www/h2o: patch for HTTP2 rapid reset attack, deprecate

- downstream dnsdist project has backported a fix for this specific issue
- deprecation is still planned, and port should not be considered secure
- pet port in line with www/h2o-devel

See https://github.com/h2o/h2o/pull/3293 for further details

Obtained from:	Remi Gacogne <remi.gacogne@powerdns.com>
Security:	CVE-2023-44487
Security:	https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf

Mk/**ruby.mk: Switch from USE_RUBY=yes to USES=ruby

Switch from Mk/bsd.ruby.mk to Mk/Uses/ruby.mk

Notable changes are.

- Mk/bsd.ruby.mk is moved to Mk/Uses/ruby.mk.
- USE_RUBY=yes is replaced with USES=ruby.
- USE_RUBY_EXTCONF is replaced with USES=ruby:extconf.
- USE_RUBY_RDOC is replaced with USES=ruby:rdoc.
- USE_RUBY_SETUP is replaces with USES=ruby:setup.
- RUBY_NO_BUILD_DEPENDS and RUBY_NO_RUN_DEPENDS are replaced with
  USES=ruby:{build,none,run}.
- RUBY_REQUIRE isn't used anywhere, so removed.
- USES=gem now implies USES=ruby.

This is mainly the work of yasu@ at https://reviews.freebsd.org/D27863

I have just made some cosmetic changes and ran exp-run to test that the
tree is not in a BROKEN state.

Approved by:	portmgr
Differential Revision:	https://reviews.freebsd.org/D37925

www/h2o: fix for building with LibreSSL 3.5.3

PR:		266659
Sponsored by:	SkunkWerks, GmbH

Remove WWW entries moved into port Makefiles

Commit b7f05445c00f has added WWW entries to port Makefiles based on
WWW: lines in pkg-descr files.

This commit removes the WWW: lines of moved-over URLs from these
pkg-descr files.

Approved by:		portmgr (tcberner)

Add WWW entries to port Makefiles

It has been common practice to have one or more URLs at the end of the
ports' pkg-descr files, one per line and prefixed with "WWW:". These
URLs should point at a project website or other relevant resources.

Access to these URLs required processing of the pkg-descr files, and
they have often become stale over time. If more than one such URL was
present in a pkg-descr file, only the first one was tarnsfered into
the port INDEX, but for many ports only the last line did contain the
port specific URL to further information.

There have been several proposals to make a project URL available as
a macro in the ports' Makefiles, over time.

www: remove 'Created by' lines

A big Thank You to the original contributors of these ports:

  *
  *  <hvo.pm@xs4all.nl>
  *  Aaron Dalton <aaron@FreeBSD.org>
  *  Aaron Dalton <aaron@daltons.ca>
  *  Aaron LI <aly@aaronly.me>
  *  Aaron Zauner <az_mail@gmx.at>
  *  Abel Chow <achow@transoft.net>
  *  Adam Weinberger <adamw@FreeBSD.org>
  *  Ade Lovett <ade@FreeBSD.org>
  *  Adrian Steinmann <ast@marabu.ch>
  *  Akinori MUSHA aka knu <knu@idaemons.org>

www/h2o: Fix build with Ruby 3.x when MRUBY option is enabled

Reference:	https://github.com/h2o/h2o/issues/2789
PR:		263053
Approved by:	maintainer

www/h2o: Mark BROKEN with Ruby 3.x when MRUBY option is enabled

cd /wrkdirs/usr/ports/www/h2o/work/h2o-2.2.6/deps/mruby && MRUBY_TOOLCHAIN=clang
MRUBY_CONFIG=/wrkdirs/usr/ports/www/h2o/work/h2o-2.2.6/misc/mruby_config.rb
MRUBY_BUILD_DIR=/wrkdirs/usr/ports/www/h2o/work/.build/mruby ruby minirake
(in /wrkdirs/usr/ports/www/h2o/work/h2o-2.2.6/deps/mruby)
PKG-CONFIG onigmo
PKG-CONFIG oniguruma
rake aborted!
wrong number of arguments (given 2, expected 1)
Rakefile:40:in `<top (required)>'
*** Error code 1

Stop.

PR:		263053
Approved by:	maintainer timeout

*/*: Remove redundant '-*' from CONFLICTS definitions

The conflict checks compare the patterns first against the package
names without version (as reported by "pkg query "%n"), then - if
there was no match - agsinst the full package names including the
version (as reported by "pkg query "%n-%v").

Approved by: portmgr (blanket)

*: fix tab vs. space issues, and comments according to the guide.

cleanup: drop support for EOL FreeBSD 11.X

Search criteria used:
- 11.4
- OSREL*
- OSVER*
- *_FreeBSD_11

Input from:
- adridg: devel/qca-legacy
- jbeich: _WITH_DPRINTF, _WITH_GETLINE, GNU bfd workarounds
- sunpoet: security/p5-*OpenSSL*

Reviewed by:	doceng, kde, multimedia, perl, python, ruby, rust
Differential Revision: https://reviews.freebsd.org/D32008
Test Plan: make index

www/h2o: Fix CPE information because current one is deprecated

Approved by:    portmgr (blanket)

all: Remove all other $FreeBSD keywords.

Remove # $FreeBSD$ from Makefiles.

www/h2o*: revert r566455 - broken with current libressl

Sponsored by:	SkunkWerks, GmbH

www/h2o*: support libressl, drop surplus replaces

Submitted by:   Uwe Trenkner <uwe@trenknerconsulting.com>
Sponsored by:	SkunkWerks, GmbH

www/h2o*: set default http headers in samples, not add

This improves the default security posture of both h2o-flavoured ports.

Submitted by:	Uwe Trenkner <uwe@trenknerconsulting.com>
Sponsored by:	SkunkWerks, GmbH

Fix h2o build when building with libressl

PR:	242863
Reported by:	Ulas SAYGIN
Reviewed by:	dch
Approved by:	dch
Differential Revision:	https://reviews.freebsd.org/D24455

www/h2o: unbreak on powerpc64 elfv2

FreeBSD 13 soon switches to LLVM in base, which builds this port.

Approved by:	mentors (implicit approval)

www/h2o: update to 2.2.6

resolves:

- CVE-2019-9512 (Ping Flood)
- CVE-2019-9514 (Reset Flood)
- CVE-2019-9515 (Settings Flood)

PR:		239843
Submitted by:	Max Kostikov <max@kostikov.co>
Reported by:	Max Kostikov <max@kostikov.co>
Reviewed by:	adamw
Approved by:	jrm (mentor, implicit)
MFH:		2019Q3
Security:	CVE-2019-9512
Security:	CVE-2019-9514
Security:	CVE-2019-9515
Sponsored by:	SkunkWerks, GmbH

Bump PORTREVISION for ports depending on the canonical version of GCC
as defined in Mk/bsd.default-versions.mk which has moved from GCC 8.3
to GCC 9.1 under most circumstances now after revision 507371.

This includes ports
 - with USE_GCC=yes or USE_GCC=any,
 - with USES=fortran,
 - using Mk/bsd.octave.mk which in turn features USES=fortran, and
 - with USES=compiler specifying openmp, nestedfct, c11, c++0x, c++11-lang,
   c++11-lib, c++14-lang, c++17-lang, or gcc-c++11-lib
plus, everything INDEX-11 shows with a dependency on lang/gcc9 now.

PR:		238330

h2o{,-devel}: Improve rc.d/h2o, freshen h2o.conf

rc.d/h2o:
 - Add a configtest target
 - Fix a bug that could prevent the script from locating the PIDfile path

h2o.conf:
 - Remove entries that are defaults

PR:		238888
Approved by:	maintainer (dch)
MFH:		2019Q2

www/h2o*: Remove nop CMAKE_VERBOSE

Bump PORTREVISION for ports depending on the canonical version of GCC
defined via Mk/bsd.default-versions.mk which has moved from GCC 7.4 t
GCC 8.2 under most circumstances.

This includes ports
 - with USE_GCC=yes or USE_GCC=any,
 - with USES=fortran,
 - using Mk/bsd.octave.mk which in turn features USES=fortran, and
 - with USES=compiler specifying openmp, nestedfct, c11, c++0x, c++11-lang,
   c++11-lib, c++14-lang, c++17-lang, or gcc-c++11-lib
plus, as a double check, everything INDEX-11 showed depending on lang/gcc7.

PR:		231590

www/h2o: add CONFLICTS and appease portlint

Approved by:	jrm (mentor)
Differential Revision:	https://reviews.freebsd.org/D17466

Bump PORTREVISION for ports depending on the canonical version of GCC
in the ports tree (via Mk/bsd.default-versions.mk and lang/gcc) which
has now moved from GCC 6 to GCC 7 by default.

This includes ports
 - featuring USE_GCC=yes or USE_GCC=any,
 - featuring USES=fortran,
 - using Mk/bsd.octave.mk which in turn features USES=fortran, and those
 - with USES=compiler specifying one of openmp, nestedfct, c11, c++0x,
   c++11-lib, c++11-lang, c++14-lang, c++17-lang, or gcc-c++11-lib.

PR:		222542

www/h2o: update 2.2.4 to 2.2.5

- fix buffer overflow CVE-2018-0608 #1775 (Frederik Deweerdt)
- LibreSSL and PicoTLS changes
- see https://github.com/h2o/h2o/blob/master/Changes

PR:		228762
Submitted by:	Max Kostikov <max@kostikov.co>
Approved by:	jrm
MFH:		2018Q3
Security:	CVE-2018-0608

Mark ports broken on powerpc64, categories o-z.

While here, pet portlint and do some other cleanup.

Approved by:	portmgr (tier-2 blanket)

www/h2o: Unbreak: build and install libraries that this project builds by
default

Port changes:
* Remove -DWITHOUT_LIBS=ON: the project builds libs by default,
  and has "it can also be used as a library" in its description.
  If desired, the option NOLIBS can potentially be created.
* Remove stray -DEXTRA_LIBRARIES=OFF: EXTRA_LIBRARIES doesn't exist in the
CMakeLists.txt

Approved by:	portmgr

www/h2o: Fix build with LibreSSL 2.7

 - LibreSSL 2.7 implements OpenSSL 1.1 API
 - Use patch from upstream issue 1706

PR:		227169
Approved by:	maintainer time-out

www/h2o: update to 2.2.4

Approved by:	jrm (mentor)
Sponsored by:	https://iwantmyname.com/
Differential Revision:	https://reviews.freebsd.org/D13077

Mark several ports newly broken on arm.

While here, pet portlint.

Approved by:	portmgr (tier-2 blanket)

www/h2o: update to 2.2.3

- resolve security vulnerabilities via new release
- ensure custom config files are loaded by re-ordering h2o rc.d script
- clean up options while we are here
- full changelog: https://github.com/h2o/h2o/releases/tag/v2.2.3

PR:		222281
Reported by:	freebsd@get-experience.com
Reviewed by:	jrm (mentor)
Approved by:	jrm (mentor)
MFH:		2017Q4
Security:	CVE-2017-10868
Security:	CVE-2017-10869
Differential Revision:	https://reviews.freebsd.org/D12619

Bump PORTREVISION for ports depending on the canonical version of GCC
(via Mk/bsd.default-versions.mk and lang/gcc) which has moved from
GCC 5.4 to GCC 6.4 under most circumstances.

This includes ports
 - with USE_GCC=yes or USE_GCC=any,
 - with USES=fortran,
 - using Mk/bsd.octave.mk which in turn features USES=fortran, and
 - with USES=compiler specifying openmp, nestedfct, c++11-lib, c++11-lang,
   c++14-lang, c++0x, c11, or gcc-c++11-lib.

PR:		219275

Make ninja opt-out in cmake.mk

Using ninja instead of make (1) can lead to significant speed ups while
building.
Therefore switch from having the ninja generator opt-in to having it opt-out.

Previously cmake-ports that wanted to use ninja could set
    CMAKE_NINJA=yes
now, ports that do not work with ninja can set
    cmake:<existing args>,noninja
Note, that needing this should be an exception and most often points to a broken
cmake of the port.

The ports using cmake were modified
* removed USES=gmake, if ninja is used
* removed MAKE_ARGS, if ninja is used
* added the cmake-argument noninja if necessary

PR:		219629
PR:		213331
Exp-run by:	antoine
Reviewed by:	rakuco
Differential Revision:	https://reviews.freebsd.org/D10748

- Update to 2.2.2

PR:		218764
Submitted by:	maintainer

Bump PORTREVISIONs for ports depending on the canonical version of GCC and
lang/gcc which have moved from GCC 4.9.4 to GCC 5.4 (at least under some
circumstances such as versions of FreeBSD or platforms).

This includes ports
 - with USE_GCC=yes or USE_GCC=any,
 - with USES=fortran,
 - using using Mk/bsd.octave.mk which in turn has USES=fortran, and
 - with USES=compiler specifying openmp, nestedfct, c++11-lib, c++14-lang,
   c++11-lang, c++0x, c11, or gcc-c++11-lib.

PR:		216707

- Upgrade to 2.1.0
- Drop bundled libressl switch

PR:		217088
Submitted by:	dch@skunkwerks.at (maintainer)

www/h2o: Fix Use-after-free vulnerability

  - Fix duplicate PORTREVISION assignment
  - Register OpenSSL dependency when LIBRESSL is OFF

PR:		215587
Submitted by:	Dave Cottlehuber <dch@skunkwerks.at> (maintainer)
MFH:		2016Q4
Security:	d0b12952-cb86-11e6-906f-0cc47a065786
Security:	CVE-2016-7835

- add option knob mruby handler as default
- simplify ssl option
- bump portversion

PR:		213733
Submitted by:	dch@skunkwerks.at (maintainer)

http://github.com redirects to https://github.com, spare everyone a redirect.

Sponsored by:	Absolight

Bump PORTREVISIONS for ports depending on the canonical version of GCC and
lang/gcc which have moved from GCC 4.8.5 to GCC 4.9.4 (at least under some
circumstances such as versions of FreeBSD or platforms).

In particular that is ports with USE_GCC=yes, USE_GCC=any, or one of
gcc-c++11-lib, openmp, nestedfct, c++11-lib as well as c++14-lang,
c++11-lang, c++0x, c11 requested via USES=compiler.

www/h2o: Update to 2.0.4 (Fixes vulnerability)

  - Update to version 2.0.4

PR:		211892
Submitted by:	Dave Cottlehuber <dch@skunkwerks.at> (maintainer)
Reviewed by:	brnrd
MFH:		2016Q3
Security:	08664d42-7989-11e6-b7a8-74d02b9a84d5

www/h2o: update 2.0.0 -> 2.0.1

This is a bug-fix release of 2.0 series, fixing following issues found in 2.0.0.
* [fastcgi] fix internal server error when PHP returns a huge header #958
* [http2] recognize link header containing multiple links #950
* [libh2o] fix resource leaks upon startup failure #936
* [libh2o] do not require linking to libbrotli externally #941

Changes:	https://github.com/h2o/h2o/releases/tag/v2.0.1

PR:		210769
Submitted by:	Dave Cottlehuber <dch@skunkwerks.at> (maintainer)

www/h2o: update 1.7.3 -> 2.0.0

- explicitly set H2O_PERL via rc.d script

Summary of major changes:
- support for Brotli compression
- directives for file-level resource mapping
- addition of the status handler
- reverse proxying using HTTPS

Changes:	https://github.com/h2o/h2o/releases/tag/v2.0.0

PR:		209927
Submitted by:	Dave Cottlehuber <dch@skunkwerks.at> (maintainer)

- Update to 1.7.3

PR:		209926
Submitted by:	Dave Cottlehuber
Security:	65bb1858-27de-11e6-b714-74d02b9a84d5

Update to 1.7.2

- various SSL & signal handling fixes
- minor http2 tweaks

PR:		209517
Submitted by:	dch@skunkwerks.at (maintainer)

www/h2o: Update to 1.7.1

- build system fixes
- improved documentation
- fix file transfer > 2GB on FreeBSD

PR:		208002

Add SIGHUP support.

Support soft reloading of config via `sudo service h2o reload`.

PR:		207093
Submitted by:	Dave Cottlehuber <dch@skunkwerks.at> (maintainer)

www/h2o: Update to 1.7.0

- Update PORTVERSION and dinsto checksum (1.7.0)
- Update pkg-plist

Changes:

  https://github.com/h2o/h2o/blob/v1.7.0/Changes

PR:		206949
Submitted by:	Dave Cottlehuber <dch skunkwerks at> (maintainer)

Update to 1.6.3.

PR:		206708
Submitted by:	Dave Cottlehuber <dch@skunkwerks.at> (maintainer)

- Update to 1.6.2

PR:		206193
Submitted by:	maintainer
MFH:		2016Q1
Security:	6c808811-bb9a-11e5-a65c-485d605f4717

- Remove unused USE_* knobs:
   databases/mysql57-server
   games/kajongg
   textproc/ruby-htree

- Fix typos in USE_* knobs:
   graphics/fortytwo
   math/hexcalc
   misc/gnustep-examples
   www/h2o

- Remove unused BROKEN_alpha knob:
   devel/directfb

- Remove user-settable knob:
   multimedia/tovid

Approved by:	portmgr blanket

www/h2o: update 1.6.0 -> 1.6.1 and add LibreSSL option

- OPTIONS: Add bundled LIBRESSL option and set as default
  - HTTP/2 support requires TLS ALPN extension missing in base OpenSSL
  - Upstream expectation is the bundled LibreSSL is used to support HTTP/2
  - Enables ChaCha20-Poly1305 ciphers as a bonus
- Update sample configuration file

Changes:	https://github.com/h2o/h2o/releases/tag/v1.6.1

PR:		205946
Submitted by:	Dave Cottlehuber <dch@skunkwerks.at> (maintainer)

www/h2o: update 1.5.3 -> 1.6.0

Changes:	https://github.com/h2o/h2o/releases/tag/v1.6.0

PR:		205337
Submitted by:	Dave Cottlehuber <dch@skunkwerks.at> (maintainer)

www/h2o: update 1.5.2 -> 1.5.3

Changes:	https://github.com/h2o/h2o/releases/tag/v1.5.3

PR:		204321
Submitted by:	Dave Cottlehuber <dch@skunkwerks.at> (maintainer)

www/h2o: update 1.5.0 -> 1.5.2

- Update cmake args and regen cmake patch for the new release
- Add documentation files to pkg-plist

Changes:	https://github.com/h2o/h2o/releases/tag/v1.5.1
Changes:	https://github.com/h2o/h2o/releases/tag/v1.5.2

PR:		203956
Submitted by:	Dave Cottlehuber <dch@skunkwerks.at> (maintainer)

www/h2o: update 1.4.5 -> 1.5.0

Changes:	https://github.com/h2o/h2o/releases/tag/v1.5.0

PR:		203575
Submitted by:	Dave Cottlehuber <dch@skunkwerks.at> (maintainer)

- Fix rc.d issues introduced with recent perl changes [1]
- Update to 1.4.5 [2]

PR:		203147 [1], 203096 [2]
Submitted by:	Dave Cottlehuber (maintainer)

- Fix rc.d script
- Bump PORTVERSION

PR:		202937
Submitted by:	gblach
Approved by:	Dave Cottlehuber (dch <at> skunkwerks <dot> at)

- Update to 1.4.4 [1]
- Drop 8.x support [2]

PR:		202818 [1]
Submitted by:	Dave Cottlehuber (dch <at> skunkwerks <dot> at) [1]
Approved by:	portmgr blanket [2]

- Update to 1.4.3

PR:		202379
Submitted by:	dch@skunkwerks.at(maintainer)

www/h2o: 1.2.0 -> 1.4.2

ChangeLog:
https://github.com/h2o/h2o/releases

PR:		200998
Submitted by:	sean@x-n.su
Approved by:	Dave Cottlehuber <dch@skunkwerks.at> (maintainer)

- Fix shebangs

Approved by:	portmgr blanket
MFH:		2015Q2

- Update to 1.2.0

PR:		198573
Submitted by:	anonymous.bug.report@gmail.com
Approved by:	dch@skunkwerks.at(maintainer)

Update ports in the remaining categories to not use GH_COMMIT.

With minor cleanups to make things simpler.

With hat:	portmgr
Sponsored by:	Absolight

OSVERSION is not defined before bsd.pre.

Pointy Hat to:	az
Sponsored by:	Absolight

- update to 1.0.1
- ignore build on OSVERSION < 9.0 as it doesn't compile even with clang
- some port cleanups

PR:		197846
Submitted by:	dch@skunkwerks.at (maintainer)

- remove -r flag from daemon runtime.
- bump PORTREVISION

PR:		197519
Submitted by:	maintainer

- add new port: www/h2o

H2O is a very fast HTTP server written in C. It can also be used as a library.
It supports:

- HTTP/1.0, HTTP/1.1
- [HTTP/2](http://http2.github.io/)
- draft 16 (and draft 14 to support older clients)
- persistent connections
- chunked encoding
- negotiation methods: NPN, ALPN, Upgrade, direct
- dependency and weight-based prioritization
- server push
- TLS
- uses [OpenSSL](https://www.openssl.org/)