file (in .can file format) which lists IP addresses or hostnames which will
be exempt from temporary bans or permanent filters.

- Never ban the server's own address
- Log the login attempt and last name attempted
- Use a compressed version of the HH:MM:SS "time remaining" portion of the log
  message

By default, after 20 consecutive (unique) failed login attempts, *or*
a failed login attempt wtih a name from the name.can filter file.
The default temporary ban duration is 10 minutes.
The temporary ban thershold is configurable via LoginAttemptTempBanThreshold
in sbbs.ini and the ban duration is configurable via LoginAttemptTempBanDuration
(in seconds).

the constructor things.  This allows TLS-enabled services to work correctly,
and removes an ugly hack from the web server.

There's still an odd issue with the NNTP service when using TLS though.

to errorlog() so the data/error.log is less ambiguous about where an error
occurred.

addresses specified in the Interface line of sbbs.ini for the server.

before re-reading them.

xpms_add_chararray_list instead.  Prevents having to free string lists
in the sbbs.ini parsing code.

leaving the |<port>| in the string causes inet_addr() to fail, breaking
active FTP transfers.

New Features:
- Multiple bindings for each service
  Use comma-separated interfaces on Interface= lines in the ini file.
  Default is now "0.0.0.0,::"
- IPv6 support
- TLS support for the webserver and (non-static) services
  New TLS option in services.ini (ie: Options=TLS)
- Decrease LEN_SCAN_CMD to 35 chars, increase the CID field to 45 chars,
  and rename the MAIL_CMD string to IPADDR.  I think this frees up the
  note field for SysOp use.

MinFileSize and MaxFileSize keys in the [ftp] section of the ctrl/sbbs.ini file
these values default to 0 which effectively applies no min/max to uploaded
files. Set MinFileSize to 11 to defeat the recent penetration testing seen
uploading 10 byte files with random filenames (8 alpha cars ending in ".txt")
with 8 alpha chars in the file, followed by a CRLF pair for a total size of 10
bytes.
Fixed bug whereby failed/aborted uploaded files would be left (not deleted).
Log errors when any file deletion fails in the FTP server.

scripts global scope (as opposed to js.global which is the instance global
scope), and having exit() define exit_code in js.scope instead of js.global.

This also sets exit_code in js.scope to null when preparing to execute a new
script.  If a new script starts in the same scope as an old one, the old
exit_code value will be destroyed.

This should only impact scripts where js.global != js.scope (bbs.exec()ed,
and mailsrvr)

logged in via FTP. This affected: posts_today, emails_today, free_credits,
timeon_today, and extra time values (e.g. posts_today would contnue to
accumulate potentially affecting the users ability to post via FTP-uploaded REP
packet). getuserdat() does the necessary value resets, we just needed to write
the entire user record back to disk upon successfull login, rather than just
updating specific fields in the user record on disk. The HTTP server looks like
it might have the same/similar bug.

clients, timeouts, etc.) into the various *srvr.h files and use them instead of
hard-coded constants sprinkled through-out the .c files.
If the web server "max_clients" key isn't specified in the sbbs.ini file,
use 0 (unlimited) for the max_clients value.

  obvious)

FTP passive port range, and all ports would fail to bind, the logged error
would report failure for the last port+1 I(rather thant the last port).

related crashes (mainly due to null pointer dereferences of scfg_t members
freed in cleanup()).
Use of new protected_int_value()  for extra paranoia (but can't use it on
destroyed protected-int's).

*before* calling _beginthread().
The active_clients is exactly perfect here either (since it's incrementing in
the ctrl_thread), todo later, but shouldn't cause a crash like the above issue.

I've likely broken something though, so if you see weird behaviour with
extended ASCII, let me know please.

active_clients (protected integer) could be 0 at the time of recycle because
there can be delay at the beginning of the FTP ctrl thread (e.g. looking up
filtered IPs/hostnames) before the active_clients is incremented which could
be during/after it was destroyed by the cleanup() function. Now tracking
number of threads using protected integer which increments immediately upon
child thread creation and is not destroyed until the main thread terminates.
There is currently *not* timeout while waiting for child threads to terminate
upon shutdown/recycle, so this could result in a hung server thread if a child
thread is indefinitely hung - consider using a timeout.

Per RFC3659, the correct response for "Good command, but no size for you" is
550, not 500 or 501 (these indicate an inability to parse the command).

This works with Chrome.

This is *likely* to break the Win32 build and even when the macros are
specified in xpdev, I doubt Microsoft has added support for the 'z' size
specifier used in smblib/smbadd.c we'll likely need a SIZE_T_SIZE macro
that is "z" on C99 systems and "ll" or "64" or whatever it is on Win32.

Or maybe a whole slew of complete SIZE_T macros since the 32/64 but thing
and the max file size thing may actually need the full format specification
to be in the macro... "zu" on C99 platforms and whatever magic Microsoft
needs there.

and leave it rooted until the script is done or the context is destroyed.

This should clean up crashes before a script starts (ie: While creating
common objects)

has its own functional "too much recursion" detection.
Replaced "branch callback" stuff with "operational callback".
JavaScriptBranchLimit has been replaced with JavaScriptTimeLimit
(default value: 24 hours)

all exported functions and data types using a 32-bit time_t (time32_t).

Only js_ValueToStringBytes() still leaks.