addresses specified in the Interface line of sbbs.ini for the server.

New Features:
- Multiple bindings for each service
  Use comma-separated interfaces on Interface= lines in the ini file.
  Default is now "0.0.0.0,::"
- IPv6 support
- TLS support for the webserver and (non-static) services
  New TLS option in services.ini (ie: Options=TLS)
- Decrease LEN_SCAN_CMD to 35 chars, increase the CID field to 45 chars,
  and rename the MAIL_CMD string to IPADDR.  I think this frees up the
  note field for SysOp use.

in scenarios where the tagfile may be used (e.g. not editing extended file
descriptions). This should allow SlyEdit and other extenal message editors
to detect the support for the editor.tag file dynamically rather than by
using the Synchronet version number. If the 7th line is blank or non-existent,
then the external editor tag file is not supported.
Overhauled editor_inf() to use a file stream/fprintf.

scanposts(), and listsub(). These functions are exposed in the JS 'bbs' object
as scan_subs(), scan_msgs(), and list_msgs().
Wherease previously, all of "your messages" (messages addressed to you)
would be found/displayed if the user answered (Y)es to the "Subjects Only?"
prompt, and only un-read message (to you) would be displayed if they answered
(N)o to the "Subjects Only?", providing long-standing confusion about the
different behavior, now the user is prompted whether to display un-read
messages only (in scansubs/scanallsubs), and in the case of the logon
question to "Search all subs for un-read messages to you?", only un-read
messages are listed/displayed, regardless of how the user answers the
"Subjects Only?" question.
SCAN_UNREAD is only applicable when combined with SCAN_TOYOU.

Added new commands to the msg reading prompt: 'N' (list new messages), 'U'
list un-read messages to-you.

2 new text.dat entries: DisplayUnreadMessagesOnlyQ and NoMessagesFound

Optionally, external modules may be executed in place of "built-in" operations
for:
- reading mail (email or netmail)
- scanning posts (searching/scanning/reading a single sub-board)
- scanning sub-boards (all, one, or a group)

Each of these may be configured (in SCFG->System->Loadable Modules)
with command-line options for a total length of up to 63 characters.

Note to module programmers: each module here will be passed additional
command-line arguments to indicate how or why the user operation was invoked.

For the Reading Mail module, the 'which' value (in decimal) and the user-number
is passed (in decimal). Usually the user-number will be the current user logged
in, but not always (e.g. if the user is a sysop and reading other user's mail).
The 'which' values (defined in load/sbbsdefs.js) of MAIL_YOUR, MAIL_SENT,
and MAIL_ALL must be handled (MAIL_ANY won't be used).

For the Scan Posts module, the sub-board number and scan mode (both in decimal)
and the 'find' string (text being searched for) are passed as arguments
(in that order). The scan mode values (defined in sbbsdefs.js) are the same as
those supported by bbs.scan_posts(). All of the values should be supported
and they can be combined (e.g. SCAN_CONST|SCAN_NEW
and SCAN_NEW|SCAN_TOYOU). The 'find' string is only used if the SCAN_FIND mode
bit is set. It is the responsibilty of the module (if configured) to enforce
sub-board read access restrictions.

For the Scan Subs module, the first argument is 1 if "all subs" are being
scanned, 0 otherwise (normally the user is prompted for the breadth of the
scan in this case, but that's up to the module author), and the scan 'mode' is
passed in decimal, in that order. If the SCAN_FIND mode flag is passed in, this
module should prompt the user for the text string to search for. If this module
is not configured, the Scan Posts module will be executed for each sub-board
scanned.

Recursion protection was added, so it is actually possible for the Read Mail
module, for example, to call bbs.read_mail() and it'll work, but why would you?

If any of these user operations are initiated during logon, at the request of
Baja or JavaScript module, or whatever, and if the module is actually
configured (and not already executing to handle the operation), the module
will be executed in-place-of the built-in functionality. Feedback welcome,

scripts global scope (as opposed to js.global which is the instance global
scope), and having exit() define exit_code in js.scope instead of js.global.

This also sets exit_code in js.scope to null when preparing to execute a new
script.  If a new script starts in the same scope as an old one, the old
exit_code value will be destroyed.

This should only impact scripts where js.global != js.scope (bbs.exec()ed,
and mailsrvr)

(part of previous commit of main.cpp)

destroy the ssh_mutex (which was not initialized).

- this option has been a default option flag for 10 years
- this option was introduced *before* the RLogin password capability
- Synchronet now always expects the login-ID (alias) to be the 2nd string
received during RLogin connections (called 'server-user-name' in RFC 1282.
* Now storing the complete terminal type/speed string received during RLogin
connection in the bbs.rlogin_terminal property (sbbs_t.rlogin_term in C++).
* bbs.rlogin_gate() is over-hauled:
- arguments are: address, client-user-name, server-user-name, terminal, mode
- if existing JS module assumes this to be: address, server-user-name, password
  those scripts will need to be updated to reflect the correct argument order
- all arguments beyond the first are now optional
- the terminal string can now be passed-in
* Deprecated the telnet gateway option: TG_SENDPASS (the 'password' if desired
to be sent as the 'client-user-name' can be specified as an argument and this
option sent the password as the *second* RLogin string ('server-user-name'),
which was always wrong.
* sbbs_t::telnet() can now accept the terminal string as an optional argument.

Added new telgate flag: TG_NOLF.

added bbs.rlogin_gate method: bbs.rlogin(addr,user,pass,mode);
disable "raw input" mode for rlogin_gate connections. not sure why this is the fix or why it was the problem, but no side effects are noted at this time.

super-strangeness with the previously unfucked matchuser().

and trucates there.

and always NULL terminating.  This macro will handle embedded NULLs.

Also, add a HANDLE_PENDING(cx) to return JS_FALSE if an exception is pending

The calling code must check JS_IsExceptionPending(cx) and return JS_FALSE

alloca()ed ones.

realloced variables for tracking QWKnet nodes discovered while importing msgs,
but multiple terminal server nodes/events calling this function concurrently
could clearly corrupt these variables and cause realloc errors and crashes.
Now using members of sbbs_t for node/event instance specific QWKnet
node tracking for the route.dat updates (a rarely used feature nowadays).

I've likely broken something though, so if you see weird behaviour with
extended ASCII, let me know please.

unmoderated message in a sub.

ssh session.

user.security and move a general function to support it into str_util.c

global object exits.

This fixes a problem where the terminal server reuses the same global object
for all JS scripts, and they uses nested exec()s.  When the innermost script
would exit, the on_exit evals would occure in IT'S scope rather than in the
scope it was defined in, resulting in incorrect behaviour.

(throws an "Error: Insufficient Arguments" exception) in js_global.c so
all JSNative functions call call it.

Also add a function which calls JS_GetContextPrivate and throws an exception
if it returns NULL.

Previously, when either of these happened, the function silently did
nothing.

regardless of security level setting.
When run out of lines when creating/editing a file or msg, print a more
meaningful message, in text.dat update  (with the max lines allowed).

and leave it rooted until the script is done or the context is destroyed.

This should clean up crashes before a script starts (ie: While creating
common objects)

has its own functional "too much recursion" detection.
Replaced "branch callback" stuff with "operational callback".
JavaScriptBranchLimit has been replaced with JavaScriptTimeLimit
(default value: 24 hours)

Perviously, if the argument to a number of bbs.* functions was not a valid
number, Synchronet would silently ignore the parameter and treat it as though
it was not specified.

The new behaviour was to use the value as a number.  However, the old code
caused the exception triggered by an inability to convert the number to
be pending until after the return (the JS_Native didn't return JS_FALSE) so
a try/catch block aorund it would not catch the exception.

The new new behaviour is to throw the exception immediately so it can be
caught and handled correctly.

all exported functions and data types using a 32-bit time_t (time32_t).
(part 2 of 2)

warning C4244: '=' : conversion from 'const jschar' to 'char', possible loss of data
Only include JS headers when building a module that needs them
(i.e. JAVASCRIPT is defined).