patch

Patched Source

Upstream Source

You can choose to use the upstream source code, but you must apply patches to get it to build properly.

WARNING: If you are on OpenBSD 7.0, you must patch znc-1.8.2 to avoid a threading bug that causes segfaults and to fix a bug in the schat module.

First, download the latest stable release:

$ cd ~
$ ftp https://znc.in/releases/znc-1.8.2.tar.gz

We recommend you verify the gpg signature:

$ doas pkg_add gnupg
$ ftp https://znc.in/releases/znc-1.8.2.tar.gz.sig
$ gpg2 --recv-key D5823CACB477191CAC0075555AE420CC0209989E
$ gpg2 --verify znc-1.8.2.tar.gz.sig znc-1.8.2.tar.gz

Next, ?extract and unzip the files:

$ tar xvzf znc-1.8.2.tar.gz

Patches

Due to a bug in OpenBSD 6.9, we have applied a custom patch to ZNC to avoid segfaults on multicore servers:

diff -ru znc-1.8.2-old/src/main.cpp znc-1.8.2-new/src/main.cpp
--- znc-1.8.2-old/src/main.cpp  Mon Sep  7 18:57:50 2020
+++ znc-1.8.2-new/src/main.cpp  Thu Dec 24 17:04:37 2020
` -292,6 +292,7 `
 }
 int main(int argc, char** argv) {
+    pthread_attr_t a; pthread_attr_init(&a);
     CString sConfig;
     CString sDataDir = "";

The schat module also needs patching for ?libreSSL:

--- modules/schat.cpp.orig
+++ modules/schat.cpp
` -25,8 +25,8 `
 #include <znc/User.h>
 #include <znc/IRCNetwork.h>
-#if !defined(OPENSSL_VERSION_NUMBER) || defined(LIBRESSL_VERSION_NUMBER) || \
-    OPENSSL_VERSION_NUMBER < 0x10100007
+#if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100007 || \
+    (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x3040000fL)
 /* SSL_SESSION was made opaque in OpenSSL 1.1.0, cipher accessor was added 2
 weeks before the public release.
 See openssl/openssl@e92813234318635639dba0168c7ef5568757449b.
 */

crypt.cpp also needs to be patched:

DH_set0_pqg() has been available since LibreSSL version 2.7. This version
won't compile with opaque DH in LibreSSL 3.5.
Index: modules/crypt.cpp
--- modules/crypt.cpp.orig
+++ modules/crypt.cpp
` -68,7 +68,7 ` class CCryptMod : public CModule {
     CString m_sPrivKey;
     CString m_sPubKey;
-#if OPENSSL_VERSION_NUMBER < 0X10100000L || defined(LIBRESSL_VERSION_NUMBER)
+#if OPENSSL_VERSION_NUMBER < 0X10100000L
     static int DH_set0_pqg(DH* dh, BIGNUM* p, BIGNUM* q, BIGNUM* g) {
         /* If the fields p and g in dh are nullptr, the corresponding input
          * parameters MUST be non-nullptr.  q may remain nullptr.


diff -u  znc-1.8.2/CMakeLists.txt.orig  znc-1.8.2/CMakeLists.txt
--- znc-1.8.2/CMakeLists.txt.orig       Mon Sep  7 18:57:50 2020
+++ znc-1.8.2/CMakeLists.txt            Fri May  6 03:50:26 2022
` -44,6 +44,7 `
 include(TestCXX11)
 set(CMAKE_CXX_STANDARD 11)
 set(CMAKE_CXX_STANDARD_REQUIRED true)
+set(CMAKE_CXX_FLAGS "-DHAVE_OPAQUE_SSL" CACHE STRING "compile flags" FORCE)
 if(NOT CYGWIN)
        # We don't want to use -std=gnu++11 instead of -std=c++11, but among other
        # things, -std=c++11 on cygwin defines __STRICT_ANSI__ which makes cygwin

IRCNow provides a patched version of ZNC:

$ cd ~
$ ftp https://ircnow.org/software/znc-1.8.2b.tar.gz

On OpenBSD, ?ftp can also be used to download files from the web.

For ?tar, the options xvzf stand for e(x)tract, (v)erbose, un(z)ip, and (f)ile.

$ tar xvzf znc-1.8.2b.tar.gz