"CAP LS" may only respond 1 line, we now advertise less. "CAP LS 302" unaffected.

When not using version 302, such as with "CAP LS", the specification does not
allow us to use continuation lines. This means all advertised caps must fit
into one line. That is no longer always the case, especially if you load 3rd
party capabilities. So we need to scratch advertising some capabilities to
<302 clients.

"CAP LS 302" is unaffected. Note that version 302 in the specification exists
since at least November 2017, so most clients use that one.

According to https://ircv3.net/software/clients the following clients are
affected by this change:

Desktop Clients
* KVIrc
* Circe
* catgirl
* BitchX
* Pidgin
* LimeChat

Mobile Clients
* IRC for Android
* LimeChat

And various older versions of other clients (obviously).

NOTE: The source is only that IRCv3 page. I did not check manually.

For this particular commit. We filter out various unrealircd.org informative
CAPs and the vendor specific json-log. So that isn't much of a problem.
However, in the future we may be forced to filter out more capabilities to
make room. It would be much better if all clients are on >=302. Also, I
should mention we are not the only IRCd out there, so I can't vouch on what
other IRCds (will) do when hitting this non-302-limit.

Reported by ProgVal in https://bugs.unrealircd.org/view.php?id=6630

.CHANGES.NEW

@@ -1,20 +0,0 @@
-
- _   _                      _ ___________  _____     _
-| | | |                    | |_   _| ___ \/  __ \   | |
-| | | |_ __  _ __ ___  __ _| | | | | |_/ /| /  \/ __| |
-| | | | '_ \| '__/ _ \/  _ | | | | |    / | |    /  _ |
-| |_| | | | | | |  __/ (_| | |_| |_| |\ \ | \__/\ (_| |
- \___/|_| |_|_|  \___|\__,_|_|\___/\_| \_| \____/\__,_|
-
-                               Configuration Program
-                                for UnrealIRCd 4.0.19-rc2
-                                    
-This program will help you to compile your IRC server, and ask you
-questions regarding the compile-time settings of it during the process. 
-regarding the setup of it, during the process.
-
-A short installation guide is available online at:
-https://www.unrealircd.org/docs/Installing_from_source
-
-Full documentation is available at:
-https://www.unrealircd.org/docs/UnrealIRCd_4_documentation

.github/FUNDING.yml

@@ -0,0 +1,2 @@
+github: [syzop]
+patreon: UnrealIRCd

.github/workflows/linux-ci.yml

@@ -0,0 +1,59 @@
+name: Linux CI
+
+on:
+  push:
+    branches: ["unreal60_dev"]
+  pull_request:
+    branches: ["unreal60_dev"]
+
+permissions:
+  contents: read
+  packages: read
+
+env:
+  NOSERVICES: 1
+  RUNTESTFLAGS: "-slightlyfast"
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+
+    strategy:
+      fail-fast: false
+      matrix:
+        compiler:
+          - { c: gcc,   cpp: g++ }
+          - { c: clang, cpp: clang++ }
+
+    env:
+      CC:  ${{ matrix.compiler.c }}
+      CXX: ${{ matrix.compiler.cpp }}
+
+    steps:
+      - name: Checkout
+        #uses: actions/checkout@v4
+        #no, pin to v4.2.2 for security reasons:
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+        #and we don't need the credentials later..
+        with:
+          persist-credentials: false
+          fetch-depth: 1
+
+      - name: Install dependencies
+        run: |
+          sudo rm -f /var/lib/man-db/auto-update
+          sudo apt-get update
+          sudo apt-get install -y --no-install-recommends \
+            build-essential pkg-config libssl-dev libpcre2-dev libargon2-dev \
+            libsodium-dev libc-ares-dev libcurl4-openssl-dev libjansson-dev
+
+      - name: Install python dependencies
+        run: |
+          python -m pip install --break-system-packages pyasyncore pyasynchat
+
+      - name: Build
+        run: extras/build-tests/nix/build
+
+      - name: Run tests
+        run: extras/build-tests/nix/run-tests

.gitignore

@@ -6,12 +6,9 @@ conftest.*
 config.settings
 extras/pcre2*
 extras/c-ares*
-extras/regexp*
 config.status
-extras/tre*
 extras/ircdcron/ircd.cron
 extras/ircdcron/ircdchk
-src/modules/snomasks/Makefile
 src/modules/chanmodes/Makefile
 src/modules/extbans/Makefile
 src/modules/usermodes/Makefile
@@ -33,10 +30,11 @@ tags
 server.cert.pem
 server.key.pem
 server.req.pem
-ssl.rnd
+tls.rnd
 
 # Ignores for platform stuff
 .DS_Store
+[D|d]esktop.ini
 
 # Ignores for build artifacts
 *.so
@@ -47,6 +45,24 @@ src/ircd
 src/version.c
 src/include
 
+# Ignores for windows stuff
+## Binaries
+*.dll
+*.exe
+*.map
+*.pdb
+*.lib
+
+## Build artifacts
+*.obj
+*.exp
+*.ilk
+*.res
+##Other
+*.tmp
+UnrealIRCd.def*
+*.nativecodeanalysis.xml
+
 # Ignores for mac stuff
 ## Various settings
 *.pbxuser
@@ -72,3 +88,6 @@ xcuserdata
 src/macosx/build/
 DerivedData
 src/macosx/pods/
+
+# Doxygen generated files
+doc/doxygen/

.gitmodules

@@ -1,6 +0,0 @@
-[submodule "extras/tests/ircfly"]
-	path = extras/tests/ircfly
-	url = https://github.com/unrealircd/ircfly.git
-[submodule "extras/tests/functional-tests"]
-	path = extras/tests/functional-tests
-	url = https://github.com/unrealircd/unrealircd-tests.git

.travis.yml

@@ -1,28 +0,0 @@
-language: c
-os:
-- linux
-compiler:
-  - clang
-  - gcc
-script: extras/build-tests/nix/build $BUILDCONFIG
-env:
-  - BUILDCONFIG=""
-  - BUILDCONFIG="system-cares"
-  - BUILDCONFIG="system-cares system-curl"
-  - BUILDCONFIG="local-curl"
-matrix:
-  include:
-  - os: osx
-    env: BUILDCONFIG=""
-  - os: osx
-    env: BUILDCONFIG="system-cares"
-  - os: osx
-    env: BUILDCONFIG="system-cares system-curl"
-  - os: osx
-    env: BUILDCONFIG="local-curl"
-  - env: BUILDCONFIG="libressl-25"
-  - env: BUILDCONFIG="libressl-26"
-  - env: BUILDCONFIG="libressl-27"
-  - env: BUILDCONFIG="openssl-102"
-  - env: BUILDCONFIG="openssl-110"
-  - env: BUILDCONFIG="openssl-111"

BSDmakefile

@@ -0,0 +1,4 @@
+.DONE:
+	@echo "Please use GNU Make (gmake) to build UnrealIRCd"
+.DEFAULT:
+	@echo "Please use GNU Make (gmake) to build UnrealIRCd"

CONTRIBUTING.md

@@ -0,0 +1,5 @@
+Help out and make UnrealIRCd a better product!
+
+You can do so by reporting issues, testing, programming, documenting,
+translating, helping others, and more.
+See https://www.unrealircd.org/docs/Contributing

Makefile.in

@@ -34,11 +34,11 @@ FROMDOS=/home/cmunk/bin/4dos
 #
 
 #XCFLAGS=-O -g -export-dynamic
-IRCDLIBS=@IRCDLIBS@ @TRE_LIBS@ @PCRE2_LIBS@ @CARES_LIBS@ @PTHREAD_LIBS@
+IRCDLIBS=@IRCDLIBS@ @PCRE2_LIBS@ @ARGON2_LIBS@ @CARES_LIBS@ @SODIUM_LIBS@ @JANSSON_LIBS@ @PTHREAD_LIBS@
 CRYPTOLIB=@CRYPTOLIB@
 OPENSSLINCLUDES=
 
-XCFLAGS=@PTHREAD_CFLAGS@ @TRE_CFLAGS@ @PCRE2_CFLAGS@ @CARES_CFLAGS@ @CFLAGS@ @HARDEN_CFLAGS@ @CPPFLAGS@
+XCFLAGS=@PTHREAD_CFLAGS@ @PCRE2_CFLAGS@ @ARGON2_CFLAGS@ @CARES_CFLAGS@ @SODIUM_CFLAGS@ @JANSSON_CFLAGS@ @CFLAGS@ @HARDEN_CFLAGS@ @CPPFLAGS@
 #
 # use the following on MIPS:
 #CFLAGS= -systype bsd43 -DSYSTYPE_BSD43 -I$(INCLUDEDIR)
@@ -89,27 +89,18 @@ XCFLAGS=@PTHREAD_CFLAGS@ @TRE_CFLAGS@ @PCRE2_CFLAGS@ @CARES_CFLAGS@ @CFLAGS@ @HA
 #          you are not defining CMDLINE_CONFIG 
 IRCDMODE = 711
 
+# Objects that are optional due to optional libraries:
 URL=@URL@
-
-# [CHANGEME]
-# If you get a link-time error dealing with strtoul, comment out
-# this line.
-# STRTOUL=	strtoul.o
-STRTOUL=@STRTOUL@
-
-# [CHANGEME]
-# If you get crashes around a specific number of clients, and that
-# client load comes close or a little over the system-defined value of
-# FD_SETSIZE, override it here and see what happens. You may override
-# the system FD_SETSIZE by setting the FD_SETSIZE Makefile variable to
-# -DFD_SETSIZE=<some number>.
-FD_SETSIZE=@FD_SETSIZE@
+GEOIP_CLASSIC_OBJECTS=@GEOIP_CLASSIC_OBJECTS@
+GEOIP_CLASSIC_LIBS=@GEOIP_CLASSIC_LIBS@
+GEOIP_CLASSIC_CFLAGS=@GEOIP_CLASSIC_CFLAGS@
 
 # Where is your openssl binary
 OPENSSLPATH=@OPENSSLPATH@
 
-CFLAGS=-I$(INCLUDEDIR) $(XCFLAGS) $(FD_SETSIZE)
-LDFLAGS=@LDFLAGS_PRIVATELIBS@ @HARDEN_LDFLAGS@
+CFLAGS=-I$(INCLUDEDIR) $(XCFLAGS)
+XLDFLAGS=@LDFLAGS_PRIVATELIBS@ @HARDEN_LDFLAGS@ @LDFLAGS@
+LDFLAGS=$(XLDFLAGS)
 
 SHELL=/bin/sh
 SUBDIRS=src
@@ -126,10 +117,13 @@ MAKEARGS =	'CFLAGS=${CFLAGS}' 'CC=${CC}' 'IRCDLIBS=${IRCDLIBS}' \
 		'RES=${RES}' 'BINDIR=${BINDIR}' 'INSTALL=${INSTALL}' \
 		'INCLUDEDIR=${INCLUDEDIR}' \
 		'RM=${RM}' 'CP=${CP}' 'TOUCH=${TOUCH}' \
-		'SHELL=${SHELL}' 'STRTOUL=${STRTOUL}' \
+		'SHELL=${SHELL}' \
 		'CRYPTOLIB=${CRYPTOLIB}' \
 		'CRYPTOINCLUDES=${CRYPTOINCLUDES}' \
-		'URL=${URL}'
+		'URL=${URL}' \
+		'GEOIP_CLASSIC_OBJECTS=${GEOIP_CLASSIC_OBJECTS}' \
+		'GEOIP_CLASSIC_LIBS=${GEOIP_CLASSIC_LIBS}' \
+		'GEOIP_CLASSIC_CFLAGS=${GEOIP_CLASSIC_CFLAGS}'
 
 custommodule:
 	@if test -z "${MODULEFILE}"; then echo "Please set MODULEFILE when calling \`\`make custommodule''. For example, \`\`make custommodule MODULEFILE=callerid''." >&2; exit 1; fi
@@ -148,7 +142,7 @@ build: Makefile
 	done
 	@echo ''
 	@echo '* UnrealIRCd compiled successfully'
-	@echo '* YOU ARE NOT DONE YET! Run "make install" to install UnrealIRCd !'
+	@echo '* YOU ARE NOT DONE YET! Run "${MAKE} install" to install UnrealIRCd !'
 	@echo ''
 
 clean:
@@ -165,7 +159,7 @@ cleandir: clean
 	rm -rf include/setup.h Makefile Settings
 
 distclean: cleandir
-	rm -rf extras/*.bak extras/regexp extras/*.tar extras/c-ares 
+	rm -rf extras/*.bak extras/*.tar extras/c-ares
 	rm -rf extras/c-ares-* extras/tre-*
 	rm -rf config.log config.settings *.pem ircd.* unrealircd
 	rm -rf Makefile config.status
@@ -177,57 +171,72 @@ depend:
 	done
 
 install: all
-	$(INSTALL) -m 0700 -d @BINDIR@
-	$(INSTALL) -m 0700 src/ircd @BINDIR@/unrealircd
-	$(INSTALL) -m 0700 -d @DOCDIR@
-	$(INSTALL) -m 0600 doc/Authors doc/coding-guidelines doc/tao.of.irc @DOCDIR@
-	$(INSTALL) -m 0700 -d @CONFDIR@
-	$(INSTALL) -m 0600 doc/conf/*.default.conf @CONFDIR@
-	$(INSTALL) -m 0600 doc/conf/*.optional.conf @CONFDIR@
-	-@if [ ! -f "@CONFDIR@/spamfilter.conf" ] ; then \
-		$(INSTALL) -m 0600 doc/conf/spamfilter.conf @CONFDIR@ ; \
+	$(INSTALL) -m 0700 -d $(DESTDIR)@BINDIR@
+	$(INSTALL) -m 0700 src/ircd $(DESTDIR)@BINDIR@/unrealircd
+	$(INSTALL) -m 0700 src/unrealircdctl $(DESTDIR)@BINDIR@/unrealircdctl
+	$(INSTALL) -m 0700 extras/unrealircd-upgrade-script $(DESTDIR)@BINDIR@/unrealircd-upgrade-script
+	$(INSTALL) -m 0700 -d $(DESTDIR)@DOCDIR@
+	$(INSTALL) -m 0600 doc/Authors doc/coding-guidelines doc/tao.of.irc doc/KEYS doc/RELEASE-NOTES.md $(DESTDIR)@DOCDIR@
+	$(INSTALL) -m 0700 -d $(DESTDIR)@CONFDIR@
+	$(INSTALL) -m 0600 doc/conf/*.default.conf $(DESTDIR)@CONFDIR@
+	$(INSTALL) -m 0600 doc/conf/*.optional.conf $(DESTDIR)@CONFDIR@
+	-@if [ ! -f "$(DESTDIR)@CONFDIR@/modules.sources.list" ] ; then \
+		$(INSTALL) -m 0600 doc/conf/modules.sources.list $(DESTDIR)@CONFDIR@ ; \
 	fi
-	-@if [ ! -f "@CONFDIR@/badwords.conf" ] ; then \
-		$(INSTALL) -m 0600 doc/conf/badwords.conf @CONFDIR@ ; \
+	-@if [ ! -f "$(DESTDIR)@CONFDIR@/spamfilter.conf" ] ; then \
+		$(INSTALL) -m 0600 doc/conf/spamfilter.conf $(DESTDIR)@CONFDIR@ ; \
 	fi
-	-@if [ ! -f "@CONFDIR@/dccallow.conf" ] ; then \
-		$(INSTALL) -m 0600 doc/conf/dccallow.conf @CONFDIR@ ; \
+	-@extras/patches/patch_spamfilter_conf "$(DESTDIR)@CONFDIR@"
+	-@if [ ! -f "$(DESTDIR)@CONFDIR@/badwords.conf" ] ; then \
+		$(INSTALL) -m 0600 doc/conf/badwords.conf $(DESTDIR)@CONFDIR@ ; \
 	fi
-	$(INSTALL) -m 0700 -d @CONFDIR@/aliases
-	$(INSTALL) -m 0600 doc/conf/aliases/*.conf @CONFDIR@/aliases
-	$(INSTALL) -m 0700 -d @CONFDIR@/help
-	$(INSTALL) -m 0600 doc/conf/help/*.conf @CONFDIR@/help
-	$(INSTALL) -m 0700 -d @CONFDIR@/examples
-	$(INSTALL) -m 0600 doc/conf/examples/*.conf @CONFDIR@/examples
-	$(INSTALL) -m 0700 -d @CONFDIR@/ssl
-	$(INSTALL) -m 0600 doc/conf/ssl/curl-ca-bundle.crt @CONFDIR@/ssl
-	$(INSTALL) -m 0700 unrealircd @SCRIPTDIR@
-	$(INSTALL) -m 0700 -d @MODULESDIR@
-	$(INSTALL) -m 0700 src/modules/*.so @MODULESDIR@
-	$(INSTALL) -m 0700 -d @MODULESDIR@/usermodes
-	$(INSTALL) -m 0700 src/modules/usermodes/*.so @MODULESDIR@/usermodes
-	$(INSTALL) -m 0700 -d @MODULESDIR@/chanmodes
-	$(INSTALL) -m 0700 src/modules/chanmodes/*.so @MODULESDIR@/chanmodes
-	$(INSTALL) -m 0700 -d @MODULESDIR@/snomasks
-	$(INSTALL) -m 0700 src/modules/snomasks/*.so @MODULESDIR@/snomasks
-	$(INSTALL) -m 0700 -d @MODULESDIR@/extbans
-	$(INSTALL) -m 0700 src/modules/extbans/*.so @MODULESDIR@/extbans
-	$(INSTALL) -m 0700 -d @MODULESDIR@/cap
-	$(INSTALL) -m 0700 src/modules/cap/*.so @MODULESDIR@/cap
-	$(INSTALL) -m 0700 -d @MODULESDIR@/third
-	@#Ugly stuff to detect 0 files in this directory:
-	@+for f in src/modules/third/*.so; do \
-		[ -e $f ] && $(INSTALL) -m 0700 src/modules/third/*.so @MODULESDIR@/third || echo; \
-	done
-	$(INSTALL) -m 0700 -d @TMPDIR@
-	$(INSTALL) -m 0700 -d @CACHEDIR@
-	$(INSTALL) -m 0700 -d @PERMDATADIR@
-	$(INSTALL) -m 0700 -d @LOGDIR@
-	-@if [ ! -f "@CONFDIR@/ssl/server.cert.pem" ] ; then \
-		$(INSTALL) -m 0600 server.req.pem @CONFDIR@/ssl ; \
-		$(INSTALL) -m 0600 server.key.pem @CONFDIR@/ssl ; \
-		$(INSTALL) -m 0600 server.cert.pem @CONFDIR@/ssl ; \
+	-@if [ ! -f "$(DESTDIR)@CONFDIR@/dccallow.conf" ] ; then \
+		$(INSTALL) -m 0600 doc/conf/dccallow.conf $(DESTDIR)@CONFDIR@ ; \
 	fi
+	$(INSTALL) -m 0700 -d $(DESTDIR)@CONFDIR@/aliases
+	$(INSTALL) -m 0600 doc/conf/aliases/*.conf $(DESTDIR)@CONFDIR@/aliases
+	$(INSTALL) -m 0700 -d $(DESTDIR)@CONFDIR@/help
+	$(INSTALL) -m 0600 doc/conf/help/*.conf $(DESTDIR)@CONFDIR@/help
+	$(INSTALL) -m 0700 -d $(DESTDIR)@CONFDIR@/examples
+	$(INSTALL) -m 0600 doc/conf/examples/*.conf $(DESTDIR)@CONFDIR@/examples
+	$(INSTALL) -m 0700 unrealircd $(DESTDIR)@SCRIPTDIR@
+	$(INSTALL) -m 0700 -d $(DESTDIR)@MODULESDIR@
+	@rm -f $(DESTDIR)@MODULESDIR@/*.so 1>/dev/null 2>&1
+	$(INSTALL) -m 0700 src/modules/*.so $(DESTDIR)@MODULESDIR@
+	$(INSTALL) -m 0700 -d $(DESTDIR)@MODULESDIR@/usermodes
+	@rm -f $(DESTDIR)@MODULESDIR@/usermodes/*.so 1>/dev/null 2>&1
+	$(INSTALL) -m 0700 src/modules/usermodes/*.so $(DESTDIR)@MODULESDIR@/usermodes
+	$(INSTALL) -m 0700 -d $(DESTDIR)@MODULESDIR@/chanmodes
+	@rm -f $(DESTDIR)@MODULESDIR@/chanmodes/*.so 1>/dev/null 2>&1
+	$(INSTALL) -m 0700 src/modules/chanmodes/*.so $(DESTDIR)@MODULESDIR@/chanmodes
+	$(INSTALL) -m 0700 -d $(DESTDIR)@MODULESDIR@/extbans
+	@rm -f $(DESTDIR)@MODULESDIR@/extbans/*.so 1>/dev/null 2>&1
+	$(INSTALL) -m 0700 src/modules/extbans/*.so $(DESTDIR)@MODULESDIR@/extbans
+	$(INSTALL) -m 0700 -d $(DESTDIR)@MODULESDIR@/rpc
+	@rm -f $(DESTDIR)@MODULESDIR@/rpc/*.so 1>/dev/null 2>&1
+	$(INSTALL) -m 0700 src/modules/rpc/*.so $(DESTDIR)@MODULESDIR@/rpc
+	@#If the conf/ssl directory exists then rename it here to conf/tls
+	@#and add a symlink for backwards compatibility (so that f.e. certbot
+	@#doesn't randomly fail after an upgrade to U5).
+	-@if [ -d "$(DESTDIR)@CONFDIR@/ssl" ] ; then \
+		mv "$(DESTDIR)@CONFDIR@/ssl" "$(DESTDIR)@CONFDIR@/tls" ; \
+		ln -s "$(DESTDIR)@CONFDIR@/tls" "$(DESTDIR)@CONFDIR@/ssl" ; \
+	fi
+	$(INSTALL) -m 0700 -d $(DESTDIR)@CONFDIR@/tls
+	$(INSTALL) -m 0600 doc/conf/tls/curl-ca-bundle.crt $(DESTDIR)@CONFDIR@/tls
+	$(INSTALL) -m 0600 doc/conf/tls/tls.cnf $(DESTDIR)@CONFDIR@/tls
+	@# delete modules/cap directory, to avoid confusing with U4 to U5 upgrades:
+	rm -rf $(DESTDIR)@MODULESDIR@/cap
+	$(INSTALL) -m 0700 -d $(DESTDIR)@MODULESDIR@/third
+	@rm -f $(DESTDIR)@MODULESDIR@/third/*.so 1>/dev/null 2>&1
+	@#This step can fail with zero files, so we ignore exit status:
+	-$(INSTALL) -m 0700 src/modules/third/*.so $(DESTDIR)@MODULESDIR@/third
+	$(INSTALL) -m 0700 -d $(DESTDIR)@TMPDIR@
+	$(INSTALL) -m 0700 -d $(DESTDIR)@CACHEDIR@
+	$(INSTALL) -m 0700 -d $(DESTDIR)@PERMDATADIR@
+	$(INSTALL) -m 0700 -d $(DESTDIR)@LOGDIR@
+	@rm -f $(DESTDIR)@SCRIPTDIR@/source
+	ln -s @BUILDDIR@ $(DESTDIR)@SCRIPTDIR@/source
 	@echo ''
 	@echo '* UnrealIRCd is now installed.'
 	
@@ -244,41 +253,20 @@ install: all
 	@echo '* To start/stop UnrealIRCd run: @SCRIPTDIR@/unrealircd"'
 	@echo ''
 	@echo '* Consult the documentation online at:'
-	@echo '  * https://www.unrealircd.org/docs/UnrealIRCd_4_documentation'
+	@echo '  * https://www.unrealircd.org/docs/'
 	@echo '  * https://www.unrealircd.org/docs/FAQ'
-	@echo '* You may also wish to install a cron job to ensure UnrealIRCd is always running:'
-	@echo '  * https://www.unrealircd.org/docs/Cron_job'
+	@echo ''
+	@echo '* To ensure UnrealIRCd automatically starts on system startup:'
+	@echo '  * Install a cron job: https://www.unrealircd.org/docs/Cron_job'
+	@echo '  * Or, use systemd: https://www.unrealircd.org/docs/Using_systemd_with_UnrealIRCd'
 	@echo ''
 	-@if [ "@SCRIPTDIR@/bin" = "@BINDIR@" ] ; then \
 		echo 'Again, be sure to change to the @SCRIPTDIR@ directory!' ; \
 	fi
 
-### TODO: all the stuff below ;) ###
-pem:	src/ssl.cnf
-	@echo "Generating certificate request .. "
-	$(OPENSSLPATH) req -new \
-              -config src/ssl.cnf -sha256 -out server.req.pem \
-              -keyout server.key.pem -nodes
-	@echo "Generating self-signed certificate .. "
-	$(OPENSSLPATH) req -x509 -days 3650 -sha256 -in server.req.pem \
-               -key server.key.pem -out server.cert.pem
-	@echo "Generating fingerprint .."
-	$(OPENSSLPATH) x509 -subject -dates -sha256 -fingerprint -noout \
-		-in server.cert.pem
-	@echo "Setting o-rwx & g-rwx for files... "
-	chmod o-rwx server.req.pem server.key.pem server.cert.pem
-	chmod g-rwx server.req.pem server.key.pem server.cert.pem
-	@echo "Done!. If you want to encrypt the private key, run"
-	@echo "make encpem"
-
-encpem: server.key.pem
-	@echo "Encrypting server key .."
-	$(OPENSSLPATH) rsa -in server.key.pem -out server.key.c.pem -des3
-	-@if [ -f server.key.c.pem ] ; then \
-		echo "Replacing unencrypted with encrypted .." ; \
-		cp server.key.c.pem server.key.pem ; \
-		rm -f server.key.c.pem ; \
-	fi
+pem:
+	@echo "The command 'make pem' is no longer used to generate the TLS certificate."
+	@echo "Please run './unrealircd mkcert' instead."
 
 Makefile: config.status Makefile.in
 	./config.status

README.md

@@ -1,57 +1,53 @@
-[![Build Status - *NIX](https://travis-ci.org/unrealircd/unrealircd.svg?branch=unreal40)](https://travis-ci.org/unrealircd/unrealircd)
-[![Build Status - Windows](https://ci.appveyor.com/api/projects/status/9kgectl2mfyia0s5/branch/unreal40?svg=true)](https://ci.appveyor.com/project/syzop/unrealircd/branch/unreal40)
+[![Mastodon Follow](https://img.shields.io/mastodon/follow/110769722108208212?domain=https%3A%2F%2Ffosstodon.org&style=social&label=Follow)](https://fosstodon.org/@unrealircd)
 [![Twitter Follow](https://img.shields.io/twitter/follow/Unreal_IRCd.svg?style=social&label=Follow)](https://twitter.com/Unreal_IRCd)
+[![Linux CI](https://github.com/unrealircd/unrealircd/actions/workflows/linux-ci.yml/badge.svg)](https://github.com/unrealircd/unrealircd/actions/workflows/linux-ci.yml)
 
 ## About UnrealIRCd
-UnrealIRCd is an Open Source IRC Server, serving thousands of networks since 1999. 
+UnrealIRCd is an Open Source IRC Server, serving thousands of networks since 1999.
 It runs on Linux, OS X and Windows and is currently the most widely deployed IRCd
-with a market share of over 50%. UnrealIRCd is a highly advanced IRCd with a strong
-focus on modularity, an advanced and highly configurable configuration file.
-Key features include SSL, cloaking, its advanced anti-flood and anti-spam systems,
-swear filtering and module support. We are also particularly proud on our extensive
-online documentation. 
+with a [market share of 37%](https://www.ircstats.org/servers). UnrealIRCd is a
+highly advanced IRCd with a strong focus on modularity and security. It uses an
+advanced and highly configurable configuration file. Other key features include:
+full IRCv3 support, SSL/TLS, cloaking, JSON-RPC, advanced anti-flood and anti-spam
+systems, GeoIP, remote includes, and lots of [other features](https://www.unrealircd.org/docs/About_UnrealIRCd).
+We are also particularly proud on our extensive online documentation.
+
+## Versions
+* UnrealIRCd 6 is the *stable* series since December 2021. It is the only supported version.
+* For full details of release scheduling and EOL dates, see
+  [UnrealIRCd releases](https://www.unrealircd.org/docs/UnrealIRCd_releases) on the wiki
 
 ## How to get started
-Please consult our excellent online documentation at https://www.unrealircd.org/docs/
-when setting up the IRCd!
+Follow the installation guide on the wiki. See:
+* [Installing from source for *NIX](https://www.unrealircd.org/docs/Installing_from_source)
+* [Installation instructions for Windows](https://www.unrealircd.org/docs/Installing_(Windows))
 
-### Step 1: Installation
-#### Windows
-Simply download the UnrealIRCd Windows version from www.unrealircd.org
-
-Alternatively you can compile UnrealIRCd for Windows yourself. However this is not straightforward and thus not recommended.
-
-#### *BSD/Linux/macOS
-First you must compile the IRCd:
-
-* Run `./Config`
-* Run `make`
-* Run `make install`
-* Now change to the directory where you installed UnrealIRCd, e.g. `cd /home/xxxx/unrealircd`
-
-### Step 2: Configuration
-Configuration files are stored in the conf/ folder by default (eg: /home/xxxx/unrealircd/conf)
-
-#### Create a configuration file
-If you are new, then you need to create your own configuration file:
-Copy conf/examples/example.conf to conf/ and call it unrealircd.conf.
-Then open it in an editor and carefully modify it using the documentation and FAQ as a guide (see below).
-
-### Step 3: Booting
-
-#### Linux/*BSD/macOS
-Run `./unrealircd start` in the directory where you installed UnrealIRCd.
-
-#### Windows
-Start -> All Programs -> UnrealIRCd -> UnrealIRCd
-
-## Documentation & FAQ
-You can find the **documentation** online at: https://www.unrealircd.org/docs/
+## Documentation and Support
+You can find all **documentation** online at: https://www.unrealircd.org/docs/
 
 We also have a good **FAQ**: https://www.unrealircd.org/docs/FAQ
 
-## Website, support, and other links ##
-* https://www.unrealircd.org - Our main website
-* https://forums.unrealircd.org - Support
+If you are in need of support, you can pop up on [**#unreal-support** on `irc.unrealircd.org`](ircs://irc.unrealircd.org:6697/unreal-support)
+or ask your question on the [forums](https://forums.unrealircd.org).
+
+## Supported systems
+We try to **support** all major *NIX systems: all Linux distros but also NetBSD, OpenBSD and macOS,
+provided the OS version was released within the past ~5 years.
+
+We use a private BuildBot instance to test each commit. The **tested** systems are (others are
+likely to work too):
+* Linux: Debian (10, 11, 12, 13), Ubuntu (18.04, 20.04, 22.04, 24.04, 26.04)
+* FreeBSD: 15
+* Windows: 11
+
+UnrealIRCd is architecture-agnostic. Most of the BuildBot workers run on x64 but we
+also have some on x86 and arm64 to ensure these work as well.
+
+## Other links ##
+* https://www.unrealircd.org - Main website
 * https://bugs.unrealircd.org - Bug tracker
-* ircs://irc.unrealircd.org:6697/unreal-support - IRC support
+* https://fosstodon.org/@unrealircd - Mastodon
+* https://twitter.com/Unreal_IRCd - Twitter
+* [SECURITY.md](https://github.com/unrealircd/unrealircd/blob/unreal60_dev/SECURITY.md#security-policy) - How to report security issues
+* [LICENSE](https://github.com/unrealircd/unrealircd/blob/unreal60_dev/LICENSE) - LICENSE: GPLv2 or later
+* [Contributing](https://www.unrealircd.org/docs/Contributing) - How to help: report bugs, test, write or translate documentations, ..

SECURITY.md

@@ -0,0 +1,70 @@
+# Security Policy
+
+## Supported Versions
+* The latest *stable* release of UnrealIRCd 6
+
+See [UnrealIRCd releases](https://www.unrealircd.org/docs/UnrealIRCd_releases)
+for information on older versions and End Of Life dates.
+
+## Scope
+
+In general, issues triggered by regular users involving memory safety issues
+(such as OOB read/write or UAF), sensitive information disclosure, privilege elevation,
+Denial of Service (e.g. a crash), or remote code execution fall within the scope of
+this security policy.
+
+Issues that require IRCOp rights, server-to-server traffic, or editing of config
+files may still fall within scope, but are classified case by case depending on
+the impact and circumstances.
+
+Issues that require shell access as the same user running UnrealIRCd are not
+considered security issues. See the
+[full policy](https://www.unrealircd.org/docs/Policy:_Handling_of_security_issues)
+for details.
+
+## Use of AI or other tools
+
+It is normal and acceptable to use tools for finding security vulnerabilities.
+We use them ourselves as well: AI, static code analyzers, fuzzing. This is all fine.
+
+If a tool flagged an issue then we ask only **one extra thing**: that you
+**reproduce the issue** on your own local server. So: confirm the issue by
+actually running UnrealIRCd with a reproducer (which usually means: by sending
+IRC traffic to trigger the bug). This is because tools regularly flag something
+as an issue but in practice it may be impossible to happen because of some extra
+check somewhere or other requirements.
+
+If you are trying to reproduce an issue, then we suggest running `./Config` and
+answering `Yes` to the near-last question about AddressSanitizer (ASan),
+especially for memory safety issues. Please include the reproducer and any
+relevant ASan output in the bug report. ASan output is useful even if a normal
+build does not visibly crash. It helps us a lot.
+
+If you used AI, static code analyzers, fuzzing, or similar tools and fail to
+follow the procedure above, expect us to ask you again to reproduce the issue.
+If you refuse to do so, don't respond in a timely manner, or keep sending reports
+without doing so after we asked, then we will close the bug report. For repeat
+offenders, we may proceed with putting you on ignore, banning or deleting your
+account, or similar. Giving a reproducer is not a big ask and is normal procedure
+nowadays. It should be part of your standard workflow if you are a security
+researcher.
+
+## Reporting a Vulnerability
+
+Please report issues on the [bug tracker](https://bugs.unrealircd.org) and in
+the bug submit form **set the 'View Status' to 'private'**.
+
+Do not report security issues as a Pull Request, on the forums or in a public
+IRC channel such as #unreal-support. If you insist on e-mail then you can use
+syzop@unrealircd.org or security@unrealircd.org. Again, the bug tracker is
+preferred.
+
+If you found a real issue but are *unsure* if it is a security issue, then
+report it at the bug tracker as a 'private' bug anyway. Better safe than sorry.
+Do not ask around in public channels or forums.
+
+You should get a response or at least an acknowledgement soon. If you don't hear
+back within 24 hours, then please try to contact us again.
+
+## Full policy
+See https://www.unrealircd.org/docs/Policy:_Handling_of_security_issues for full information.

appveyor.yml

@@ -1,10 +0,0 @@
-version: 4.0.x-devbuild-{build}
-environment:
-  matrix:
-  - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2017"
-    TARGET: "Visual Studio 2017"
-    SHORTNAME: "vs2017"
-init:
-  - cmd: git config --global core.autocrlf true
-build_script:
-  - cmd: call extras\\build-tests\\windows\\build.bat

autoconf/m4/pkg.m4

@@ -0,0 +1,343 @@
+# pkg.m4 - Macros to locate and use pkg-config.   -*- Autoconf -*-
+# serial 12 (pkg-config-0.29.2)
+
+dnl Copyright © 2004 Scott James Remnant <scott@netsplit.com>.
+dnl Copyright © 2012-2015 Dan Nicholson <dbn.lists@gmail.com>
+dnl
+dnl This program is free software; you can redistribute it and/or modify
+dnl it under the terms of the GNU General Public License as published by
+dnl the Free Software Foundation; either version 2 of the License, or
+dnl (at your option) any later version.
+dnl
+dnl This program is distributed in the hope that it will be useful, but
+dnl WITHOUT ANY WARRANTY; without even the implied warranty of
+dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+dnl General Public License for more details.
+dnl
+dnl You should have received a copy of the GNU General Public License
+dnl along with this program; if not, write to the Free Software
+dnl Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+dnl 02111-1307, USA.
+dnl
+dnl As a special exception to the GNU General Public License, if you
+dnl distribute this file as part of a program that contains a
+dnl configuration script generated by Autoconf, you may include it under
+dnl the same distribution terms that you use for the rest of that
+dnl program.
+
+dnl PKG_PREREQ(MIN-VERSION)
+dnl -----------------------
+dnl Since: 0.29
+dnl
+dnl Verify that the version of the pkg-config macros are at least
+dnl MIN-VERSION. Unlike PKG_PROG_PKG_CONFIG, which checks the user's
+dnl installed version of pkg-config, this checks the developer's version
+dnl of pkg.m4 when generating configure.
+dnl
+dnl To ensure that this macro is defined, also add:
+dnl m4_ifndef([PKG_PREREQ],
+dnl     [m4_fatal([must install pkg-config 0.29 or later before running autoconf/autogen])])
+dnl
+dnl See the "Since" comment for each macro you use to see what version
+dnl of the macros you require.
+m4_defun([PKG_PREREQ],
+[m4_define([PKG_MACROS_VERSION], [0.29.2])
+m4_if(m4_version_compare(PKG_MACROS_VERSION, [$1]), -1,
+    [m4_fatal([pkg.m4 version $1 or higher is required but ]PKG_MACROS_VERSION[ found])])
+])dnl PKG_PREREQ
+
+dnl PKG_PROG_PKG_CONFIG([MIN-VERSION])
+dnl ----------------------------------
+dnl Since: 0.16
+dnl
+dnl Search for the pkg-config tool and set the PKG_CONFIG variable to
+dnl first found in the path. Checks that the version of pkg-config found
+dnl is at least MIN-VERSION. If MIN-VERSION is not specified, 0.9.0 is
+dnl used since that's the first version where most current features of
+dnl pkg-config existed.
+AC_DEFUN([PKG_PROG_PKG_CONFIG],
+[m4_pattern_forbid([^_?PKG_[A-Z_]+$])
+m4_pattern_allow([^PKG_CONFIG(_(PATH|LIBDIR|SYSROOT_DIR|ALLOW_SYSTEM_(CFLAGS|LIBS)))?$])
+m4_pattern_allow([^PKG_CONFIG_(DISABLE_UNINSTALLED|TOP_BUILD_DIR|DEBUG_SPEW)$])
+AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility])
+AC_ARG_VAR([PKG_CONFIG_PATH], [directories to add to pkg-config's search path])
+AC_ARG_VAR([PKG_CONFIG_LIBDIR], [path overriding pkg-config's built-in search path])
+
+if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
+	AC_PATH_TOOL([PKG_CONFIG], [pkg-config])
+fi
+if test -n "$PKG_CONFIG"; then
+	_pkg_min_version=m4_default([$1], [0.9.0])
+	AC_MSG_CHECKING([pkg-config is at least version $_pkg_min_version])
+	if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then
+		AC_MSG_RESULT([yes])
+	else
+		AC_MSG_RESULT([no])
+		PKG_CONFIG=""
+	fi
+fi[]dnl
+])dnl PKG_PROG_PKG_CONFIG
+
+dnl PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
+dnl -------------------------------------------------------------------
+dnl Since: 0.18
+dnl
+dnl Check to see whether a particular set of modules exists. Similar to
+dnl PKG_CHECK_MODULES(), but does not set variables or print errors.
+dnl
+dnl Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG])
+dnl only at the first occurrence in configure.ac, so if the first place
+dnl it's called might be skipped (such as if it is within an "if", you
+dnl have to call PKG_CHECK_EXISTS manually
+AC_DEFUN([PKG_CHECK_EXISTS],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
+if test -n "$PKG_CONFIG" && \
+    AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then
+  m4_default([$2], [:])
+m4_ifvaln([$3], [else
+  $3])dnl
+fi])
+
+dnl _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES])
+dnl ---------------------------------------------
+dnl Internal wrapper calling pkg-config via PKG_CONFIG and setting
+dnl pkg_failed based on the result.
+m4_define([_PKG_CONFIG],
+[if test -n "$$1"; then
+    pkg_cv_[]$1="$$1"
+ elif test -n "$PKG_CONFIG"; then
+    PKG_CHECK_EXISTS([$3],
+                     [pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null`
+		      test "x$?" != "x0" && pkg_failed=yes ],
+		     [pkg_failed=yes])
+ else
+    pkg_failed=untried
+fi[]dnl
+])dnl _PKG_CONFIG
+
+dnl _PKG_SHORT_ERRORS_SUPPORTED
+dnl ---------------------------
+dnl Internal check to see if pkg-config supports short errors.
+AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])
+if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
+        _pkg_short_errors_supported=yes
+else
+        _pkg_short_errors_supported=no
+fi[]dnl
+])dnl _PKG_SHORT_ERRORS_SUPPORTED
+
+
+dnl PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND],
+dnl   [ACTION-IF-NOT-FOUND])
+dnl --------------------------------------------------------------
+dnl Since: 0.4.0
+dnl
+dnl Note that if there is a possibility the first call to
+dnl PKG_CHECK_MODULES might not happen, you should be sure to include an
+dnl explicit call to PKG_PROG_PKG_CONFIG in your configure.ac
+AC_DEFUN([PKG_CHECK_MODULES],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
+AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl
+AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl
+
+pkg_failed=no
+AC_MSG_CHECKING([for $2])
+
+_PKG_CONFIG([$1][_CFLAGS], [cflags], [$2])
+_PKG_CONFIG([$1][_LIBS], [libs], [$2])
+
+m4_define([_PKG_TEXT], [Alternatively, you may set the environment variables $1[]_CFLAGS
+and $1[]_LIBS to avoid the need to call pkg-config.
+See the pkg-config man page for more details.])
+
+if test $pkg_failed = yes; then
+        AC_MSG_RESULT([no])
+        _PKG_SHORT_ERRORS_SUPPORTED
+        if test $_pkg_short_errors_supported = yes; then
+                $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$2" 2>&1`
+        else
+                $1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$2" 2>&1`
+        fi
+        # Put the nasty error message in config.log where it belongs
+        echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD
+
+        m4_default([$4], [AC_MSG_ERROR(
+[Package requirements ($2) were not met:
+
+$$1_PKG_ERRORS
+
+Consider adjusting the PKG_CONFIG_PATH environment variable if you
+installed software in a non-standard prefix.
+
+_PKG_TEXT])[]dnl
+        ])
+elif test $pkg_failed = untried; then
+        AC_MSG_RESULT([no])
+        m4_default([$4], [AC_MSG_FAILURE(
+[The pkg-config script could not be found or is too old.  Make sure it
+is in your PATH or set the PKG_CONFIG environment variable to the full
+path to pkg-config.
+
+_PKG_TEXT
+
+To get pkg-config, see <http://pkg-config.freedesktop.org/>.])[]dnl
+        ])
+else
+        $1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS
+        $1[]_LIBS=$pkg_cv_[]$1[]_LIBS
+        AC_MSG_RESULT([yes])
+        $3
+fi[]dnl
+])dnl PKG_CHECK_MODULES
+
+
+dnl PKG_CHECK_MODULES_STATIC(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND],
+dnl   [ACTION-IF-NOT-FOUND])
+dnl ---------------------------------------------------------------------
+dnl Since: 0.29
+dnl
+dnl Checks for existence of MODULES and gathers its build flags with
+dnl static libraries enabled. Sets VARIABLE-PREFIX_CFLAGS from --cflags
+dnl and VARIABLE-PREFIX_LIBS from --libs.
+dnl
+dnl Note that if there is a possibility the first call to
+dnl PKG_CHECK_MODULES_STATIC might not happen, you should be sure to
+dnl include an explicit call to PKG_PROG_PKG_CONFIG in your
+dnl configure.ac.
+AC_DEFUN([PKG_CHECK_MODULES_STATIC],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
+_save_PKG_CONFIG=$PKG_CONFIG
+PKG_CONFIG="$PKG_CONFIG --static"
+PKG_CHECK_MODULES($@)
+PKG_CONFIG=$_save_PKG_CONFIG[]dnl
+])dnl PKG_CHECK_MODULES_STATIC
+
+
+dnl PKG_INSTALLDIR([DIRECTORY])
+dnl -------------------------
+dnl Since: 0.27
+dnl
+dnl Substitutes the variable pkgconfigdir as the location where a module
+dnl should install pkg-config .pc files. By default the directory is
+dnl $libdir/pkgconfig, but the default can be changed by passing
+dnl DIRECTORY. The user can override through the --with-pkgconfigdir
+dnl parameter.
+AC_DEFUN([PKG_INSTALLDIR],
+[m4_pushdef([pkg_default], [m4_default([$1], ['${libdir}/pkgconfig'])])
+m4_pushdef([pkg_description],
+    [pkg-config installation directory @<:@]pkg_default[@:>@])
+AC_ARG_WITH([pkgconfigdir],
+    [AS_HELP_STRING([--with-pkgconfigdir], pkg_description)],,
+    [with_pkgconfigdir=]pkg_default)
+AC_SUBST([pkgconfigdir], [$with_pkgconfigdir])
+m4_popdef([pkg_default])
+m4_popdef([pkg_description])
+])dnl PKG_INSTALLDIR
+
+
+dnl PKG_NOARCH_INSTALLDIR([DIRECTORY])
+dnl --------------------------------
+dnl Since: 0.27
+dnl
+dnl Substitutes the variable noarch_pkgconfigdir as the location where a
+dnl module should install arch-independent pkg-config .pc files. By
+dnl default the directory is $datadir/pkgconfig, but the default can be
+dnl changed by passing DIRECTORY. The user can override through the
+dnl --with-noarch-pkgconfigdir parameter.
+AC_DEFUN([PKG_NOARCH_INSTALLDIR],
+[m4_pushdef([pkg_default], [m4_default([$1], ['${datadir}/pkgconfig'])])
+m4_pushdef([pkg_description],
+    [pkg-config arch-independent installation directory @<:@]pkg_default[@:>@])
+AC_ARG_WITH([noarch-pkgconfigdir],
+    [AS_HELP_STRING([--with-noarch-pkgconfigdir], pkg_description)],,
+    [with_noarch_pkgconfigdir=]pkg_default)
+AC_SUBST([noarch_pkgconfigdir], [$with_noarch_pkgconfigdir])
+m4_popdef([pkg_default])
+m4_popdef([pkg_description])
+])dnl PKG_NOARCH_INSTALLDIR
+
+
+dnl PKG_CHECK_VAR(VARIABLE, MODULE, CONFIG-VARIABLE,
+dnl [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
+dnl -------------------------------------------
+dnl Since: 0.28
+dnl
+dnl Retrieves the value of the pkg-config variable for the given module.
+AC_DEFUN([PKG_CHECK_VAR],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
+AC_ARG_VAR([$1], [value of $3 for $2, overriding pkg-config])dnl
+
+_PKG_CONFIG([$1], [variable="][$3]["], [$2])
+AS_VAR_COPY([$1], [pkg_cv_][$1])
+
+AS_VAR_IF([$1], [""], [$5], [$4])dnl
+])dnl PKG_CHECK_VAR
+
+dnl PKG_WITH_MODULES(VARIABLE-PREFIX, MODULES,
+dnl   [ACTION-IF-FOUND],[ACTION-IF-NOT-FOUND],
+dnl   [DESCRIPTION], [DEFAULT])
+dnl ------------------------------------------
+dnl
+dnl Prepare a "--with-" configure option using the lowercase
+dnl [VARIABLE-PREFIX] name, merging the behaviour of AC_ARG_WITH and
+dnl PKG_CHECK_MODULES in a single macro.
+AC_DEFUN([PKG_WITH_MODULES],
+[
+m4_pushdef([with_arg], m4_tolower([$1]))
+
+m4_pushdef([description],
+           [m4_default([$5], [build with ]with_arg[ support])])
+
+m4_pushdef([def_arg], [m4_default([$6], [auto])])
+m4_pushdef([def_action_if_found], [AS_TR_SH([with_]with_arg)=yes])
+m4_pushdef([def_action_if_not_found], [AS_TR_SH([with_]with_arg)=no])
+
+m4_case(def_arg,
+            [yes],[m4_pushdef([with_without], [--without-]with_arg)],
+            [m4_pushdef([with_without],[--with-]with_arg)])
+
+AC_ARG_WITH(with_arg,
+     AS_HELP_STRING(with_without, description[ @<:@default=]def_arg[@:>@]),,
+    [AS_TR_SH([with_]with_arg)=def_arg])
+
+AS_CASE([$AS_TR_SH([with_]with_arg)],
+            [yes],[PKG_CHECK_MODULES([$1],[$2],$3,$4)],
+            [auto],[PKG_CHECK_MODULES([$1],[$2],
+                                        [m4_n([def_action_if_found]) $3],
+                                        [m4_n([def_action_if_not_found]) $4])])
+
+m4_popdef([with_arg])
+m4_popdef([description])
+m4_popdef([def_arg])
+
+])dnl PKG_WITH_MODULES
+
+dnl PKG_HAVE_WITH_MODULES(VARIABLE-PREFIX, MODULES,
+dnl   [DESCRIPTION], [DEFAULT])
+dnl -----------------------------------------------
+dnl
+dnl Convenience macro to trigger AM_CONDITIONAL after PKG_WITH_MODULES
+dnl check._[VARIABLE-PREFIX] is exported as make variable.
+AC_DEFUN([PKG_HAVE_WITH_MODULES],
+[
+PKG_WITH_MODULES([$1],[$2],,,[$3],[$4])
+
+AM_CONDITIONAL([HAVE_][$1],
+               [test "$AS_TR_SH([with_]m4_tolower([$1]))" = "yes"])
+])dnl PKG_HAVE_WITH_MODULES
+
+dnl PKG_HAVE_DEFINE_WITH_MODULES(VARIABLE-PREFIX, MODULES,
+dnl   [DESCRIPTION], [DEFAULT])
+dnl ------------------------------------------------------
+dnl
+dnl Convenience macro to run AM_CONDITIONAL and AC_DEFINE after
+dnl PKG_WITH_MODULES check. HAVE_[VARIABLE-PREFIX] is exported as make
+dnl and preprocessor variable.
+AC_DEFUN([PKG_HAVE_DEFINE_WITH_MODULES],
+[
+PKG_HAVE_WITH_MODULES([$1],[$2],[$3],[$4])
+
+AS_IF([test "$AS_TR_SH([with_]m4_tolower([$1]))" = "yes"],
+        [AC_DEFINE([HAVE_][$1], 1, [Enable ]m4_tolower([$1])[ support])])
+])dnl PKG_HAVE_DEFINE_WITH_MODULES

autoconf/m4/unreal.m4

@@ -97,7 +97,7 @@ AC_DEFUN([CHECK_LIBCURL],
   with the system-installed libcURL, this is a bad idea which may result in error
   messages looking like:
 
-  	\`\`[error] unrealircd.conf:9: include: error downloading '(http://example.net/ex.conf)': Could not resolve host: example.net (Successful completion)''
+  	error downloading ... Could not resolve host: example.net (Successful completion)
 
   Or UnrealIRCd might even crash.
 
@@ -130,9 +130,13 @@ AC_DEFUN([CHECK_LIBCURL],
 		LIBS="$LIBS_SAVEDA"
 		CFLAGS="$CFLAGS_SAVEDA"
 
-		URL="url.o"
-		AC_SUBST(URL)
+		dnl Finally, choose the cURL implementation of url.c
+		URL="url_curl.o"
+	],[
+		dnl Choose UnrealIRCds internal implementation of url.c
+		URL="url_unreal.o"
 	]) dnl AS_IF(enable_curl) 
+	AC_SUBST(URL)
 ])
 
 dnl the following 2 macros are based on CHECK_SSL by Mark Ethan Trostler <trostler@juniper.net> 
@@ -145,7 +149,7 @@ AC_ARG_ENABLE(ssl,
 	[enable_ssl=no])
 AS_IF([test $enable_ssl != "no"],
 	[ 
-	AC_MSG_CHECKING([for openssl])
+	AC_MSG_CHECKING([for OpenSSL])
 	for dir in $enable_ssl /usr/local/opt/openssl /usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/sfw /usr/local /usr; do
 		ssldir="$dir"
 		if test -f "$dir/include/openssl/ssl.h"; then
@@ -169,19 +173,74 @@ AS_IF([test $enable_ssl != "no"],
 		AC_MSG_RESULT(not found)
 		echo ""
 		echo "Apparently you do not have both the openssl binary and openssl development libraries installed."
-		echo "Please install the needed binaries and libraries."
-		echo "The package is often called 'openssl-dev', 'openssl-devel' or 'libssl-dev'"
-		echo "After doing so re-run ./Config"
+		echo "The following packages are required:"
+		echo "1) The library package is often called 'openssl-dev', 'openssl-devel' or 'libssl-dev'"
+		echo "2) The binary package is usually called 'openssl'."
+		echo "NOTE: you or your system administrator needs to install the library AND the binary package."
+		echo "After doing so, simply re-run ./Config"
 		exit 1
 	else
 		CRYPTOLIB="-lssl -lcrypto";
 		if test ! "$ssldir" = "/usr" ; then
-			LDFLAGS="$LDFLAGS -L$ssldir/lib";
+			if test -d "$ssldir/lib64" ; then
+				LDFLAGS="$LDFLAGS -L$ssldir/lib64";
+			else
+				LDFLAGS="$LDFLAGS -L$ssldir/lib";
+			fi
+			dnl check if binary path exists
+			if test -f "$ssldir/bin/openssl"; then
+			    OPENSSLPATH="$ssldir/bin/openssl";
+			fi
 		fi
+		dnl linking require -ldl?
+		AC_MSG_CHECKING([OpenSSL linking with -ldl])
+		SAVE_LIBS="$LIBS"
+		LIBS="$LIBS $CRYPTOLIB -ldl"
+		AC_TRY_LINK([#include <openssl/err.h>], [ERR_clear_error();],
+		[
+			AC_MSG_RESULT(yes)
+			CRYPTOLIB="$CRYPTOLIB -ldl"
+		],
+		[
+			AC_MSG_RESULT(no)
+
+			dnl linking require both -ldl and -lpthread?
+			AC_MSG_CHECKING([OpenSSL linking with -ldl and -lpthread])
+			LIBS="$SAVE_LIBS $CRYPTOLIB -ldl -lpthread"
+			AC_TRY_LINK([#include <openssl/err.h>], [ERR_clear_error();],
+			[
+				AC_MSG_RESULT(yes)
+				CRYPTOLIB="$CRYPTOLIB -ldl -lpthread"
+			],
+			[
+				AC_MSG_RESULT(no)
+			])
+		])
+		LIBS="$SAVE_LIBS"
 	fi
 	])
 ])
 
+AC_DEFUN([CHECK_SSL_CTX_SET1_SIGALGS_LIST],
+[
+AC_MSG_CHECKING([for SSL_CTX_set1_sigalgs_list in SSL library])
+AC_LANG_PUSH(C)
+SAVE_LIBS="$LIBS"
+LIBS="$LIBS $CRYPTOLIB"
+AC_TRY_LINK([#include <openssl/ssl.h>],
+	[SSL_CTX *ctx = NULL; SSL_CTX_set1_sigalgs_list(ctx, "test");],
+	has_function=1,
+	has_function=0)
+LIBS="$SAVE_LIBS"
+AC_LANG_POP(C)
+if test $has_function = 1; then
+	AC_MSG_RESULT([yes])
+	AC_DEFINE([HAS_SSL_CTX_SET1_SIGALGS_LIST], [], [Define if ssl library has SSL_CTX_set1_sigalgs_list])
+else
+	AC_MSG_RESULT([no])
+fi
+])
+
 AC_DEFUN([CHECK_SSL_CTX_SET1_CURVES_LIST],
 [
 AC_MSG_CHECKING([for SSL_CTX_set1_curves_list in SSL library])
@@ -190,14 +249,227 @@ SAVE_LIBS="$LIBS"
 LIBS="$LIBS $CRYPTOLIB"
 AC_TRY_LINK([#include <openssl/ssl.h>],
 	[SSL_CTX *ctx = NULL; SSL_CTX_set1_curves_list(ctx, "test");],
-	has_curves=1,
-	has_curves=0)
+	has_function=1,
+	has_function=0)
 LIBS="$SAVE_LIBS"
 AC_LANG_POP(C)
-if test $has_curves = 1; then
+if test $has_function = 1; then
 	AC_MSG_RESULT([yes])
 	AC_DEFINE([HAS_SSL_CTX_SET1_CURVES_LIST], [], [Define if ssl library has SSL_CTX_set1_curves_list])
 else
 	AC_MSG_RESULT([no])
 fi
 ])
+
+AC_DEFUN([CHECK_SSL_CTX_SET1_GROUPS_LIST],
+[
+AC_MSG_CHECKING([for SSL_CTX_set1_groups_list in SSL library])
+AC_LANG_PUSH(C)
+SAVE_LIBS="$LIBS"
+LIBS="$LIBS $CRYPTOLIB"
+AC_TRY_LINK([#include <openssl/ssl.h>],
+	[SSL_CTX *ctx = NULL; SSL_CTX_set1_groups_list(ctx, "test");],
+	has_function=1,
+	has_function=0)
+LIBS="$SAVE_LIBS"
+AC_LANG_POP(C)
+if test $has_function = 1; then
+	AC_MSG_RESULT([yes])
+	AC_DEFINE([HAS_SSL_CTX_SET1_GROUPS_LIST], [], [Define if ssl library has SSL_CTX_set1_groups_list])
+else
+	AC_MSG_RESULT([no])
+fi
+])
+
+AC_DEFUN([CHECK_SSL_GET_NEGOTIATED_GROUP],
+[
+AC_MSG_CHECKING([for SSL_get_negotiated_group in SSL library])
+AC_LANG_PUSH(C)
+SAVE_LIBS="$LIBS"
+LIBS="$LIBS $CRYPTOLIB"
+AC_TRY_LINK([#include <openssl/ssl.h>],
+	[SSL *ssl = NULL; SSL_get_negotiated_group(ssl);],
+	has_function=1,
+	has_function=0)
+LIBS="$SAVE_LIBS"
+AC_LANG_POP(C)
+if test $has_function = 1; then
+	AC_MSG_RESULT([yes])
+	AC_DEFINE([HAS_SSL_GET_NEGOTIATED_GROUP], [], [Define if ssl library has SSL_get_negotiated_group])
+else
+	AC_MSG_RESULT([no])
+fi
+])
+
+AC_DEFUN([CHECK_SSL_CTX_SET_MIN_PROTO_VERSION],
+[
+AC_MSG_CHECKING([for SSL_CTX_set_min_proto_version in SSL library])
+AC_LANG_PUSH(C)
+SAVE_LIBS="$LIBS"
+LIBS="$LIBS $CRYPTOLIB"
+AC_TRY_LINK([#include <openssl/ssl.h>],
+	[SSL_CTX *ctx = NULL; SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);],
+	has_function=1,
+	has_function=0)
+LIBS="$SAVE_LIBS"
+AC_LANG_POP(C)
+if test $has_function = 1; then
+	AC_MSG_RESULT([yes])
+	AC_DEFINE([HAS_SSL_CTX_SET_MIN_PROTO_VERSION], [], [Define if ssl library has SSL_CTX_set_min_proto_version])
+else
+	AC_MSG_RESULT([no])
+fi
+])
+
+AC_DEFUN([CHECK_SSL_CTX_SET_SECURITY_LEVEL],
+[
+AC_MSG_CHECKING([for SSL_CTX_set_security_level in SSL library])
+AC_LANG_PUSH(C)
+SAVE_LIBS="$LIBS"
+LIBS="$LIBS $CRYPTOLIB"
+AC_TRY_LINK([#include <openssl/ssl.h>],
+	[SSL_CTX *ctx = NULL; SSL_CTX_set_security_level(ctx, 1);],
+	has_function=1,
+	has_function=0)
+LIBS="$SAVE_LIBS"
+AC_LANG_POP(C)
+if test $has_function = 1; then
+	AC_MSG_RESULT([yes])
+	AC_DEFINE([HAS_SSL_CTX_SET_SECURITY_LEVEL], [], [Define if ssl library has SSL_CTX_set_security_level])
+else
+	AC_MSG_RESULT([no])
+fi
+])
+
+AC_DEFUN([CHECK_ASN1_TIME_diff],
+[
+AC_MSG_CHECKING([for ASN1_TIME_diff in SSL library])
+AC_LANG_PUSH(C)
+SAVE_LIBS="$LIBS"
+LIBS="$LIBS $CRYPTOLIB"
+AC_TRY_LINK([#include <openssl/ssl.h>],
+	[int one, two; ASN1_TIME_diff(&one, &two, NULL, NULL);],
+	has_function=1,
+	has_function=0)
+LIBS="$SAVE_LIBS"
+AC_LANG_POP(C)
+if test $has_function = 1; then
+	AC_MSG_RESULT([yes])
+	AC_DEFINE([HAS_ASN1_TIME_diff], [], [Define if ssl library has ASN1_TIME_diff])
+else
+	AC_MSG_RESULT([no])
+fi
+])
+
+AC_DEFUN([CHECK_X509_get0_notAfter],
+[
+AC_MSG_CHECKING([for X509_get0_notAfter in SSL library])
+AC_LANG_PUSH(C)
+SAVE_LIBS="$LIBS"
+LIBS="$LIBS $CRYPTOLIB"
+AC_TRY_LINK([#include <openssl/ssl.h>],
+	[X509_get0_notAfter(NULL);],
+	has_function=1,
+	has_function=0)
+LIBS="$SAVE_LIBS"
+AC_LANG_POP(C)
+if test $has_function = 1; then
+	AC_MSG_RESULT([yes])
+	AC_DEFINE([HAS_X509_get0_notAfter], [], [Define if ssl library has X509_get0_notAfter])
+else
+	AC_MSG_RESULT([no])
+fi
+])
+
+AC_DEFUN([CHECK_X509_check_host],
+[
+AC_MSG_CHECKING([for X509_check_host in SSL library])
+AC_LANG_PUSH(C)
+SAVE_LIBS="$LIBS"
+LIBS="$LIBS $CRYPTOLIB"
+AC_TRY_LINK([#include <openssl/x509v3.h>],
+	[X509_check_host(NULL, NULL, 0, 0, NULL);],
+	has_function=1,
+	has_function=0)
+LIBS="$SAVE_LIBS"
+AC_LANG_POP(C)
+if test $has_function = 1; then
+	AC_MSG_RESULT([yes])
+	AC_DEFINE([HAS_X509_check_host], [], [Define if ssl library has X509_check_host])
+	OPENSSL_HOSTNAME_VALIDATION_OBJ=""
+else
+	AC_MSG_RESULT([no])
+	OPENSSL_HOSTNAME_VALIDATION_OBJ="openssl_hostname_validation.o"
+fi
+AC_SUBST(OPENSSL_HOSTNAME_VALIDATION_OBJ)
+])
+
+dnl For geoip-api-c
+AC_DEFUN([CHECK_GEOIP_CLASSIC],
+[
+	AC_ARG_ENABLE(geoip_classic,
+	[AC_HELP_STRING([--enable-geoip-classic=no/yes],[enable GeoIP Classic support])],
+	[enable_geoip_classic=$enableval],
+	[enable_geoip_classic=no])
+
+	AS_IF([test "x$enable_geoip_classic" = "xyes"],
+	[
+		dnl First see if the system provides it
+		has_system_geoip_classic="no"
+		PKG_CHECK_MODULES([GEOIP_CLASSIC], [geoip >= 1.6.0],
+		                  [has_system_geoip_classic=yes
+		                   AS_IF([test "x$PRIVATELIBDIR" != "x"], [rm -f "$PRIVATELIBDIR/"libGeoIP.*])],
+		                  [has_system_geoip_classic=no])
+
+		dnl Otherwise fallback to our own..
+		AS_IF([test "$has_system_geoip_classic" = "no"],[
+			dnl REMEMBER TO CHANGE WITH A NEW GEOIP LIBRARY RELEASE!
+			geoip_classic_version="1.6.12"
+			AC_MSG_RESULT(extracting GeoIP Classic library)
+			cur_dir=`pwd`
+			cd extras
+			dnl remove old directory to force a recompile...
+			dnl and remove its installation prefix just to clean things up.
+			rm -rf GeoIP-$geoip_classic_version geoip-classic
+			if test "x$ac_cv_path_GUNZIP" = "x" ; then
+				tar xfz geoip-classic.tar.gz
+			else
+				cp geoip-classic.tar.gz geoip-classic.tar.gz.bak
+				gunzip -f geoip-classic.tar.gz
+				cp geoip-classic.tar.gz.bak geoip-classic.tar.gz
+				tar xf geoip-classic.tar
+			fi
+			AC_MSG_RESULT(configuring GeoIP Classic library)
+			cd GeoIP-$geoip_classic_version
+			save_cflags="$CFLAGS"
+			save_ldflags="$LDFLAGS"
+			CFLAGS="$orig_cflags $HARDEN_LIB_CFLAGS"
+			LDFLAGS="$HARDEN_LIB_LDFLAGS"
+			export CFLAGS LDFLAGS
+			./configure --prefix=$cur_dir/extras/geoip-classic --libdir=$PRIVATELIBDIR --enable-shared --disable-static || exit 1
+			CFLAGS="$save_cflags"
+			LDFLAGS="$save_ldflags"
+			AC_MSG_RESULT(compiling GeoIP Classic library)
+			$ac_cv_prog_MAKER || exit 1
+			AC_MSG_RESULT(installing GeoIP Classic library)
+			rm -f "$PRIVATELIBDIR/"libGeoIP.so*
+			$ac_cv_prog_MAKER install || exit 1
+			dnl Try pkg-config first...
+			AS_IF([test -n "$ac_cv_path_PKGCONFIG"],
+			       [GEOIP_CLASSIC_LIBS="`$ac_cv_path_PKGCONFIG --libs geoip.pc`"
+			        GEOIP_CLASSIC_CFLAGS="`$ac_cv_path_PKGCONFIG --cflags geoip.pc`"])
+			dnl In case the system does not have pkg-config, fallback to hardcoded settings...
+			AS_IF([test -z "$GEOIP_CLASSIC_LIBS"],
+			       [GEOIP_CLASSIC_LIBS="-L$PRIVATELIBDIR -lGeoIP"
+			        GEOIP_CLASSIC_CFLAGS="-I$cur_dir/extras/geoip-classic/include"])
+			cd $cur_dir
+		])
+		
+		AC_SUBST(GEOIP_CLASSIC_LIBS)
+		AC_SUBST(GEOIP_CLASSIC_CFLAGS)
+
+		GEOIP_CLASSIC_OBJECTS="geoip_classic.so"
+		AC_SUBST(GEOIP_CLASSIC_OBJECTS)
+		AC_DEFINE([GEOIP_ENGINE], ["geoip_classic"], [Classic GeoIP engine])
+	]) dnl AS_IF(enable_geoip_classic) 
+])

autogen.sh

@@ -1,4 +1,6 @@
 #!/bin/bash
+echo "Regenerating 'configure' and headers..."
+echo "NOTE: Normally only UnrealIRCd developers run this command!!"
 
 cd "$(dirname "${0}")"
 

doc/Config.header

@@ -0,0 +1,32 @@
+
+ _   _                      _ ___________  _____     _
+| | | |                    | |_   _| ___ \/  __ \   | |
+| | | |_ __  _ __ ___  __ _| | | | | |_/ /| /  \/ __| |
+| | | | '_ \| '__/ _ \/  _ | | | | |    / | |    /  _ |
+| |_| | | | | | |  __/ (_| | |_| |_| |\ \ | \__/\ (_| |
+ \___/|_| |_|_|  \___|\__,_|_|\___/\_| \_| \____/\__,_|
+
+                               Configuration Program
+                                for UnrealIRCd 6.2.6-rc1
+                                    
+This program will help you to compile your IRC server, and ask you
+questions regarding the compile-time settings of it during the process. 
+
+A short installation guide is available online at:
+https://www.unrealircd.org/docs/Installing_from_source
+
+Full documentation is available at:
+https://www.unrealircd.org/docs/UnrealIRCd_6_documentation
+
+--------------------------------------------------------------------------------------
+
+The full release notes are available in doc/RELEASE-NOTES.md
+For easier viewing, check out the latest online release notes at:
+https://github.com/unrealircd/unrealircd/blob/unreal60_dev/doc/RELEASE-NOTES.md
+
+UnrealIRCd 6 is compatible with the following services:
+* anope 2.0.x (stable) with the "unreal4" protocol module - anope 2.0.7 or higher required
+* anope 2.1.x (dev) with the "unrealircd" protocol module
+* atheme with the "unreal4" protocol module - tested with version 7.2.9
+
+--------------------------------------------------------------------------------------

doc/Donation

@@ -1,14 +0,0 @@
-Although UnrealIRCd is a free program, we do put a great deal of time,
-effort, and money into keeping UnrealIRCd alive. If you like UnrealIRCd and
-want to support us then please consider making a donation.
-
-PayPal Donation Link: https://unrealircd.org/index/donations
-
-If you don't want to use PayPal, or you want to donate something other than
-money, then please contact Syzop (syzop@unrealircd.com).
-
-All those who donate at least a certain minimum amount will have their name
-and/or company listed in /CREDITS and will be listed on the website.
-
-Thank you for your support,
-The UnrealIRCd Team

doc/KEYS

@@ -0,0 +1,33 @@
+pub   rsa4096 2024-11-18 [SC] [expires: 2030-11-17]
+      36E6F65706E36B0937280299101001DAF48BB56D
+uid           UnrealIRCd releases and patches (for verification of software downloads only!) <releases@unrealircd.org>
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGc7EBEBEADDZzlLVArYr2kE9NlhnuUF31rW3wvZ4avjhzhmO6bL0I0RESZC
+PrtiFVJyjcSScObOVONFSC2YQiLVpezkKX4AYoqfnsuWfHg3xlGqCY8Ip+V5XJ6v
+8G5haFFEgTL10UtqzPNymygWmoEr11u3BUKIzAJAuec7dl7PyfGU2JDkl+NtWm31
+WyKCMuK3TKaD8UjGd5PPQR4jA6k1Hn8kvUl53EmkJjRyJc1XVz4AjZFywyUENGJv
+HVdVFOPDaKzIx6N6+2dm0ZxXIPOISycwEQuk1++E7NyOS5u+lzlFN7RAXR/5Ogv5
+pZzdcsPXp0RHHVeM8qgV7kvRTG9xhfFcXjs9Hanp2siy80HWs56o7nNN2eQNA31W
+5lfGIWaA3pY4rpBoiQc3IMGD+vkACfRFH468+cx50zP9gbqSaxUaj6Z0e/jBNf26
+7MIEKUjVCunQjO0Lob346FTAvdnXEXCwwJdQFF2tkxnpUBs6sSXjJwVgsfrkizXS
+X0qsX7DTn9QpF9Z+0czqdoyJuLLPOFx+6Xj7l2riBYyzMAa8c6odLXTReMaVxFN+
+clIVMCrfYXuURb4QGKB0ewW/wZd1fgsPAV4D1qypFAnM0D+qsfpKFI1QQY7WEUcC
+YVMkzjZHPWaBdRQf7KLXasx7/ouM5nIlZdRrPDrCXXiqAlA20aWqvZ8N1wARAQAB
+tGhVbnJlYWxJUkNkIHJlbGVhc2VzIGFuZCBwYXRjaGVzIChmb3IgdmVyaWZpY2F0
+aW9uIG9mIHNvZnR3YXJlIGRvd25sb2FkcyBvbmx5ISkgPHJlbGVhc2VzQHVucmVh
+bGlyY2Qub3JnPokCVAQTAQoAPhYhBDbm9lcG42sJNygCmRAQAdr0i7VtBQJnOxAR
+AhsDBQkLRzUABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEBAQAdr0i7Vt1hoQ
+ALCuqTuVqYOiwBsccS8Qt52l+8pOr0hcF49GM+eBM7Evq2tlwL4FOEyzbsO94yRH
+qTxGg/0puYkF74+vZnS2Vlo/F90FTmypy4oVQr+K/dd11ZEVLEpNcdaXuj68vP4c
+UCsUPmQyPGERCIlKMe1U+n6yQWgx7xLbuqlOuxcwKDddYa6hhToogUxBbdOZZrYl
+I4LN38ztSr0xjp0b67gdrMgOByS/r1AOX61L4DL2/glGOCt4GpKWPj8bOrK+Y/eK
+HRK72TezQ+XPFAqsXNmeaLBVVFM8L3fPBBEmVV5tULZ7+/3Qlyub78/OK3Y1/fV7
+qFY1S0WnTWY5mBNtUSgF9bGK/UyySNtPFtihmyg0xGQ/cNwiH7QXp38LboEBDoTF
+lRT42nX1Nw9KpIWqGPTowB4qhN7znAseYkuH1XtDJHm1OKQjUB8lyBupq3cXYUju
+JJH4zfdpWeLWQktb3D8uQsvEBcIyaVRs8wlPdAQBZBL0cLvE0ACpcsbsua26ihzB
+ZCGzYmdZvBPpRo2e5xzC9ur3VOQzHqsebFrRKzDD6PgYCgnqJ+03vMToGua9MVX+
+FFd2BSLO3UGUPdZESNzik2cILyZPRucwGWnL4wh+v+eOP9ZS4QpACye38VkGWUVR
+YqzzK4QaI3m1xrRbcuCXdiMymWnWV3yW6AU+eGB8aEDW
+=p0TV
+-----END PGP PUBLIC KEY BLOCK-----

doc/RELEASE-NOTES

@@ -1,121 +0,0 @@
-UnrealIRCd 4.0.19-rc2 Release Notes
-====================================
-
-This is the second release candidate for UnrealIRCd 4.0.19. Please help
-test this release and report all bugs to https://bugs.unrealircd.org/
-
-Enhancements:
-* New option to disable a module: blacklist-module "modulename";
-  This will cause any 'loadmodule' lines for that module to be ignored.
-  This is especially useful if you only want to disable a few modules
-  that are (normally) automatically loaded by conf/modules.default.conf.
-  https://www.unrealircd.org/docs/Blacklist-module_directive
-* Next three new features have to do with SASL. More information on SASL
-  in general can be found at https://www.unrealircd.org/docs/SASL
-* A new require sasl { } block which allows you to force users on the
-  specified hostmask to use SASL. Any unauthenticated users matching
-  the specified hostmask are are rejected.
-  See https://www.unrealircd.org/docs/Require_sasl_block
-* New "soft kline" and "soft gline". These will not be applied to users
-  that are authenticated to services using SASL.
-  These are just GLINE/KLINE's but prefixed with a percent sign:
-  Example: /GLINE %*@10.* 0 Only SASL allowed from here
-* New "soft" ban actions for spamfilter, blacklist, antirandom, etc.
-  Actions such as "soft-kline" and "soft-kill" will only be applied to
-  unauthenticated users. Users who are authenticated to services (SASL)
-  are exempt from the corresponding spamfilter/blacklist/antirandom/..
-  See https://www.unrealircd.org/docs/Actions for the full action list.
-* WARNING: If your network also contains UnrealIRCd servers below v4.0.19
-  then it is not recommended to use global soft bans (such as soft gline
-  or any spamfilter with soft-xx actions). There won't be havoc, but the
-  bans won't be effective on parts of the network.
-* The following extban modules are not new but are now enabled by default:
-  extbans/textban, extbans/timedban and extbans/msgbypass.
-  In case you don't like them, use blacklist-module as mentioned earlier.
-  Just as a reminder, they provide the following functionality:
-  * TextBan: +b ~T:block:*badword* to block sentences with 'badword'
-  * Timed bans: ~t:duration:mask
-    These are bans that are automatically removed by the server.
-    The duration is in minutes and the mask can be any ban mask.
-    Some examples:
-    * A 5 minute ban on a host:
-      +b ~t:5:*!*@host
-    * A 5 minute quiet ban on a host (unable to speak):
-      +b ~t:5:~q:*!*@host
-    * An invite exception for 24 hours (1440 minutes):
-      +I ~t:1440:*!*@host
-    * A temporary exempt ban for a services account:
-      +e ~t:1440:~a:Account
-    * Allows someone to speak through +m for the next 24hrs:
-      +e ~t:1440:~m:moderated:*!*@host
-    * And any other crazy ideas you can come up with...
-  * Ban exception ~m:type:mask to allow bypassing of message restrictions.
-    Valid types are: 'external' (bypass +n), moderated (bypass +m/+M),
-    'censor' (bypass +G), 'color' (bypass +S/+c) and 'notice' (bypass +T).
-    Some examples:
-    * Let LAN users bypass +m: +e ~m:moderated:*!*@192.168.*
-    * Let ops in #otherchan bypass +m: +e ~m:moderated:~c:@#otherchan
-    * Make GitHub commit bot bypass +n: +e ~m:external:*!*@ipmask
-    * Allow a services account to use color: +e ~m:color:~a:ColorBot
-  * Timedban support in +f [5t#b2]:10 (set 2 minute ban on text flood).
-* AntiRandom: The module will now (by default) exempt WEBIRC gateways
-  from antirandom checking because they frequently cause false positives.
-  This new behavior can be disabled via:
-  set { antirandom { except-webirc no; }; };
-* Server linking attempts and errors are now also put in the log file.
-* A new module that provides WHOX support, an enhanced and more standard
-  version of WHO (NOTE: the command is still "WHO").
-  This allows, among other things, the client to request additional
-  information, such as which services account each channel member is using.
-  The module is currently experimental. To use it, add this to your conf:
-  loadmodule "m_whox";
-
-Major issues fixed:
-* Blacklist: Potential crash issue when concurrently checking DNSBL
-  for the WEBIRC gateway and the spoofed host.
-* Blacklist: In case of multiple blacklists the 2nd/3rd/.. blacklists
-  were not always checked properly.
-
-Minor issues fixed:
-* Remote includes: ./Config didn't properly detect libcurl on Ubuntu 18
-  (and possibly other Linux distributions as well)
-* Timeouts during server linking attempts were not displayed.
-* Delayjoin: Halfops did not see JOIN's when channel mode +D was set.
-* IRCOps with minimal privileges lost their user modes on MODE change.
-* IRCOps could not override channel mode +z (when not using SSL/TLS)
-* Channel names sometimes truncated if using accents or special chars.
-* TLSv1.3 ciphersuite setting was changed to reflect OpenSSL's behavior.
-  There is now set::ssl::ciphersuites, specifically for TLSv1.3.
-  Note that the default is perfectly fine so at this point in time it
-  shouldn't need any adjustment (but the option is there...).
-
-Removed:
-* allow::options::sasl has been removed. Use the new and more flexible
-  require sasl { } block instead.
-
-Other changes:
-* Windows users may be prompted to install the Visual C++ redistributable
-  package for Visual Studio 2017. This is because we now build on VS 2017
-  instead of VS 2012.
-* We now use standard formatted messages for all K-Lines, G-Lines and
-  any other bans that will cause the user to be disconnected.
-  For technical details see the banned_client() function.
-* The except throttle { } block now also overrides any limitations from
-  set::max-unknown-connection-per-ip. Useful for WEBIRC/cgiirc gateways.
-* Localhost connections are considered secure, so these can be used even
-  if you have a plaintext-policy of 'deny' or 'warn'. (This was already
-  the case for servers, but now also for users and opers)
-* Allow slashes in vhost/chghost/sethost/.. (but not through DNS)
-
-Module coders:
-* Windows: Be aware that we now build with Visual Studio 2017. This means
-  3rd party modules should be compiled with VS 2017 (or VS 2015) as well.
-
-Future versions:
-* We intend to change the default plaintext oper policy from 'warn' to 'deny'
-  later this year. This will deny /OPER when used from a non-SSL connection.
-  For security, IRC Operators should really use SSL/TLS!
-
-==[ CHANGES IN OLDER RELEASES ]==
-For changes in previous UnrealIRCd releases see doc/RELEASE-NOTES.old or
-https://raw.githubusercontent.com/unrealircd/unrealircd/unreal40/doc/RELEASE-NOTES.old

doc/RELEASE-NOTES.old

@@ -1,979 +0,0 @@
-See doc/RELEASE-NOTES for the latest release notes.
-
-This file (doc/RELEASE-NOTES.old) contains the release notes
-of OLDER releases for historical purposes.
-
-==[ CHANGES BETWEEN 4.0.17 AND 4.0.18 ]==
-
-Enhancements:
-* Support for checking IPv6 addresses in DNS blacklists
-* For SSL/TLS we now set the default ECDH(E) curves to be
-  X25519:secp521r1:secp384r1:prime256v1 if using a recent version of
-  OpenSSL/LibreSSL. This can be overridden via set::ssl::ecdh-curve.
-* The blacklist module now checks WEBIRC users as well.
-* You can now require SASL for all clients via the allow block via:
-  allow { ip *; class clients; maxperip 2; options { sasl; }; };
-  This can be useful for a special sasl-only server which, for example,
-  only permits proxies and tor clients. In a future release the feature
-  will be made more flexible so it can be used for other purposes
-  as well.
-
-Major issues fixed:
-* A number of (potential) security issues were fixed:
-  * Memory leaks: this could allow an attacker to slowly consume all
-    available memory and ultimately cause UnrealIRCd to crash.
-  * Out of bounds read: in practice this does not seem to be
-    exploitable due to the many restrictions that are imposed.
-* Compile issues on macOS
-* Bug in blacklist module which could have caused false negatives,
-  allowing bad guys in which should have been denied.
-* The new optional feature 'set::cloak-method ip' caused identical cloaks
-
-Minor issues fixed:
-* When using '/REHASH -ssl' or './unrealircd reloadtls' it did not reload
-  the SSL certificate/key if you were using ssl-options in listen, sni or
-  link blocks. In short: it only reloaded the ones from set::ssl until now.
-* m_ircops sent a conflicting numeric, confusing some clients.
-* Starting UnrealIRCd through a non-interactive(!) ssh session could cause
-  the ssh session to hang.
-* An upgrade issue with non-system cURL causing compile problems.
-
-Other changes:
-* The built-in time synchronization feature is now disabled by default.
-  TimeSynch was added back in 2006 when lots of operating systems did not
-  ship with time synchronization turned on by default. Since incorrect time
-  severely breaks IRC networks this was a major problem. Nowadays this is
-  completely different with most Linux distro's, OS X, Windows, etc. doing
-  time synchronization out of the box. Since UnrealIRCd's implementation is
-  less precise and lacks authentication it's best left over to the system.
-  You can still re-enable timesynch via:
-  set { timesynch { enabled yes; }; };
-  .. but you should really use NTP or similar for system-wide time
-  synchronization instead.
-* For developers there's now the --with-werror compile option which will
-  add -Werror.
-* Added a lot more Travis-CI tests: various LibreSSL/OpenSSL versions
-  and also test macOS. This to prevent us from releasing broken stuff.
-* Various code cleanups to get rid of lots of needless casts and to
-  eliminate compiler warnings.
-* Just as a reminder (this change was already in version 4.0.17):
-  UnrealIRCd will no longer give user mode +z to users on WEBIRC
-  gateways using SSL/TLS IRC, unless the WEBIRC gateway gives us
-  some assurance that the client<->webirc gateway connection is
-  also secure (eg: https).
-  This is the regular WEBIRC format:
-  WEBIRC password gateway hostname ip
-  This indicates a secure client connection (NEW):
-  WEBIRC password gateway hostname ip :secure
-  Naturally, WEBIRC gateways MUST NOT send the "secure" option if
-  the client is using http or some other insecure protocol.
-
-Module coders:
-* HOOKTYPE_CHANNEL_SYNCED prototype changed, the 'merge' and 'removetheirs'
-  is now no longer an 'unsigned short' but an 'int' instead.
-* HOOKTYPE_MODE_DEOP prototype changed, the 'modechar' is now no longer
-  a 'char' but an 'int' instead.
-* In addition to safestrdup() there's now also safestrldup() which allows
-  you to specify a maximum allocated length (so including the nul byte).
-  This is used in m_pass.c and m_topic.c.
-* New hook HOOKTYPE_CAN_BYPASS_CHANNEL_MESSAGE_RESTRICTION
-  https://www.unrealircd.org/docs/Dev:Hook_API#HOOKTYPE_CAN_BYPASS_CHANNEL_MESSAGE_RESTRICTION
-
-Future versions:
-* We intend to change the default plaintext oper policy from 'warn' to 'deny'
-  later this year. This will deny /OPER when used from a non-SSL connection.
-  For security, IRC Operators should really use SSL/TLS!
-
-==[ CHANGES BETWEEN 4.0.16.1 AND 4.0.17 ]==
-
-Enhancements:
-* Two optional modules. These are not loaded by default. To use them,
-  include modules.optional.conf, or add these loadmodule lines:
-  loadmodule "extbans/timedban";
-  loadmodule "extbans/msgbypass";
-  * Timed bans: ~t:duration:mask
-    These are bans that are automatically removed by the server.
-    The duration is in minutes and the mask can be any ban mask.
-    Some examples:
-    * A 5 minute ban on a host:
-      +b ~t:5:*!*@host
-    * A 5 minute quiet ban on a host (unable to speak):
-      +b ~t:5:~q:*!*@host
-    * An invite exception for 1440m/24hrs
-      +I ~t:1440:*!*@host
-    * A temporary exempt ban for a services account
-      +e ~t:1440:~a:Account
-    * Allows someone to speak through +m for the next 24hrs:
-      +e ~t:1440:~m:moderated:*!*@host
-    * And any other crazy ideas you can come up with...
-  * New ban exception ~m:type:mask which allows bypassing of message
-    restrictions. Valid types are: 'external' (bypass +n),
-    moderated (bypass +m/+M), 'censor' (bypass +G),
-    'color' (bypass +S/+c) and 'notice' (bypass +T).
-    Some examples:
-    * Let LAN users bypass +m: +e ~m:moderated:*!*@192.168.*
-    * Let ops in #otherchan bypass +m: +e ~m:moderated:~c:@#otherchan
-    * Make GitHub commit bot bypass +n: +e ~m:external:*!*@ipmask
-    * Allow a services account to use color: +e ~m:color:~a:ColorBot
-* Timedban support in +f [5t#b2]:10 (set 2 minute ban on text flood).
-  This is only available if the previously mentioned extbans/timedban
-  module is loaded.
-* Added experimental UTF8 support in set::allowed-nickchars
-  See https://www.unrealircd.org/docs/Nick_Character_Sets
-  Example: set { allowed-nickchars { latin-utf8; }; };
-  Important remarks:
-  * All your servers must be on UnrealIRCd 4.0.17 (or later)
-  * Most(?) services do not support this, so users using UTF8 nicknames
-    won't be able to register at NickServ.
-  * In set::allowed-nickchars you must either choose an utf8 language
-    or a non-utf8 character set. You cannot combine the two.
-  * You also cannot combine multiple scripts/alphabets, such as:
-    latin, greek, cyrillic and hebrew. You must choose one.
-  * If you are already using set::allowed-nickchars on your network
-    (eg: 'latin1') then be careful when migrating (to eg: 'latin-utf8'):
-    * Your clients may still assume non-UTF8
-    * If users registered nicks with accents or other special characters
-      at NickServ then they may not be able to access their account
-      after the migration to UTF8.
-  * There is no CASEMAPPING or "visually identical character"-checking.
-    Just like in the old (non-utf8) charsys this means there is no
-    lower/uppercase checking for allowed-nickchars nicks. So a nick with
-    "O with accent" can be online at the same time as "o with accent".
-    They are treated as two different users.
-    The identical character looking issue is particular noticeable in
-    cyrillic script where for example cyrillic "A" looks identical to
-    latin "A" and thus can be used to impersonate a user.
-    Improved CASEMAPPING and "visually similar character"-checking is
-    part of ongoing research at the IRCv3 working group.
-* Ability to customize the reject connection messages:
-  set {
-     reject-message {
-          password-mismatch "Password mismatch";
-          too-many-connections "Too many connections from your IP";
-          server-full "This server is full.";
-          unauthorized "You are not authorized to connect to this server";
-      };
-  };
-* Added optional AppArmor profile in extras/security/apparmor/unrealircd
-  See https://www.unrealircd.org/docs/Using_AppArmor_with_UnrealIRCd
-
-Major issues fixed:
-* Crash when using OperOverride (*NIX only)
-* Crash if linking anope with the 'unreal' module from a non-localhost
-  SSL connection. This is rarely done but also acts as a reminder that
-  people should really use the 'unreal4' module in anope (2.0.3+).
-
-Minor issues fixed:
-* set::restrict-extendedbans was not effective for stacked bans
-* linking if only using link::outgoing caused a 'server name mismatch'
-
-Other:
-* UnrealIRCd will no longer give user mode +z to users on WEBIRC
-  gateways using SSL/TLS IRC, unless the WEBIRC gateway gives us
-  some assurance that the client<->webirc gateway connection is
-  also secure (eg: https).
-  This is the regular WEBIRC format:
-  WEBIRC password gateway hostname ip
-  This indicates a secure client connection (NEW):
-  WEBIRC password gateway hostname ip :secure
-  Naturally, WEBIRC gateways MUST NOT send the "secure" option if
-  the client is using http or some other insecure protocol.
-
-Module coders:
-* New hook HOOKTYPE_CAN_BYPASS_CHANNEL_MESSAGE_RESTRICTION
-  https://www.unrealircd.org/docs/Dev:Hook_API#HOOKTYPE_CAN_BYPASS_CHANNEL_MESSAGE_RESTRICTION
-
-==[ CHANGES BETWEEN 4.0.16 AND 4.0.16.1 ]==
-An interim release with a couple of backported fixes:
-* Fix hang in (outgoing) server linking
-* Fix crash when linking anope over SSL from non-localhost
-* '/SPAMFILTER del <id>' did not remove the spamfilter on other servers
-* set::restrict-extendedbans was not always applied (when stacked)
-* Update automated build scripts
-
-==[ CHANGES BETWEEN 4.0.15 AND 4.0.16 ]==
-
-This is a major release with lots of new features and changes.
-
-Enhancements:
-* There's now an easy method to remove spamfilters:
-  '/SPAMFILTER del' will show a list of spamfilters along
-  with the appropriate command to remove them (by id).
-* CAP v3.2 support.
-* CAP 'cap-notify': notify users of any CAP changes.
-* CAP 'extended-join': show account and gecos in JOIN.
-* CAP 'chghost': notify on user/host changes.
-  Note that if you use set::allow-userhost-change force-rejoin
-  then clients which support CAP 'chghost' will not see the
-  PART+JOIN+MODE sequence as it is unnecessary. They already receive
-  a "CHGHOST" message as part of CAP 'chghost' instead.
-* Updated CAP 'sasl' to specification 3.2 (includes mechlist).
-* Automatically discover SASL server if saslmechlist is sent by services
-  and set::sasl-server is not set by the administrator. This should
-  help to get more networks to support SASL automatically (if you
-  run up to date services, of course)
-* We send "CAP DEL sasl" if set::sasl-server squits and a "CAP NEW"
-  message when the server returns (to cap-notify and CAPv3.2 clients).
-* Added password::type 'spkifp'. It's similar to 'sslclientcertfp' but
-  is a hash based on the public TLS key rather than the certificate.
-  The benefit of this is that the 'spkifp' can stay the same even if
-  you get a new certificate from Let's Encrypt. Note that 'certbot'
-  does not re-use keys by default so you will still get a different
-  spkifp every 60-90 days. Consider using another (3rd party) client
-  or tell the certbot guys to finally implement --reuse-key at
-  https://github.com/certbot/certbot/issues/3788
-* The command './unrealircd spkifp' will output the SPKI fingerprint
-* New option set::handshake-delay will delay the handshake (when a
-  user is connecting) up to this amount of time.
-* If you have any blacklist { } block then UnrealIRCd will set an
-  set::handshake-delay of 2 seconds by default. This will allow (most)
-  DNSBL checking to be finished before the user comes online, while
-  still allowing a smooth user experience.
-  If your DNS(BL) is slow then you could raise this setting slightly.
-* You can now have multiple webirc { } blocks with the same mask.
-  This permits multiple blocks like..
-  webirc {
-      mask *;
-      password "....." { sslclientcertfp; };
-  };
-  ..should you need it.
-  In other words: we don't stop matching upon an authentication failure.
-* Move CONNECTTIMEOUT to set::handshake-timeout and document it at
-  https://www.unrealircd.org/docs/Set_block#set::handshake-timeout
-* Move MAXUNKNOWNCONNECTIONSPERIP to set::max-unknown-connections-per-ip
-  https://www.unrealircd.org/docs/Set_block#set::max-unknown-connections-per-ip
-* Add set { cloak-method ip; }; which will make cloaking only be done
-  on the IP and thus result in an XX.YY.ZZ.IP cloaked host.
-  This so you can have "IP cloaking" without disabling DNS lookups.
-  GLINES on hosts still work and IRCOps (and yourself) can still see
-  the host in /WHOIS.
-* New option set { ban-include-username yes; }; which will make bans
-  placed by spamfilters (and some other systems) to be placed not on *@ip
-  but on user@ip. Note that this won't work for ZLINE/GZLINE since no
-  no ident/username lookups are done in such cases.
-
-Major issues fixed:
-* None
-
-Minor issues fixed:
-* Gracefully handle incorrect server-to-server messages. These no longer
-  cause UnrealIRCd to crash. Note that this does not mean you can now
-  go send random RAW messages from a trusted server connection. Doing so
-  can cause desynchs, KILLs and SQUITs. We just try not to crash anymore.
-* A small memory leak upon 'DNS i' (IRCOp only command)
-
-Removed:
-* Various old config.h settings that didn't have any effect.
-* A few config.h settings that should never be turned off have been
-  removed altogether (eg: NO_FLOOD_AWAY is now always on).
-* The deprecated and unused commands "CAP CLEAR" and "CAP ACK".
-
-Other changes:
-* When linking servers and not having any certificate validation,
-  UnrealIRCd will give you specific instructions on how to use
-  password::spkifp or verify-certificate. This to fix a possible
-  Man-in-the-Middle attack. Note that you'll only see this message
-  when linking two servers that are 4.0.16+.
-* When a user does a nick change from a registered nick you will
-  now see the user mode -r. Previously this happened invisibly.
-* The default oper snomask now includes 'S' (spamfilter notices).
-* The shipped PCRE2 library has been upgraded to 10.30
-
-Module coders:
-* API change for HOOKTYPE_PRE_INVITE:
-  (aClient *sptr, aClient *target, aChannel *chptr, int *override)
-  Modules must now send the error message instead of only returning
-  HOOK_DENY. Also check for operoverride and set *override=1.
-* Please use the following procedure in case of an user/host change:
-  userhost_save_current(acptr);
-  /* now do what you need to do: like change username or hostname */
-  userhost_changed(acptr);
-  This function will take care of notifying other clients about
-  the userhost change, such as doing PART+JOIN+MODE if force-rejoin
-  is enabled, and sending :xx CHGHOST user host messages to
-  "CAP chghost" capable clients.
-
-Services coders:
-* If you provide SASL then please send the mechlist like this:
-  MD client your.services.server saslmechlist :EXTERNAL,PLAIN
-* Don't forget to send an EOS (End Of Synch) as part of the handshake,
-  if you are not doing so already. It's important:
-  :your.services.server EOS
-
-==[ CHANGES BETWEEN 4.0.14 AND 4.0.15 ]==
-Major issues fixed:
-* Fix remotely triggerable crash issue in handshake. This allows a user
-  to crash an UnrealIRCd server, even those with restrictions such as
-  password protected hubs.
-* Fix another remotely triggerable crash issue. This one requires the
-  user to connect, join a channel and have channel operator privileges.
-
-==[ CHANGES BETWEEN 4.0.13 AND 4.0.14 ]==
-Enhancements:
-* New set::plaintext-policy configuration settings. This defines what
-  happens to users/ircops/servers that are not using SSL/TLS.
-  The default settings are:
-  set {
-    plaintext-policy {
-      user allow; /* allow any user to connect */
-      oper warn; /* warn on /OPER if not using SSL/TLS */
-      server deny; /* deny servers without SSL/TLS, except localhost */
-    };
-  };
-  You can change each of the three classes to 'allow', 'warn' or 'deny'.
-  See: https://www.unrealircd.org/docs/Set_block#set::plaintext-policy
-  If your services do not run on localhost and link without SSL/TLS
-  then you may get an error during linking. In such a case check out:
-  https://www.unrealircd.org/docs/FAQ#ERROR:_Servers_need_to_use_SSL.2FTLS
-* You can now ask UnrealIRCd to verify certificates of server links by:
-  link irc1.test.net {
-      [..]
-      verify-certificate yes;
-  };
-  This will verify the certificate of the link, making sure it is valid,
-  issued for the specified name (irc1.test.net) and given out by a
-  trusted Certificate Authority (like Let's Encrypt).
-  Obviously, if you use self-signed certificates then you can't use this.
-* Introduce a concept called "link security level". This will rate the
-  security of your network from 0 to 2. Whenever security is degraded
-  due to a new server link UnrealIRCd will print a warning about it.
-  See https://www.unrealircd.org/docs/Link_security
-  This also adds a new command /LINKSECURITY (IRCop-only).
-* The plaintext-policy and link-security is shown in "CAP LS".
-
-Major issues fixed:
-* None
-
-Minor issues fixed:
-* If you had a link block named irc1.example.net and did an outgoing
-  connect to that server, then the server could introduce himself under
-  a different name, such as irc1.other.net. Not a security issue, since
-  all authentication has to be passed, but this could cause confusing
-  autoconnect attempts.
-* password::sslclientcert did not accept relative paths
-* Compile problem with LibreSSL (regarding SSL_CTX_get0_param)
-* set::modes-on-connect: was refusing certain (old) modes like +N
-
-Other changes:
-* The ssl options 'verify-certificate' and 'no-self-signed' have been
-  removed. Use link::verify-certificate instead. It makes no sense to
-  verify certificates or prevent self signed certificates elsewhere
-  such as in vhost or oper, since there is no hostname to match against.
-* Weak cipher suites such as 3DES and RC4 are disabled by default but
-  previously you could still enable them through set::ssl::ciphers.
-  Now you can no longer, since there is no legitimate reason to do so.
-* Update cipher suite to work with TLS 1.3. This ensures you can use
-  TLS 1.3 in UnrealIRCd 4.0.14+ when OpenSSL supports it (in the future).
-* Bump MODDATA_MAX_CLIENT from 8 to 12: needed if you have a lot of
-  3rd party modules loaded. Also moved MODDATA_MAX_* to include/config.h
-
-Module coders:
-* You can now attach ModData to server objects as well (including &me).
-* Please do not use UmodeDel, CmdoverrideDel and any other *Del()
-  functions from MOD_UNLOAD. These undocumented functions are unnecessary
-  since 2008 or so. UnrealIRCd takes care of unloading all module objects.
-  It can cause a crash if someone unloads the module in UnrealIRCd 4
-  (more specifically: double free if unloading modules which use ModData).
-  Attempts to use these functions in future UnrealIRCd versions may result
-  in a compile error.
-
-==[ CHANGES BETWEEN 4.0.12 AND 4.0.13 ]==
-Enhancements:
-* Support for Strict Transport Security (draft/sts).
-  See: https://www.unrealircd.org/docs/SSL/TLS#Strict_Transport_Security
-* Support for Server Name Indication (SNI):
-  See: https://www.unrealircd.org/docs/Sni_block
-* Add conf/modules.optional.conf. This loads all additional modules
-  that are not in modules.default.conf (m_ircops, m_staff, nocodes,
-  textban, hideserver, antirandom and websocket)
-
-Major issues fixed:
-* 'simple' spamfilters ended up being 'posix' after server linking.
-* User mode +Z (secureonly) not working properly across server links.
-* REHASH from WebSocket connection would cause a crash (requires IRCOp
-  privileges)
-
-Minor issues fixed:
-* We now prevent /OPER for oper blocks with a non-existant operclass
-* Bump MAXCONNECTIONS for Windows, allowing you to hold more clients.
-* The 'ban too broad' checking was broken. This permitted glines such
-  as 192.168.0.0/1 being set. Now it rejects CIDR of /15 and lower.
-  To disable this safety measure you can (still) use:
-  set { options { allow-insane-bans; }; };
-
-Other changes:
-* The websocket module now no longer sends \r\n in the websocket
-  data and no longer requires it on incoming messages (but you
-  can still send it if you like). Also version bumped to 1.0.0.
-* Mark all shipped modules as official (non-3rd-party)
-* Verify certificate when submitting crash reports
-* Support --without-privatelibdir for packagers
-* CACERT has been removed from curl-ca-bundle
-
-Module coders:
-* CAP API changes:
-  * The cap->visible(void) callback is now cap->visible(aClient *)
-  * There is a new cap->parameter(aClient *) callback function,
-    see the cap/sts module for how it can be used.
-  * Various updates to subfunctions to pass 'sptr' (due to the above),
-    including clicap_find(sptr, ...)
-  * New CLICAP_FLAGS_ADVERTISE_ONLY flag (CAP cannot be REQ'd)
-
-==[ CHANGES BETWEEN 4.0.11 AND 4.0.12 ]==
-Enhancements:
-* New user mode +Z: Only allow SSL/TLS users to private message you.
-* Ability to hide all channels in /LIST that you cannot join due to
-  deny channel blocks: set { hide-list { deny-channel }; };
-* The optional 'nocodes' module which you can load will make +S/+c
-  also block/strip bold, underline and italic text. (The latter is new)
-* Add support for 'mask' in allow channel { } and deny channel { }
-  and add some support for negative 'mask'. Probably not very useful
-  on most networks with services since bans/AKICK do the same, but:
-  deny channel { channel "#help*"; };
-  allow channel { channel "#help-nolan"; mask !192.168.*; };
-  allow channel { channel "#help-lan"; mask 192.168.*; };
-
-Major issues fixed:
-* Crash issue if a module using ModData was unloading (not reloading)
-* Vhosts were not always correctly synched across servers.
-* The maximum number of clients that a server could accept was decreased
-  by one on every linking attempt if it was both: 1) an outgoing
-  SSL/TLS linking attempt; AND 2) the error was "Connection refused".
-
-Minor issues fixed:
-* Adjustments to channel mode +f were not always effective.
-* If you have a vhost set and wish to remove it and change to a cloaked
-  host you can now safely use '/MODE yournick -t'. This feature was
-  rarely used so far and it previously had a bug which caused it to
-  still expose the real host/IP to others. This has been resolved.
-* Channel mode +D (delayjoin): when people are de-oped we now part
-  'hidden' users to avoid a client desynch.
-* Bump lag for remote MOTD requests to avoid flooding.
-
-Other changes:
-* More than 95% of the crashes reported to us are due to 3rd party
-  modules (and thus not bugs in our code). We now ask users to unload
-  any recently installed 3rd party modules first, see if the crash
-  issue persists, and only then submit a crash report to us.
-* UnrealIRCd will now refuse to run as root
-  https://www.unrealircd.org/docs/Do_not_run_as_root
-
-Module coders:
-* Added two functions to search for user modes:
-  has_user_mode(acptr, 'i') // returns 1 / 0
-  find_user_mode('i') // returns the user mode (as 'long')
-
-==[ UNREALIRCD 4 INTRODUCTION ]==
-
-UnrealIRCd 4 is here!
-
-We have been working hard over the past few years to replace the successful
-3.2.x series with a more modern code base. At the same time we have been
-incorporating requests from our bug tracker, ideas from ourselves and
-many suggestions that came up during the UnrealIRCd survey from Q4 2013.
-
-UnrealIRCd is far more modular and configurable than before. For a brief
-overview of what's new in UnrealIRCd 4 have a look at:
-https://www.unrealircd.org/docs/What's_new_in_UnrealIRCd_4
-
-==[ DOCUMENTATION ]==
-All documentation has been moved to our wiki:
-* Documentation: https://www.unrealircd.org/docs/
-* FAQ: https://www.unrealircd.org/docs/FAQ
-
-Be sure not to use any other (older) documentation as it isn't fully
-compatible with UnrealIRCd 4. In particular, do NOT use unreal32docs*html.
-
-==[ UPGRADING FROM 3.2.x ]==
-If you are upgrading from 3.2.x then there are three important things to know:
-
-1) NEW FILE LOCATIONS
-In UnrealIRCd 4 the location of the configuration files and other files have
-been changed. On *NIX the directory where you compile the IRCd from
-(previously 'Unreal3.2.X', now 'unrealircd-4.0.X') is no longer the same as
-the directory where the IRCd will be running from.
-By default the IRCd is installed to /home/yourusername/unrealircd on *NIX
-On Windows UnrealIRCd will install to C:\Program Files (x86\UnrealIRCd 4
-
-The new directory structure is as follows (both on Windows and *NIX):
-conf/      contains all configuration files
-logs/      for log files
-modules/   all modules (.so files on *NIX, .dll files on Windows)
-
-2) CONFIGURATION FILE CHANGES
-There have also been changes in various configuration blocks and settings.
-Don't worry, UnrealIRCd can convert your existing 3.2.x configuration files
-to UnrealIRCd 4 format. There's no need to start from scratch.
-
-Please read https://www.unrealircd.org/docs/Upgrading_from_3.2.x !!
-
-3) THIRD PARTY MODULES
-If you are using 3rd party modules then they will need an update to run on
-UnrealIRCd 4. Due to the many core changes in UnrealIRCd 4 it was simply
-impossible to make 3.2.x modules work out-of-the-box on 4.x.
-Contact your developer for a new version or ask on our Modules forum where
-someone may be kind enough to convert the module for you if you ask nicely:
-https://forums.unrealircd.org/viewforum.php?f=52
-
-==[ END OF THE 3.2.X SERIES ]==
-UnrealIRCd 3.2.x is no longer supported after December 31, 2016.
-See https://www.unrealircd.org/docs/UnrealIRCd_3.2.x_deprecated
-
-==[ SUPPORT ]==
-Before you seek support, please check our documentation and FAQ:
-* https://www.unrealircd.org/docs/Main_Page
-* https://www.unrealircd.org/docs/FAQ
-
-For support you have two choices:
-* Forums: https://forums.unrealircd.org/
-* IRC: irc.unrealircd.org / #unreal-support
-
-==[ CHANGES BETWEEN 4.0.10 AND 4.0.11 ]==
-Major issues fixed:
-* Fix crash issue that can be triggered by regular users
-* Fix crash if TOPIC_NICK_IS_NUHOST is enabled (rarely enabled)
-* Fix crash if services send an incorrect raw command
-
-Minor issues fixed:
-* Now properly support 'z' when used in set::modes-on-join
-
-Other changes:
-* Show a warning if you don't have any SSL listeners
-
-==[ CHANGES BETWEEN 4.0.9 AND 4.0.10 ]==
-Improvements:
-* Added "websocket" module. This provides support for WebSocket (RFC6455),
-  allowing JavaScript (internet browsers) to connect directly to IRC
-  without the need of a "gateway". This module is experimental and not
-  loaded by default. See https://www.unrealircd.org/docs/WebSocket_support
-  for more information on the module. For a very crude client example check
-  https://www.unrealircd.org/files/dev/ws/websocket_unrealircd.html
-  This module was sponsored by Aberrant Software Inc.
-
-* UnrealIRCd already has the ability to configure SSL settings via the
-  set::ssl block. Now you can also override these settings for a link block
-  and listen block. One possible use for this would be having a long-lived
-  self-signed certificate for server linking on a serversonly port, and 
-  a short-lived certificate for your users on the other ports (such as
-  a certificate from Let's Encrypt).
-  Another example would be to force TLSv1.2 for server linking but not
-  for users. Etc. Etc.
-  General settings (already existed) are in the set::ssl block:
-  https://www.unrealircd.org/docs/Set_block#set::ssl::certificate
-  Per-port settings go via listen::ssl-options:
-  https://www.unrealircd.org/docs/Listen_block
-  Per-link block settings go via link::outgoing::ssl-options:
-  https://www.unrealircd.org/docs/Link_block
-
-* You can now exempt IP's from (DNSBL) blacklist checking via:
-  except blacklist { mask 1.2.3.4; };
-
-* All free modules from vulnscan.org (by Syzop) are now included in
-  UnrealIRCd itself. Note that only the "privdeaf" and "jumpserver" modules
-  are loaded by default. The others you will need to load explicitly.
-  The new modules are:
-  * extbans/textban - Channel specific word filter (+b ~T:censor:*badword*)
-                      https://www.unrealircd.org/docs/Extended_Bans
-  * usermodes/privdeaf - Do not permit PM's from others (User Mode +D)
-  * jumpserver - Redirect users to another server during maintenance
-                 www.unrealircd.org/docs/User_%26_Oper_commands#JUMPSERVER
-  * antirandom - Detect drones with random nicks / ident / etc.
-                 https://www.unrealircd.org/docs/Set_block#set::antirandom
-  * hideserver - Hide servers in /MAP and /LINKS
-                 (Note that this does not truly enhance security)
-  * m_ircops - Show which ircops are online (/IRCOPS command)
-  * m_staff - Show custom file (/STAFF command)
-  * nocodes - Makes chanmode +S/+c also strip/block bold and underline
-
-Major issues fixed:
-* Incorrect bans being added during server linking
-* Compile fixes for Ubuntu 16 LTS / gcc 5.4.x
-* Crash if you had an invalid crypt password in your unrealircd.conf
-* Crash if you did not load the chanmodes/nocolor module or changed
-  the order in which modules were loaded
-
-Minor issues fixed:
-* Delayjoin (channel mode +D) sending QUITs for hidden users, double JOIN, ..
-* You no longer need to place 'class' blocks before 'allow' blocks
-* Some error messages were not throttled
-* WHO now supports multi-prefix
-* Date in Windows log file for the first few messages was always 1970.
-
-For services and module coders:
-* Services coders: "SVSMODE Nick +d" will now mark a client as deaf.
-  Don't confuse this with "SVSMODE Nick +d <svid>". The parameter
-  makes all the difference.
-* Module coders: changed return value handling of HOOKTYPE_RAWPACKET_IN
-  -1 indicates to stop parsing (return) and 0 indicates don't parse but
-  proceed to next packet. If you kill a client in this hook then be
-  sure to return -1.
-
-==[ CHANGES BETWEEN 4.0.8.4 AND 4.0.9 ]==
-* Fix "ghost" bug which could cause annoyed users and a memory leak
-  in UnrealIRCd. For more information see
-  https://forums.unrealircd.org/viewtopic.php?f=1&t=8625
-
-==[ CHANGES BETWEEN 4.0.8 AND 4.0.8.4 ]==
-* Fix build on FreeBSD with clang / without gcc
-* If using remote includes and system curl not available then
-  install it during ./Config and no longer use /home/xyz/curl.
-* More fixes for self-compiled remote includes
-* Fix build if --with-system-cares is specified explicitly (which
-  is unnecessary anyway, as system c-ares this is auto-detected).
-* More build fixes for older GCC compilers
-
-==[ CHANGES BETWEEN 4.0.7 AND 4.0.8 ]==
-Improvements:
-* *NIX: As part of defense-in-depth UnrealIRCd now compiles with
-  several hardening options by default. This makes several type of
-  exploits more difficult and in some cases even impossible.
-  Tech: this enables full RELRO (GOT and PLT being read-only),
-  everything compiled as PIE making ASLR possible, stack protector
-  canaries are added, etc.
-* Windows: releases are now signed. If you download the UnrealIRCd
-  installer you will no longer see "Unknown publisher" but rather
-  "Open Source Developer, Bram Matthys". Similarly all the EXE and
-  DLL module files have been signed which should make it easy for
-  anti virus software to see if something is an official UnrealIRCd
-  release file or not.
-
-Major issues fixed:
-* Possible crash if you have several blacklist blocks
-
-Minor issues fixed:
-* User mode +d (deaf) did not work
-
-Other changes:
-* We've always printed big warnings when running UnrealIRCd as root.
-  In this version we still do, but in future versions we will simply
-  refuse to boot. https://www.unrealircd.org/docs/Do_not_run_as_root
-* System c-ares is preferred over our own shipped c-ares
-* System cURL is preferred over ~/curl (if it has AsynchDNS)
-* Our shipped libraries are no longer built as static
-* Now that shipped libraries are dynamic they need to be installed
-  somewhere (if used). The default location is ~/unrealircd/lib and
-  can be changed via --with-privatelibdir. (Although, if you are a
-  package builder then you will probably use --with-system-xxx and
-  then private libraries are not used at all)
-
-==[ CHANGES BETWEEN 4.0.6 AND 4.0.7 ]==
-Improvements:
-* UnrealIRCd now ships with a default ciphersuite list to have more
-  secure SSL/TLS defaults (rather than relying on your OS/Distro).
-  You can still customize ciphersuites through set::ssl::ciphers.
-  Details: https://www.unrealircd.org/docs/SSL_Ciphers_and_protocols
-* set::ssl::protocols allows you to specify which SSL/TLS protocols
-  are permitted. The default is (still): TLSv1,TLSv1.1,TLSv1.2.
-* Windows: remote includes now support IPv6
-
-Major issues fixed:
-* FreeBSD: unstable SSL links to other servers
-
-Minor issues fixed:
-* It was impossible to set both +b ~r:xyz and +b ~R:xyz
-
-Removed the following rarely used build-time options:
-* CHROOTDIR: Never worked in 4.0.x anyway. You can use AppArmor,
-  SELinux, FreeBSD jails, etc. as an alternative.
-* IRC_USER/IRC_GROUP: Since this only applies to users installing
-  UnrealIRCd system-wide you should use your system services to do
-  this as well, such as: systemd's User=xx or start-stop-daemon.
-
-Other changes:
-* PCRE2 and c-ares libraries updated to latest versions
-
-==[ CHANGES BETWEEN 4.0.5 AND 4.0.6 ]==
-Major issues fixed:
-* Fix SASL security issue with AUTHENTICATE
-
-==[ CHANGES BETWEEN 4.0.4 AND 4.0.5 ]==
-Major issues fixed:
-* Crash issue (read-after-free)
-* Bans on IPv6 cloaked hosts had no effect
-* Prevent flood from unknown connection (with bugfix)
-
-==[ CHANGES BETWEEN 4.0.4 AND 4.0.3(.1) ]==
-New:
-* Italian /HELPOP translation (help.it.conf)
-* set::options::no-connect-ssl-info to hide SSL-related connect info
-
-Major issues fixed:
-* GLINE/KLINE on usermask@ did not have any effect
-* Crash if you have a listen block with port 0
-* Infinite loop on invalid operclass::parent reference
-
-Minor issues fixed:
-* files { } block only worked with absolute paths
-* delayjoin: hidden users were not always joined on +vhoaq
-* Fix small memory leak
-* Duplicate replies on /VERSION
-* When doing /VERSION on IRC as an IRCOp it showed the compile-time
-  rather than runtime OpenSSL/LibreSSL version
-
-Other changes:
-* Documentation updates
-* Prevent installation in the same directory as the source
-
-==[ CHANGES BETWEEN 4.0.3 AND 4.0.3.1 ]==
-* Fix compile problem on FreeBSD & OpenBSD
-Note: there is no 4.0.3.1 release for Windows since there were no
-      changes for the Windows version.
-
-==[ CHANGES BETWEEN 4.0.2 AND 4.0.3 ]==
-Major issues fixed:
-* Crash on RPING command (IRCOp-only!)
-* Crash on Windows on failed outgoing server connect
-* Crash if you had a link { } block with invalid syntax
-
-Minor issues fixed:
-* Windows: Remote includes did not support https
-
-Other:
-* Windows version compiled with Visual Studio 2012 rather than a mix
-* Windows version now using LibreSSL
-* Crash reporter produces more useful reports (important for us)
-
-==[ CHANGES BETWEEN 4.0.1 AND 4.0.2 ]==
-The 4.0.2 release comes with the following new features:
-* Ability to hide quit messages from *LINEd users (set::hide-ban-reason)
-* Blacklist hits are now sent to new snomask +b rather than all ircops
-
-Major issues fixed:
-* None
-
-Minor issues fixed:
-* prefix-quit was not working
-* FreeBSD: fix kevent bug flood in error log
-* Incorrect server description in /LINKS
-* Logging to syslog was broken
-* OS X: Update ./Config to use Homebrew OpenSSL by default
-* Don't show UID to client in case of a SVSMODE
-
-==[ CHANGES BETWEEN 4.0.0 AND 4.0.1 ]==
-The 4.0.1 release comes with the following minor improvements:
-* The blacklist module now supports %ip (=banned IP) in blacklist::reason.
-* *NIX: You can use cron again, see https://www.unrealircd.org/docs/Cron_job
-* /MODULE now lists only 3rd party modules by default so you don't get flooded.
-* *NIX: Added './unrealircd reloadtls' to reload TLS certificate and keys.
-
-Major issue fixed:
-* Crash if you removed a listen { } block with active clients on that port
-* MODEs set by a server (not by a user) were not always propagated
-  correctly accross the network. In practice this only affected /SAMODE
-  and possibly some services that don't send MODEs from ChanServ/BotServ.
-
-Minor issues fixed:
-* When doing /LIST under mIRC it would hide empty +P channels.
-* Servers wouldn't link if link::outgoing::hostname was a CNAME.
-* SSL Certificate fingerprint not communicated properly to servers/services.
-* *NIX: ./unrealircd [stop|rehash] failed if not installed to ~/unrealircd.
-* Windows: IRCd could crash after showing the config error screen on startup.
-
-==[ CHANGES BETWEEN 3.2.X AND 4.X ]==
-Below is a summary of the changes between UnrealIRCd 3.2.x and UnrealIRCd 4.
-For a complete list of all 1100+ changes you can use 'git log' or have a
-look at: https://github.com/unrealircd/unrealircd/commits/unreal40
-
-==[ NEW ]==
-* We moved a lot of functionality, including most channel modes, user
-  modes and all extended bans into 138 separate modules.
-  This makes it...
-  A) possible to fully customize what exact functionality you want to load.
-     You could even strip down UnrealIRCd to get something close to the
-     basic RFC1459 features from the 1990s. (No idea why you would want
-     that, but it's possible)
-  B) easier for coders to see all source code related to a specific feature
-  C) possible to fix bugs and just reload rather than restart the IRCd.
-
-  Have a look at modules.default.conf which contains the "default" set of
-  modules that you can load if you just want to load all functionality.
-  If you want to customize the list of modules to load then simply make
-  a copy of that file, give it a different name, and include that one
-  instead. Since the file is fully documented, you can just comment out
-  or delete the loadmodule lines of things you don't want to load.
-* Oper permissions have changed completely: [A4+]
-  * All previous oper levels/ranks no longer exist (Netadmin, Admin, ..)
-  * oper::flags has been removed. Instead you must specify an operclass
-    in oper::operclass (for example, 'operclass netadmin').
-  * In operclass block(s) you define the privileges. You can now control
-    exactly what an IRCOp can and cannot do.
-    Have a look at operclass.default.conf which ships with UnrealIRCd,
-    it contains a number of default operclass blocks suitable for the
-    most common situations. See also the operclass block documentation:
-    https://www.unrealircd.org/docs/Operclass_block
-  * If you ask UnrealIRCd to convert your 3.2.x configuration file then
-    it will try to select a suitable operclass for the oper. This will
-    not always 100% match your current oper block rights, though.
-  * Channel Mode +A (Admin Only) has been removed. You can use the new
-    extended ban ~O:<operclass>. This allows you to, for example, create
-    an operclass 'netadmin' only channel: /MODE #chan +iI ~O:netadmin*
-  * set::hosts has been removed, use oper::vhost instead.
-  * Since oper levels have been removed you no longer see things like
-    "OperX is a Network Administrator" in /WHOIS by default.
-    If you want that, then you can set oper::swhois to
-    "is a Network Administrator" (or any other text).
-* Entirely rewritten I/O and event loop. This allows the IRCd to scale
-  more easily to tens of thousands of clients by using kernel-evented I/O
-  mechanisms such as epoll and kqueue.
-* Memory pooling has been added to improve memory allocation efficiency
-  and performance.
-* On-connect DNSBL/RBL checking via the new blacklist block. [B1]
-* The Windows version now has IPv6 support too. [B3]
-* On all OS's we compile with IPv6 support enabled. You can still
-  disable IPv6 at runtime by setting set::options::disable-ipv6. [B3]
-* The local nickname length can be modified without recompiling the IRCd
-* Channel Mode +d: This will hide joins/parts for users who don't say
-  anything in a channel. Whenever a user speaks for the first time they
-  will appear to join. Chanops will still see everyone joining normally
-  as if there was no +d set.
-* If you connect with SSL/TLS with a client certificate then your SSL
-  Fingerprint (SHA256 hash) can be seen by yourself and others through
-  /WHOIS. The fingerprint is also shared with all servers on the network.
-* ExtBan ~S:<certificate fingerprint> for ban exceptions / invex. This
-  can be used like +iI ~S:000000000etc.
-* bcrypt has been added as a password hashing algorithm and is now the
-  preferred algorithm [A3]
-* './unreal mkpasswd' will now prompt you for the password to hash [A3]
-* Protection against SSL renegotiation attacks [A3]
-* When you link two servers the current timestamp is exchanged. If the
-  time differs more than 60 seconds then servers won't link and it will
-  show a message that you should fix your clock(s). This requires
-  version alpha3 (or later) on both ends of the link [A3]
-* Configuration file converter that will upgrade your 3.2.x conf to 4.x.
-  On *NIX run './unreal upgrade-conf'. On Windows simply try to boot and
-  after the config errors screen UnrealIRCd offers the conversion. [A3]
-* The IRCd can now better handle unknown channel modes which expect a
-  parameter. This can be useful in a scenario where you are slowly
-  upgrading all your servers.
-* If you want to unset a vhost but keep cloaked then use /MODE yournick -t
-* A "crash reporter" was added. When UnrealIRCd is started it will check
-  if a previous UnrealIRCd instance crashed and (after booting a new
-  instance) it will spit out a report and ask if you want to submit it
-  to the UnrealIRCd developers. Doing so will help us a lot as many bugs
-  are often not reported. Note that UnrealIRCd will always ask before
-  sending any information and never do so automatically. [B3]
-* SSL: Support for ECDHE has been added to provide "forward secrecy". [B4]
-
-==[ CHANGED ]==
-* Numerics have been removed. Instead we now use SIDs (Server ID's) and
-  UIDs (User ID's). SIDs work very similar to server numerics and UIDs 
-  help us to fix a number of lag-related race conditions / bugs.
-* The module commands.so / commands.dll has been removed. All commands
-  (those that are modular) are now in their own module.
-* Self-signed certificates are now generated using 4096 bits, a SHA256
-  hash and validity of 10 years. [A2]
-* Building with SSL (OpenSSL) is now mandatory [A2]
-* The link { } block has been restructured, see
-  https://www.unrealircd.org/docs/Upgrading_from_3.2.x#Link_block [A3]
-* Better yet, check out our secure server linking tutorial:
-  https://www.unrealircd.org/docs/Tutorial:_Linking_servers
-* If you have no set::throttle block you now get a default of 3:60 [A3]
-* password entries in the conf no longer require specifying an auth-type
-  like password "..." { md5; };. UnrealIRCd will now auto-detect. [A3]
-* You will now see a warning when you link to a non-SSL server. [A3]
-* Previously we used POSIX Regular expressions in spamfilters and at
-  some other places. We have now moved to PCRE Regular expressions.
-  They look very similar, but PCRE is a lot faster.
-  For backwards-compatibility we still compile with both regex engines. [A3]
-* Spamfilter command syntax has been changed, it now has an extra option
-  to indicate the matching method:
-  /SPAMFILTER [add|del|remove|+|-] [method] [type] ....
-  Where 'method' can be one of:
-  * -regex: this is the new fast PCRE2 regex engine
-  * -simple: supports just strings and ? and * wildcards (super fast)
-  * -posix: the old regex engine for compatibility with 3.2.x.  [A3]
-* If you have both 3.2.x and 4.x servers on your network then the
-  4.x server will only send spamfilters of type 'posix' to the 3.2.x
-  servers because 3.2.x servers don't support the other two types.
-  So in a mixed network you probably want to keep using 'posix' for
-  a while until all your servers are running UnrealIRCd 4. [A3]
-* set::oper-only-stats now defaults to "*"
-* oper::from::userhost and vhost::from::userhost are now called
-  oper::mask and vhost::mask. The usermask@ part is now optional and
-  it supports two syntaxes. For one entry you can use: mask 1.2.3.*;
-  For multiple entries the syntax is: mask { 192.168.*; 10.*; };
-* Because having both allow::ip and allow::hostname in the same allow
-  block was highly confusing (it was an OR-match) you must now choose
-  between either allow::ip OR allow::hostname. [A3]
-* cgiirc block is renamed to webirc and the syntax has changed [A4]
-* set::pingpong-warning is removed, warning always off now [A4]
-* More helpful configuration file parse error messages [A4]
-* You can use '/OPER username' without password if you use SSL
-  certificate (fingerprint) authentication. The same is true for
-  '/VHOST username'. [A4]
-* You must now always use 'make install' on *NIX [A4]
-* Changed (default) directory structure entirely, see the section
-  titled 'CONFIGURATION CHANGES' about 100 lines up. [A4]
-* badword quit { } is removed, we use badword channel for it. [A4]
-* badwords.*.conf is now just one badwords.conf
-* To load all default modules you now include modules.default.conf.
-  This file was called modules.conf in earlier alpha's.
-  The file has been split up in sections and a lot of comments have
-  been added to aid the user in deciding whether to load or not to
-  load each module. [A4]
-* Snomask +s is now (always) IRCOp-only. [A4]
-* Previously there was little logic behind what modes halfops could
-  set. Now the idea is as follows: halfops should be able to help out
-  in case of a flood but not be able to change any 'policy decission
-  modes' such as +G, +S, +c, +s. Due to this change halfops can now
-  set modes +beiklmntIMKNCR (was: +beikmntI). [A4]
-* If no link::hub or link::leaf is specified then assume hub "*". [B1]
-* SWHOIS (Special whois title) has been extended in a number of ways:
-  * We now "track" who or what set an swhois. This allows us to
-    remove the swhois received via oper/vhost on de-oper/de-vhost.
-  * You can now have multiple swhois lines
-  * Multiple oper::swhois and vhost::swhois items are supported. [B1]
-* When trying to link two servers without link::outgoing::options::ssl
-  (which is not recommended) we try to use STARTTLS in order to
-  'upgrade' the connection to use SSL/TLS anyway. This can be disabled
-  via link::outgoing::options::insecure. [B2]
-* SSLv3 has now been disabled for security. This also means you can only
-  link UnrealIRCd 4 with 3.2.10.3 and later because earlier versions
-  used SSLv3 instead of TLS due to an OpenSSL API mistake. [B4]
-
-==[ MODULE CODERS / DEVELOPERS ]==
-* A lot of technical documentation for module coders has been added
-  at https://www.unrealircd.org/docs/ describing things like how to
-  write a module from scratch, the User & Channel Mode System, Commands,
-  Command Overrides, Hooks, attaching custom-data to users/channels,
-  and more. [A2+]
-* For commands: do not read from parv[0] anymore, doing so will lead
-  to a crash. Use sptr->name instead. This change is necessary as
-  the "name" in parv[0] could possibly point to a UID/SID rather than
-  a nick name. Thus, if you would send parv[0] to a non-UID or non-SID
-  capable server this would lead to serious issues (not found errors).
-* Added MOD_OPT_PERM_RELOADABLE which permits reloading (eg: upgrades)
-  but disallows unloading of a module [A3]
-* There have been *a lot* of source code cleanups (ALL)
-* We now use the information from PROTOCTL CHANMODES= for parameter
-  skipping if the channel mode is unknown. Also, when channel modes
-  are loaded or unloaded we re-broadcast PROTOCTL CHANMODES=. [B1]
-* The server protocol docs have been removed. The protocol is now
-  documented at https://www.unrealircd.org/docs/Server_protocol
-  See also https://www.unrealircd.org/docs/Server_protocol:Changes
-  for a list of changes between the 3.2 and 4.0 server protocol.
-* GCC typechecking has been added to make sure your HookAdd... calls
-  are adding hook functions with the correct parameter (types).
-
-==[ REMOVED / DROPPED ]==
-* Numeric server IDs, see above. [A1]
-* PROTOCTL TOKEN and SJB64 are no longer implemented. [A1]
-* Ziplinks have been removed. [A1]
-* WebTV support. [A3]
-* Channel Mode +j was removed and replaced by the configuration setting
-  set::anti-flood::join-flood (default: 3 per 90 seconds). [B1]
-* /CHATOPS: use /GLOBOPS instead which does the same
-  /ADCHAT & /NACHAT: gone as we don't have such oper levels anymore
-  Your opers should actually be in an #opers channel. If you also want
-  special classes of oper channels like #admins then use +iI ~O:*admin*
-* User modes:
-  * +N (Network Administrator): see 'Oper permissions' under NEW as for why
-  * +a (Services Administrator): same
-  * +A (Server Administrator: same
-  * +C (Co Administrator): same
-  * +O (Local IRC Operator): same
-  * +h (HelpOp): all this did was add a line "is available for help" in
-    WHOIS. You can use a vhost block with vhost::swhois as a replacement
-    or for opers just add an oper::swhois item.
-  * +g (failops): we already have snomasks and the +o usermode for this
-  * +v (receive infected DCC SEND rejection notices): moved to snomask +D

doc/coding-guidelines

@@ -1,143 +1,123 @@
-Rules about patches & modifications to UnrealIRCd
-
-1. When making a change, always add a small description in the commit log.
-   Don't forget to mention the bug# and credit the reporter (if any).
-
-2. If new files are made, it must contain proper copyright headers.
-
-3. If you want to submit patches (f.e. if you don't have write access to
-   the repository), then submit them to https://bugs.unrealircd.org/
-   using "hg export" or "hg diff". Naturally include a clear description
-   of what the change does.
-
-4. Each bug or feature should have a bug# so people can have a discussion
-   about it. This has a few implications (read!!):
-   * People must report bugs/feature requests to bugs.unrealircd.org and
-     not on IRC, e-mail, etc.
-   * That means other people can see the bug# and comment on it. This means
-     discussion is easy to read back for each issue and not spread between
-     several IRC logs.
-     Furthermore, by using the bugtracker instead of directly committing,
-     people could point out that there might be a better way to do things
-     than you originally thought, or it might be that other devs don't like
-     it at all.
-   * If a head coder has 'acknowledged' or 'confirmed' the bug or stated in
-     a comment that it's OK to implement, then a dev may take the issue.
-     The dev should change the status to 'assigned' and work on it, then
-     commit and change it to 'resolved', set 'fixed in version' to next
-     release, and add a comment pasting the relevant Changelog item and the
-     releaseid (.XYZ).
-     Of course other guidelines, like #7 and #8 still apply.
-
-5. Do not commit changes that do not have an associated bug# and have not
-   had any discussion.
-   3.2.x: Small/tiny bugfixes that do not change any functionality, are
-   very unlikely to break anything and definitely don't require any prior
-   discussion may be exempted.
-   3.4.x: During the alpha & beta stage it is permitted to commit fixes
-   and code cleanups / restructuring without any discussion.
-   However in general, and in particular for new features, it is appreciated
-   if there has been prior discussion on bugs.unrealircd.org (or by mail).
-
-6. Regarding reidenting, restructuring or other major code cleanups: please
-   discuss before doing so. The other devs might not agree with you on the
-   particular cleanup you have in mind which would result in another
-   clean-up-the-cleanup commit.
-   You may, however reindent and clean up individual sections when you are
-   working on fixing a particular bug# or implementing a new feature. In fact
-   you're encouraged to do so if the code is confusing without it. However,
-   obey the style of Unreal's code (mostly outlined in this document)
-   and do not introduce yet another (new) style. Also, be careful with doing
-   any cleanup: if you're unsure in any way about the use of something,
-   or something that looks redundant on first sight, then look more
-   carefully... it might indeed be useless and/or redundant, but it might
-   also be a subtle thing that can create great bugs when 'cleaned up'.
-
-7. Prior to a 3.2.x release: be very careful with any restructuring of a
-   subsystem or doing any major commits that may break things. Stuff like
-   this can be perfectly fine if there are many months to go, but are not
-   good to do a month before release. The head coder may impose additional
-   restrictions during such a period.
-
-8. During the Release Candidate stage (from RC1 until the final release)
-   only the head coder may commit directly, all others should ask and
-   present their patch before committing. Yes, even if you are changing
-   only 1 line of code or text.
-
-9. UnrealIRCd should compile on all supported operating systems and
-   platforms, using GCC 3 or higher on *NIX, and Visual Studio 2008 or
-   higher on Windows. This means you cannot blindly use all C99 extensions.
-
-10. Coders must test their code before committing.
-
-11. /*  
-     * These kind of comments
-     */
- 
-   NOT
- 
-   // These kind of comments
-
-12. 	if (something == 1) 
-   	{
-		moo; /* comment */
-		/* This does what what what */
-		cow(go(moo));
-	}
-	
-	NOT 
-	
-	if (something == 1) {
-	}
-	
-13. Do not touch version.c.SH or version.h, unless you are a head coder
-    if you need a credit in, contact us
-   
-14. Protocol changes must be discussed before making patches for it.
-
-15. We do NOT rip people off. If we use other people's code, it MUST be
-    properly credited.
-
-16. We generally use tabsize 4 and 8. In any case, use tabs and NOT spaces.
-    Some code is old and horrible and has a mix of tabs and spaces used for
-    spacing, that's something we do not want to have ;)
-
-17. Be careful about overflows. Do not do any unchecked string copies.
-    Instead of strcpy, strcat and sprintf/ircsprintf, use the following
-    functions: strlcpy, strlcat, snprintf/ircnsprintf.
-    If you are copying/writing character-by-character or word-by-word in a
-    loop, be very sure about your size counting. Sometimes it's possible
-    to avoid such code alltogether by just calling strlcat each time.
-
-18. Speed.  When optimizing or writing code, keep in mind that readability and
-    stability comes FIRST, and after that comes speed. So we'd rather prefer some
-    readable code (even if difficult) over some odd highly optimized routine which
-    nobody understands, is difficult to extend, and might have several bugs.
-    As mentioned earlier: use ircsnprintf, not snprintf (this is because
-    ircsnprintf is optimized for simple strings like the ones we use).
-    ircsnprintf calls snprintf when it finds a (non-simple) format specifier it
-    can't handle.  Simple format specifiers do not have prefixes other than
-    h and l.
-
-19. Initialize your structs and use the proper memory calls.
-    In UnrealIRCd we use MyMalloc, MyMallocEx and MyFree (so not malloc/free).
-    MyMalloc usually maps to malloc, and MyMallocEx is a malloc plus filling
-    the memory area (eg: the struct) with zero's (a la calloc).
-    Use of MyMallocEx is suggested. In general you should not be using MyMalloc.
-    "But MyMalloc is faster!" you might say. This is true, but using MyMallocEx
-    has very little speed impact and enormous benefits: people tend to forget
-    to set certain fields in the struct to NULL, or much more common: when
-    someone later on (eg: 1 year later) adds a field to a struct, there could
-    be several places he/she needs to update to make sure x->something is NULL
-    after allocating a new struct. Bad idea.
-    Little speed impact, huge stability benefits, easy decision ;).
-
-20. Comment your code! This should speak for itself...
-    Put comments wherever you think they are needed, to aid any further coders
-    with reading your code.. and, in fact, it will aid yourself as well if you
-    would look back at your code 2 years later.
-    If there's some obscure pitfall, DO mention it! Don't just "hope" a next
-    author will see it like you did.
-
-21. Use enums whenever possible, rather than #define constants. Besides making
-    things more clean, it also aids debugging.
+Rules about patches & modifications to UnrealIRCd
+
+1. When making a change, always add a small description in the commit log.
+   Don't forget to mention the bug# and credit the reporter (if any).
+
+2. If new files are made, they must contain proper copyright headers.
+
+3. Each bug or feature should have a bug# so people can have a discussion
+   about it. This has a few implications (read!!):
+   * People must report bugs/feature requests to bugs.unrealircd.org and
+     not on IRC, e-mail, etc.
+   * That means other people can see the bug# and comment on it. This means
+     discussion is easy to read back for each issue and not spread between
+     several IRC logs.
+     Furthermore, by using the bugtracker instead of directly committing,
+     people could point out that there might be a better way to do things
+     than you originally thought, or it might be that other devs don't like
+     it at all.
+   * If a head coder has 'acknowledged' or 'confirmed' the issue or stated
+     in a comment that it's OK to implement, then any dev may take the issue.
+     The dev should change the status to 'assigned' and work on it, then
+     commit and change it to 'resolved', set 'fixed in version' to the
+     correct release, and add a comment pasting the relevant commit log.
+     Of course other guidelines, in particular rule #7, still applies.
+
+4. If you don't have direct write access to the repository then you can
+   submit changes as as PR on github. It is very much preferred to also
+   have a bugs.unrealircd.org entry for it as well (see previous item).
+
+5. For the stable branch, in general, only commit changes that have an
+   associated bugid# and/or were discussed.
+   For branches currently in development (alpha/beta) there's more freedom
+   and if you think the change will be small and is fine without a
+   discussion then feel free to commit.
+
+6. Regarding reidenting, restructuring or other major code cleanups: please
+   discuss before doing so. The other devs might not agree with you on the
+   particular cleanup you have in mind which would result in another
+   clean-up-the-cleanup commit.
+   You may, however reindent and clean up individual sections when you are
+   working on fixing a particular bug# or implementing a new feature. In fact
+   you're encouraged to do so if the code is confusing without it. However,
+   obey the style of Unreal's code (mostly outlined in this document)
+   and do not introduce yet another (new) style. Also, be careful with doing
+   any cleanup: if you're unsure in any way about the use of something,
+   or something that looks redundant on first sight, then look more
+   carefully... it might indeed be useless and/or redundant, but it might
+   also be a subtle thing that can create great bugs when 'cleaned up'.
+
+7. During the Release Candidate stage (from RC1 until the final release)
+   only the head coder may commit directly, all others should ask and
+   present their patch before committing. Yes, even if you are changing
+   only 1 line of code or text.
+
+9. UnrealIRCd should compile on all supported operating systems and
+   platforms, using GCC 3 or higher on *NIX, and Visual Studio 2008 or
+   higher on Windows. This means you cannot blindly use all C99 extensions.
+
+10. Coders must test their code before committing.
+
+11. /*  
+     * These kind of comments
+     */
+ 
+   NOT
+ 
+   // These kind of comments
+
+12. 	if (something == 1) 
+   	{
+		moo; /* comment */
+		/* This does what what what */
+		cow(go(moo));
+	}
+	
+	NOT 
+	
+	if (something == 1) {
+	}
+	
+13. Do not touch version.c.SH or version.h, unless you are a head coder.
+    If you need a credit in, contact us
+   
+14. Protocol changes must be discussed before making patches for it.
+
+15. We do NOT rip people off. If we use other people's code, it MUST be
+    properly credited.
+
+16. We use tabsize 8 and we use tabs AND NOT SPACES.
+    Some code is old and horrible and has a mix of tabs and spaces used for
+    spacing, that's something we do not want to have ;)
+
+17. Be careful about overflows. Do not do any unchecked string copies.
+    Instead of strcpy, strcat and sprintf/ircsprintf, use the following
+    functions: strlcpy, strlcat, snprintf/ircnsprintf.
+    If you are copying/writing character-by-character or word-by-word in a
+    loop, eg using *p++ = x; then be very sure about your size counting.
+    Often it's better to avoid such code altogether, by simply using
+    strlcat for everything.
+
+18. Speed.  When optimizing or writing code, keep in mind that readability and
+    stability comes FIRST, and after that comes speed. So we'd rather prefer some
+    readable code (even if difficult) over some odd highly optimized routine which
+    nobody understands, is difficult to extend, and might have several bugs.
+    As mentioned earlier: use ircsnprintf, not snprintf (this is because
+    ircsnprintf is optimized for simple strings like the ones we use).
+    ircsnprintf calls snprintf when it finds a (non-simple) format specifier it
+    can't handle.  Simple format specifiers do not have prefixes other than
+    h and l.
+
+19. Initialize your structs and use the proper memory calls.
+    In UnrealIRCd we use safe_alloc, safe_free, safe_strdup and safe_strldup.
+    Do NOT use malloc, calloc or strdup.
+
+20. Comment your code! This should speak for itself...
+    Put comments wherever you think they are needed, to aid any further coders
+    with reading your code.. and, in fact, it will aid yourself as well if you
+    would look back at your code 2 years later.
+    If there's some obscure pitfall, DO mention it! Don't just "hope" a next
+    author will see it like you did.
+
+21. Use enums whenever possible, rather than #define constants. Besides making
+    things more clean, it also aids debugging.

doc/conf/aliases/aliases.conf

@@ -5,39 +5,39 @@ alias identify {
 		target chanserv;
 		type services;
 		parameters "IDENTIFY %1-";
-	};
+	}
 	format "^[^#]" {
 		target nickserv;
 		type services;
 		parameters "IDENTIFY %1-";
-	};
+	}
 	type command;
-};
+}
 
 alias services {
 	format "^#" {
 		target chanserv;
 		type services;
 		parameters "%1-";
-	};
+	}
 	format "^[^#]" {
 		target nickserv;
 		type services;
 		parameters "%1-";
-	};
+	}
 	type command;
-};
+}
 
 alias register {
 	format "^#" {
 		target chanserv;
 		type services;
 		parameters "REGISTER %1-";
-	};
+	}
 	format "^[^#]" {
 		target nickserv;
 		type services;
 		parameters "REGISTER %1-";
-	};
+	}
 	type command;
-};
+}

doc/conf/aliases/anope.conf

@@ -1,18 +1,17 @@
 /* Anope Aliases */
 
-alias nickserv { type services; };
-alias ns { target nickserv; type services; };
-alias chanserv { type services; };
-alias cs { target chanserv; type services; };
-alias memoserv { type services; spamfilter yes; };
-alias ms { target memoserv; type services; spamfilter yes; };
-alias operserv { type services; };
-alias os { target operserv; type services; };
-alias helpserv { type services; };
-alias botserv { type services; };
-alias bs { target botserv; type services; };
-alias hostserv { type services; };
-alias hs { target hostserv; type services; };
+alias nickserv { type services; }
+alias ns { target nickserv; type services; }
+alias chanserv { type services; }
+alias cs { target chanserv; type services; }
+alias memoserv { type services; spamfilter yes; }
+alias ms { target memoserv; type services; spamfilter yes; }
+alias operserv { type services; }
+alias os { target operserv; type services; }
+alias botserv { type services; }
+alias bs { target botserv; type services; }
+alias hostserv { type services; }
+alias hs { target hostserv; type services; }
 
 include "aliases/aliases.conf";
 

doc/conf/aliases/atheme.conf

@@ -1,26 +1,26 @@
 /* Atheme Aliases */
 
-alias nickserv { type services; };
-alias ns { target nickserv; type services; };
-alias chanserv { type services; };
-alias cs { target chanserv; type services; };
-alias memoserv { type services; spamfilter yes; };
-alias ms { target memoserv; type services; spamfilter yes; };
-alias operserv { type services; };
-alias os { target operserv; type services; };
-alias helpserv { type services; };
-alias botserv { type services; };
-alias bs { target botserv; type services; };
-alias hostserv { type services; };
-alias hs { target hostserv; type services; };
-alias saslserv { type services; };
-alias sss { target saslserv; type services; };
-alias gameserv { type services; };
-alias gms { target gameserv; type services; };
-alias groupserv { type services; };
-alias grs { target groupserv; type services; };
-alias alis { type services; };
-alias ls { target alis; type services; };
+alias nickserv { type services; }
+alias ns { target nickserv; type services; }
+alias chanserv { type services; }
+alias cs { target chanserv; type services; }
+alias memoserv { type services; spamfilter yes; }
+alias ms { target memoserv; type services; spamfilter yes; }
+alias operserv { type services; }
+alias os { target operserv; type services; }
+alias helpserv { type services; }
+alias botserv { type services; }
+alias bs { target botserv; type services; }
+alias hostserv { type services; }
+alias hs { target hostserv; type services; }
+alias saslserv { type services; }
+alias sss { target saslserv; type services; }
+alias gameserv { type services; }
+alias gms { target gameserv; type services; }
+alias groupserv { type services; }
+alias grs { target groupserv; type services; }
+alias alis { type services; }
+alias ls { target alis; type services; }
 
 include "aliases/aliases.conf";
 

doc/conf/aliases/auspice.conf

@@ -1,33 +1,33 @@
 /* Auspice Aliases */
 
 /* Uncomment this, if you have enabled "MassServ, W and X" in auspice */
-# alias massserv { type services; };
-# alias ma { target massserv; type services; };
-# alias W { type services; };
-# alias X { type services; };
+# alias massserv { type services; }
+# alias ma { target massserv; type services; }
+# alias W { type services; }
+# alias X { type services; }
 
 /* Uncomment this, if you have enabled "WebServ" in auspice */
-# alias webserv { type services; };
-# alias ws { target webserv; type services; };
+# alias webserv { type services; }
+# alias ws { target webserv; type services; }
 
-alias agent { type services; };
-alias adminserv { type services; };
-alias as { target adminserv; type services; };
-alias botserv { type services; };
-alias bs { target botserv; type services; };
-alias chanserv { type services; };
-alias cs { target chanserv; type services; };
-alias helpserv { type services; };
-alias hs { target helpserv; type services; };
-alias hostserv { type services; };
-alias ho { target hostserv; type services; };
-alias memoserv { type services; spamfilter yes; };
-alias ms { target memoserv; type services; spamfilter yes; };
-alias nickserv { type services; };
-alias ns { target nickserv; type services; };
-alias operserv { type services; };
-alias os { target operserv; type services; };
-alias rootserv { type services; };
-alias rs { target rootserv; type services; };
+alias agent { type services; }
+alias adminserv { type services; }
+alias as { target adminserv; type services; }
+alias botserv { type services; }
+alias bs { target botserv; type services; }
+alias chanserv { type services; }
+alias cs { target chanserv; type services; }
+alias helpserv { type services; }
+alias hs { target helpserv; type services; }
+alias hostserv { type services; }
+alias ho { target hostserv; type services; }
+alias memoserv { type services; spamfilter yes; }
+alias ms { target memoserv; type services; spamfilter yes; }
+alias nickserv { type services; }
+alias ns { target nickserv; type services; }
+alias operserv { type services; }
+alias os { target operserv; type services; }
+alias rootserv { type services; }
+alias rs { target rootserv; type services; }
 
 include "aliases/aliases.conf";

doc/conf/aliases/cygnus.conf

@@ -1,12 +1,12 @@
 /* Cygnus Aliases */
 
-alias nickserv { type services; };
-alias ns { target nickserv; type services; };
-alias chanserv { type services; };
-alias cs { target chanserv; type services; };
-alias memoserv { type services; spamfilter yes; };
-alias ms { target memoserv; type services; spamfilter yes; };
-alias rootserv { type services; };
-alias rs { target rootserv; type services; };
+alias nickserv { type services; }
+alias ns { target nickserv; type services; }
+alias chanserv { type services; }
+alias cs { target chanserv; type services; }
+alias memoserv { type services; spamfilter yes; }
+alias ms { target memoserv; type services; spamfilter yes; }
+alias rootserv { type services; }
+alias rs { target rootserv; type services; }
 
 include "aliases/aliases.conf";

doc/conf/aliases/epona.conf

@@ -1,16 +1,16 @@
 /* Epona Aliases */
 
-alias nickserv { type services; };
-alias ns { target nickserv; type services; };
-alias chanserv { type services; };
-alias cs { target chanserv; type services; };
-alias memoserv { type services; spamfilter yes; };
-alias ms { target memoserv; type services; spamfilter yes; };
-alias operserv { type services; };
-alias os { target operserv; type services; };
-alias helpserv { type services; };
-alias hs { target helpserv; type services; };
-alias botserv { type services; };
-alias bs { target botserv; type services; };
+alias nickserv { type services; }
+alias ns { target nickserv; type services; }
+alias chanserv { type services; }
+alias cs { target chanserv; type services; }
+alias memoserv { type services; spamfilter yes; }
+alias ms { target memoserv; type services; spamfilter yes; }
+alias operserv { type services; }
+alias os { target operserv; type services; }
+alias helpserv { type services; }
+alias hs { target helpserv; type services; }
+alias botserv { type services; }
+alias bs { target botserv; type services; }
 
 include "aliases/aliases.conf";

doc/conf/aliases/generic.conf

@@ -1,14 +1,14 @@
 /* Generic Aliases */
 
-alias nickserv { type services; };
-alias ns { target nickserv; type services; };
-alias chanserv { type services; };
-alias cs { target chanserv; type services; };
-alias memoserv { type services; spamfilter yes; };
-alias ms { target memoserv; type services; spamfilter yes; };
-alias operserv { type services; };
-alias os { target operserv; type services; };
-alias helpserv { type services; };
-alias hs { target helpserv; type services; };
+alias nickserv { type services; }
+alias ns { target nickserv; type services; }
+alias chanserv { type services; }
+alias cs { target chanserv; type services; }
+alias memoserv { type services; spamfilter yes; }
+alias ms { target memoserv; type services; spamfilter yes; }
+alias operserv { type services; }
+alias os { target operserv; type services; }
+alias helpserv { type services; }
+alias hs { target helpserv; type services; }
 
 include "aliases/aliases.conf";

doc/conf/aliases/genericstats.conf

@@ -1,4 +1,4 @@
 /* Generic StatServ Aliases */
 
-alias statserv { type stats; };
-alias ss { target statserv; type stats; };
+alias statserv { type stats; }
+alias ss { target statserv; type stats; }

doc/conf/aliases/ircservices.conf

@@ -1,17 +1,17 @@
 /* IRCServices Aliases */
 
-alias nickserv { type services; };
-alias ns { target nickserv; type services; };
-alias chanserv { type services; };
-alias cs { target chanserv; type services; };
-alias memoserv { type services; spamfilter yes; };
-alias ms { target memoserv; type services; spamfilter yes; };
-alias operserv { type services; };
-alias os { target operserv; type services; };
-alias helpserv { type services; };
-alias hs { target helpserv; type services; };
-alias irciihelp { type services; };
-alias statserv { type services; };
-alias ss { target statserv; type services; };
+alias nickserv { type services; }
+alias ns { target nickserv; type services; }
+alias chanserv { type services; }
+alias cs { target chanserv; type services; }
+alias memoserv { type services; spamfilter yes; }
+alias ms { target memoserv; type services; spamfilter yes; }
+alias operserv { type services; }
+alias os { target operserv; type services; }
+alias helpserv { type services; }
+alias hs { target helpserv; type services; }
+alias irciihelp { type services; }
+alias statserv { type services; }
+alias ss { target statserv; type services; }
 
 include "aliases/aliases.conf";

doc/conf/aliases/operstats.conf

@@ -1,6 +1,6 @@
 /* OperStats Aliases */
 
-alias operserv { type stats; };
-alias os { target operserv; type stats; };
-alias statserv { type stats; };
-alias ss { target statserv; type stats; };
+alias operserv { type stats; }
+alias os { target operserv; type stats; }
+alias statserv { type stats; }
+alias ss { target statserv; type stats; }

doc/conf/badwords.conf

@@ -5,7 +5,6 @@
  NOTE: Those words are not meant to insult you (the user)
        but is meant to be a list of words so that the +G channel/user mode 
        will work properly. You can easily modify this file at your will.
-       If you got words to add to this file, please mail badwords@tspre.org
 
  
 
@@ -30,22 +29,22 @@
 
 
 */
-badword all { word "pussy"; };
-badword all { word "fuck"; };
-badword all { word "whore"; };
-badword all { word "slut"; };
-badword all { word "shit"; };
-badword all { word "asshole"; };
-badword all { word "bitch"; };
-badword all { word "cunt"; };
-badword all { word "vagina"; };
-badword all { word "penis"; };
-badword all { word "jackass"; };
-badword all { word "*fucker*"; };
-badword all { word "faggot"; };
-badword all { word "fag"; };
-badword all { word "horny"; };
-badword all { word "dickhead"; };
-badword all { word "sonuvabitch"; };
-badword all { word "*fuck*"; };
-badword all { word "tits"; };
+badword all { word "pussy"; }
+badword all { word "fuck"; }
+badword all { word "whore"; }
+badword all { word "slut"; }
+badword all { word "shit"; }
+badword all { word "asshole"; }
+badword all { word "bitch"; }
+badword all { word "cunt"; }
+badword all { word "vagina"; }
+badword all { word "penis"; }
+badword all { word "jackass"; }
+badword all { word "*fucker*"; }
+badword all { word "faggot"; }
+badword all { word "fag"; }
+badword all { word "horny"; }
+badword all { word "dickhead"; }
+badword all { word "sonuvabitch"; }
+badword all { word "*fuck*"; }
+badword all { word "tits"; }

doc/conf/dccallow.conf

@@ -17,26 +17,26 @@
  */
 
 /* first.. deny everything, then allow known-good stuff... */
-deny dcc { filename "*"; reason "Possible executable content"; soft yes; };
+deny dcc { filename "*"; reason "Possible executable content"; soft yes; }
 /* common image formats */
-allow dcc { filename "*.jpg"; soft yes; };
-allow dcc { filename "*.jpeg"; soft yes; };
-allow dcc { filename "*.gif"; soft yes; };
-allow dcc { filename "*.png"; soft yes; };
-allow dcc { filename "*.bmp"; soft yes; };
+allow dcc { filename "*.jpg"; soft yes; }
+allow dcc { filename "*.jpeg"; soft yes; }
+allow dcc { filename "*.gif"; soft yes; }
+allow dcc { filename "*.png"; soft yes; }
+allow dcc { filename "*.bmp"; soft yes; }
 /* audio / video (but not scripted/playlists!) */
-allow dcc { filename "*.mp1"; soft yes; };
-allow dcc { filename "*.mp2"; soft yes; };
-allow dcc { filename "*.mp3"; soft yes; };
-allow dcc { filename "*.mpg"; soft yes; };
-allow dcc { filename "*.mpeg"; soft yes; };
-allow dcc { filename "*.m1v"; soft yes; };
-allow dcc { filename "*.m2v"; soft yes; };
-allow dcc { filename "*.vob"; soft yes; };
-allow dcc { filename "*.wav"; soft yes; };
+allow dcc { filename "*.mp1"; soft yes; }
+allow dcc { filename "*.mp2"; soft yes; }
+allow dcc { filename "*.mp3"; soft yes; }
+allow dcc { filename "*.mpg"; soft yes; }
+allow dcc { filename "*.mpeg"; soft yes; }
+allow dcc { filename "*.m1v"; soft yes; }
+allow dcc { filename "*.m2v"; soft yes; }
+allow dcc { filename "*.vob"; soft yes; }
+allow dcc { filename "*.wav"; soft yes; }
 /* text / misc */
-allow dcc { filename "*.txt"; soft yes; };
-allow dcc { filename "*.log"; soft yes; };
-allow dcc { filename "*.pdf"; soft yes; };
-allow dcc { filename "*.c"; soft yes; };
-allow dcc { filename "*.cpp"; soft yes; };
+allow dcc { filename "*.txt"; soft yes; }
+allow dcc { filename "*.log"; soft yes; }
+allow dcc { filename "*.pdf"; soft yes; }
+allow dcc { filename "*.c"; soft yes; }
+allow dcc { filename "*.cpp"; soft yes; }

doc/conf/examples/example.conf

@@ -1,23 +1,28 @@
-/* Configuration file for UnrealIRCd 4.0
+/* Configuration file for UnrealIRCd 6
  *
- * Simply copy this file to your conf/ directory, call it
- * 'unrealircd.conf' and walk through it line by line (edit it!)
+ * Simply copy this file to your conf/ directory and call it 'unrealircd.conf'
  *
- * Important: All lines, except the opening { line, end with an ;
- * including };. This is very important, if you miss a ; somewhere then
- * the configuration file parser will complain and your file will not
+ * If you are in a hurry then you can CTRL+F for: CHANGE THIS
+ * The items that must be changed are indicated with those two words.
+ * However, we actually recommend going through the file line by line
+ * and edit it where needed, so you can see all the basic items and
+ * what they are set to.
+ *
+ * BEFORE YOU PROCEED:
+ * Important: all lines, except { and } end with an ;
+ * This is very important, if you miss a ; somewhere then the
+ * configuration file parser will complain and the file will not
  * be processed correctly!
  * If this is your first experience with an UnrealIRCd configuration
  * file then we really recommend you to read a little about the syntax,
  * this only takes a few minutes and will help you a lot:
  * https://www.unrealircd.org/docs/Configuration#Configuration_file_syntax
  *
- * UnrealIRCd 4 documentation (very extensive!):
- * https://www.unrealircd.org/docs/UnrealIRCd_4_documentation
+ * UnrealIRCd 6 documentation (very extensive!):
+ * https://www.unrealircd.org/docs/UnrealIRCd_6_documentation
  *
  * Frequently Asked Questions:
  * https://www.unrealircd.org/docs/FAQ
- *
  */
 
 /* This is a comment, all text here is ignored (comment type #1) */
@@ -42,34 +47,43 @@ include "modules.default.conf";
  * - help/help.conf for our on-IRC /HELPOP system
  * - badwords.conf for channel and user mode +G
  * - spamfilter.conf as an example for spamfilter usage
+ *   (commented out)
  * - operclass.default.conf contains some good operclasses which
  *   you can use in your oper blocks.
  */
 include "help/help.conf";
 include "badwords.conf";
-include "spamfilter.conf";
+//include "spamfilter.conf";
 include "operclass.default.conf";
+include "snomasks.default.conf";
 
+/* Load the default cloaking module (2021 onwards): */
+loadmodule "cloak_sha256";
+/* Or load the old module from UnrealIRCd 3.2/4/5 instead: */
+//loadmodule "cloak_md5";
+
+// CHANGE THIS (the 'name' and the 'info'):
 /* This is the me { } block which basically says who we are.
  * It defines our server name, some information line and an unique "sid".
  * The server id (sid) must start with a digit followed by two digits or
  * letters. The sid must be unique for your IRC network (each server should
- * have it's own sid).
+ * have it's own sid). It is common to use 001 for the first server.
  */
 me {
-	name "irc.foonet.com";
-	info "FooNet Server";
+	name "irc.example.org";
+	info "ExampleNET Server";
 	sid "001";
-};
+}
 
+// CHANGE THIS:
 /* The admin { } block defines what users will see if they type /ADMIN.
  * It normally contains information on how to contact the administrator.
  */
 admin {
 	"Bob Smith";
 	"bob";
-	"widely@used.name";
-};
+	"email@example.org";
+}
 
 /* Clients and servers are put in class { } blocks, we define them here.
  * Class blocks consist of the following items:
@@ -86,7 +100,7 @@ class clients
 	maxclients 1000;
 	sendq 200k;
 	recvq 8000;
-};
+}
 
 /* Special class for IRCOps with higher limits */
 class opers
@@ -95,7 +109,7 @@ class opers
 	maxclients 50;
 	sendq 1M;
 	recvq 8000;
-};
+}
 
 /* Server class with good defaults */
 class servers
@@ -103,33 +117,33 @@ class servers
 	pingfreq 60;
 	connfreq 15; /* try to connect every 15 seconds */
 	maxclients 10; /* max servers */
-	sendq 5M;
-};
+	sendq 20M;
+}
 
 /* Allow blocks define which clients may connect to this server.
  * This allows you to add a server password or restrict the server to
- * specific IP's only. You also configure the maximum connections
+ * specific IPs only. You also configure the maximum connections
  * allowed per IP here.
  * See also: https://www.unrealircd.org/docs/Allow_block
  */
 
 /* Allow everyone in, but only 3 connections per IP */
 allow {
-	ip *@*;
+	mask *;
 	class clients;
 	maxperip 3;
-};
+}
 
 /* Example of a special allow block on a specific IP:
  * Requires users on that IP to connect with a password. If the password
  * is correct then it permits 20 connections on that IP.
  */
-allow {
-	ip *@192.0.2.1;
-	class clients;
-	password "somesecretpasswd";
-	maxperip 20;
-};
+// allow {
+// 	mask 192.0.2.1;
+// 	class clients;
+// 	password "somesecretpasswd";
+// 	maxperip 20;
+// }
 
 /* Oper blocks define your IRC Operators.
  * IRC Operators are people who have "extra rights" compared to others,
@@ -143,13 +157,25 @@ allow {
  * https://www.unrealircd.org/docs/Oper_block
  */
 
-/* Here is an example oper block for 'bobsmith' with password 'test'.
- * You MUST change this!!
+/* Here is an example oper block for 'bobsmith'
+ * YOU MUST CHANGE THIS!! (the oper name and the password)
  */
 oper bobsmith {
 	class opers;
 	mask *@*;
-	password "test";
+
+	/* Technically you can put oper passwords in plaintext in the conf but
+	 * this is HIGHLY DISCOURAGED. Instead you should generate a password hash:
+	 * On *NIX, run: ./unrealircd mkpasswd
+	 * On Windows, run: "C:\Program Files\UnrealIRCd 6\bin\unrealircdctl" mkpasswd
+	 * .. and then paste the result below:
+	 */
+	password "$argon2id..etc..";
+	/* See https://www.unrealircd.org/docs/Authentication_types for
+	 * more information, including even better authentication types
+	 * such as 'certfp', and how to generate hashes on Windows.
+	 */
+
 	/* Oper permissions are defined in an 'operclass' block.
 	 * See https://www.unrealircd.org/docs/Operclass_block
 	 * UnrealIRCd ships with a number of default blocks, see
@@ -157,8 +183,8 @@ oper bobsmith {
 	 */
 	operclass netadmin;
 	swhois "is a Network Administrator";
-	vhost netadmin.mynet.org;
-};
+	vhost netadmin.example.org;
+}
 
 /* Listen blocks define the ports where the server should listen on.
  * In other words: the ports that clients and servers may use to
@@ -166,40 +192,44 @@ oper bobsmith {
  * 
  * Syntax:
  * listen {
- * { 
  *   ip <ip>;
  *   port <port>;
  *   options {
  *     <options....>;
- *   };
- * };
+ *   }
+ * }
  */
 
-/* Standard IRC port 6667 */
+/* Standard IRC port 6667:
+ * Insecure plaintext (NOT for production servers)
+ * This listen block is here only for quick testing.
+ * Delete or comment out this listen block on production servers
+ * and use TLS on port 6697 instead.
+ */
 listen {
 	ip *;
 	port 6667;
-};
+}
 
 /* Standard IRC SSL/TLS port 6697 */
 listen {
 	ip *;
 	port 6697;
-	options { ssl; };
-};
+	options { tls; }
+}
 
 /* Special SSL/TLS servers-only port for linking */
 listen {
 	ip *;
 	port 6900;
-	options { ssl; serversonly; };
-};
+	options { tls; serversonly; }
+}
 
 /* NOTE: If you are on an IRCd shell with multiple IP's and you use
  *       the above listen { } blocks then you will likely get an
  *       'Address already in use' error and the ircd won't start.
  *       This means you MUST bind to a specific IP instead of '*' like:
- *       listen { ip 1.2.3.4; port 6667; };
+ *       listen { ip 1.2.3.4; port 6667; }
  *       Of course, replace the IP with the IP that was assigned to you.
  */
 
@@ -207,50 +237,54 @@ listen {
  * Link blocks allow you to link multiple servers together to form a network.
  * See https://www.unrealircd.org/docs/Tutorial:_Linking_servers
  */
-link hub.mynet.org
-{
-	incoming {
-		mask *@something;
-	};
-
-	outgoing {
-		bind-ip *; /* or explicitly an IP */
-		hostname hub.mynet.org;
-		port 6900;
-		options { ssl; };
-	};
-
-	/* We use the SPKI fingerprint of the other server for authentication.
-	 * Run './unrealircd spkifp' on the other side to get it.
-	 * NOTE: requires UnrealIRCd 4.0.16 or later.
-	 */
-	password "AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUV=" { spkifp; };
-
-	class servers;
-};
+//link hub.example.org
+//{
+//	incoming {
+//		mask *@something;
+//	}
+//
+//	outgoing {
+//		bind-ip *; /* or explicitly an IP */
+//		hostname hub.example.org;
+//		port 6900;
+//		options { tls; }
+//	}
+//
+//	/* We use the SPKI fingerprint of the other server for authentication.
+//	 * Open a shell on the OTHER SERVER and run the command to get the fingerprint:
+//	 * On *NIX, run: ./unrealircd spkifp
+//	 * On Windows, run: "C:\Program Files\UnrealIRCd 6\bin\unrealircdctl" spkifp
+//	 */
+//	password "AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUV=" { spkifp; }
+//
+//	class servers;
+//}
 
 /* The link block for services is usually much simpler.
  * For more information about what Services are,
  * see https://www.unrealircd.org/docs/Services
  */
-link services.mynet.org
-{
-	incoming {
-		mask 127.0.0.1;
-	};
-
-	password "changemeplease";
-
-	class servers;
-};
+//link services.example.org
+//{
+//	incoming {
+//		mask 127.0.0.1;
+//	}
+//
+//	password "changemeplease";
+//
+//	class servers;
+//}
 
 /* U-lines give other servers (even) more power/commands.
- * If you use services you must add them here.
- * NEVER put the name of an UnrealIRCd server here!!!
+ * If you use services you MUST add them here. You must add the
+ * services server name in ulines { } in the config file on
+ * every UnrealIRCd server on your network.
+ * IMPORTANT: Never put the name of an UnrealIRCd server here,
+ * it's only for Services!
  */
-ulines {
-	services.mynet.org;
-};
+//ulines {
+//	services.example.org;
+//}
 
 /* Here you can add a password for the IRCOp-only /DIE and /RESTART commands.
  * This is mainly meant to provide a little protection against accidental
@@ -259,27 +293,51 @@ ulines {
 drpass {
 	restart "restart";
 	die "die";
-};
+}
 
 /* The log block defines what should be logged and to what file.
  * See also https://www.unrealircd.org/docs/Log_block
  */
 
-/* This is a good default, it logs almost everything */
-log "ircd.log" {
-	flags {
-		oper;
-		connects;
-		server-connects;
-		kills;
-		errors;
-		sadmin-commands;
-		chg-commands;
-		oper-override;
-		tkl;
-		spamfilter;
-	};
-};
+/* This is a good default, it logs everything except
+ * debug stuff and join/part/kick.
+ */
+log {
+	source {
+		all;
+		!debug;
+		!join.LOCAL_CLIENT_JOIN;
+		!join.REMOTE_CLIENT_JOIN;
+		!part.LOCAL_CLIENT_PART;
+		!part.REMOTE_CLIENT_PART;
+		!kick.LOCAL_CLIENT_KICK;
+		!kick.REMOTE_CLIENT_KICK;
+	}
+	destination {
+		file "ircd.log" { maxsize 100M; }
+	}
+}
+
+/* In addition to regular logging, also add a JSON log file.
+ * This includes lots of information about every event so is great
+ * for auditing purposes and is machine readable. It is, however
+ * less readable for humans.
+ */
+log {
+	source {
+		all;
+		!debug;
+		!join.LOCAL_CLIENT_JOIN;
+		!join.REMOTE_CLIENT_JOIN;
+		!part.LOCAL_CLIENT_PART;
+		!part.REMOTE_CLIENT_PART;
+		!kick.LOCAL_CLIENT_KICK;
+		!kick.REMOTE_CLIENT_KICK;
+	}
+	destination {
+		file "ircd.json.log" { maxsize 250M; type json; }
+	}
+}
 
 /* With "aliases" you can create an alias like /SOMETHING to send a message to
  * some user or bot. They are usually used for services.
@@ -290,43 +348,43 @@ log "ircd.log" {
 include "aliases/anope.conf";
 
 /* Ban nick names so they cannot be used by regular users */
-ban nick {
-	mask "*C*h*a*n*S*e*r*v*";
-	reason "Reserved for Services";
-};
+// ban nick {
+// 	mask "*C*h*a*n*S*e*r*v*";
+// 	reason "Reserved for Services";
+// }
 
 /* Ban ip.
  * Note that you normally use /KLINE, /GLINE and /ZLINE for this.
  */
-ban ip {
-	mask 195.86.232.81;
-	reason "Hate you";
-};
+// ban ip {
+// 	mask 195.86.232.81;
+// 	reason "Hate you";
+// }
 
 /* Ban server - if we see this server linked to someone then we delink */
-ban server {
-	mask eris.berkeley.edu;
-	reason "Get out of here.";
-};
+// ban server {
+// 	mask eris.berkeley.edu;
+// 	reason "Get out of here.";
+// }
 
 /* Ban user - just as an example, you normally use /KLINE or /GLINE for this */
-ban user {
-	mask *tirc@*.saturn.bbn.com;
-	reason "Idiot";
-};
+// ban user {
+// 	mask *tirc@*.saturn.bbn.com;
+// 	reason "Idiot";
+// }
 
 /* Ban realname allows you to ban clients based on their 'real name'
  * or 'gecos' field.
  */
-ban realname {
-	mask "Swat Team";
-	reason "mIRKFORCE";
-};
+// ban realname {
+// 	mask "Swat Team";
+// 	reason "mIRKFORCE";
+// }
 
-ban realname {
-	mask "sub7server";
-	reason "sub7";
-};
+// ban realname {
+// 	mask "sub7server";
+// 	reason "sub7";
+// }
 
 /* Ban and TKL exceptions. Allows you to exempt users / machines from
  * KLINE, GLINE, etc.
@@ -335,84 +393,136 @@ ban realname {
  * even if you accidentally place a *LINE ban on yourself.
  */
 
-/* except ban protects you from KLINE and ZLINE */
-except ban {
-	mask *@192.0.2.1;
-	// you may add more mask entries here..
-};
+/* except ban with type 'all' protects you from GLINE, GZLINE, QLINE, SHUN */
+// except ban {
+// 	mask *@192.0.2.1;
+// 	type all;
+// }
 
-/* except tkl with type 'all' protects you from GLINE, GZLINE, QLINE, SHUN */
-except tkl {
-	mask *@192.0.2.1;
-	type all;
-};
+/* This allows IRCCloud connections in without maxperip restrictions
+ * and also exempt them from connect-flood throttling.
+ */
+except ban {
+	mask *.irccloud.com;
+	type { maxperip; connect-flood; }
+}
 
 /* With deny dcc blocks you can ban filenames for DCC */
-deny dcc {
-	filename "*sub7*";
-	reason "Possible Sub7 Virus";
-};
+// deny dcc {
+// 	filename "*sub7*";
+// 	reason "Possible Sub7 Virus";
+// }
 
 /* deny channel allows you to ban a channel (mask) entirely */
-deny channel {
-	channel "*warez*";
-	reason "Warez is illegal";
-	class "clients";
-};
+// deny channel {
+// 	channel "*warez*";
+// 	reason "Warez is illegal";
+// 	class "clients";
+// }
 
 /* VHosts (Virtual Hosts) allow users to acquire a different host.
  * See https://www.unrealircd.org/docs/Vhost_block
  */
 
 /* Example vhost which you can use. On IRC type: /VHOST test test
- * NOTE: only people with an 'unrealircd.com' host may use it so
- *       be sure to change the vhost::mask before you test.
  */
-vhost {
-	vhost i.hate.microsefrs.com;
-	mask *@unrealircd.com;
-	login "test";
-	password "test";
-};
+// vhost {
+// 	vhost i.hate.microsefrs.com;
+// 	mask *@*;
+// 	login "test";
+// 	password "test";
+// }
+
+/* Blacklist blocks will query an external DNS Blacklist service
+ * whenever a user connects, to see if the IP address is known
+ * to cause drone attacks, is a known hacked machine, etc.
+ * Documentation: https://www.unrealircd.org/docs/Blacklist_block
+ * Or just have a look at the blocks below.
+ */
+
+/* DroneBL, probably the most popular blacklist used by IRC Servers.
+ * See https://dronebl.org/ for their documentation and the
+ * meaning of the reply types. At time of writing we use types:
+ * 3: IRC Drone, 5: Bottler, 6: Unknown spambot or drone,
+ * 7: DDoS Drone, 8: SOCKS Proxy, 9: HTTP Proxy, 10: ProxyChain,
+ * 11: Web Page Proxy, 12: Open DNS Resolver, 13: Brute force attackers,
+ * 14: Open Wingate Proxy, 15: Compromised router / gateway,
+ * 16: Autorooting worms.
+ */
+blacklist dronebl {
+        dns {
+                name dnsbl.dronebl.org;
+                type record;
+                reply { 3; 5; 6; 7; 8; 9; 10; 11; 12; 13; 14; 15; 16; }
+        }
+        action gline;
+        ban-time 24h;
+        reason "Proxy/Drone detected. Check https://dronebl.org/lookup?ip=$ip for details.";
+}
+
+/* EFnetRBL, see https://rbl.efnetrbl.org/ for documentation
+ * and the meaning of the reply types.
+ * At time of writing: 1 is open proxy, 4 is TOR, 5 is drones/flooding.
+ *
+ * NOTE: If you want to permit TOR proxies on your server, then
+ *       you need to remove the '4;' below in the reply section.
+ */
+blacklist efnetrbl {
+        dns {
+                name rbl.efnetrbl.org;
+                type record;
+                reply { 1; 4; 5; }
+        }
+        action gline;
+        ban-time 24h;
+        reason "Proxy/Drone/TOR detected. Check https://rbl.efnetrbl.org/?i=$ip for details.";
+}
 
 /* You can include other configuration files */
 /* include "klines.conf"; */
 
 /* Network configuration */
 set {
-	network-name 		"MYNet";
-	default-server 		"irc.mynet.org";
-	services-server 	"services.mynet.org";
-	stats-server 		"stats.mynet.org";
+	// CHANGE THIS, ALL 4 ITEMS:
+	network-name 		"ExampleNET";
+	default-server 		"irc.example.org";
+	services-server 	"services.example.org";
+	stats-server 		"stats.example.org";
+
+	/* Normal defaults */
 	help-channel 		"#Help";
-	hiddenhost-prefix	"Clk";
+	cloak-prefix		"Clk";
 	prefix-quit 		"Quit";
 
 	/* Cloak keys should be the same at all servers on the network.
 	 * They are used for generating masked hosts and should be kept secret.
-	 * The keys should be 3 random strings of 50-100 characters
+	 * YOU MUST CHANGE THIS!
+	 * The keys should be 3 random strings of 80 characters each (or more).
 	 * and must consist of lowcase (a-z), upcase (A-Z) and digits (0-9).
-	 * HINT: On *NIX, you can run './unrealircd gencloak' in your shell to let
-	 *       UnrealIRCd generate 3 random strings for you.
+	 * On *NIX, you can run './unrealircd gencloak' in your shell to let
+	 * UnrealIRCd generate 3 random strings for you.
+	 * On Windows, you can run "C:\Program Files\UnrealIRCd 6\bin\unrealircdctl" gencloak
 	 */
 	cloak-keys {
-		"aoAr1HnR6gl3sJ7hVz4Zb7x4YwpW";
+		"Oozahho1raezoh0iMee4ohvegaifahv5xaepeitaich9tahdiquaid0geecipahdauVaij3zieph4ahi";
 		"and another one";
 		"and another one";
-	};
-};
+	}
+}
 
 /* Server specific configuration */
-
 set {
-	kline-address "set.this.to.email.address"; /* e-mail or URL shown when a user is banned */
+	// FINALLY, YOU MUST CHANGE THIS NEXT ITEM:
+	kline-address 'set.this.to.email.address'; /* e-mail or URL shown when a user is banned */
+
 	modes-on-connect "+ixw"; /* when users connect, they will get these user modes */
-	modes-on-oper	 "+xwgs"; /* when someone becomes IRCOp they'll get these modes */
+	modes-on-oper "+xws"; /* when someone becomes IRCOp they'll get these modes */
+	modes-on-join "+nt"; /* default channel modes when a new channel is created */
 	oper-auto-join "#opers"; /* IRCOps are auto-joined to this channel */
 	options {
 		hide-ulines; /* hide U-lines in /MAP and /LINKS */
 		show-connect-info; /* show "looking up your hostname" messages on connect */
-	};
+	}
 
 	maxchannelsperuser 10; /* maximum number of channels a user may /JOIN */
 
@@ -427,15 +537,26 @@ set {
 	/* static-part does the same for /PART */
 	/* static-part yes; */
 
-	/* Which /STATS to restrict to opers only. We suggest to leave it to * (ALL) */
-	oper-only-stats "*";
-
-	/* Anti flood protection */
+	/* Flood protection */
 	anti-flood {
-		nick-flood 3:60;	/* 3 nick changes per 60 seconds (the default) */
-		connect-flood 3:60; /* 3 connection attempts per 60 seconds (the default) */
-		away-flood 4:120;	/* 4 times per 2 minutes you may use /AWAY (default) */
-	};
+		/* There are lots of settings for this and most have good defaults.
+		 * See https://www.unrealircd.org/docs/Anti-flood_settings
+		 */
+
+		channel {
+			/* For channel-specific anti-flood settings, see
+			 * https://www.unrealircd.org/docs/Channel_anti-flood_settings
+			 * In UnrealIRCd 6.2.0+ the default is profile "normal".
+			 * Chanops can override this via "MODE #channel +F relaxed"
+			 * or "+F off". If you are afraid of too many false positives
+			 * then you could set this to "relaxed" instead. Note that
+			 * doing so would reduce protection for everyone. Another
+			 * option is to set it here to "off" to disable this default
+			 * channel protection entirely (not recommended).
+			 */
+			default-profile normal;
+		}
+	}
 
 	/* Settings for spam filter */
 	spamfilter {
@@ -443,8 +564,171 @@ set {
 		ban-reason "Spam/Advertising"; /* default reason */
 		virus-help-channel "#help"; /* channel to use for 'viruschan' action */
 		/* except "#help"; channel to exempt from Spamfilter */
-	};
-};
+	}
+
+	/* Restrict certain commands.
+	 * See https://www.unrealircd.org/docs/Set_block#set::restrict-commands
+	 */
+	restrict-commands {
+		list {
+			except {
+				connect-time 60; /* after 60 seconds you can use LIST */
+				identified yes; /* or immediately, if you are identified to services */
+				reputation-score 24; /* or if you have a reputation score of 24 or more */
+			}
+		}
+		invite {
+			except {
+				connect-time 120;
+				identified yes;
+				reputation-score 24;
+			}
+		}
+		/* In addition to the ability to restrict any command,
+		 * such as shown above. There are also 4 special types
+		 * that you can restrict. These are "private-message",
+		 * "private-notice", "channel-message" and "channel-notice".
+		 * They are commented out (disabled) in this example:
+		 */
+		//private-message {
+		//	except { connect-time 10; }
+		//}
+		//private-notice {
+		//	except { connect-time 10; }
+		//}
+	}
+}
+
+/* RECOMMENDED:
+ * Everyone should be using IRC over SSL/TLS on port 6697. However, to use
+ * it properly, you have to get a "real" certificate instead of the
+ * self-signed default certificate that was generated by the installer.
+ * The Let's Encrypt initiative allows you to get a free certificate that is
+ * issued by a trusted Certificate Authority. Instructions are at:
+ * https://www.unrealircd.org/docs/Using_Let's_Encrypt_with_UnrealIRCd
+ *
+ * When you follow that guide you will have a "dual certificate" setup:
+ * set::tls:
+ *   Your trusted CA certificate, served to clients on port 6697.
+ *   (key and certificate change and renew every xx days automatically)
+ * set::server-linking::tls-options
+ *   A long-lived self-signed certificate for server linking, with
+ *   a stable 'spkifp' signature that you use in link blocks.
+ *   This certificate is used automatically in "serversonly" listen blocks
+ *   (port 6900 in this configuration file) and automatically used for all
+ *   link { } blocks.
+ *
+ */
+//set {
+//	tls {
+//		certificate "/etc/letsencrypt/live/irc.example.org/fullchain.pem";
+//		key "/etc/letsencrypt/live/irc.example.org/privkey.pem";
+//	}
+//	server-linking {
+//		tls-options {
+//			certificate "tls/server.cert.pem";
+//			key "tls/server.key.pem";
+//		}
+//	}
+//}
+
+/*
+ * The following will configure connection throttling of "unknown users".
+ *
+ * When UnrealIRCd detects a high number of users connecting from IP addresses
+ * that have not been seen before, then connections from new IP's are rejected
+ * above the set rate. For example at 10:60 only 10 users per minute can connect
+ * that have not been seen before. Known IP addresses can always get in,
+ * regardless of the set rate. Same for users who login using SASL.
+ *
+ * See also https://www.unrealircd.org/docs/Connthrottle for details.
+ * Or just keep reading the default configuration settings below:
+ */
+
+set {
+	connthrottle {
+		/* First we configure which users are exempt from the
+		 * restrictions. These users are always allowed in!
+		 * By default these are users on IP addresses that have
+		 * a score of 24 or higher. A score of 24 means that the
+		 * IP was connected to this network for at least 2 hours
+		 * in the past month (or minimum 1 hour if registered).
+		 * We also allow users who are identified to services via
+		 * SASL to bypass the restrictions.
+		 */
+		except {
+			reputation-score 24;
+			identified yes;
+			/* for more options, see
+			 * https://www.unrealircd.org/docs/Mask_item
+			 */
+		}
+
+		/* New users are all users that do not belong in the
+		 * known-users group. They are considered "new" and in
+		 * case of a high number of such new users connecting
+		 * they are subject to connection rate limiting.
+		 * By default the rate is 20 new local users per minute
+		 * and 30 new global users per minute.
+		 */
+		new-users {
+			local-throttle 20:60;
+			global-throttle 30:60;
+		}
+
+		/* For IPv6 users, on top of 'maxperip' (which limits
+		 * connections per /64), connthrottle also limits how
+		 * many unknown users can be online from wider IPv6
+		 * prefixes (/56, /48, /32). This is an additional
+		 * security measure, separate from the rate-throttle
+		 * above. People in the security-group "known-users"
+		 * bypass this, as well as set::connthrottle::except.
+		 * The defaults below should fit most networks unchanged.
+		 * Uncomment to tune. Set a cidr-xx item to max 0;
+		 * to disable it.
+		 */
+		//ipv6-unknown-users-limit {
+		//	cidr-56 { max 8; }
+		//	cidr-48 { max 32; }
+		//	cidr-32 { max 256; }
+		//}
+
+		/* This configures when this module will NOT be active.
+		 * The default settings will disable the module when:
+		 * - The reputation module has been running for less than
+		 *   a week. If running less than 1 week then there is
+		 *   insufficient data to consider who is a "known user".
+		 * - The server has just been booted up (first 3 minutes).
+		 */
+		disabled-when {
+			reputation-gathering 1w;
+			start-delay 3m;
+		}
+	}
+}
+
+/* CHANNEL HISTORY:
+ * UnrealIRCd has channel mode +H which can be used by users to read back
+ * channel history, such as from before they joined. For general information
+ * on this feature, see https://www.unrealircd.org/docs/Channel_history
+ *
+ * The history limits can be configured via set::history. The defaults are
+ * probably already good for you, but if you are on a low-memory system
+ * or have thousands of channels then you may want to double check. See
+ * https://www.unrealircd.org/docs/Set_block#set::history for the options.
+ *
+ * In addition to that, you can have "persistent channel history", which
+ * means channel history is stored encrypted on disk so it is preserved
+ * between IRC server restarts, see
+ * https://www.unrealircd.org/docs/Set_block#Persistent_channel_history
+ * The persistent history feature is NOT enabled by default because you
+ * need to configure a secret { } block for it. The following is a simple
+ * example with passwords stored directly in the configuration file.
+ * To get better security, read https://www.unrealircd.org/docs/Secret_block
+ * on alternative ways so you don't store passwords directly in the config.
+ */
+//secret historydb { password "somepassword"; }
+//set { history { channel { persist yes; db-secret "historydb"; } } }
 
 /* Finally, you may wish to have a MOTD (Message of the Day), this can be
  * done by creating an 'ircd.motd' text file in your conf/ directory.
@@ -454,7 +738,7 @@ set {
 
 /*
  * Problems or need more help?
- * 1) https://www.unrealircd.org/docs/UnrealIRCd_4_documentation
+ * 1) https://www.unrealircd.org/docs/
  * 2) https://www.unrealircd.org/docs/FAQ <- answers 80% of your questions!
  * 3) If you are still having problems then you can get support:
  *    - Forums: https://forums.unrealircd.org/

doc/conf/examples/example.es.conf

@@ -0,0 +1,659 @@
+/* Archivo de configuración para UnrealIRCd 6
+ *
+ * Simplemente copie este archivo a su directorio conf/, llámelo
+ * 'unrealircd.conf' y revíselo línea por línea (¡edítelo!)
+ *
+ * Importante: Todas las líneas, excepto { y } terminan con ;
+ * Esto es muy importante, si pierde un ; en algún lugar entonces el
+ * el analizador del archivo de configuración se quejará y el archivo no
+ * ser procesado correctamente!
+ * Si esta es tu primera experiencia con una configuración de UnrealIRCd
+ * entonces te recomendamos que leas un poco sobre la sintaxis,
+ * esto solo toma unos minutos y te ayudará mucho:
+ * https://www.unrealircd.org/docs/Configuration#Configuration_file_syntax
+ *
+ * Documentación de UnrealIRCd 6 (¡muy extensa!):
+ * https://www.unrealircd.org/docs/UnrealIRCd_6_documentation
+ *
+ * Preguntas frecuentes:
+ * https://www.unrealircd.org/docs/FAQ
+ *
+ */
+
+/* Esto es un comentario, todo el texto aquí es ignorado (tipo de comentario #1) */
+// Esto también es un comentario, esta línea se ignora (tipo de comentario #2)
+# Esto también es un comentario, nuevamente esta línea se ignora (tipo de comentario #3)
+
+/* UnrealIRCd hace un uso intensivo de los módulos. Los módulos le permiten completamente
+ * personaliza el conjunto de características que deseas habilitar en UnrealIRCd.
+ * Ver: https://www.unrealircd.org/docs/Modules
+ *
+ * Al usar el incluir a continuación, le indicamos al IRCd que lea el archivo
+ * 'modules.default.conf' que cargará más de 150 módulos
+ * enviado con UnrealIRCd. En otras palabras: esto simplemente cargará
+ * todas las funciones disponibles en UnrealIRCd.
+ * Si está configurando UnrealIRCd por primera vez, le sugerimos
+ * utilizar esta. Luego, cuando todo esté funcionando, puedes venir
+ * volver más tarde para personalizar la lista (si lo desea).
+ */
+include "modules.default.conf";
+ 
+/* Ahora incluyamos algunos otros archivos también:
+ * - help/help.conf para nuestro sistema on-IRC /HELPOP
+ * - badwords.conf para canal y modo de usuario +G
+ * - spamfilter.conf como ejemplo para el uso de spamfilter
+ *   (Comentado)
+ * - operclass.default.conf contiene algunas buenas operclasses que
+ * puedes usar en tus bloques operativos.
+ */
+include "help/help.conf";
+include "badwords.conf";
+//include "spamfilter.conf";
+include "operclass.default.conf";
+include "snomasks.default.conf";
+
+/* Cargar el módulo de encubrimiento predeterminado (2021 en adelante): */
+loadmodule "cloak_sha256";
+/* O cargue el módulo antiguo de UnrealIRCd 3.2/4/5 en su lugar: */
+//loadmodule "cloak_md5";
+
+/* Este es el bloque yo { } que básicamente dice quiénes somos.
+ * Define el nombre de nuestro servidor, alguna línea de información y un "sid" único.
+ * La identificación del servidor (sid) debe comenzar con un dígito seguido de dos dígitos o
+ * cartas. El sid debe ser único para su red IRC (cada servidor debe
+ * tener su propio sid).
+ */
+ me {
+	name "irc.example.org";
+	info "ExampleNET Server";
+	sid "001";
+}
+
+/* El bloque admin { } define lo que verán los usuarios si escriben /ADMIN.
+ * Normalmente contiene información sobre cómo contactar con el administrador.
+ */
+admin {
+	"Bob Smith";
+	"bob";
+	"email@example.org";
+}
+
+/* Los clientes y servidores se colocan en bloques de clase { }, los definimos aquí.
+ * Los bloques de clase constan de los siguientes elementos:
+ * - pingfreq: con qué frecuencia hacer ping a un usuario/servidor (en segundos)
+ * - connfreq: con qué frecuencia intentamos conectarnos a este servidor (en segundos)
+ * - sendq: el tamaño máximo de cola para una conexión
+ * - recvq: máxima cola de recepción de una conexión (control de inundación)
+ */
+
+/* Clase de cliente con buenos valores predeterminados */
+class clients
+{
+	pingfreq 90;
+	maxclients 1000;
+	sendq 200k;
+	recvq 8000;
+}
+
+/* Clase especial para IRCOps con límites más altos */
+class opers
+{
+	pingfreq 90;
+	maxclients 50;
+	sendq 1M;
+	recvq 8000;
+}
+
+/* Clase de servidor con buenos valores predeterminados */
+class servers
+{
+	pingfreq 60;
+	connfreq 15; /* intenta conectarte cada 15 segundos */
+	maxclients 10; /* maximo de servidores */
+	sendq 20M;
+}
+
+/* Permitir que los bloques definan qué clientes pueden conectarse a este servidor.
+ * Esto le permite agregar una contraseña de servidor o restringir el servidor a
+ * IP específicas solamente. También configuras las conexiones máximas
+ * permitido por IP aquí.
+ * Ver también: https://www.unrealircd.org/docs/Allow_block
+ */
+
+ /* Permitir el ingreso de todos, pero solo 3 conexiones por IP */
+allow {
+	mask *;
+	class clients;
+	maxperip 3;
+}
+
+/* Los bloques Oper definen sus operadores IRC.
+ * Los operadores de IRC son personas que tienen "derechos adicionales" en comparación con otros,
+ * por ejemplo, pueden /MATAR a otras personas, iniciar la vinculación del servidor,
+ * /ÚNETE a los canales aunque estén prohibidos, etc.
+ *
+ * Para obtener más información sobre cómo convertirse en un IRCOp y cómo ser administrador
+ * tareas, ver: https://www.unrealircd.org/docs/IRCOp_guide
+ *
+ * Para obtener detalles sobre el propio bloque oper { }, consulte
+ * https://www.unrealircd.org/docs/Oper_block
+ */
+ 
+/* Aquí hay un bloque de operación de ejemplo para 'bobsmith'.
+ * ¡DEBES cambiar esto!
+ */
+oper bobsmith {
+	class opers;
+	mask *@*;
+
+	/* Technically you can put oper passwords in plaintext in the conf but
+	 * this is HIGHLY DISCOURAGED. Instead you should generate a password hash:
+	 * On *NIX, run: ./unrealircd mkpasswd
+	 * On Windows, run: "C:\Program Files\UnrealIRCd 6\bin\unrealircdctl" mkpasswd
+	 * .. and then paste the result below:
+	 */
+	password "$argon2id..etc..";
+	/* See https://www.unrealircd.org/docs/Authentication_types for
+	 * more information, including even better authentication types
+	 * such as 'certfp', and how to generate hashes on Windows.
+	 */
+
+	/* Los permisos de operación se definen en un bloque 'operclass'.
+	 * Ver https://www.unrealircd.org/docs/Operclass_block
+	 * UnrealIRCd se envía con una serie de bloques predeterminados, consulte
+	 * el artículo para una lista completa. Elegimos 'netadmin' aquí.
+	 */
+	operclass netadmin;
+	swhois "is a Network Administrator";
+	vhost netadmin.example.org;
+}
+
+/* Los bloques de escucha definen los puertos donde el servidor debe escuchar.
+ * En otras palabras: los puertos que los clientes y servidores pueden usar para
+ * conectarse a este servidor.
+ * 
+ * Sintaxis:
+ * listen {
+ *   ip <ip>;
+ *   port <port>;
+ *   options {
+ *     <options....>;
+ *   }
+ * }
+ */
+
+/* Puerto IRC estándar 6667
+ * Insecure plaintext (NOT for production servers)
+ * This listen block is here only for quick testing.
+ * Delete or comment out this listen block on production servers
+ * and use TLS on port 6697 instead.
+ */
+listen {
+	ip *;
+	port 6667;
+}
+
+/* Puerto IRC estándar 6697 */
+listen {
+	ip *;
+	port 6697;
+	options { tls; }
+}
+
+/* Puerto especial solo para servidores SSL/TLS para vincular */
+listen {
+	ip *;
+	port 6900;
+	options { tls; serversonly; }
+}
+
+/* NOTA: Si está en una shell IRCd con múltiples IP y usa
+ * los bloques de escucha anteriores { } entonces probablemente obtendrás un
+ * Error 'Dirección ya en uso' y el ircd no se iniciará.
+ * Esto significa que DEBE vincularse a una IP específica en lugar de '*' como:
+ * escucha { ip 1.2.3.4; puerto 6667; }
+ * Por supuesto, reemplaza la IP con la IP que te fue asignada.
+ */
+ 
+/*
+ * Los bloques de enlace le permiten vincular varios servidores para formar una red.
+ * Ver https://www.unrealircd.org/docs/Tutorial:_Linking_servers
+ */
+link hub.ejemplo.org
+{
+	incoming {
+		mask *@algo;
+	}
+
+	outgoing {
+		bind-ip *; /* o explícitamente una IP */
+		hostname hub.ejemplo.org;
+		port 6900;
+		options { tls; }
+	}
+
+	/* Usamos la huella digital SPKI del otro servidor para la autenticación.
+	 * Ejecute './unrealircd spkifp' en el otro lado del linkeo para obtenerlo.
+	 * ( Windows: "C:\Program Files\UnrealIRCd 6\bin\unrealircdctl" spkifp )
+	 */
+	password "AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUV=" { spkifp; }
+
+	class servers;
+}
+
+/* El bloque de enlace para servicios suele ser mucho más simple.
+ * Para más información sobre qué son los Servicios,
+ * ver https://www.unrealircd.org/docs/Services
+ */
+link services.ejemplo.org
+{
+	incoming {
+		mask 127.0.0.1;
+	}
+
+	password "cambiameporfavor";
+
+	class servers;
+}
+
+/* Las líneas U dan a otros servidores (incluso) más poder/comandos.
+ * Si usas servicios debes agregarlos aquí.
+ * ¡NUNCA pongas el nombre de un servidor UnrealIRCd aquí!
+ */
+ulines {
+	services.ejemnplo.org;
+}
+
+/* Aquí puede agregar una contraseña para los comandos /DIE y /RESTART exclusivos de IRCOp.
+ * Esto está destinado principalmente a proporcionar un poco de protección contra accidentes
+ * reinicios y muertes del servidor.
+ */
+drpass {
+	restart "restart";
+	die "die";
+}
+ 
+/* El bloque de registro define qué debe registrarse y en qué archivo.
+ * Ver también https://www.unrealircd.org/docs/Log_block
+ */
+ 
+/* Este es un buen valor predeterminado, registra todo excepto
+ * cosas de depuración y unión/parte/kick.
+ */
+log {
+	source {
+		all;
+		!debug;
+		!join.LOCAL_CLIENT_JOIN;
+		!join.REMOTE_CLIENT_JOIN;
+		!part.LOCAL_CLIENT_PART;
+		!part.REMOTE_CLIENT_PART;
+		!kick.LOCAL_CLIENT_KICK;
+		!kick.REMOTE_CLIENT_KICK;
+	}
+	destination {
+		file "ircd.log" { maxsize 100M; }
+	}
+}
+
+/* In addition to regular logging, also add a JSON log file.
+ * This includes lots of information about every event so is great
+ * for auditing purposes and is machine readable. It is, however
+ * less readable for humans.
+ */
+log {
+	source {
+		all;
+		!debug;
+		!join.LOCAL_CLIENT_JOIN;
+		!join.REMOTE_CLIENT_JOIN;
+		!part.LOCAL_CLIENT_PART;
+		!part.REMOTE_CLIENT_PART;
+		!kick.LOCAL_CLIENT_KICK;
+		!kick.REMOTE_CLIENT_KICK;
+	}
+	destination {
+		file "ircd.json.log" { maxsize 250M; type json; }
+	}
+}
+
+/* Con "aliases" puedes crear un alias como /ALGO para enviar un mensaje a
+ * algún usuario o bot. Suelen utilizarse para servicios.
+ *
+ * Tenemos una cantidad de archivos de alias preestablecidos, consulte el directorio alias/.
+ * A modo de ejemplo, aquí incluimos todos los alias utilizados para los servicios de anope.
+ */
+include "aliases/anope.conf";
+
+/* Prohibir los apodos para que no puedan ser utilizados por usuarios regulares */
+ban nick {
+	mask "*C*h*a*n*S*e*r*v*";
+	reason "Reservado para Servicios";
+}
+
+/* Baneo por ip.
+ * Tenga en cuenta que normalmente usa /KLINE, /GLINE y /ZLINE para esto.
+ */
+ban ip {
+	mask 195.86.232.81;
+	reason "Te odio";
+}
+
+/* Baneo del servidor: si vemos que este servidor está vinculado a alguien, lo desvinculamos */
+ban server {
+	mask eris.berkeley.edu;
+	reason "Sal de aquí.";
+}
+
+/* Baneo de usuario: solo como ejemplo, normalmente usa /KLINE o /GLINE para esto */
+ban user {
+	mask *tirc@*.saturn.bbn.com;
+	reason "Idiot";
+}
+
+/* Baneo del nombre real le permite prohibir clientes en función de su 'nombre real'
+ * o campo 'gecos'.
+ */
+ban realname {
+	mask "Equipo Swat";
+	reason "mIRKFORCE";
+}
+
+ban realname {
+	mask "sub7server";
+	reason "sub7";
+}
+
+/* Excepciones de baneo y TKL. Le permite eximir a los usuarios/máquinas de
+ * KLINE, GLINE, etc.
+ * Si es un IRCOp con una IP estática (y no hay personas que no sean de confianza en esa IP)
+ * entonces te sugerimos que te añadas aquí. Así siempre puedes entrar
+ * incluso si accidentalmente colocas una prohibición de *LINE en ti mismo.
+ */
+
+/* excepto el baneo con el tipo 'todos' (all) te proteja de GLINE, GZLINE, QLINE, SHUN */
+except ban {
+	mask *@192.0.2.1;
+	type all;
+}
+
+/* This allows IRCCloud connections in without maxperip restrictions
+ * and also exempt them from connect-flood throttling.
+ */
+except ban {
+	mask *.irccloud.com;
+	type { maxperip; connect-flood; }
+}
+
+/* Con los bloques de denegación de DCC puede prohibir los nombres de archivo para DCC */
+deny dcc {
+	filename "*sub7*";
+	reason "Posible Sub7 Virus";
+}
+ 
+/* denegar canal le permite prohibir un canal (máscara) por completo */
+deny channel {
+	channel "*warez*";
+	reason "Warez es ilegal";
+	class "clients";
+}
+
+/* Los VHosts (hosts virtuales) permiten a los usuarios adquirir un host diferente.
+ * Ver https://www.unrealircd.org/docs/Vhost_block
+ */
+ 
+/* Ejemplo de vhost que puede usar. En el tipo de IRC: prueba de prueba /VHOST
+ * NOTA: solo las personas con un host 'unrealircd.com' pueden usarlo para
+ * asegúrese de cambiar el vhost::mask antes de probar.
+ */
+vhost {
+	vhost odio.microsefrs.com;
+	mask *@unrealircd.com;
+	login "test";
+	password "test";
+}
+
+/* Los bloques de la lista negra consultarán un servicio de lista negra de DNS externo
+ * cada vez que un usuario se conecta, para ver si se conoce la dirección IP
+ * para causar ataques de drones, es una máquina pirateada conocida, etc.
+ * Documentación: https://www.unrealircd.org/docs/Blacklist_block
+ * O simplemente eche un vistazo a los bloques a continuación.
+ */
+ 
+/* DroneBL, probablemente la lista negra más popular utilizada por los servidores IRC.
+ * Ver https://dronebl.org/ para su documentación y el
+ * significado de los tipos de respuesta. Al momento de escribir usamos tipos:
+ * 3: IRC Drone, 5: Embotellador, 6: Spambot o drone desconocido,
+ * 7: Drone DDoS, 8: Proxy SOCKS, 9: Proxy HTTP, 10: ProxyChain,
+ * 11: Proxy de página web, 12: Open DNS Resolver, 13: Atacantes de fuerza bruta,
+ * 14: Proxy Wingate abierto, 15: Enrutador / puerta de enlace comprometidos,
+ * 16: Gusanos autoenraizadores.
+ */
+blacklist dronebl {
+        dns {
+                name dnsbl.dronebl.org;
+                type record;
+                reply { 3; 5; 6; 7; 8; 9; 10; 11; 12; 13; 14; 15; 16; }
+        }
+        action gline;
+        ban-time 24h;
+        reason "Proxy/Drone Detectado. Chequea https://dronebl.org/lookup?ip=$ip para más detalles.";
+}
+
+/* EFnetRBL, consulte https://rbl.efnetrbl.org/ para obtener la documentación
+ * y el significado de los tipos de respuesta.
+ * Al momento de escribir: 1 es proxy abierto, 4 es TOR, 5 es drones/inundaciones.
+ *
+ * NOTA: Si desea permitir proxies TOR en su servidor, entonces
+ * necesita eliminar el '4;' abajo en la sección de respuesta.
+ */
+blacklist efnetrbl {
+        dns {
+                name rbl.efnetrbl.org;
+                type record;
+                reply { 1; 4; 5; }
+        }
+        action gline;
+        ban-time 24h;
+        reason "Proxy/Drone/TOR detected. Check https://rbl.efnetrbl.org/?i=$ip for details.";
+}
+
+/* Puede incluir otros archivos de configuración */
+/* include "klines.conf"; */
+ 
+/* Configuración de la red */
+set {
+	network-name 		"EjemploNET";
+	default-server 		"irc.ejemplo.org";
+	services-server 	"services.ejemplo.org";
+	stats-server 		"stats.ejemplo.org";
+	help-channel 		"#Ayuda";
+	cloak-prefix		"Clk";
+	prefix-quit 		"Quit";
+
+	/* Las claves de ocultación deben ser las mismas en todos los servidores de la red.
+   * Se utilizan para generar hosts enmascarados y deben mantenerse en secreto.
+   * Las claves deben ser 3 cadenas aleatorias de 80 caracteres cada una (o más).
+   * y debe constar de minúsculas (a-z), mayúsculas (A-Z) y dígitos (0-9).
+   * SUGERENCIA: En *NIX, puede ejecutar './unrealircd gencloak' en su shell para dejar
+   * UnrealIRCd genera 3 cadenas aleatorias para ti.
+   * On Windows, you can run "C:\Program Files\UnrealIRCd 6\bin\unrealircdctl" gencloak
+   */  
+	cloak-keys {
+		"Oozahho1raezoh0iMee4ohvegaifahv5xaepeitaich9tahdiquaid0geecipahdauVaij3zieph4ahi";
+		"y otra llave";
+		"y otra llave";
+	}
+}
+
+/* Configuración específica del servidor */
+set {
+	kline-address 'agrega.una.dirección.de.correo-electrónico'; /* correo electrónico o URL que se muestra cuando un usuario está baneado */
+	modes-on-connect "+ixw"; /* cuando los usuarios se conecten, obtendrán estos modos de usuario */
+	modes-on-oper "+xws"; /* cuando alguien se convierte en IRCOp obtendrá estos modos */
+	modes-on-join "+nt"; /* modos de canal predeterminados cuando se crea un nuevo canal */
+	oper-auto-join "#opers"; /* Los IRCOps se unen automáticamente a este canal */
+	options {
+		hide-ulines; /* ocultar líneas U en /MAP y /LINKS */
+		show-connect-info; /* mostrar mensajes de "buscando su nombre de host" al conectarse */
+	}
+
+	maxchannelsperuser 10; /* número máximo de canales que un usuario puede /JOIN */
+
+	/* El tiempo mínimo que un usuario debe estar conectado antes de que se le permita
+	 * use un mensaje SALIR. Con suerte, esto ayudará a detener el spam.
+	 */
+	anti-spam-quit-message-time 10s;
+
+	/* O simplemente establezca una salida estática, lo que significa que se ignora cualquier razón /QUIT */
+	/* static-quit "Salida del cliente"; */
+
+	/* static-part hace lo mismo para /PART */
+	/* static-part yes; */
+
+	/* Protección contra inundaciones:
+	 * Hay muchas configuraciones para esto y la mayoría tiene buenos valores predeterminados.
+	 * Ver https://www.unrealircd.org/docs/Set_block#set::anti-flood
+	 */
+	anti-flood {
+	}
+
+	/* Configuración del filtro de spam */
+	spamfilter {
+		ban-time 1d; /* duración predeterminada de una prohibición de *LINE establecida por spamfilter */
+		ban-reason "Spam/Publicidad"; /* razón por defecto */
+		virus-help-channel "#Ayuda"; /* canal a usar para la acción 'viruschan' */
+		/* except "#Ayuda"; canal para eximir de Spamfilter */
+	}
+
+	/* Restringir ciertos comandos.
+	 * Ver https://www.unrealircd.org/docs/Set_block#set::restrict-commands
+	 */
+	restrict-commands {
+		list {
+			except {
+				connect-time 60;
+				identified yes;
+				reputation-score 24;
+			}
+		}
+		invite {
+			except {
+				connect-time 120;
+				identified yes;
+				reputation-score 24;
+			}
+		}
+		/* Además de la capacidad de restringir cualquier comando,
+		 * como se muestra arriba. También hay 4 tipos especiales.
+		 * que puedes restringir. Estos son "mensajes privados",
+		 * "aviso privado", "mensaje de canal" y "aviso de canal".
+		 * Están comentados (deshabilitados) en este ejemplo:
+		 */
+		//private-message {
+		//	except {
+		//		connect-time 10;
+		//	}
+		//}
+		//private-notice {
+		//	except {
+		//		connect-time 10;
+		//	}
+		//}
+	}
+}
+
+/*
+ * Lo siguiente configurará la limitación de conexión de "usuarios desconocidos".
+ *
+ * Cuando UnrealIRCd detecta una gran cantidad de usuarios que se conectan desde direcciones IP
+ * que no se han visto antes, entonces se rechazan las conexiones de nuevas IP
+ * por encima de la tarifa establecida. Por ejemplo a las 10:60 solo se pueden conectar 10 usuarios por minuto
+ * que no se han visto antes. Las direcciones IP conocidas siempre pueden entrar,
+ * independientemente de la tarifa establecida. Lo mismo para los usuarios que inician sesión con SASL.
+ *
+ * Ver también https://www.unrealircd.org/docs/Connthrottle para más detalles.
+ * O simplemente siga leyendo los ajustes de configuración predeterminados a continuación:
+ */
+set {
+	connthrottle {
+		/* Primero debemos configurar lo que llamamos "usuarios conocidos".
+		 * De forma predeterminada, estos son usuarios en direcciones IP que tienen
+		 * una puntuación de 24 o superior. Una puntuación de 24 significa que el
+		 * La IP estuvo conectada a esta red durante al menos 2 horas
+		 * en el último mes (o mínimo 1 hora si está registrado).
+		 * La opción sasl-bypass es otra configuración. Significa
+		 * que los usuarios que se autentican en los servicios a través de SASL
+		 * también se consideran usuarios conocidos.
+		 * Usuarios en el grupo de "usuarios conocidos" (ya sea por reputación
+		 * o por SASL) siempre están permitidas en este módulo.
+		 */
+		except {
+			reputation-score 24;
+			identified yes;
+		}
+    
+		/* Los nuevos usuarios son todos los usuarios que no pertenecen al
+		 * grupo de usuarios conocidos. Se consideran "nuevos" y en
+		 * caso de un alto número de tales nuevos usuarios que se conectan
+		 * están sujetos a limitación de velocidad de conexión.
+		 * Por defecto la tarifa es de 20 nuevos usuarios locales por minuto
+		 * y 30 nuevos usuarios globales por minuto.
+		 */
+		new-users {
+			local-throttle 20:60;
+			global-throttle 30:60;
+		}
+
+		/* Esto configura cuando este módulo NO estará activo.
+		 * La configuración predeterminada deshabilitará el módulo cuando:
+		 * - El módulo de reputación se ha estado ejecutando durante menos de
+		 *   una semana. Si se ejecuta menos de 1 semana, entonces hay
+		 * datos insuficientes para considerar quién es un "usuario conocido".
+		 * - El servidor acaba de iniciarse (primeros 3 minutos).
+		 */
+		disabled-when {
+			reputation-gathering 1w;
+			start-delay 3m;
+		}
+	}
+}
+
+/* HISTORIAL DE UN CANAL:
+ * UnrealIRCd tiene el modo de canal +H que los usuarios pueden usar para volver a leer
+ * los mensajes del canal, antes de que se unieran. Para información general
+ * en esta función, lee https://www.unrealircd.org/docs/Channel_history
+ *
+ * El historial del canal puede ser configurado vía set::history. Los valores predeterminados
+ * son probablemente buenos para ti, pero si está en un sistema con poca memoria
+ * o tiene miles de canales, entonces es posible que debas volver a verificar. Lee
+ * https://www.unrealircd.org/docs/Set_block#set::history para las opciones.
+ *
+ * Además de eso, puedes tener "persistent channel history", cual
+ * significa que el historial del canal se almacena encriptado en el disco
+ * para que se conserve entre reinicios del servidor IRC, lee
+ * https://www.unrealircd.org/docs/Set_block#Persistent_channel_history
+ * La función de historial persistente NO está habilitada de manera predeterminada 
+ * porque usted necesita configurar un bloque de secreto { } para ello. Un sencillo
+ * ejemplo con contraseñas almacenadas directamente en el archivo de configuración.
+ * Para obtener una mejor seguridad, lee https://www.unrealircd.org/docs/Secret_block
+ * las diferentes alternativas para que no almacenes contraseñas directamente en la configuración.
+ */
+//secret historydb { password "somepassword"; }
+//set { history { channel { persist yes; db-secret "historydb"; } } }
+
+/* Finalmente, es posible que desee tener un MOTD (Mensaje del día), esto puede ser
+ * se hace creando un archivo de texto 'ircd.motd' en su directorio conf/.
+ * Este archivo se mostrará a tus usuarios al conectarse.
+ * Para obtener más información, consulte https://www.unrealircd.org/docs/MOTD_and_Rules
+ */ 
+
+/*
+ * Problemas o necesita más ayuda?
+ * 1) https://www.unrealircd.org/docs/
+ * 2) https://www.unrealircd.org/docs/Main_Page/es <- ¡responde el 80% de tus preguntas!
+ * 3) Si aún tiene problemas, puede obtener soporte:
+ * - Foros: https://forums.unrealircd.org/
+ * - IRC: irc.unrealircd.org (SSL en el puerto 6697) / #unreal-support
+ * ¡Tenga en cuenta que primero le pedimos que lea la documentación y las preguntas frecuentes!
+ */

doc/conf/examples/example.fr.conf

@@ -1,4 +1,4 @@
-/* Fichier de configuration pour UnrealIRCd 4.0
+/* Fichier de configuration pour UnrealIRCd 6
  *
  * Copiez ce fichier dans le répertoire conf/, renommez le
  * 'unrealircd.conf' et parcourez-le ligne par ligne (modifiez le !)
@@ -13,8 +13,8 @@
  * beaucoup :
  * https://www.unrealircd.org/docs/Configuration#Configuration_file_syntax
  *
- * Documentation pour UnrealIRCd 4 (très complète !) :
- * https://www.unrealircd.org/docs/UnrealIRCd_4_documentation/fr
+ * Documentation pour UnrealIRCd 6 (très complète !) :
+ * https://www.unrealircd.org/docs/UnrealIRCd_6_documentation/fr
  *
  * Foire Aux Questions :
  * https://www.unrealircd.org/docs/FAQ
@@ -49,8 +49,14 @@ include "modules.default.conf";
  */
 include "help/help.conf";
 include "badwords.conf";
-include "spamfilter.conf";
+//include "spamfilter.conf";
 include "operclass.default.conf";
+include "snomasks.default.conf";
+
+/* Load the default cloaking module (2021 onwards): */
+loadmodule "cloak_sha256";
+/* Or load the old module from UnrealIRCd 3.2/4/5 instead: */
+//loadmodule "cloak_md5";
 
 /* Le bloc me { } indique qui est le serveur.
  * Il définit le nom du serveur, une ligne d'informations et un identifiant
@@ -59,10 +65,10 @@ include "operclass.default.conf";
  * (chaque serveur doit avoir un sid différent).
  */
 me {
-	name "irc.foonet.com";
-	info "Serveur FooNet";
+	name "irc.example.org";
+	info "Serveur ExampleNET";
 	sid "001";
-};
+}
 
 /* Le bloc admin { } définit ce que les utilisateurs verront en faisant
  * /ADMIN. C'est généralement des infos de contact de l'administrateur.
@@ -70,8 +76,8 @@ me {
 admin {
 	"Bob Smith";
 	"bob";
-	"adresse.email@foonet.com";
-};
+	"adresse.email@example.org";
+}
 
 /* Les clients et serveurs sont placés dans des classes, que nous
  * définissons dans ces blocs class { }.
@@ -92,7 +98,7 @@ class clients
 	maxclients 1000;
 	sendq 200k;
 	recvq 8000;
-};
+}
 
 /* Classe spéciale pour des IRCOps avec des limites plus hautes */
 class opers
@@ -101,7 +107,7 @@ class opers
 	maxclients 50;
 	sendq 1M;
 	recvq 8000;
-};
+}
 
 /* Classe pour des serveurs */
 class servers
@@ -110,7 +116,7 @@ class servers
 	connfreq 15; /* essayer de se connecter toutes les 15 sec */
 	maxclients 10; /* nombre max de serveurs */
 	sendq 5M;
-};
+}
 
 /* Les blocs allow définissent quels clients peuvent se connecter au
  * serveur. Ils vous permettent d'ajouter un mot de passe ou de restreindre
@@ -121,21 +127,21 @@ class servers
 
 /* Accepter tout le monde, mais seulement 5 connexions par IP */
 allow {
-	ip *@*;
+	mask *;
 	class clients;
 	maxperip 5;
-};
+}
 
 /* Exemple de bloc allow spécial pour une IP donnée :
  * Les utilisateurs sur cette IP doivent se connecter avec un mot de passe.
  * S'il est correct, alors autoriser 20 connexions sur cette IP.
  */
 allow {
-	ip *@192.0.2.1;
+	mask 192.0.2.1;
 	class clients;
 	password "unmotdepassesecret";
 	maxperip 20;
-};
+}
 
 /* Les blocs oper définissent vos Opérateurs IRC.
  * Les Opérateurs IRC sont des utilisateurs avec des "droits en plus"
@@ -145,14 +151,25 @@ allow {
  * Voir aussi : https://www.unrealircd.org/docs/Oper_block
  */
 
-/* Voici un exemple de bloc oper pour 'bobsmith' avec le mot de
- * passe 'test'.
+/* Voici un exemple de bloc oper pour 'bobsmith'.
  * Vous DEVEZ le modifier !!
  */
 oper bobsmith {
 	class opers;
 	mask *@*;
-	password "test";
+
+	/* Technically you can put oper passwords in plaintext in the conf but
+	 * this is HIGHLY DISCOURAGED. Instead you should generate a password hash:
+	 * On *NIX, run: ./unrealircd mkpasswd
+	 * On Windows, run: "C:\Program Files\UnrealIRCd 6\bin\unrealircdctl" mkpasswd
+	 * .. and then paste the result below:
+	 */
+	password "$argon2id..etc..";
+	/* See https://www.unrealircd.org/docs/Authentication_types for
+	 * more information, including even better authentication types
+	 * such as 'certfp', and how to generate hashes on Windows.
+	 */
+
 	/* Les permissions Oper sont définies dans un bloc 'operclass'.
 	 * Voir https://www.unrealircd.org/docs/Operclass_block
 	 * UnrealIRCd est fourni avec des classes par défaut, voir la doc
@@ -160,43 +177,47 @@ oper bobsmith {
 	 */
 	operclass netadmin;
 	swhois "est un Administrateur du Réseau";
-	vhost netadmin.mynet.org;
-};
+	vhost netadmin.example.org;
+}
 
 /* Les blocs listen définissent les ports sur lesquels le serveur écoute.
  * C'est-à-dire les ports que les clients et les serveurs utilisent pour
  * se connecter à ce serveur.
  * 
  * Syntaxe :
- * listen
- * { 
+ * listen {
  *   ip <adresse ip>;
  *   port <numéro de port>;
  *   options {
  *     <options....>;
- *   };
- * };
+ *   }
+ * }
  */
 
-/* Port standard pour IRC 6667 */
+/* Port standard pour IRC 6667
+ * Insecure plaintext (NOT for production servers)
+ * This listen block is here only for quick testing.
+ * Delete or comment out this listen block on production servers
+ * and use TLS on port 6697 instead.
+ */
 listen {
 	ip *;
 	port 6667;
-};
+}
 
 /* Port standard pour IRC sur SSL/TLS 6697 */
 listen {
 	ip *;
 	port 6697;
-	options { ssl; };
-};
+	options { tls; }
+}
 
 /* Port SSL/TLS spécial pour la connexion entre serveurs */
 listen {
 	ip *;
 	port 6900;
-	options { ssl; serversonly; };
-};
+	options { tls; serversonly; }
+}
 
 /* NOTE : Si vous utilisez un serveur IRC avec plusieurs IP et que vous
  *        utilisez les blocs listen ci-dessus, vous aurez peut-être une
@@ -212,23 +233,23 @@ listen {
  * pour former un réseau IRC.
  * Voir https://www.unrealircd.org/docs/Tutorial:_Linking_servers
  */
-link hub.mynet.org
+link hub.example.org
 {
 	incoming {
 		mask *@something;
-	};
+	}
 
 	outgoing {
 		bind-ip *; /* ou une IP précise */
-		hostname hub.mynet.org;
+		hostname hub.example.org;
 		port 6900;
-		options { ssl; };
-	};
+		options { tls; }
+	}
 
 	password "00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF"; /* Empreinte SSL de l'autre serveur */
 
 	class servers;
-};
+}
 
 /* Les U-lines donnent encore plus de pouvoir à certains serveurs.
  * Si vous utilisez des Services, vous devez les indiquer ici.
@@ -237,8 +258,8 @@ link hub.mynet.org
  *   https://www.unrealircd.org/docs/Services )
  */
 ulines {
-	services.mynet.org;
-};
+	services.example.org;
+}
 
 /* Ici vous pouvez indiquer un mot de passe pour les commandes /DIE et
  * /RESTART, qui sont restreintes aux IRCops.
@@ -248,27 +269,49 @@ ulines {
 drpass {
 	restart "restart";
 	die "die";
-};
+}
 
 /* Le bloc log indique ce qui doit être journalisé et dans quel fichier.
  * Voir aussi https://www.unrealircd.org/docs/Log_block
  */
 
 /* Ceci est une bonne valeur par défaut, elle journalise presque tout */
-log "ircd.log" {
-	flags {
-		oper;
-		connects;
-		server-connects;
-		kills;
-		errors;
-		sadmin-commands;
-		chg-commands;
-		oper-override;
-		tkl;
-		spamfilter;
-	};
-};
+log {
+	source {
+		all;
+		!debug;
+		!join.LOCAL_CLIENT_JOIN;
+		!join.REMOTE_CLIENT_JOIN;
+		!part.LOCAL_CLIENT_PART;
+		!part.REMOTE_CLIENT_PART;
+		!kick.LOCAL_CLIENT_KICK;
+		!kick.REMOTE_CLIENT_KICK;
+	}
+	destination {
+		file "ircd.log" { maxsize 100M; }
+	}
+}
+
+/* In addition to regular logging, also add a JSON log file.
+ * This includes lots of information about every event so is great
+ * for auditing purposes and is machine readable. It is, however
+ * less readable for humans.
+ */
+log {
+	source {
+		all;
+		!debug;
+		!join.LOCAL_CLIENT_JOIN;
+		!join.REMOTE_CLIENT_JOIN;
+		!part.LOCAL_CLIENT_PART;
+		!part.REMOTE_CLIENT_PART;
+		!kick.LOCAL_CLIENT_KICK;
+		!kick.REMOTE_CLIENT_KICK;
+	}
+	destination {
+		file "ircd.json.log" { maxsize 250M; type json; }
+	}
+}
 
 /* Avec des "alias", vous pouvez créer un alias comme /UNTRUC pour envoyer
  * un message à un utilisateur ou à un bot. Ils sont souvent utilisés pour
@@ -286,7 +329,7 @@ include "aliases/anope.conf";
 ban nick {
 	mask "*C*h*a*n*S*e*r*v*";
 	reason "Réservé aux Services";
-};
+}
 
 /* Bannir une IP.
  * NB : vous pouvez aussi utiliser /KLINE, /GLINE et /ZLINE pour ça.
@@ -294,7 +337,7 @@ ban nick {
 ban ip {
 	mask 195.86.232.81;
 	reason "Je vous hais !";
-};
+}
 
 /* Bannir un serveur - si ce serveur est connecté au réseau, nous nous
  * déconnecterons
@@ -302,7 +345,7 @@ ban ip {
 ban server {
 	mask eris.berkeley.edu;
 	reason "Va-t-en d'ici.";
-};
+}
 
 /* Bannir un utilisateur - juste pour l'exemple, on utilise normalement
  * /KLINE or /GLINE pour ça
@@ -310,18 +353,18 @@ ban server {
 ban user {
 	mask *tirc@*.saturn.bbn.com;
 	reason "Idiot";
-};
+}
 
 /* Bannir un realname (ou 'gecos') */
 ban realname {
 	mask "Swat Team";
 	reason "mIRKFORCE";
-};
+}
 
 ban realname {
 	mask "sub7server";
 	reason "sub7";
-};
+}
 
 /* Exceptions de ban et TKL. Vous permet d'exempter des utilisateurs des 
  * KLINE, GLINE, etc ...
@@ -331,17 +374,19 @@ ban realname {
  * accidentellement.
  */
 
-/* except ban vous protège des KLINE et ZLINE */
+/* except ban avec le type 'all' vous protège des GLINE, GZLINE, QLINE, SHUN */
 except ban {
-	mask *@192.0.2.1;
-	// vous pouvez ajouter d'autres lignes mask à la suite
-};
-
-/* except tkl avec le type 'all' vous protège des GLINE, GZLINE, QLINE, SHUN */
-except tkl {
 	mask *@192.0.2.1;
 	type all;
-};
+}
+
+/* This allows IRCCloud connections in without maxperip restrictions
+ * and also exempt them from connect-flood throttling.
+ */
+except ban {
+	mask *.irccloud.com;
+	type { maxperip; connect-flood; }
+}
 
 /* Avec un bloc deny dcc vous pouvez interdire des noms de fichiers dans
  * les échanges DCC
@@ -349,14 +394,14 @@ except tkl {
 deny dcc {
 	filename "*sub7*";
 	reason "Possible virus Sub7";
-};
+}
 
 /* deny channel vous permet d'interdire des masques de noms de salons */
 deny channel {
 	channel "*warez*";
 	reason "Le warez est illegal";
 	class "clients";
-};
+}
 
 /* Les VHosts (Virtual Hosts - Hôtes Virtuels) permettent aux utilisateurs
  * d'avoir un nom d'hôte différent.
@@ -372,48 +417,94 @@ vhost {
 	mask *@unrealircd.com;
 	login "test";
 	password "test";
-};
+}
+
+/* Les blocs de liste noire interrogeront un service de liste noire DNS externe
+ * chaque fois qu'un utilisateur se connecte, pour voir si l'adresse IP est connue
+ * pour provoquer des attaques de drones, est une machine piratée connue, etc..
+ * Documentation: https://www.unrealircd.org/docs/Blacklist_block
+ * Ou regardez simplement les blocs ci-dessous.
+ */
+
+/* DroneBL, probablement la liste noire la plus populaire utilisée par les serveurs IRC.
+ * Voir https://dronebl.org/ pour leur documentation et les
+ * significations des types de réponse. AAu moment de la rédaction, nous utilisons des types:
+ * 3: IRC Drone, 5: Bottler, 6: Unknown spambot or drone,
+ * 7: DDoS Drone, 8: SOCKS Proxy, 9: HTTP Proxy, 10: ProxyChain,
+ * 11: Web Page Proxy, 12: Open DNS Resolver, 13: Brute force attackers,
+ * 14: Open Wingate Proxy, 15: Compromised router / gateway,
+ * 16: Autorooting worms.
+ */
+blacklist dronebl {
+        dns {
+                name dnsbl.dronebl.org;
+                type record;
+                reply { 3; 5; 6; 7; 8; 9; 10; 11; 12; 13; 14; 15; 16; }
+        }
+        action gline;
+        ban-time 24h;
+        reason "Proxy/Drone detected. Check https://dronebl.org/lookup?ip=$ip for details.";
+}
+
+/* EFnetRBL, voir https://rbl.efnetrbl.org/ pour la documentation
+ * et la signification des types de réponse.
+ * Au moment de la rédaction: 1 is open proxy, 4 is TOR, 5 is drones/flooding.
+ *
+ * REMARQUE: Si vous souhaitez autoriser les proxys TOR sur votre serveur, alors
+ * vous devez supprimer le '4;' ci-dessous dans la section de réponse.
+ */
+blacklist efnetrbl {
+        dns {
+                name rbl.efnetrbl.org;
+                type record;
+                reply { 1; 4; 5; }
+        }
+        action gline;
+        ban-time 24h;
+        reason "Proxy/Drone/TOR detected. Check https://rbl.efnetrbl.org/?i=$ip for details.";
+}
 
 /* Vous pouvez inclure d'autres fichiers de configuration */
 /* include "klines.conf"; */
 
 /* Configuration du réseau */
 set {
-	network-name        "MYNet";
-	default-server      "irc.mynet.org";
-	services-server     "services.mynet.org";
-	stats-server        "stats.mynet.org";
+	network-name        "ExampleNET";
+	default-server      "irc.example.org";
+	services-server     "services.example.org";
+	stats-server        "stats.example.org";
 	help-channel        "#Help";
-	hiddenhost-prefix   "Clk";
+	cloak-prefix        "Clk";
 	prefix-quit         "Quit";
 
 	/* Les clés de cloaking doivent être identiques sur tous les serveurs
 	 * d'un réseau. Elles sont utilisées pour générer les noms d'hôtes
 	 * masqués et doivent être gardées secrètes. Les clés doivent être
-	 * 3 chaînes de 5 à 100 caractères aléatoires (entre 10 et 20 suffisent)
-	 * et ne comporter que des minuscules (a-z), des majuscules (A-Z) et des
-	 * chiffres (0-9). (voir l'exemple)
-	 * NB : sur *NIX, vous pouvez exécuter './unreal gencloak' sur votre
-	 *      serveur pour que Unreal génère 3 clés aléatoires pour vous.
+	 * 3 chaînes de 80 caractères aléatoires et ne comporter que des
+	 * minuscules (a-z), des majuscules (A-Z) et des chiffres (0-9).
+	 * (voir l'exemple)
+	 * NB : sur *NIX, vous pouvez exécuter './unrealircd gencloak' sur votre
+	 *      serveur pour que Unrealircd génère 3 clés aléatoires pour vous.
+	 *      On Windows, use "C:\Program Files\UnrealIRCd 6\bin\unrealircdctl" gencloak
 	 */
 	cloak-keys {
-		"aoAr1HnR6gl3sJ7hVz4Zb7x4YwpW";
+		"Oozahho1raezoh0iMee4ohvegaifahv5xaepeitaich9tahdiquaid0geecipahdauVaij3zieph4ahi";
 		"et une autre";
 		"et une troisième";
-	};
-};
+	}
+}
 
 /* Configuration spécifique au serveur */
 
 set {
-	kline-address "indiquez.une.adresse.email"; /* e-mail ou URL indiquée lorsqu'un utilisateur est banni */
+	kline-address 'indiquez.une.adresse.email'; /* e-mail ou URL indiquée lorsqu'un utilisateur est banni */
 	modes-on-connect "+ixw"; /* modes utilisateur ajoutés lorsqu'un utilisateur se connecte */
-	modes-on-oper    "+xwgs"; /* modes utilisateur ajoutés lorsqu'un utilisateur devient IRCOp */
+	modes-on-oper    "+xws"; /* modes utilisateur ajoutés lorsqu'un utilisateur devient IRCOp */
 	oper-auto-join "#opers"; /* salon que les IRCOps joignent automatiquement */
 	options {
 		hide-ulines; /* cacher les U-lines de /MAP et /LINKS */
 		show-connect-info; /* afficher les messages "looking up your hostname" à la connexion */
-	};
+	}
 
 	maxchannelsperuser 10; /* nombre max de salons par utilisateur */
 
@@ -430,17 +521,11 @@ set {
 	/* static-part fait la même chose pour /PART */
 	/* static-part yes; */
 
-	/* Quelles /STATS sont restreintes aux Opérateurs. Nous vous
-	 * conseillons de laisser '*' (toutes)
+	/* Protections anti-flood.
+	 * Voir: https://www.unrealircd.org/docs/Set_block#set::anti-flood
 	 */
-	oper-only-stats "*";
-
-	/* Protections anti-flood */
 	anti-flood {
-		nick-flood 3:60;    /* 3 changements de nick par 60 secondes */
-		connect-flood 3:60; /* 3 tentatives de connexions par 60 seconds */
-		away-flood 4:120;   /* 4 utilisation de /AWAY par 2 minutes */
-	};
+	}
 
 	/* Paramètres de Spamfilter */
 	spamfilter {
@@ -448,12 +533,132 @@ set {
 		ban-reason "Spam/Publicité"; /* raison par defaut */
 		virus-help-channel "#help"; /* salon par défaut pour l'action 'viruschan' */
 		/* except "#help"; salon à exempter de Spamfilter */
-	};
-};
+	}
+
+	/* Restreindre certaines commandes.
+	 * Voir https://www.unrealircd.org/docs/Set_block#set::restrict-commands
+	 */
+	restrict-commands {
+		list {
+			except {
+				connect-time 60; /* après 60 secondes, vous pouvez utiliser LIST */
+				identified yes; /* ou immédiatement, si vous êtes identifié aux services */
+				reputation-score 24; /* ou si vous avez un score de réputation de 24 ou plus */
+			}
+		}
+		invite {
+			except {
+				connect-time 120;
+				identified yes;
+				reputation-score 24;
+			}
+		}
+		/* En plus de la possibilité de restreindre toute commande,
+		 * tel qu'illustré ci-dessus. Il existe également 4 types spéciaux
+		 * que vous pouvez restreindre. Ceux-ci sont "private-message",
+		 * "private-notice", "channel-message" and "channel-notice".
+		 * Ils sont commentés (désactivés) dans cet exemple :
+		 */
+		//private-message {
+		//	except { connect-time 10; }
+		//}
+		//private-notice {
+		//	except { connect-time 10; }
+		//}
+	}
+
+}
+
+/*
+ * Ce qui suit configurera la limitation de connexion de "unknown users".
+ *
+ * Quand UnrealIRCd détecte un nombre élevé d'utilisateurs se connectant à partir d'adresses IP
+ * qui n'ont pas été vus auparavant, les connexions des nouvelles IP sont rejetées
+ * au-dessus du taux fixé. Par exemple à 10:60 seuls 10 utilisateurs par minute peuvent se connecter
+ * qui n'ont pas été vus auparavant. Les adresses IP connues peuvent toujours entrer,
+ * quel que soit le tarif fixé. Idem pour les utilisateurs qui se connectent avec SASL.
+ *
+ * Voir également https://www.unrealircd.org/docs/Connthrottle pour les détails.
+ * Ou continuez simplement à lire les paramètres de configuration par défaut ci-dessous:
+ */
+
+set {
+	connthrottle {
+		/* Nous configurons d'abord quels utilisateurs sont exemptés de la
+		 * restrictions. Ces utilisateurs sont toujours autorisés!
+		 * Par défaut, ce sont des utilisateurs sur des adresses IP qui ont
+		 * un score de 24 ou plus. Un score de 24 signifie que l'IP 
+		 * était connecté à ce réseauk pendant au moins 2 heures
+		 * au cours du mois passé (ou minimum 1h si inscrit).
+		 * Nous permettons également aux utilisateurs qui sont identifiés aux services via
+		 * SASL contourner les restrictions.
+		 */
+		except {
+			reputation-score 24;
+			identified yes;
+			/* pour plus d'options, voir restrictions
+			 * https://www.unrealircd.org/docs/Mask_item
+			 */
+		}
+
+		/* Les nouveaux utilisateurs sont tous les utilisateurs qui n'appartiennent pas au
+		 * groupe d'utilisateurs connus. Ils sont considérés comme "nouveaux" et dans
+		 * le cas d'un nombre élevé de ces nouveaux utilisateurs se connectant
+		 * ils sont soumis à une limitation du débit de connexion.
+		 * Par défaut, le taux est de 20 nouveaux utilisateurs locaux par minute
+	 	 * et 30 nouveaux utilisateurs global par minute.
+		 */
+		new-users {
+			local-throttle 20:60;
+			global-throttle 30:60;
+		}
+
+		/* Ceci configure quand ce module ne sera PAS actif.
+		 * Les paramètres par défaut désactiveront le module lors que:
+		 * - Le module de réputation fonctionne depuis moins d'une
+		 *   semaine. Si vous courez moins d'une semaine, il y a
+		 * données insuffisantes pour déterminer qui est un "utilisateur connu".
+		 * - Le serveur vient d'être démarré (3 premières minutes).
+		 */
+		disabled-when {
+			reputation-gathering 1w;
+			start-delay 3m;
+		}
+	}
+}
+
+/* HISTORIQUE DES CANAUX:
+ * UnrealIRCd a le mode canal +H qui peut être utilisé par les utilisateurs pour relire
+ * historique de la chaîne, comme avant leur adhésion. Pour des informations générales
+ * sur cette fonctionnalité, voir https://www.unrealircd.org/docs/Channel_history
+ *
+ * Les limites de l'historique peuvent être configurées via set::history. 
+ * Les valeurs par défaut sont probablement déjà bien pour toi, mais si vous êtes sur un
+ * système à faible mémoire ou ayant des milliers de canaux, vous voudrez peut-être re vérifier.
+ * Voir https://www.unrealircd.org/docs/Set_block#set::history pour les options.
+ *
+ * En plus de cela, vous pouvez avoir "persistent channel history", qui
+ * signifie que l'historique des chaînes est stocké crypté sur le disque 
+ * afin qu'il soit préservé entre les redémarrages du serveur IRC, voir
+ * https://www.unrealircd.org/docs/Set_block#Persistent_channel_history
+ * La fonction d'historique persistant n'est PAS activée par défaut car vous
+ * devez de configurer un bloque de secret { }. Ce qui suit est un simple
+ * exemple avec des mots de passe stockés directement dans le fichier de configuration.
+ * Pour une meilleure sécurité, voir https://www.unrealircd.org/docs/Secret_block
+ * sur des moyens alternatifs pour ne pas stocker les mots de passe directement dans la configuration.
+ */
+//secret historydb { password "somepassword"; }
+//set { history { channel { persist yes; db-secret "historydb"; } } }
+
+/* Enfin, vous souhaiterez peut-être avoir un MOTD (Le message du jour), cela peut être
+ * fait en créant un archive de text 'ircd.motd' dans votre répertoire conf/.
+ * Ce fichier sera montré à vos utilisateurs lors de la connexion.
+ * Pour plus d'informations, voir https://www.unrealircd.org/docs/MOTD_and_Rules
+ */
 
 /*
  * Un problème ou besoin d'aide supplémentaire ?
- * 1) https://www.unrealircd.org/docs/UnrealIRCd_4_documentation/fr
+ * 1) https://www.unrealircd.org/docs/
  * 2) https://www.unrealircd.org/docs/FAQ <- répond à 80% des questions !
  * 3) Si vous avez toujours des problèmes, vous pouvez aller sur 
  *    irc.unrealircd.org #unreal-support,

doc/conf/examples/example.pt.conf

@@ -0,0 +1,684 @@
+/* Arquivo de configuração para o UnrealIRCd 6
+ * OBSERVAÇÃO: Este arquivo utiliza a tradução Português do Brasil (pt-br).
+ *
+ * Apenas copie este arquivo para seu diretório conf/ e renomeie-o para 'unrealircd.conf'
+ *
+ * Se você estiver com pressa, pode CTRL+F (localizar) pelo termo ALTERAR ISTO
+ * Os pontos que obrigatoriamente devem ser alterados estão indicados por essas duas palavras.
+ * No entanto, recomendamos que você revise este arquivo linha por linha
+ * e o altere conforme necessário, para que possa ver todos os pontos básicos e seus valores.
+ *
+ * ANTES DE PROSSEGUIR:
+ * Importante: Todas as linhas, exceto { e } terminam com ;
+ * Isto é muito importante, visto que se você esquecer um ; em algum lugar,
+ * a checagem do arquivo de configuração irá criticar e o arquivo não será processado!
+ * Se esta é sua primeira experiência com o arquivo de configuração do UnrealIRCd
+ * então nós recomendamos fortemente que você se dedique um pouco para ler sobre a sintaxe,
+ * isto levará apenas alguns minutos e o ajudará consideravelmente:
+ * https://www.unrealircd.org/docs/Configuration#Configuration_file_syntax
+ *
+ * Documentação completa do UnrealIRCd 6 (bem extensa!):
+ * https://www.unrealircd.org/docs/UnrealIRCd_6_documentation
+ *
+ * Questões Frequentes:
+ * https://www.unrealircd.org/docs/FAQ
+ */
+
+/* Este é um comentário, todo o texto aqui será ignorado (comentário de tipo #1) */
+// Este também é um comentário, e esta linha será ignorada (comentário de tipo #2)
+# Este também é um comentário, e novamente esta linha será ignorada (comentário de tipo #3)
+
+/* O UnrealIRCd faz um intenso uso dos Módulos, que permitem que você personalize completamente
+ * o conjunto de recursos que você deseja habilitar no UnrealIRCd.
+ * Veja: https://www.unrealircd.org/docs/Modules
+ *
+ * Utilizando o include abaixo, nós instruímos o IRCd a ler o arquivo
+ * 'modules.default.conf' que carregará mais de 150 módulos
+ * que vem com o UnrealIRCd. Em outras palavras: Isso simplesmente irá carregar
+ * todos os recursos disponíveis no UnrealIRCd.
+ * Se você está configurando o UnrealIRCd pela primeira vez, nós sugerimos que você
+ * o use. Então, quando tudo estiver configurado e rodando, você poderá retornar
+ * e personalizar a lista (se você desejar).
+ */
+include "modules.default.conf";
+
+/* Agora vamos incluir alguns outros arquivos de configuração também:
+ * - help/help.conf para nosso sistema de ajuda /HELPOP
+ * - badwords.conf para os modos de usuário e canal +G
+ * - spamfilter.conf como um exemplo para filtragem de spam
+ *   (comentado)
+ * - operclass.default.conf contém algumas boas classes de operadores que
+ *   você pode usar em seus blocos de operadores.
+ */
+include "help/help.conf";
+include "badwords.conf";
+//include "spamfilter.conf";
+include "operclass.default.conf";
+include "snomasks.default.conf";
+
+/* Carrega por padrão o módulo de cloaking em SHA256 (implementado em 2021): */
+loadmodule "cloak_sha256";
+/* Ou carrega o antigo módulo de clocking em MD5 que veio do UnrealIRCd 3.2/4/5: */
+//loadmodule "cloak_md5";
+
+// ALTERAR ISTO (o 'name' e 'info')
+/* Este é o bloco me { } que basicamente diz quem somos.
+ * Ele define o nome do nosso servidor, algumas linhas informativas e um "sid" único.
+ * O id do servidor (sid) precisa iniciar com um dígito numérico seguido por dois dígitos numéricos 
+ * ou alfanuméricos de A à Z. O sid precisa ser único para a sua rede de IRC (cada servidor
+ * deve ter seu próprio sid). É comum utilizar 001 para seu primeiro servidor.
+ */
+me {
+	name "irc.exemplo.org";
+	info "Servidor ExemploNET";
+	sid "001";
+}
+// ALTERAR ISTO:
+/* O bloco admin { } define quem os usuário verão quando eles digitarem /ADMIN.
+ * Normalmente contém infomações de como eles podem contatar o administrador.
+ */
+admin {
+	"Bob Smith";
+	"bob";
+	"email@exemplo.org";
+}
+
+/* Clientes e servidores são colocados no bloco class { }, e os definimos aqui.
+ * Blocos Class consistem nos seguintes itens:
+ * - pingfreq: com que frequência será efetuado ping em um usuário / servidor (em segundos)
+ * - connfreq: quantas vezes tentamos nos conectar a este servidor (em segundos)
+ * - sendq: o tamanho máximo da fila para uma conexão
+ * - recvq: o recebimento máximo da fila para uma conexão (controle de flood)
+ */
+
+/* Classe Client padrão, com valores de limites aceitáveis */
+class clients
+{
+	pingfreq 90;
+	maxclients 1000;
+	sendq 200k;
+	recvq 8000;
+}
+
+/* Uma classe Especial para IRCOps com valores de limites mais altos */
+class opers
+{
+	pingfreq 90;
+	maxclients 50;
+	sendq 1M;
+	recvq 8000;
+}
+
+/* Classe Server padrão, com valores de limites aceitáveis */
+class servers
+{
+	pingfreq 60;
+	connfreq 15; /* tenta se conectar a cada 15 segundos */
+	maxclients 10; /* máximo de servidores */
+	sendq 20M;
+}
+
+/* Blocos allow definem quais classe clients podem se conectar a este servidor.
+ * Isto permite que você adicione uma senha ao servidor ou restrinja o acesso ao servidor
+ * apenas por IPs específicos. Você também pode configurar o máximo de conexões
+ * permitidas por IP.
+ * Veja também: https://www.unrealircd.org/docs/Allow_block
+ */
+
+/* Permite todos entrarem, mas apenas 3 conexões simultâneas por IP */
+allow {
+	mask *;
+	class clients;
+	maxperip 3;
+}
+
+/* Exemplo de um bloco especial allow em um IP específico:
+ * Requer que usuários neste IP conectem por uma senha. Se a senha
+ * estiver correta, então permite 20 conexões simultâneas deste IP.
+ */
+//allow {
+//	mask 192.0.2.1;
+//	class clients;
+//	password "alguma_senha_secreta";
+//	maxperip 20;
+//}
+
+/* Blocos oper definem os Operadores de IRC.
+ * Operadores de IRC são pessoas com "privilégios extras" comparado a outros,
+ * eles podem por exemplo dar /KILL (derrubar) outras pessoas, iniciar uma conexão com server,
+ * dar /JOIN (entrar) em canais ainda que eles estejam banidos, etc.
+ *
+ * Para mais informações sobre como se tornar um IRCOp e como executar
+ * tarefas administrativas, veja: https://www.unrealircd.org/docs/IRCOp_guide
+ *
+ * Para obter mais detalhes sobre o bloco oper { } , veja
+ * https://www.unrealircd.org/docs/Oper_block
+ */
+
+/* Aqui está um exemplo de um bloco oper para o 'bobsmith'
+ * VOCÊ DEVE ALTERAR ISTO!! (o nome do operador e a senha)
+ */
+oper bobsmith {
+	class opers;
+	mask *@*;
+
+	/* Tecnicamente você pode deixar as senhas de oper em texto puro no arquivo de configuração, mas
+	 * isto é ALTAMENTE DESENCORAJADO. No lugar disso, você deve gerar uma senha hasheada:
+	 * No *NIX, execute: ./unrealircd mkpasswd
+	 * No Windows, execute: "C:\Program Files\UnrealIRCd 6\bin\unrealircdctl" mkpasswd
+	 * ... e então cole a senha no campo abaixo:
+	 */
+	password "$argon2id..etc..";
+	/* Veja https://www.unrealircd.org/docs/Authentication_types para
+	 * mais informações, incluindo formas melhores de autenticação
+	 * como por exemplo o 'certfp', e como gerar hashes no Windows.
+	 */
+
+	/* Permissões de oper são definidos no bloco 'operclass'.
+	 * Veja https://www.unrealircd.org/docs/Operclass_block
+	 * O UnrealIRCd vem com um número padrão de blocos, leia
+	 * o artigo acima para ver a lista completa. Nós escolhemos o 'netadmin' aqui.
+	 */
+	operclass netadmin;
+	swhois "é o Administrador da Rede";
+	vhost netadmin.exemplo.org;
+}
+
+/* Blocos listen definem as portas onde o servidor irá escutar.
+ * Em outras palavras: as portas que os clientes e servidores podem usar
+ * para se conectar a este servidor.
+ * 
+ * Sintaxe:
+ * listen {
+ *   ip <ip>;
+ *   port <port>;
+ *   options {
+ *     <options....>;
+ *   }
+ * }
+ */
+
+/* Porta padrão 6667 do IRC
+ * Insecure plaintext (NOT for production servers)
+ * This listen block is here only for quick testing.
+ * Delete or comment out this listen block on production servers
+ * and use TLS on port 6697 instead.
+ */
+listen {
+	ip *;
+	port 6667;
+}
+
+/* Porta padrão 6697 do IRC sob tunel SSL/TLS */
+listen {
+	ip *;
+	port 6697;
+	options { tls; }
+}
+
+/* Porta especial padrão para uso de servidores sob tunel SSL/TLS para vincular a outros servidores */
+listen {
+	ip *;
+	port 6900;
+	options { tls; serversonly; }
+}
+
+/* OBSERVAÇÃO: Se você está em uma shell IRCd com múltiplos IPs e você usa
+ *       os blocos listen { } acima, então você provavelmente receberá o erro
+ *       'Address already in use' e o IRCd não iniciará.
+ *       Isto significa que você DEVE colocar em escuta um IP específico no lugar do '*', como por exemplo:
+ *       listen { ip 1.2.3.4; port 6667; }
+ *       Claro, substituindo o IP pelo IP que foi fornecido a você.
+ */
+
+/*
+ * Blocos link permitem que você vincule múltiplos servidores uns aos outros para formar uma rede.
+ * Veja https://www.unrealircd.org/docs/Tutorial:_Linking_servers
+ */
+//link hub.exemplo.org
+//{
+//	incoming {
+//		mask *@alguma_coisa;
+//	}
+//
+//	outgoing {
+//		bind-ip *; /* ou especificar um IP */
+//		hostname hub.exemplo.org;
+//		port 6900;
+//		options { tls; }
+//	}
+//
+//	/* Nós usamos a impressão digital SPKI do outro servidor para autenticação.
+//	 * Abra uma shell no OUTRO SERVIDOR e execute o comando abaixo para obter a impressão digital:
+//	 * No *NIX, execute: ./unrealircd spkifp
+//	 * No Windows, execute: "C:\Program Files\UnrealIRCd 6\bin\unrealircdctl" spkifp
+//	 */
+//	password "AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUV=" { spkifp; }
+//
+//	class servers;
+//}
+
+/* O Bloco link para o services é muito mais simples.
+ * Para mais informações sobre o que são o Services,
+ * leia https://www.unrealircd.org/docs/Services
+ */
+//link services.exemplo.org
+//{
+//	incoming {
+//		mask 127.0.0.1;
+//	}
+//
+//	password "me_altere_por_favor";
+//
+//	class servers;
+//}
+
+/* U-lines dão a outros servidores (ainda) mais poderes/comandos.
+ * Se você usa o services, você DEVE adicioná-los aqui. Você deve adicionar o
+ * nome do servidor do services no bloco ulines { } no arquivo de configuração
+ * em todo servidor UnrealIRCd da sua rede.
+ * IMPORTANTE: Jamais insira o nome do servidor do UnrealIRCd aqui,
+ * é apenas para o Services!
+ */
+//ulines {
+//	services.exemplo.org;
+//}
+
+/* Aqui você pode adicionar uma senha (apenas para IRCOps) para os comandos /DIE e /RESTART.
+ * Isto para que se tenha uma pouco mais de proteção contra reinicio acidental
+ * do servidor e ele seja derrubado inadvertidante.
+ */
+drpass {
+	restart "reiniciar";
+	die "matar";
+}
+
+/* O bloco log define o que deve ser registrado (logado) e em qual arquivo.
+ * Leia também https://www.unrealircd.org/docs/Log_block
+ */
+
+/* Este é um bom padrão, ele registra tudo, exceto
+ * coisas de depuração e comandos join/part/kick.
+ */
+log {
+	source {
+		all;
+		!debug;
+		!join.LOCAL_CLIENT_JOIN;
+		!join.REMOTE_CLIENT_JOIN;
+		!part.LOCAL_CLIENT_PART;
+		!part.REMOTE_CLIENT_PART;
+		!kick.LOCAL_CLIENT_KICK;
+		!kick.REMOTE_CLIENT_KICK;
+	}
+	destination {
+		file "ircd.log" { maxsize 100M; }
+	}
+}
+
+/* Além do log regular, também adicionamos um arquivo de log em JSON.
+ * Isso inclui muitas informações sobre cada evento, sendo ótimo  
+ * para fins de auditoria e legível por máquinas. No entanto,  
+ * é menos legível para humanos.
+ */  
+log {
+	source {
+		all;
+		!debug;
+		!join.LOCAL_CLIENT_JOIN;
+		!join.REMOTE_CLIENT_JOIN;
+		!part.LOCAL_CLIENT_PART;
+		!part.REMOTE_CLIENT_PART;
+		!kick.LOCAL_CLIENT_KICK;
+		!kick.REMOTE_CLIENT_KICK;
+	}
+	destination {
+		file "ircd.json.log" { maxsize 250M; type json; }
+	}
+}
+
+/* Com o "aliases" você pode criar um atalho como /ALGUMACOISA para enviar uma mensagem para
+ * algum usuário ou bot. Eles são usados normalmente por services.
+ *
+ * Nós temos um arquivo com um número pré-definido de atalhos, confira o diretório alias/ .
+ * Como exemplo, aqui nós incluímos todos os atalhos utilizados pelo services anope.
+ */
+include "aliases/anope.conf";
+
+/* Bane nicks para que eles não sejam utilizados por usuários comuns */
+//ban nick {
+//	mask "*C*h*a*n*S*e*r*v*";
+//	reason "Reservado para Services";
+//}
+
+/* Bane um IP
+ * Observe que você normalmente usa /KLINE, /GLINE e /ZLINE para isto.
+ */
+//ban ip {
+//	mask 195.86.232.81;
+//	reason "Te odeio";
+//}
+
+/* Bane um servidor - se observarmos este servidor vinculado a alguém, então o expulsaremos */
+//ban server {
+//	mask pedro.usp.br;
+//	reason "Caia fora daqui.";
+//}
+
+/* Bane um usuário - mas você normalmente usa /KLINE ou /GLINE para isso */
+//ban user {
+//	mask *usuariotroll@*.saturn.bbn.com;
+//	reason "Idiota";
+//}
+
+/* Este tipo de banimento permite que clientes sejam banidos com base no seu nome real (realname)
+ * ou campo 'gecos'.
+ */
+//ban realname {
+//	mask "Time Swat";
+//	reason "FORCAOSTENSIVA";
+//}
+
+//ban realname {
+//	mask "sub7server";
+//	reason "sub7";
+//}
+
+/* Exceções de banimento e TKL. Permite que você crie exceções a usuários/IPs a um
+ * KLINE, GLINE, etc.
+ * Se você é um IRCOp com IP estático (e não há ninguém não confiável utilizando este IP),
+ * então nós sugerimos que você seja adicionado aqui. Desta forma, você sempre poderá entrar
+ * mesmo se acidentalmente você colocar um *LINE em si mesmo.
+ */
+
+/* Exceções de banimento de tipo 'all' protegem você de GLINE, GZLINE, QLINE, SHUN */
+//except ban {
+//	mask *@192.0.2.1;
+//	type all;
+//}
+
+/* Isto permite que clientes do IRCCloud não tenham restrição de IP por conexão
+ * e também cria exceção a eles de flood por conexão.
+ */
+except ban {
+	mask *.irccloud.com;
+	type { maxperip; connect-flood; }
+}
+
+/* deny dcc permite você possa banir nomes de arquivos transferidos por DCC */
+//deny dcc {
+//	filename "*sub7*";
+//	reason "Possível Virus Sub7";
+//}
+
+/* deny channel permite a você banir um canal (por máscara) */
+//deny channel {
+//	channel "*warez*";
+//	reason "Warez é ilegal";
+//	class "clients";
+//}
+
+/* VHosts (Hosts Virtuais) permite aos usuários adquirirem um vhost diferente.
+ * Veja https://www.unrealircd.org/docs/Vhost_block
+ */
+
+/* Exemplo de vhost que você pode usar. No IRC digite: /VHOST teste teste
+ * OBSERVAÇÃO: apenas pessoas com o host 'unrealircd.com' podem usá-lo, então
+ *       tenha certeza de modificar o vhost::mask antes de seu teste.
+ */
+//vhost {
+//	vhost eu.odeio.microsefrs.com;
+//	mask *@unrealircd.com;
+//	login "teste";
+//	password "teste";
+//}
+
+/* Blocos blacklist irão consultar um serviço externo de blacklist
+ * sempre que um usuário se conectar, para saber se seu endereço de IP é conhecido
+ * por ataques de drone, como uma máquina hackeada, etc.
+ * Documentação: https://www.unrealircd.org/docs/Blacklist_block
+ * Ou apenas dê uma olhada nos blocos abaixo.
+ */
+
+/* DroneBL é provavelmente o serviço de blacklist mais popular usada por servidores de IRC.
+ * Veja https://dronebl.org/ para ler a documentação e
+ * o significado dos tipos de resposta. No momento em que este arquivo foi escrito, nós usamos os tipos:
+ * 3: IRC Drone, 5: Flooder, 6: Drone ou bot de spam desconhecido,
+ * 7: Drone de DDoS, 8: Proxy SOCKS, 9: Proxy HTTP, 10: ProxyChain,
+ * 11: Proxy de página web, 12: Resolvedor de DNS aberto, 13: Atacantes de força bruta,
+ * 14: Proxy Wingate público, 15: Roteador/Gateway comprometido,
+ * 16: Virus que tentam conseguir root.
+ */
+blacklist dronebl {
+        dns {
+                name dnsbl.dronebl.org;
+                type record;
+                reply { 3; 5; 6; 7; 8; 9; 10; 11; 12; 13; 14; 15; 16; }
+        }
+        action gline;
+        ban-time 24h;
+        reason "Proxy/Drone detectado. Confira https://dronebl.org/lookup?ip=$ip para detalhes.";
+}
+
+/* EFnetRBL, veja https://rbl.efnetrbl.org/ para ler a documentação
+ * e o significado dos tipos de resposta.
+ * No momento em que este arquivo foi escrito: 1 é proxy público, 4 é TOR, 5 é drones/flooders.
+ *
+ * OBSERVAÇÃO: Se você deseja permitir proxies TOR no seu servidor, então
+ *             você precisa remover o '4;' abaixo da seção reply.
+ */
+blacklist efnetrbl {
+        dns {
+                name rbl.efnetrbl.org;
+                type record;
+                reply { 1; 4; 5; }
+        }
+        action gline;
+        ban-time 24h;
+        reason "Proxy/Drone/TOR detectado. Confira https://rbl.efnetrbl.org/?i=$ip para detalhes.";
+}
+
+/* Você pode incluir outros arquivos de configuração */
+/* include "klines.conf"; */
+
+/* Configuração da Rede */
+set {
+	// ALTERAR ISTO, todos os 4 itens abaixo
+	network-name 		"ExemploNET";
+	default-server 		"irc.exemplo.org";
+	services-server 	"services.exemplo.org";
+	stats-server 		"stats.exemplo.org";
+
+	/* Valores Padrão */
+	help-channel 		"#ajuda";
+	cloak-prefix		"Clk";
+	prefix-quit 		"Saindo";
+
+	/* Chaves cloak devem ser a mesma em todos os servidores da rede.
+	 * Eles são usados para geração de hosts mascarados e devem ser mantidos em segredo.
+	 * VOCÊ PRECISA ALTERAR ISTO!
+	 * As chaves devem ser 3 strings (ou mais) de 80 caracteres randômicos
+	 * e devem se constituir de letras minúsculas (a-z), maiúsculas (A-Z) e números (0-9).
+	 * No *NIX, você pode executar './unrealircd gencloak' na sua shell para que o
+	 * UnrealIRCd gere 3 strings randômicas para você.
+	 * No Windows, você pode executar "C:\Program Files\UnrealIRCd 6\bin\unrealircdctl" gencloak
+	 */
+	cloak-keys {
+		"Oozahho1raezoh0iMee4ohvegaifahv5xaepeitaich9tahdiquaid0geecipahdauVaij3zieph4ahi";
+		"adicione a outra";
+		"adicione a outra";
+	}
+}
+
+/* Configurações específicas do servidor */
+set {
+	// POR ÚLTIMO, VOCÊ PRECISA ALTERAR ISTO:
+	kline-address 'definir.seu.endereco.de.email'; /* e-mail ou URL exibido quando um usuário é banido */
+	
+	modes-on-connect "+ixw"; /* quando os usuários conectam, esses modos de usuário é atribuído a eles */
+	modes-on-oper "+xws"; /* quado alguém se torna IRCOp, esses modos de usuário é atribuído a ele */
+	modes-on-join "+nt"; /* modos de canal padrão, quando um novo canal é criado */
+	oper-auto-join "#opers"; /* IRCOps entram automaticamente neste canal */
+	options {
+		hide-ulines; /* esconde U-lines do /MAP e /LINKS */
+		show-connect-info; /* exibe a mensagem "looking up your hostname" ao se conectar */
+	}
+
+	maxchannelsperuser 10; /* número máximo de canais que um usuário pode entrar com /JOIN */
+
+	/* O tempo mínimo que um usuário precisa estar conectado antes de ser permitido
+	 * utilizar a mensagem de QUIT. Isto irá ajudar no combate a SPAM.
+	 */
+	anti-spam-quit-message-time 10s;
+
+	/* Ou simplesmente defina um quit estático, de forma que qualquer motivo de /QUIT seja ignorado */
+	/* static-quit "Cliente saindo";	*/
+
+	/* static-part faz com que o mesmo acima aconteça ao comando /PART */
+	/* static-part yes; */
+
+	/* Proteção contra Flood:
+	 * Há uma série de configurações para isso, e a maioria delas tem bons padrões.
+	 * Veja https://www.unrealircd.org/docs/Set_block#set::anti-flood
+	 */
+	anti-flood {
+	}
+
+	/* Configurações para filtragem de SPAM */
+	spamfilter {
+		ban-time 1d; /* duração padrão de um ban *LINE definido pelo filtro de spam */
+		ban-reason "Spam/Propaganda"; /* motivo padrão */
+		virus-help-channel "#help"; /* canal utilizado para usar em uma ação de 'virus de canal' */
+		/* except "#help"; exceção de canal ao filtro de spam */
+	}
+
+	/* Restringindo certos comandos
+	 * Veja https://www.unrealircd.org/docs/Set_block#set::restrict-commands
+	 */
+	restrict-commands {
+		list {
+			except {
+				connect-time 60; /* após 60 segundos, o usuário pode usar o comando /LIST */
+				identified yes; /* ou imediatamente, se estiver identificado ao services */
+				reputation-score 24; /* ou se tiver um score de reputação maior ou igual a 24 */
+			}
+		}
+		invite {
+			except {
+				connect-time 120;
+				identified yes;
+				reputation-score 24;
+			}
+		}
+		/* Somando a possibilidade de restringir qualquer comando,
+		 * também existem 4 tipos especiais
+		 * que você pode restringir. Eles são "private-message",
+		 * "private-notice", "channel-message" e "channel-notice".
+		 * Eles estão todos comentados neste exemplo:
+		 */
+		//private-message {
+		//	except { connect-time 10; }
+		//}
+		//private-notice {
+		//	except { connect-time 10; }
+		//}
+	}
+}
+
+/*
+ * A seguir será configurado o limite de conexão para "unknown users".
+ *
+ * Quando o UnrealIRCd detecta um número elevado de usuários conectando de um endereço IP
+ * que nunca viu antes, então conexões do novo IP são rejeitadas quando estiverem
+ * acima da taxa abaixo especificada. Por exemplo, na taxa 10:60 apenas 10 usuários por minuto podem conectar
+ * por este IP que nunca foi visto antes. Endereços de IP conhecidos sempre podem entrar,
+ * independente da taxa definida. O mesmo para usuários que se conectam via SASL.
+ *
+ * Leia também https://www.unrealircd.org/docs/Connthrottle para detalhes.
+ * Ou apenas continue lendo a configuração abaixo:
+ */
+
+set {
+	connthrottle {
+		/* Primeiro nós configuramos quais usuários serão excluídos
+		 * das restrições. Estes usuários sempre conseguirão acessar.
+		 * Por padrão, entra como exceção usuários identificados com o services
+		 * com um score igual ou maior a 24. Um score 24 significa que
+		 * este IP foi conectado a esta rede por pelo menos 2 horas em algum momento
+		 * no mês passado (ou no mínimo por 1 hora se registrado).
+		 * Nós também permitimos usuários que se identificaram através do services via
+		 * SASL para passar por cima destas restrições.
+		 */
+		except {
+			reputation-score 24;
+			identified yes;
+			/* Para mais informações, leia
+			 * https://www.unrealircd.org/docs/Mask_item
+			 */
+		}
+
+		/* Novos usuários são todos os usuários que não pertencem
+		 * ao grupo known-users. Eles são considerados "novos" e no
+		 * caso de um número elevado de novos usuários se conectando,
+		 * eles serão sujeiros ao limite de taxa de conexão.
+		 * Por padrão a taxa é 20 novos usuários locais por minuto
+		 * e 30 novos usuários globais por minuto.
+		 */
+		new-users {
+			local-throttle 20:60;
+			global-throttle 30:60;
+		}
+
+		/* Esta seção configura quando este módulo não será ativado.
+		 * As configurações padrão desabilitarão o módulo quando:
+		 * - O módulo reputation esteja em execução a menos de
+		 *   uma semana. Se estiver rodando há menos de 1 semana, então ainda temos
+		 *   dados insuficientes para considerar quem é um "known user" (usuário conhecido).
+		 * - O servidor acabou de ser inicializado (primeiros 3 minutos).
+		 */
+		disabled-when {
+			reputation-gathering 1w;
+			start-delay 3m;
+		}
+	}
+}
+
+/* HISTÓRICO DE CANAL:
+ * UnrealIRCd possui modo de canal +H que pode ser usado pelos usuários para recuperar
+ * o histórico do canal antes deles terem entrado. Para informações gerais
+ * sobre esta funcionalidade, leia https://www.unrealircd.org/docs/Channel_history
+ *
+ * Os limites do histórico podem ser configurados pelo set::history. Os padrões são
+ * provavelmente bons para você, mas se você estiver em um sistema com pouca memória
+ * ou tem centenas de canais, então você pode querer verificar esses padrões novamente. Leia
+ * https://www.unrealircd.org/docs/Set_block#set::history
+ * para ver as opções disponíveis.
+ *
+ * Além disso, você pode definir um "histórico de canal persistente", o que
+ * significa que o histórico do canal é armazenado de modo criptografado no disco e é preservado
+ * entre os reinícios do servidor. Leia
+ * https://www.unrealircd.org/docs/Set_block#Persistent_channel_history
+ * A funcionalidade de histórico persistente NÃO é habilitado por padrão porque você
+ * precisa configurar o Bloco secret { } para ele antes. A seguir um exemplo simples
+ * de senhas armazenadas diretamente no arquivo de configuração:
+ * Para obter uma melhor segurança, leia https://www.unrealircd.org/docs/Secret_block
+ * como formas alternativas para não armazenar senhas diretamente no arquivo de configuração.
+ */
+//secret historydb { password "algumasenha"; }
+//set { history { channel { persist yes; db-secret "historydb"; } } }
+
+/* Finalmente, você pode querer ter um MOTD (Mensagem do Dia), isto pode ser
+ * feito criando um arquivo de texto 'ircd.motd' no seu diretório conf/ .
+ * O texto dentro deste arquivo será exibido aos usuários ao se conectarem.
+ * Para mais informações, veja https://www.unrealircd.org/docs/MOTD_and_Rules
+ */
+
+/*
+ * Problemas ou precisa de ajuda?
+ * 1) https://www.unrealircd.org/docs/
+ * 2) https://www.unrealircd.org/docs/FAQ <- responde a 80% das suas perguntas!
+ * 3) Se ainda assim você está enfrentando problemas, você pode obter ajuda em:
+ *    - Fóruns: https://forums.unrealircd.org/
+ *    - IRC: irc.unrealircd.org (SSL na porta 6697) / #unreal-support
+ *    Observe que pedimos que você leia a documentação e as perguntas frequentes (FAQ) primeiro!
+ */

doc/conf/examples/example.tr.conf

@@ -1,21 +1,29 @@
-/* UnrealIRCd 4.0 için yapılandırma dosyası
+/* UnrealIRCd 6 için yapılandırma dosyası
+ *
  * Türkçe Çeviri: Diablo - (Serkan Sepetçi)
- * İletişim: irc.trirc.com:6667 - diablo@unrealircd.org
+ * İletişim: irc.turkirc.net:6667 - diablo@unrealircd.org
  *
- * Biz buna basit bir 'unrealircd.conf' dosyası diyoruz.
- * Bu dosyası satır satır editleyip conf/ dizinine kopyalayınız. (düzenleyin!)
+ * Bu dosyayı conf/ dizininize kopyalayın ve 'unrealircd.conf' olarak adlandırın.
  *
- * Önemli: Satırların hepsi, açılış başına { satır sonuna ;
- * }; dahil edin. Bu çok önemli, eğer siz ayrıştırıcıyı ;
- * eksik koyarsanız yapılandırma dosyası hata verecek
- * ve dosya doğru işlemde olmayacaktır!
- * Bu sizin UnrealIRCd yapılandırması ile ilk deneyiminiz ise
- * dosyayı okumanız için birkaç dakika ayırmanızı öneniriz,
- * bu size bilgi edinmeniz açısından yardımcı olacaktır:
+ * Aceleniz varsa CTRL+F tuşlarına basıp şunu yapabilirsiniz: BUNU DEĞİŞTİRİN
+ * Değiştirilmesi gereken maddeler bu iki kelimeyle belirtilir.
+ * Ancak aslında dosyayı satır satır incelemenizi ve gereken yerde
+ * düzenlemenizi öneririz. Böylece tüm temel öğeleri ve bunların nasıl
+ * ayarlandığını görebilirsiniz.
+ * 
+ * DEVAM ETMEDEN ÖNCE:
+ * Önemli: { ve } dışındaki tüm satırlar ; ile biter
+ * Bu çok önemlidir. Eğer bir şeyi yanlış yaparsanız,
+ * yapılandırma dosyası ayrıştırıcısı hata verecek ve
+ * dosya doğru şekilde çalışmayacaktır!
+ *
+ * Eğer bu UnrealIRCd yapılandırma dosyasıyla ilk deneyiminizse
+ * sözdizimi hakkında biraz okumanızı öneririz.
+ * bu yalnızca birkaç dakika sürer ve size çok yardımcı olacaktır:
  * https://www.unrealircd.org/docs/Configuration#Configuration_file_syntax
  *
- * UnrealIRCd 4 belgeleme (çok geniş!):
- * https://www.unrealircd.org/docs/UnrealIRCd_4_documentation
+ * UnrealIRCd 6 belgeleri (çok kapsamlı!):
+ * https://www.unrealircd.org/docs/UnrealIRCd_6_documentation
  *
  * Sıkça Sorulan Sorular:
  * https://www.unrealircd.org/docs/FAQ
@@ -44,34 +52,43 @@ include "modules.default.conf";
  * - help/help.conf /HELPOP sistemi
  * - badwords.conf kanal ve kullanıcı modu için +G
  * - spamfilter.conf için örnek olarak spamfilter kullanımı
+ *   (yorumlandı)
  * - operclass.default.conf oper bloklarında kullanabileceğiniz
  *   oper sınıflarını görüntüler.
  */
 include "help/help.conf";
 include "badwords.conf";
-include "spamfilter.conf";
+//include "spamfilter.conf";
 include "operclass.default.conf";
+include "snomasks.default.conf";
 
+/* Varsayılan gizleme modülünü yükleyin (2021'den itibaren): */
+loadmodule "cloak_sha256";
+/* Veya eski modülü UnrealIRCd 3.2/4/5'ten yükleyin: */
+//loadmodule "cloak_md5";
+
+// BUNU DEĞİŞTİRİN ('ad' ve 'bilgi'):
 /* me { } bloğu genelde kim olduğumuzu belirtir.
  * Sunucumuz için isim, birkaç satır bazı bilgileri belirler "sid".
  * Sunucu kimliği (sid) iki basamağı veya harf tarafından izlenen bir rakam ile
  * başlamalıdır. Sid IRC ağı için benzersiz olmalıdır (her sunucu için
- * kendi sid olmalıdır).
+ * kendi sid olmalıdır). İlk sunucu için 001 kullanılması uygundur.
  */
 me {
-	name "irc.foonet.com";
-	info "FooNet Server";
+	name "irc.example.org";
+	info "ExampleNET Server";
 	sid "001";
-};
+}
 
+// BUNU DEĞİŞTİRİN:
 /* admin { } bloğu /ADMIN sorgusunda kullanıcılara görüntülenecek metni belirler.
  * Normalde yöneticiye ulaşma konusunda bilgi içerir.
  */
 admin {
 	"Bob Smith";
 	"bob";
-	"widely@used.name";
-};
+	"email@example.org";
+}
 
 /* Kullanıcılar ve sunucular için class { } bloğu belirtilir.
  * Class blokları aşağıdaki işlemlerden oluşur:
@@ -88,7 +105,7 @@ class clients
 	maxclients 1000;
 	sendq 200k;
 	recvq 8000;
-};
+}
 
 /* IRCOp'lar için varsaylan yüksek limitli özel class ayarları */
 class opers
@@ -97,7 +114,7 @@ class opers
 	maxclients 50;
 	sendq 1M;
 	recvq 8000;
-};
+}
 
 /* Sunucular için varsayılan class ayarları */
 class servers
@@ -105,8 +122,8 @@ class servers
 	pingfreq 60;
 	connfreq 15; /* Her 15 saniyede bir bağlanmayı dener */
 	maxclients 10; /* maksimum kullanıcı */
-	sendq 5M;
-};
+	sendq 20M;
+}
 
 /* Allow blockları sunucunuza kimlerin bağlanabileceğini belirtir.
  * Bir sunucu şifresi eklenebilir veya belirlitilen bir IP adresi için
@@ -115,23 +132,23 @@ class servers
  * Görmeniz için: https://www.unrealircd.org/docs/Allow_block
  */
 
-/* IP başına sadece 5 bağlantı izini verir */
+/* IP başına sadece 3 bağlantı izini verir */
 allow {
-	ip *@*;
+	mask *;
 	class clients;
 	maxperip 3;
-};
+}
 
 /* Örnek olarak özel bir IP bloğu izini:
  * Bu IP bir şifre ile bağlantı yapması olduğunu gerektirir.
  * Şifre doğru ise o zaman bu IP 20 bağlantıya izin verecektir.
  */
-allow {
-	ip *@192.0.2.1;
-	class clients;
-	password "somesecretpasswd";
-	maxperip 20;
-};
+// allow {
+// 	mask 192.0.2.1;
+// 	class clients;
+// 	password "somesecretpasswd";
+// 	maxperip 20;
+// }
 
 /* Oper bloğu, IRC Operatorleri tanımlar.
  * IRC Operatörler, diğer kullanıcılara göre "ekstra haklara" sahip kullanıcılardır.
@@ -145,57 +162,76 @@ allow {
  * https://www.unrealircd.org/docs/Oper_block
  */
 
-/* Örnek bir oper bloğu için 'bobsmith' ile şifresi 'test'.
- * Bunu değiştirmeniz GEREKİR!!
+/* İşte 'bobsmith' için örnek bir oper bloğu
+ * BUNU DEĞİŞTİRMELİSİN!! (oper adı ve şifre)
  */
 oper bobsmith {
 	class opers;
 	mask *@*;
-	password "test";
+
+	/* Teknik olarak oper şifrelerini conf'a düz metin olarak koyabilirsiniz, ancak bu
+	 * KESİNLİKLE ÖNERİLEN bir durum değildir. Bunun yerine bir şifre karması oluşturmalısınız:
+	 * *NIX'te şunu çalıştırın: ./unrealircd mkpasswd
+	 * Windows'ta şunu çalıştırın: "C:\Program Files\UnrealIRCd 6\bin\unrealircdctl" mkpasswd
+	 * .. ve ardından sonucu aşağıya yapıştırın:
+	 */
+	 
+	password "$argon2id..etc..";
+
+	/* 'Certfp' gibi daha iyi kimlik doğrulama türleri ve Windows'ta
+	 * karmaların nasıl oluşturulacağı da dahil olmak üzere daha fazla bilgi için
+	 * https://www.unrealircd.org/docs/Authentication_types adresine bakın.
+	 */
+
 	/* Oper izinleri bir "operclass 'bloğunda tanımlanır.
 	 * Görmeniz için: https://www.unrealircd.org/docs/Operclass_block
 	 * UnrealIRCd varsayılan bloklar makalesi için,
 	 * tam listesine bakınız. Buradan 'netadmin' seçiyoruz.
 	 */
+	 
 	operclass netadmin;
 	swhois "is a Network Administrator";
-	vhost netadmin.mynet.org;
-};
+	vhost netadmin.example.org;
+}
 
 /* Listen blokları sunucu portu için gereken bağlantı noktalarını tanımlar.
  * Diğer bir deyişle: Bu portlar kullanıcılar ve serverlar için
  * sunucuya bağlantı kurmasını sağlar.
  * 
  * Kullanımı:
- * listen
- * { 
+ * listen {
  *   ip <ip numarası>;
  *   port <port numarası>;
  *   options {
  *     <seçenekler....>;
- *   };
- * };
+ *   }
+ * }
  */
 
-/* Standard IRC port 6667 */
+/* Standard IRC port 6667
+ * Insecure plaintext (NOT for production servers)
+ * This listen block is here only for quick testing.
+ * Delete or comment out this listen block on production servers
+ * and use TLS on port 6697 instead.
+ */
 listen {
 	ip *;
 	port 6667;
-};
+}
 
 /* Standard IRC SSL/TLS port 6697 */
 listen {
 	ip *;
 	port 6697;
-	options { ssl; };
-};
+	options { tls; }
+}
 
 /* Özel SSL/TLS sadece sunucuları bağlamak için port */
 listen {
 	ip *;
 	port 6900;
-	options { ssl; serversonly; };
-};
+	options { tls; serversonly; }
+}
 
 /* DiKKAT: Eğer bir çok IP barındıran bir IRCd Shell kullanıyorsanız
  *       logunuzda olası 'Address already in use' hatasını alacaksınız
@@ -209,50 +245,51 @@ listen {
  * Link blockları bir ağ oluşturmak için birden fazla sunucu bağlamaya izin verir.
  * Görmek için: https://www.unrealircd.org/docs/Tutorial:_Linking_servers
  */
-link hub.mynet.org
+link hub.example.org
 {
 	incoming {
 		mask *@something;
-	};
+	}
 
 	outgoing {
 		bind-ip *; /* veya açıkça bir IP */
-		hostname hub.mynet.org;
+		hostname hub.example.org;
 		port 6900;
-		options { ssl; };
-	};
+		options { tls; }
+	}
 
 	/* Kimlik doğrulaması için diğer sunucunun SPKI parmak izini kullanıyoruz.
 	 * Kullanmamız için diğer tarafda './unrealircd spkifp' uygulayıp çalıştırıyoruz.
-	 * NOT: UnrealIRCd 4.0.16 veya üzeri versiyonları gerektirir.
+	 * *NIX'te şunu çalıştırın: ./unrealircd spkifp
+	 * Windows'ta şunu çalıştırın: "C:\Program Files\UnrealIRCd 6\bin\unrealircdctl" spkifp
 	 */
-	password "AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUV=" { spkifp; };
+	password "AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUV=" { spkifp; }
 
 	class servers;
-};
+}
 
 /* Servis'ler için bağlantı bloğu genellikle çok daha basittir.
  * Servis'lerin ne olduğu hakkında daha fazla bilgi için,
  * https://www.unrealircd.org/docs/Services
  */
-link services.mynet.org
+link services.example.org
 {
 	incoming {
 		mask 127.0.0.1;
-	};
+	}
 
 	password "changemeplease";
 
 	class servers;
-};
+}
 
 /* U-lines satırları sunuculara daha güç/komut kazandırır.
  * Eğer hizmetlerini kullanmak istiyorsanız onları buraya eklemeniz gerekir.
- * ASLA buraya (normal) UnrealIRCd sunucunun adını yazmayınız!!!
+ * ÖNEMLİ: ASLA buraya (normal) UnrealIRCd sunucunun adını yazmayınız!!!
  */
 ulines {
-	services.mynet.org;
-};
+	services.example.org;
+}
 
 /* Bu blok /DIE ve /RESTART için şifre tanımlamanızı sağlar. Sadece IRCOp'lar içindir.
  * Bu genelde kazara sunucuyu yeniden başlatma ve kapanmasına karşı biraz
@@ -261,27 +298,50 @@ ulines {
 drpass {
 	restart "restart";
 	die "die";
-};
+}
 
 /* Bu log bloğu hangi dosyaya ve nelerin olması gerektiğini tanımlar.
  * Görmeniz için: https://www.unrealircd.org/docs/Log_block
  */
 
-/* Varsayılan ayarlar, neredeyse her şeyi kaydedecektir */
-log "ircd.log" {
-	flags {
-		oper;
-		connects;
-		server-connects;
-		kills;
-		errors;
-		sadmin-commands;
-		chg-commands;
-		oper-override;
-		tkl;
-		spamfilter;
-	};
-};
+/* Bu iyi bir varsayılandır, hata ayıklama ve
+ * join/part/kick dışındaki her şeyi günlüğe kaydeder.
+ */
+log {
+	source {
+		all;
+		!debug;
+		!join.LOCAL_CLIENT_JOIN;
+		!join.REMOTE_CLIENT_JOIN;
+		!part.LOCAL_CLIENT_PART;
+		!part.REMOTE_CLIENT_PART;
+		!kick.LOCAL_CLIENT_KICK;
+		!kick.REMOTE_CLIENT_KICK;
+	}
+	destination {
+		file "ircd.log" { maxsize 100M; }
+	}
+}
+
+/* Düzenli günlük kaydına ek olarak bir JSON günlük dosyası ekleyin.
+ * Bu her olayla ilgili birçok bilgi içerir dolayısıyla denetim amaçları
+ * için mükemmeldir ve makine tarafından okunabilir. Ancak insanlar için daha az okunabilir.
+ */
+log {
+	source {
+		all;
+		!debug;
+		!join.LOCAL_CLIENT_JOIN;
+		!join.REMOTE_CLIENT_JOIN;
+		!part.LOCAL_CLIENT_PART;
+		!part.REMOTE_CLIENT_PART;
+		!kick.LOCAL_CLIENT_KICK;
+		!kick.REMOTE_CLIENT_KICK;
+	}
+	destination {
+		file "ircd.json.log" { maxsize 250M; type json; }
+	}
+}
 
 /* Bazı kullanıcılara veya botlara bir mesaj göndermek için "aliases"
  * takma ad oluşturmanızı sağlar. Genellikle servisler için kullanılır.
@@ -292,43 +352,43 @@ log "ircd.log" {
 include "aliases/anope.conf";
 
 /* Ban nick bloğu bir nickin sunucuda kullanımını yasaklamanıza olanak sağlar */
-ban nick {
-	mask "*C*h*a*n*S*e*r*v*";
-	reason "Servisler için ayrılmış";
-};
+// ban nick {
+// 	mask "*C*h*a*n*S*e*r*v*";
+// 	reason "Servisler için ayrılmış";
+// }
 
 /* Ban ip.
  * Normalde bunun için /KLINE, /GLINE ve /ZLINE kullanıldığını unutmayınız.
  */
-ban ip {
-	mask 195.86.232.81;
-	reason "Senden nefret ediyorum";
-};
+// ban ip {
+// 	mask 195.86.232.81;
+// 	reason "Senden nefret ediyorum";
+// }
 
 /* Ban server - bir sunucunun bağlanmasını devredışı kılar */
-ban server {
-	mask eris.berkeley.edu;
-	reason "Defol git buradan.";
-};
+// ban server {
+// 	mask eris.berkeley.edu;
+// 	reason "Defol buradan.";
+// }
 
 /* Ban user - normalde /KLINE veya /GLINE kullanıldığını unutmayınız */
-ban user {
-	mask *tirc@*.saturn.bbn.com;
-	reason "Salak";
-};
+// ban user {
+// 	mask *tirc@*.saturn.bbn.com;
+// 	reason "Aptal";
+// }
 
 /* Ban realname bloğu bir kullanıcıyı, GECOS kısmı esas alınarak 
  * banlamanıza olanak sağlar.
  */
-ban realname {
-	mask "Swat Team";
-	reason "mIRKFORCE";
-};
+// ban realname {
+// 	mask "Swat Team";
+// 	reason "mIRKFORCE";
+// }
 
-ban realname {
-	mask "sub7server";
-	reason "sub7";
-};
+// ban realname {
+// 	mask "sub7server";
+// 	reason "sub7";
+// }
 
 /* Ban ve TKL istisnaları. Kullanıcıları / makineleri gözetmeksizin
  * KLINE, GLINE, gibi banlardan muaf tutmanıza olanak sağlar.
@@ -337,30 +397,32 @@ ban realname {
  * bir *LINE ban koyarsanız bile yinede muaf tutulacaksınız.
  */
 
-/* except ban bloğu, sizi KLINE ve ZLINE gibi banlardan koruyacaktır */
-except ban {
-	mask *@192.0.2.1;
-	// burada daha fazla mask girdileri ekleyebilirsiniz..
-};
+/* except ban bloğu, sizi 'tüm' GLINE, GZLINE, QLINE, SHUN gibi banlardan koruyacaktır */
+// except ban {
+// 	mask *@192.0.2.1;
+// 	type all;
+// }
 
-/* except tkl bloğu, sizi 'tüm' GLINE, GZLINE, QLINE, SHUN gibi banlardan koruyacaktır */
-except tkl {
-	mask *@192.0.2.1;
-	type all;
-};
+/* This allows IRCCloud connections in without maxperip restrictions
+ * and also exempt them from connect-flood throttling.
+ */
+except ban {
+	mask *.irccloud.com;
+	type { maxperip; connect-flood; }
+}
 
 /* Deny dcc bloğu, sunucu üzerinden DCC yoluyla dosya gönderilmesine izin vermeyecektir */
-deny dcc {
-	filename "*sub7*";
-	reason "Olası Sub7 Virüsü";
-};
+// deny dcc {
+// 	filename "*sub7*";
+// 	reason "Possible Sub7 Virus";
+// }
 
 /* Deny channel bloğu, kullanıcıların belirtilen kanallara girmesini engeller */
-deny channel {
-	channel "*warez*";
-	reason "Warez is illegal";
-	class "clients";
-};
+// deny channel {
+// 	channel "*warez*";
+// 	reason "Warez is illegal";
+// 	class "clients";
+// }
 
 /* VHosts (Virtual Hosts) bloğu, kullanıcının yeni bir host alabilmesine olanak sağlar.
  * Görmeniz için; https://www.unrealircd.org/docs/Vhost_block
@@ -370,51 +432,101 @@ deny channel {
  * DiKKAT: Güvenlik açısından aşağıdaki vhost::mask yönergesinde
  *       maske 'unrealircd.com' olarak belirlenmiştir.
  */
-vhost {
-	vhost i.hate.microsefrs.com;
-	mask *@unrealircd.com;
-	login "test";
-	password "test";
-};
+// vhost {
+// 	vhost i.hate.microsefrs.com;
+// 	mask *@unrealircd.com;
+// 	login "test";
+// 	password "test";
+// }
+
+/* Blacklist blokları, bir kullanıcı bağlandığında IP adresinin drone saldırılarına
+ * neden olduğunu, bilinen bir saldırıya uğramış bir makine olup olmadığını görmek
+ * için harici bir DNS Kara Liste hizmetinden sorgulayacaktır.
+ * Belgeleme: https://www.unrealircd.org/docs/Blacklist_block
+ * veya aşağıdaki bloklar satırına bakınız.
+ */
+
+/* DroneBL, muhtemelen IRC Sunucuları tarafından kullanılan en popüler kara liste.
+ * Belgeler ve cevap (reply) tiplerin anlamlarını görmek için https://dronebl.org/
+ * adresine bakınız. Bu zamanda aşağıdaki cevap (reply) tiplerini kullanıyoruz:
+ * 3: IRC Drone, 5: Bottler, 6: Unknown spambot or drone,
+ * 7: DDoS Drone, 8: SOCKS Proxy, 9: HTTP Proxy, 10: ProxyChain,
+ * 11: Web Page Proxy, 12: Open DNS Resolver, 13: Brute force attackers,
+ * 14: Open Wingate Proxy, 15: Compromised router / gateway,
+ * 16: Autorooting worms.
+ */
+blacklist dronebl {
+        dns {
+                name dnsbl.dronebl.org;
+                type record;
+                reply { 3; 5; 6; 7; 8; 9; 10; 11; 12; 13; 14; 15; 16; }
+        }
+        action gline;
+        ban-time 24h;
+        reason "Proxy/Drone belirlendi. Ayrıntılar için https://dronebl.org/lookup?ip=$ip adresine bakınız.";
+}
+
+/* EFnetRBL, belgeler ve cevap (reply) tiplerini görmek için https://rbl.efnetrbl.org/
+ * adresine bakınız.
+ * Yazma sırasında: 1 is open proxy, 4 is TOR, 5 is drones/flooding.
+ *
+ * NOT: Sunucunuzda TOR proxy'lerine izin vermek istiyorsanız,
+ *       cevap (reply) tiplerinden '4;' öğesini kaldırmanız gerekiyor.
+ */
+blacklist efnetrbl {
+        dns {
+                name rbl.efnetrbl.org;
+                type record;
+                reply { 1; 4; 5; }
+        }
+        action gline;
+        ban-time 24h;
+        reason "Proxy/Drone/TOR tespit edildi.  Ayrıntılar için https://rbl.efnetrbl.org/?i=$ip adresine bakınız.";
+}
 
 /* Diğer yapılandırma dosyalarını dahil edebilirsiniz */
 /* include "klines.conf"; */
 
 /* Ağ yapılandırması */
 set {
-	network-name 		"MYNet";
-	default-server 		"irc.mynet.org";
-	services-server 	"services.mynet.org";
-	stats-server 		"stats.mynet.org";
+	// BU 4 ÖĞENİN TÜMÜNÜ DEĞİŞTİRİN:
+	network-name 		"ExampleNET";
+	default-server 		"irc.example.org";
+	services-server 	"services.example.org";
+	stats-server 		"stats.example.org";
+	/* Normal varsayılanlar */
 	help-channel 		"#Help";
-	hiddenhost-prefix	"Clk";
+	cloak-prefix		"Clk";
 	prefix-quit 		"Quit";
 
 	/* Gizleme anahtarları ağ üzerindeki bütün sunucularda aynı olmalı.
 	 * Bu anahtarlar maskeli hostlar yaratmak ve bunları saklamak için kullanılır.
-	 * Anahtarlar 5-100 karakterlik (10-20 karakter yeterli) 3 rastgele diziden oluşmalı ve 
-	 * küçük harf (a-z), büyük harf (A-Z) ve rakamlardan (0-9) meydana gelmelidirler.. [ilk örneğe bakınız].
-	 * IPUCU: './unreal gencloak' Unreal sizin için rastgele 3 adet dizin oluşturur.
+	 * Anahtarlar 80 karakterlik 3 rastgele diziden oluşmalı ve küçük harf (a-z),
+	 * büyük harf (A-Z) ve rakamlardan (0-9) meydana gelmelidirler.. [ilk örneğe bakınız].
+	 * IPUCU: './unrealircd gencloak' Unrealircd sizin için rastgele 3 adet dizin oluşturur.
 	 *        Bunu NIX üzerinde çalıştırabilirsiniz.
+	 *        On Windows, use "C:\Program Files\UnrealIRCd 6\bin\unrealircdctl" gencloak
 	 */
 	cloak-keys {
-		"aoAr1HnR6gl3sJ7hVz4Zb7x4YwpW";
+		"Oozahho1raezoh0iMee4ohvegaifahv5xaepeitaich9tahdiquaid0geecipahdauVaij3zieph4ahi";
 		"ve diğeri";
 		"ve diğeri";
-	};
-};
+	}
+}
 
 /* Sunucunun kendine özgü yapılandırması */
 
 set {
-	kline-address "set.this.to.email.address"; /* bir kullanıcı banlandığında e-mail yada URL satırı gösterir */
+	// SON OLARAK, BU SONRAKİ ÖĞEYİ DEĞİŞTİRMENİZ GEREKİR:
+	kline-address 'set.this.to.email.address'; /* bir kullanıcı banlandığında e-mail yada URL satırı gösterir */
 	modes-on-connect "+ixw"; /* kullanıcılar bağlandığında, bu modları alacaktır */
-	modes-on-oper	 "+xwgs"; /* Birisi IRC Operatör olduğunda bu modları alacaktır */
+	modes-on-oper	 "+xws"; /* Birisi IRC Operatör olduğunda bu modları alacaktır */
+	modes-on-join "+nt"; /* yeni bir kanal oluşturulduğunda varsayılan kanal modlarını alacaktır */
 	oper-auto-join "#opers"; /* IRCoplar bu kanala otomatik olarak giriş yapacaktır */
 	options {
 		hide-ulines; /* U-lines satırları /MAP ve /LINKS komutunda gözükmez */
 		show-connect-info; /* sunucuya bağlanırken "looking up your hostname" mesajı görüntülenecektir */
-	};
+	}
 
 	maxchannelsperuser 10; /* bir kullanıcının maksimum girebileceği kanal sayısı */
 
@@ -429,15 +541,12 @@ set {
 	/* static-part /PART komutu ile aynı işi görür */
 	/* static-part yes; */
 
-	/* /STATS komutunu operler için kısıtlar. Önerilen * (TÜMÜ) */
-	oper-only-stats "*";
-
-	/* Anti flood Koruması */
+	/* Flood Koruması:
+	 * Bunun için birçok ayarları vardır ve çoğu iyi varsayılanlara sahiptir.
+	 * Görmeniz için: https://www.unrealircd.org/docs/Set_block#set::anti-flood
+	 */
 	anti-flood {
-		nick-flood 3:60;	/* Her 60 saniyede 3 nick değişikliği (varsayılan) */
-		connect-flood 3:60;     /* Her 60 saniyede 3 bağlantı girişi izni (varsayılan) */
-		away-flood 4:120;	/* Her 2 dakikada 4 kez /AWAY kullanımı izni (varsayılan) */
-	};
+	}
 
 	/* Spam filter Ayarları */
 	spamfilter {
@@ -445,17 +554,136 @@ set {
 		ban-reason "Spam/Advertising"; /* varsayılan sebep */
 		virus-help-channel "#help"; /* 'viruschan' eylemi için kullanılacak kanal */
 		/* except "#help"; Spamfilter'den muaf tutulacak kanal */
-	};
-};
-/* Son olarak, bir MOTD (Günün Mesajı) oluşturabilirsiniz, bu
- * conf/ dizininde 'ircd.motd' metin dosyası oluşturarak yapabilirsiniz.
- * Bu dosyanın içeriği bağlantı kuran kullanıcılara gösterilecektir.
- * Daha fazla bilgi için https://www.unrealircd.org/docs/MOTD_and_Rules bölümünü inceleyiniz.
- */
+	}
+
+	/* Belirli komutları kısıtlayın.
+	 * See https://www.unrealircd.org/docs/Set_block#set::restrict-commands
+	 */
+	restrict-commands {
+		list {
+			except {
+				connect-time 60;
+				identified yes;
+				reputation-score 24;
+			}
+		}
+		invite {
+			except {
+				connect-time 120;
+				identified yes;
+				reputation-score 24;
+			}
+		}
+		/* Yukarıda gösterildiği gibi herhangi bir komutu kısıtlama
+		 * yeteneğine sahiptir. Ayrıca kısıtlayabileceğiniz 4
+		 * özel tip vardır. Bunlar "private-message",
+		 * "private-notice", "channel-message" ve "channel-notice".
+		 * Bu örnekte olduğu gibi (kapalı) yorumlanmıştır:
+		 */
+		//private-message {
+		//	except { connect-time 10; }
+		//}
+		//private-notice {
+		//	except { connect-time 10; }
+		//}
+	}
+}
 
 /*
- * Sorununuza veya daha fazla yardımamı ihtiyacınız var?
- * 1) https://www.unrealircd.org/docs/UnrealIRCd_4_documentation
+ * Aşağıdaki ayar "bilinmeyen kullanıcılar" için bağlantı kısıtlamasını yapılandıracaktır.
+ *
+ * UnrealIRCd, IP adreslerinden bağlanan çok sayıda kullanıcı tespit ettiğinde
+ * daha önce görülmemişse, yeni IP'lerden gelen bağlantılar ayarlanan
+ * hızın üzerinde reddedilir. örneğin 10:60'ta dakikada sadece 10 kullanıcı daha önce
+ * görülmemiş şekilde bağlanabilir. Bilinen IP adresleri, ayarlanan orandan bağımsız olarak
+ * her zaman girebilir. SASL kullanarak giriş yapan kullanıcılar için de aynıdır.
+ *
+ * Ayrıntılar için https://www.unrealircd.org/docs/Connthrottle adresine bakınız.
+ * Veya aşağıdaki varsayılan yapılandırma ayarlarını okumaya devam edin:
+ */
+
+set {
+	connthrottle {
+		/* ilk önce "bilinen kullanıcılar" dediğimiz şeyi yapılandırmalıyız.
+		 * Varsayılan olarak bunlar, IP adresleri üzerinde 24 veya
+		 * daha yüksek puana sahip kullanıcılardır. 24 puan IP'nin geçen ay
+		 * en az 2 saat (veya kayıtlıysa en az 1 saat) boyunca bu sunucuya
+		 * bağlı olduğu anlamına gelir.
+		 * Sasl-bypass seçeneği başka bir ayardır. Bu ayar
+		 * SASL aracılığıyla hizmetlere kimlik doğrulaması yapan
+		 * kullanıcıların da bilinen kullanıcılar olarak kabul edildiği anlamına gelir.
+		 * "known-users" grubundaki kullanıcılar (herhangi bir reputation
+		 * veya SASL) modülleri tarafından her zaman izin verilir.
+		 */
+		except {
+			reputation-score 24;
+			identified yes;
+			/* daha fazla seçenek için bkz.
+			 * https://www.unrealircd.org/docs/Mask_item
+			 */
+		}
+
+		/* Yeni kullanıcılar, aşağıdakilere ait olmayan tüm
+		 * bilinen-kullanıcılar grubundandır. Bunlar "yeni" ve
+		 * bu tür yeni kullanıcıların çok sayıda bağlanması durumunda
+		 * bağlantı hızı sınırlamasına tabidirler.
+		 * Varsayılan bu oran dakikada 20 yeni yerel kullanıcı
+		 * ve dakikada 30 yeni global kullanıcı	olarak belirlenmiştir.
+		 */
+		new-users {
+			local-throttle 20:60;
+			global-throttle 30:60;
+		}
+
+		/* Bu modülün ne zaman aktif OLMAYACAĞINI yapılandırır.
+		 * Varsayılan ayarlar, şu durumlarda modülü devre dışı bırakacaktır:
+		 * - Reputation modülü 1 haftadan kısa bir süredir çalışıyor ise.
+		 *   1 haftadan az çalışıyorsa, kimin "bilinen kullanıcı"
+		 *   olduğunu düşünmek için yeterli veri yoktur.
+		 * - Sunucu yeni açıldı (ilk 3 dakika).
+		 */
+		disabled-when {
+			reputation-gathering 1w;
+			start-delay 3m;
+		}
+	}
+}
+
+/* KANAL GEÇMİŞİ:
+ * UnrealIRCd, kullanıcılar tarafından bir kanala katılmadan önce
+ * kanal geçmişini okumak için, kullanılabilen +H kanal moduna sahip olmalıdır.
+ * Bu özellik hakkında bilgi için bkz. https://www.unrealircd.org/docs/Channel_history
+ *
+ * Geçmiş limitleri set::history aracılığıyla yapılandırılabilir. Varsayılan ayarlar
+ * muhtemelen sizin için zaten iyidir, ancak düşük bellekli bir sistemdeyseniz veya
+ * binlerce kanalınız varsa, iki kez kontrol etmek isteyebilirsiniz. Seçenekler için
+ * https://www.unrealircd.org/docs/Set_block#set::history adresine bakın.
+ *
+ * Buna ek olarak "kalıcı kanal geçmişine" sahip olabilirsiniz. Bu kanal
+ * geçmişinin diskte şifreli olarak depolandığı ve böylece IRC sunucusu yeniden
+ * başlatılması halinde korunması anlamına gelir.
+ * bkz. https://www.unrealircd.org/docs/Set_block#Persistent_channel_history
+ * Kalıcı geçmiş özelliği varsayılan olarak ETKİNLEŞTİRİLMEMİŞTİR bunun için
+ * bir secret { } bloğu yapılandırmanız gerekir. Aşağıdaki yapılandırma dosyasında
+ * saklanan parolalar doğrudan bunlara basit bir örnektir.
+ * Daha iyi güvenlik elde etmek için https://www.unrealircd.org/docs/Secret_block
+ * adresini okuyun böylece şifreleri doğrudan yapılandırmada saklamazsınız.
+ */
+//secret historydb { password "somepassword"; }
+//set { history { channel { persist yes; db-secret "historydb"; } } }
+
+/* Son olarak, bir MOTD'ye (Günün Mesajı) sahip olmak isteyebilirsiniz, bunu
+ * conf/ dizininizde bir 'ircd.motd' metin dosyası oluşturarak yapabilirsiniz.
+ * Bu dosya bağlantıda kullanıcılarınıza gösterilecektir.
+ * Daha fazla bilgi için bkz. https://www.unrealircd.org/docs/MOTD_and_Rules
+ */
+
+
+
+
+/*
+ * Sorun mu yaşıyorsunuz veya daha fazla yardıma mı ihtiyacınız var?
+ * 1) https://www.unrealircd.org/docs/
  * 2) https://www.unrealircd.org/docs/FAQ <- sorularınızın %80 ini kapsamakta!
  * 3) Eğer probleminiz hala devam ediyorsa:
  *    - Forums: https://forums.unrealircd.org/

doc/conf/modules.default.conf

@@ -1,4 +1,5 @@
-/* This file will load (nearly) all modules available on UnrealIRCd.
+/* [6.2.6-rc1]
+ * This file will load (nearly) all modules available on UnrealIRCd.
  * So all commands, channel modes, user modes, etc..
  *
  * If you want to have all UnrealIRCd functionality, then include this
@@ -10,141 +11,169 @@
  * 1) Keep the include for modules.default.conf as usual and make use
  *    of blacklist-module "xyz"; to selectively disable modules.
  *    See https://www.unrealircd.org/docs/Blacklist-module_directive
+ *    This is the highly recommended approach of doing customizations!
  * 2) OR, make a copy of this file (eg: name it modules.custom.conf)
  *    and edit it. Then include that file from your unrealircd.conf
  *    instead of this one.
- * The downside of option #2 is that you will need to track changes
- * in the original modules.default.conf with each new UnrealIRCd
- * release to make sure you don't miss any new functionality (as new
- * important modules may be added you need to add them to your conf).
- * You don't have this problem with option #1.
+ *    The problem with this option #2 is that you need to track ALL
+ *    changes in UnrealIRCd, that means: every loadmodule line that
+ *    we add or remove in each and every release. If you don't do this
+ *    or forget one little loadmodule line then you will end up with:
+ *    * Missing functionality (that could have been useful)
+ *    * Breaking of existing functionality, like the (in)famous example
+ *      of when the existing svslogin command got split off in a separate
+ *      new svslogin module and people who didn't load that new module
+ *      would have services who would not set users as 'logged in'.
+ *      Or the existing anti connect-flood feature being split off into
+ *      the 'connect-flood' module, so your server suddenly being
+ *      vulnerable to connect flooding because you failed to load it.
+ *    So please do know what you are doing if you choose option #2.
+ *    Again, best is to go for option #1 and opt-out.
  */
 
-/*** Cloaking (for user mode +x) ***/
-loadmodule "cloak";
-
-
 /*** Commands ***/
 
 // User commands (MINIMAL)
 // These provide just the minimal set of IRC commands that are
 // required by RFC1459 along with WATCH and MAP.
-loadmodule "m_admin";
-loadmodule "m_away";
-loadmodule "m_invite";
-loadmodule "m_ison";
-loadmodule "m_join";
-loadmodule "m_kick";
-loadmodule "m_links";
-loadmodule "m_list";
-loadmodule "m_lusers";
-loadmodule "m_map";
-loadmodule "m_message";
-loadmodule "m_mode";
-loadmodule "m_motd";
-loadmodule "m_names";
-loadmodule "m_nick";
-loadmodule "m_part";
-loadmodule "m_pass";
-loadmodule "m_pingpong";
-loadmodule "m_protoctl";
-loadmodule "m_quit";
-loadmodule "m_rules";
-loadmodule "m_topic";
-loadmodule "m_user";
-loadmodule "m_userhost";
-loadmodule "m_watch";
-loadmodule "m_who";
-loadmodule "m_whois";
-loadmodule "m_whowas";
+loadmodule "admin";
+loadmodule "away";
+loadmodule "invite";
+loadmodule "ison";
+loadmodule "join";
+loadmodule "kick";
+loadmodule "links";
+loadmodule "list";
+loadmodule "lusers";
+loadmodule "map";
+loadmodule "message";
+loadmodule "mode";
+loadmodule "motd";
+loadmodule "names";
+loadmodule "nick";
+loadmodule "part";
+loadmodule "pass";
+loadmodule "pingpong";
+loadmodule "protoctl";
+loadmodule "quit";
+loadmodule "rules";
+loadmodule "topic";
+loadmodule "user";
+loadmodule "userhost";
+loadmodule "watch";
+loadmodule "whox";
+loadmodule "whois";
+loadmodule "whowas";
 
 // User commands (EXTENDED)
 // These are commands that provide extended functionality.
-loadmodule "m_botmotd";
-loadmodule "m_cap";
-loadmodule "m_cycle";
-loadmodule "m_dccallow";
-loadmodule "m_help";
-loadmodule "m_knock";
-loadmodule "m_lag";
-loadmodule "m_sasl";
-loadmodule "m_setname";
-loadmodule "m_silence";
-loadmodule "m_starttls";
-loadmodule "m_time";
-loadmodule "m_userip";
-loadmodule "m_vhost";
+loadmodule "botmotd";
+loadmodule "cap";
+loadmodule "cycle";
+loadmodule "dccallow";
+loadmodule "help";
+loadmodule "knock";
+loadmodule "lag";
+loadmodule "sasl";
+loadmodule "setname";
+loadmodule "silence";
+loadmodule "starttls";
+loadmodule "time";
+loadmodule "userip";
+loadmodule "vhost";
+loadmodule "history";
 
 // IRC Operator commands
-// Note: several of these like m_kill are also server-to-server commands
+// Note: several of these like kill are also server-to-server commands
 // which are required if you link to other servers.
-loadmodule "m_addmotd";
-loadmodule "m_addomotd";
-loadmodule "m_chghost";
-loadmodule "m_chgident";
-loadmodule "m_chgname";
-loadmodule "m_close";
-loadmodule "m_connect";
-loadmodule "m_squit";
-loadmodule "m_dccdeny";
-loadmodule "m_globops";
-loadmodule "m_kill"; /* also server-to-server */
-loadmodule "m_locops";
-loadmodule "m_mkpasswd";
-loadmodule "m_oper";
-loadmodule "m_opermotd";
-loadmodule "m_sajoin";
-loadmodule "m_samode";
-loadmodule "m_sapart";
-loadmodule "m_sdesc";
-loadmodule "m_sethost";
-loadmodule "m_setident";
-loadmodule "m_stats";
-loadmodule "m_tkl"; /* also server-to-server */
-loadmodule "m_trace";
-loadmodule "m_tsctl";
-loadmodule "m_undccdeny";
-loadmodule "m_unsqline";
-loadmodule "m_wallops";
+loadmodule "addmotd";
+loadmodule "addomotd";
+loadmodule "chghost";
+loadmodule "chgident";
+loadmodule "chgname";
+loadmodule "close";
+loadmodule "connect";
+loadmodule "squit";
+loadmodule "dccdeny";
+loadmodule "globops";
+loadmodule "kill"; /* also server-to-server */
+loadmodule "locops";
+loadmodule "mkpasswd";
+loadmodule "oper";
+loadmodule "operinfo"; /* not really a command but for whois */
+loadmodule "opermotd";
+loadmodule "sajoin";
+loadmodule "samode";
+loadmodule "sapart";
+loadmodule "sdesc";
+loadmodule "sethost";
+loadmodule "setident";
+loadmodule "stats";
+loadmodule "tkl"; /* also server-to-server */
+loadmodule "tline";
+loadmodule "trace";
+loadmodule "tsctl";
+loadmodule "unsqline";
 loadmodule "jumpserver";
 
 // Server-to-server commands
 // Don't remove these, unless you never link to other servers.
-loadmodule "m_eos";
-loadmodule "m_md";
-loadmodule "m_netinfo";
-loadmodule "m_server";
-loadmodule "m_sjoin";
-loadmodule "m_sqline";
-loadmodule "m_swhois";
-loadmodule "m_umode2";
+loadmodule "eos";
+loadmodule "md";
+loadmodule "netinfo";
+loadmodule "server";
+loadmodule "sjoin";
+loadmodule "sqline";
+loadmodule "swhois";
+loadmodule "umode2";
+loadmodule "sinfo";
+loadmodule "require-module";
+loadmodule "slog";
+loadmodule "creationtime";
+loadmodule "sreply";
+loadmodule "unreal_server_compat";
 
 // Services commands
 // You could disable these if you don't use Services
 // https://www.unrealircd.org/docs/Services
-loadmodule "m_sendsno";
-loadmodule "m_sendumode";
-loadmodule "m_svsfline";
-loadmodule "m_svsjoin";
-loadmodule "m_svskill";
-loadmodule "m_svslusers";
-loadmodule "m_svsmode";
-loadmodule "m_svsmotd";
-loadmodule "m_svsnick";
-loadmodule "m_svsnline";
-loadmodule "m_svsnolag";
-loadmodule "m_svsnoop";
-loadmodule "m_svspart";
-loadmodule "m_svssilence";
-loadmodule "m_svssno";
-loadmodule "m_svswatch";
+loadmodule "sendsno";
+loadmodule "sendumode";
+loadmodule "svsjoin";
+loadmodule "svskill";
+loadmodule "svslusers";
+loadmodule "svsmode";
+loadmodule "svsmotd";
+loadmodule "svsnick";
+loadmodule "svsnline";
+loadmodule "svsnolag";
+loadmodule "svsnoop";
+loadmodule "svspart";
+loadmodule "svssilence";
+loadmodule "svssno";
+loadmodule "svswatch";
+loadmodule "svso";
+loadmodule "svslogin";
 
 
 /*** Channel modes ***/
+loadmodule "chanmodes/chanowner"; /* +q */
+loadmodule "chanmodes/chanadmin"; /* +a */
+loadmodule "chanmodes/chanop"; /* +o */
+loadmodule "chanmodes/halfop"; /* +h */
+loadmodule "chanmodes/voice"; /* +v */
+loadmodule "chanmodes/key"; /* +k */
+loadmodule "chanmodes/limit"; /* +l */
+loadmodule "chanmodes/inviteonly"; /* +i */
+loadmodule "chanmodes/secret"; /* +s */
+loadmodule "chanmodes/private"; /* +p */
+loadmodule "chanmodes/moderated"; /* +m */
+loadmodule "chanmodes/noexternalmsgs"; /* +n */
+loadmodule "chanmodes/topiclimit"; /* +t */
 loadmodule "chanmodes/floodprot"; /* +f */
 loadmodule "chanmodes/nocolor"; /* +c */
 loadmodule "chanmodes/noctcp"; /* +C */
 loadmodule "chanmodes/stripcolor"; /* +S */
+loadmodule "chanmodes/isregistered"; /* +r */
 loadmodule "chanmodes/issecure"; /* +Z */
 loadmodule "chanmodes/permanent"; /* +P */
 loadmodule "chanmodes/link"; /* +L */
@@ -159,9 +188,11 @@ loadmodule "chanmodes/nonickchange"; /* +N */
 loadmodule "chanmodes/nokick"; /* +Q */
 loadmodule "chanmodes/regonlyspeak"; /* +M */
 loadmodule "chanmodes/secureonly"; /* +z */
+loadmodule "chanmodes/history"; /* +H */
 
 
 /*** User modes ***/
+loadmodule "usermodes/wallops"; /* +w (listen to /WALLOPS messages) */
 loadmodule "usermodes/bot"; /* +B (mark yourself as a bot) */
 loadmodule "usermodes/servicebot"; /* +S (service bot) */
 loadmodule "usermodes/noctcp"; /* +T (block CTCP's) */
@@ -170,41 +201,139 @@ loadmodule "usermodes/showwhois"; /* +W (show if someone does /WHOIS) */
 loadmodule "usermodes/privacy"; /* +p (privacy, hide channels in /WHOIS) */
 loadmodule "usermodes/nokick"; /* +q (unkickable oper) */
 loadmodule "usermodes/regonlymsg"; /* +R (only registered users may private message you) */
-loadmodule "usermodes/secureonlymsg"; /* +Z (only SSL/TLS users may private message you) */
+loadmodule "usermodes/secureonlymsg"; /* +Z (only TLS users may private message you) */
 loadmodule "usermodes/privdeaf"; /* +D (don't let other user PM you) */
 
 
-/*** Server notice masks */
-loadmodule "snomasks/dccreject"; /* +D (rejected DCC's) */
-
-
 /*** Extended Bans ***/
-loadmodule "extbans/join"; /* +b ~j (prevent only joins) */
-loadmodule "extbans/quiet"; /* +b ~q (prevent only messaging) */
-loadmodule "extbans/nickchange"; /* +b ~n (prevent only nick changes) */
-loadmodule "extbans/realname"; /* +b ~r (ban by real name) */
-loadmodule "extbans/regnick"; /* +b ~R (ban/exempt if using registered nick) */
-loadmodule "extbans/account"; /* +b ~a (ban/exempt if logged in with services account) */
-loadmodule "extbans/inchannel"; /* +b ~c (ban/exempt if in channel) */
-loadmodule "extbans/operclass"; /* +b ~O (ban/exempt by operclass) */
-loadmodule "extbans/certfp"; /* +b ~S (ban/exempt by certfp) */
-loadmodule "extbans/textban"; /* +b ~T (censor or block text) */
-loadmodule "extbans/msgbypass"; /* +e ~m (bypass message restrictions) */
-loadmodule "extbans/timedban"; /* +b ~t (timed bans / temporary bans) */
+loadmodule "extbans/join"; /* +b ~join (old ~j mode, prevent only joins) */
+loadmodule "extbans/quiet"; /* +b ~quiet (old ~q mode, prevent only messaging) */
+loadmodule "extbans/nickchange"; /* +b ~nickchange (old ~n mode, prevent only nick changes) */
+loadmodule "extbans/realname"; /* +b ~realname (old ~r mode, ban by real name) */
+loadmodule "extbans/account"; /* +b ~account (old ~a mode, ban/exempt if logged in with services account) */
+loadmodule "extbans/inchannel"; /* +b ~channel (old, ~c mode, ban/exempt if in channel) */
+loadmodule "extbans/operclass"; /* +b ~operclass (old ~O mode, ban/exempt by operclass) */
+loadmodule "extbans/certfp"; /* +b ~certfp (old ~S mode, ban/exempt by certfp) */
+loadmodule "extbans/textban"; /* +b ~text (old ~T mode, censor or block text) */
+loadmodule "extbans/timedban"; /* +b ~time (old ~t mode, timed bans / temporary bans) */
+loadmodule "extbans/partmsg"; /* +b ~partmsg (old ~p mode, hide part/quit message) */
+loadmodule "extbans/securitygroup"; /* +b ~security-group (old ~G mode, security group) */
+loadmodule "extbans/country"; /* +b ~country (country via geoip) */
+loadmodule "extbans/msgbypass"; /* +e ~msgbypass (old ~m mode, bypass message restrictions) */
+loadmodule "extbans/flood"; /* +e ~flood (flood exemption for chanmode +f/+F) */
+loadmodule "extbans/asn"; /* +b ~asn (ASN via geoip) */
+loadmodule "extbans/inherit"; /* +b ~inherit (inherit bans from another channel) */
 
 
-/*** CAP modules ***/
-loadmodule "cap/sts"; /* strict transport policy (set::ssl::sts-policy) */
-loadmodule "cap/plaintext-policy"; /* plaintext-policy announce */
-loadmodule "cap/link-security"; /* link-security announce */
+/*** IRCv3 extensions ***/
+loadmodule "account-notify"; /* send ACCOUNT message upon services account login */
+loadmodule "message-tags"; /* add tags to messages, required for various IRCv3 features */
+loadmodule "batch"; /* also required for several IRCv3 features */
+loadmodule "server-time"; /* adds server timestamp to various messages */
+loadmodule "message-ids"; /* adds unique msgid to various messages */
+loadmodule "account-tag"; /* adds services account information to messages */
+loadmodule "echo-message"; /* shows clients if their messages are altered/filtered */
+loadmodule "labeled-response"; /* correlate requests and responses easily */
+loadmodule "bot-tag"; /* indicate the message comes from a bot (draft/bot) */
+loadmodule "typing-indicator"; /* typing indicator in PM and channels (+typing) */
+loadmodule "channel-context";
+loadmodule "reply-tag"; /* indicate to which message you are responding (+draft/reply) */
+loadmodule "clienttagdeny"; /* informs clients about supported client-only message tags */
+loadmodule "sts"; /* strict transport policy (set::tls::sts-policy) */
+loadmodule "link-security"; /* link-security announce */
+loadmodule "plaintext-policy"; /* plaintext-policy announce */
+loadmodule "chathistory"; /* CHATHISTORY client command, 005 and a CAP (draft) */
+loadmodule "monitor"; /* MONITOR command with functionality similar to WATCH */
+loadmodule "extended-monitor"; /* add away status, gecos and userhost changes to MONITOR (draft) */
+loadmodule "standard-replies"; /* Standard Replies */
+loadmodule "no-implicit-names"; /* Opt out of receiving implicit NAMES when joining a channel */
+loadmodule "extended-isupport"; /* draft/extended-isupport */
+loadmodule "multiline"; /* draft/multiline */
+
+/*** RPC modules ***/
+// There's a JSON-RPC interface that can be used to communicate with UnrealIRCd
+// outside of IRC. See https://www.unrealircd.org/docs/JSON-RPC for more info.
+// Or, more technical, for a list of all JSON-RPC Methods, have a look at
+// https://www.unrealircd.org/docs/JSON-RPC:Technical_documentation
+// (Don't just look at the list of rpc/* modules below, occasionaly some rpc
+// functionality is together in a regular module which has no rpc/* prefix)
+//
+// By loading the following modules, we enable RRPC for intra-server JSON-RPC,
+// so calls like modules.list work properly accross the network. It DOES NOT
+// enable the webserver, nor does it listen on any RPC socket. For that, you
+// need to include "conf/rpc.modules.default.conf";
+loadmodule "rpc/rpc";
+loadmodule "rpc/stats";
+loadmodule "rpc/user";
+loadmodule "rpc/server";
+loadmodule "rpc/channel";
+loadmodule "rpc/server_ban";
+loadmodule "rpc/server_ban_exception";
+loadmodule "rpc/name_ban";
+loadmodule "rpc/spamfilter";
+loadmodule "rpc/log";
+loadmodule "rpc/whowas";
+loadmodule "rpc/message";
+loadmodule "rpc/security_group";
 
 /*** Other ***/
 // These are modules that don't fit in any of the previous sections
-
-loadmodule "certfp"; /* SSL certificate fingerprint in /WHOIS (& more) */
-loadmodule "ssl_antidos"; /* prevent SSL DoS (renegotiate floods) */
-loadmodule "m_nopost"; /* Block POST commands (Firefox XPS IRC Attack) */
+loadmodule "ident_lookup"; /* Ident lookups if set::options::identd-check is set*/
+loadmodule "certfp"; /* TLS certificate fingerprint in /WHOIS (& more) */
+loadmodule "tls_cipher"; /* Store and retrieve TLS cipher of local and remote clients */
+loadmodule "tls_antidos"; /* prevent TLS DoS (renegotiate floods) */
+loadmodule "connect-flood"; /* throttling against connection flooding */
+loadmodule "max-unknown-connections-per-ip"; /* limit number of connections in 'unknown state' */
 loadmodule "webirc"; /* WEBIRC command. See webirc block. */
 loadmodule "blacklist"; /* Blacklist support (DNSBL). See blacklist block. */
 loadmodule "jointhrottle"; /* set::anti-flood::join-flood (previously chanmode +j) */
 loadmodule "charsys"; /* Provides set::allowed-nickchars (must always be loaded!) */
+loadmodule "authprompt"; /* Authentication prompt, see set::authentication-prompt */
+loadmodule "history_backend_mem"; /* History storage backend (used by chanmodes/history) */
+loadmodule "tkldb"; /* Write TKLines to .db file */
+loadmodule "channeldb"; /* Write channel settings to .db file (+P channels only) */
+loadmodule "rmtkl"; /* Easily remove *-Lines in bulk with /RMTKL */
+loadmodule "restrict-commands"; /* Provides set::restrict-commands settings */
+loadmodule "reputation"; /* used by Connthrottle and others, see next */
+loadmodule "connthrottle"; /* see https://www.unrealircd.org/docs/Connthrottle */
+loadmodule "userip-tag"; /* unrealircd.org/userip tag for ircops (IP address) */
+loadmodule "userhost-tag"; /* unrealircd.org/userhost tag for ircops (real host) */
+loadmodule "geoip-tag"; /* unrealircd.org/geoip tag for ircops (country) */
+loadmodule "json-log-tag"; /* unrealircd.org/json-log tag and CAP for ircops */
+loadmodule "issued-by-tag"; /* unrealircd.org/issued-by tag for servers and ircops */
+loadmodule "real-quit-reason"; /* unrealircd.org/real-quit-reason for servers only */
+loadmodule "targetfloodprot"; /* set::anti-flood::target-flood protection */
+loadmodule "watch-backend"; /* used by watch and other modules */
+loadmodule "geoip_base"; /* needed for ALL geoip functions */
+loadmodule "websocket_common"; /* helper functions for websocket (internal) */
+loadmodule "spamreport"; /* Spam reporting to a blacklist */
+loadmodule "crule"; /* Rules in spamfilter::rule and deny link::rule */
+loadmodule "maxperip"; /* allow::maxperip restrictions */
+loadmodule "utf8functions"; /* Various UTF8 helper functions */
+loadmodule "utf8only"; /* UTF8ONLY via set::utf8-only */
+loadmodule "portinfo"; /* storing local_port and server_port of users */
+loadmodule "isupport"; /* ISUPPORT / numeric 005 handling */
+
+@if !defined(NO_DEFAULT_GEOIP)
+@if $GEOIP_ENGINE != "none"
+loadmodule "$GEOIP_ENGINE";
+@endif
+@if module-loaded("geoip_classic")
+set {
+	geoip-classic {
+		ipv4-database "https://geoip.unrealircd.org/classic/GeoIP.dat" { url-refresh 14d; url-fail warn; }
+		ipv6-database "https://geoip.unrealircd.org/classic/GeoIPv6.dat" { url-refresh 14d; url-fail warn; }
+		asn-ipv4-database "https://geoip.unrealircd.org/classic/GeoIPASNum.dat" { url-refresh 14d; url-fail warn; }
+		asn-ipv6-database "https://geoip.unrealircd.org/classic/GeoIPASNumv6.dat" { url-refresh 14d; url-fail warn; }
+	}
+}
+@endif
+@if module-loaded("geoip_mmdb")
+set {
+        geoip-mmdb {
+		database "https://geoip.unrealircd.org/mmdb/GeoIP.mmdb" { url-refresh 14d; url-fail warn; }
+		asn-database "https://geoip.unrealircd.org/mmdb/GeoIP-ASN.mmdb" { url-refresh 14d; url-fail warn; }
+        }
+}
+@endif
+@endif

doc/conf/modules.optional.conf

@@ -15,12 +15,14 @@
 
 // This add the /IRCOPS command: A more visual way for users
 // to see which IRCOps are online.
-loadmodule "m_ircops";
+loadmodule "ircops";
 
 // This adds the /STAFF command: This command simply displays
 // a text file that you can configure here:
-loadmodule "m_staff";
-set { staff-file "network.staff"; };
+loadmodule "staff";
+@if module-loaded("staff")
+set { staff-file "network.staff"; }
+@endif
 
 
 /*** Channel modes ***/
@@ -36,7 +38,8 @@ loadmodule "nocodes";
 // The hideserver module will hide /MAP and /LINKS to regular users.
 // It does not truly enhance security as server names can still be
 // seen at other places.
-loadmodule "hideserver";
+// Comment out the following line to enable this:
+// loadmodule "hideserver";
 
 // The antirandom module will kill or *line users that have a nick,
 // ident and/or realname that is considered "random".
@@ -46,28 +49,29 @@ loadmodule "hideserver";
 // the module may consider a sequence of characters "random" even though
 // it is a perfectly pronounceable word in your language.
 loadmodule "antirandom";
+@if module-loaded("antirandom")
 set {
 	antirandom {
 		/* THRESHOLD:
-		 * This is pretty much the most important setting of all.
-		 * For every randomly looking ident the user gets a certain amount of
-		 * 'points', if this value reaches 'threshold' then the appropriate
+		 * This is the most important setting of all.
+		 * For every randomly looking item the user gets a certain amount of
+		 * 'points'. If the points reach the 'threshold' then the appropriate
 		 * action is taken (killed, *lined, see later on).
-		 *  lower = more randomly looking users will be catched (but also more
-		 *	  innocent users)
-		 * higher = less chance of innocent users getting killed, but also less
-		 *	  chance on bots getting catched.
+		 *  lower = more randomly looking users will be caught
+		 *          (but also more innocent users).
+		 * higher = less chance of innocent users getting killed
+		 *          (but also less chance on bots getting caught).
 		 * <2:  DON'T!!
-		 *  4:  Works good, probably a few more innocent kills but if you got
-		 *      quite a bot problem then this might be a useful setting.
+		 *  4:  Works good, probably a few more innocent kills, but if you have a
+		 *      big problem with drone attacks then this might be a good setting.
 		 *  5:  Works well with few innocent kills, probably good to begin with.
 		 *  6:  If you want to be a tad more careful
 		 * >6:  For the paranoid. Module can still be quite effective, though :)
 		 */
-		threshold 7;
+		threshold 6;
 
 		/* BAN-ACTION:
-		 * Action to take whenever the user is catched as random, options:
+		 * Action to take whenever the user is caught as random, options:
 		 * warn, kill, gline, gzline, kline, zline, shun, tempshun
 		 */
 		ban-action kill;
@@ -82,66 +86,164 @@ set {
 		ban-time 4h;
 
 		/* BAN-REASON:
-		 * The ban (or kill) reason to use.
-		 * You might want to put in an entry to a FAQ or an email address
-		 * where users can mail if they have been catched and don't know what to do.
-		 * NOTE: One of the various reasons that ""innocent users"" are catched is
-		 *       if they just randomly type in info for their nick, ident, or realname.
+		 * The ban or kill reason to use.
+		 * Tip: you might want to put in an entry to a FAQ or an email address where
+		 *      users can mail if they have been caught and don't know what to do.
+		 * NOTE: One of the various reasons that "innocent users" are blocked is when
+		 *       they randomly type in info for their nick, ident, or realname.
 		 */
 		ban-reason "You look like a bot. Be sure to fill in your nick/ident/realname properly.";
 
 		/* CONVERT-TO-LOWERCASE:
 		 * Convert nicks, idents, and realnames to lowercase before doing random checks?
-		 * This has not been tested extensively for false positives, but might be (very)
-		 * helpful to catch GnStA5FYhiTH51TUkf style random nicks as random.
+		 * Useful to catch GnStA5FYhiTH51TUkf style random nicks as random.
 		 * Enabled by default.
 		 */
 		convert-to-lowercase yes;
 
-		/* FULLSTATUS-ON-LOAD:
-		 * If enabled, then upon loading it will check all users that are currently
-		 * connected and give a status report about who it would have killed.
-		 * Note that it doesn't actually kill any currently connected users, it is for
-		 * informative purposes only.
-		 * This can be (very) useful if you use the module for the first time.
-		 * But you probably want to disable it after a while, since once the module
-		 * is actively dealing with randomly looking persons, it shouldn't report any
-		 * users anymore on load and then this check only eats useless CPU on /REHASH.
-		 * Enabled by default.
-		 */
-		fullstatus-on-load yes;
-
 		/* SHOW-FAILEDCONNECTS:
-		 * This will send out a notice whenever a randomly looking user has been catched
-		 * during connecting. Obviously this can be pretty noisy.
+		 * This will send out a notice whenever a randomly looking user has been caught
+		 * during connecting. This can be pretty noisy.
 		 * Especially recommended to enable during the first few days you use this module.
 		 */
 		show-failedconnects yes;
 
-		/* EXCEPT-HOSTS:
-		 * Hostmasks on this list are matched against the IP and hostname of the connecting
-		 * user. If it matches then we do not check if the nick/ident/realname is random.
-		 * NOTE: Use the REAL host or IP here, not any cloaked hosts!
+		/* EXCEPT:
+		 * Don't do antirandom checks for these users.
 		 */
-		except-hosts {
-			mask 192.168.*;
-			mask 127.*;
-		};
+		except {
+			/* Exempt WEBIRC gateways because these frequently
+			 * cause false positives. So the default is yes.
+			 */
+			webirc yes;
 
-		/* EXCEPT-WEBIRC:
-		 * This will make antirandom not check connections from WEBIRC gateways.
-		 * ( see https://www.unrealircd.org/docs/WebIRC_block )
-		 * It seems WEBIRC connections frequently cause false positives so the
-		 * default is 'yes'.
-		 */
-		except-webirc yes;
-	};
-};
+			/* Exempt LAN users */
+			ip { 192.168.*; 127.*; }
+
+			// Or by hostname:
+			//mask { *.example.net; }
+
+			/* You can also exempt security groups: */
+			// security-group known-users;
+
+			/* For all options, see https://www.unrealircd.org/docs/Mask_item */
+		}
+	}
+}
+@endif
+
+// This module will send a HTTP 301 redirect to any client which sends
+// a HTTP request to us. This is commented out by default:
+//loadmodule "webredir";
+//set {
+//	webredir {
+//		url 'https://...';
+//	}
+//}
+
+// Load the webserver module, needed for websocket (see next)
+loadmodule "webserver";
 
 // This adds websocket support. For more information, see:
 // https://www.unrealircd.org/docs/WebSocket_support
 loadmodule "websocket";
 
-// This adds support for WHOX
-// This is currently experimental!
-loadmodule "m_whox";
+// This module will detect and stop spam containing characters of
+// mixed "scripts", where (for example) some characters are in
+// Latin script and other characters are in Cyrillic script.
+loadmodule "antimixedutf8";
+@if module-loaded("antimixedutf8")
+set {
+	antimixedutf8 {
+		/* Take action at this 'score' (lower = more sensitive)
+		 *
+		 * A score of 2 or 3 will catch a lot but also
+		 * catch innocent users who are not using a pure
+		 * Latin script, such as Russian people who
+		 * commonly use a mix of Latin and Cyrillic.
+		 *
+		 * A score of 8 is a safe default.
+		 */
+		score 8;
+
+		/* Action to take, see:
+		 * https://www.unrealircd.org/docs/Actions
+		 */
+		ban-action block;
+
+		/* Block/kill/ban reason (sent to user) */
+		ban-reason "Mixed character spam";
+
+		/* Duration of ban (does not apply to block/kill) */
+		ban-time 4h; // For other types
+
+		/* Except these users - see
+		 * https://www.unrealircd.org/docs/Mask_item for options.
+		 */
+		//commented out by default:
+		//except {
+		//	security-group known-users;
+		//	webirc yes;
+		//}
+	}
+}
+@endif
+
+// This module will add support for /EXTJWT command,
+// used for generating authorization tokens for external services.
+// The feature is based on a specification described here:
+// https://github.com/ircv3/ircv3-specifications/pull/341
+// Please create your configuration block based on the example below.
+// Do not uncomment the example.
+//
+// Supported JWT methods: NONE (not recommended), HS256, HS384, HS512,
+// ES256, ES384, ES512, RS256, RS384, RS512
+// Method NONE does not use any cryptography to sign the token. This
+// is only useful for checking whether the service works when initially
+// setting it up. HS* methods use a password that must be shared with
+// the verification service. ES* and RS* methods use public-private key
+// pairs, so the verification service, knowing your public key, can't
+// generate own valid tokens. 
+//
+// For methods requiring a key, place it in your "conf" directory.
+//
+// Use following shell commands to create keys if needed:
+// To generate RS256, RS384 or RS512 private key (for UnrealIRCd):
+// openssl genrsa -out privkey.pem 4096
+// To generate matching public key (for the external service to verify
+// the token):
+// openssl rsa -in privkey.pem -pubout > pubkey.pem
+//
+// To generate ES256, ES384 or ES512 private key (for UnrealIRCd):
+// openssl ecparam -genkey -name secp521r1 -noout -out privkey.pem
+// To generate matching public key (for the external service to verify
+// the token):
+// openssl ec -in privkey.pem -pubout -out pubkey.pem
+//
+// In all cases, substitute your preferred file names for "pubkey.pem"
+// and "privkey.pem".
+
+//loadmodule "extjwt";
+//extjwt {
+//	/* The configuration below is used when no service name is
+//	 * provided by the user command.
+//	 */
+//	method "HS256"; /* described above */
+//	expire-after 30; /* seconds */
+//	secret "somepassword"; /* required for HS* methods */
+//	/* Optional service blocks for generating different tokens.
+//	 * Add as many of these as you need.
+//	 */
+//	service "service1" {
+//		method "ES512";
+//		//secret "anotherpassword"; /* required for HS* method */
+//		key "es512.pem"; /* required for ES* and RS* methods */
+//		//verify-url 'https://example.com/verify/?t=%s'; /* URL for your validation service - optional; use single quotes here! */
+//		expire-after 60; /* seconds, will be inherited from main if not given */
+//	};
+//	/* Another service block. */
+//	service "service2" {
+//		method "RS256";
+//		key "RS256.pem";
+//	};
+//};

doc/conf/modules.sources.list

@@ -0,0 +1,21 @@
+#
+# This file contains the list of repositories that are used
+# by the './unrealircd module' command.
+# Note that 3rd party modules are NOT written by the UnrealIRCd team.
+# Use such modules at your own risk. In case of problems, contact
+# the module author. For more information, see:
+# https://www.unrealircd.org/docs/Module_manager
+#
+
+#
+# This is the unrealircd-contrib repository which is added by default in
+# UnrealIRCd to make it easy for users to install 3rd party modules.
+# If you are a module coder and want to add your module to this repository
+# as well, then read the rules and procedure at:
+# https://www.unrealircd.org/docs/Rules_for_3rd_party_modules_in_unrealircd-contrib
+#
+https://modules.unrealircd.org/modules.list
+
+# You can add more repositories here. However, do note that all
+# URLs MUST start with https://
+

doc/conf/operclass.default.conf

@@ -6,159 +6,139 @@
  *
  * The operclass block is extensively documented at:
  * https://www.unrealircd.org/docs/Operclass_block
+ * And the permissions itself (operclass::permissions) at:
+ * https://www.unrealircd.org/docs/Operclass_permissions
  *
  * DO NOT EDIT THIS FILE! IT WILL BE OVERWRITTEN DURING NEXT UPGRADE!!
- * Instead, if you want to change the privileges in an operclass block,
+ * Instead, if you want to change the permissions in an operclass block,
  * you should copy the definition, or this entire file, to either your
  * unrealircd.conf or some other file (eg: operclass.conf) that you
- * you will include from your unrealircd.conf.
+ * will include from your unrealircd.conf.
  * Then edit it, and while doing so don't forget to change the name
  * of your custom operclass block(s), so operclass <name>.
  */
 
 /* Local IRC Operator */
 operclass locop {
-	privileges {
-		privacy;
+	permissions {
 		chat;
-		channel;
-		client;
+		channel { operonly; override { flood; } }
+		client { see; }
 		immune;
-		self;
-		notice { local; };
-		server { opermotd; info; close; module; dns; rehash; };
-		route { local; };
-		kill { local; };
-		tkl {
+		self { getbaddcc; opermodes; set; }
+		server { opermotd; info; close; module; dns; rehash { local; } }
+		route { local; }
+		kill { local; }
+		server-ban {
 			kline;
-			zline { local; };
-		};
-		trace { local; invisible-users; };
-		map;
-	};
-};
+			zline { local; }
+		}
+	}
+}
 
 /* Global IRC Operator */
 operclass globop {
-	privileges {
-		privacy;
+	permissions {
 		chat;
-		channel;
+		channel { operonly; see; override { flood; } }
 		client;
 		immune;
-		notice;
-		self;
-		server { opermotd; info; close; remote; module; dns; rehash; };
+		self { getbaddcc; opermodes; set; }
+		server { opermotd; info; close; module; dns; rehash;
+		         remote; tsctl { view; } }
 		route;
 		kill;
-		tkl { shun; zline; kline; gline; };
-		trace;
-		who;
-		override { see; };
-		map;
-	};
-};
+		server-ban { dccdeny; shun; zline; kline; gline; }
+	}
+}
 
 /* Server administrator */
 operclass admin {
-	privileges {
-		privacy;
+	permissions {
 		chat;
-		channel;
+		channel { operonly; see; override { flood; } }
 		client;
 		immune;
-		notice;
-		self;
-		server { opermotd; info; close; remote; module; dns; addline; rehash; description; addmotd; addomotd; tsctl; };
+		self { getbaddcc; opermodes; set; }
+		server { opermotd; info; close; module; dns; rehash;
+		         remote; description; addmotd;
+		         addomotd; tsctl { view; } }
 		route;
 		kill;
-		tkl { shun; zline; kline; gline; };
-		spamfilter;
-		trace;
-		who;
-		override { see; };
-		map;
-	};
-};
+		server-ban;
+	}
+}
 
 /* Services Admin */
 operclass services-admin {
-	privileges {
-		privacy;
+	permissions {
 		chat;
-		channel;
+		channel { operonly; see; override { flood; } }
 		client;
 		immune;
-		notice;
-		self;
-		server { opermotd; info; close; remote; module; dns; addline; rehash; description; addmotd; addomotd; tsctl; };
+		self { getbaddcc; opermodes; set; }
+		server { opermotd; info; close; module; dns; rehash;
+		         remote; description; addmotd;
+		         addomotd; tsctl { view; } }
 		route;
 		kill;
-		tkl { shun; zline; kline; gline; };
-		spamfilter;
-		trace;
-		who;
-		sajoin;
-		sapart;
-		samode;
-		override { see; };
-	};
-};
+		server-ban;
+		sacmd;
+		services;
+	}
+}
 
 /* Network Administrator */
 operclass netadmin {
-	privileges {
-		privacy;
+	permissions {
 		chat;
-		channel;
+		channel { operonly; see; override { flood; } }
 		client;
 		immune;
-		notice;
-		self;
-		server { opermotd; info; close; remote; module; dns; addline; rehash; description; addmotd; addomotd; tsctl; };
-		kill;
-		tkl { shun; zline; kline; gline; };
+		self { getbaddcc; opermodes; set; }
+		server { opermotd; info; close; module; dns; rehash;
+		         remote; description; addmotd;
+		         addomotd; tsctl; }
 		route;
-		spamfilter;
-		trace;
-		who;
-		sajoin;
-		sapart;
-		samode;
-		servicebot { deop; kill; };
-		override { see; };
-		map;
-	};
-};
+		kill;
+		server-ban;
+		sacmd;
+		services;
+	}
+}
 
 /* Same as 'globop' operclass, but with OperOverride capabilities added */
 operclass globop-with-override {
 	parent globop;
-	privileges {
-		override;
-	};
-};
+	permissions {
+		channel { operonly; see; override; }
+		self { getbaddcc; opermodes; set; unkickablemode; }
+	}
+}
 
 /* Same as 'admin' operclass, but with OperOverride capabilities added */
 operclass admin-with-override {
 	parent admin;
-	privileges {
-		override;
-	};
-};
+	permissions {
+		channel { operonly; see; override; }
+		self { getbaddcc; opermodes; set; unkickablemode; }
+	}
+}
 
 /* Same as 'services-admin' operclass, but with OperOverride capabilities added */
 operclass services-admin-with-override {
 	parent services-admin;
-	privileges {
-		override;
-	};
-};
+	permissions {
+		channel { operonly; see; override; }
+		self { getbaddcc; opermodes; set; unkickablemode; }
+	}
+}
 
 /* Same as 'netadmin' operclass, but with OperOverride capabilities added */
 operclass netadmin-with-override {
 	parent netadmin;
-	privileges {
-		override;
-	};
-};
+	permissions {
+		channel { operonly; see; override; }
+		self { getbaddcc; opermodes; set; unkickablemode; }
+	}
+}

doc/conf/rpc-class.default.conf

@@ -0,0 +1,39 @@
+/* This file defines a number of default rpc-class blocks which you can
+ * use in your rpc-user blocks (via rpc-user::rpc-class).
+ *
+ * This file is normally included via rpc.modules.default.conf, or you
+ * can do so from your unrealircd.conf through:
+ * include "rpc-class.default.conf";
+ *
+ * The rpc-class block is documented at:
+ * https://www.unrealircd.org/docs/Rpc-class_block
+ *
+ * DO NOT EDIT THIS FILE! IT WILL BE OVERWRITTEN DURING NEXT UPGRADE!!
+ * DO NOT EDIT THIS FILE! IT WILL BE OVERWRITTEN DURING NEXT UPGRADE!!
+ * DO NOT EDIT THIS FILE! IT WILL BE OVERWRITTEN DURING NEXT UPGRADE!!
+ * If you want to tweak rpc-class { } blocks, simply define your own
+ * and optionally use 'parent read-only' or the like if you want to inherit.
+ * Do not edit the build-in rpc-classes from below ('full' and 'read-only').
+ */
+
+rpc-class full {
+	permissions {
+		all;
+	}
+}
+
+rpc-class read-only {
+	permissions {
+		rpc;
+		stats;
+		log;
+		user { list; get; }
+		whowas { get; }
+		server { list; get; }
+		channel { list; get; }
+		server_ban { list; get; }
+		server_ban_exception { list; get; }
+		spamfilter { list; get; }
+		name_ban { list; get; }
+	}
+}

doc/conf/rpc.modules.default.conf

@@ -0,0 +1,65 @@
+/* This file will load all UnrealIRCd modules needed for JSON-RPC,
+ * this allows remote (web) endpoints to query and control UnrealIRCd.
+ * To actually use it, you would also need one or more rpc-user blocks
+ * and one or more special listen blocks, see the documentation at
+ * https://www.unrealircd.org/docs/JSON-RPC.
+ *
+ * You can include this file from your unrealircd.conf, using:
+ * include "rpc.modules.default.conf";
+ *
+ * DO NOT EDIT THIS FILE! IT WILL BE OVERWRITTEN DURING NEXT UPGRADE!!
+ * If you want to customize the modules to load you have two options:
+ * 1) Keep the include for rpc.modules.default.conf as usual and make use
+ *    of blacklist-module "xyz"; to selectively disable modules.
+ *    See https://www.unrealircd.org/docs/Blacklist-module_directive
+ * 2) OR, make a copy of this file (eg: name it rpc.modules.custom.conf)
+ *    and edit it. Then include that file from your unrealircd.conf
+ *    instead of this one.
+ * The downside of option #2 is that you will need to track changes
+ * in the original rpc.modules.default.conf with each new UnrealIRCd
+ * release to make sure you don't miss any new functionality (as new
+ * important modules may be added you need to add them to your conf).
+ * You don't have this problem with option #1.
+ */
+
+/* The RPC modules are loaded in modules.default.conf nowadays,
+ * so we only need to load the web server and add the default
+ * local RPC UNIX socket socket.
+ */
+
+/* These are required for RPC to work */
+loadmodule "webserver";
+loadmodule "websocket_common";
+
+/* And a RPC listen socket */
+@if !defined($NO_DEFAULT_RPC_SOCKET)
+listen {
+	file "rpc.socket";
+	options { rpc; }
+}
+@endif
+
+/* And a memory log block */
+@if !defined($NO_DEFAULT_LOG_MEMORY_BLOCK)
+log {
+	source {
+		all;
+		!debug;
+		!join.LOCAL_CLIENT_JOIN;
+		!join.REMOTE_CLIENT_JOIN;
+		!part.LOCAL_CLIENT_PART;
+		!part.REMOTE_CLIENT_PART;
+		!kick.LOCAL_CLIENT_KICK;
+		!kick.REMOTE_CLIENT_KICK;
+	}
+	destination {
+		memory {
+			max-lines 1000;
+			max-time 7d;
+		}
+	}
+}
+@endif
+
+/* Also load the default rpc-class { } blocks */
+include "rpc-class.default.conf";

doc/conf/snomasks.default.conf

@@ -0,0 +1,270 @@
+/* Default snomask configuration.
+ *
+ * DO NOT EDIT THIS FILE! IT WILL BE OVERWRITTEN DURING NEXT UPGRADE!!
+ * If you want to customize it, make a copy of this file
+ *  (eg: name it snomasks.custom.conf) and edit it.
+ * Then include that file from your unrealircd.conf instead of this one.
+ */
+
+/* Server bans snomask - 'b' */
+log {
+	source {
+		tkl.BAN_REALNAME;
+		tkl.TKL_ADD;
+		tkl.TKL_DEL;
+		tkl.TKL_ADD_TEMPSHUN;
+		tkl.TKL_DEL_TEMPSHUN;
+		tkl.TKL_EXPIRE;
+		tkl.RMTKL_COMMAND;
+	}
+	destination {
+		snomask b;
+	}
+}
+
+/* Blacklist snomask: 'B' */
+log {
+	source {
+		blacklist;
+	}
+	destination {
+		snomask B;
+	}
+}
+
+/* Local client connects snomask - 'c' */
+log {
+	source {
+		connect.LOCAL_CLIENT_CONNECT;
+		connect.LOCAL_CLIENT_DISCONNECT;
+	}
+	destination {
+		snomask c;
+	}
+}
+
+/* Remote client connects snomask - 'C' */
+log {
+	source {
+		connect.REMOTE_CLIENT_CONNECT;
+		connect.REMOTE_CLIENT_DISCONNECT;
+	}
+	destination {
+		snomask C;
+	}
+}
+
+/* DCC rejections snomask - 'd' */
+log {
+	source {
+		dcc;
+	}
+	destination {
+		snomask d;
+	}
+}
+
+/* Debug snomask (not recommended) - 'D' */
+log {
+	source {
+		debug;
+	}
+	destination {
+		snomask D;
+	}
+}
+
+/* Floods snomask - 'f' */
+log {
+	source {
+		flood;
+	}
+	destination {
+		snomask f;
+	}
+}
+
+/* Join, parts, kicks - 'j' */
+log {
+	source {
+		join.LOCAL_CLIENT_JOIN;
+		join.REMOTE_CLIENT_JOIN;
+		part.LOCAL_CLIENT_PART;
+		part.REMOTE_CLIENT_PART;
+		kick.LOCAL_CLIENT_KICK;
+		kick.REMOTE_CLIENT_KICK;
+	}
+	destination {
+		snomask j;
+	}
+}
+
+/* Kill snomask */
+log {
+	source {
+		kill;
+	}
+	destination {
+		snomask k;
+	}
+}
+
+/* Local nick changes snomask - 'n' */
+log {
+	source {
+		nick.LOCAL_NICK_CHANGE;
+	}
+	destination {
+		snomask n;
+	}
+}
+
+/* Remote nick changes snomask - 'N' */
+log {
+	source {
+		nick.REMOTE_NICK_CHANGE;
+	}
+	destination {
+		snomask N;
+	}
+}
+
+/* Deny nick (QLINE) rejections snomask - 'q' */
+log {
+	source {
+		nick.QLINE_NICK_LOCAL_ATTEMPT;
+		nick.QLINE_NICK_REMOTE;
+	}
+	destination {
+		snomask q;
+	}
+}
+
+/* Spamfilter hits snomask - 'S' */
+log {
+	source {
+		tkl.SPAMFILTER_MATCH;
+	}
+	destination {
+		snomask S;
+	}
+}
+
+/* IRCOp overriding in channels (OperOverride) - 'o' */
+log {
+	source {
+		operoverride;
+	}
+	destination {
+		snomask o;
+	}
+}
+
+/* IRCOp changing user properties or forcing users to do things - 'O' */
+log {
+	source {
+		chgcmds;
+		sacmds;
+	}
+	destination {
+		snomask O;
+	}
+}
+
+/* VHOST usage - 'v' */
+log {
+	source {
+		vhost;
+	}
+	destination {
+		snomask v;
+	}
+}
+
+/* JSON-RPC usage - 'R' */
+log {
+	source {
+		rpc;
+	}
+	destination {
+		snomask R;
+	}
+}
+
+/* Spam reports - 'r' */
+log {
+	source {
+		spamreport;
+	}
+	destination {
+		snomask r;
+	}
+}
+
+/* Connection-limit rejections (maxperip / connthrottle) - 'x' */
+log {
+	source {
+		connthrottle.CONNTHROTTLE_IPV6_LIMIT;
+		maxperip.MAXPERIP_LIMIT;
+	}
+	destination {
+		snomask x;
+	}
+}
+
+/* Snomask s (server notices) - the "catch all" snomask for all other things */
+log {
+	source {
+		link;
+		oper;
+		!debug;
+		nomatch;
+	}
+	destination {
+		snomask s;
+	}
+}
+
+/* These log sources are sent to all servers (globally).
+ * These are generally two categories:
+ * 1) Things that affect the network as a whole, eg linking
+ * 2) Things that otherwise cannot be logged by a remote server
+ *    that may interest ircops. Eg: a spamfilter match,
+ *    since that would otherwise not be propagated.
+ */
+log {
+	source {
+		/* All link messages affect the network so
+		 * these should be global. Except for the
+		 * link connecting... and timeout while
+		 * connecting.. messages, which can be noisy.
+		 */
+		link;
+		!link.LINK_CONNECTING;
+		!link.LINK_CONNECT_TIMEOUT;
+		!link.SERVER_LINKED_REMOTE;
+		!link.SERVER_LINKED;
+		/* All oper up/downs */
+		oper;
+		/* Flood messages, important to keep an eye on, network-wide */
+		flood;
+		/* TEMPSHUN: these are otherwise missing for snomask 'b' */
+		tkl.TKL_ADD_TEMPSHUN;
+		tkl.TKL_DEL_TEMPSHUN;
+		/* Spamfilter matches: needed for snomask 'S' */
+		tkl.SPAMFILTER_MATCH;
+		/* Critical issue: */
+		tls.TLS_CERT_EXPIRING;
+		/* SAMODE: needed for snomask 'o' */
+		samode.SAMODE_COMMAND;
+		/* Blacklist hits */
+		blacklist;
+		/* Central blocklist hits and errors */
+		central-blocklist;
+		/* Never any debug messages */
+		!debug;
+	}
+	destination {
+		remote;
+	}
+}

doc/conf/spamfilter.conf

@@ -1,232 +1,154 @@
 /*
- * This an example spamfilter file, it contains several
- * real and useful spamfilters. This should give you an
- * idea of how powerful spamfilter can be in real-life
- * situations.
+ * This configuration file contains example spamfilter rules.
+ * They are real rules that were useful a long time ago.
+ * Since 2005 these rules are no longer maintained.
+ * The main purpose nowadays is to serve as an example
+ * to give you an idea of how powerful spamfilters can
+ * be in real-life situations.
  *
- * $Id$
+ * Documentation on spamfilter is available at:
+ * https://www.unrealircd.org/docs/Spamfilter
  */
 
-/* Guidelines on the 'action' field:
- * As a general rule we use 'action block' for any newly added
- * spamfilters at first, later on (after knowing about false
- * positives) we might change some to viruschan/kill/gline/etc..
+/* General notes:
+ * 1) We use match 'xyz' instead of match "xyz". When using single quotes
+ *    you don't risk it being interpreted as an URL for remote includes.
+ * 2) If you want to use a \ in a spamfilter, or in fact anywhere in the
+ *    configuration file, then you need to escape this to \\ instead.
+ */
+
+/* First some spamfilters with match-type 'simple'.
+ * The only matchers available are * and ?
+ * PRO's: very fast, easy matching: everyone can do this.
+ * CON's: limited ability to fine-tune spamfilters
  */
 
 spamfilter {
-	match-type posix;
-	match "\x01DCC (SEND|RESUME)[ ]+\"(.+ ){20}";
-	target { private; channel; };
-	action kill;
-	reason "mIRC 6.0-6.11 exploit attempt";
-};
-
-spamfilter {
-	match-type posix;
-	match "\x01DCC (SEND|RESUME).{225}";
-	target { private; channel; };
-	action kill;
-	reason "Possible mIRC 6.12 exploit attempt";
-};
-
-spamfilter {
-	match-type posix;
-	match "Come watch me on my webcam and chat /w me :-\) http://.+:\d+/me\.mpg";
+	match-type simple;
+	match 'Come watch me on my webcam and chat /w me :-) http://*:*/me.mpg';
 	target private;
 	action gline;
 	reason "Infected by fyle trojan: see http://www.sophos.com/virusinfo/analyses/trojfylexa.html";
-};
+}
 
+/* This signature uses a \ which has to escaped to \\ in the configuration file */
 spamfilter {
-	match-type posix;
-	match "Speed up your mIRC DCC Transfer by up to 75%.*www\.freewebs\.com/mircupdate/mircspeedup\.exe";
-	target private;
-	action gline;
-	reason "Infected by mirseed trojan: see http://www.sophos.com/virusinfo/analyses/trojmirseeda.html";
-};
-
-spamfilter {
-	match-type posix;
-	match "^http://www\.angelfire\.com/[a-z0-9]+/[a-z0-9]+/[a-z_]+\.jpg <- .*!";
-	target private;
-	action block;
-	reason "Infected by fagot worm: see http://www.f-secure.com/v-descs/fagot.shtml";
-};
-
-spamfilter {
-	match-type posix;
-	match "^FREE PORN: http://free:porn@([0-9]{1,3}\.){3}[0-9]{1,3}:8180$";
-	target private;
-	action gline;
-	reason "Infected by aplore worm: see http://www.f-secure.com/v-descs/aplore.shtml";
-};
-
-spamfilter {
-	match-type posix;
-	match "^!login Wasszup!$";
-	target channel;
-	action gline;
-	reason "Attempting to login to a GTBot";
-};
-
-spamfilter {
-	match-type posix;
-	match "^!login grrrr yeah baby!$";
-	target channel;
-	action gline;
-	reason "Attempting to login to a GTBot";
-};
-
-spamfilter {
-	match-type posix;
-	match "^!packet ([0-9]{1,3}\.){3}[0-9]{1,3} [0-9]{1,15}";
-	target channel;
-	action gline;
-	reason "Attempting to use a GTBot";
-};
-
-spamfilter {
-	match-type posix;
-	match "^!icqpagebomb ([0-9]{1,15} ){2}.+";
-	target channel;
-	action gline;
-	reason "Attempting to use a GTBot";
-};
-
-spamfilter {
-	match-type posix;
-	match "^!pfast [0-9]{1,15} ([0-9]{1,3}\.){3}[0-9]{1,3} [0-9]{1,5}$";
-	target channel;
-	action gline;
-	reason "Attempting to use a GTBot";
-};
-
-spamfilter {
-	match-type posix;
-	match "^!portscan ([0-9]{1,3}\.){3}[0-9]{1,3} [0-9]{1,5} [0-9]{1,5}$";
-	target channel;
-	action gline;
-	reason "Attempting to use a GTBot";
-};
-
-spamfilter {
-	match-type posix;
-	match "^.u(dp)? ([0-9]{1,3}\.){3}[0-9]{1,3} [0-9]{1,15} [0-9]{1,15} [0-9]{1,15}( [0-9])*$";
-	target channel;
-	action gline;
-	reason "Attempting to use an SDBot";
-};
-
-spamfilter {
-	match-type posix;
-	match "^.syn ((([0-9]{1,3}\.){3}[0-9]{1,3})|([a-zA-Z0-9_-]+\.[a-zA-Z0-9_-]+\.[a-zA-Z0-9_.-]+)) [0-9]{1,5} [0-9]{1,15} [0-9]{1,15}";
-	target { channel; private; };
-	action gline;
-	reason "Attempting to use a SpyBot";
-};
-
-spamfilter {
-	match-type posix;
-	match "^porn! porno! http://.+\/sexo\.exe";
-	target private;
-	action gline;
-	reason "Infected by soex trojan: see http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FSOEX.A";
-};
-
-spamfilter {
-	match-type posix;
-	match "(^wait a minute plz\. i am updating my site|.*my erotic video).*http://.+/erotic(a)?/myvideo\.exe$";
-	target private;
-	action gline;
-	reason "Infected by some trojan (erotica?)";
-};
-
-spamfilter {
-	match-type posix;
-	match "^STOP SPAM, USE THIS COMMAND: //write nospam \$decode\(.+\) \| \.load -rs nospam \| //mode \$me \+R$";
-	target private;
-	action gline;
-	reason "Infected by nkie worm: see http://www.trojaninfo.com/nkie/nkie.htm";
-};
-
-spamfilter {
-	match-type posix;
-	match "^FOR MATRIX 2 DOWNLOAD, USE THIS COMMAND: //write Matrix2 \$decode\(.+=,m\) \| \.load -rs Matrix2 \| //mode \$me \+R$";
-	target private;
-	action gline;
-	reason "Infected by nkie worm: see http://www.trojaninfo.com/nkie/nkie.htm";
-};
-
-spamfilter {
-	match-type posix;
-	match "^hey .* to get OPs use this hack in the chan but SHH! //\$decode\(.*,m\) \| \$decode\(.*,m\)$";
-	target private;
-	action gline;
-	reason "Infected by nkie worm: see http://www.trojaninfo.com/nkie/nkie.htm";
-};
-
-spamfilter {
-	match-type posix;
-	match ".*(http://jokes\.clubdepeche\.com|http://horny\.69sexy\.net|http://private\.a123sdsdssddddgfg\.com).*";
-	target private;
-	action gline;
-	reason "Infected by LOI trojan";
-};
-
-/* This is a 'general sig' which might have a tad more false positives, hence just 'block' is used */
-spamfilter {
-	match-type posix;
-	match "C:\\WINNT\\system32\\[][0-9a-z_-{|}`]+\.zip";
+	match-type simple;
+	match 'C:\\WINNT\\system32\\*.zip';
 	target dcc;
 	action block;
 	reason "Infected by Gaggle worm?";
-};
+}
 
 spamfilter {
-	match-type posix;
-	match "C:\\WINNT\\system32\\(notes|videos|xxx|ManualSeduccion|postal|hechizos|images|sex|avril)\.zip";
-	target dcc;
-	action dccblock;
-	reason "Infected by Gaggle worm";
-};
-
-spamfilter {
-	match-type posix;
-	match "http://.+\.lycos\..+/[iy]server[0-9]/[a-z]{4,11}\.(gif|jpg|avi|txt)";
-	target { private; quit; };
-	action block;
-	reason "Infected by Gaggle worm";
-};
-
-spamfilter {
-	match-type posix;
-	match "^Free porn pic.? and movies (www\.sexymovies\.da\.ru|www\.girlporn\.org)";
+	match-type simple;
+	match 'Speed up your mIRC DCC Transfer by up to 75%*www.freewebs.com/mircupdate/mircspeedup.exe';
 	target private;
-	action block;
-	reason "Unknown virus. Site causes Backdoor.Delf.lq infection";
-};
+	action gline;
+	reason "Infected by mirseed trojan: see http://www.sophos.com/virusinfo/analyses/trojmirseeda.html";
+}
 
 spamfilter {
-	match-type posix;
-	match "^LOL! //echo -a \$\(\$decode\(.+,m\),[0-9]\)$";
-	target channel;
-	action block;
-	reason "$decode exploit";
-};
+	match-type simple;
+	match 'STOP SPAM, USE THIS COMMAND: //write nospam $decode(*) | .load -rs nospam | //mode $me +R';
+	target private;
+	action gline;
+	reason "Infected by nkie worm: see http://www.trojaninfo.com/nkie/nkie.htm";
+}
 
-/*
-spamfilter {
-	regex "//write \$decode\(.+\|.+load -rs";
-	target { private; channel; };
-	reason "Generic $decode exploit";
-	action block;
-};
-*/
 
+/* Now spamfilters of type 'regex'.
+ * These use powerful regular expressions (Perl/PCRE style)
+ * You may have to learn more about "regex" first before you
+ * can use them. For example the dot ('.') has special meaning.
+ */
+
+/* This regex shows a pattern which requires 20 paramaters,
+ * such as "x x x x x x x x x x x x x x x x x x x x"
+ */
 spamfilter {
-	match-type posix;
-	match "^Want To Be An IRCOp\? Try This New Bug Type: //write \$decode\(.+=.?,m\) \| \.load -rs \$decode\(.+=.?,m\)$";
+	match-type regex;
+	match '\x01DCC (SEND|RESUME)[ ]+\"(.+ ){20}';
+	target { private; channel; }
+	action kill;
+	reason "mIRC 6.0-6.11 exploit attempt";
+}
+
+/* Similarly, this regex shows a pattern that matches
+ * against at least 225 characters in length.
+ */
+spamfilter {
+	match-type regex;
+	match '\x01DCC (SEND|RESUME).{225}';
+	target { private; channel; }
+	action kill;
+	reason "Possible mIRC 6.12 exploit attempt";
+}
+
+/* Earlier you saw an example of a $decode exploit which used
+ * match-type 'simple' and - indeed - the filter was quite simple.
+ * The following uses a regex with a similar example.
+ * Regular expressions are very powerful but here you can see
+ * that it actually complicates writing a filter quite a bit.
+ * With regex in this filter we need to escape the ( and all
+ * the dots, question marks, etc. if we want to match these
+ * characters in literal text.
+ */
+spamfilter {
+	match-type regex;
+	match '^Want To Be An IRCOp\? Try This New Bug Type: //write \$decode\(.+=.?,m\) \| \.load -rs \$decode\(.+=.?,m\)$';
 	target private;
 	action block;
 	reason "Spamming users with an mIRC trojan. Type '/unload -rs newb' to remove the trojan.";
-};
+}
+
+spamfilter {
+	match-type regex;
+	match '^http://www\.angelfire\.com/[a-z0-9]+/[a-z0-9]+/[a-z_]+\.jpg <- .*!';
+	target private;
+	action block;
+	reason "Infected by fagot worm: see http://www.f-secure.com/v-descs/fagot.shtml";
+}
+
+/* This shows a regex which specifically matches an entire line by 
+ * the use of ^ and $
+ */
+spamfilter {
+	match-type regex;
+	match '^!login Wasszup!$';
+	target channel;
+	action gline;
+	reason "Attempting to login to a GTBot";
+}
+
+/* An example of how to match against an IP address in text (IPv4 only) */
+spamfilter {
+	match-type regex;
+	match '^!packet ([0-9]{1,3}\.){3}[0-9]{1,3} [0-9]{1,15}';
+	target channel;
+	action gline;
+	reason "Attempting to use a GTBot";
+}
+
+/* A slightly more complex example with a partial OR matcher (|) */
+spamfilter {
+	match-type regex;
+	match '(^wait a minute plz\. i am updating my site|.*my erotic video).*http://.+/erotic(a)?/myvideo\.exe$';
+	target private;
+	action gline;
+	reason "Infected by some trojan (erotica?)";
+}
+
+/* In regex a \ is special and needs to be escaped to \\
+ * However in this configuration file, \ is also special and
+ * needs to be escaped to \\ as well.
+ * The result is that we need double escaping:
+ * To match a \ you need to write \\\\ in the configuration file.
+ */
+spamfilter {
+	match-type regex;
+	match 'C:\\\\WINNT\\\\system32\\\\(notes|videos|xxx|ManualSeduccion|postal|hechizos|images|sex|avril)\.zip';
+	target dcc;
+	action dccblock;
+	reason "Infected by Gaggle worm";
+}

doc/conf/tls/tls.cnf

@@ -1,12 +1,9 @@
 # create RSA certs - Server
 
-RANDFILE = ssl.rnd
-
 [ req ]
-default_bits = 4096
-encrypt_key = yes
+# Note: RSA bits is ignored, as we use ECC now
+default_bits = 2048
 distinguished_name = req_dn
-x509_extensions = cert_type
 
 [ req_dn ]
 countryName = Country Name
@@ -28,6 +25,3 @@ organizationalUnitName_default  = IRCd
 0.commonName                    = Common Name (Full domain of your server)
 1.commonName_value              = localhost
 
-[ cert_type ]
-nsCertType = server
-

doc/technical/005.txt

@@ -18,14 +18,14 @@ by this server"
 Currently UnrealIRCd supports several tokens that are included in numeric 005. A list of
 all tokens, their respective value and a brief description are listed below.
 
-Unreal attempts to follow the proposed ISupport standard as much as possible. Unreal only
-ignores the standard in one regard, the TARGMAX token. This token is believed to be 
+UnrealIRCd attempts to follow the proposed ISupport standard as much as possible. UnrealIRCd
+only ignores the standard in one regard, the TARGMAX token. This token is believed to be 
 impractical and technically impossible to correctly implement due to existing limitations
 in the standard. Therefore, this token is not currently supported. 
 
-Unreal does additionally provide a few tokens which are not specified in the standard, these
+UnrealIRCd does additionally provide a few tokens which are not specified in the standard, these
 include: HCN, AWAYLEN, WATCH, SILENCE, EXTBAN, ELIST, CMDS, NAMESX, UHNAMES, and WATCHOPTS.
-Unreal also maintains a few legacy tokens such as MAXCHANNELS and WALLCHOPS to ensure
+UnrealIRCd also maintains a few legacy tokens such as MAXCHANNELS and WALLCHOPS to ensure
 compatibility until the ISupport standard is more widely accepted by clients.
 
 Token         Value           Default Value                Description

doc/translations.txt

@@ -1,6 +1,6 @@
 ==[ Translations ]===========================================================
 
-In UnrealIRCd 4 we support the following translations:
+In UnrealIRCd we support the following translations:
 * on-line documentation at https://www.unrealircd.org/docs/ (wiki!)
 * help.conf
 * example.conf

extras/VStudioAnalyze.ruleset

@@ -0,0 +1,155 @@
+<?xml version="1.0" encoding="utf-8"?>
+<RuleSet Name="UnrealIRCd rules - based off Microsoft Native Minimum Rules" Description="These rules focus on the most critical problems in your native code, including potential security holes and application crashes. It is recommended to include this rule set in any custom rule set you create for your native projects." ToolsVersion="10.0">
+  <Localization ResourceAssembly="Microsoft.VisualStudio.CodeAnalysis.RuleSets.Strings.dll" ResourceBaseName="Microsoft.VisualStudio.CodeAnalysis.RuleSets.Strings.Localized">
+    <Name Resource="NativeMinimumRules_Name" />
+    <Description Resource="NativeMinimumRules_Description" />
+  </Localization>
+
+  <Rules AnalyzerId="Microsoft.Analyzers.NativeCodeAnalysis" RuleNamespace="Microsoft.Rules.Native">
+<!-- Many false positives    <Rule Id="C6001" Action="Warning" /> -->
+<!-- Many false positives    <Rule Id="C6011" Action="Warning" /> -->
+    <Rule Id="C6029" Action="Warning" />
+    <Rule Id="C6053" Action="Warning" />
+    <Rule Id="C6059" Action="Warning" />
+    <Rule Id="C6063" Action="Warning" />
+    <Rule Id="C6064" Action="Warning" />
+    <Rule Id="C6066" Action="Warning" />
+    <Rule Id="C6067" Action="Warning" />
+    <Rule Id="C6101" Action="Warning" />
+    <Rule Id="C6200" Action="Warning" />
+    <Rule Id="C6201" Action="Warning" />
+    <Rule Id="C6270" Action="Warning" />
+    <Rule Id="C6271" Action="Warning" />
+    <Rule Id="C6272" Action="Warning" />
+    <Rule Id="C6273" Action="Warning" />
+    <Rule Id="C6274" Action="Warning" />
+    <Rule Id="C6276" Action="Warning" />
+    <Rule Id="C6277" Action="Warning" />
+    <Rule Id="C6284" Action="Warning" />
+    <Rule Id="C6290" Action="Warning" />
+    <Rule Id="C6291" Action="Warning" />
+    <Rule Id="C6302" Action="Warning" />
+    <Rule Id="C6303" Action="Warning" />
+    <Rule Id="C6305" Action="Warning" />
+    <Rule Id="C6306" Action="Warning" />
+    <Rule Id="C6328" Action="Warning" />
+<!--    <Rule Id="C6385" Action="Warning" /> more false positives -->
+<!--    <Rule Id="C6386" Action="Warning" /> the analysis this one does - or lack thereof - is particularly dumb pffff -->
+<!--    <Rule Id="C6387" Action="Warning" /> more null/0 false positives -->
+    <Rule Id="C6500" Action="Warning" />
+    <Rule Id="C6501" Action="Warning" />
+    <Rule Id="C6503" Action="Warning" />
+    <Rule Id="C6504" Action="Warning" />
+    <Rule Id="C6505" Action="Warning" />
+    <Rule Id="C6506" Action="Warning" />
+    <Rule Id="C6508" Action="Warning" />
+    <Rule Id="C6509" Action="Warning" />
+    <Rule Id="C6510" Action="Warning" />
+    <Rule Id="C6511" Action="Warning" />
+    <Rule Id="C6513" Action="Warning" />
+    <Rule Id="C6514" Action="Warning" />
+    <Rule Id="C6515" Action="Warning" />
+    <Rule Id="C6516" Action="Warning" />
+    <Rule Id="C6517" Action="Warning" />
+    <Rule Id="C6518" Action="Warning" />
+    <Rule Id="C6522" Action="Warning" />
+    <Rule Id="C6525" Action="Warning" />
+    <Rule Id="C6527" Action="Warning" />
+    <Rule Id="C6530" Action="Warning" />
+    <Rule Id="C6540" Action="Warning" />
+    <Rule Id="C6551" Action="Warning" />
+    <Rule Id="C6552" Action="Warning" />
+    <Rule Id="C6701" Action="Warning" />
+    <Rule Id="C6702" Action="Warning" />
+    <Rule Id="C6703" Action="Warning" />
+    <Rule Id="C6704" Action="Warning" />
+    <Rule Id="C6705" Action="Warning" />
+    <Rule Id="C6706" Action="Warning" />
+
+    <!-- CppCoreCheck -->
+    <!-- Span/View over temporary -->
+    <Rule Id="C26449" Action="Warning" />
+    <!-- Arithmetic overflow -->
+    <Rule Id="C26450" Action="Warning" />
+    <Rule Id="C26451" Action="Warning" />
+    <Rule Id="C26452" Action="Warning" />
+    <Rule Id="C26453" Action="Warning" />
+    <Rule Id="C26454" Action="Warning" />
+    <!-- Unitialized Member -->
+    <Rule Id="C26495" Action="Warning" />
+
+    <Rule Id="C28021" Action="Warning" />
+<!--    <Rule Id="C28182" Action="Warning" /> false positives for dereferencing null ptr -->
+    <Rule Id="C28202" Action="Warning" />
+    <Rule Id="C28203" Action="Warning" />
+    <Rule Id="C28205" Action="Warning" />
+    <Rule Id="C28206" Action="Warning" />
+    <Rule Id="C28207" Action="Warning" />
+    <Rule Id="C28210" Action="Warning" />
+    <Rule Id="C28211" Action="Warning" />
+    <Rule Id="C28212" Action="Warning" />
+    <Rule Id="C28213" Action="Warning" />
+    <Rule Id="C28214" Action="Warning" />
+    <Rule Id="C28215" Action="Warning" />
+    <Rule Id="C28216" Action="Warning" />
+    <Rule Id="C28217" Action="Warning" />
+    <Rule Id="C28218" Action="Warning" />
+    <Rule Id="C28219" Action="Warning" />
+    <Rule Id="C28220" Action="Warning" />
+    <Rule Id="C28221" Action="Warning" />
+    <Rule Id="C28222" Action="Warning" />
+    <Rule Id="C28223" Action="Warning" />
+    <Rule Id="C28224" Action="Warning" />
+    <Rule Id="C28225" Action="Warning" />
+    <Rule Id="C28226" Action="Warning" />
+    <Rule Id="C28227" Action="Warning" />
+    <Rule Id="C28228" Action="Warning" />
+    <Rule Id="C28229" Action="Warning" />
+    <Rule Id="C28230" Action="Warning" />
+    <Rule Id="C28231" Action="Warning" />
+    <Rule Id="C28232" Action="Warning" />
+    <Rule Id="C28233" Action="Warning" />
+    <Rule Id="C28234" Action="Warning" />
+    <Rule Id="C28235" Action="Warning" />
+    <Rule Id="C28236" Action="Warning" />
+    <Rule Id="C28237" Action="Warning" />
+    <Rule Id="C28238" Action="Warning" />
+    <Rule Id="C28239" Action="Warning" />
+    <Rule Id="C28240" Action="Warning" />
+    <Rule Id="C28241" Action="Warning" />
+    <Rule Id="C28243" Action="Warning" />
+    <Rule Id="C28245" Action="Warning" />
+    <Rule Id="C28246" Action="Warning" />
+    <Rule Id="C28250" Action="Warning" />
+<!--    <Rule Id="C28251" Action="Warning" /> this may be real but it's damn annoying: inconsistent annotation for function -->
+    <Rule Id="C28252" Action="Warning" />
+    <Rule Id="C28253" Action="Warning" />
+    <Rule Id="C28254" Action="Warning" />
+    <Rule Id="C28262" Action="Warning" />
+    <Rule Id="C28263" Action="Warning" />
+    <Rule Id="C28267" Action="Warning" />
+    <Rule Id="C28272" Action="Warning" />
+    <Rule Id="C28273" Action="Warning" />
+    <Rule Id="C28275" Action="Warning" />
+    <Rule Id="C28279" Action="Warning" />
+    <Rule Id="C28280" Action="Warning" />
+    <Rule Id="C28282" Action="Warning" />
+    <Rule Id="C28285" Action="Warning" />
+    <Rule Id="C28286" Action="Warning" />
+    <Rule Id="C28287" Action="Warning" />
+    <Rule Id="C28288" Action="Warning" />
+    <Rule Id="C28289" Action="Warning" />
+    <Rule Id="C28290" Action="Warning" />
+    <Rule Id="C28291" Action="Warning" />
+    <Rule Id="C28300" Action="Warning" />
+    <Rule Id="C28301" Action="Warning" />
+    <Rule Id="C28302" Action="Warning" />
+    <Rule Id="C28303" Action="Warning" />
+    <Rule Id="C28304" Action="Warning" />
+    <Rule Id="C28305" Action="Warning" />
+    <Rule Id="C28308" Action="Warning" />
+    <Rule Id="C28309" Action="Warning" />
+    <Rule Id="C28350" Action="Warning" />
+    <Rule Id="C28351" Action="Warning" />
+  </Rules>
+</RuleSet>

extras/build-tests/nix/build

@@ -10,20 +10,41 @@ if [ "$1" != "" ]; then
 	BUILDCONFIG="$*"
 fi
 
-export MAKE="make -j3"
-export CPPFLAGS="-DFAKELAG_CONFIGURABLE"
+if [[ "$OSTYPE" == "freebsd"* ]]; then
+	export MAKE="gmake -j4"
+else
+	export MAKE="make -j4"
+fi
+
+# -DRAWCMDLOGGING was dropped, but can be useful for debugging
+export CPPFLAGS="$CPPFLAGS -DFAKELAG_CONFIGURABLE -DNOREMOVETMP -DTESTSUITE"
+
+# !! skipped for now: extras/build-tests/nix/select-config $BUILDCONFIG !!
+# !! temporary use this:
+cp extras/build-tests/nix/configs/default ./config.settings
+
+if [ "$USE_SHIPPED_LIBS" = "1" ]; then
+    echo 'EXTRAPARA="--enable-werror --without-system-pcre2 --without-system-argon2 --without-system-sodium --without-system-cares --without-system-jansson"' >>config.settings
+fi
+
+# If SSLDIR is set the environment, this overrides config.settings
+# Used for example in the openssl3 build tests.
+if [ "$SSLDIR" != "" ]; then
+	echo 'SSLDIR="'"$SSLDIR"'"' >>config.settings
+fi
 
-extras/build-tests/nix/select-config $BUILDCONFIG
 # Read config.settings, this makes a couple of variables available to us.
 . ./config.settings
 if [ "$SSLDIR" != "" ]; then
 	# In case we build local openssl/libressl
 	export LD_LIBRARY_PATH="$SSLDIR/lib"
 fi
-./Config -quick || (tail -n 5000 config.log; echo '*** now tre:'; tail -n 5000 extras/tre-0.8.0-git/config.log; echo '** end of tre config.log **'; exit 1)
+./Config -quick || (tail -n 5000 config.log; exit 1)
 $MAKE
-yes ''|make pem
-make install
+(echo 'Y'; yes '')|./unrealircd mkcert
+$MAKE || exit 1
+$MAKE install || exit 1
+./unrealircd module install third/dumpcmds || exit 1
 
 set +x
 echo ""
@@ -37,22 +58,5 @@ else
 	ldd ~/unrealircd/bin/unrealircd
 fi
 
-if [ "$BUILDCONFIG" = "local-curl" ]; then
-	# We broke the system significantly earlier that build tests
-	# won't work (eg: 'git' is uninstallable). Don't bother
-	# running the tests. I don't expect a 'local-curl' specific
-	# bug anyway.
-	exit 0
-fi
-
-if [[ "$OSTYPE" == "darwin"* ]]; then
-	# 'rake' doesn't work. have to figure that one out..
-	echo "Not running test on OS X for now"
-	exit 0
-fi
-
-echo ""
-echo ""
-echo "Now running UnrealIRCd test framework..."
-set -x
-extras/build-tests/nix/run-tests
+# This was only the 'building' part, so give a hint...
+echo "You can now run extras/build-tests/nix/run-tests"

extras/build-tests/nix/configs/default

@@ -1,3 +1,9 @@
+# These are the settings saved from running './Config'.
+# Note that it is not recommended to edit config.settings by hand!
+# Chances are you misunderstand what a variable does or what the
+# supported values are. You better just re-run the ./Config script
+# and answer appropriately there, to get a correct config.settings
+# file.
 #
 BASEPATH=$HOME/unrealircd
 BINDIR=$HOME/unrealircd/bin
@@ -8,22 +14,17 @@ LOGDIR=$HOME/unrealircd/logs
 CACHEDIR=$HOME/unrealircd/cache
 DOCDIR=$HOME/unrealircd/doc
 TMPDIR=$HOME/unrealircd/tmp
-LIBDIR=$HOME/unrealircd/lib
-PREFIXAQ="1"
-MAXSENDQLENGTH="3000000"
-MAXCONNECTIONS="1024"
+PRIVATELIBDIR=$HOME/unrealircd/lib
+MAXCONNECTIONS_REQUEST="auto"
 NICKNAMEHISTORYLENGTH="2000"
+GEOIP="classic"
 DEFPERM="0600"
 SSLDIR=""
 REMOTEINC=""
 CURLDIR=""
-SHOWLISTMODES="1"
-TOPICNICKISNUH=""
-SHUNNOTICES=""
 NOOPEROVERRIDE=""
-DISABLEUSERMOD=""
 OPEROVERRIDEVERIFY=""
-DISABLEEXTBANSTACKING=""
 GENCERTIFICATE="0"
-#EXTRAPARA="--enable-werror"
+SANITIZER="asan"
+EXTRAPARA="--enable-werror"
 ADVANCED=""

extras/build-tests/nix/hardening-check.sh

@@ -0,0 +1,100 @@
+#!/bin/bash
+# hardening-check.sh <ircd_dir>
+# Example: ./hardening-check.sh ~/unrealircd
+# Exit codes: 0 = pass, 1 = fail
+#
+# This is used by BuildBot to make sure we use RELRO and CFI and such.
+# Requirements: 'checksec' and 'readelf'
+# It is AI-generated code (Claude Opus 4.6) but seems to work well,
+# also verified to fail with a deliberately "bad" library.
+# We only check libraries that we control, not system libs that are
+# out of our control. Similarly, FreeBSD doesn't support CFI (CET)
+# at the moment so we ignore it there, again.. out of our control.
+
+if [ -z "$1" ]; then
+    echo "Usage: $0 <unrealircd-directory>"
+    exit 1
+fi
+
+IRCD_DIR="$1"
+FAIL=0
+
+# Collect all binaries to check
+files=("$IRCD_DIR/bin/unrealircd")
+while IFS= read -r f; do
+    files+=("$f")
+done < <(find "$IRCD_DIR/lib" -name '*.so*' -type f)
+
+# --- checksec: Full RELRO, Canary, NX, FORTIFY ---
+for f in "${files[@]}"; do
+    out=$(checksec --format=csv --file="$f" 2>/dev/null)
+    name=$(basename "$f")
+
+    if ! echo "$out" | grep -qi "Full RELRO"; then
+        echo "FAIL: $name — missing Full RELRO"
+        FAIL=1
+    fi
+    if ! echo "$out" | grep -qi "Canary found"; then
+        echo "FAIL: $name — missing stack canary"
+        FAIL=1
+    fi
+    if ! echo "$out" | grep -qi "NX enabled"; then
+        echo "FAIL: $name — missing NX"
+        FAIL=1
+    fi
+    # FORTIFY column: check for "Yes" but not in other fields
+    fortify=$(echo "$out" | awk -F',' '{print $8}')
+    if [ "$fortify" != "Yes" ]; then
+        echo "WARN: $name — no FORTIFY (may be OK for small libs)"
+    fi
+done
+
+# --- CFI: CET on x86_64, BTI/PAC on aarch64 (Linux only) ---
+if [ "$(uname -s)" = "Linux" ]; then
+    ARCH=$(uname -m)
+    if [ "$ARCH" = "x86_64" ]; then
+        for f in "${files[@]}"; do
+            name=$(basename "$f")
+            props=$(readelf -n "$f" 2>/dev/null | grep "x86 feature:")
+            if [ -z "$props" ]; then
+                echo "FAIL: $name — no CET property note"
+                FAIL=1
+            else
+                if ! echo "$props" | grep -q "IBT"; then
+                    echo "FAIL: $name — missing IBT"
+                    FAIL=1
+                fi
+                if ! echo "$props" | grep -q "SHSTK"; then
+                    echo "FAIL: $name — missing SHSTK"
+                    FAIL=1
+                fi
+            fi
+        done
+    elif [ "$ARCH" = "aarch64" ]; then
+        for f in "${files[@]}"; do
+            name=$(basename "$f")
+            props=$(readelf -n "$f" 2>/dev/null | grep "aarch64 feature:")
+            if [ -z "$props" ]; then
+                echo "FAIL: $name — no BTI/PAC property note"
+                FAIL=1
+            else
+                if ! echo "$props" | grep -q "BTI"; then
+                    echo "FAIL: $name — missing BTI"
+                    FAIL=1
+                fi
+                if ! echo "$props" | grep -q "PAC"; then
+                    echo "FAIL: $name — missing PAC"
+                    FAIL=1
+                fi
+            fi
+        done
+    fi
+fi
+
+if [ "$FAIL" -eq 1 ]; then
+    echo "HARDENING CHECK FAILED"
+    exit 1
+else
+    echo "All hardening checks passed."
+    exit 0
+fi

extras/build-tests/nix/run-tests

@@ -9,57 +9,35 @@ set -e
 # Verbose:
 set -x
 
-# Install packages
-if [[ "$OSTYPE" == "darwin"* ]]; then
-	brew install git || true
-	brew install python || true
-	gem install bundler || true
-	gem install rake || true
-	gem install rspec || true
-else
-	sudo apt-get install git python rake -y
-	sudo gem install bundler
-fi
-
-# Install 'ircfly'
-git clone https://github.com/unrealircd/ircfly.git
-cd ircfly
-bundle install
-bundle exec rake build
-if [[ "$OSTYPE" == "darwin"* ]]; then
-	bundle exec rake install
-else
-	sudo rake install
-fi
-cd ..
-
-# Install 'cipherscan'
-git clone https://github.com/mozilla/cipherscan
+# Kill old instances
+killall -9 unrealircd || true
 
 # Install 'unrealircd-tests'
-git clone https://github.com/unrealircd/unrealircd-tests.git
+rm -rf unrealircd-tests/
+git clone -q --branch unreal60 https://github.com/unrealircd/unrealircd-tests.git unrealircd-tests
 cd unrealircd-tests
-bundle install
-mv config.yaml.example config.yaml
 
-# Start the IRC servers
-cp ircdconfig/* ~/unrealircd/conf/
-cd ~/unrealircd
-bin/unrealircd -f irc1.conf
-bin/unrealircd -f irc2.conf
-cd -
-
-# Do cipherscan test
-sleep 2
-cd ../cipherscan
-./cipherscan --no-colors 127.0.0.1:5900
-#./cipherscan --json 127.0.0.1:5900 >.........
-sleep 5
-cd -
-
-# Back in unrealircd-tests, run the tests!
-if [[ "$OSTYPE" == "darwin"* ]]; then
-	bundle exec rake
-else
-	rake
+# FreeBSD has various issues with the tests from us and others,
+# better set a flag to keep it simple:
+if uname -a|grep -q FreeBSD; then
+	NOSERVICES=1
 fi
+
+# Run the test framework, testing both services:
+if [ "$NOSERVICES" = 1 ]; then
+	./run -services none $RUNTESTFLAGS || exit 1
+else
+	# Linux tests both with anope and atheme services:
+	./run -services anope $RUNTESTFLAGS || exit 1
+	./run -services atheme $RUNTESTFLAGS || exit 1
+fi
+
+# Database writing/reading tests
+## unencrypted:
+./run -services none -boot tests/db/writing/* || exit 1
+./run -services none -keepdbs -boot tests/db/reading/* || exit 1
+## encrypted:
+./run -services none -include db_crypted.conf -boot tests/db/writing/* || exit 1
+./run -services none -include db_crypted.conf -keepdbs -boot tests/db/reading/* || exit 1
+
+echo "If you also want to run the SSL/TLS tests, see extras/tests/tls/tls-tests"

extras/build-tests/nix/run-tests.bbwrapper

@@ -0,0 +1,16 @@
+#!/bin/bash
+#
+# This is a simple wrapper script that will run the tests
+# When finished, either due to succes or failure,
+# it will kill the ircd
+#
+# Also, it makes sure the job times out (is killed)
+# in case it misbehaves
+#
+set +ex
+timeout --kill-after=5 900 bash -c '
+extras/build-tests/nix/run-tests
+EX="$?"
+killall -9 valgrind valgrind.bin memcheck memcheck-amd64-linux memcheck-x86-linux ircd unrealircd val 1>/dev/null 2>&1
+exit $EX'
+exit $?

extras/build-tests/nix/select-config

@@ -4,22 +4,28 @@
 # It is not meant to be used by end-users
 #
 
+function fail()
+{
+	echo "select-config failed: $*"
+	exit 1
+}
+
 function build_ssl {
 	DIR="$2"
 	URL="$1/$2.tar.gz"
 	savewd="$PWD"
 	cd ~
 	wget "$URL" || exit 1
-	tar xzvf $DIR.tar.gz
+	tar xzf $DIR.tar.gz
 	cd "$DIR"
-	(./configure --prefix=$HOME/ssl || ./config --prefix=$HOME/ssl -fPIC) || exit 1
-	(make -j2 && make install) || exit 1
+	(./configure --prefix=$HOME/ssl 1>/dev/null 2>&1 || ./config --prefix=$HOME/ssl -fPIC 1>/dev/null 2>&1 ) || fail "build_ssl: configure/config failed"
+	(make -j2 1>/dev/null 2>&1 && make install 1>/dev/null 2>&1) || fail "build_ssl: make failed"
 	cd "$savewd"
 	echo "SSLDIR=$HOME/ssl" >>config.settings
 }
 
 if [ ! -d extras ]; then
-	echo "This tool is supposed to be run from the source root, so ~/unrealircd-4.0.x or similar"
+	echo "This tool is supposed to be run from the source root, so ~/unrealircd-5.0.x or similar"
 	exit 1
 fi
 
@@ -82,18 +88,18 @@ do
 		fi
 		echo 'REMOTEINC=1' >>config.settings
 		echo "CURLDIR=`pwd`/extras/curl" >>config.settings
-	elif [ "$1" = "libressl-25" ]; then
-		build_ssl https://ftp.openbsd.org/pub/OpenBSD/LibreSSL libressl-2.5.5
-	elif [ "$1" = "libressl-26" ]; then
-		build_ssl https://ftp.openbsd.org/pub/OpenBSD/LibreSSL libressl-2.6.4
 	elif [ "$1" = "libressl-27" ]; then
-		build_ssl https://ftp.openbsd.org/pub/OpenBSD/LibreSSL libressl-2.7.2
+		build_ssl https://ftp.openbsd.org/pub/OpenBSD/LibreSSL libressl-2.7.5
+	elif [ "$1" = "libressl-28" ]; then
+		build_ssl https://ftp.openbsd.org/pub/OpenBSD/LibreSSL libressl-2.8.3
+	elif [ "$1" = "libressl-29" ]; then
+		build_ssl https://ftp.openbsd.org/pub/OpenBSD/LibreSSL libressl-2.9.0
 	elif [ "$1" = "openssl-102" ]; then
-		build_ssl https://www.openssl.org/source openssl-1.0.2o
+		build_ssl https://www.openssl.org/source openssl-1.0.2q
 	elif [ "$1" = "openssl-110" ]; then
-		build_ssl https://www.openssl.org/source openssl-1.1.0h
+		build_ssl https://www.openssl.org/source openssl-1.1.0j
 	elif [ "$1" = "openssl-111" ]; then
-		build_ssl https://www.openssl.org/source openssl-1.1.1-pre7
+		build_ssl https://www.openssl.org/source openssl-1.1.1a
 	else
 		echo "Unknown option $1"
 		exit 1

extras/build-tests/windows/build.bat

@@ -1,43 +1,65 @@
-rem Build script for appveyor
+echo on
+
+rem Temporarily hardcoded:
+set TARGET=Visual Studio 2019
+set SHORTNAME=vs2019
 
 rem Initialize Visual Studio variables
-if "%TARGET%" == "Visual Studio 2017" call "C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Auxiliary\Build\vcvars32.bat"
+if "%TARGET%" == "Visual Studio 2017" call "C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Auxiliary\Build\vcvars64.bat"
+if "%TARGET%" == "Visual Studio 2019" call "C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Auxiliary\Build\vcvars64.bat"
 
 rem Installing tools
-cinst unrar -y
-cinst unzip -y
-cinst wget -y
-cinst innosetup -y
-wget https://www.unrealircd.org/files/dev/win/dlltool.exe
+rem only for appveyor:
+rem cinst unrar -y
+rem cinst unzip -y
+rem cinst innosetup -y
 
 rem Installing UnrealIRCd dependencies
 cd \projects
-mkdir unrealircd-deps
-cd unrealircd-deps
-wget https://www.unrealircd.org/files/dev/win/SetACL.exe
-wget https://www.unrealircd.org/files/dev/win/libs/unrealircd-libraries-devel.zip
-unzip unrealircd-libraries-devel.zip
+mkdir unrealircd-6-libs
+cd unrealircd-6-libs
+curl -fsS -o unrealircd-libraries-6-devel.zip https://www.unrealircd.org/files/dev/win/libs/unrealircd-libraries-6-devel.zip
+unzip unrealircd-libraries-6-devel.zip
+copy dlltool.exe \users\user\worker\unreal6-w10\build /y
 
-cd \projects\unrealircd
+rem for appveyor, use: cd \projects\unrealircd
+cd \users\user\worker\unreal6-w10\build
+
+rem Install 'unrealircd-tests'
+cd ..
+rd /q/s unrealircd-tests
+git clone -q --branch unreal60 https://github.com/unrealircd/unrealircd-tests.git unrealircd-tests
+if %ERRORLEVEL% NEQ 0 EXIT /B 1
+cd build
 
 rem Now the actual build
-call extras\build-tests\windows\compilecmd\%SHORTNAME%.bat
-
-rem The above command will fail, due to missing symbol file
-rem However the symbol file can only be generated after the above command
-rem So... we create the symbolfile...
-nmake -f makefile.win32 SYMBOLFILE
-
-rem And we re-run the exact same command:
-call extras\build-tests\windows\compilecmd\%SHORTNAME%.bat
+rem - First this, otherwise JOM will fail
+IF NOT EXIST src\version.c nmake -f Makefile.windows CONF
+rem - Then build most of UnrealIRCd.exe etc
+call extras\build-tests\windows\compilecmd\%SHORTNAME%.bat UNREALSVC.EXE UnrealIRCd.exe unrealircdctl.exe
+rem - It will fail due to missing symbolfile, which we create here..
+rem   it needs to run with SLOW=1 because JOM doesn't understand things otherwise..
+SET SLOW=1
+call extras\build-tests\windows\compilecmd\%SHORTNAME%.bat SYMBOLFILE
+SET SLOW=0
+rem - Then we finalize building UnrealIRCd.exe: should be no error
+call extras\build-tests\windows\compilecmd\%SHORTNAME%.bat UNREALSVC.EXE UnrealIRCd.exe unrealircdctl.exe
+if %ERRORLEVEL% NEQ 0 EXIT /B 1
+rem - Build all the modules (DLL files): should be no error
+call extras\build-tests\windows\compilecmd\%SHORTNAME%.bat MODULES
 if %ERRORLEVEL% NEQ 0 EXIT /B 1
 
-rem Convert c:\dev to c:\projects\unrealircd-deps
+rem Compile dependencies for unrealircd-tests -- this doesn't belong here though..
+copy ..\unrealircd-tests\serverconfig\unrealircd\modules\fakereputation.c src\modules\third /Y
+call extras\build-tests\windows\compilecmd\%SHORTNAME%.bat CUSTOMMODULE MODULEFILE=fakereputation
+if %ERRORLEVEL% NEQ 0 EXIT /B 1
+
+rem Convert c:\dev to c:\projects\unrealircd-6-libs
 rem TODO: should use environment variable in innosetup script?
-sed -i "s/c:\\\\dev/c:\\\\projects\\\\unrealircd-deps/gi" src\win32\unrealinst.iss
+sed -i "s/c:\\dev\\unrealircd-6-libs/c:\\projects\\unrealircd-6-libs/gi" src\windows\unrealinst.iss
 
 rem Build installer file
-"c:\Program Files (x86)\Inno Setup 5\iscc.exe" /Q- src\win32\unrealinst.iss
+"c:\Program Files (x86)\Inno Setup 5\iscc.exe" /Q- src\windows\unrealinst.iss
 if %ERRORLEVEL% NEQ 0 EXIT /B 1
 
 rem Show some proof
@@ -45,6 +67,47 @@ ren mysetup.exe unrealircd-dev-build.exe
 dir unrealircd-dev-build.exe
 sha256sum unrealircd-dev-build.exe
 
+rem Kill any old instances, just to be sure
+taskkill -im unrealircd.exe -f
+sleep 2
+rem Just a safety measure so we don't end up testing
+rem some old version...
+del "C:\Program Files\UnrealIRCd 6\bin\unrealircd.exe"
+
+echo Running installer...
+start /WAIT unrealircd-dev-build.exe /VERYSILENT /LOG=setup.log
+if %ERRORLEVEL% NEQ 0 goto installerfailed
+
 rem Upload artifact
-appveyor PushArtifact unrealircd-dev-build.exe
+rem appveyor PushArtifact unrealircd-dev-build.exe
+rem if %ERRORLEVEL% NEQ 0 EXIT /B 1
+
+cd ..\unrealircd-tests
+dir
+
+rem All tests except db:
+"C:\Program Files\Git\bin\bash.exe" ./runwin
 if %ERRORLEVEL% NEQ 0 EXIT /B 1
+
+rem Test unencrypted db's:
+"C:\Program Files\Git\bin\bash.exe" ./runwin -boot tests/db/writing/*
+if %ERRORLEVEL% NEQ 0 EXIT /B 1
+"C:\Program Files\Git\bin\bash.exe" ./runwin -keepdbs -boot tests/db/reading/*
+if %ERRORLEVEL% NEQ 0 EXIT /B 1
+
+rem Test encrypted db's:
+"C:\Program Files\Git\bin\bash.exe" ./runwin -include db_crypted.conf -boot tests/db/writing/*
+if %ERRORLEVEL% NEQ 0 EXIT /B 1
+"C:\Program Files\Git\bin\bash.exe" ./runwin -include db_crypted.conf -keepdbs -boot tests/db/reading/*
+if %ERRORLEVEL% NEQ 0 EXIT /B 1
+
+goto end
+
+
+
+:installerfailed
+type setup.log
+echo INSTALLATION FAILED
+EXIT /B 1
+
+:end

extras/build-tests/windows/compilecmd/vs2017.bat

@@ -1,18 +0,0 @@
-rem Build command for Visual Studio 2017
-
-nmake -f makefile.win32 ^
-LIBRESSL_INC_DIR="c:\projects\unrealircd-deps\libressl\include" ^
-LIBRESSL_LIB_DIR="c:\projects\unrealircd-deps\libressl\lib" ^
-SSLLIB="crypto-43.lib ssl-45.lib" ^
-USE_REMOTEINC=1 ^
-LIBCURL_INC_DIR="c:\projects\unrealircd-deps\curl-ssl\include" ^
-LIBCURL_LIB_DIR="c:\projects\unrealircd-deps\curl-ssl\builds\libcurl-vc-x86-release-dll-ssl-dll-ipv6-sspi-obj-lib" ^
-CARES_LIB_DIR="c:\projects\unrealircd-deps\c-ares\msvc\cares\dll-release" ^
-CARES_INC_DIR="c:\projects\unrealircd-deps\c-ares" ^
-CARESLIB="cares.lib" ^
-TRE_LIB_DIR="c:\projects\unrealircd-deps\tre\win32\release" ^
-TRE_INC_DIR="c:\projects\unrealircd-deps\tre" ^
-TRELIB="tre.lib" ^
-PCRE2_INC_DIR="c:\projects\unrealircd-deps\pcre2\include" ^
-PCRE2_LIB_DIR="c:\projects\unrealircd-deps\pcre2\lib" ^
-PCRE2LIB="pcre2-8.lib" %*

extras/build-tests/windows/compilecmd/vs2019.bat

@@ -0,0 +1,40 @@
+rem Build command for Visual Studio 2019
+
+rem Default to quick parallel builds
+SET BUILDCOMMAND="jom"
+SET BUILDARGS="/j32"
+
+IF NOT %SLOW%. == 1. goto cont
+rem In case of SET SLOW=1 we use slow nmake
+SET BUILDCOMMAND="nmake"
+SET BUILDARGS=""
+
+:cont
+echo BUILDCOMMAND IS: %BUILDCOMMAND%
+echo BUILDARGS IS: %BUILDARGS%
+
+%BUILDCOMMAND% %BUILDARGS% -f makefile.windows ^
+SSL_INC_DIR="c:\projects\unrealircd-6-libs\openssl\include" ^
+SSL_LIB_DIR="c:\projects\unrealircd-6-libs\openssl\lib" ^
+SSLLIB="libcrypto.lib libssl.lib" ^
+USE_REMOTEINC=1 ^
+LIBCURL_INC_DIR="c:\projects\unrealircd-6-libs\curl\include" ^
+LIBCURL_LIB_DIR="c:\projects\unrealircd-6-libs\curl\lib" ^
+CARES_LIB_DIR="c:\projects\unrealircd-6-libs\c-ares\msvc\cares\dll-release" ^
+CARES_INC_DIR="c:\projects\unrealircd-6-libs\c-ares\include" ^
+CARESLIB="cares.lib" ^
+PCRE2_INC_DIR="c:\projects\unrealircd-6-libs\pcre2\include" ^
+PCRE2_LIB_DIR="c:\projects\unrealircd-6-libs\pcre2\lib" ^
+PCRE2LIB="pcre2-8.lib" ^
+ARGON2_LIB_DIR="c:\projects\unrealircd-6-libs\argon2\vs2015\build" ^
+ARGON2_INC_DIR="c:\projects\unrealircd-6-libs\argon2\include" ^
+ARGON2LIB="Argon2RefDll.lib" ^
+SODIUM_LIB_DIR="c:\projects\unrealircd-6-libs\libsodium\bin\x64\Release\v142\dynamic" ^
+SODIUM_INC_DIR="c:\projects\unrealircd-6-libs\libsodium\src\libsodium\include" ^
+SODIUMLIB="libsodium.lib" ^
+JANSSON_LIB_DIR="c:\projects\unrealircd-6-libs\jansson\lib" ^
+JANSSON_INC_DIR="c:\projects\unrealircd-6-libs\jansson\include" ^
+JANSSONLIB="jansson.lib" ^
+GEOIPCLASSIC_LIB_DIR="c:\projects\unrealircd-6-libs\GeoIP\libGeoIP" ^
+GEOIPCLASSIC_INC_DIR="c:\projects\unrealircd-6-libs\GeoIP\libGeoIP" ^
+GEOIPCLASSICLIB="GeoIP.lib" %*

extras/curlinstall

@@ -1,98 +0,0 @@
-#!/bin/sh
-URL="https://www.unrealircd.org/files/curl-latest.tar.gz"
-OUTF="curl-latest.tar.gz"
-OUTD="curl-latest"
-ARESPATH="`pwd`/extras/c-ares"
-UNREALDIR="`pwd`"
-CARESVERSION="1.13.0"
-LIBDIR="$1"
-
-if [ "x$1" = "x" ]; then
-	echo "You should (no longer) run this program directly."
-	echo "It will be invoked by ./Config"
-	exit 1
-fi
-
-if [ ! -f src/parse.c ]; then
-	if [ -f ../src/parse.c ]; then
-		cd ..
-	else
-		echo "Please run this program from your UnrealIRCd directory"
-		echo "(usually $HOME/unrealircd-4.0.X or something like that)"
-		exit 1
-	fi
-fi
-
-wget --version 1>/dev/null 2>&1
-if [ "$?" = 0 ]; then
-	FETCHER="wget"
-else
-	fetch --version 1>/dev/null 2>&1
-	if [ "$?" = 0 ]; then
-		FETCHER="fetch"
-	else
-		lynx --version 1>/dev/null 2>&1
-		if [ "$?" = 0 ]; then
-			FETCHER="lynx"
-		else
-			echo "ERROR: unable to find wget/fetch/lynx, please install at least one of these programs"
-			exit 1
-		fi
-	fi
-fi
-
-if [ ! -d tmp ]; then
-	mkdir tmp || exit 1
-fi
-
-cd tmp || exit 1
-
-rm -f "$OUTF"
-
-if [ "$FETCHER" = "wget" ]; then
-	wget -O "$OUTF" "$URL"
-elif [ "$FETCHER" = "lynx" ]; then
-	lynx -dump "$URL" >"$OUTF"
-elif [ "$FETCHER" = "fetch" ]; then
-	cd tmp #todo: find out the cmd line parameter ;)
-	fetch "$URL"
-fi
-
-if [ "$?" != 0 ]; then
-	echo "ERROR: Something went wrong while trying to download $URL"
-	exit 1
-fi
-
-rm -rf "$OUTD" # remove old directory prior to extracting
-tar xzf "$OUTF" || exit 1
-
-
-if [ "`eval echo -n 'a'`" = "-n a" ] ; then
-        c="\c"
-else
-        n="-n"
-fi
-
-if [ ! -d "$ARESPATH/lib" ]; then
-	echo "c-ares has not been build yet, let's do that now..."
-	cd ../extras/
-	tar xzf c-ares.tar.gz || exit 1
-	cd c-ares-$CARESVERSION || exit 1
-	./configure --prefix=$ARESPATH || exit 1
-	(make && make install) || exit 1
-	cd ../../tmp/
-	echo "c-ares built."
-	echo ""
-fi
-
-# We assume curl has been packaged in a way it will extract to "$OUTD"/
-cd "$OUTD" || exit 1
-
-echo "Building and installing libcurl"
-CPPFLAGS="-I$ARESPATH/include" ./configure --prefix=$UNREALDIR/extras/curl --libdir=$LIBDIR --enable-shared \
- --disable-thread --enable-ares=$ARESPATH --disable-ipv6
-cp -R $ARESPATH/lib ares
-make && make install
-
-#cp $ARESPATH/lib/libcares.a $HOME/curl/lib
-# that isn't needed anymore as the lib is already in unreal...

extras/doxygen/Developers.md

@@ -0,0 +1,18 @@
+Welcome to the doxygen-generated documentation for the UnrealIRCd 6.x API.
+This is intended **for developers only!**
+
+If you are creating a 3rd party module for UnrealIRCd or are interested
+in contributing to UnrealIRCd then this is the right place.
+
+Here you should be able to find a lot of information on the data structures
+and functions available to you when coding for UnrealIRCd.
+
+## Wiki documentation ##
+* Be sure to check the [Module API](https://www.unrealircd.org/docs/Dev:Module_API) article on the wiki
+  as well, which provides a better *overview* of the module API
+
+## Doxygen docs ##
+* [Functions and structs ordered by purpose](modules.html) - **this contains most of the module API!**
+* [The most common structs](group__CommonStructs.html) - like Client, User, Server, Channel, etc.
+* [All structs](classes.html) - in a simple alphabetical index
+* [Browse by source file](dir_68267d1309a1af8e8297ef4c3efbcdba.html) - see all src/*.c files and their (documented) functions.

extras/doxygen/doxygen_custom.css

@@ -0,0 +1,4 @@
+code {
+    border: 1px solid #C4CFE5;
+    background-color: #FBFCFD;
+}

extras/doxygen/header.html

@@ -0,0 +1,56 @@
+<!-- HTML header for doxygen 1.8.13-->
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
+<meta http-equiv="X-UA-Compatible" content="IE=9"/>
+<meta name="generator" content="Doxygen $doxygenversion"/>
+<meta name="viewport" content="width=device-width, initial-scale=1"/>
+<!--BEGIN PROJECT_NAME--><title>$projectname Module API: $title</title><!--END PROJECT_NAME-->
+<!--BEGIN !PROJECT_NAME--><title>$title</title><!--END !PROJECT_NAME-->
+<link href="$relpath^tabs.css" rel="stylesheet" type="text/css"/>
+<script type="text/javascript" src="$relpath^jquery.js"></script>
+<script type="text/javascript" src="$relpath^dynsections.js"></script>
+$treeview
+$search
+$mathjax
+<link href="$relpath^$stylesheet" rel="stylesheet" type="text/css" />
+$extrastylesheet
+</head>
+<body>
+<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
+
+<!--BEGIN TITLEAREA-->
+<div id="titlearea">
+<table cellspacing="0" cellpadding="0">
+ <tbody>
+ <tr style="height: 56px;">
+  <!--BEGIN PROJECT_LOGO-->
+  <td id="projectlogo"><img alt="Logo" src="$relpath^$projectlogo"/></td>
+  <!--END PROJECT_LOGO-->
+  <!--BEGIN PROJECT_NAME-->
+  <td id="projectalign" style="padding-left: 0.5em;">
+   <div id="projectname">$projectname
+   <!--BEGIN PROJECT_NUMBER-->&#160;<span id="projectnumber">Module API $projectnumber</span><!--END PROJECT_NUMBER-->
+   </div>
+   <!--BEGIN PROJECT_BRIEF--><div id="projectbrief">$projectbrief</div><!--END PROJECT_BRIEF-->
+  </td>
+  <!--END PROJECT_NAME-->
+  <!--BEGIN !PROJECT_NAME-->
+   <!--BEGIN PROJECT_BRIEF-->
+    <td style="padding-left: 0.5em;">
+    <div id="projectbrief">$projectbrief</div>
+    </td>
+   <!--END PROJECT_BRIEF-->
+  <!--END !PROJECT_NAME-->
+  <!--BEGIN DISABLE_INDEX-->
+   <!--BEGIN SEARCHENGINE-->
+   <td>$searchbox</td>
+   <!--END SEARCHENGINE-->
+  <!--END DISABLE_INDEX-->
+ </tr>
+ </tbody>
+</table>
+</div>
+<!--END TITLEAREA-->
+<!-- end header part -->

extras/patches/patch_spamfilter_conf

@@ -0,0 +1,40 @@
+#!/bin/sh
+#
+# This script tries to upgrade spamfilter.conf from an old
+# version that uses 'posix' spamfilters to a bit more recent
+# version with examples using 'regex' spamfilters.
+# This so fewer users end up with a headache when upgrading
+# to UnrealIRCd 4.2.3+.
+#
+
+if [ -f spamfilter.conf.patch ]; then
+	F="`pwd`/spamfilter.conf.patch"
+elif [ -f extras/patches/spamfilter.conf.patch ]; then
+	F="`pwd`/extras/patches/spamfilter.conf.patch"
+else
+	echo "WARNING: spamfilter.conf.patch not found"
+	exit 0
+fi
+
+if [ ! -f "$F" ]; then
+	echo "WARNING: spamfilter.conf.patch not found in round two"
+	exit 0
+fi
+
+if [ "$1" = "" ]; then
+	echo "ERROR: No target confdir specified."
+	exit 0
+fi
+
+if [ ! -f "$1/spamfilter.conf" ]; then
+	echo "WARNING: no spamfilter.conf found in $1 -- strange"
+	exit 0
+fi
+
+cd "$1" || exit 1
+cat "$F"|patch -p0 --dry-run -N 1>/dev/null 2>&1
+if [ "$?" = 0 ]; then
+	# Patch succeeded, patch now!
+	echo "Upgrading examples in your spamfilter.conf..."
+	cat "$F"|patch -p0 -N
+fi

extras/patches/spamfilter.conf.patch

@@ -0,0 +1,328 @@
+--- spamfilter.conf.old	2015-06-27 18:29:01.084559805 +0200
++++ spamfilter.conf	2019-04-04 18:29:38.390647262 +0200
+@@ -1,232 +1,154 @@
+ /*
+- * This an example spamfilter file, it contains several
+- * real and useful spamfilters. This should give you an
+- * idea of how powerful spamfilter can be in real-life
+- * situations.
++ * This configuration file contains example spamfilter rules.
++ * They are real rules that were useful a long time ago.
++ * Since 2005 these rules are no longer maintained.
++ * The main purpose nowadays is to serve as an example
++ * to give you an idea of how powerful spamfilters can
++ * be in real-life situations.
+  *
+- * $Id$
++ * Documentation on spamfilter is available at:
++ * https://www.unrealircd.org/docs/Spamfilter
+  */
+ 
+-/* Guidelines on the 'action' field:
+- * As a general rule we use 'action block' for any newly added
+- * spamfilters at first, later on (after knowing about false
+- * positives) we might change some to viruschan/kill/gline/etc..
++/* General note:
++ * If you want to use a \ in a spamfilter, or in fact
++ * anywhere in the configuration file, then you need
++ * to escape this to \\ instead.
+  */
+ 
+-spamfilter {
+-	match-type posix;
+-	match "\x01DCC (SEND|RESUME)[ ]+\"(.+ ){20}";
+-	target { private; channel; };
+-	action kill;
+-	reason "mIRC 6.0-6.11 exploit attempt";
+-};
+ 
+-spamfilter {
+-	match-type posix;
+-	match "\x01DCC (SEND|RESUME).{225}";
+-	target { private; channel; };
+-	action kill;
+-	reason "Possible mIRC 6.12 exploit attempt";
+-};
++/* First some spamfilters with match-type 'simple'.
++ * The only matchers available are * and ?
++ * PRO's: very fast, easy matching: everyone can do this.
++ * CON's: limited ability to fine-tune spamfilters
++ */
+ 
+ spamfilter {
+-	match-type posix;
+-	match "Come watch me on my webcam and chat /w me :-\) http://.+:\d+/me\.mpg";
++	match-type simple;
++	match "Come watch me on my webcam and chat /w me :-) http://*:*/me.mpg";
+ 	target private;
+ 	action gline;
+ 	reason "Infected by fyle trojan: see http://www.sophos.com/virusinfo/analyses/trojfylexa.html";
+ };
+ 
++/* This signature uses a \ which has to escaped to \\ in the configuration file */
+ spamfilter {
+-	match-type posix;
+-	match "Speed up your mIRC DCC Transfer by up to 75%.*www\.freewebs\.com/mircupdate/mircspeedup\.exe";
+-	target private;
+-	action gline;
+-	reason "Infected by mirseed trojan: see http://www.sophos.com/virusinfo/analyses/trojmirseeda.html";
+-};
+-
+-spamfilter {
+-	match-type posix;
+-	match "^http://www\.angelfire\.com/[a-z0-9]+/[a-z0-9]+/[a-z_]+\.jpg <- .*!";
+-	target private;
++	match-type simple;
++	match "C:\\WINNT\\system32\\*.zip";
++	target dcc;
+ 	action block;
+-	reason "Infected by fagot worm: see http://www.f-secure.com/v-descs/fagot.shtml";
++	reason "Infected by Gaggle worm?";
+ };
+ 
+ spamfilter {
+-	match-type posix;
+-	match "^FREE PORN: http://free:porn@([0-9]{1,3}\.){3}[0-9]{1,3}:8180$";
++	match-type simple;
++	match "Speed up your mIRC DCC Transfer by up to 75%*www.freewebs.com/mircupdate/mircspeedup.exe";
+ 	target private;
+ 	action gline;
+-	reason "Infected by aplore worm: see http://www.f-secure.com/v-descs/aplore.shtml";
+-};
+-
+-spamfilter {
+-	match-type posix;
+-	match "^!login Wasszup!$";
+-	target channel;
+-	action gline;
+-	reason "Attempting to login to a GTBot";
+-};
+-
+-spamfilter {
+-	match-type posix;
+-	match "^!login grrrr yeah baby!$";
+-	target channel;
+-	action gline;
+-	reason "Attempting to login to a GTBot";
+-};
+-
+-spamfilter {
+-	match-type posix;
+-	match "^!packet ([0-9]{1,3}\.){3}[0-9]{1,3} [0-9]{1,15}";
+-	target channel;
+-	action gline;
+-	reason "Attempting to use a GTBot";
+-};
+-
+-spamfilter {
+-	match-type posix;
+-	match "^!icqpagebomb ([0-9]{1,15} ){2}.+";
+-	target channel;
+-	action gline;
+-	reason "Attempting to use a GTBot";
++	reason "Infected by mirseed trojan: see http://www.sophos.com/virusinfo/analyses/trojmirseeda.html";
+ };
+ 
+ spamfilter {
+-	match-type posix;
+-	match "^!pfast [0-9]{1,15} ([0-9]{1,3}\.){3}[0-9]{1,3} [0-9]{1,5}$";
+-	target channel;
++	match-type simple;
++	match "STOP SPAM, USE THIS COMMAND: //write nospam $decode(*) | .load -rs nospam | //mode $me +R";
++	target private;
+ 	action gline;
+-	reason "Attempting to use a GTBot";
++	reason "Infected by nkie worm: see http://www.trojaninfo.com/nkie/nkie.htm";
+ };
+ 
+-spamfilter {
+-	match-type posix;
+-	match "^!portscan ([0-9]{1,3}\.){3}[0-9]{1,3} [0-9]{1,5} [0-9]{1,5}$";
+-	target channel;
+-	action gline;
+-	reason "Attempting to use a GTBot";
+-};
+ 
+-spamfilter {
+-	match-type posix;
+-	match "^.u(dp)? ([0-9]{1,3}\.){3}[0-9]{1,3} [0-9]{1,15} [0-9]{1,15} [0-9]{1,15}( [0-9])*$";
+-	target channel;
+-	action gline;
+-	reason "Attempting to use an SDBot";
+-};
++/* Now spamfilters of type 'regex'.
++ * These use powerful regular expressions (Perl/PCRE style)
++ * You may have to learn more about "regex" first before you
++ * can use them. For example the dot ('.') has special meaning.
++ */
+ 
++/* This regex shows a pattern which requires 20 paramaters,
++ * such as "x x x x x x x x x x x x x x x x x x x x"
++ */
+ spamfilter {
+-	match-type posix;
+-	match "^.syn ((([0-9]{1,3}\.){3}[0-9]{1,3})|([a-zA-Z0-9_-]+\.[a-zA-Z0-9_-]+\.[a-zA-Z0-9_.-]+)) [0-9]{1,5} [0-9]{1,15} [0-9]{1,15}";
+-	target { channel; private; };
+-	action gline;
+-	reason "Attempting to use a SpyBot";
++	match-type regex;
++	match "\x01DCC (SEND|RESUME)[ ]+\"(.+ ){20}";
++	target { private; channel; };
++	action kill;
++	reason "mIRC 6.0-6.11 exploit attempt";
+ };
+ 
++/* Similarly, this regex shows a pattern that matches
++ * against at least 225 characters in length.
++ */
+ spamfilter {
+-	match-type posix;
+-	match "^porn! porno! http://.+\/sexo\.exe";
+-	target private;
+-	action gline;
+-	reason "Infected by soex trojan: see http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FSOEX.A";
++	match-type regex;
++	match "\x01DCC (SEND|RESUME).{225}";
++	target { private; channel; };
++	action kill;
++	reason "Possible mIRC 6.12 exploit attempt";
+ };
+ 
++/* Earlier you saw an example of a $decode exploit which used
++ * match-type 'simple' and - indeed - the filter was quite simple.
++ * The following uses a regex with a similar example.
++ * Regular expressions are very powerful but here you can see
++ * that it actually complicates writing a filter quite a bit.
++ * With regex in this filter we need to escape the ( and all
++ * the dots, question marks, etc. if we want to match these
++ * characters in literal text.
++ */
+ spamfilter {
+-	match-type posix;
+-	match "(^wait a minute plz\. i am updating my site|.*my erotic video).*http://.+/erotic(a)?/myvideo\.exe$";
++	match-type regex;
++	match "^Want To Be An IRCOp\? Try This New Bug Type: //write \$decode\(.+=.?,m\) \| \.load -rs \$decode\(.+=.?,m\)$";
+ 	target private;
+-	action gline;
+-	reason "Infected by some trojan (erotica?)";
++	action block;
++	reason "Spamming users with an mIRC trojan. Type '/unload -rs newb' to remove the trojan.";
+ };
+ 
+ spamfilter {
+-	match-type posix;
+-	match "^STOP SPAM, USE THIS COMMAND: //write nospam \$decode\(.+\) \| \.load -rs nospam \| //mode \$me \+R$";
++	match-type regex;
++	match "^http://www\.angelfire\.com/[a-z0-9]+/[a-z0-9]+/[a-z_]+\.jpg <- .*!";
+ 	target private;
+-	action gline;
+-	reason "Infected by nkie worm: see http://www.trojaninfo.com/nkie/nkie.htm";
++	action block;
++	reason "Infected by fagot worm: see http://www.f-secure.com/v-descs/fagot.shtml";
+ };
+ 
++/* This shows a regex which specifically matches an entire line by 
++ * the use of ^ and $
++ */
+ spamfilter {
+-	match-type posix;
+-	match "^FOR MATRIX 2 DOWNLOAD, USE THIS COMMAND: //write Matrix2 \$decode\(.+=,m\) \| \.load -rs Matrix2 \| //mode \$me \+R$";
+-	target private;
++	match-type regex;
++	match "^!login Wasszup!$";
++	target channel;
+ 	action gline;
+-	reason "Infected by nkie worm: see http://www.trojaninfo.com/nkie/nkie.htm";
++	reason "Attempting to login to a GTBot";
+ };
+ 
++/* An example of how to match against an IP address in text (IPv4 only) */
+ spamfilter {
+-	match-type posix;
+-	match "^hey .* to get OPs use this hack in the chan but SHH! //\$decode\(.*,m\) \| \$decode\(.*,m\)$";
+-	target private;
++	match-type regex;
++	match "^!packet ([0-9]{1,3}\.){3}[0-9]{1,3} [0-9]{1,15}";
++	target channel;
+ 	action gline;
+-	reason "Infected by nkie worm: see http://www.trojaninfo.com/nkie/nkie.htm";
++	reason "Attempting to use a GTBot";
+ };
+ 
++/* A slightly more complex example with a partial OR matcher (|) */
+ spamfilter {
+-	match-type posix;
+-	match ".*(http://jokes\.clubdepeche\.com|http://horny\.69sexy\.net|http://private\.a123sdsdssddddgfg\.com).*";
++	match-type regex;
++	match "(^wait a minute plz\. i am updating my site|.*my erotic video).*http://.+/erotic(a)?/myvideo\.exe$";
+ 	target private;
+ 	action gline;
+-	reason "Infected by LOI trojan";
+-};
+-
+-/* This is a 'general sig' which might have a tad more false positives, hence just 'block' is used */
+-spamfilter {
+-	match-type posix;
+-	match "C:\\WINNT\\system32\\[][0-9a-z_-{|}`]+\.zip";
+-	target dcc;
+-	action block;
+-	reason "Infected by Gaggle worm?";
++	reason "Infected by some trojan (erotica?)";
+ };
+ 
++/* In regex a \ is special and needs to be escaped to \\
++ * However in this configuration file, \ is also special and
++ * needs to be escaped to \\ as well.
++ * The result is that we need double escaping:
++ * To match a \ you need to write \\\\ in the configuration file.
++ */
+ spamfilter {
+-	match-type posix;
+-	match "C:\\WINNT\\system32\\(notes|videos|xxx|ManualSeduccion|postal|hechizos|images|sex|avril)\.zip";
++	match-type regex;
++	match "C:\\\\WINNT\\\\system32\\\\(notes|videos|xxx|ManualSeduccion|postal|hechizos|images|sex|avril)\.zip";
+ 	target dcc;
+ 	action dccblock;
+ 	reason "Infected by Gaggle worm";
+ };
+-
+-spamfilter {
+-	match-type posix;
+-	match "http://.+\.lycos\..+/[iy]server[0-9]/[a-z]{4,11}\.(gif|jpg|avi|txt)";
+-	target { private; quit; };
+-	action block;
+-	reason "Infected by Gaggle worm";
+-};
+-
+-spamfilter {
+-	match-type posix;
+-	match "^Free porn pic.? and movies (www\.sexymovies\.da\.ru|www\.girlporn\.org)";
+-	target private;
+-	action block;
+-	reason "Unknown virus. Site causes Backdoor.Delf.lq infection";
+-};
+-
+-spamfilter {
+-	match-type posix;
+-	match "^LOL! //echo -a \$\(\$decode\(.+,m\),[0-9]\)$";
+-	target channel;
+-	action block;
+-	reason "$decode exploit";
+-};
+-
+-/*
+-spamfilter {
+-	regex "//write \$decode\(.+\|.+load -rs";
+-	target { private; channel; };
+-	reason "Generic $decode exploit";
+-	action block;
+-};
+-*/
+-
+-spamfilter {
+-	match-type posix;
+-	match "^Want To Be An IRCOp\? Try This New Bug Type: //write \$decode\(.+=.?,m\) \| \.load -rs \$decode\(.+=.?,m\)$";
+-	target private;
+-	action block;
+-	reason "Spamming users with an mIRC trojan. Type '/unload -rs newb' to remove the trojan.";
+-};

extras/regex/Makefile.in

@@ -1,98 +0,0 @@
-# Makefile for regex.
-# 
-# Copyright (C) 1992, 1993 Free Software Foundation, Inc.
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-
-version = 0.12
-
-# You can define CPPFLAGS on the command line.  Aside from system-specific
-# flags, you can define:
-#   -DREGEX_MALLOC to use malloc/realloc/free instead of alloca.
-#   -DDEBUG to enable the compiled pattern disassembler and execution
-#           tracing; code runs substantially slower.
-#   -DEXTRACT_MACROS to use the macros EXTRACT_* (as opposed to
-#           the corresponding C procedures).  If not -DDEBUG, the macros
-#           are used.
-CPPFLAGS = 
-
-# Likewise, you can override CFLAGS to optimize, use -Wall, etc.
-CFLAGS = -g
-
-# Ditto for LDFLAGS and LOADLIBES.
-LDFLAGS =
-LOADLIBES =
-
-srcdir = @srcdir@
-VPATH = @srcdir@
-
-CC = @CC@
-DEFS = @DEFS@
-
-SHELL = /bin/sh
-
-subdirs = moo
-
-default all:: regex.o
-.PHONY: default all
-
-regex.o: regex.c regex.h
-	$(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) -I. -I$(srcdir) -c $<
-
-clean mostlyclean::
-	rm -f *.o
-
-distclean:: clean
-	rm -f Makefile config.status
-
-extraclean:: distclean
-	rm -f patch* *~* *\#* *.orig *.rej *.bak core a.out
-
-configure: configure.in
-	autoconf
-
-config.status: configure
-	sh configure --no-create
-
-Makefile: Makefile.in config.status
-	sh config.status
-
-makeargs = $(MFLAGS) CPPFLAGS='$(CPPFLAGS)' CFLAGS='$(CFLAGS)' CC='$(CC)' \
-DEFS='$(DEFS)' LDFLAGS='$(LDFLAGS)' LOADLIBES='$(LOADLIBES)'
-
-default all install \
-mostlyclean clean distclean extraclean realclean \
-TAGS check::
-	for d in $(subdirs); do (cd $$d; $(MAKE) $(makeargs) $@); done
-.PHONY: install mostlyclean clean distclean extraclean realclean TAGS check
-
-# Prevent GNU make 3 from overflowing arg limit on system V.
-.NOEXPORT:
-
-distfiles = AUTHORS ChangeLog COPYING INSTALL NEWS README \
-            *.in configure regex.c regex.h 
-distdir = regex-$(version)
-distargs = version=$(version) distdir=../$(distdir)/$$d
-dist: TAGS configure
-	@echo "Version numbers in: Makefile.in, ChangeLog, NEWS,"
-	@echo "  regex.c, regex.h,"
-	@echo "  and doc/xregex.texi (if modified)."
-	rm -rf $(distdir)
-	mkdir $(distdir)
-	ln $(distfiles) $(distdir)
-	for d in $(subdirs); do (cd $$d; $(MAKE) $(distargs) dist); done
-	tar czhf $(distdir).tar.Z $(distdir)
-	rm -rf $(distdir)
-.PHONY: dist

extras/regex/README

@@ -1,60 +0,0 @@
-This directory contains the GNU regex library.  It is compliant with
-POSIX.2, except for internationalization features.
-
-See the file NEWS for a list of major changes in the current release.
-
-See the file INSTALL for compilation instructions.  (The only thing
-installed is the documentation; regex.c is compiled into regex.o, but
-not installed anywhere.)
-
-The subdirectory `doc' contains a (programmers') manual for the library.
-It's probably out-of-date.  Improvements are welcome.
-
-The subdirectory `test' contains the various tests we've written.
-
-We know this code is not as fast as it might be.  If you have specific
-suggestions, profiling results, or other such useful information to
-report, please do.
-
-Emacs 18 is not going use this revised regex (but Emacs 19 will).  If
-you want to try it with Emacs 18, apply the patch at the end of this
-file first.
-
-Mail bug reports to bug-gnu-utils@prep.ai.mit.edu.
-
-Please include an actual regular expression that fails (and the syntax
-used to compile it); without that, there's no way to reproduce the bug,
-so there's no way we can fix it.  Even if you include a patch, also
-include the regular expression in error; otherwise, we can't know for
-sure what you're trying to fix.
-
-Here is the patch to make this version of regex work with Emacs 18.
-
-*** ORIG/search.c	Tue Jan  8 13:04:55 1991
---- search.c	Sun Jan  5 10:57:00 1992
-***************
-*** 25,26 ****
---- 25,28 ----
-  #include "commands.h"
-+ 
-+ #include <sys/types.h>
-  #include "regex.h"
-***************
-*** 477,479 ****
-  				/* really needed. */
-!       && *(searchbuf.buffer) == (char) exactn /* first item is "exact match" */
-        && searchbuf.buffer[1] + 2 == searchbuf.used) /*first is ONLY item */
---- 479,482 ----
-  				/* really needed. */
-!          /* first item is "exact match" */
-!       && *(searchbuf.buffer) == (char) RE_EXACTN_VALUE
-        && searchbuf.buffer[1] + 2 == searchbuf.used) /*first is ONLY item */
-***************
-*** 1273,1275 ****
-    searchbuf.allocated = 100;
-!   searchbuf.buffer = (char *) malloc (searchbuf.allocated);
-    searchbuf.fastmap = search_fastmap;
---- 1276,1278 ----
-    searchbuf.allocated = 100;
-!   searchbuf.buffer = (unsigned char *) malloc (searchbuf.allocated);
-    searchbuf.fastmap = search_fastmap;

extras/regex/configure

@@ -1,462 +0,0 @@
-#!/bin/sh
-# Guess values for system-dependent variables and create Makefiles.
-# Generated automatically using autoconf.
-# Copyright (C) 1991, 1992, 1993 Free Software Foundation, Inc.
-
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-
-# Usage: configure [--srcdir=DIR] [--host=HOST] [--gas] [--nfp] [--no-create]
-#        [--prefix=PREFIX] [--exec-prefix=PREFIX] [--with-PACKAGE] [TARGET]
-# Ignores all args except --srcdir, --prefix, --exec-prefix, --no-create, and
-# --with-PACKAGE unless this script has special code to handle it.
-
-
-for arg
-do
-  # Handle --exec-prefix with a space before the argument.
-  if test x$next_exec_prefix = xyes; then exec_prefix=$arg; next_exec_prefix=
-  # Handle --host with a space before the argument.
-  elif test x$next_host = xyes; then next_host=
-  # Handle --prefix with a space before the argument.
-  elif test x$next_prefix = xyes; then prefix=$arg; next_prefix=
-  # Handle --srcdir with a space before the argument.
-  elif test x$next_srcdir = xyes; then srcdir=$arg; next_srcdir=
-  else
-    case $arg in
-     # For backward compatibility, also recognize exact --exec_prefix.
-     -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* | --exec=* | --exe=* | --ex=* | --e=*)
-	exec_prefix=`echo $arg | sed 's/[-a-z_]*=//'` ;;
-     -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- | --exec | --exe | --ex | --e)
-	next_exec_prefix=yes ;;
-
-     -gas | --gas | --ga | --g) ;;
-
-     -host=* | --host=* | --hos=* | --ho=* | --h=*) ;;
-     -host | --host | --hos | --ho | --h)
-	next_host=yes ;;
-
-     -nfp | --nfp | --nf) ;;
-
-     -no-create | --no-create | --no-creat | --no-crea | --no-cre | --no-cr | --no-c | --no- | --no)
-        no_create=1 ;;
-
-     -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
-	prefix=`echo $arg | sed 's/[-a-z_]*=//'` ;;
-     -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
-	next_prefix=yes ;;
-
-     -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=* | --s=*)
-	srcdir=`echo $arg | sed 's/[-a-z_]*=//'` ;;
-     -srcdir | --srcdir | --srcdi | --srcd | --src | --sr | --s)
-	next_srcdir=yes ;;
-
-     -with-* | --with-*)
-       package=`echo $arg|sed 's/-*with-//'`
-       # Delete all the valid chars; see if any are left.
-       if test -n "`echo $package|sed 's/[-a-zA-Z0-9_]*//g'`"; then
-         echo "configure: $package: invalid package name" >&2; exit 1
-       fi
-       eval "with_`echo $package|sed s/-/_/g`=1" ;;
-
-     *) ;;
-    esac
-  fi
-done
-
-trap 'rm -f conftest* core; exit 1' 1 3 15
-
-rm -f conftest*
-compile='${CC-cc} $CFLAGS $DEFS conftest.c -o conftest $LIBS >/dev/null 2>&1'
-
-# A filename unique to this package, relative to the directory that
-# configure is in, which we can look for to find out if srcdir is correct.
-unique_file=regex.c
-
-# Find the source files, if location was not specified.
-if test -z "$srcdir"; then
-  srcdirdefaulted=yes
-  # Try the directory containing this script, then `..'.
-  prog=$0
-  confdir=`echo $prog|sed 's%/[^/][^/]*$%%'`
-  test "X$confdir" = "X$prog" && confdir=.
-  srcdir=$confdir
-  if test ! -r $srcdir/$unique_file; then
-    srcdir=..
-  fi
-fi
-if test ! -r $srcdir/$unique_file; then
-  if test x$srcdirdefaulted = xyes; then
-    echo "configure: Can not find sources in \`${confdir}' or \`..'." 1>&2
-  else
-    echo "configure: Can not find sources in \`${srcdir}'." 1>&2
-  fi
-  exit 1
-fi
-# Preserve a srcdir of `.' to avoid automounter screwups with pwd.
-# But we can't avoid them for `..', to make subdirectories work.
-case $srcdir in
-  .|/*|~*) ;;
-  *) srcdir=`cd $srcdir; pwd` ;; # Make relative path absolute.
-esac
-
-
-if test -z "$CC"; then
-  echo checking for gcc
-  saveifs="$IFS"; IFS="${IFS}:"
-  for dir in $PATH; do
-    test -z "$dir" && dir=.
-    if test -f $dir/gcc; then
-      CC="gcc"
-      break
-    fi
-  done
-  IFS="$saveifs"
-fi
-test -z "$CC" && CC="cc"
-
-# Find out if we are using GNU C, under whatever name.
-cat > conftest.c <<EOF
-#ifdef __GNUC__
-  yes
-#endif
-EOF
-${CC-cc} -E conftest.c > conftest.out 2>&1
-if egrep yes conftest.out >/dev/null 2>&1; then
-  GCC=1 # For later tests.
-fi
-rm -f conftest*
-
-# Make sure to not get the incompatible SysV /etc/install and
-# /usr/sbin/install, which might be in PATH before a BSD-like install,
-# or the SunOS /usr/etc/install directory, or the AIX /bin/install,
-# or the AFS install, which mishandles nonexistent args.  (Sigh.)
-if test -z "$INSTALL"; then
-  echo checking for install
-  saveifs="$IFS"; IFS="${IFS}:"
-  for dir in $PATH; do
-    test -z "$dir" && dir=.
-    case $dir in
-    /etc|/usr/sbin|/usr/etc|/usr/afsws/bin) ;;
-    *)
-      if test -f $dir/install; then
-	if grep dspmsg $dir/install >/dev/null 2>&1; then
-	  : # AIX
-	else
-	  INSTALL="$dir/install -c"
-	  INSTALL_PROGRAM='$(INSTALL)'
-	  INSTALL_DATA='$(INSTALL) -m 644'
-	  break
-	fi
-      fi
-      ;;
-    esac
-  done
-  IFS="$saveifs"
-fi
-INSTALL=${INSTALL-cp}
-INSTALL_PROGRAM=${INSTALL_PROGRAM-'$(INSTALL)'}
-INSTALL_DATA=${INSTALL_DATA-'$(INSTALL)'}
-
-
-echo checking for AIX
-echo checking how to run the C preprocessor
-if test -z "$CPP"; then
-  CPP='${CC-cc} -E'
-  cat > conftest.c <<EOF
-#include <stdio.h>
-EOF
-err=`eval "$CPP $DEFS conftest.c 2>&1 >/dev/null"`
-if test -z "$err"; then
-  :
-else
-  CPP=/lib/cpp
-fi
-rm -f conftest*
-fi
-
-cat > conftest.c <<EOF
-#ifdef _AIX
-  yes
-#endif
-
-EOF
-eval "$CPP $DEFS conftest.c > conftest.out 2>&1"
-if egrep "yes" conftest.out >/dev/null 2>&1; then
-  DEFS="$DEFS -D_ALL_SOURCE=1"
-fi
-rm -f conftest*
-
-
-echo checking for DYNIX/ptx libseq
-cat > conftest.c <<EOF
-#if defined(_SEQUENT_)
-  yes
-#endif
-
-EOF
-eval "$CPP $DEFS conftest.c > conftest.out 2>&1"
-if egrep "yes" conftest.out >/dev/null 2>&1; then
-  SEQUENT=1
-fi
-rm -f conftest*
-
-test -n "$SEQUENT" && test -f /usr/lib/libseq.a &&
-  LIBS="$LIBS -lseq"
-
-echo checking for POSIXized ISC
-if test -d /etc/conf/kconfig.d &&
-  grep _POSIX_VERSION /usr/include/sys/unistd.h >/dev/null 2>&1
-then
-  ISC=1 # If later tests want to check for ISC.
-  DEFS="$DEFS -D_POSIX_SOURCE=1"
-  if test -n "$GCC"; then
-    CC="$CC -posix"
-  else
-    CC="$CC -Xp"
-  fi
-fi
-
-echo checking for minix/config.h
-cat > conftest.c <<EOF
-#include <minix/config.h>
-EOF
-err=`eval "$CPP $DEFS conftest.c 2>&1 >/dev/null"`
-if test -z "$err"; then
-  MINIX=1
-fi
-rm -f conftest*
-
-# The Minix shell can't assign to the same variable on the same line!
-if test -n "$MINIX"; then
-  DEFS="$DEFS -D_POSIX_SOURCE=1"
-  DEFS="$DEFS -D_POSIX_1_SOURCE=2"
-  DEFS="$DEFS -D_MINIX=1"
-fi
-
-
-echo checking for ANSI C header files
-cat > conftest.c <<EOF
-#include <stdlib.h>
-#include <stdarg.h>
-#include <string.h>
-#include <float.h>
-EOF
-err=`eval "$CPP $DEFS conftest.c 2>&1 >/dev/null"`
-if test -z "$err"; then
-  # SunOS string.h does not declare mem*, contrary to ANSI.
-echo '#include <string.h>' > conftest.c
-eval "$CPP $DEFS conftest.c > conftest.out 2>&1"
-if egrep "memchr" conftest.out >/dev/null 2>&1; then
-  # SGI's /bin/cc from Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
-cat > conftest.c <<EOF
-#include <ctype.h>
-#define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
-#define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
-#define XOR(e,f) (((e) && !(f)) || (!(e) && (f)))
-int main () { int i; for (i = 0; i < 256; i++)
-if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) exit(2);
-exit (0); }
-
-EOF
-eval $compile
-if test -s conftest && (./conftest; exit) 2>/dev/null; then
-  DEFS="$DEFS -DSTDC_HEADERS=1"
-fi
-rm -f conftest*
-fi
-rm -f conftest*
-
-fi
-rm -f conftest*
-
-for hdr in string.h
-do
-trhdr=HAVE_`echo $hdr | tr '[a-z]./' '[A-Z]__'`
-echo checking for ${hdr}
-cat > conftest.c <<EOF
-#include <${hdr}>
-EOF
-err=`eval "$CPP $DEFS conftest.c 2>&1 >/dev/null"`
-if test -z "$err"; then
-  DEFS="$DEFS -D${trhdr}=1"
-fi
-rm -f conftest*
-done
-
-
-# The Ultrix 4.2 mips builtin alloca declared by alloca.h only works
-# for constant arguments.  Useless!
-echo checking for working alloca.h
-cat > conftest.c <<EOF
-#include <alloca.h>
-main() { exit(0); } 
-t() { char *p = alloca(2 * sizeof(int)); }
-EOF
-if eval $compile; then
-  DEFS="$DEFS -DHAVE_ALLOCA_H=1"
-fi
-rm -f conftest*
-
-decl="#ifdef __GNUC__
-#define alloca __builtin_alloca
-#else
-#if HAVE_ALLOCA_H
-#include <alloca.h>
-#else
-#ifdef _AIX
- #pragma alloca
-#else
-char *alloca ();
-#endif
-#endif
-#endif
-"
-echo checking for alloca
-cat > conftest.c <<EOF
-$decl
-main() { exit(0); } 
-t() { char *p = (char *) alloca(1); }
-EOF
-if eval $compile; then
-  :
-else
-  alloca_missing=1
-fi
-rm -f conftest*
-
-if test -n "$alloca_missing"; then
-  # The SVR3 libPW and SVR4 libucb both contain incompatible functions
-  # that cause trouble.  Some versions do not even contain alloca or
-  # contain a buggy version.  If you still want to use their alloca,
-  # use ar to extract alloca.o from them instead of compiling alloca.c.
-  ALLOCA=alloca.o
-fi
-
-prog='/* Ultrix mips cc rejects this.  */
-typedef int charset[2]; const charset x;
-/* SunOS 4.1.1 cc rejects this. */
-char const *const *p;
-char **p2;
-/* HPUX 7.0 cc rejects these. */
-++p;
-p2 = (char const* const*) p;'
-echo checking for working const
-cat > conftest.c <<EOF
-
-main() { exit(0); } 
-t() { $prog }
-EOF
-if eval $compile; then
-  :
-else
-  DEFS="$DEFS -Dconst="
-fi
-rm -f conftest*
-
-
-if test -z "$prefix"
-then
-  echo checking for gcc to derive installation directory prefix
-  saveifs="$IFS"; IFS="$IFS:"
-  for dir in $PATH; do
-    test -z "$dir" && dir=.
-    if test $dir != . && test -f $dir/gcc; then
-      # Not all systems have dirname.
-      prefix=`echo $dir|sed 's%/[^/][^/]*$%%'`
-      break
-    fi
-  done
-  IFS="$saveifs"
-fi
-
-
-if test -n "$prefix"; then
-  test -z "$exec_prefix" && exec_prefix='${prefix}'
-  prsub="s%^prefix\\([ 	]*\\)=\\([ 	]*\\).*$%prefix\\1=\\2$prefix%"
-fi
-if test -n "$exec_prefix"; then
-  prsub="$prsub
-s%^exec_prefix\\([ 	]*\\)=\\([ 	]*\\).*$%\
-exec_prefix\\1=\\2$exec_prefix%"
-fi
-
-trap 'rm -f config.status; exit 1' 1 3 15
-echo creating config.status
-rm -f config.status
-cat > config.status <<EOF
-#!/bin/sh
-# Generated automatically by configure.
-# Run this file to recreate the current configuration.
-# This directory was configured as follows,
-# on host `(hostname || uname -n) 2>/dev/null`:
-#
-# $0 $*
-
-for arg
-do
-  case "\$arg" in
-    -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
-    exec /bin/sh $0 $* ;;
-    *) echo "Usage: config.status --recheck" 2>&1; exit 1 ;;
-  esac
-done
-
-trap 'rm -f Makefile; exit 1' 1 3 15
-CC='$CC'
-INSTALL='$INSTALL'
-INSTALL_PROGRAM='$INSTALL_PROGRAM'
-INSTALL_DATA='$INSTALL_DATA'
-CPP='$CPP'
-ALLOCA='$ALLOCA'
-LIBS='$LIBS'
-srcdir='$srcdir'
-DEFS='$DEFS'
-prefix='$prefix'
-exec_prefix='$exec_prefix'
-prsub='$prsub'
-EOF
-cat >> config.status <<\EOF
-
-top_srcdir=$srcdir
-for file in .. Makefile; do if [ "x$file" != "x.." ]; then
-  srcdir=$top_srcdir
-  # Remove last slash and all that follows it.  Not all systems have dirname.
-  dir=`echo $file|sed 's%/[^/][^/]*$%%'`
-  if test "$dir" != "$file"; then
-    test "$top_srcdir" != . && srcdir=$top_srcdir/$dir
-    test ! -d $dir && mkdir $dir
-  fi
-  echo creating $file
-  rm -f $file
-  echo "# Generated automatically from `echo $file|sed 's|.*/||'`.in by configure." > $file
-  sed -e "
-$prsub
-s%@CC@%$CC%g
-s%@INSTALL@%$INSTALL%g
-s%@INSTALL_PROGRAM@%$INSTALL_PROGRAM%g
-s%@INSTALL_DATA@%$INSTALL_DATA%g
-s%@CPP@%$CPP%g
-s%@ALLOCA@%$ALLOCA%g
-s%@LIBS@%$LIBS%g
-s%@srcdir@%$srcdir%g
-s%@DEFS@%$DEFS%
-" $top_srcdir/${file}.in >> $file
-fi; done
-
-exit 0
-EOF
-chmod +x config.status
-test -n "$no_create" || ./config.status
-

extras/regex/configure.in

@@ -1,23 +0,0 @@
-dnl Process this file with autoconf to produce a configure script.
-AC_INIT(regex.c)
-
-AC_PROG_CC
-AC_PROG_INSTALL
-
-dnl I'm not sure if AC_AIX and AC_DYNIX_SEQ are really necessary.  The
-dnl Autoconf documentation isn't specific about which BSD functions they
-dnl provide.
-AC_AIX
-AC_DYNIX_SEQ
-AC_ISC_POSIX
-AC_MINIX
-
-AC_STDC_HEADERS
-AC_HAVE_HEADERS(string.h)
-
-AC_ALLOCA
-AC_CONST
-
-AC_PREFIX(gcc)
-
-AC_OUTPUT(Makefile doc/Makefile test/Makefile)

extras/regex/moo/Makefile

@@ -1,4 +0,0 @@
-clean:
-default:
-all:
-	echo "."

extras/regex/regex.h

@@ -1,490 +0,0 @@
-/* Definitions for data structures and routines for the regular
-   expression library, version 0.12.
-
-   Copyright (C) 1985, 1989, 1990, 1991, 1992, 1993 Free Software Foundation, Inc.
-
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2, or (at your option)
-   any later version.
-
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.  */
-
-#ifndef __REGEXP_LIBRARY_H__
-#define __REGEXP_LIBRARY_H__
-
-/* POSIX says that <sys/types.h> must be included (by the caller) before
-   <regex.h>.  */
-
-#ifdef VMS
-/* VMS doesn't have `size_t' in <sys/types.h>, even though POSIX says it
-   should be there.  */
-#include <stddef.h>
-#endif
-
-
-/* The following bits are used to determine the regexp syntax we
-   recognize.  The set/not-set meanings are chosen so that Emacs syntax
-   remains the value 0.  The bits are given in alphabetical order, and
-   the definitions shifted by one from the previous bit; thus, when we
-   add or remove a bit, only one other definition need change.  */
-typedef unsigned reg_syntax_t;
-
-/* If this bit is not set, then \ inside a bracket expression is literal.
-   If set, then such a \ quotes the following character.  */
-#define RE_BACKSLASH_ESCAPE_IN_LISTS (1)
-
-/* If this bit is not set, then + and ? are operators, and \+ and \? are
-     literals. 
-   If set, then \+ and \? are operators and + and ? are literals.  */
-#define RE_BK_PLUS_QM (RE_BACKSLASH_ESCAPE_IN_LISTS << 1)
-
-/* If this bit is set, then character classes are supported.  They are:
-     [:alpha:], [:upper:], [:lower:],  [:digit:], [:alnum:], [:xdigit:],
-     [:space:], [:print:], [:punct:], [:graph:], and [:cntrl:].
-   If not set, then character classes are not supported.  */
-#define RE_CHAR_CLASSES (RE_BK_PLUS_QM << 1)
-
-/* If this bit is set, then ^ and $ are always anchors (outside bracket
-     expressions, of course).
-   If this bit is not set, then it depends:
-        ^  is an anchor if it is at the beginning of a regular
-           expression or after an open-group or an alternation operator;
-        $  is an anchor if it is at the end of a regular expression, or
-           before a close-group or an alternation operator.  
-
-   This bit could be (re)combined with RE_CONTEXT_INDEP_OPS, because
-   POSIX draft 11.2 says that * etc. in leading positions is undefined.
-   We already implemented a previous draft which made those constructs
-   invalid, though, so we haven't changed the code back.  */
-#define RE_CONTEXT_INDEP_ANCHORS (RE_CHAR_CLASSES << 1)
-
-/* If this bit is set, then special characters are always special
-     regardless of where they are in the pattern.
-   If this bit is not set, then special characters are special only in
-     some contexts; otherwise they are ordinary.  Specifically, 
-     * + ? and intervals are only special when not after the beginning,
-     open-group, or alternation operator.  */
-#define RE_CONTEXT_INDEP_OPS (RE_CONTEXT_INDEP_ANCHORS << 1)
-
-/* If this bit is set, then *, +, ?, and { cannot be first in an re or
-     immediately after an alternation or begin-group operator.  */
-#define RE_CONTEXT_INVALID_OPS (RE_CONTEXT_INDEP_OPS << 1)
-
-/* If this bit is set, then . matches newline.
-   If not set, then it doesn't.  */
-#define RE_DOT_NEWLINE (RE_CONTEXT_INVALID_OPS << 1)
-
-/* If this bit is set, then . doesn't match NUL.
-   If not set, then it does.  */
-#define RE_DOT_NOT_NULL (RE_DOT_NEWLINE << 1)
-
-/* If this bit is set, nonmatching lists [^...] do not match newline.
-   If not set, they do.  */
-#define RE_HAT_LISTS_NOT_NEWLINE (RE_DOT_NOT_NULL << 1)
-
-/* If this bit is set, either \{...\} or {...} defines an
-     interval, depending on RE_NO_BK_BRACES. 
-   If not set, \{, \}, {, and } are literals.  */
-#define RE_INTERVALS (RE_HAT_LISTS_NOT_NEWLINE << 1)
-
-/* If this bit is set, +, ? and | aren't recognized as operators.
-   If not set, they are.  */
-#define RE_LIMITED_OPS (RE_INTERVALS << 1)
-
-/* If this bit is set, newline is an alternation operator.
-   If not set, newline is literal.  */
-#define RE_NEWLINE_ALT (RE_LIMITED_OPS << 1)
-
-/* If this bit is set, then `{...}' defines an interval, and \{ and \}
-     are literals.
-  If not set, then `\{...\}' defines an interval.  */
-#define RE_NO_BK_BRACES (RE_NEWLINE_ALT << 1)
-
-/* If this bit is set, (...) defines a group, and \( and \) are literals.
-   If not set, \(...\) defines a group, and ( and ) are literals.  */
-#define RE_NO_BK_PARENS (RE_NO_BK_BRACES << 1)
-
-/* If this bit is set, then \<digit> matches <digit>.
-   If not set, then \<digit> is a back-reference.  */
-#define RE_NO_BK_REFS (RE_NO_BK_PARENS << 1)
-
-/* If this bit is set, then | is an alternation operator, and \| is literal. 
-   If not set, then \| is an alternation operator, and | is literal.  */
-#define RE_NO_BK_VBAR (RE_NO_BK_REFS << 1)
-
-/* If this bit is set, then an ending range point collating higher
-     than the starting range point, as in [z-a], is invalid.
-   If not set, then when ending range point collates higher than the
-     starting range point, the range is ignored.  */
-#define RE_NO_EMPTY_RANGES (RE_NO_BK_VBAR << 1)
-
-/* If this bit is set, then an unmatched ) is ordinary.
-   If not set, then an unmatched ) is invalid.  */
-#define RE_UNMATCHED_RIGHT_PAREN_ORD (RE_NO_EMPTY_RANGES << 1)
-
-/* This global variable defines the particular regexp syntax to use (for
-   some interfaces).  When a regexp is compiled, the syntax used is
-   stored in the pattern buffer, so changing this does not affect
-   already-compiled regexps.  */
-extern reg_syntax_t re_syntax_options;
-
-/* Define combinations of the above bits for the standard possibilities.
-   (The [[[ comments delimit what gets put into the Texinfo file, so
-   don't delete them!)  */ 
-/* [[[begin syntaxes]]] */
-#define RE_SYNTAX_EMACS 0
-
-#define RE_SYNTAX_AWK							\
-  (RE_BACKSLASH_ESCAPE_IN_LISTS | RE_DOT_NOT_NULL			\
-   | RE_NO_BK_PARENS            | RE_NO_BK_REFS				\
-   | RE_NO_BK_VBAR               | RE_NO_EMPTY_RANGES			\
-   | RE_UNMATCHED_RIGHT_PAREN_ORD)
-
-#define RE_SYNTAX_POSIX_AWK 						\
-  (RE_SYNTAX_POSIX_EXTENDED | RE_BACKSLASH_ESCAPE_IN_LISTS)
-
-#define RE_SYNTAX_GREP							\
-  (RE_BK_PLUS_QM              | RE_CHAR_CLASSES				\
-   | RE_HAT_LISTS_NOT_NEWLINE | RE_INTERVALS				\
-   | RE_NEWLINE_ALT)
-
-#define RE_SYNTAX_EGREP							\
-  (RE_CHAR_CLASSES        | RE_CONTEXT_INDEP_ANCHORS			\
-   | RE_CONTEXT_INDEP_OPS | RE_HAT_LISTS_NOT_NEWLINE			\
-   | RE_NEWLINE_ALT       | RE_NO_BK_PARENS				\
-   | RE_NO_BK_VBAR)
-
-#define RE_SYNTAX_POSIX_EGREP						\
-  (RE_SYNTAX_EGREP | RE_INTERVALS | RE_NO_BK_BRACES)
-
-/* P1003.2/D11.2, section 4.20.7.1, lines 5078ff.  */
-#define RE_SYNTAX_ED RE_SYNTAX_POSIX_BASIC
-
-#define RE_SYNTAX_SED RE_SYNTAX_POSIX_BASIC
-
-/* Syntax bits common to both basic and extended POSIX regex syntax.  */
-#define _RE_SYNTAX_POSIX_COMMON						\
-  (RE_CHAR_CLASSES | RE_DOT_NEWLINE      | RE_DOT_NOT_NULL		\
-   | RE_INTERVALS  | RE_NO_EMPTY_RANGES)
-
-#define RE_SYNTAX_POSIX_BASIC						\
-  (_RE_SYNTAX_POSIX_COMMON | RE_BK_PLUS_QM)
-
-/* Differs from ..._POSIX_BASIC only in that RE_BK_PLUS_QM becomes
-   RE_LIMITED_OPS, i.e., \? \+ \| are not recognized.  Actually, this
-   isn't minimal, since other operators, such as \`, aren't disabled.  */
-#define RE_SYNTAX_POSIX_MINIMAL_BASIC					\
-  (_RE_SYNTAX_POSIX_COMMON | RE_LIMITED_OPS)
-
-#define RE_SYNTAX_POSIX_EXTENDED					\
-  (_RE_SYNTAX_POSIX_COMMON | RE_CONTEXT_INDEP_ANCHORS			\
-   | RE_CONTEXT_INDEP_OPS  | RE_NO_BK_BRACES				\
-   | RE_NO_BK_PARENS       | RE_NO_BK_VBAR				\
-   | RE_UNMATCHED_RIGHT_PAREN_ORD)
-
-/* Differs from ..._POSIX_EXTENDED in that RE_CONTEXT_INVALID_OPS
-   replaces RE_CONTEXT_INDEP_OPS and RE_NO_BK_REFS is added.  */
-#define RE_SYNTAX_POSIX_MINIMAL_EXTENDED				\
-  (_RE_SYNTAX_POSIX_COMMON  | RE_CONTEXT_INDEP_ANCHORS			\
-   | RE_CONTEXT_INVALID_OPS | RE_NO_BK_BRACES				\
-   | RE_NO_BK_PARENS        | RE_NO_BK_REFS				\
-   | RE_NO_BK_VBAR	    | RE_UNMATCHED_RIGHT_PAREN_ORD)
-/* [[[end syntaxes]]] */
-
-/* Maximum number of duplicates an interval can allow.  Some systems
-   (erroneously) define this in other header files, but we want our
-   value, so remove any previous define.  */
-#ifdef RE_DUP_MAX
-#undef RE_DUP_MAX
-#endif
-#define RE_DUP_MAX ((1 << 15) - 1) 
-
-
-/* POSIX `cflags' bits (i.e., information for `regcomp').  */
-
-/* If this bit is set, then use extended regular expression syntax.
-   If not set, then use basic regular expression syntax.  */
-#define REG_EXTENDED 1
-
-/* If this bit is set, then ignore case when matching.
-   If not set, then case is significant.  */
-#define REG_ICASE (REG_EXTENDED << 1)
- 
-/* If this bit is set, then anchors do not match at newline
-     characters in the string.
-   If not set, then anchors do match at newlines.  */
-#define REG_NEWLINE (REG_ICASE << 1)
-
-/* If this bit is set, then report only success or fail in regexec.
-   If not set, then returns differ between not matching and errors.  */
-#define REG_NOSUB (REG_NEWLINE << 1)
-
-
-/* POSIX `eflags' bits (i.e., information for regexec).  */
-
-/* If this bit is set, then the beginning-of-line operator doesn't match
-     the beginning of the string (presumably because it's not the
-     beginning of a line).
-   If not set, then the beginning-of-line operator does match the
-     beginning of the string.  */
-#define REG_NOTBOL 1
-
-/* Like REG_NOTBOL, except for the end-of-line.  */
-#define REG_NOTEOL (1 << 1)
-
-
-/* If any error codes are removed, changed, or added, update the
-   `re_error_msg' table in regex.c.  */
-typedef enum
-{
-  REG_NOERROR = 0,	/* Success.  */
-  REG_NOMATCH,		/* Didn't find a match (for regexec).  */
-
-  /* POSIX regcomp return error codes.  (In the order listed in the
-     standard.)  */
-  REG_BADPAT,		/* Invalid pattern.  */
-  REG_ECOLLATE,		/* Not implemented.  */
-  REG_ECTYPE,		/* Invalid character class name.  */
-  REG_EESCAPE,		/* Trailing backslash.  */
-  REG_ESUBREG,		/* Invalid back reference.  */
-  REG_EBRACK,		/* Unmatched left bracket.  */
-  REG_EPAREN,		/* Parenthesis imbalance.  */ 
-  REG_EBRACE,		/* Unmatched \{.  */
-  REG_BADBR,		/* Invalid contents of \{\}.  */
-  REG_ERANGE,		/* Invalid range end.  */
-  REG_ESPACE,		/* Ran out of memory.  */
-  REG_BADRPT,		/* No preceding re for repetition op.  */
-
-  /* Error codes we've added.  */
-  REG_EEND,		/* Premature end.  */
-  REG_ESIZE,		/* Compiled pattern bigger than 2^16 bytes.  */
-  REG_ERPAREN		/* Unmatched ) or \); not returned from regcomp.  */
-} reg_errcode_t;
-
-/* This data structure represents a compiled pattern.  Before calling
-   the pattern compiler, the fields `buffer', `allocated', `fastmap',
-   `translate', and `no_sub' can be set.  After the pattern has been
-   compiled, the `re_nsub' field is available.  All other fields are
-   private to the regex routines.  */
-
-struct re_pattern_buffer
-{
-/* [[[begin pattern_buffer]]] */
-	/* Space that holds the compiled pattern.  It is declared as
-          `unsigned char *' because its elements are
-           sometimes used as array indexes.  */
-  unsigned char *buffer;
-
-	/* Number of bytes to which `buffer' points.  */
-  unsigned long allocated;
-
-	/* Number of bytes actually used in `buffer'.  */
-  unsigned long used;	
-
-        /* Syntax setting with which the pattern was compiled.  */
-  reg_syntax_t syntax;
-
-        /* Pointer to a fastmap, if any, otherwise zero.  re_search uses
-           the fastmap, if there is one, to skip over impossible
-           starting points for matches.  */
-  char *fastmap;
-
-        /* Either a translate table to apply to all characters before
-           comparing them, or zero for no translation.  The translation
-           is applied to a pattern when it is compiled and to a string
-           when it is matched.  */
-  char *translate;
-
-	/* Number of subexpressions found by the compiler.  */
-  size_t re_nsub;
-
-        /* Zero if this pattern cannot match the empty string, one else.
-           Well, in truth it's used only in `re_search_2', to see
-           whether or not we should use the fastmap, so we don't set
-           this absolutely perfectly; see `re_compile_fastmap' (the
-           `duplicate' case).  */
-  unsigned can_be_null : 1;
-
-        /* If REGS_UNALLOCATED, allocate space in the `regs' structure
-             for `max (RE_NREGS, re_nsub + 1)' groups.
-           If REGS_REALLOCATE, reallocate space if necessary.
-           If REGS_FIXED, use what's there.  */
-#define REGS_UNALLOCATED 0
-#define REGS_REALLOCATE 1
-#define REGS_FIXED 2
-  unsigned regs_allocated : 2;
-
-        /* Set to zero when `regex_compile' compiles a pattern; set to one
-           by `re_compile_fastmap' if it updates the fastmap.  */
-  unsigned fastmap_accurate : 1;
-
-        /* If set, `re_match_2' does not return information about
-           subexpressions.  */
-  unsigned no_sub : 1;
-
-        /* If set, a beginning-of-line anchor doesn't match at the
-           beginning of the string.  */ 
-  unsigned not_bol : 1;
-
-        /* Similarly for an end-of-line anchor.  */
-  unsigned not_eol : 1;
-
-        /* If true, an anchor at a newline matches.  */
-  unsigned newline_anchor : 1;
-
-/* [[[end pattern_buffer]]] */
-};
-
-typedef struct re_pattern_buffer regex_t;
-
-
-/* search.c (search_buffer) in Emacs needs this one opcode value.  It is
-   defined both in `regex.c' and here.  */
-#define RE_EXACTN_VALUE 1
-
-/* Type for byte offsets within the string.  POSIX mandates this.  */
-typedef int regoff_t;
-
-
-/* This is the structure we store register match data in.  See
-   regex.texinfo for a full description of what registers match.  */
-struct re_registers
-{
-  unsigned num_regs;
-  regoff_t *start;
-  regoff_t *end;
-};
-
-
-/* If `regs_allocated' is REGS_UNALLOCATED in the pattern buffer,
-   `re_match_2' returns information about at least this many registers
-   the first time a `regs' structure is passed.  */
-#ifndef RE_NREGS
-#define RE_NREGS 30
-#endif
-
-
-/* POSIX specification for registers.  Aside from the different names than
-   `re_registers', POSIX uses an array of structures, instead of a
-   structure of arrays.  */
-typedef struct
-{
-  regoff_t rm_so;  /* Byte offset from string's start to substring's start.  */
-  regoff_t rm_eo;  /* Byte offset from string's start to substring's end.  */
-} regmatch_t;
-
-/* Declarations for routines.  */
-
-/* To avoid duplicating every routine declaration -- once with a
-   prototype (if we are ANSI), and once without (if we aren't) -- we
-   use the following macro to declare argument types.  This
-   unfortunately clutters up the declarations a bit, but I think it's
-   worth it.  */
-
-#if __STDC__
-
-#define _RE_ARGS(args) args
-
-#else /* not __STDC__ */
-
-#define _RE_ARGS(args) ()
-
-#endif /* not __STDC__ */
-
-/* Sets the current default syntax to SYNTAX, and return the old syntax.
-   You can also simply assign to the `re_syntax_options' variable.  */
-extern reg_syntax_t re_set_syntax _RE_ARGS ((reg_syntax_t syntax));
-
-/* Compile the regular expression PATTERN, with length LENGTH
-   and syntax given by the global `re_syntax_options', into the buffer
-   BUFFER.  Return NULL if successful, and an error string if not.  */
-extern const char *re_compile_pattern
-  _RE_ARGS ((const char *pattern, int length,
-             struct re_pattern_buffer *buffer));
-
-
-/* Compile a fastmap for the compiled pattern in BUFFER; used to
-   accelerate searches.  Return 0 if successful and -2 if was an
-   internal error.  */
-extern int re_compile_fastmap _RE_ARGS ((struct re_pattern_buffer *buffer));
-
-
-/* Search in the string STRING (with length LENGTH) for the pattern
-   compiled into BUFFER.  Start searching at position START, for RANGE
-   characters.  Return the starting position of the match, -1 for no
-   match, or -2 for an internal error.  Also return register
-   information in REGS (if REGS and BUFFER->no_sub are nonzero).  */
-extern int re_search
-  _RE_ARGS ((struct re_pattern_buffer *buffer, const char *string,
-            int length, int start, int range, struct re_registers *regs));
-
-
-/* Like `re_search', but search in the concatenation of STRING1 and
-   STRING2.  Also, stop searching at index START + STOP.  */
-extern int re_search_2
-  _RE_ARGS ((struct re_pattern_buffer *buffer, const char *string1,
-             int length1, const char *string2, int length2,
-             int start, int range, struct re_registers *regs, int stop));
-
-
-/* Like `re_search', but return how many characters in STRING the regexp
-   in BUFFER matched, starting at position START.  */
-extern int re_match
-  _RE_ARGS ((struct re_pattern_buffer *buffer, const char *string,
-             int length, int start, struct re_registers *regs));
-
-
-/* Relates to `re_match' as `re_search_2' relates to `re_search'.  */
-extern int re_match_2 
-  _RE_ARGS ((struct re_pattern_buffer *buffer, const char *string1,
-             int length1, const char *string2, int length2,
-             int start, struct re_registers *regs, int stop));
-
-
-/* Set REGS to hold NUM_REGS registers, storing them in STARTS and
-   ENDS.  Subsequent matches using BUFFER and REGS will use this memory
-   for recording register information.  STARTS and ENDS must be
-   allocated with malloc, and must each be at least `NUM_REGS * sizeof
-   (regoff_t)' bytes long.
-
-   If NUM_REGS == 0, then subsequent matches should allocate their own
-   register data.
-
-   Unless this function is called, the first search or match using
-   PATTERN_BUFFER will allocate its own register data, without
-   freeing the old data.  */
-extern void re_set_registers
-  _RE_ARGS ((struct re_pattern_buffer *buffer, struct re_registers *regs,
-             unsigned num_regs, regoff_t *starts, regoff_t *ends));
-
-/* 4.2 bsd compatibility.  */
-extern char *re_comp _RE_ARGS ((const char *));
-extern int re_exec _RE_ARGS ((const char *));
-
-/* POSIX compatibility.  */
-extern int regcomp _RE_ARGS ((regex_t *preg, const char *pattern, int cflags));
-extern int regexec
-  _RE_ARGS ((const regex_t *preg, const char *string, size_t nmatch,
-             regmatch_t pmatch[], int eflags));
-extern size_t regerror
-  _RE_ARGS ((int errcode, const regex_t *preg, char *errbuf,
-             size_t errbuf_size));
-extern void regfree _RE_ARGS ((regex_t *preg));
-
-#endif /* not __REGEXP_LIBRARY_H__ */
-
-/*
-Local variables:
-make-backup-files: t
-version-control: t
-trim-versions-without-asking: nil
-End:
-*/

extras/security/apparmor/unrealircd

@@ -1,12 +1,12 @@
-# AppArmor profile for UnrealIRCd 4.0.16+
+# AppArmor profile for UnrealIRCd 6
 #
 # Note that you may still see some DENIED warnings in logs with
 # operation="chmod". These are harmless and can be safely ignored.
 #
-# Tested on Ubuntu 16.x and 17.x
+# Tested on Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS
 #
-# NOTE: you will have to modify the path to executable below
-#       if it's not /home/ircd/unrealircd/bin/unrealircd.
+# IMPORTANT: you will have to modify the path to executable below
+#            if it's not /home/ircd/unrealircd/bin/unrealircd !
 
 #include <tunables/global>
 
@@ -17,8 +17,7 @@
 
   @{HOME}/unrealircd/conf/ r,
   @{HOME}/unrealircd/conf/** r,
-  @{HOME}/unrealircd/data/ircd.tune rw,
-  @{HOME}/unrealircd/data/unrealircd.pid rw,
+  @{HOME}/unrealircd/data/** rw,
   @{HOME}/unrealircd/lib/*.so* mr,
   @{HOME}/unrealircd/logs/* rw,
   @{HOME}/unrealircd/modules/**.so r,

extras/startup/unrealircd.service

@@ -0,0 +1,41 @@
+# Systemd service for UnrealIRCd
+# To use this:
+# 1) Adjust user/group/paths under [Service] if needed.
+# 2) Then run the following commands as root:
+#    cp -av unrealircd.service /etc/systemd/system/
+#    systemctl daemon-reload
+#    systemctl enable unrealircd.service
+#    systemctl start unrealircd.service
+
+[Unit]
+Description=UnrealIRCd
+Documentation=https://www.unrealircd.org/
+Description=UnrealIRCd IRC Server
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+# If needed, change 'ircd' to your unrealircd user and adjust paths:
+User=ircd
+Group=ircd
+ExecStart=/home/ircd/unrealircd/bin/unrealircd -F
+
+# These settings should be fine for everyone
+Type=simple
+Restart=on-failure
+RestartSec=5s
+LimitNOFILE=65536
+ExecReload=/bin/kill -HUP $MAINPID
+ExecStop=/bin/kill -TERM $MAINPID
+NoNewPrivileges=true
+PrivateTmp=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true
+LockPersonality=true
+MemoryDenyWriteExecute=true
+RestrictRealtime=true
+ProtectSystem=strict
+
+[Install]
+WantedBy=default.target

extras/startup/unrealircd_user.service

@@ -0,0 +1,37 @@
+# Systemd service for UnrealIRCd (user service)
+#
+# This is the USER service. You can use this if you don't have root
+# on the machine (otherwise, people usually use the other
+# unrealircd.service system unit instead).
+#
+# To install:
+# 1) Adjust the ExecStart= line below, if your unrealircd isn't
+#    installed in ~/unrealircd/
+# 2) Then run the following commands (as a regular user):
+#    loginctl enable-linger
+#    mkdir -p ~/.config/systemd/user
+#    cp unrealircd_user.service ~/.config/systemd/user/unrealircd.service
+#    systemctl --user daemon-reload
+#    systemctl --user enable unrealircd.service
+#    systemctl --user start unrealircd.service
+
+[Unit]
+Description=UnrealIRCd
+Documentation=https://www.unrealircd.org/
+Description=UnrealIRCd IRC Server (user service)
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+# Adjust this if unrealircd is installed somewhere else:
+ExecStart=%h/unrealircd/bin/unrealircd -F
+
+Type=simple
+Restart=on-failure
+RestartSec=5s
+LimitNOFILE=65536
+ExecReload=/bin/kill -HUP $MAINPID
+ExecStop=/bin/kill -TERM $MAINPID
+
+[Install]
+WantedBy=default.target