Index: head/www/h2o/Makefile
===================================================================
--- head/www/h2o/Makefile	(revision 456452)
+++ head/www/h2o/Makefile	(revision 456453)
@@ -1,73 +1,76 @@
-# Created by: Dave Cottlehuber <dch@skunkwerks.at>
+# Created by: Dave Cottlehuber <dch@FreeBSD.org>
 # $FreeBSD$
 
 PORTNAME=	h2o
 DISTVERSIONPREFIX=	v
-DISTVERSION=	2.2.3
+DISTVERSION=	2.2.4
 CATEGORIES=	www
 
-MAINTAINER=	dch@skunkwerks.at
+MAINTAINER=	dch@FreeBSD.org
 COMMENT=	Optimized HTTP/2 server including support for TLS 1.3 and HTTP/1.x
 
-LICENSE=	MIT
+LICENSE=	MIT BSD2CLAUSE
+LICENSE_COMB=	multi
 
 BROKEN_armv6=		fails to compile: asm_arm.inc:139:36: '.syntax divided' arm assembly not supported
 BROKEN_armv7=		fails to compile: asm_arm.inc:139:36: '.syntax divided' arm assembly not supported
 
-USES=		cmake:noninja compiler:c11 cpe perl5 shebangfix ssl
+USES=		cmake:noninja compiler:c11 cpe perl5 shebangfix ssl pkgconfig
 CPE_VENDOR=	h2o_project
 USE_GITHUB=	yes
 USE_PERL5=	run
 
 SHEBANG_FILES=	share/h2o/start_server
 
 PORTDOCS=	README.md
 
-SUB_FILES=	${PORTNAME}
+SUB_FILES=	${PORTNAME} ${PORTNAME}.conf.sample
 SUB_LIST+=	H2O_USER=${H2O_USER} \
 		H2O_GROUP=${H2O_GROUP} \
 		H2O_LOGDIR=${H2O_LOGDIR}
 
 PLIST_SUB=	H2O_USER=${H2O_USER} \
 		H2O_GROUP=${H2O_GROUP} \
 		H2O_LOGDIR=${H2O_LOGDIR}
 
 H2O_USER?=	www
 H2O_GROUP?=	www
 
 H2O_LOGDIR=	/var/log/${PORTNAME}/
 
 USE_RC_SUBR=	${PORTNAME}
 
 OPTIONS_DEFINE=		MRUBY DOCS
 OPTIONS_DEFAULT=	MRUBY
 OPTIONS_SUB=		yes
 MRUBY_DESC=		Build with embedded mruby handler support
 
 CMAKE_ARGS+=		-DEXTRA_LIBRARIES=OFF -DWITHOUT_LIBS=ON -DWITH_BUNDLED_SSL=OFF
 CMAKE_VERBOSE=		yes
 
 MRUBY_CMAKE_BOOL=	WITH_MRUBY
 MRUBY_USES=		bison
 MRUBY_USE=		ruby=yes
 MRUBY_VARS=		RUBY_NO_RUN_DEPENDS=yes
 
 post-patch:
 	@${REINPLACE_CMD} -e 's|exec perl|exec ${LOCALBASE}/bin/perl|' \
 		${WRKSRC}/share/h2o/annotate-backtrace-symbols \
+		${WRKSRC}/share/h2o/fastcgi-cgi \
 		${WRKSRC}/share/h2o/fetch-ocsp-response \
 		${WRKSRC}/share/h2o/kill-on-close \
+		${WRKSRC}/share/h2o/setuidgid \
 		${WRKSRC}/share/h2o/start_server
 
 post-install:
 	${MKDIR} ${STAGEDIR}${ETCDIR} \
 		${STAGEDIR}${H2O_LOGDIR}
 	${INSTALL_DATA} \
-		${FILESDIR}/${PORTNAME}.conf.sample \
+		${WRKDIR}/${PORTNAME}.conf.sample \
 		${STAGEDIR}${ETCDIR}/${PORTNAME}.conf.sample
 
 post-install-DOCS-on:
 	${MKDIR} ${STAGEDIR}${DOCSDIR}
 	${INSTALL_DATA} ${WRKSRC}/README.md ${STAGEDIR}${DOCSDIR}
 
 .include <bsd.port.mk>
Index: head/www/h2o/distinfo
===================================================================
--- head/www/h2o/distinfo	(revision 456452)
+++ head/www/h2o/distinfo	(revision 456453)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1508527966
-SHA256 (h2o-h2o-v2.2.3_GH0.tar.gz) = d40401ca714d00ca5204e8d22148dbaa9cae3407e3b4b6b62bd208543901ea51
-SIZE (h2o-h2o-v2.2.3_GH0.tar.gz) = 16207150
+TIMESTAMP = 1513347798
+SHA256 (h2o-h2o-v2.2.4_GH0.tar.gz) = ebacf3b15f40958c950e18e79ad5a647f61e989c6dbfdeea858ce943ef5e3cd8
+SIZE (h2o-h2o-v2.2.4_GH0.tar.gz) = 16212596
Index: head/www/h2o/files/patch-CMakeLists.txt
===================================================================
--- head/www/h2o/files/patch-CMakeLists.txt	(revision 456452)
+++ head/www/h2o/files/patch-CMakeLists.txt	(nonexistent)
@@ -1,12 +0,0 @@
---- CMakeLists.txt.orig	2017-01-17 23:43:27 UTC
-+++ CMakeLists.txt
-@@ -462,7 +462,8 @@ INSTALL(TARGETS h2o
-     LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR})
- 
- IF (NOT WITHOUT_LIBS)
--    INSTALL(DIRECTORY include/ DESTINATION ${CMAKE_INSTALL_INCLUDEDIR} FILES_MATCHING PATTERN "*.h")
-+    INSTALL(DIRECTORY include/ DESTINATION ${CMAKE_INSTALL_INCLUDEDIR} FILES_MATCHING PATTERN "*.h"
-+        EXCLUDE PATTERN "h2o" EXCLUDE PATTERN "h2o/socket")
-     IF (LIBUV_FOUND)
-         INSTALL(FILES "${CMAKE_BINARY_DIR}/libh2o.pc" DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig)
-     ENDIF ()

Property changes on: head/www/h2o/files/patch-CMakeLists.txt
___________________________________________________________________
Deleted: fbsd:nokeywords
## -1 +0,0 ##
-yes
\ No newline at end of property
Deleted: svn:eol-style
## -1 +0,0 ##
-native
\ No newline at end of property
Deleted: svn:mime-type
## -1 +0,0 ##
-text/plain
\ No newline at end of property
Index: head/www/h2o/files/h2o.conf.sample
===================================================================
--- head/www/h2o/files/h2o.conf.sample	(revision 456452)
+++ head/www/h2o/files/h2o.conf.sample	(nonexistent)
@@ -1,32 +0,0 @@
-# vi: ft=yaml
-# see https://h2o.examp1e.net/ for detailed documentation
-# see h2o --help for command-line options and settings
-user: www
-pid-file: /var/run/h2o.pid
-access-log: /var/log/h2o/h2o-access.log
-error-log: /var/log/h2o/h2o-error.log
-listen: 80
-listen:
-    port: 443
-    ssl:
-        minimum-version: TLSv1.2
-        # generate your own certificates
-        certificate-file: /usr/local/etc/h2o/server.crt
-        key-file: /usr/local/etc/h2o/server.key
-# enable Apache-style directory listings
-# file.dirlisting: on
-# per-host configuration
-hosts:
-    my.example.org:
-        paths:
-            "/":
-                file.dir: "/usr/local/www/data/my.example.org"
-    pkg.example.org:
-        # virtual directory layout
-        paths:
-            "/poudriere":
-                file.dir: "/usr/local/poudriere/data/logs/bulk"
-            "/FreeBSD:10:amd64":
-                file.dir: "/usr/local/poudriere/data/packages/10_2_amd64-default/"
-            "/FreeBSD:11:amd64":
-                file.dir: "/usr/local/poudriere/data/packages/current_amd64-default/"

Property changes on: head/www/h2o/files/h2o.conf.sample
___________________________________________________________________
Deleted: fbsd:nokeywords
## -1 +0,0 ##
-yes
\ No newline at end of property
Deleted: svn:eol-style
## -1 +0,0 ##
-native
\ No newline at end of property
Deleted: svn:mime-type
## -1 +0,0 ##
-text/plain
\ No newline at end of property
Index: head/www/h2o/files/h2o.conf.sample.in
===================================================================
--- head/www/h2o/files/h2o.conf.sample.in	(nonexistent)
+++ head/www/h2o/files/h2o.conf.sample.in	(revision 456453)
@@ -0,0 +1,104 @@
+# this sample config gives you a feel for how h2o can be used
+# and a high-security configuration for TLS and HTTP headers
+# see https://h2o.examp1e.net/ for detailed documentation
+# and h2o --help for command-line options and settings
+user: www
+pid-file: /var/run/h2o.pid
+# log normal access to file
+access-log: /var/log/h2o/access.log
+# send errors to syslog
+error-log:  "| logger -i -p daemon.err -t h2o"
+
+# as of 2017-12-01 the following TLS config and headers, with
+# DNS CAA records and custom diffie-hellmann parameters via
+# `openssl dhparam -out %%PREFIX%%/etc/ssl/dhparam.pem 4096`
+# will get you:
+
+# A+ on https://www.ssllabs.com/ssltest/
+listen: 80
+listen:
+  port: 443
+  ssl:
+    # using at least TLS1.2 restricts many older devices
+    minimum-version: TLSv1.1
+    dh-file: %%PREFIX%%/etc/ssl/dhparam.pem
+    # generate your own certificates with security/acme-client
+    certificate-file: %%PREFIX%%/etc/ssl/acme/example.org/fullchain.pem
+    key-file: %%PREFIX%%/etc/ssl/acme/private/example.org/privkey.pem
+    cipher-preference: server
+    cipher-suite: ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
+
+# A+ on https://securityheaders.io/
+header.add: "x-frame-options: deny"
+header.add: "X-XSS-Protection: 1; mode=block"
+header.add: "X-Content-Type-Options: nosniff"
+header.add: "X-UA-Compatible: IE=Edge"
+header.add: "Referrer-Policy: strict-origin"
+header.add: "Cache-Control: no-transform"
+header.add: "Content-Security-Policy: default-src https:"
+# 6 months HSTS pinning
+header.add: "Strict-Transport-Security: max-age=16000000"
+
+# no patience for slow users
+http1-request-timeout: 10
+http2-idle-timeout: 10
+# limit POST bodies
+limit-request-body: 10485760 # 10MiB
+max-connections: 1024
+
+file.mime.addtypes:
+  image/svg+xml: .svg
+  text/plain: .log
+  text/css: .css
+  application/atom+xml: .xml
+  application/zip: .zip
+  application/json: .json
+  "text/html; charset=utf-8": .html
+
+# per-host configurations
+hosts:
+  # a basic fileserver
+  www.example.org:
+    # enable Apache-style directory listings
+    file.dirlisting: on
+    file.send-gzip: on
+    paths:
+      "/":
+        file.dir: "/var/www/www.example.org"
+      # a simple permanent URL redirect
+      "/blog":
+        redirect:
+          status: 301
+          url: https://blog.example.org/
+      # a password-restricted url
+      "/server-status":
+        mruby.handler: |
+          require "htpasswd.rb"
+          Htpasswd.new("%%ETCDIR%%/private/htpasswd", "example.org")
+        status: ON
+      # redireect Lets Encrypt ACME protocol to a specific challenge directory
+      "/.well-known/acme-challenge":
+        file.dir: "/var/www/acme"
+  # virtual directory layout to support serving FreeBSD packages built by poudriere
+  pkg.example.org:
+    paths:
+      "/poudriere":
+        file.dir: "%%PREFIX%%/poudriere/data/logs/bulk"
+      "/FreeBSD:10:amd64":
+        file.dir: "%%PREFIX%%/poudriere/data/packages/10_amd64-default/"
+      "/FreeBSD:11:amd64":
+        file.dir: "%%PREFIX%%/poudriere/data/packages/11_amd64-default/"
+  # a simple ruby-powered embedded JSON API
+  api.example.net:
+    paths:
+      "/ok.json":
+        mruby.handler: |
+          Proc.new do |env|
+            [200, {'content-type' => 'application/json'}, ['{"status":"ok"}']]
+          end
+  # a websockets-aware reverse proxy
+  ws.example.net:
+    paths:
+      "/":
+        proxy.websocket: ON
+        proxy.reverse.url: "http://localhost:1080/"

Property changes on: head/www/h2o/files/h2o.conf.sample.in
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/www/h2o/pkg-descr
===================================================================
--- head/www/h2o/pkg-descr	(revision 456452)
+++ head/www/h2o/pkg-descr	(revision 456453)
@@ -1,23 +1,24 @@
 H2O is a very fast HTTP server written in C. It can also be used as a library.
+
 It supports:
 
 - HTTP/1.0, HTTP/1.1
-- [HTTP/2](http://http2.github.io/)
-- draft 16 (and draft 14 to support older clients)
+- HTTP/2
 - persistent connections
 - chunked encoding
 - negotiation methods: NPN, ALPN, Upgrade, direct
 - dependency and weight-based prioritization
 - server push
 - TLS up to 1.3
-- uses [OpenSSL](https://www.openssl.org/)
+- support OpenSSL and LibreSSL
 - forward secrecy
 - AEAD ciphers
 - OCSP stapling (automatically enabled)
 - session resumption (internal memory)
 - conditional GET using last-modified / etag
 - mime-type configuration
 - reverse proxy
-- persistent upstream connection
+- websocket support
+- embedded mruby interpreter for high speed custom functions
 
 WWW: https://github.com/h2o/h2o
Index: head/www/h2o/pkg-plist
===================================================================
--- head/www/h2o/pkg-plist	(revision 456452)
+++ head/www/h2o/pkg-plist	(revision 456453)
@@ -1,71 +1,71 @@
 bin/h2o
-share/h2o/annotate-backtrace-symbols
-share/h2o/fetch-ocsp-response
-share/h2o/kill-on-close
-share/h2o/start_server
+%%DATADIR%%/annotate-backtrace-symbols
+%%DATADIR%%/fetch-ocsp-response
+%%DATADIR%%/kill-on-close
+%%DATADIR%%/start_server
 %%DATADIR%%/ca-bundle.crt
 %%DATADIR%%/fastcgi-cgi
 %%DATADIR%%/setuidgid
 %%DATADIR%%/status/index.html
 %%MRUBY%%%%DATADIR%%/mruby/acl.rb
 %%MRUBY%%%%DATADIR%%/mruby/bootstrap.rb
 %%MRUBY%%%%DATADIR%%/mruby/dos_detector.rb
 %%MRUBY%%%%DATADIR%%/mruby/htpasswd.rb
 %%MRUBY%%%%DATADIR%%/mruby/lru_cache.rb
 %%MRUBY%%%%DATADIR%%/mruby/preloads.rb
 %%MRUBY%%%%DATADIR%%/mruby/trie_addr.rb
 %%PORTDOCS%%%%DOCSDIR%%/assets/8mbps100msec-nginx195-h2o150.png
 %%PORTDOCS%%%%DOCSDIR%%/assets/firstpaintbench.png
 %%PORTDOCS%%%%DOCSDIR%%/assets/remotebench.png
 %%PORTDOCS%%%%DOCSDIR%%/assets/searchstyle.css
 %%PORTDOCS%%%%DOCSDIR%%/assets/staticfile612-nginx1910-h2o170.png
 %%PORTDOCS%%%%DOCSDIR%%/assets/style.css
 %%PORTDOCS%%%%DOCSDIR%%/benchmarks.html
 %%PORTDOCS%%%%DOCSDIR%%/configure.html
 %%PORTDOCS%%%%DOCSDIR%%/configure/access_control.html
 %%PORTDOCS%%%%DOCSDIR%%/configure/access_log_directives.html
 %%PORTDOCS%%%%DOCSDIR%%/configure/base_directives.html
 %%PORTDOCS%%%%DOCSDIR%%/configure/basic_auth.html
 %%PORTDOCS%%%%DOCSDIR%%/configure/cgi.html
 %%PORTDOCS%%%%DOCSDIR%%/configure/command_options.html
 %%PORTDOCS%%%%DOCSDIR%%/configure/compress_directives.html
 %%PORTDOCS%%%%DOCSDIR%%/configure/dos_detection.html
 %%PORTDOCS%%%%DOCSDIR%%/configure/errordoc_directives.html
 %%PORTDOCS%%%%DOCSDIR%%/configure/expires_directives.html
 %%PORTDOCS%%%%DOCSDIR%%/configure/fastcgi_directives.html
 %%PORTDOCS%%%%DOCSDIR%%/configure/file_directives.html
 %%PORTDOCS%%%%DOCSDIR%%/configure/headers_directives.html
 %%PORTDOCS%%%%DOCSDIR%%/configure/http1_directives.html
 %%PORTDOCS%%%%DOCSDIR%%/configure/http2_directives.html
 %%PORTDOCS%%%%DOCSDIR%%/configure/mruby.html
 %%PORTDOCS%%%%DOCSDIR%%/configure/mruby_directives.html
 %%PORTDOCS%%%%DOCSDIR%%/configure/proxy_directives.html
 %%PORTDOCS%%%%DOCSDIR%%/configure/quick_start.html
 %%PORTDOCS%%%%DOCSDIR%%/configure/redirect_directives.html
 %%PORTDOCS%%%%DOCSDIR%%/configure/reproxy_directives.html
 %%PORTDOCS%%%%DOCSDIR%%/configure/status_directives.html
 %%PORTDOCS%%%%DOCSDIR%%/configure/syntax_and_structure.html
 %%PORTDOCS%%%%DOCSDIR%%/configure/throttle_response_directives.html
 %%PORTDOCS%%%%DOCSDIR%%/examples/doc_root.alternate/index.txt
 %%PORTDOCS%%%%DOCSDIR%%/examples/doc_root/index.html
 %%PORTDOCS%%%%DOCSDIR%%/examples/h2o/alternate.crt
 %%PORTDOCS%%%%DOCSDIR%%/examples/h2o/alternate.key
 %%PORTDOCS%%%%DOCSDIR%%/examples/h2o/h2o.conf
 %%PORTDOCS%%%%DOCSDIR%%/examples/h2o/server.crt
 %%PORTDOCS%%%%DOCSDIR%%/examples/h2o/server.key
 %%PORTDOCS%%%%DOCSDIR%%/examples/h2o_mruby/h2o.conf
 %%PORTDOCS%%%%DOCSDIR%%/examples/h2o_mruby/hello.rb
 %%PORTDOCS%%%%DOCSDIR%%/examples/libh2o/http1client.c
 %%PORTDOCS%%%%DOCSDIR%%/examples/libh2o/latency-optimization.c
 %%PORTDOCS%%%%DOCSDIR%%/examples/libh2o/simple.c
 %%PORTDOCS%%%%DOCSDIR%%/examples/libh2o/socket-client.c
 %%PORTDOCS%%%%DOCSDIR%%/examples/libh2o/websocket.c
 %%PORTDOCS%%%%DOCSDIR%%/faq.html
 %%PORTDOCS%%%%DOCSDIR%%/index.html
 %%PORTDOCS%%%%DOCSDIR%%/install.html
 %%PORTDOCS%%%%DOCSDIR%%/search/jquery-1.9.1.min.js
 %%PORTDOCS%%%%DOCSDIR%%/search/oktavia-english-search.js
 %%PORTDOCS%%%%DOCSDIR%%/search/oktavia-jquery-ui.js
 %%PORTDOCS%%%%DOCSDIR%%/search/searchindex.js
 @dir(%%H2O_USER%%,%%H2O_GROUP%%,0750) %%H2O_LOGDIR%%
 @sample %%ETCDIR%%/h2o.conf.sample