | RE_DOT_NOT_NULL			\
-   | RE_NO_BK_PARENS            | RE_NO_BK_REFS				\
-   | RE_NO_BK_VBAR               | RE_NO_EMPTY_RANGES			\
-   | RE_UNMATCHED_RIGHT_PAREN_ORD)
-
-#define RE_SYNTAX_POSIX_AWK 						\
-  (RE_SYNTAX_POSIX_EXTENDED | RE_BACKSLASH_ESCAPE_IN_LISTS)
-
-#define RE_SYNTAX_GREP							\
-  (RE_BK_PLUS_QM              | RE_CHAR_CLASSES				\
-   | RE_HAT_LISTS_NOT_NEWLINE | RE_INTERVALS				\
-   | RE_NEWLINE_ALT)
-
-#define RE_SYNTAX_EGREP							\
-  (RE_CHAR_CLASSES        | RE_CONTEXT_INDEP_ANCHORS			\
-   | RE_CONTEXT_INDEP_OPS | RE_HAT_LISTS_NOT_NEWLINE			\
-   | RE_NEWLINE_ALT       | RE_NO_BK_PARENS				\
-   | RE_NO_BK_VBAR)
-
-#define RE_SYNTAX_POSIX_EGREP						\
-  (RE_SYNTAX_EGREP | RE_INTERVALS | RE_NO_BK_BRACES)
-
-/* P1003.2/D11.2, section 4.20.7.1, lines 5078ff.  */
-#define RE_SYNTAX_ED RE_SYNTAX_POSIX_BASIC
-
-#define RE_SYNTAX_SED RE_SYNTAX_POSIX_BASIC
-
-/* Syntax bits common to both basic and extended POSIX regex syntax.  */
-#define _RE_SYNTAX_POSIX_COMMON						\
-  (RE_CHAR_CLASSES | RE_DOT_NEWLINE      | RE_DOT_NOT_NULL		\
-   | RE_INTERVALS  | RE_NO_EMPTY_RANGES)
-
-#define RE_SYNTAX_POSIX_BASIC						\
-  (_RE_SYNTAX_POSIX_COMMON | RE_BK_PLUS_QM)
-
-/* Differs from ..._POSIX_BASIC only in that RE_BK_PLUS_QM becomes
-   RE_LIMITED_OPS, i.e., \? \+ \| are not recognized.  Actually, this
-   isn't minimal, since other operators, such as \`, aren't disabled.  */
-#define RE_SYNTAX_POSIX_MINIMAL_BASIC					\
-  (_RE_SYNTAX_POSIX_COMMON | RE_LIMITED_OPS)
-
-#define RE_SYNTAX_POSIX_EXTENDED					\
-  (_RE_SYNTAX_POSIX_COMMON | RE_CONTEXT_INDEP_ANCHORS			\
-   | RE_CONTEXT_INDEP_OPS  | RE_NO_BK_BRACES				\
-   | RE_NO_BK_PARENS       | RE_NO_BK_VBAR				\
-   | RE_UNMATCHED_RIGHT_PAREN_ORD)
-
-/* Differs from ..._POSIX_EXTENDED in that RE_CONTEXT_INVALID_OPS
-   replaces RE_CONTEXT_INDEP_OPS and RE_NO_BK_REFS is added.  */
-#define RE_SYNTAX_POSIX_MINIMAL_EXTENDED				\
-  (_RE_SYNTAX_POSIX_COMMON  | RE_CONTEXT_INDEP_ANCHORS			\
-   | RE_CONTEXT_INVALID_OPS | RE_NO_BK_BRACES				\
-   | RE_NO_BK_PARENS        | RE_NO_BK_REFS				\
-   | RE_NO_BK_VBAR	    | RE_UNMATCHED_RIGHT_PAREN_ORD)
-/* [[[end syntaxes]]] */
-
-/* Maximum number of duplicates an interval can allow.  Some systems
-   (erroneously) define this in other header files, but we want our
-   value, so remove any previous define.  */
-#ifdef RE_DUP_MAX
-#undef RE_DUP_MAX
-#endif
-#define RE_DUP_MAX ((1 << 15) - 1) 
-
-
-/* POSIX `cflags' bits (i.e., information for `regcomp').  */
-
-/* If this bit is set, then use extended regular expression syntax.
-   If not set, then use basic regular expression syntax.  */
-#define REG_EXTENDED 1
-
-/* If this bit is set, then ignore case when matching.
-   If not set, then case is significant.  */
-#define REG_ICASE (REG_EXTENDED << 1)
- 
-/* If this bit is set, then anchors do not match at newline
-     characters in the string.
-   If not set, then anchors do match at newlines.  */
-#define REG_NEWLINE (REG_ICASE << 1)
-
-/* If this bit is set, then report only success or fail in regexec.
-   If not set, then returns differ between not matching and errors.  */
-#define REG_NOSUB (REG_NEWLINE << 1)
-
-
-/* POSIX `eflags' bits (i.e., information for regexec).  */
-
-/* If this bit is set, then the beginning-of-line operator doesn't match
-     the beginning of the string (presumably because it's not the
-     beginning of a line).
-   If not set, then the beginning-of-line operator does match the
-     beginning of the string.  */
-#define REG_NOTBOL 1
-
-/* Like REG_NOTBOL, except for the end-of-line.  */
-#define REG_NOTEOL (1 << 1)
-
-
-/* If any error codes are removed, changed, or added, update the
-   `re_error_msg' table in regex.c.  */
-typedef enum
-{
-  REG_NOERROR = 0,	/* Success.  */
-  REG_NOMATCH,		/* Didn't find a match (for regexec).  */
-
-  /* POSIX regcomp return error codes.  (In the order listed in the
-     standard.)  */
-  REG_BADPAT,		/* Invalid pattern.  */
-  REG_ECOLLATE,		/* Not implemented.  */
-  REG_ECTYPE,		/* Invalid character class name.  */
-  REG_EESCAPE,		/* Trailing backslash.  */
-  REG_ESUBREG,		/* Invalid back reference.  */
-  REG_EBRACK,		/* Unmatched left bracket.  */
-  REG_EPAREN,		/* Parenthesis imbalance.  */ 
-  REG_EBRACE,		/* Unmatched \{.  */
-  REG_BADBR,		/* Invalid contents of \{\}.  */
-  REG_ERANGE,		/* Invalid range end.  */
-  REG_ESPACE,		/* Ran out of memory.  */
-  REG_BADRPT,		/* No preceding re for repetition op.  */
-
-  /* Error codes we've added.  */
-  REG_EEND,		/* Premature end.  */
-  REG_ESIZE,		/* Compiled pattern bigger than 2^16 bytes.  */
-  REG_ERPAREN		/* Unmatched ) or \); not returned from regcomp.  */
-} reg_errcode_t;
-
-/* This data structure represents a compiled pattern.  Before calling
-   the pattern compiler, the fields `buffer', `allocated', `fastmap',
-   `translate', and `no_sub' can be set.  After the pattern has been
-   compiled, the `re_nsub' field is available.  All other fields are
-   private to the regex routines.  */
-
-struct re_pattern_buffer
-{
-/* [[[begin pattern_buffer]]] */
-	/* Space that holds the compiled pattern.  It is declared as
-          `unsigned char *' because its elements are
-           sometimes used as array indexes.  */
-  unsigned char *buffer;
-
-	/* Number of bytes to which `buffer' points.  */
-  unsigned long allocated;
-
-	/* Number of bytes actually used in `buffer'.  */
-  unsigned long used;	
-
-        /* Syntax setting with which the pattern was compiled.  */
-  reg_syntax_t syntax;
-
-        /* Pointer to a fastmap, if any, otherwise zero.  re_search uses
-           the fastmap, if there is one, to skip over impossible
-           starting points for matches.  */
-  char *fastmap;
-
-        /* Either a translate table to apply to all characters before
-           comparing them, or zero for no translation.  The translation
-           is applied to a pattern when it is compiled and to a string
-           when it is matched.  */
-  char *translate;
-
-	/* Number of subexpressions found by the compiler.  */
-  size_t re_nsub;
-
-        /* Zero if this pattern cannot match the empty string, one else.
-           Well, in truth it's used only in `re_search_2', to see
-           whether or not we should use the fastmap, so we don't set
-           this absolutely perfectly; see `re_compile_fastmap' (the
-           `duplicate' case).  */
-  unsigned can_be_null : 1;
-
-        /* If REGS_UNALLOCATED, allocate space in the `regs' structure
-             for `max (RE_NREGS, re_nsub + 1)' groups.
-           If REGS_REALLOCATE, reallocate space if necessary.
-           If REGS_FIXED, use what's there.  */
-#define REGS_UNALLOCATED 0
-#define REGS_REALLOCATE 1
-#define REGS_FIXED 2
-  unsigned regs_allocated : 2;
-
-        /* Set to zero when `regex_compile' compiles a pattern; set to one
-           by `re_compile_fastmap' if it updates the fastmap.  */
-  unsigned fastmap_accurate : 1;
-
-        /* If set, `re_match_2' does not return information about
-           subexpressions.  */
-  unsigned no_sub : 1;
-
-        /* If set, a beginning-of-line anchor doesn't match at the
-           beginning of the string.  */ 
-  unsigned not_bol : 1;
-
-        /* Similarly for an end-of-line anchor.  */
-  unsigned not_eol : 1;
-
-        /* If true, an anchor at a newline matches.  */
-  unsigned newline_anchor : 1;
-
-/* [[[end pattern_buffer]]] */
-};
-
-typedef struct re_pattern_buffer regex_t;
-
-
-/* search.c (search_buffer) in Emacs needs this one opcode value.  It is
-   defined both in `regex.c' and here.  */
-#define RE_EXACTN_VALUE 1
-
-/* Type for byte offsets within the string.  POSIX mandates this.  */
-typedef int regoff_t;
-
-
-/* This is the structure we store register match data in.  See
-   regex.texinfo for a full description of what registers match.  */
-struct re_registers
-{
-  unsigned num_regs;
-  regoff_t *start;
-  regoff_t *end;
-};
-
-
-/* If `regs_allocated' is REGS_UNALLOCATED in the pattern buffer,
-   `re_match_2' returns information about at least this many registers
-   the first time a `regs' structure is passed.  */
-#ifndef RE_NREGS
-#define RE_NREGS 30
-#endif
-
-
-/* POSIX specification for registers.  Aside from the different names than
-   `re_registers', POSIX uses an array of structures, instead of a
-   structure of arrays.  */
-typedef struct
-{
-  regoff_t rm_so;  /* Byte offset from string's start to substring's start.  */
-  regoff_t rm_eo;  /* Byte offset from string's start to substring's end.  */
-} regmatch_t;
-
-/* Declarations for routines.  */
-
-/* To avoid duplicating every routine declaration -- once with a
-   prototype (if we are ANSI), and once without (if we aren't) -- we
-   use the following macro to declare argument types.  This
-   unfortunately clutters up the declarations a bit, but I think it's
-   worth it.  */
-
-#if __STDC__
-
-#define _RE_ARGS(args) args
-
-#else /* not __STDC__ */
-
-#define _RE_ARGS(args) ()
-
-#endif /* not __STDC__ */
-
-/* Sets the current default syntax to SYNTAX, and return the old syntax.
-   You can also simply assign to the `re_syntax_options' variable.  */
-extern reg_syntax_t re_set_syntax _RE_ARGS ((reg_syntax_t syntax));
-
-/* Compile the regular expression PATTERN, with length LENGTH
-   and syntax given by the global `re_syntax_options', into the buffer
-   BUFFER.  Return NULL if successful, and an error string if not.  */
-extern const char *re_compile_pattern
-  _RE_ARGS ((const char *pattern, int length,
-             struct re_pattern_buffer *buffer));
-
-
-/* Compile a fastmap for the compiled pattern in BUFFER; used to
-   accelerate searches.  Return 0 if successful and -2 if was an
-   internal error.  */
-extern int re_compile_fastmap _RE_ARGS ((struct re_pattern_buffer *buffer));
-
-
-/* Search in the string STRING (with length LENGTH) for the pattern
-   compiled into BUFFER.  Start searching at position START, for RANGE
-   characters.  Return the starting position of the match, -1 for no
-   match, or -2 for an internal error.  Also return register
-   information in REGS (if REGS and BUFFER->no_sub are nonzero).  */
-extern int re_search
-  _RE_ARGS ((struct re_pattern_buffer *buffer, const char *string,
-            int length, int start, int range, struct re_registers *regs));
-
-
-/* Like `re_search', but search in the concatenation of STRING1 and
-   STRING2.  Also, stop searching at index START + STOP.  */
-extern int re_search_2
-  _RE_ARGS ((struct re_pattern_buffer *buffer, const char *string1,
-             int length1, const char *string2, int length2,
-             int start, int range, struct re_registers *regs, int stop));
-
-
-/* Like `re_search', but return how many characters in STRING the regexp
-   in BUFFER matched, starting at position START.  */
-extern int re_match
-  _RE_ARGS ((struct re_pattern_buffer *buffer, const char *string,
-             int length, int start, struct re_registers *regs));
-
-
-/* Relates to `re_match' as `re_search_2' relates to `re_search'.  */
-extern int re_match_2 
-  _RE_ARGS ((struct re_pattern_buffer *buffer, const char *string1,
-             int length1, const char *string2, int length2,
-             int start, struct re_registers *regs, int stop));
-
-
-/* Set REGS to hold NUM_REGS registers, storing them in STARTS and
-   ENDS.  Subsequent matches using BUFFER and REGS will use this memory
-   for recording register information.  STARTS and ENDS must be
-   allocated with malloc, and must each be at least `NUM_REGS * sizeof
-   (regoff_t)' bytes long.
-
-   If NUM_REGS == 0, then subsequent matches should allocate their own
-   register data.
-
-   Unless this function is called, the first search or match using
-   PATTERN_BUFFER will allocate its own register data, without
-   freeing the old data.  */
-extern void re_set_registers
-  _RE_ARGS ((struct re_pattern_buffer *buffer, struct re_registers *regs,
-             unsigned num_regs, regoff_t *starts, regoff_t *ends));
-
-/* 4.2 bsd compatibility.  */
-extern char *re_comp _RE_ARGS ((const char *));
-extern int re_exec _RE_ARGS ((const char *));
-
-/* POSIX compatibility.  */
-extern int regcomp _RE_ARGS ((regex_t *preg, const char *pattern, int cflags));
-extern int regexec
-  _RE_ARGS ((const regex_t *preg, const char *string, size_t nmatch,
-             regmatch_t pmatch[], int eflags));
-extern size_t regerror
-  _RE_ARGS ((int errcode, const regex_t *preg, char *errbuf,
-             size_t errbuf_size));
-extern void regfree _RE_ARGS ((regex_t *preg));
-
-#endif /* not __REGEXP_LIBRARY_H__ */
-
-/*
-Local variables:
-make-backup-files: t
-version-control: t
-trim-versions-without-asking: nil
-End:
-*/

extras/security/apparmor/unrealircd

@@ -1,12 +1,12 @@
-# AppArmor profile for UnrealIRCd 4.0.16+
+# AppArmor profile for UnrealIRCd 5
 #
 # Note that you may still see some DENIED warnings in logs with
 # operation="chmod". These are harmless and can be safely ignored.
 #
-# Tested on Ubuntu 16.x and 17.x
+# Tested on Ubuntu 16.04 LTS and Ubuntu 18.04 LTS
 #
-# NOTE: you will have to modify the path to executable below
-#       if it's not /home/ircd/unrealircd/bin/unrealircd.
+# IMPORTANT: you will have to modify the path to executable below
+#            if it's not /home/ircd/unrealircd/bin/unrealircd !
 
 #include <tunables/global>
 
@@ -17,8 +17,7 @@
 
   @{HOME}/unrealircd/conf/ r,
   @{HOME}/unrealircd/conf/** r,
-  @{HOME}/unrealircd/data/ircd.tune rw,
-  @{HOME}/unrealircd/data/unrealircd.pid rw,
+  @{HOME}/unrealircd/data/** rw,
   @{HOME}/unrealircd/lib/*.so* mr,
   @{HOME}/unrealircd/logs/* rw,
   @{HOME}/unrealircd/modules/**.so r,

extras/tests/tls/cipherscan_profiles/baseline.txt

@@ -0,0 +1,27 @@
+Target: 127.0.0.1:5901
+
+prio  ciphersuite                    protocols              pfs                 curves
+1     ECDHE-ECDSA-AES256-GCM-SHA384  TLSv1.2                ECDH,P-521,521bits  secp521r1,secp384r1
+2     ECDHE-ECDSA-AES128-GCM-SHA256  TLSv1.2                ECDH,P-521,521bits  secp521r1,secp384r1
+3     ECDHE-ECDSA-AES256-SHA384      TLSv1.2                ECDH,P-521,521bits  secp521r1,secp384r1
+4     ECDHE-ECDSA-AES128-SHA256      TLSv1.2                ECDH,P-521,521bits  secp521r1,secp384r1
+5     ECDHE-ECDSA-AES256-SHA         TLSv1,TLSv1.1,TLSv1.2  ECDH,P-521,521bits  secp521r1,secp384r1
+6     ECDHE-ECDSA-AES128-SHA         TLSv1,TLSv1.1,TLSv1.2  ECDH,P-521,521bits  secp521r1,secp384r1
+
+Certificate: untrusted, 384 bits, ecdsa-with-SHA256 signature
+TLS ticket lifetime hint: None
+NPN protocols: None
+OCSP stapling: not supported
+Cipher ordering: server
+Curves ordering: server - fallback: no
+Server supports secure renegotiation
+Server supported compression methods: NONE
+TLS Tolerance: yes
+
+Intolerance to:
+ SSL 3.254           : absent
+ TLS 1.0             : absent
+ TLS 1.1             : absent
+ TLS 1.2             : absent
+ TLS 1.3             : absent
+ TLS 1.4             : absent

extras/tests/tls/cipherscan_profiles/openssl-101.txt

@@ -0,0 +1,27 @@
+Target: 127.0.0.1:5901
+
+prio  ciphersuite                    protocols              pfs                 curves
+1     ECDHE-ECDSA-AES256-GCM-SHA384  TLSv1.2                ECDH,P-256,256bits  prime256v1
+2     ECDHE-ECDSA-AES128-GCM-SHA256  TLSv1.2                ECDH,P-256,256bits  prime256v1
+3     ECDHE-ECDSA-AES256-SHA384      TLSv1.2                ECDH,P-256,256bits  prime256v1
+4     ECDHE-ECDSA-AES256-SHA         TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits  prime256v1
+5     ECDHE-ECDSA-AES128-SHA256      TLSv1.2                ECDH,P-256,256bits  prime256v1
+6     ECDHE-ECDSA-AES128-SHA         TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits  prime256v1
+
+Certificate: untrusted, 384 bits, ecdsa-with-SHA256 signature
+TLS ticket lifetime hint: None
+NPN protocols: None
+OCSP stapling: not supported
+Cipher ordering: server
+Curves ordering: server - fallback: no
+Server supports secure renegotiation
+Server supported compression methods: NONE
+TLS Tolerance: yes
+
+Intolerance to:
+ SSL 3.254           : absent
+ TLS 1.0             : absent
+ TLS 1.1             : absent
+ TLS 1.2             : absent
+ TLS 1.3             : absent
+ TLS 1.4             : absent

extras/tests/tls/cipherscan_profiles/openssl-102-ubuntu16.txt

@@ -0,0 +1,27 @@
+Target: 127.0.0.1:5901
+
+prio  ciphersuite                    protocols              pfs                 curves
+1     ECDHE-ECDSA-AES256-GCM-SHA384  TLSv1.2                ECDH,P-521,521bits  secp521r1,secp384r1
+2     ECDHE-ECDSA-AES128-GCM-SHA256  TLSv1.2                ECDH,P-521,521bits  secp521r1,secp384r1
+3     ECDHE-ECDSA-AES256-SHA384      TLSv1.2                ECDH,P-521,521bits  secp521r1,secp384r1
+4     ECDHE-ECDSA-AES256-SHA         TLSv1,TLSv1.1,TLSv1.2  ECDH,P-521,521bits  secp521r1,secp384r1
+5     ECDHE-ECDSA-AES128-SHA256      TLSv1.2                ECDH,P-521,521bits  secp521r1,secp384r1
+6     ECDHE-ECDSA-AES128-SHA         TLSv1,TLSv1.1,TLSv1.2  ECDH,P-521,521bits  secp521r1,secp384r1
+
+Certificate: untrusted, 384 bits, ecdsa-with-SHA256 signature
+TLS ticket lifetime hint: None
+NPN protocols: None
+OCSP stapling: not supported
+Cipher ordering: server
+Curves ordering: server - fallback: no
+Server supports secure renegotiation
+Server supported compression methods: NONE
+TLS Tolerance: yes
+
+Intolerance to:
+ SSL 3.254           : absent
+ TLS 1.0             : absent
+ TLS 1.1             : absent
+ TLS 1.2             : absent
+ TLS 1.3             : absent
+ TLS 1.4             : absent

extras/tests/tls/cipherscan_profiles/openssl-300.txt

@@ -0,0 +1,27 @@
+Target: 127.0.0.1:5901
+
+prio  ciphersuite                    protocols  pfs                 curves
+1     ECDHE-ECDSA-AES256-GCM-SHA384  TLSv1.2    ECDH,P-521,521bits  secp521r1,secp384r1
+2     ECDHE-ECDSA-AES128-GCM-SHA256  TLSv1.2    ECDH,P-521,521bits  secp521r1,secp384r1
+3     ECDHE-ECDSA-AES256-SHA384      TLSv1.2    ECDH,P-521,521bits  secp521r1,secp384r1
+4     ECDHE-ECDSA-AES128-SHA256      TLSv1.2    ECDH,P-521,521bits  secp521r1,secp384r1
+5     ECDHE-ECDSA-AES256-SHA         TLSv1.2    ECDH,P-521,521bits  secp521r1,secp384r1
+6     ECDHE-ECDSA-AES128-SHA         TLSv1.2    ECDH,P-521,521bits  secp521r1,secp384r1
+
+Certificate: untrusted, 384 bits, ecdsa-with-SHA256 signature
+TLS ticket lifetime hint: None
+NPN protocols: None
+OCSP stapling: not supported
+Cipher ordering: server
+Curves ordering: server - fallback: no
+Server supports secure renegotiation
+Server supported compression methods: NONE
+TLS Tolerance: yes
+
+Intolerance to:
+ SSL 3.254           : absent
+ TLS 1.0             : PRESENT
+ TLS 1.1             : PRESENT
+ TLS 1.2             : absent
+ TLS 1.3             : absent
+ TLS 1.4             : absent

extras/tests/tls/tls-tests

@@ -0,0 +1,90 @@
+#!/bin/bash
+# We assume we are executed from extras/tests/tls
+
+function fail()
+{
+	echo "TLS TEST ERROR: $*"
+	exit 1
+}
+
+CIPHERSCAN="cipherscan"
+OPENSSL="openssl"
+if [ -x ~/cipherscan ]; then
+	CIPHERSCAN="$HOME/cipherscan/cipherscan"
+	OPENSSL="$HOME/cipherscan/openssl"
+elif [ -x /home/travis/build/unrealircd/unrealircd/cipherscan/cipherscan ]; then
+	CIPHERSCAN="/home/travis/build/unrealircd/unrealircd/cipherscan/cipherscan"
+	OPENSSL="/home/travis/build/unrealircd/unrealircd/cipherscan/openssl"
+elif [ -x ../../../cipherscan/ ]; then
+	CIPHERSCAN="`readlink -f ../../../cipherscan/cipherscan`"
+	OPENSSL="`readlink -f ../../../cipherscan/openssl`"
+fi
+
+$CIPHERSCAN --help >/dev/null || exit 1
+
+
+# This is the basic cipherscan test.
+# It compares the output against a reference .txt file and alarms us if there
+# are any changes. These changes may not always be harmful, but at least we
+# will get warned on any possible changes.
+$CIPHERSCAN --no-colors 127.0.0.1:5901|grep -vF '.....' >cipherscan.test.txt
+
+# Now check if profile matches, if so.. everything is ok.
+# We have 1 or more baseline profiles
+# And you can optionally add profile-specific, eg openssl-102.txt
+# Yeah that was a great idea but maintaining that is a bit of a hassle.
+# TODO: reintroduce it though, see below.
+##for f in cipherscan_profiles/baseline*txt cipherscan_profiles/$BUILDCONFIG.txt
+FAILED=1
+for f in cipherscan_profiles/*.txt
+do
+	diff -uab $f cipherscan.test.txt 1>/dev/null 2>&1
+	if [ "$?" -eq 0 ]; then
+		FAILED=0
+		echo "Cipherscan profile $f matched."
+		break
+	fi
+done
+
+if [ "$FAILED" -eq 1 ]; then
+	echo "*** Differences found between cipherscan scan and expected output ***"
+	if [ -f cipherscan_profiles/$BUILDCONFIG.txt ]; then
+		COMPARE_PROFILE="cipherscan_profiles/$BUILDCONFIG.txt"
+	else
+		COMPARE_PROFILE="cipherscan_profiles/baseline.txt"
+	fi
+	echo "== EXPECTED OUTPUT ($COMPARE_PROFILE) =="
+	cat $COMPARE_PROFILE
+	echo
+	echo "== ACTUAL TEST OUTPUT =="
+	cat cipherscan.test.txt
+	echo
+	echo "== DIFF =="
+	diff -uab $COMPARE_PROFILE cipherscan.test.txt
+	echo
+	echo "cipherscan test failed."
+	exit 1
+else
+	echo "*** Cipherscan output was good ***"
+	cat cipherscan.test.txt
+fi
+
+# This checks for a couple of old ciphers that should never work:
+for cipher in 3DES RC4
+do
+	echo "Testing cipher $cipher (MUST FAIL!).."
+	(echo QUIT|$OPENSSL s_client -connect 127.0.0.1:5901 -cipher $cipher) &&
+	fail "UnrealIRCd allowed us to connect with cipher $cipher, BAD!"
+done
+
+# This checks older SSL/TLS versions that should not work:
+for protocol in ssl2 ssl3
+do
+	echo "Testing protocol $protocol (MUST FAIL!).."
+	(echo QUIT|$OPENSSL s_client -connect 127.0.0.1:5901 -$protocol) &&
+	fail "UnrealIRCd allowed us to connect with protocol $protocol, BAD!"
+done
+
+echo
+echo "TLS tests ended (no issues)."
+exit 0

extras/tls.cnf

@@ -1,10 +1,8 @@
 # create RSA certs - Server
 
-RANDFILE = ssl.rnd
-
 [ req ]
-default_bits = 4096
-encrypt_key = yes
+# Note: RSA bits is ignored, as we use ECC now
+default_bits = 2048
 distinguished_name = req_dn
 x509_extensions = cert_type
 

extras/unrealircd-upgrade-script.in

@@ -0,0 +1,123 @@
+#!/usr/bin/env bash
+#
+# This is stage 1 of the UnrealIRCd upgrade script
+# It downloads stage 2 online, verifies the integrity, and then
+# passes control to it to proceed with the rest of the upgrade.
+#
+# This is a bash script, so it is less cross-platform than the
+# rest of UnrealIRCd. We also mostly assume Linux/FreeBSD here.
+#
+
+BUILDDIR="@BUILDDIR@"
+SCRIPTDIR="@SCRIPTDIR@"
+DOCDIR="@DOCDIR@"
+TMPDIR="@TMPDIR@"
+
+function warn()
+{
+	echo
+	echo "WARNING: $*"
+	echo "This is for your information only. It is possible to continue."
+	echo "Press ENTER to continue, or CTRL+C to abort."
+	echo "If in doubt, see https://www.unrealircd.org/docs/FAQ#upgrade-verify-failed"
+	read xyz
+}
+
+function bigwarn()
+{
+	echo
+	echo "[!!!] WARNING: $*"
+	echo "Check https://www.unrealircd.org/docs/FAQ#upgrade-verify-failed !"
+	echo "Type 'IGNORE' in uppercase to continue if you think it is safe."
+	echo "Type anything else to abort."
+	read answer
+	if [ "$answer" != "IGNORE" ]; then
+		exit 1
+	fi
+}
+
+function fail()
+{
+	echo
+	echo "ERROR: $*"
+	echo "NOTE: Your existing UnrealIRCd is backed up to $BACKUPDIR"
+	echo "Perhaps check out the FAQ for common problems:"
+	echo "https://www.unrealircd.org/docs/FAQ#upgrade-failed"
+	echo "Otherwise, follow the manual upgrade procedure from"
+	echo "https://www.unrealircd.org/docs/Upgrading"
+	exit 1
+}
+
+if [ ! -d "$BUILDDIR" ]; then
+	echo "UnrealIRCd source not found at $BUILDDIR."
+	echo "Sorry, then it is not possible to know your existing settings and thus we cannot upgrade."
+	echo "Follow the manual upgrade procedure from https://www.unrealircd.org/docs/Upgrading"
+	exit 1
+fi
+
+FETCHER="wget"
+if ! wget --help 1>/dev/null 2>&1; then
+	# fetch is a pain: it always returns 1 (false) even for usage info and has no --version
+	fetch 1>/dev/null 2>&1
+	if [ "$?" -ne 1 ]; then
+		echo "The tool 'wget' is missing, which is used by this script."
+		echo "On Linux consider running 'sudo apt install wget' or 'sudo yum install wget'"
+		echo "and run this script again."
+		echo "Or, don't use this script and follow the manual upgrade procedure from"
+		echo "https://www.unrealircd.org/docs/Upgrading"
+		exit 1
+	fi
+	FETCHER="fetch"
+fi
+
+# Weird way to get version, but ok.
+cd "$BUILDDIR" || fail "Could not cd to builddir"
+UNREALVER="`./configure --version|head -n1|awk '{ print $3 }'`"
+cd .. || fail "Could not cd back"
+
+# Set and export all variables with settings
+export UNREALVER BUILDDIR SCRIPTDIR DOCDIR TMPDIR FETCHER
+
+# Download the install script
+if [ "$FETCHER" = "wget" ]; then
+	wget -O unrealircd-upgrade-script.stage2 "https://www.unrealircd.org/downloads/unrealircd-upgrade-script.stage2?from=$UNREALVER" || fail "Could not download online installer"
+	wget -O unrealircd-upgrade-script.stage2.asc "https://www.unrealircd.org/downloads/unrealircd-upgrade-script.stage2.asc" || fail "Could not download online installer signature"
+else
+	fetch -o unrealircd-upgrade-script.stage2 "https://www.unrealircd.org/downloads/unrealircd-upgrade-script.stage2?from=$UNREALVER" || fail "Could not download online installer"
+	fetch -o unrealircd-upgrade-script.stage2.asc "https://www.unrealircd.org/downloads/unrealircd-upgrade-script.stage2.asc" || fail "Could not download online installer signature"
+fi
+
+# GPG verification - if available
+if gpg --version 1>/dev/null 2>&1; then
+	if [ -f "$DOCDIR/KEYS" ]; then
+		gpg --import "$DOCDIR/KEYS"
+		echo
+		if gpg --batch --exit-on-status-write-error --verify unrealircd-upgrade-script.stage2.asc unrealircd-upgrade-script.stage2; then
+			echo "GPG: Verification succeeded. Download is genuine."
+			export NOGPG=0
+		else
+			bigwarn "GPG/PGP verification failed. This could be a security issue."
+			export NOGPG=1
+		fi
+	else
+		warn "Unable to check download integrity with GPG/PGP. Missing $DOCDIR/KEYS file."
+		export NOGPG=1
+	fi
+else
+	echo "WARNING: The GnuPG (GPG/PGP) verification tool 'gpg' is not installed."
+	if [[ "$OSTYPE" == "freebsd"* ]] ; then
+		echo "Consider running 'sudo pkg install gnupg'"
+	else
+		echo "Consider running 'sudo apt install gpg' or 'yum install gnupg2'"
+	fi
+	echo "When 'gpg' is installed then the UnrealIRCd upgrade script can"
+	echo "verify the digital signature of the download file."
+	warn "Unable to check download integrity"
+	export NOGPG=1
+fi
+
+chmod +x unrealircd-upgrade-script.stage2
+./unrealircd-upgrade-script.stage2 $*
+SAVERET="$?"
+rm -f unrealircd-upgrade-script.stage2 unrealircd-upgrade-script.stage2
+exit $SAVERET

include/auth.h

@@ -1,39 +0,0 @@
-/************************************************************************
- *   Unreal Internet Relay Chat Daemon, include/auth.h
- *   Copyright (C) 2001 Carsten V. Munk (stskeeps@tspre.org)
- *
- *   This program is free software; you can redistribute it and/or modify
- *   it under the terms of the GNU General Public License as published by
- *   the Free Software Foundation; either version 1, or (at your option)
- *   any later version.
- *
- *   This program is distributed in the hope that it will be useful,
- *   but WITHOUT ANY WARRANTY; without even the implied warranty of
- *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *   GNU General Public License for more details.
- *
- *   You should have received a copy of the GNU General Public License
- *   along with this program; if not, write to the Free Software
- *   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- * 
- *   $Id$
- */
-
-typedef	struct {
-	char	*data;
-	short	type;
-} anAuthStruct;
-
-#define AUTHTYPE_PLAINTEXT  0
-#define AUTHTYPE_UNIXCRYPT  1
-#define AUTHTYPE_MD5        2
-#define AUTHTYPE_SHA1	    3 
-#define AUTHTYPE_SSL_CLIENTCERT 4
-#define AUTHTYPE_RIPEMD160  5
-#define AUTHTYPE_SSL_CLIENTCERTFP 6
-#define AUTHTYPE_BCRYPT 7
-#define AUTHTYPE_SPKIFP	8
-
-#ifndef HAVE_CRYPT
-#define crypt DES_crypt
-#endif

include/badwords.h

@@ -1,36 +0,0 @@
-#ifndef __BADWORDS_H
-#define __BADWORDS_H
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "tre/regex.h"
-
-#define MAX_MATCH       1
-#define MAX_WORDLEN	64
-
-#define PATTERN		"\\w*%s\\w*"
-#define REPLACEWORD	"<censored>"
-
-#define BADW_TYPE_INVALID 0x0
-#define BADW_TYPE_FAST    0x1
-#define BADW_TYPE_FAST_L  0x2
-#define BADW_TYPE_FAST_R  0x4
-#define BADW_TYPE_REGEX   0x8
-
-#define BADWORD_REPLACE 1
-#define BADWORD_BLOCK 2
-
-typedef struct _configitem_badword ConfigItem_badword;
-
-struct _configitem_badword {
-	ConfigItem_badword      *prev, *next;
-	ConfigFlag	flag;
-	char		*word, *replace;
-	unsigned short	type;
-	char		action;
-	regex_t 	expr;
-};
-
-#endif

include/channel.h

@@ -26,18 +26,7 @@
 
 #define	MODEBUFLEN	200
 
-#define CANNOT_SEND_MODERATED 1
-#define CANNOT_SEND_NOPRIVMSGS 2
-#define CANNOT_SEND_BAN 4
-#define CANNOT_SEND_MODREG 6
-#define CANNOT_SEND_SWEAR 7 /* This isn't actually used here */
-#define CANNOT_SEND_NONOTICE 8
-
-#define NullChn	((aChannel *)0)
-
-#define ChannelExists(n)	(find_channel(n, NullChn) != NullChn)
-
-#define IsULine(sptr)	(sptr->flags & FLAGS_ULINE)
+#define ChannelExists(n)	(find_channel(n, NULL))
 
 /* NOTE: Timestamps will be added to MODE-commands, so never make
  * RESYNCMODES and MODEPARAMS higher than MAXPARA-3. DALnet servers

include/class.h

@@ -1,63 +0,0 @@
-/************************************************************************
- *   Unreal Internet Relay Chat Daemon, include/class.h
- *   Copyright (C) 1990 Darren Reed
- *
- *   This program is free software; you can redistribute it and/or modify
- *   it under the terms of the GNU General Public License as published by
- *   the Free Software Foundation; either version 1, or (at your option)
- *   any later version.
- *
- *   This program is distributed in the hope that it will be useful,
- *   but WITHOUT ANY WARRANTY; without even the implied warranty of
- *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *   GNU General Public License for more details.
- *
- *   You should have received a copy of the GNU General Public License
- *   along with this program; if not, write to the Free Software
- *   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- *  
- *   $Id$
- */
-
-#ifndef	__class_include__
-#define __class_include__
-
-typedef struct Class {
-	int  class;
-	int  conFreq;
-	int  pingFreq;
-	int  maxLinks;
-	long maxSendq;
-	int  links;
-	struct Class *next;
-} aClass;
-
-#define	Class(x)	((x)->class)
-#define	ConFreq(x)	((x)->conFreq)
-#define	PingFreq(x)	((x)->pingFreq)
-#define	MaxLinks(x)	((x)->maxLinks)
-#define	MaxSendq(x)	((x)->maxSendq)
-#define	Links(x)	((x)->links)
-
-#define	ConfLinks(x)	(Class(x)->links)
-#define	ConfMaxLinks(x)	(Class(x)->maxLinks)
-#define	ConfClass(x)	(Class(x)->class)
-#define	ConfConFreq(x)	(Class(x)->conFreq)
-#define	ConfPingFreq(x)	(Class(x)->pingFreq)
-#define	ConfSendq(x)	(Class(x)->maxSendq)
-
-#define	FirstClass() 	classes
-#define	NextClass(x)	((x)->next)
-
-extern aClass *classes;
-
-extern aClass *find_class(int);
-extern int get_conf_class(aConfItem *);
-extern int get_client_class(aClient *);
-extern int get_client_ping(aClient *);
-extern int get_con_freq(aClass *);
-extern void add_class(int, int, int, int, long);
-extern void check_class(void);
-extern void initclass(void);
-
-#endif /* __class_include__ */

include/common.h

@@ -25,19 +25,16 @@
 #include <time.h>
 #ifdef _WIN32
 #include <malloc.h>
-#define NTDDI_VERSION 0x0501
-#define _WIN32_WINNT 0x0501
 #include <winsock2.h>
 #include <ws2tcpip.h>
 #include <windows.h>
 #include <io.h>
+#include <direct.h>
 #endif
 #include "types.h"
 #include "config.h"
-#ifdef	PARAMH
-#include <sys/param.h>
-#endif
 #ifndef _WIN32
+#include <sys/param.h>
 #include <stdbool.h>
 #else
 typedef int bool;
@@ -60,6 +57,12 @@ typedef int bool;
 
 #define BMAGIC 0x4675636B596F754661736369737473
 
+#ifdef _WIN32
+#define DEADBEEF_ADDR 0xDEADBEEFDEADBEEF
+#else
+#define DEADBEEF_ADDR 0xDEADBEEF
+#endif
+
 #define BASE_VERSION "UnrealIRCd"
 #ifndef _WIN32
 #define FDwrite(x,y,z) write(x, y, z)
@@ -85,19 +88,6 @@ typedef int bool;
 #define UNSURE (2)
 #endif
 
-#if 0
-#ifndef	MALLOCH
-char *malloc(), *calloc();
-void free();
-#else
-#include MALLOCH
-#endif
-#endif
-
-#define TS time_t
-
-
-extern int match(const char *, const char *);
 #define mycmp(a,b) \
  ( (toupper(a[0])!=toupper(b[0])) || smycmp((a)+1,(b)+1) )
 extern int smycmp(const char *, const char *);
@@ -105,34 +95,13 @@ extern int smycmp(const char *, const char *);
 extern int myncmp(const char *, const char *, int);
 #endif
 
-#ifdef NEED_STRTOK
-extern char *strtok2(char *, char *);
-#endif
-#ifdef NEED_STRTOKEN
 extern char *strtoken(char **, char *, char *);
-#endif
-#ifdef NEED_INET_ADDR
-extern unsigned long inet_addr(char *);
-#endif
-
-#if defined(NEED_INET_NTOA) || defined(NEED_INET_NETOF) && !defined(_WIN32)
-#include <netinet/in.h>
-#endif
-#ifdef NEED_INET_NTOA
-extern char *inet_ntoa(struct in_addr);
-#endif
-
-#ifndef HAVE_INET_NTOP
-const char *inet_ntop(int, const void *, char *, size_t);
-#endif
-
-#ifndef HAVE_INET_PTON
-int inet_pton(int af, const char *src, void *dst);
-#endif
 
 extern MODVAR int  global_count, max_global_count;
 extern char *myctime(time_t);
-extern char *strtoken(char **, char *, char *);
+#ifdef _WIN32
+extern int gettimeofday(struct timeval *tp, void *tzp);
+#endif
 
 #define PRECISE_CHECK
 
@@ -144,19 +113,10 @@ extern char *strtoken(char **, char *, char *);
 #endif
 
 extern MODVAR u_char tolowertab[], touppertab[];
-
-#if defined(NICK_GB2312) || defined(NICK_GBK) || defined(NICK_GBK_JAP)
-#define USE_LOCALE
-#include <ctype.h>
-#endif
-
-#ifndef USE_LOCALE
 #undef tolower
 #define tolower(c) (tolowertab[(u_char)(c)])
-
 #undef toupper
 #define toupper(c) (touppertab[(u_char)(c)])
-
 #undef isalpha
 #undef isdigit
 #undef isxdigit
@@ -169,7 +129,6 @@ extern MODVAR u_char tolowertab[], touppertab[];
 #undef isupper
 #undef isspace
 #undef iscntrl
-#endif
 extern MODVAR unsigned char char_atribs[];
 
 #define PRINT 1
@@ -189,7 +148,6 @@ extern MODVAR unsigned char char_atribs[];
 #endif
 
 #define isallowed(c) (char_atribs[(u_char)(c)]&ALLOW)
-#ifndef USE_LOCALE
 #define	iscntrl(c) (char_atribs[(u_char)(c)]&CNTRL)
 #define isalpha(c) (char_atribs[(u_char)(c)]&ALPHA)
 #define isspace(c) (char_atribs[(u_char)(c)]&SPACE)
@@ -203,34 +161,8 @@ extern MODVAR unsigned char char_atribs[];
 #define isascii(c) ((u_char)(c) >= 0 && (u_char)(c) <= 0x7f)
 #define isgraph(c) ((char_atribs[(u_char)(c)]&PRINT) && ((u_char)(c) != 0x32))
 #define ispunct(c) (!(char_atribs[(u_char)(c)]&(CNTRL|ALPHA|DIGIT)))
-#endif
 #define iswseperator(c) (!isalnum(c) && !((u_char)c >= 128))
 
-#ifndef MALLOCD
-#define MyFree free
-#define MyMalloc malloc
-#define MyRealloc realloc
-#else
-#define MyFree(x) do {debug(DEBUG_MALLOC, "%s:%i: free %02x", __FILE__, __LINE__, x); free(x); } while(0)
-#define MyMalloc(x) StsMalloc(x, __FILE__, __LINE__)
-#define MyRealloc realloc
-static char *StsMalloc(size_t size, char *file, long line)
-{
-	void *x;
-	
-	x = malloc(size);
-	debug(DEBUG_MALLOC, "%s:%i: malloc %02x", file, line, x);
-	return x;
-}
-
-#endif
-
-#define safestrdup(x,y) do { if (x) MyFree(x); if (!y) x = NULL; else x = strdup(y); } while(0)
-#define safestrldup(x,y,sz) do { if (x) MyFree(x); if (!y) x = NULL; else x = strldup(y,sz); } while(0)
-#define safefree(x) do { if (x) MyFree(x); x = NULL; } while(0)
-
-extern struct SLink *find_user_link( /* struct SLink *, struct Client * */ );
-
 /*
  * Protocol support text.  DO NO CHANGE THIS unless you know what
  * you are doing.
@@ -255,23 +187,6 @@ extern struct SLink *find_user_link( /* struct SLink *, struct Client * */ );
 #define CHPAR3        "l"
 #define CHPAR4        "psmntir"
 
-
-/* Server-Server PROTOCTL -Stskeeps
- * This is the FIRST line only, please check send_proto() for more. -- Syzop
- * Also take MAXPARA into account !
- */
-#define PROTOCTL_SERVER "NOQUIT" \
-                        " NICKv2" \
-                        " SJOIN" \
-                        " SJOIN2" \
-                        " UMODE2" \
-                        " VL" \
-                        " SJ3" \
-                        " TKLEXT" \
-                        " TKLEXT2" \
-                        " NICKIP" \
-                        " ESVID"
-
 #ifdef _WIN32
 /*
  * Used to display a string to the GUI interface.
@@ -291,7 +206,7 @@ extern int lu_noninv, lu_inv, lu_serv, lu_oper,
     lu_unknown, lu_channel, lu_lu, lu_lulocal, lu_lserv,
     lu_clu, lu_mlu, lu_cglobalu, lu_mglobalu;
 
-extern MODVAR TS   now;
+extern MODVAR time_t now;
 
 #ifndef _WIN32
 #if defined(__STDC__)

include/config.h

@@ -68,38 +68,9 @@
 # define MODULE_SUFFIX	".dll"
 #endif
 
-/* 
- * If channel mode is +z, only send to secure links & people
- *
- */
-#undef SECURECHANMSGSONLYGOTOSECURE
-
-/* If you want to support chinese and/or japanese nicks */
-#undef NICK_GB2312
-#undef NICK_GBK
-#undef NICK_GBK_JAP
-
 /* Permit remote /rehash */
 #define REMOTE_REHASH
 
-/*
- * Special remote include caching, see this Changelog item:
- * - Added special caching of remote includes. When a remote include fails to
- *   load (for example when the webserver is down), then the most recent
- *   version of that remote include will be used, and the ircd will still boot
- *   and be able to rehash. Even though this is quite a simple feature, it
- *   can make a key difference when deciding to roll out remote includes on
- *   your network. Previously, servers would be unable to boot or rehash when
- *   the webserver was down, which would be a big problem (often unacceptable).
- *   The latest version of fetched urls are cached in the cache/ directory as
- *   cache/<md5 hash of url>.
- *   Obviously, if there's no 'latest version' and an url fails, the ircd will
- *   still not be able to boot. This would be the case if you added or changed
- *   the path of a remote include and it's trying to fetch it for the first time.
- * There usually is no reason to disable this.
- */
-#define REMOTEINC_SPECIALCACHE
-
 /*
 ** Freelinks garbage collector -Stskeeps
 **
@@ -112,9 +83,6 @@
 
 #define HOW_MANY_FREELINKS_ALLOWED 	200	/* default: 200 */
 
-/* NOTE: On some systems, valloc() causes many problems. */
-#undef	VALLOC			/* Define this if you have valloc(3) */
-
 /*
  * read/write are restarted after signals defining this 1, gets
  * siginterrupt call compiled, which attempts to remove this
@@ -124,19 +92,6 @@
 #define	RESTARTING_SYSTEMCALLS
 #endif
 
-/*
- * If your host supports varargs and has vsprintf(), vprintf() and vscanf()
- * C calls in its library, then you can define USE_VARARGS to use varargs
- * instead of imitation variable arg passing.
-*/
-#define	USE_VARARGS
-
-/* NOTE: with current server code, varargs doesn't survive because it can't
- *       be used in a chain of 3 or more funtions which all have a variable
- *       number of params.  If anyone has a solution to this, please notify
- *       the maintainer.
- */
-
 /* DEBUGMODE: This should only be used when tracing a problem. It creates
  * an insane amount of log output which can be very useful for debugging.
  * You should *NEVER* enable this setting on production servers.
@@ -159,15 +114,6 @@
 #define BPATH		CONFDIR"/bot.motd"	/* Bot MOTD */
 #define IRCDTUNE 	PERMDATADIR"/ircd.tune"	/* tuning .. */
 
-/* SHOW_INVISIBLE_LUSERS
- *
- * As defined this will show the correct invisible count for anyone who does
- * LUSERS on your server. On a large net this doesnt mean much, but on a
- * small net it might be an advantage to undefine it.
- * (This will get defined for you if you're using userload (stats w).  -mlv)
- */
-#define	SHOW_INVISIBLE_LUSERS
-
 /** FAKELAG_CONFIGURABLE makes it possible to make certain classes exempted
  * from 'fake lag' (that is, the artificial delay that is added by the ircd
  * to prevent flooding, which causes the messages/commands of the user to
@@ -182,29 +128,9 @@
  */
 //#undef FAKELAG_CONFIGURABLE
 
-/*
- * Max amount of internal send buffering when socket is stuck (bytes)
- */
-#ifndef MAXSENDQLENGTH
-#define MAXSENDQLENGTH 3000000
-#endif
-/*
- *  BUFFERPOOL is the maximum size of the total of all sendq's.
- *  Recommended value is 2 * MAXSENDQLENGTH, for hubs, 5 *.
- */
-#ifndef BUFFERPOOL
-#define	BUFFERPOOL     (18 * MAXSENDQLENGTH)
-#endif
-
-/*
- * DEFAULT_RECVQ
- *
- * this controls the number of bytes the server will allow a client to
- * send to the server without processing before disconnecting the client for
- * flooding it.  Values greater than 8000 make no difference to the server.
- * NOTE: you can now also set this in class::recvq, if that's not present,
- *       this default value will be used.
- */
+/* The default value for class::sendq */
+#define DEFAULT_SENDQ	3000000
+/* The default value for class::recvq */
 #define	DEFAULT_RECVQ	8000
 
 /* You can define the nickname of NickServ here (usually "NickServ").
@@ -215,24 +141,10 @@
  */
 #define NickServ "NickServ"
 
-/*
- * How many open targets can one nick have for messaging nicks and
- * inviting them?
- */
-
-#define MAXTARGETS		20
-#define TARGET_DELAY		15
-
 /*   STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP  */
 
 /* You shouldn't change anything below this line, unless absolutely needed. */
 
-/*
- * Port where ircd resides. NOTE: This *MUST* be greater than 1024 if you
- * plan to run ircd under any other uid than root.
- */
-#define PORTNUM 6667		/* 6667 is default */
-
 /*
  * Maximum number of network connections your server will allow.
  * On *NIX this is configured via ./Config so don't set it here.
@@ -242,8 +154,36 @@
  *
  * 2004-10-13: 1024 -> 4096
  */
-#ifndef MAXCONNECTIONS
-#define MAXCONNECTIONS	10240
+#ifdef _WIN32
+ #define MAXCONNECTIONS	10240
+#else
+ /* Non-Windows: */
+ #if (!defined(MAXCONNECTIONS_REQUEST) || (MAXCONNECTIONS_REQUEST < 1)) && \
+      (defined(HAVE_POLL) || defined(HAVE_EPOLL) || defined(HAVE_KQUEUE))
+  /* Have poll/epoll/kqueue and either no --with-maxconnections or
+   * --with-maxconnections=0, either of which indicates 'automatic' mode.
+   * At the time of writing we will try a limit of 16384.
+   * It will automatically be lowered at boottime if we can only use
+   * 4096, 2048 or 1024. No problem.
+   */
+  #define MAXCONNECTIONS 16384
+ #elif defined(MAXCONNECTIONS_REQUEST) && (MAXCONNECTIONS_REQUEST >= 1)
+  /* --with-maxconnections=something */
+  #define MAXCONNECTIONS MAXCONNECTIONS_REQUEST
+ #else
+  /* Automatic mode, but we only have select(). Bummer... */
+  #define MAXCONNECTIONS 1024
+ #endif
+#endif
+
+/* Number of file descriptors reserved for non-incoming-clients.
+ * One of which may be used by auth, the rest are really reserved.
+ * They can be used for outgoing server links, listeners, logging, etc.
+ */
+#if MAXCONNECTIONS > 1024
+ #define CLIENTS_RESERVE 8
+#else
+ #define CLIENTS_RESERVE 4
 #endif
 
 /*
@@ -271,20 +211,17 @@
  * This means any other events and such may be delayed up to this value
  * when there is no socket data waiting for us (no clients sending anything).
  * Was 2000ms in 3.2.x, 1000ms for versions below 3.4-alpha4.
+ * 500ms in UnrealIRCd 4 (?)
+ * 250ms in UnrealIRCd 5.
  */
-#define SOCKETLOOP_MAX_DELAY 500
+#define SOCKETLOOP_MAX_DELAY 250
 
 /*
  * Max time from the nickname change that still causes KILL
  * automaticly to switch for the current nick of that user. (seconds)
  */
-#define KILLCHASETIMELIMIT 90	/* Recommended value: 90 */
+#define KILLCHASETIMELIMIT 30
 
-/*
- * Forces Unreal to use compressed IPv6 addresses rather than expanding them
- */
-#undef IPV6_COMPRESSED
-  
 /* Detect slow spamfilters? This requires a little more cpu time when processing
  * any spamfilter (like on text/connect/..) but will save you from slowing down
  * your IRCd to a near-halt (well, in most cases.. there are still cases like when
@@ -295,17 +232,18 @@
 #define SPAMFILTER_DETECTSLOW
 #endif
 
-/* Use TRE Regex Library (as well) ? */
-#define USE_TRE
-
 /* Maximum number of ModData objects that may be attached to an object */
-/* UnrealIRCd 4.0.0 - 4.0.13:  8, 8, 4, 4
- * UnrealIRCd 4.0.14+       : 12, 8, 4, 4
+/* UnrealIRCd 4.0.0 - 4.0.13:  8,    8, 4, 4
+ * UnrealIRCd 4.0.14+       : 12,    8, 4, 4
+ * UnrealIRCd 5.0.0         : 12, 8, 8, 4, 4, 500, 500
  */
-#define MODDATA_MAX_CLIENT 12
-#define MODDATA_MAX_CHANNEL 8
-#define MODDATA_MAX_MEMBER 4
-#define MODDATA_MAX_MEMBERSHIP 4
+#define MODDATA_MAX_CLIENT		 12
+#define MODDATA_MAX_LOCAL_CLIENT	  8
+#define MODDATA_MAX_CHANNEL		  8
+#define MODDATA_MAX_MEMBER		  4
+#define MODDATA_MAX_MEMBERSHIP		  4
+#define MODDATA_MAX_LOCAL_VARIABLE	500
+#define MODDATA_MAX_GLOBAL_VARIABLE	500
 
 /* If EXPERIMENTAL is #define'd then all users will receive a notice about
  * this when they connect, along with a pointer to bugs.unrealircd.org where
@@ -316,7 +254,7 @@
 /* Default SSL/TLS cipherlist (except for TLS1.3, see further down).
  * This can be changed via set::ssl::options::ciphers in the config file.
  */
-#define UNREALIRCD_DEFAULT_CIPHERS "TLS13-CHACHA20-POLY1305-SHA256 TLS13-AES-128-GCM-SHA256 TLS13-AES-256-GCM-SHA384 EECDH+CHACHA20 EECDH+AESGCM EECDH+AES AES128-GCM-SHA256 AES256-GCM-SHA384 AES128-SHA256 AES256-SHA256 AES128-SHA AES256-SHA"
+#define UNREALIRCD_DEFAULT_CIPHERS "TLS13-CHACHA20-POLY1305-SHA256 TLS13-AES-256-GCM-SHA384 TLS13-AES-128-GCM-SHA256 EECDH+CHACHA20 EECDH+AESGCM EECDH+AES AES256-GCM-SHA384 AES128-GCM-SHA256 AES256-SHA256 AES128-SHA256 AES256-SHA AES128-SHA"
 
 /* Default TLS 1.3 ciphersuites.
  * This can be changed via set::ssl::options::ciphersuites in the config file.
@@ -341,97 +279,14 @@
 #define	CONFIGFILE CPATH
 #define	IRCD_PIDFILE PIDFILE
 
-#ifdef	__osf__
-#define	OSF
-/* OSF defines BSD to be its version of BSD */
-#undef BSD
-#include <sys/param.h>
-#ifndef BSD
-#define BSD
-#endif
-#endif
-
-#ifdef	ultrix
-#define	ULTRIX
-#endif
-
-#ifdef	__hpux
-#define	HPUX
-#endif
-
-#ifdef	sgi
-#define	SGI
-#endif
-
-#ifndef KLINE_TEMP
-#define KLINE_PERM 0
-#define KLINE_TEMP 1
-#define KLINE_AKILL 2
-#define KLINE_EXCEPT 3
-#endif
-
 #ifdef DEBUGMODE
-#ifndef _WIN32
-		extern void debug(int, char *, ...);
-#define Debug(x) debug x
+ #define Debug(x) debug x
+ #define LOGFILE LPATH
 #else
-		extern void debug(int, char *, ...);
-#define Debug(x) debug x
-#endif
-#define LOGFILE LPATH
-#else
-#define Debug(x) ;
-#if VMS
-#define LOGFILE "NLA0:"
-#else
-#define LOGFILE "/dev/null"
-#endif
+ #define Debug(x) ;
+ #define LOGFILE "/dev/null"
 #endif
 
-
-#if defined(mips) || defined(PCS)
-#undef SYSV
-#endif
-
-#ifdef MIPS
-#undef BSD
-#define BSD             1	/* mips only works in bsd43 environment */
-#endif
-
-#ifdef	BSD_RELIABLE_SIGNALS
-# if defined(SYSV_UNRELIABLE_SIGNALS) || defined(POSIX_SIGNALS)
-error You stuffed up config.h signals
-#define use only one.
-# endif
-#define	HAVE_RELIABLE_SIGNALS
-#endif
-#ifdef	SYSV_UNRELIABLE_SIGNALS
-# ifdef	POSIX_SIGNALS
-     error You stuffed up config.h signals
-#define use only one.
-# endif
-#undef	HAVE_RELIABLE_SIGNALS
-#endif
-#ifdef	POSIX_SIGNALS
-#define	HAVE_RELIABLE_SIGNALS
-#endif
-/*
- * safety margin so we can always have one spare fd, for motd/authd or
- * whatever else.  -4 allows "safety" margin of 1 and space reserved.
- */
-#define	MAXCLIENTS	(MAXCONNECTIONS-4)
-#ifdef HAVECURSES
-# define DOCURSES
-#else
-# undef DOCURSES
-#endif
-#ifdef HAVETERMCAP
-# define DOTERMCAP
-#else
-# undef DOTERMCAP
-#endif
-# define stricmp strcasecmp
-# define strnicmp strncasecmp
 #if defined(DEFAULT_RECVQ)
 #    if (DEFAULT_RECVQ < 512)
      error DEFAULT_RECVQ needs redefining.
@@ -442,48 +297,6 @@ error You stuffed up config.h signals
 #if (NICKNAMEHISTORYLENGTH < 100)
 #  define NICKNAMEHISTORYLENGTH 100
 #endif
-/*
- * Some ugliness for AIX platforms.
- */
-#ifdef AIX
-# include <sys/machine.h>
-# if BYTE_ORDER == BIG_ENDIAN
-#  define BIT_ZERO_ON_LEFT
-# endif
-# if BYTE_ORDER == LITTLE_ENDIAN
-#  define BIT_ZERO_ON_RIGHT
-# endif
-/*
- * this one is used later in sys/types.h (or so i believe). -avalon
- */
-# define BSD_INCLUDES
-#endif
-/*
- * This is just to make Solaris porting easier -- codemastr
- */
-#if defined(SOL20) || defined(SOL25) || defined(SOL26) || defined(SOL27)
-#define _SOLARIS
-#endif
-/*
- * Cleaup for WIN32 platform.
- */
-#ifdef _WIN32
-# undef FORCE_CORE
-#endif
-#ifdef NEED_BCMP
-#define bcmp memcmp
-#endif
-#ifdef NEED_BCOPY
-#define bcopy(a,b,c) memcpy(b,a,c)
-#endif
-#ifdef NEED_BZERO
-#define bzero(a,b) memset(a,0,b)
-#endif
-#if defined(AIX) && defined(_XOPEN_SOURCE_EXTENDED) && _XOPEN_SOURCE_EXTENDED
-# define SOCK_LEN_TYPE size_t
-#else
-# define SOCK_LEN_TYPE int
-#endif
 
 #if defined(__GNUC__) && defined(__GNUC_MINOR__) && \
     ((__GNUC__ > 4) || (__GNUC__ == 4 && __GNUC_MINOR__ >= 3)) && \
@@ -503,5 +316,12 @@ error You stuffed up config.h signals
    id(void) { __asm__(""); }
 #endif
 
+#ifndef __has_feature
+ #define __has_feature(x) 0  // Compatibility with non-clang compilers.
+#endif
+#ifndef __has_extension
+ #define __has_extension __has_feature // Compatibility with pre-3.0 compilers.
+#endif
+
 #endif				/* __config_include__ */
 

include/dbuf.h

@@ -45,7 +45,7 @@
 */
 typedef struct dbuf {
 	u_int length;		/* Current number of bytes stored */
-	u_int offset;		/* Offset to the first byte */
+//	u_int offset;		/* Offset to the first byte */
 	struct list_head dbuf_list;
 } dbuf;
 

include/dns.h

@@ -1,16 +1,6 @@
 /* OMG... OMG! WHAT AN INCLUDE HORROR !!! */
-#undef strcasecmp
-#undef strncasecmp
 #include <ares.h>
 #include <ares_version.h>
-#undef strcasecmp
-#undef strncasecmp
-#ifndef GOT_STRCASECMP
-#define	strcasecmp	mycmp
-#define	strncasecmp	myncmp
-#endif
-
-
 
 typedef enum {
 	DNSREQ_CLIENT = 1,
@@ -18,25 +8,25 @@ typedef enum {
 	DNSREQ_CONNECT = 3
 } DNSReqType;
 
-typedef struct _dnsreq DNSReq;
+typedef struct DNSReq DNSReq;
 
 /* Depending on the request type, some fields are filled in:
  * cptr: DNSREQ_CLIENT, DNSREQ_CONNECT
  * link: DNSREQ_LINKCONF, DNSREQ_CONNECT
  */
 
-struct _dnsreq {
+struct DNSReq {
 	DNSReq *prev, *next;
 	char *name; /**< Name being resolved (only for DNSREQ_LINKCONF and DNSREQ_CONNECT) */
 	char ipv6; /**< Resolving for ipv6 or ipv4? */
 	DNSReqType type; /**< DNS Request type (DNSREQ_*) */
-	aClient *cptr; /**< Client the request is for, NULL if client died OR unavailable */
+	Client *client; /**< Client the request is for, NULL if client died OR unavailable */
 	ConfigItem_link *linkblock; /**< Linkblock */
 };
 
-typedef struct _dnscache DNSCache;
+typedef struct DNSCache DNSCache;
 
-struct _dnscache {
+struct DNSCache {
 	DNSCache *prev, *next;		/**< Previous and next in linked list */
 	DNSCache *hprev, *hnext;	/**< Previous and next in hash list */
 	char *name;					/**< The hostname */
@@ -44,9 +34,9 @@ struct _dnscache {
 	time_t expires;				/**< When record expires */
 };
 
-typedef struct _dnsstats DNSStats;
+typedef struct DNSStats DNSStats;
 
-struct _dnsstats {
+struct DNSStats {
 	unsigned int cache_hits;
 	unsigned int cache_misses;
 	unsigned int cache_adds;
@@ -76,7 +66,7 @@ extern ares_channel resolver_channel;
 
 extern void init_resolver(int);
 
-struct hostent *unrealdns_doclient(aClient *cptr);
+struct hostent *unrealdns_doclient(Client *cptr);
 
 extern void unreal_gethostbyname(const char *name, int family, ares_host_callback callback, void *arg);
 

include/dynconf.h

@@ -1,6 +1,7 @@
 /************************************************************************
  *   Unreal Internet Relay Chat Daemon, include/dynconf.h
- *   Copyright (C) 1999 Carsten Munk
+ *   Copyright (C) 1999-2003 Carsten Munk
+ *   Copyright (C) 2003-2021 Bram Matthys
  *
  *   This program is free software; you can redistribute it and/or modify
  *   it under the terms of the GNU General Public License as published by
@@ -21,12 +22,18 @@
 
 
 #define DYNCONF_H
-/* config level */
-#define DYNCONF_CONF_VERSION "1.5"
-#define DYNCONF_NETWORK_VERSION "2.2"
 
-typedef struct zNetwork aNetwork;
-struct zNetwork {
+typedef struct FloodSettings FloodSettings;
+
+struct FloodSettings {
+	FloodSettings *prev, *next;
+	char *name;
+	int limit[MAXFLOODOPTIONS];
+	long period[MAXFLOODOPTIONS];
+};
+
+typedef struct NetworkConfiguration NetworkConfiguration;
+struct NetworkConfiguration {
 	unsigned x_inah:1;
 	char *x_ircnetwork;
 	char *x_ircnet005;
@@ -47,13 +54,22 @@ struct ChMode {
 	char *extparams[EXTCMODETABLESZ];
 };
 
-typedef struct _OperStat {
-	struct _OperStat *prev, *next;
+typedef struct OperStat {
+	struct OperStat *prev, *next;
 	char *flag;
 } OperStat;
 
-typedef struct zConfiguration aConfiguration;
-struct zConfiguration {
+typedef enum BroadcastChannelMessagesOption { BROADCAST_CHANNEL_MESSAGES_AUTO=1, BROADCAST_CHANNEL_MESSAGES_ALWAYS=2, BROADCAST_CHANNEL_MESSAGES_NEVER=3 } BroadcastChannelMessagesOption;
+
+typedef enum AllowedChannelChars { ALLOWED_CHANNELCHARS_ANY=1, ALLOWED_CHANNELCHARS_ASCII=2, ALLOWED_CHANNELCHARS_UTF8=3 } AllowedChannelChars;
+
+typedef enum BanTarget { BAN_TARGET_IP=1, BAN_TARGET_USERIP=2, BAN_TARGET_HOST=3, BAN_TARGET_USERHOST=4, BAN_TARGET_ACCOUNT=5, BAN_TARGET_CERTFP=6 } BanTarget;
+
+typedef enum HideIdleTimePolicy { HIDE_IDLE_TIME_NEVER=1, HIDE_IDLE_TIME_ALWAYS=2, HIDE_IDLE_TIME_USERMODE=3, HIDE_IDLE_TIME_OPER_USERMODE=4 } HideIdleTimePolicy;
+
+/** The set { } block configuration */
+typedef struct Configuration Configuration;
+struct Configuration {
 	unsigned som:1;
 	unsigned hide_ulines:1;
 	unsigned flat_map:1;
@@ -61,7 +77,7 @@ struct zConfiguration {
 	unsigned ident_check:1;
 	unsigned fail_oper_warn:1;
 	unsigned show_connect_info:1;
-	unsigned no_connect_ssl_info:1;
+	unsigned no_connect_tls_info:1;
 	unsigned dont_resolve:1;
 	unsigned use_ban_version:1;
 	unsigned mkpasswd_for_everyone:1;
@@ -80,44 +96,44 @@ struct zConfiguration {
 	long conn_modes;
 	long oper_modes;
 	char *oper_snomask;
-	char *user_snomask;
 	char *auto_join_chans;
 	char *oper_auto_join_chans;
-	char *oper_only_stats;
-	OperStat *oper_only_stats_ext;
+	char *allow_user_stats;
+	OperStat *allow_user_stats_ext;
+	int  ping_warning;
 	int  maxchannelsperuser;
 	int  maxdccallow;
 	int  anti_spam_quit_message_time;
 	char *egd_path;
 	char *static_quit;
 	char *static_part;
-	SSLOptions *ssl_options;
-	PlaintextPolicy plaintext_policy_user;
-	char *plaintext_policy_user_message;
-	PlaintextPolicy plaintext_policy_oper;
-	char *plaintext_policy_oper_message;
-	PlaintextPolicy plaintext_policy_server;
+	TLSOptions *tls_options;
+	Policy plaintext_policy_user;
+	MultiLine *plaintext_policy_user_message;
+	Policy plaintext_policy_oper;
+	MultiLine *plaintext_policy_oper_message;
+	Policy plaintext_policy_server;
+	Policy outdated_tls_policy_user;
+	char *outdated_tls_policy_user_message;
+	Policy outdated_tls_policy_oper;
+	char *outdated_tls_policy_oper_message;
+	Policy outdated_tls_policy_server;
 	enum UHAllowed userhost_allowed;
 	char *restrict_usermodes;
 	char *restrict_channelmodes;
 	char *restrict_extendedbans;
-	int new_linking_protocol;
 	char *channel_command_prefix;
-	long unknown_flood_bantime;
-	long unknown_flood_amount;
+	long handshake_data_flood_amount;
+	long handshake_data_flood_ban_time;
+	int handshake_data_flood_ban_action;
 	struct ChMode modes_on_join;
 	int level_on_join;
-	unsigned char away_count;
-	long away_period;
-	unsigned char nick_count;
-	long nick_period;
+	FloodSettings *floodsettings;
 	int ident_connect_timeout;
 	int ident_read_timeout;
 	long default_bantime;
 	int who_limit;
 	int silence_limit;
-	unsigned char modef_default_unsettime;
-	unsigned char modef_max_unsettime;
 	long ban_version_tkl_time;
 	long spamfilter_ban_time;
 	char *spamfilter_ban_reason;
@@ -130,42 +146,52 @@ struct zConfiguration {
 	int spamfilter_stop_on_first_match;
 	int maxbans;
 	int maxbanlength;
-	int timesynch_enabled;
-	int timesynch_timeout;
-	char *timesynch_server;
 	int watch_away_notification;
 	int uhnames;
-	aNetwork network;
+	NetworkConfiguration network;
 	unsigned short default_ipv6_clone_mask;
 	int ping_cookie;
-	int nicklen;
+	int min_nick_length;
+	int nick_length;
+	int topic_length;
+	int kick_length;
+	int quit_length;
+	int away_length;
 	int hide_list;
 	int max_unknown_connections_per_ip;
 	long handshake_timeout;
+	long sasl_timeout;
 	long handshake_delay;
-	int ban_include_username;
-	char *reject_message_password_mismatch;
+	BanTarget automatic_ban_target;
+	BanTarget manual_ban_target;
 	char *reject_message_too_many_connections;
 	char *reject_message_server_full;
 	char *reject_message_unauthorized;
+	char *reject_message_kline;
+	char *reject_message_gline;
+	int topic_setter;
+	int ban_setter;
+	int ban_setter_sync;
+	int part_instead_of_quit_on_comment_change;
+	BroadcastChannelMessagesOption broadcast_channel_messages;
+	AllowedChannelChars allowed_channelchars;
+	HideIdleTimePolicy hide_idle_time;
 };
 
-#ifndef DYNCONF_C
-extern MODVAR aConfiguration iConf;
-extern MODVAR aConfiguration tempiConf;
+extern MODVAR Configuration iConf;
+extern MODVAR Configuration tempiConf;
 extern MODVAR int ipv6_disabled;
-#endif
 
 #define KLINE_ADDRESS			iConf.kline_address
 #define GLINE_ADDRESS			iConf.gline_address
 #define CONN_MODES			iConf.conn_modes
 #define OPER_MODES			iConf.oper_modes
 #define OPER_SNOMASK			iConf.oper_snomask
-#define CONNECT_SNOMASK			iConf.user_snomask
 #define SHOWOPERMOTD			iConf.som
 #define HIDE_ULINES			iConf.hide_ulines
 #define FLAT_MAP			iConf.flat_map
 #define ALLOW_CHATOPS			iConf.allow_chatops
+#define PINGWARNING			iConf.ping_warning
 #define MAXCHANNELSPERUSER		iConf.maxchannelsperuser
 #define MAXDCCALLOW			iConf.maxdccallow
 #define DONT_RESOLVE			iConf.dont_resolve
@@ -176,8 +202,8 @@ extern MODVAR int ipv6_disabled;
 #define IDENT_CHECK			iConf.ident_check
 #define FAILOPER_WARN			iConf.fail_oper_warn
 #define SHOWCONNECTINFO			iConf.show_connect_info
-#define NOCONNECTSSLINFO		iConf.no_connect_ssl_info
-#define OPER_ONLY_STATS			iConf.oper_only_stats
+#define NOCONNECTTLSLINFO		iConf.no_connect_tls_info
+#define ALLOW_USER_STATS			iConf.allow_user_stats
 #define ANTI_SPAM_QUIT_MSG_TIME		iConf.anti_spam_quit_message_time
 #ifdef HAVE_RAND_EGD
 #define USE_EGD				iConf.use_egd
@@ -203,20 +229,12 @@ extern MODVAR int ipv6_disabled;
 #define RESTRICT_USERMODES		iConf.restrict_usermodes
 #define RESTRICT_CHANNELMODES		iConf.restrict_channelmodes
 #define RESTRICT_EXTENDEDBANS		iConf.restrict_extendedbans
-#define NEW_LINKING_PROTOCOL		iConf.new_linking_protocol
 #define THROTTLING_PERIOD		iConf.throttle_period
 #define THROTTLING_COUNT		iConf.throttle_count
 #define USE_BAN_VERSION			iConf.use_ban_version
-#define UNKNOWN_FLOOD_BANTIME		iConf.unknown_flood_bantime
-#define UNKNOWN_FLOOD_AMOUNT		iConf.unknown_flood_amount
 #define MODES_ON_JOIN			iConf.modes_on_join.mode
 #define LEVEL_ON_JOIN			iConf.level_on_join
 
-#define AWAY_PERIOD			iConf.away_period
-#define AWAY_COUNT			iConf.away_count
-#define NICK_PERIOD			iConf.nick_period
-#define NICK_COUNT			iConf.nick_count
-
 #define IDENT_CONNECT_TIMEOUT	iConf.ident_connect_timeout
 #define IDENT_READ_TIMEOUT		iConf.ident_read_timeout
 
@@ -228,9 +246,6 @@ extern MODVAR int ipv6_disabled;
 #define DEFAULT_BANTIME			iConf.default_bantime
 #define WHOLIMIT			iConf.who_limit
 
-#define MODEF_DEFAULT_UNSETTIME	iConf.modef_default_unsettime
-#define MODEF_MAX_UNSETTIME		iConf.modef_max_unsettime
-
 #define ALLOW_PART_IF_SHUNNED	iConf.allow_part_if_shunned
 
 #define DISABLE_CAP	iConf.disable_cap
@@ -254,15 +269,13 @@ extern MODVAR int ipv6_disabled;
 #define MAXBANS		iConf.maxbans
 #define MAXBANLENGTH	iConf.maxbanlength
 
-#define TIMESYNCH	iConf.timesynch_enabled
-#define TIMESYNCH_TIMEOUT	iConf.timesynch_timeout
-#define TIMESYNCH_SERVER	iConf.timesynch_server
-
 #define WATCH_AWAY_NOTIFICATION	iConf.watch_away_notification
 
 #define UHNAMES_ENABLED	iConf.uhnames
 
-/* Used for "is present?" and duplicate checking */
+/** Used for testing the set { } block configuration.
+ * It tests if a setting is present and is also used for duplicate checking.
+ */
 struct SetCheck {
 	unsigned has_show_opermotd:1;
 	unsigned has_hide_ulines:1;
@@ -274,9 +287,8 @@ struct SetCheck {
 	unsigned has_dont_resolve:1;
 	unsigned has_mkpasswd_for_everyone:1;
 	unsigned has_allow_part_if_shunned:1;
-	unsigned has_ssl_egd:1;
-	unsigned has_ssl_server_cipher_list :1;
-	unsigned has_ssl_protocols :1;
+	unsigned has_tls_server_cipher_list :1;
+	unsigned has_tls_protocols :1;
 	unsigned has_dns_bind_ip:1;
 	unsigned has_link_bind_ip:1;
 	unsigned has_throttle_period:1;
@@ -292,7 +304,8 @@ struct SetCheck {
 	unsigned has_check_target_nick_bans:1;
 	unsigned has_watch_away_notification:1;
 	unsigned has_uhnames:1;
-	unsigned has_oper_only_stats:1;
+	unsigned has_allow_user_stats:1;
+	unsigned has_ping_warning:1;
 	unsigned has_maxchannelsperuser:1;
 	unsigned has_maxdccallow:1;
 	unsigned has_anti_spam_quit_message_time:1;
@@ -303,16 +316,9 @@ struct SetCheck {
 	unsigned has_restrict_usermodes:1;
 	unsigned has_restrict_channelmodes:1;
 	unsigned has_restrict_extendedbans:1;
-	unsigned has_new_linking_protocol:1;
 	unsigned has_channel_command_prefix:1;
-	unsigned has_anti_flood_unknown_flood_bantime:1;
-	unsigned has_anti_flood_unknown_flood_amount:1;
 	unsigned has_modes_on_join:1;
 	unsigned has_level_on_join:1;
-	unsigned has_anti_flood_away_count:1;
-	unsigned has_anti_flood_away_period:1;
-	unsigned has_anti_flood_nick_flood:1;
-	unsigned has_anti_flood_connect_flood:1;
 	unsigned has_ident_connect_timeout:1;
 	unsigned has_ident_read_timeout:1;
 	unsigned has_default_bantime:1;
@@ -320,8 +326,6 @@ struct SetCheck {
 	unsigned has_maxbans:1;
 	unsigned has_maxbanlength:1;
 	unsigned has_silence_limit:1;
-	unsigned has_modef_default_unsettime:1;
-	unsigned has_modef_max_unsettime:1;
 	unsigned has_ban_version_tkl_time:1;
 	unsigned has_spamfilter_ban_time:1;
 	unsigned has_spamfilter_ban_reason:1;
@@ -344,15 +348,14 @@ struct SetCheck {
 	unsigned has_options_fail_oper_warn:1;
 	unsigned has_options_dont_resolve:1;
 	unsigned has_options_show_connect_info:1;
-	unsigned has_options_no_connect_ssl_info:1;
+	unsigned has_options_no_connect_tls_info:1;
 	unsigned has_options_mkpasswd_for_everyone:1;
 	unsigned has_options_allow_insane_bans:1;
 	unsigned has_options_allow_part_if_shunned:1;
 	unsigned has_options_disable_cap:1;
 	unsigned has_options_disable_ipv6:1;
 	unsigned has_ping_cookie:1;
-	unsigned has_nicklen:1;
+	unsigned has_min_nick_length:1;
+	unsigned has_nick_length:1;
 	unsigned has_hide_ban_reason:1;
 };
-
-

include/fdlist.h

@@ -7,24 +7,24 @@
 
 typedef void (*IOCallbackFunc)(int fd, int revents, void *data);
 
+typedef enum FDCloseMethod { FDCLOSE_SOCKET=0, FDCLOSE_FILE=1, FDCLOSE_NONE=3 } FDCloseMethod;
+
 typedef struct fd_entry {
 	int fd;
 	char desc[FD_DESC_SZ];
 	IOCallbackFunc read_callback;
-	unsigned char read_oneshot;
 	IOCallbackFunc write_callback;
-	unsigned char write_oneshot;
 	void *data;
 	time_t deadline;
 	unsigned char is_open;
+	FDCloseMethod close_method;
 	unsigned int backend_flags;
 } FDEntry;
 
 extern MODVAR FDEntry fd_table[MAXCONNECTIONS + 1];
 
-extern int fd_open(int fd, const char *desc);
-extern void fd_close(int fd);
-extern int fd_unmap(int fd);
+extern int fd_open(int fd, const char *desc, FDCloseMethod close_method);
+extern int fd_close(int fd);
 extern void fd_unnotify(int fd);
 extern int fd_socket(int family, int type, int protocol, const char *desc);
 extern int fd_accept(int sockfd);
@@ -33,8 +33,6 @@ extern int fd_fileopen(const char *path, unsigned int flags);
 
 #define FD_SELECT_READ		0x1
 #define FD_SELECT_WRITE		0x2
-#define FD_SELECT_ONESHOT	0x4
-#define FD_SELECT_NOWRITE	0x8
 
 extern void fd_setselect(int fd, int flags, IOCallbackFunc iocb, void *data);
 extern void fd_select(time_t delay);		/* backend-specific */