UnrealIRCd 6.0.4 release notes

This release comes with lots of features and enhancements. In particular, security groups and mask items now allow you to write cleaner and more flexible configuration files. There are also JSON logging enhancements and several bug fixes. Thanks a lot to everyone who tested the release candidates!

If you are already running UnrealIRCd 6 then read below. Otherwise, jump straight to the summary about UnrealIRCd 6 to learn more about UnrealIRCd 6.

Enhancements:

Show security groups in WHOIS
The security-group block has been expanded and the same functionality is now available in mask items too:
- This means the existing options like identified, webirc, tls and reputation-score can be used in allow::mask etc.
- New options (in both security-group and mask) are:
  - connect-time: time a user is connected to IRC
  - security-group: to check another security group
  - account: services account name
  - country: country code, as found by GeoIP
  - realname: realname (gecos) of the user
  - certfp: certificate fingerprint
- Every option also has an exclude- variant, eg. exclude-country. If a user matches any exclude- option then it is considered not a match.
- The modules connthrottle, restrict-commands and antirandom now use the new except sub-block which is a mask item. The old syntax (eg set::antirandom::except-webirc) is still accepted by UnrealIRCd and converted to the appropriate new setting behind the scenes (set::antirandom::except::webirc).
- The modules blacklist and antimixedutf8 now also support the except block (a mask item).
- Other than that the extended functionality is available in these blocks: allow, oper, tld, vhost, deny channel, allow channel.
- Example of direct use in a ::mask item:
```
/* Spanish MOTD for Spanish speaking countries */
tld {
    mask { country { ES; AR; BO; CL; CO; CR; DO; EC; SV; GT; HN; MX; NI; PA; PY; PE; PR; UY; VE; } }
    motd "motd.es.txt";
    rules "rules.es.txt";
}
```
- Example of defining a security group and using it in a mask item later:
```
security-group irccloud {
    mask { ip1; ip2; ip3; ip4; }
}
allow {
    mask { security-group irccloud; }
    class clients;
    maxperip 128;
}
except ban {
    mask { security-group irccloud; }
    type { blacklist; connect-flood; handshake-data-flood; }
}
```
Because the mask item is so powerful now, the password in the oper block is optional now.

We now support oper::auto-login, which means the user will become IRCOp automatically if they match the conditions on-connect. This can be used in combination with certificate fingerprint authentication for example:

security-group Syzop { certfp "1234etc."; }
oper Syzop {
    auto-login yes;
    mask { security-group Syzop; }
    operclass netadmin-with-override;
    class opers;
}
except ban {
    mask { security-group Syzop; }
    type all;
}

For JSON logging a number of fields were added when a client is expanded:
- geoip: with subitem country_code (eg. NL)
- tls: with subitems cipher and certfp
- Under subitem users:
  - vhost: if the visible host differs from the realhost then this is set (thus for both vhost and cloaked host)
  - cloakedhost: this is always set (except for eg. services users), even if the user is not cloaked so you can easily search on a cloaked host.
  - idle_since: last time the user has spoken (local clients only)
  - channels: list of channels (array), with a maximum of 384 chars.
The JSON logging now also strips ASCII below 32, so color- and control codes.
Support IRCv3 +draft/channel-context
Add example.es.conf (Spanish example configuration file)
The country of users is now communicated in the message-tag unrealircd.org/geoip (only to IRCOps).
Add support for linking servers via UNIX domain sockets (link::outgoing::file).

Fixes:

Crash in except ban with ~security-group:xyz
Crash if hideserver module was loaded but LINKS was not blocked.
Crash on Windows when using the "Rehash" GUI option.
Infinite loop if one security-group referred to another.
Duplicate entries in the +beI lists of +P channels.
Regular users were able to -o a service bot (that has umode +S)
Module manager did not stop on compile error
set::modes-on-join did not work with +f + timed bans properly, eg [3t#b1]:10
Several log messages were missing some information.
Reputation syncing across servers had a small glitch. Fix is mostly useful for servers that were not linked to the network for days or weeks.

Changes:

Clarified that UnrealIRCd is licensed as "GPLv2 or later"
Fix use of variables in set::reject-message and in blacklist::reason: previously short forms of variables were (unintentionally) expanded as well, such as $serv for $server. This is no longer supported, you need to use the correct full variable names.

Developers and protocol:

The creationtime is now communicated of users. Until now this information was only known locally (the thing that was communicated that came close was "last nick change" but that is not the same). This is synced via (early) moddata across servers. Module coders can use get_connected_time().
The RPL_HOSTHIDDEN is now sent from userhost_changed() so you don't explicitly send it yourself anymore.
The SVSO command is back, so services can make people IRCOp again. See HELPOP SVSO or the commit for more information.
Due to last change the HOOKTYPE_LOCAL_OPER parameters were changed.
Module coders can enhance the JSON logging expansion items for clients and channels via new hooks like HOOKTYPE_JSON_EXPAND_CLIENT. This is used by the geoip and tls modules.