Patch
Patched Source
Upstream Source
You can choose to use the upstream source code, but you must apply patches to get it to build properly.
WARNING: If you are on OpenBSD 7.0, you must patch znc-1.8.2 to avoid a threading bug that causes segfaults and to fix a bug in the schat module.
First, download the latest stable release:
$ cd ~ $ ftp https://znc.in/releases/znc-1.8.2.tar.gz
We recommend you verify the gpg signature:
$ doas pkg_add gnupg $ ftp https://znc.in/releases/znc-1.8.2.tar.gz.sig $ gpg2 --recv-key D5823CACB477191CAC0075555AE420CC0209989E $ gpg2 --verify znc-1.8.2.tar.gz.sig znc-1.8.2.tar.gz
Next, extract and unzip? the files:
$ tar xvzf znc-1.8.2.tar.gz
Patches
Due to a bug in OpenBSD 6.9, we have applied a custom patch to ZNC to avoid segfaults on multicore servers:
diff -ru znc-1.8.2-old/src/main.cpp znc-1.8.2-new/src/main.cpp --- znc-1.8.2-old/src/main.cpp Mon Sep 7 18:57:50 2020 +++ znc-1.8.2-new/src/main.cpp Thu Dec 24 17:04:37 2020 @@ -292,6 +292,7 @@ } int main(int argc, char** argv) { + pthread_attr_t a; pthread_attr_init(&a); CString sConfig; CString sDataDir = "";
The schat module also needs patching for libreSSL?:
--- modules/schat.cpp.orig +++ modules/schat.cpp @@ -25,8 +25,8 @@ #include <znc/User.h> #include <znc/IRCNetwork.h> -#if !defined(OPENSSL_VERSION_NUMBER) || defined(LIBRESSL_VERSION_NUMBER) || \ - OPENSSL_VERSION_NUMBER < 0x10100007 +#if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100007 || \ + (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x3040000fL) /* SSL_SESSION was made opaque in OpenSSL 1.1.0, cipher accessor was added 2 weeks before the public release. See openssl/openssl@e92813234318635639dba0168c7ef5568757449b. */
crypt.cpp
also needs to be patched:
DH_set0_pqg() has been available since LibreSSL version 2.7. This version won't compile with opaque DH in LibreSSL 3.5. Index: modules/crypt.cpp --- modules/crypt.cpp.orig +++ modules/crypt.cpp @@ -68,7 +68,7 @@ class CCryptMod : public CModule { CString m_sPrivKey; CString m_sPubKey; -#if OPENSSL_VERSION_NUMBER < 0X10100000L || defined(LIBRESSL_VERSION_NUMBER) +#if OPENSSL_VERSION_NUMBER < 0X10100000L static int DH_set0_pqg(DH* dh, BIGNUM* p, BIGNUM* q, BIGNUM* g) { /* If the fields p and g in dh are nullptr, the corresponding input * parameters MUST be non-nullptr. q may remain nullptr.
diff -u znc-1.8.2/CMakeLists.txt.orig znc-1.8.2/CMakeLists.txt --- znc-1.8.2/CMakeLists.txt.orig Mon Sep 7 18:57:50 2020 +++ znc-1.8.2/CMakeLists.txt Fri May 6 03:50:26 2022 @@ -44,6 +44,7 @@ include(TestCXX11) set(CMAKE_CXX_STANDARD 11) set(CMAKE_CXX_STANDARD_REQUIRED true) +set(CMAKE_CXX_FLAGS "-DHAVE_OPAQUE_SSL" CACHE STRING "compile flags" FORCE) if(NOT CYGWIN) # We don't want to use -std=gnu++11 instead of -std=c++11, but among other # things, -std=c++11 on cygwin defines __STRICT_ANSI__ which makes cygwin
IRCNow provides a patched version of ZNC:
$ cd ~ $ ftp https://ircnow.org/software/znc-1.8.2b.tar.gz
On OpenBSD, ftp? can also be used to download files from the web.
For tar?, the options xvzf stand for e(x)tract, (v)erbose, un(z)ip, and (f)ile.
$ tar xvzf znc-1.8.2b.tar.gz